diff -Nru why-2.29+dfsg/atp/cooper.ml why-2.30+dfsg/atp/cooper.ml --- why-2.29+dfsg/atp/cooper.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/cooper.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/defcnf.ml why-2.30+dfsg/atp/defcnf.ml --- why-2.29+dfsg/atp/defcnf.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/defcnf.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/dp.ml why-2.30+dfsg/atp/dp.ml --- why-2.29+dfsg/atp/dp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/dp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/fol.ml why-2.30+dfsg/atp/fol.ml --- why-2.29+dfsg/atp/fol.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/fol.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/formulas.ml why-2.30+dfsg/atp/formulas.ml --- why-2.29+dfsg/atp/formulas.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/formulas.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/fourier_motzkin.ml why-2.30+dfsg/atp/fourier_motzkin.ml --- why-2.29+dfsg/atp/fourier_motzkin.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/fourier_motzkin.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/herbrand.ml why-2.30+dfsg/atp/herbrand.ml --- why-2.29+dfsg/atp/herbrand.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/herbrand.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/intro.ml why-2.30+dfsg/atp/intro.ml --- why-2.29+dfsg/atp/intro.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/intro.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/lib.ml why-2.30+dfsg/atp/lib.ml --- why-2.29+dfsg/atp/lib.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/lib.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/make.ml why-2.30+dfsg/atp/make.ml --- why-2.29+dfsg/atp/make.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/make.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/propexamples.ml why-2.30+dfsg/atp/propexamples.ml --- why-2.29+dfsg/atp/propexamples.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/propexamples.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/prop.ml why-2.30+dfsg/atp/prop.ml --- why-2.29+dfsg/atp/prop.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/prop.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/qelim.ml why-2.30+dfsg/atp/qelim.ml --- why-2.29+dfsg/atp/qelim.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/qelim.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/Quotexpander.ml why-2.30+dfsg/atp/Quotexpander.ml --- why-2.29+dfsg/atp/Quotexpander.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/Quotexpander.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/atp/skolem.ml why-2.30+dfsg/atp/skolem.ml --- why-2.29+dfsg/atp/skolem.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/atp/skolem.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/bench/c/good/abs.c why-2.30+dfsg/bench/c/good/abs.c --- why-2.29+dfsg/bench/c/good/abs.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/abs.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/alias.c why-2.30+dfsg/bench/c/good/alias.c --- why-2.29+dfsg/bench/c/good/alias.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/alias.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/all.c why-2.30+dfsg/bench/c/good/all.c --- why-2.29+dfsg/bench/c/good/all.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/all.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/alloca.c why-2.30+dfsg/bench/c/good/alloca.c --- why-2.29+dfsg/bench/c/good/alloca.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/alloca.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/alloc.c why-2.30+dfsg/bench/c/good/alloc.c --- why-2.29+dfsg/bench/c/good/alloc.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/alloc.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/all_zeros.c why-2.30+dfsg/bench/c/good/all_zeros.c --- why-2.29+dfsg/bench/c/good/all_zeros.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/all_zeros.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/arith.c why-2.30+dfsg/bench/c/good/arith.c --- why-2.29+dfsg/bench/c/good/arith.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/arith.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/array.c why-2.30+dfsg/bench/c/good/array.c --- why-2.29+dfsg/bench/c/good/array.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/array.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/assigns2.c why-2.30+dfsg/bench/c/good/assigns2.c --- why-2.29+dfsg/bench/c/good/assigns2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/assigns2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/assigns.c why-2.30+dfsg/bench/c/good/assigns.c --- why-2.29+dfsg/bench/c/good/assigns.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/assigns.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/assigns_range.c why-2.30+dfsg/bench/c/good/assigns_range.c --- why-2.29+dfsg/bench/c/good/assigns_range.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/assigns_range.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/assigns_range_right.c why-2.30+dfsg/bench/c/good/assigns_range_right.c --- why-2.29+dfsg/bench/c/good/assigns_range_right.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/assigns_range_right.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/band.c why-2.30+dfsg/bench/c/good/band.c --- why-2.29+dfsg/bench/c/good/band.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/band.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/binary_search.c why-2.30+dfsg/bench/c/good/binary_search.c --- why-2.29+dfsg/bench/c/good/binary_search.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/binary_search.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/binary_search_overflows.c why-2.30+dfsg/bench/c/good/binary_search_overflows.c --- why-2.29+dfsg/bench/c/good/binary_search_overflows.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/binary_search_overflows.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/binary_search_safety.c why-2.30+dfsg/bench/c/good/binary_search_safety.c --- why-2.29+dfsg/bench/c/good/binary_search_safety.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/binary_search_safety.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/blit.c why-2.30+dfsg/bench/c/good/blit.c --- why-2.29+dfsg/bench/c/good/blit.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/blit.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/break.c why-2.30+dfsg/bench/c/good/break.c --- why-2.29+dfsg/bench/c/good/break.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/break.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/bresenham.c why-2.30+dfsg/bench/c/good/bresenham.c --- why-2.29+dfsg/bench/c/good/bresenham.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/bresenham.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/bug2.c why-2.30+dfsg/bench/c/good/bug2.c --- why-2.29+dfsg/bench/c/good/bug2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/bug2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/bug.c why-2.30+dfsg/bench/c/good/bug.c --- why-2.29+dfsg/bench/c/good/bug.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/bug.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/call.c why-2.30+dfsg/bench/c/good/call.c --- why-2.29+dfsg/bench/c/good/call.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/call.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/calloc.c why-2.30+dfsg/bench/c/good/calloc.c --- why-2.29+dfsg/bench/c/good/calloc.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/calloc.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/clash_alloc.c why-2.30+dfsg/bench/c/good/clash_alloc.c --- why-2.29+dfsg/bench/c/good/clash_alloc.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/clash_alloc.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/clash.c why-2.30+dfsg/bench/c/good/clash.c --- why-2.29+dfsg/bench/c/good/clash.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/clash.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/clash_redef.c why-2.30+dfsg/bench/c/good/clash_redef.c --- why-2.29+dfsg/bench/c/good/clash_redef.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/clash_redef.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/conflict.c why-2.30+dfsg/bench/c/good/conflict.c --- why-2.29+dfsg/bench/c/good/conflict.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/conflict.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/const.c why-2.30+dfsg/bench/c/good/const.c --- why-2.29+dfsg/bench/c/good/const.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/const.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/consts.c why-2.30+dfsg/bench/c/good/consts.c --- why-2.29+dfsg/bench/c/good/consts.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/consts.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/continue.c why-2.30+dfsg/bench/c/good/continue.c --- why-2.29+dfsg/bench/c/good/continue.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/continue.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/coord.c why-2.30+dfsg/bench/c/good/coord.c --- why-2.29+dfsg/bench/c/good/coord.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/coord.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/copy.c why-2.30+dfsg/bench/c/good/copy.c --- why-2.29+dfsg/bench/c/good/copy.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/copy.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/count_bits_2.c why-2.30+dfsg/bench/c/good/count_bits_2.c --- why-2.29+dfsg/bench/c/good/count_bits_2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/count_bits_2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/count_bits.c why-2.30+dfsg/bench/c/good/count_bits.c --- why-2.29+dfsg/bench/c/good/count_bits.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/count_bits.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/dassault_1.c why-2.30+dfsg/bench/c/good/dassault_1.c --- why-2.29+dfsg/bench/c/good/dassault_1.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/dassault_1.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/dassault_2.c why-2.30+dfsg/bench/c/good/dassault_2.c --- why-2.29+dfsg/bench/c/good/dassault_2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/dassault_2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/Dillon.c why-2.30+dfsg/bench/c/good/Dillon.c --- why-2.29+dfsg/bench/c/good/Dillon.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/Dillon.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/division.c why-2.30+dfsg/bench/c/good/division.c --- why-2.29+dfsg/bench/c/good/division.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/division.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/dowhile.c why-2.30+dfsg/bench/c/good/dowhile.c --- why-2.29+dfsg/bench/c/good/dowhile.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/dowhile.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/e.c why-2.30+dfsg/bench/c/good/e.c --- why-2.29+dfsg/bench/c/good/e.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/e.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/enum.c why-2.30+dfsg/bench/c/good/enum.c --- why-2.29+dfsg/bench/c/good/enum.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/enum.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/extern.c why-2.30+dfsg/bench/c/good/extern.c --- why-2.29+dfsg/bench/c/good/extern.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/extern.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/fact.c why-2.30+dfsg/bench/c/good/fact.c --- why-2.29+dfsg/bench/c/good/fact.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/fact.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/false2.c why-2.30+dfsg/bench/c/good/false2.c --- why-2.29+dfsg/bench/c/good/false2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/false2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/false.c why-2.30+dfsg/bench/c/good/false.c --- why-2.29+dfsg/bench/c/good/false.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/false.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/fib.c why-2.30+dfsg/bench/c/good/fib.c --- why-2.29+dfsg/bench/c/good/fib.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/fib.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/flag.c why-2.30+dfsg/bench/c/good/flag.c --- why-2.29+dfsg/bench/c/good/flag.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/flag.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/flag_checkenum.c why-2.30+dfsg/bench/c/good/flag_checkenum.c --- why-2.29+dfsg/bench/c/good/flag_checkenum.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/flag_checkenum.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/float.c why-2.30+dfsg/bench/c/good/float.c --- why-2.29+dfsg/bench/c/good/float.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/float.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/gappa.c why-2.30+dfsg/bench/c/good/gappa.c --- why-2.29+dfsg/bench/c/good/gappa.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/gappa.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/gcd.c why-2.30+dfsg/bench/c/good/gcd.c --- why-2.29+dfsg/bench/c/good/gcd.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/gcd.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/ghost2.c why-2.30+dfsg/bench/c/good/ghost2.c --- why-2.29+dfsg/bench/c/good/ghost2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/ghost2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/ghost.c why-2.30+dfsg/bench/c/good/ghost.c --- why-2.29+dfsg/bench/c/good/ghost.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/ghost.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/goto.c why-2.30+dfsg/bench/c/good/goto.c --- why-2.29+dfsg/bench/c/good/goto.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/goto.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/heap.c why-2.30+dfsg/bench/c/good/heap.c --- why-2.29+dfsg/bench/c/good/heap.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/heap.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/heapsort.c why-2.30+dfsg/bench/c/good/heapsort.c --- why-2.29+dfsg/bench/c/good/heapsort.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/heapsort.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/heapsort_swap.c why-2.30+dfsg/bench/c/good/heapsort_swap.c --- why-2.29+dfsg/bench/c/good/heapsort_swap.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/heapsort_swap.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/heapsort_swap_safety.c why-2.30+dfsg/bench/c/good/heapsort_swap_safety.c --- why-2.29+dfsg/bench/c/good/heapsort_swap_safety.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/heapsort_swap_safety.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/ifs.c why-2.30+dfsg/bench/c/good/ifs.c --- why-2.29+dfsg/bench/c/good/ifs.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/ifs.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/incr.c why-2.30+dfsg/bench/c/good/incr.c --- why-2.29+dfsg/bench/c/good/incr.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/incr.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/init2.c why-2.30+dfsg/bench/c/good/init2.c --- why-2.29+dfsg/bench/c/good/init2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/init2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/init.c why-2.30+dfsg/bench/c/good/init.c --- why-2.29+dfsg/bench/c/good/init.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/init.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/insertion.c why-2.30+dfsg/bench/c/good/insertion.c --- why-2.29+dfsg/bench/c/good/insertion.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/insertion.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/insertion_safety.c why-2.30+dfsg/bench/c/good/insertion_safety.c --- why-2.29+dfsg/bench/c/good/insertion_safety.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/insertion_safety.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/invariant.c why-2.30+dfsg/bench/c/good/invariant.c --- why-2.29+dfsg/bench/c/good/invariant.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/invariant.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/invariants.c why-2.30+dfsg/bench/c/good/invariants.c --- why-2.29+dfsg/bench/c/good/invariants.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/invariants.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/inv_perm.c why-2.30+dfsg/bench/c/good/inv_perm.c --- why-2.29+dfsg/bench/c/good/inv_perm.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/inv_perm.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/keiko1.c why-2.30+dfsg/bench/c/good/keiko1.c --- why-2.29+dfsg/bench/c/good/keiko1.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/keiko1.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/labels.c why-2.30+dfsg/bench/c/good/labels.c --- why-2.29+dfsg/bench/c/good/labels.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/labels.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/latespec.c why-2.30+dfsg/bench/c/good/latespec.c --- why-2.29+dfsg/bench/c/good/latespec.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/latespec.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/lexico.c why-2.30+dfsg/bench/c/good/lexico.c --- why-2.29+dfsg/bench/c/good/lexico.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/lexico.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/linked-list.c why-2.30+dfsg/bench/c/good/linked-list.c --- why-2.29+dfsg/bench/c/good/linked-list.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/linked-list.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/ll_parser.c why-2.30+dfsg/bench/c/good/ll_parser.c --- why-2.29+dfsg/bench/c/good/ll_parser.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/ll_parser.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/local_aliasing.c why-2.30+dfsg/bench/c/good/local_aliasing.c --- why-2.29+dfsg/bench/c/good/local_aliasing.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/local_aliasing.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/logic.c why-2.30+dfsg/bench/c/good/logic.c --- why-2.29+dfsg/bench/c/good/logic.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/logic.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/logic_cast.c why-2.30+dfsg/bench/c/good/logic_cast.c --- why-2.29+dfsg/bench/c/good/logic_cast.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/logic_cast.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/loop_assigns.c why-2.30+dfsg/bench/c/good/loop_assigns.c --- why-2.29+dfsg/bench/c/good/loop_assigns.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/loop_assigns.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/loop_inv.c why-2.30+dfsg/bench/c/good/loop_inv.c --- why-2.29+dfsg/bench/c/good/loop_inv.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/loop_inv.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/loops.c why-2.30+dfsg/bench/c/good/loops.c --- why-2.29+dfsg/bench/c/good/loops.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/loops.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/malloc.c why-2.30+dfsg/bench/c/good/malloc.c --- why-2.29+dfsg/bench/c/good/malloc.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/malloc.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/math_mod.c why-2.30+dfsg/bench/c/good/math_mod.c --- why-2.29+dfsg/bench/c/good/math_mod.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/math_mod.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/matrix.c why-2.30+dfsg/bench/c/good/matrix.c --- why-2.29+dfsg/bench/c/good/matrix.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/matrix.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/mean.c why-2.30+dfsg/bench/c/good/mean.c --- why-2.29+dfsg/bench/c/good/mean.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/mean.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/minusminus.c why-2.30+dfsg/bench/c/good/minusminus.c --- why-2.29+dfsg/bench/c/good/minusminus.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/minusminus.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/modulo.c why-2.30+dfsg/bench/c/good/modulo.c --- why-2.29+dfsg/bench/c/good/modulo.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/modulo.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/muller.c why-2.30+dfsg/bench/c/good/muller.c --- why-2.29+dfsg/bench/c/good/muller.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/muller.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/negate.c why-2.30+dfsg/bench/c/good/negate.c --- why-2.29+dfsg/bench/c/good/negate.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/negate.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/not_assigns.c why-2.30+dfsg/bench/c/good/not_assigns.c --- why-2.29+dfsg/bench/c/good/not_assigns.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/not_assigns.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/null.c why-2.30+dfsg/bench/c/good/null.c --- why-2.29+dfsg/bench/c/good/null.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/null.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/overflow.c why-2.30+dfsg/bench/c/good/overflow.c --- why-2.29+dfsg/bench/c/good/overflow.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/overflow.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/overflows.c why-2.30+dfsg/bench/c/good/overflows.c --- why-2.29+dfsg/bench/c/good/overflows.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/overflows.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/param.c why-2.30+dfsg/bench/c/good/param.c --- why-2.29+dfsg/bench/c/good/param.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/param.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/passing.c why-2.30+dfsg/bench/c/good/passing.c --- why-2.29+dfsg/bench/c/good/passing.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/passing.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/pi_again.c why-2.30+dfsg/bench/c/good/pi_again.c --- why-2.29+dfsg/bench/c/good/pi_again.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/pi_again.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/pi.c why-2.30+dfsg/bench/c/good/pi.c --- why-2.29+dfsg/bench/c/good/pi.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/pi.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/pointer.c why-2.30+dfsg/bench/c/good/pointer.c --- why-2.29+dfsg/bench/c/good/pointer.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/pointer.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/purse.c why-2.30+dfsg/bench/c/good/purse.c --- why-2.29+dfsg/bench/c/good/purse.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/purse.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/queens.c why-2.30+dfsg/bench/c/good/queens.c --- why-2.29+dfsg/bench/c/good/queens.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/queens.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/queue.c why-2.30+dfsg/bench/c/good/queue.c --- why-2.29+dfsg/bench/c/good/queue.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/queue.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/queue_jr.c why-2.30+dfsg/bench/c/good/queue_jr.c --- why-2.29+dfsg/bench/c/good/queue_jr.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/queue_jr.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/rc4.c why-2.30+dfsg/bench/c/good/rc4.c --- why-2.29+dfsg/bench/c/good/rc4.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/rc4.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/rec2.c why-2.30+dfsg/bench/c/good/rec2.c --- why-2.29+dfsg/bench/c/good/rec2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/rec2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/rec.c why-2.30+dfsg/bench/c/good/rec.c --- why-2.29+dfsg/bench/c/good/rec.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/rec.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/ref.c why-2.30+dfsg/bench/c/good/ref.c --- why-2.29+dfsg/bench/c/good/ref.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/ref.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/ref_glob.c why-2.30+dfsg/bench/c/good/ref_glob.c --- why-2.29+dfsg/bench/c/good/ref_glob.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/ref_glob.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/return.c why-2.30+dfsg/bench/c/good/return.c --- why-2.29+dfsg/bench/c/good/return.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/return.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/russian.c why-2.30+dfsg/bench/c/good/russian.c --- why-2.29+dfsg/bench/c/good/russian.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/russian.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/search.c why-2.30+dfsg/bench/c/good/search.c --- why-2.29+dfsg/bench/c/good/search.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/search.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/see.c why-2.30+dfsg/bench/c/good/see.c --- why-2.29+dfsg/bench/c/good/see.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/see.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/selection.c why-2.30+dfsg/bench/c/good/selection.c --- why-2.29+dfsg/bench/c/good/selection.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/selection.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/selection_safety.c why-2.30+dfsg/bench/c/good/selection_safety.c --- why-2.29+dfsg/bench/c/good/selection_safety.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/selection_safety.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/separation1.c why-2.30+dfsg/bench/c/good/separation1.c --- why-2.29+dfsg/bench/c/good/separation1.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/separation1.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/separation2.c why-2.30+dfsg/bench/c/good/separation2.c --- why-2.29+dfsg/bench/c/good/separation2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/separation2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/separation3.c why-2.30+dfsg/bench/c/good/separation3.c --- why-2.29+dfsg/bench/c/good/separation3.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/separation3.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/separation4.c why-2.30+dfsg/bench/c/good/separation4.c --- why-2.29+dfsg/bench/c/good/separation4.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/separation4.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/separation.c why-2.30+dfsg/bench/c/good/separation.c --- why-2.29+dfsg/bench/c/good/separation.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/separation.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/shift.c why-2.30+dfsg/bench/c/good/shift.c --- why-2.29+dfsg/bench/c/good/shift.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/shift.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/sizeof.c why-2.30+dfsg/bench/c/good/sizeof.c --- why-2.29+dfsg/bench/c/good/sizeof.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/sizeof.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/skip_lists.c why-2.30+dfsg/bench/c/good/skip_lists.c --- why-2.29+dfsg/bench/c/good/skip_lists.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/skip_lists.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/sort.c why-2.30+dfsg/bench/c/good/sort.c --- why-2.29+dfsg/bench/c/good/sort.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/sort.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/sqrt.c why-2.30+dfsg/bench/c/good/sqrt.c --- why-2.29+dfsg/bench/c/good/sqrt.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/sqrt.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/strcpy.c why-2.30+dfsg/bench/c/good/strcpy.c --- why-2.29+dfsg/bench/c/good/strcpy.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/strcpy.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/string.c why-2.30+dfsg/bench/c/good/string.c --- why-2.29+dfsg/bench/c/good/string.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/string.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/struct2.c why-2.30+dfsg/bench/c/good/struct2.c --- why-2.29+dfsg/bench/c/good/struct2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/struct2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/struct3.c why-2.30+dfsg/bench/c/good/struct3.c --- why-2.29+dfsg/bench/c/good/struct3.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/struct3.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/struct4.c why-2.30+dfsg/bench/c/good/struct4.c --- why-2.29+dfsg/bench/c/good/struct4.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/struct4.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/struct.c why-2.30+dfsg/bench/c/good/struct.c --- why-2.29+dfsg/bench/c/good/struct.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/struct.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/sum1.c why-2.30+dfsg/bench/c/good/sum1.c --- why-2.29+dfsg/bench/c/good/sum1.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/sum1.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/sum2.c why-2.30+dfsg/bench/c/good/sum2.c --- why-2.29+dfsg/bench/c/good/sum2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/sum2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/switch.c why-2.30+dfsg/bench/c/good/switch.c --- why-2.29+dfsg/bench/c/good/switch.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/switch.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/tracability.c why-2.30+dfsg/bench/c/good/tracability.c --- why-2.29+dfsg/bench/c/good/tracability.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/tracability.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/trop.c why-2.30+dfsg/bench/c/good/trop.c --- why-2.29+dfsg/bench/c/good/trop.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/trop.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/unsafe.c why-2.30+dfsg/bench/c/good/unsafe.c --- why-2.29+dfsg/bench/c/good/unsafe.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/unsafe.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/zones2.c why-2.30+dfsg/bench/c/good/zones2.c --- why-2.29+dfsg/bench/c/good/zones2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/zones2.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/c/good/zones.c why-2.30+dfsg/bench/c/good/zones.c --- why-2.29+dfsg/bench/c/good/zones.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/c/good/zones.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/AllZeros.java why-2.30+dfsg/bench/java/good/AllZeros.java --- why-2.29+dfsg/bench/java/good/AllZeros.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/AllZeros.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/ArrayLength.java why-2.30+dfsg/bench/java/good/ArrayLength.java --- why-2.29+dfsg/bench/java/good/ArrayLength.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/ArrayLength.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Arrays.java why-2.30+dfsg/bench/java/good/Arrays.java --- why-2.29+dfsg/bench/java/good/Arrays.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Arrays.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/ArrayStoreExceptionTest.java why-2.30+dfsg/bench/java/good/ArrayStoreExceptionTest.java --- why-2.29+dfsg/bench/java/good/ArrayStoreExceptionTest.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/ArrayStoreExceptionTest.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/BinarySearch.java why-2.30+dfsg/bench/java/good/BinarySearch.java --- why-2.29+dfsg/bench/java/good/BinarySearch.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/BinarySearch.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/CreationTricky.java why-2.30+dfsg/bench/java/good/CreationTricky.java --- why-2.29+dfsg/bench/java/good/CreationTricky.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/CreationTricky.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Cube.java why-2.30+dfsg/bench/java/good/Cube.java --- why-2.29+dfsg/bench/java/good/Cube.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Cube.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Decimal.java why-2.30+dfsg/bench/java/good/Decimal.java --- why-2.29+dfsg/bench/java/good/Decimal.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Decimal.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Fact.java why-2.30+dfsg/bench/java/good/Fact.java --- why-2.29+dfsg/bench/java/good/Fact.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Fact.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/FibMemo.java why-2.30+dfsg/bench/java/good/FibMemo.java --- why-2.29+dfsg/bench/java/good/FibMemo.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/FibMemo.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Fibonacci.java why-2.30+dfsg/bench/java/good/Fibonacci.java --- why-2.29+dfsg/bench/java/good/Fibonacci.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Fibonacci.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Flag.java why-2.30+dfsg/bench/java/good/Flag.java --- why-2.29+dfsg/bench/java/good/Flag.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Flag.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/FlagStatic.java why-2.30+dfsg/bench/java/good/FlagStatic.java --- why-2.29+dfsg/bench/java/good/FlagStatic.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/FlagStatic.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Gcd.java why-2.30+dfsg/bench/java/good/Gcd.java --- why-2.29+dfsg/bench/java/good/Gcd.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Gcd.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/HashMapTest.java why-2.30+dfsg/bench/java/good/HashMapTest.java --- why-2.29+dfsg/bench/java/good/HashMapTest.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/HashMapTest.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Increment.java why-2.30+dfsg/bench/java/good/Increment.java --- why-2.29+dfsg/bench/java/good/Increment.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Increment.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/InsertSort.java why-2.30+dfsg/bench/java/good/InsertSort.java --- why-2.29+dfsg/bench/java/good/InsertSort.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/InsertSort.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/IntSet.java why-2.30+dfsg/bench/java/good/IntSet.java --- why-2.29+dfsg/bench/java/good/IntSet.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/IntSet.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/IntSetModelField.java why-2.30+dfsg/bench/java/good/IntSetModelField.java --- why-2.29+dfsg/bench/java/good/IntSetModelField.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/IntSetModelField.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Invariants.java why-2.30+dfsg/bench/java/good/Invariants.java --- why-2.29+dfsg/bench/java/good/Invariants.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Invariants.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Lesson1.java why-2.30+dfsg/bench/java/good/Lesson1.java --- why-2.29+dfsg/bench/java/good/Lesson1.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Lesson1.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Literals.java why-2.30+dfsg/bench/java/good/Literals.java --- why-2.29+dfsg/bench/java/good/Literals.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Literals.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/MacCarthy.java why-2.30+dfsg/bench/java/good/MacCarthy.java --- why-2.29+dfsg/bench/java/good/MacCarthy.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/MacCarthy.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Misc.java why-2.30+dfsg/bench/java/good/Misc.java --- why-2.29+dfsg/bench/java/good/Misc.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Misc.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Muller.java why-2.30+dfsg/bench/java/good/Muller.java --- why-2.29+dfsg/bench/java/good/Muller.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Muller.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/NameConflicts.java why-2.30+dfsg/bench/java/good/NameConflicts.java --- why-2.29+dfsg/bench/java/good/NameConflicts.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/NameConflicts.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/NonNullByDefault.java why-2.30+dfsg/bench/java/good/NonNullByDefault.java --- why-2.29+dfsg/bench/java/good/NonNullByDefault.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/NonNullByDefault.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/PArray.java why-2.30+dfsg/bench/java/good/PArray.java --- why-2.29+dfsg/bench/java/good/PArray.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/PArray.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Purse0.java why-2.30+dfsg/bench/java/good/Purse0.java --- why-2.29+dfsg/bench/java/good/Purse0.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Purse0.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Purse.java why-2.30+dfsg/bench/java/good/Purse.java --- why-2.29+dfsg/bench/java/good/Purse.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Purse.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/SCID.java why-2.30+dfsg/bench/java/good/SCID.java --- why-2.29+dfsg/bench/java/good/SCID.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/SCID.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/SCID_nonnull.java why-2.30+dfsg/bench/java/good/SCID_nonnull.java --- why-2.29+dfsg/bench/java/good/SCID_nonnull.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/SCID_nonnull.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Search.java why-2.30+dfsg/bench/java/good/Search.java --- why-2.29+dfsg/bench/java/good/Search.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Search.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/SimpleNew.java why-2.30+dfsg/bench/java/good/SimpleNew.java --- why-2.29+dfsg/bench/java/good/SimpleNew.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/SimpleNew.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Sorting.java why-2.30+dfsg/bench/java/good/Sorting.java --- why-2.29+dfsg/bench/java/good/Sorting.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Sorting.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Sort.java why-2.30+dfsg/bench/java/good/Sort.java --- why-2.29+dfsg/bench/java/good/Sort.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Sort.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/StaticTyping.java why-2.30+dfsg/bench/java/good/StaticTyping.java --- why-2.29+dfsg/bench/java/good/StaticTyping.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/StaticTyping.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Subclass.java why-2.30+dfsg/bench/java/good/Subclass.java --- why-2.29+dfsg/bench/java/good/Subclass.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Subclass.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Switch.java why-2.30+dfsg/bench/java/good/Switch.java --- why-2.29+dfsg/bench/java/good/Switch.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Switch.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Termination.java why-2.30+dfsg/bench/java/good/Termination.java --- why-2.29+dfsg/bench/java/good/Termination.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Termination.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/TestExceptions.java why-2.30+dfsg/bench/java/good/TestExceptions.java --- why-2.29+dfsg/bench/java/good/TestExceptions.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/TestExceptions.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/TestSuperConstructor.java why-2.30+dfsg/bench/java/good/TestSuperConstructor.java --- why-2.29+dfsg/bench/java/good/TestSuperConstructor.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/TestSuperConstructor.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Trace.java why-2.30+dfsg/bench/java/good/Trace.java --- why-2.29+dfsg/bench/java/good/Trace.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Trace.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/bench/java/good/Validity.java why-2.30+dfsg/bench/java/good/Validity.java --- why-2.29+dfsg/bench/java/good/Validity.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/bench/java/good/Validity.java 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/c/cabsint.ml why-2.30+dfsg/c/cabsint.ml --- why-2.29+dfsg/c/cabsint.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cabsint.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cast_misc.ml why-2.30+dfsg/c/cast_misc.ml --- why-2.29+dfsg/c/cast_misc.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cast_misc.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cast_misc.mli why-2.30+dfsg/c/cast_misc.mli --- why-2.29+dfsg/c/cast_misc.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cast_misc.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cast.mli why-2.30+dfsg/c/cast.mli --- why-2.29+dfsg/c/cast.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cast.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cconst.mli why-2.30+dfsg/c/cconst.mli --- why-2.29+dfsg/c/cconst.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cconst.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cconst.mll why-2.30+dfsg/c/cconst.mll --- why-2.29+dfsg/c/cconst.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cconst.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/ceffect.ml why-2.30+dfsg/c/ceffect.ml --- why-2.29+dfsg/c/ceffect.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/ceffect.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -73,13 +73,13 @@ let print_effects2 fmt l = fprintf fmt "@[%a@]" (print_list space (fun fmt (z,s,_) ->let z = repr z in - fprintf fmt " %s_%s_%d " s z.name z.number)) + fprintf fmt " %s_%s_%d " s z.Info.name z.number)) (ZoneSet.elements l) let print_effects3 fmt l = fprintf fmt "@[%a@]" (print_list space (fun fmt (z,s,_) -> let z = repr z in - fprintf fmt " %s_%s:%b " s z.name z.zone_is_var)) + fprintf fmt " %s_%s:%b " s z.Info.name z.zone_is_var)) (ZoneSet.elements l) let alloc = @@ -158,7 +158,7 @@ try Hashtbl.find type_why_table z with Not_found -> - Format.eprintf "no why type table for zone %s@\n" z.name; + Format.eprintf "no why type table for zone %s@\n" z.Info.name; assert false in Hashtbl.find table v diff -Nru why-2.29+dfsg/c/ceffect.mli why-2.30+dfsg/c/ceffect.mli --- why-2.29+dfsg/c/ceffect.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/ceffect.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cenv.ml why-2.30+dfsg/c/cenv.ml --- why-2.29+dfsg/c/cenv.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cenv.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cenv.mli why-2.30+dfsg/c/cenv.mli --- why-2.29+dfsg/c/cenv.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cenv.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cerror.mli why-2.30+dfsg/c/cerror.mli --- why-2.29+dfsg/c/cerror.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cerror.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cgraph.ml why-2.30+dfsg/c/cgraph.ml --- why-2.29+dfsg/c/cgraph.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cgraph.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cgraph.mli why-2.30+dfsg/c/cgraph.mli --- why-2.29+dfsg/c/cgraph.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cgraph.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cinit.ml why-2.30+dfsg/c/cinit.ml --- why-2.29+dfsg/c/cinit.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cinit.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cinit.mli why-2.30+dfsg/c/cinit.mli --- why-2.29+dfsg/c/cinit.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cinit.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cinterp.ml why-2.30+dfsg/c/cinterp.ml --- why-2.29+dfsg/c/cinterp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cinterp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -872,31 +872,31 @@ LAnd (LPred ("le_int", [LConst (Prim_int min); t]), LPred ("le_int", [t; LConst (Prim_int max)])) in - (Type (name, [])) + (Type (id_no_loc name, [])) :: - (Logic (false, of_name, ["x", lt], simple_logic_type "int")) + (Logic (false, id_no_loc of_name, ["x", lt], simple_logic_type "int")) :: - (Goal(KAxiom,name ^ "_domain", + (Goal(KAxiom,id_no_loc (name ^ "_domain"), LForall ("x", lt, [],in_bounds (LApp (of_name, [LVar "x"]))))) :: (if int_model = IMmodulo then let width = LConst (Prim_int (Invariant.string_two_power_n size)) in let fmod t = LApp (mod_name, [t]) in - [Logic (false, mod_name, + [Logic (false, id_no_loc mod_name, ["x", simple_logic_type "int"], simple_logic_type "int"); - Goal(KAxiom,mod_name ^ "_id", + Goal(KAxiom,id_no_loc (mod_name ^ "_id"), LForall ("x", simple_logic_type "int", [], LImpl (in_bounds (LVar "x"), LPred ("eq", [LApp (mod_name, [LVar "x"]); LVar "x"])))); - Goal(KAxiom,mod_name ^ "_lt", + Goal(KAxiom,id_no_loc (mod_name ^ "_lt"), LForall ("x", simple_logic_type "int", [], LImpl (LPred ("lt_int", [LVar "x"; LConst (Prim_int min)]), LPred ("eq", [fmod (LVar "x"); fmod (LApp ("add_int", [LVar "x"; width]))])))); - Goal(KAxiom,mod_name ^ "_gt", + Goal(KAxiom,id_no_loc (mod_name ^ "_gt"), LForall ("x", simple_logic_type "int", [], LImpl (LPred ("gt_int", [LVar "x"; LConst (Prim_int max)]), @@ -914,15 +914,15 @@ if int_model = IMbounded then LVar "x" else LApp (mod_name, [LVar "x"])]) in - Param (false, name ^ "_of_int", + Param (false, id_no_loc (name ^ "_of_int"), Prod_type ("x", int, Annot_type (pre, Base_type lt, [], [], post, [])))) :: - (Param (false, "any_" ^ name, + (Param (false, id_no_loc ("any_" ^ name), Prod_type ("x", unit_type, Annot_type (LTrue, Base_type lt, [], [], LTrue, [])))) :: - (Exception ("Return_" ^ name, Some lt)) + (Exception (id_no_loc ("Return_" ^ name), Some lt)) :: acc in @@ -936,11 +936,11 @@ let of_name = "of_" ^ name in let is_enum = "is_" ^ name in let lt = simple_logic_type name in - (Type (name, [])) + (Type (id_no_loc name, [])) :: - (Logic (false, of_name, ["x", lt], simple_logic_type "int")) + (Logic (false, id_no_loc of_name, ["x", lt], simple_logic_type "int")) :: - (Predicate (false, is_enum, ["x", simple_logic_type "int"], + (Predicate (false, id_no_loc is_enum, ["x", simple_logic_type "int"], List.fold_left (fun p (_,v) -> let v = Int64.to_string v in @@ -948,10 +948,10 @@ make_or p p1) LFalse vl)) :: - (Goal(KAxiom,name ^ "_domain", + (Goal(KAxiom,id_no_loc (name ^ "_domain"), LForall ("x", lt, [],LPred (is_enum, [LApp (of_name, [LVar "x"])])))) :: - (Param (false, name ^ "_of_int", + (Param (false, id_no_loc (name ^ "_of_int"), Prod_type ("x", int, let pre = LPred (is_enum, [LVar "x"]) in let post = @@ -960,11 +960,11 @@ in Annot_type (pre, Base_type lt, [], [], post, [])))) :: - (Param (false, "any_" ^ name, + (Param (false, id_no_loc ("any_" ^ name), Prod_type ("x", unit_type, Annot_type (LTrue, Base_type lt, [], [], LTrue, [])))) :: - (Exception ("Return_" ^ name, Some lt)) + (Exception (id_no_loc ("Return_" ^ name), Some lt)) :: (List.fold_left (fun acc (info,v) -> @@ -972,8 +972,8 @@ let v = Int64.to_string v in let a = LPred ("eq_int", [LApp (of_name, [LVar x]); LConst (Prim_int v)]) in - (Logic (false, x, [], lt)) :: - (Goal(KAxiom,"enum_" ^ s ^ "_" ^ x, a)) :: acc) + (Logic (false, id_no_loc x, [], lt)) :: + (Goal(KAxiom,id_no_loc ("enum_" ^ s ^ "_" ^ x), a)) :: acc) acc vl) (****** let ty = noattr tyn in @@ -1014,8 +1014,8 @@ let x = info.var_unique_name in let v = Int64.to_string v in let a = LPred ("eq_int", [LVar x; LConst (Prim_int v)]) in - (Logic (false, x, [], simple_logic_type "int")) :: - (Goal(KAxiom,"enum_" ^ n ^ "_" ^ x, a)) :: acc) + (Logic (false, id_no_loc x, [], simple_logic_type "int")) :: + (Goal(KAxiom,id_no_loc ("enum_" ^ n ^ "_" ^ x), a)) :: acc) acc vl in Cenv.fold_all_enum @@ -1842,7 +1842,7 @@ (*else acc*)) e.Ceffect.reads args in if args = [] then acc else - (Predicate(false,id,args,interp_predicate None "" p))::acc) + (Predicate(false,id_no_loc id,args,interp_predicate None "" p))::acc) Ceffect.strong_invariants_2 [] @@ -2435,11 +2435,11 @@ (Base_type ([],"prop")) in *) - Logic(false, id.logic_name, args, simple_logic_type "prop") + Logic(false, id_no_loc id.logic_name, args, simple_logic_type "prop") | NPredicate_def(args,p) -> let a = interp_predicate None "" p in let args = interp_predicate_args id args in - Predicate(false,id.logic_name, args,a) + Predicate(false,id_no_loc id.logic_name, args,a) | NFunction(args,ret,_) -> let ret_type = Info.output_why_type (Cenv.type_type_why ret false) @@ -2478,7 +2478,7 @@ (fun (z,_,ty) t -> ("",Info.output_why_type (Info.Memory(ty,z)))::t) id.logic_heap_zone args in - Logic(false,id.logic_name,args,(*simple_logic_type*) ret_type) + Logic(false,id_no_loc id.logic_name,args,(*simple_logic_type*) ret_type) | NFunction_def(args,ret,e) -> let e = interp_term None "" e in let ret_type = @@ -2499,7 +2499,7 @@ | _ -> assert false *) in let args = interp_predicate_args id args in - Output.Function(false,id.logic_name,args,(* simple_logic_type *) ret_type,e) + Output.Function(false,id_no_loc id.logic_name,args,(* simple_logic_type *) ret_type,e) let interp_axiom p = let a = interp_predicate None "" p @@ -2615,7 +2615,7 @@ tpl annot_type in - tpl,pre_with,post, Param (false, id.fun_unique_name ^ "_parameter", ty) + tpl,pre_with,post, Param (false, id_no_loc (id.fun_unique_name ^ "_parameter"), ty) (**** CODE TRANSFERRED TO make_enum_types_decls let interp_type loc ctype = match ctype.Ctypes.ctype_node with @@ -2645,7 +2645,7 @@ | Naxiom(id,p) -> lprintf "translating axiom declaration %s@." id; let a = interp_axiom p in - Goal(KAxiom,id,a)::why_spec + Goal(KAxiom,id_no_loc id,a)::why_spec | Ninvariant(id,_p) -> lprintf "translating invariant declaration %s@." id; why_spec @@ -2709,7 +2709,7 @@ list_of_refs tblock in printf "generating Why code for function %s@." f; - ((f, Def(why_name, + ((f, Def(id_no_loc why_name, mk_expr (Fun(tparams,pre,tblock,post,[]))))::why_code, tspec :: why_spec) with Error (_, Cerror.Unsupported s) -> @@ -2734,7 +2734,7 @@ let code = Hashtbl.fold (fun lab () acc -> - (lab,Exception("Goto_"^lab,None))::acc) labels_table code + (lab,Exception(id_no_loc ("Goto_"^lab),None))::acc) labels_table code in (code,spec) diff -Nru why-2.29+dfsg/c/cinterp.mli why-2.30+dfsg/c/cinterp.mli --- why-2.29+dfsg/c/cinterp.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cinterp.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/clexer.mll why-2.30+dfsg/c/clexer.mll --- why-2.29+dfsg/c/clexer.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/clexer.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cllexer.mll why-2.30+dfsg/c/cllexer.mll --- why-2.29+dfsg/c/cllexer.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cllexer.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/clogic.mli why-2.30+dfsg/c/clogic.mli --- why-2.29+dfsg/c/clogic.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/clogic.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/clparser.mly why-2.30+dfsg/c/clparser.mly --- why-2.29+dfsg/c/clparser.mly 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/clparser.mly 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/c/cltyping.ml why-2.30+dfsg/c/cltyping.ml --- why-2.29+dfsg/c/cltyping.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cltyping.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cltyping.mli why-2.30+dfsg/c/cltyping.mli --- why-2.29+dfsg/c/cltyping.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cltyping.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cmain.ml why-2.30+dfsg/c/cmain.ml --- why-2.29+dfsg/c/cmain.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cmain.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -132,7 +132,7 @@ (fun name z -> match z.Info.repr with | None -> - let d = Type (name,[]) in + let d = Type (id_no_loc name,[]) in fprintf fmt "@[%a@]" fprintf_why_decls [d] | Some _ -> ()) Cenv.zone_table; @@ -151,7 +151,7 @@ Hashtbl.iter (fun v bt -> let d = Param - (false, v, + (false, id_no_loc v, Ref_type (Base_type (Info.output_why_type ~quote_var:false bt.Info.var_why_type))) in fprintf fmt "@[%a@]" fprintf_why_decls [d]) diff -Nru why-2.29+dfsg/c/cmake.ml why-2.30+dfsg/c/cmake.ml --- why-2.29+dfsg/c/cmake.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cmake.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cmake.mli why-2.30+dfsg/c/cmake.mli --- why-2.29+dfsg/c/cmake.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cmake.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cnorm.ml why-2.30+dfsg/c/cnorm.ml --- why-2.29+dfsg/c/cnorm.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cnorm.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cnorm.mli why-2.30+dfsg/c/cnorm.mli --- why-2.29+dfsg/c/cnorm.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cnorm.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/coptions.ml why-2.30+dfsg/c/coptions.ml --- why-2.29+dfsg/c/coptions.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/coptions.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/coptions.mli why-2.30+dfsg/c/coptions.mli --- why-2.29+dfsg/c/coptions.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/coptions.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cparser.mly why-2.30+dfsg/c/cparser.mly --- why-2.29+dfsg/c/cparser.mly 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cparser.mly 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/c/cpp.mli why-2.30+dfsg/c/cpp.mli --- why-2.29+dfsg/c/cpp.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cpp.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cpp.mll why-2.30+dfsg/c/cpp.mll --- why-2.29+dfsg/c/cpp.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cpp.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cprint_annot.ml why-2.30+dfsg/c/cprint_annot.ml --- why-2.29+dfsg/c/cprint_annot.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cprint_annot.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cprint_graph.ml why-2.30+dfsg/c/cprint_graph.ml --- why-2.29+dfsg/c/cprint_graph.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cprint_graph.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cprint_graph.mli why-2.30+dfsg/c/cprint_graph.mli --- why-2.29+dfsg/c/cprint_graph.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cprint_graph.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cprint.ml why-2.30+dfsg/c/cprint.ml --- why-2.29+dfsg/c/cprint.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cprint.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cprint.mli why-2.30+dfsg/c/cprint.mli --- why-2.29+dfsg/c/cprint.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cprint.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cptr.ml why-2.30+dfsg/c/cptr.ml --- why-2.29+dfsg/c/cptr.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cptr.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cptr.mli why-2.30+dfsg/c/cptr.mli --- why-2.29+dfsg/c/cptr.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cptr.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/creport.ml why-2.30+dfsg/c/creport.ml --- why-2.29+dfsg/c/creport.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/creport.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/creport.mli why-2.30+dfsg/c/creport.mli --- why-2.29+dfsg/c/creport.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/creport.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cseparation.ml why-2.30+dfsg/c/cseparation.ml --- why-2.29+dfsg/c/cseparation.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cseparation.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cseparation.mli why-2.30+dfsg/c/cseparation.mli --- why-2.29+dfsg/c/cseparation.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cseparation.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/csymbol.ml why-2.30+dfsg/c/csymbol.ml --- why-2.29+dfsg/c/csymbol.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/csymbol.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/ctypes.ml why-2.30+dfsg/c/ctypes.ml --- why-2.29+dfsg/c/ctypes.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/ctypes.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/ctypes.mli why-2.30+dfsg/c/ctypes.mli --- why-2.29+dfsg/c/ctypes.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/ctypes.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/ctyping.ml why-2.30+dfsg/c/ctyping.ml --- why-2.29+dfsg/c/ctyping.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/ctyping.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/ctyping.mli why-2.30+dfsg/c/ctyping.mli --- why-2.29+dfsg/c/ctyping.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/ctyping.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cutil.ml why-2.30+dfsg/c/cutil.ml --- why-2.29+dfsg/c/cutil.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cutil.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/cutil.mli why-2.30+dfsg/c/cutil.mli --- why-2.29+dfsg/c/cutil.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/cutil.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/info.ml why-2.30+dfsg/c/info.ml --- why-2.29+dfsg/c/info.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/info.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/info.mli why-2.30+dfsg/c/info.mli --- why-2.29+dfsg/c/info.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/info.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/invariant.ml why-2.30+dfsg/c/invariant.ml --- why-2.29+dfsg/c/invariant.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/invariant.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/c/invariant.mli why-2.30+dfsg/c/invariant.mli --- why-2.29+dfsg/c/invariant.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/c/invariant.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/CHANGES why-2.30+dfsg/CHANGES --- why-2.29+dfsg/CHANGES 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/CHANGES 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,38 @@ +version 2.30, Oct 24, 2011 +========================== + + o [Jessie and Krakatoa] manuals have been extensively updated to + adopt the Why3 back-ends + o [Jessie/Frama-C plugin] the default back-end is now to call Why3 + VC generator, and then the Why3 IDE. The former behavior can be + obtained using option -jessie-atp=gui + o [Krakatoa] new option -gen-only whichs stops after generation of + jessie file. The default is now to start jessie and then Why3 IDE. + the old usage "gwhy file.java" continues to use the Why2 backend. + o [Krakatoa/Jessie/Frama-C plugin] fixed traceability issues + o [Krakatoa/Jessie/Frama-C plugin] new backend using Why3 VC generator + o [Jessie] add extensionality axiom to integer range type. allows to + prove valid properties that were unprovable before. + o [Caduceus] support discontinued, not distributed anymore + o [Why3 output] support for syntax changes of Why3 0.70 + o [Why3 output] better explanations + o [Why] fix encoding to multi-sorted logic with finite type + o [Why] option -default-locs + o [Why] added support for Vampire (based on simplify output) + o [Why] option --delete-old-vcs erases previous files when using + --multi-why or --multi-altergo + o [Why] option --multi-altergo outputs VCs in separate files, like + --multi-why but in Alt-Ergo's syntax instead of the general Why's + syntax (e.g. algebraic types are encoded for Alt-Ergo) + o [Jessie] fixed bug with region analysis, case of pointer + comparison in annotations. fixes Frama-C BTS 0814 + o [Krakatoa] fixed a problem with scope of labels + o [Krakatoa] fixed support for string constants + o [Jessie] order of lemmas now kept the same as in the input. Fixes + Frama-C BTS 0024 + o [Why lib] completed axiomatization of floats + version 2.29, Mar 1, 2011 ========================= diff -Nru why-2.29+dfsg/config/check_ocamlgraph.ml why-2.30+dfsg/config/check_ocamlgraph.ml --- why-2.29+dfsg/config/check_ocamlgraph.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/config/check_ocamlgraph.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/configure why-2.30+dfsg/configure --- why-2.29+dfsg/configure 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/configure 2011-10-24 15:21:06.000000000 +0000 @@ -1,11 +1,13 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.64. +# Generated by GNU Autoconf 2.68. +# # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software # Foundation, Inc. # +# # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## @@ -87,6 +89,7 @@ IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. +as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -211,11 +214,18 @@ # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. + # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV export CONFIG_SHELL - exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} + case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; + esac + exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"} fi if test x$as_have_required = xno; then : @@ -313,7 +323,7 @@ test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p @@ -353,19 +363,19 @@ fi # as_fn_arith -# as_fn_error ERROR [LINENO LOG_FD] -# --------------------------------- +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with status $?, using 1 if that was 0. +# script with STATUS, using 1 if that was 0. as_fn_error () { - as_status=$?; test $as_status -eq 0 && as_status=1 - if test "$3"; then - as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $1" >&2 + $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -523,10 +533,11 @@ as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" -exec 7<&0 &1 +test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. -# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` @@ -708,8 +719,9 @@ fi case $ac_option in - *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; - *) ac_optarg=yes ;; + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. @@ -754,7 +766,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -780,7 +792,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -984,7 +996,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1000,7 +1012,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1030,8 +1042,8 @@ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) as_fn_error "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information." + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" ;; *=*) @@ -1039,7 +1051,7 @@ # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error "invalid variable name: \`$ac_envvar'" ;; + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; @@ -1049,7 +1061,7 @@ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 - : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac @@ -1057,13 +1069,13 @@ if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` - as_fn_error "missing argument to $ac_option" + as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; - fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi @@ -1086,7 +1098,7 @@ [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac - as_fn_error "expected an absolute directory name for --$ac_var: $ac_val" + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' @@ -1100,8 +1112,8 @@ if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe - $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. - If a cross compiler is detected then cross compile mode will be used." >&2 + $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used" >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi @@ -1116,9 +1128,9 @@ ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - as_fn_error "working directory cannot be determined" + as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - as_fn_error "pwd does not report name of working directory" + as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. @@ -1157,11 +1169,11 @@ fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - as_fn_error "cannot find sources ($ac_unique_file) in $srcdir" + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg" + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then @@ -1201,7 +1213,7 @@ --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking...' messages + -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files @@ -1321,9 +1333,9 @@ if $ac_init_version; then cat <<\_ACEOF configure -generated by GNU Autoconf 2.64 +generated by GNU Autoconf 2.68 -Copyright (C) 2009 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -1338,7 +1350,7 @@ running configure, to aid debugging if configure makes a mistake. It was created by $as_me, which was -generated by GNU Autoconf 2.64. Invocation command line was +generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -1448,11 +1460,9 @@ { echo - cat <<\_ASBOX -## ---------------- ## + $as_echo "## ---------------- ## ## Cache variables. ## -## ---------------- ## -_ASBOX +## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( @@ -1486,11 +1496,9 @@ ) echo - cat <<\_ASBOX -## ----------------- ## + $as_echo "## ----------------- ## ## Output variables. ## -## ----------------- ## -_ASBOX +## ----------------- ##" echo for ac_var in $ac_subst_vars do @@ -1503,11 +1511,9 @@ echo if test -n "$ac_subst_files"; then - cat <<\_ASBOX -## ------------------- ## + $as_echo "## ------------------- ## ## File substitutions. ## -## ------------------- ## -_ASBOX +## ------------------- ##" echo for ac_var in $ac_subst_files do @@ -1521,11 +1527,9 @@ fi if test -s confdefs.h; then - cat <<\_ASBOX -## ----------- ## + $as_echo "## ----------- ## ## confdefs.h. ## -## ----------- ## -_ASBOX +## ----------- ##" echo cat confdefs.h echo @@ -1580,7 +1584,12 @@ ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then - ac_site_file1=$CONFIG_SITE + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site @@ -1591,18 +1600,22 @@ for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue - if test -r "$ac_site_file"; then + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 - . "$ac_site_file" + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then - # Some versions of bash will fail to source /dev/null (special - # files actually), so we avoid doing that. - if test -f "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in @@ -1671,7 +1684,7 @@ $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## @@ -1706,7 +1719,7 @@ set dummy ocamlc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLC+set}" = set; then : +if ${ac_cv_prog_OCAMLC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLC"; then @@ -1741,7 +1754,7 @@ if test "$OCAMLC" = no ; then - as_fn_error "Cannot find ocamlc." "$LINENO" 5 + as_fn_error $? "Cannot find ocamlc." "$LINENO" 5 fi # we extract Ocaml version number @@ -1750,7 +1763,7 @@ case $OCAMLVERSION in 0.*|1.*|2.00|3.00*|3.01*|3.02*|3.03*|3.04*|3.05*|3.06*|3.07*) - as_fn_error "You need Objective 3.08 or later" "$LINENO" 5;; + as_fn_error $? "You need Objective 3.08 or later" "$LINENO" 5;; 3.08.2) FORPACK="" OCAMLV=3082;; @@ -1794,7 +1807,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unix" >&5 $as_echo "Unix" >&6; } ;; - *) as_fn_error "Unknown OS type: $OSTYPE" "$LINENO" 5 + *) as_fn_error $? "Unknown OS type: $OSTYPE" "$LINENO" 5 ;; esac @@ -1806,7 +1819,7 @@ set dummy ocamlopt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLOPT+set}" = set; then : +if ${ac_cv_prog_OCAMLOPT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLOPT"; then @@ -1864,7 +1877,7 @@ set dummy ocamlc.opt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLCDOTOPT+set}" = set; then : +if ${ac_cv_prog_OCAMLCDOTOPT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLCDOTOPT"; then @@ -1918,7 +1931,7 @@ set dummy ocamlopt.opt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLOPTDOTOPT+set}" = set; then : +if ${ac_cv_prog_OCAMLOPTDOTOPT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLOPTDOTOPT"; then @@ -1972,7 +1985,7 @@ set dummy ocamldep; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLDEP+set}" = set; then : +if ${ac_cv_prog_OCAMLDEP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLDEP"; then @@ -2007,13 +2020,13 @@ if test "$OCAMLDEP" = no ; then - as_fn_error "Cannot find ocamldep." "$LINENO" 5 + as_fn_error $? "Cannot find ocamldep." "$LINENO" 5 else # Extract the first word of "ocamldep.opt", so it can be a program name with args. set dummy ocamldep.opt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLDEPDOTOPT+set}" = set; then : +if ${ac_cv_prog_OCAMLDEPDOTOPT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLDEPDOTOPT"; then @@ -2056,7 +2069,7 @@ set dummy ocamllex; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLLEX+set}" = set; then : +if ${ac_cv_prog_OCAMLLEX+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLLEX"; then @@ -2091,13 +2104,13 @@ if test "$OCAMLLEX" = no ; then - as_fn_error "Cannot find ocamllex." "$LINENO" 5 + as_fn_error $? "Cannot find ocamllex." "$LINENO" 5 else # Extract the first word of "ocamllex.opt", so it can be a program name with args. set dummy ocamllex.opt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLLEXDOTOPT+set}" = set; then : +if ${ac_cv_prog_OCAMLLEXDOTOPT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLLEXDOTOPT"; then @@ -2140,7 +2153,7 @@ set dummy ocamlyacc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLYACC+set}" = set; then : +if ${ac_cv_prog_OCAMLYACC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLYACC"; then @@ -2175,14 +2188,14 @@ if test "$OCAMLYACC" = no ; then - as_fn_error "Cannot find ocamlyacc." "$LINENO" 5 + as_fn_error $? "Cannot find ocamlyacc." "$LINENO" 5 fi # Extract the first word of "ocamldoc", so it can be a program name with args. set dummy ocamldoc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLDOC+set}" = set; then : +if ${ac_cv_prog_OCAMLDOC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLDOC"; then @@ -2224,7 +2237,7 @@ set dummy ocamldoc.opt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLDOCOPT+set}" = set; then : +if ${ac_cv_prog_OCAMLDOCOPT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLDOCOPT"; then @@ -2271,11 +2284,11 @@ as_ac_File=`$as_echo "ac_cv_file_$OCAMLLIB/ocamlgraph/graph.cmi" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $OCAMLLIB/ocamlgraph/graph.cmi" >&5 $as_echo_n "checking for $OCAMLLIB/ocamlgraph/graph.cmi... " >&6; } -if { as_var=$as_ac_File; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval \${$as_ac_File+:} false; then : $as_echo_n "(cached) " >&6 else test "$cross_compiling" = yes && - as_fn_error "cannot check for file existence when cross compiling" "$LINENO" 5 + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r "$OCAMLLIB/ocamlgraph/graph.cmi"; then eval "$as_ac_File=yes" else @@ -2285,8 +2298,7 @@ eval ac_res=\$$as_ac_File { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } -eval as_val=\$$as_ac_File - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_File"\" = x"yes"; then : OCAMLGRAPH=yes else OCAMLGRAPH=no @@ -2295,11 +2307,11 @@ if test "$OCAMLGRAPH" = no ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ocamlgraph/src/sig.mli" >&5 $as_echo_n "checking for ocamlgraph/src/sig.mli... " >&6; } -if test "${ac_cv_file_ocamlgraph_src_sig_mli+set}" = set; then : +if ${ac_cv_file_ocamlgraph_src_sig_mli+:} false; then : $as_echo_n "(cached) " >&6 else test "$cross_compiling" = yes && - as_fn_error "cannot check for file existence when cross compiling" "$LINENO" 5 + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r "ocamlgraph/src/sig.mli"; then ac_cv_file_ocamlgraph_src_sig_mli=yes else @@ -2308,14 +2320,14 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file_ocamlgraph_src_sig_mli" >&5 $as_echo "$ac_cv_file_ocamlgraph_src_sig_mli" >&6; } -if test "x$ac_cv_file_ocamlgraph_src_sig_mli" = x""yes; then : +if test "x$ac_cv_file_ocamlgraph_src_sig_mli" = xyes; then : OCAMLGRAPH=yes else OCAMLGRAPH=no fi if test "$OCAMLGRAPH" = no ; then - as_fn_error "Cannot find ocamlgraph library. Please install the *libocamlgraph-ocaml-dev* Debian package - or use the GODI caml package system *http://godi.ocaml-programming.de/* - or compile from sources *http://ocamlgraph.lri.fr/*" "$LINENO" 5 + as_fn_error $? "Cannot find ocamlgraph library. Please install the *libocamlgraph-ocaml-dev* Debian package - or use the GODI caml package system *http://godi.ocaml-programming.de/* - or compile from sources *http://ocamlgraph.lri.fr/*" "$LINENO" 5 else OCAMLGRAPHLIB="-I ocamlgraph" OCAMLGRAPHVER=" in local subdir ocamlgraph" @@ -2335,7 +2347,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } else - as_fn_error "cannot compile ocamlgraph in ocamlgraph" "$LINENO" 5 + as_fn_error $? "cannot compile ocamlgraph in ocamlgraph" "$LINENO" 5 fi fi @@ -2343,11 +2355,11 @@ as_ac_File=`$as_echo "ac_cv_file_$OCAMLLIB/lablgtk2/lablgtk.cma" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $OCAMLLIB/lablgtk2/lablgtk.cma" >&5 $as_echo_n "checking for $OCAMLLIB/lablgtk2/lablgtk.cma... " >&6; } -if { as_var=$as_ac_File; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval \${$as_ac_File+:} false; then : $as_echo_n "(cached) " >&6 else test "$cross_compiling" = yes && - as_fn_error "cannot check for file existence when cross compiling" "$LINENO" 5 + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r "$OCAMLLIB/lablgtk2/lablgtk.cma"; then eval "$as_ac_File=yes" else @@ -2357,8 +2369,7 @@ eval ac_res=\$$as_ac_File { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } -eval as_val=\$$as_ac_File - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_File"\" = x"yes"; then : LABLGTK2=yes else LABLGTK2=no @@ -2373,7 +2384,7 @@ set dummy ocamlweb; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OCAMLWEB+set}" = set; then : +if ${ac_cv_prog_OCAMLWEB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OCAMLWEB"; then @@ -2423,11 +2434,11 @@ as_ac_File=`$as_echo "ac_cv_file_$OCAMLLIB/apron/apron.cmxa" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $OCAMLLIB/apron/apron.cmxa" >&5 $as_echo_n "checking for $OCAMLLIB/apron/apron.cmxa... " >&6; } -if { as_var=$as_ac_File; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval \${$as_ac_File+:} false; then : $as_echo_n "(cached) " >&6 else test "$cross_compiling" = yes && - as_fn_error "cannot check for file existence when cross compiling" "$LINENO" 5 + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r "$OCAMLLIB/apron/apron.cmxa"; then eval "$as_ac_File=yes" else @@ -2437,8 +2448,7 @@ eval ac_res=\$$as_ac_File { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } -eval as_val=\$$as_ac_File - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_File"\" = x"yes"; then : APRONLIB="-I +apron" else APRONLIB=no @@ -2447,11 +2457,11 @@ if test "$APRONLIB" = no ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /usr/lib/apron.cmxa" >&5 $as_echo_n "checking for /usr/lib/apron.cmxa... " >&6; } -if test "${ac_cv_file__usr_lib_apron_cmxa+set}" = set; then : +if ${ac_cv_file__usr_lib_apron_cmxa+:} false; then : $as_echo_n "(cached) " >&6 else test "$cross_compiling" = yes && - as_fn_error "cannot check for file existence when cross compiling" "$LINENO" 5 + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r "/usr/lib/apron.cmxa"; then ac_cv_file__usr_lib_apron_cmxa=yes else @@ -2460,7 +2470,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__usr_lib_apron_cmxa" >&5 $as_echo "$ac_cv_file__usr_lib_apron_cmxa" >&6; } -if test "x$ac_cv_file__usr_lib_apron_cmxa" = x""yes; then : +if test "x$ac_cv_file__usr_lib_apron_cmxa" = xyes; then : APRONLIB="-I /usr/lib -I /usr/local/lib" else APRONLIB=no @@ -2492,7 +2502,7 @@ set dummy frama-c; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_FRAMAC+set}" = set; then : +if ${ac_cv_prog_FRAMAC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$FRAMAC"; then @@ -2538,10 +2548,10 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FRAMACVERSION" >&5 $as_echo "$FRAMACVERSION" >&6; } case $FRAMACVERSION in - Carbon-20110201) + Nitrogen-20111001) FRAMAC=yes ;; - *) FRAMACMSG="you need Frama-C version Carbon-20110201 (no beta please!)" + *) FRAMACMSG="you need Frama-C version Nitrogen-20111001" FRAMAC=no { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $FRAMACMSG" >&5 $as_echo "$as_me: WARNING: $FRAMACMSG" >&2;} @@ -2555,7 +2565,7 @@ set dummy camlp4o; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_CAMLP4O+set}" = set; then : +if ${ac_cv_prog_CAMLP4O+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CAMLP4O"; then @@ -2590,14 +2600,14 @@ if test "$CAMLP4O" = no ; then - as_fn_error "Cannot find camlp4o." "$LINENO" 5 + as_fn_error $? "Cannot find camlp4o." "$LINENO" 5 fi CAMLP4LIB=`camlp4o -where` CAMLP4VERSION=`$CAMLP4O -v 2>&1 | sed -n -e 's|.*version *\(.*\)$|\1|p'` { $as_echo "$as_me:${as_lineno-$LINENO}: checking camlp4 version" >&5 $as_echo_n "checking camlp4 version... " >&6; } if test "$CAMLP4VERSION" != "$OCAMLVERSION" ; then - as_fn_error "differs from ocaml version" "$LINENO" 5 + as_fn_error $? "differs from ocaml version" "$LINENO" 5 else { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } @@ -2611,7 +2621,7 @@ set dummy coqc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_COQC+set}" = set; then : +if ${ac_cv_prog_COQC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$COQC"; then @@ -2655,7 +2665,7 @@ set dummy coqdep; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_COQDEP+set}" = set; then : +if ${ac_cv_prog_COQDEP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$COQDEP"; then @@ -2690,7 +2700,7 @@ if test "$COQDEP" = true ; then - as_fn_error "Cannot find coqdep." "$LINENO" 5 + as_fn_error $? "Cannot find coqdep." "$LINENO" 5 fi COQLIB=`$COQC -where | sed -e 's|\\\|/|g' -e 's| |\\ |g'` { $as_echo "$as_me:${as_lineno-$LINENO}: checking Coq version" >&5 @@ -2727,23 +2737,28 @@ esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking Coq floating-point library" >&5 $as_echo_n "checking Coq floating-point library... " >&6; } - case $COQVERSION in - 8.2*|8.3*|trunk) - if test -f "$COQLIB/user-contrib/Flocq/Core/Fcore.vo"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + if test -f "$COQLIB/user-contrib/Flocq/Core/Fcore.vo"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + WHYFLOATS="lib/coq/WhyFloats.vo lib/coq/WhyFloatsStrict.vo" + COQFLOATSMSG=yes + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + COQFLOATSMSG="no (Coq library Flocq/Core/Fcore.vo not found)" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking Coq legacy floating-point library" >&5 +$as_echo_n "checking Coq legacy floating-point library... " >&6; } + if test -f "$COQLIB/user-contrib/AllFloat.vo" || test -f "$COQLIB/user-contrib/Float/AllFloat.vo"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - WHYFLOATS="lib/coq/WhyFloats.vo lib/coq/WhyFloatsStrict.vo" - COQFLOATSMSG=yes - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + WHYFLOATS="$WHYFLOATS lib/coq/WhyFloatsStrictLegacy.vo" + COQFLOATSLEGACYMSG=yes + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - COQFLOATSMSG="no (Coq library Flocq/Core/Fcore.vo not found)" - fi - ;; - *) - COQFLOATSMSG="no (requires Coq version >= 8.2)" - ;; - esac + COQFLOATSLEGACYMSG="no (Coq library AllFloat.vo not found)" + fi ;; *) COQ=no @@ -2759,7 +2774,7 @@ set dummy pvs; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_path_PVSC+set}" = set; then : +if ${ac_cv_path_PVSC+:} false; then : $as_echo_n "(cached) " >&6 else case $PVSC in @@ -2815,7 +2830,7 @@ set dummy mizf; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_MIZF+set}" = set; then : +if ${ac_cv_prog_MIZF+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$MIZF"; then @@ -2989,10 +3004,21 @@ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then - test "x$cache_file" != "x/dev/null" && + if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} - cat confcache >$cache_file + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} @@ -3044,6 +3070,7 @@ ac_libobjs= ac_ltlibobjs= +U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' @@ -3059,7 +3086,7 @@ -: ${CONFIG_STATUS=./config.status} +: "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" @@ -3160,6 +3187,7 @@ IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. +as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -3205,19 +3233,19 @@ (unset CDPATH) >/dev/null 2>&1 && unset CDPATH -# as_fn_error ERROR [LINENO LOG_FD] -# --------------------------------- +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with status $?, using 1 if that was 0. +# script with STATUS, using 1 if that was 0. as_fn_error () { - as_status=$?; test $as_status -eq 0 && as_status=1 - if test "$3"; then - as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $1" >&2 + $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -3413,7 +3441,7 @@ test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p @@ -3467,7 +3495,7 @@ # values after options handling. ac_log=" This file was extended by $as_me, which was -generated by GNU Autoconf 2.64. Invocation command line was +generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -3502,6 +3530,7 @@ -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit + --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files @@ -3516,12 +3545,13 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ config.status -configured by $0, generated by GNU Autoconf 2.64, - with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" +configured by $0, generated by GNU Autoconf 2.68, + with options \\"\$ac_cs_config\\" -Copyright (C) 2009 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -3536,11 +3566,16 @@ while test $# != 0 do case $1 in - --*=*) + --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; *) ac_option=$1 ac_optarg=$2 @@ -3554,12 +3589,15 @@ ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; @@ -3570,7 +3608,7 @@ ac_cs_silent=: ;; # This is an error. - -*) as_fn_error "unrecognized option: \`$1' + -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" @@ -3622,7 +3660,7 @@ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "bench/bench") CONFIG_FILES="$CONFIG_FILES bench/bench" ;; - *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done @@ -3643,9 +3681,10 @@ # after its creation but before its name has been assigned to `$tmp'. $debug || { - tmp= + tmp= ac_tmp= trap 'exit_status=$? - { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } @@ -3653,12 +3692,13 @@ { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && - test -n "$tmp" && test -d "$tmp" + test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") -} || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5 +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. @@ -3675,12 +3715,12 @@ fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then - ac_cs_awk_cr='\r' + ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi -echo 'BEGIN {' >"$tmp/subs1.awk" && +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF @@ -3689,18 +3729,18 @@ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 -ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi @@ -3708,7 +3748,7 @@ rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -cat >>"\$tmp/subs1.awk" <<\\_ACAWK && +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h @@ -3722,7 +3762,7 @@ t delim :nl h -s/\(.\{148\}\).*/\1/ +s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p @@ -3736,7 +3776,7 @@ t nl :delim h -s/\(.\{148\}\).*/\1/ +s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p @@ -3756,7 +3796,7 @@ rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK -cat >>"\$tmp/subs1.awk" <<_ACAWK && +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" @@ -3788,21 +3828,29 @@ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat -fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ - || as_fn_error "could not setup config files machinery" "$LINENO" 5 +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF -# VPATH may cause trouble with some makes, so we remove $(srcdir), -# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=/{ -s/:*\$(srcdir):*/:/ -s/:*\${srcdir}:*/:/ -s/:*@srcdir@:*/:/ -s/^\([^=]*=[ ]*\):*/\1/ + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// s/^[^=]*=[ ]*$// }' fi @@ -3820,7 +3868,7 @@ esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -3839,7 +3887,7 @@ for ac_f do case $ac_f in - -) ac_f="$tmp/stdin";; + -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. @@ -3848,7 +3896,7 @@ [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;; + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" @@ -3874,8 +3922,8 @@ esac case $ac_tag in - *:-:* | *:-) cat >"$tmp/stdin" \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac @@ -4000,23 +4048,24 @@ s&@abs_top_builddir@&$ac_abs_top_builddir&;t t $ac_datarootdir_hack " -eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && - { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && - { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined." >&5 +which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined." >&2;} +which seems to be undefined. Please make sure it is defined" >&2;} - rm -f "$tmp/stdin" + rm -f "$ac_tmp/stdin" case $ac_file in - -) cat "$tmp/out" && rm -f "$tmp/out";; - *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; @@ -4031,7 +4080,7 @@ ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || - as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. @@ -4052,7 +4101,7 @@ exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. - $ac_cs_success || as_fn_exit $? + $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 @@ -4089,7 +4138,8 @@ echo " : (Jessie Coq proofs disabled, requires >= 8.1)" fi echo " Lib : $COQLIB" - echo " Flocq : $COQFLOATSMSG" + echo " FP lib (Flocq) : $COQFLOATSMSG" + echo " FP lib (Float) : $COQFLOATSLEGACYMSG" fi echo "PVS support : $PVS" if test "$PVS" = "yes" ; then diff -Nru why-2.29+dfsg/configure.in why-2.30+dfsg/configure.in --- why-2.29+dfsg/configure.in 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/configure.in 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ # # # The Why platform for program certification # # # -# Copyright (C) 2002-2010 # +# Copyright (C) 2002-2011 # # # -# Jean-Christophe FILLIATRE, CNRS # +# Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 # # Claude MARCHE, INRIA & Univ. Paris-sud 11 # # Yannick MOY, Univ. Paris-sud 11 # # Romain BARDOU, Univ. Paris-sud 11 # -# Thierry HUBERT, Univ. Paris-sud 11 # # # # Secondary contributors: # # # +# Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) # # Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) # # Ali AYAD, CNRS & CEA Saclay (floating-point support) # # Sylvie BOLDO, INRIA (floating-point support) # @@ -295,10 +295,10 @@ FRAMACVERSION=`$FRAMAC -version | sed -n -e 's|Version: *\(.*\)$|\1|p' ` AC_MSG_RESULT($FRAMACVERSION) case $FRAMACVERSION in - Carbon-20110201) + Nitrogen-20111001) FRAMAC=yes ;; - *) FRAMACMSG="you need Frama-C version Carbon-20110201 (no beta please!)" + *) FRAMACMSG="you need Frama-C version Nitrogen-20111001" FRAMAC=no AC_MSG_WARN($FRAMACMSG) ;; @@ -376,21 +376,23 @@ cp -f lib/coq/WhyCoq8.v lib/coq/WhyCoqCompat.v;; esac AC_MSG_CHECKING(Coq floating-point library) - case $COQVERSION in - 8.2*|8.3*|trunk) - if test -f "$COQLIB/user-contrib/Flocq/Core/Fcore.vo"; then - AC_MSG_RESULT(yes) - WHYFLOATS="lib/coq/WhyFloats.vo lib/coq/WhyFloatsStrict.vo" - COQFLOATSMSG=yes - else - AC_MSG_RESULT(no) - COQFLOATSMSG="no (Coq library Flocq/Core/Fcore.vo not found)" - fi - ;; - *) - COQFLOATSMSG="no (requires Coq version >= 8.2)" - ;; - esac + if test -f "$COQLIB/user-contrib/Flocq/Core/Fcore.vo"; then + AC_MSG_RESULT(yes) + WHYFLOATS="lib/coq/WhyFloats.vo lib/coq/WhyFloatsStrict.vo" + COQFLOATSMSG=yes + else + AC_MSG_RESULT(no) + COQFLOATSMSG="no (Coq library Flocq/Core/Fcore.vo not found)" + fi + AC_MSG_CHECKING(Coq legacy floating-point library) + if test -f "$COQLIB/user-contrib/AllFloat.vo" || test -f "$COQLIB/user-contrib/Float/AllFloat.vo"; then + AC_MSG_RESULT(yes) + WHYFLOATS="$WHYFLOATS lib/coq/WhyFloatsStrictLegacy.vo" + COQFLOATSLEGACYMSG=yes + else + AC_MSG_RESULT(no) + COQFLOATSLEGACYMSG="no (Coq library AllFloat.vo not found)" + fi ;; *) COQ=no @@ -527,7 +529,8 @@ echo " : (Jessie Coq proofs disabled, requires >= 8.1)" fi echo " Lib : $COQLIB" - echo " Flocq : $COQFLOATSMSG" + echo " FP lib (Flocq) : $COQFLOATSMSG" + echo " FP lib (Float) : $COQFLOATSLEGACYMSG" fi echo "PVS support : $PVS" if test "$PVS" = "yes" ; then diff -Nru why-2.29+dfsg/debian/changelog why-2.30+dfsg/debian/changelog --- why-2.29+dfsg/debian/changelog 2011-11-19 18:41:44.000000000 +0000 +++ why-2.30+dfsg/debian/changelog 2012-01-02 14:57:17.000000000 +0000 @@ -1,8 +1,19 @@ -why (2.29+dfsg-4build1) precise; urgency=low +why (2.30+dfsg-1) unstable; urgency=low - * Rebuild for OCaml 3.12.1. + * New upstream release. + * Update patches: + - Rebase and update existing patches + - add 0004-Default-to-why2-for-jessie-atp.patch + - add 0005-Fix-Jc_annot_inference-use-old_reg_pos.patch + * Add (back) Build-Depends on coq-float. + * Bump build requirement for frama-c to 20111001+nitrogen+dfsg-1~. + * Bump Standards-Version to 3.9.2, no changes needed. + * Fix description-synopsis-starts-with-article in why's description. + * Fix copyright-refers-to-deprecated-bsd-license-file + * Fix spelling-error-in-binary + * Mark Coq 8.3pl3 as compatible with current Why - -- Colin Watson Sat, 19 Nov 2011 18:41:44 +0000 + -- Mehdi Dogguy Mon, 02 Jan 2012 15:39:47 +0100 why (2.29+dfsg-4) unstable; urgency=low diff -Nru why-2.29+dfsg/debian/control why-2.30+dfsg/debian/control --- why-2.29+dfsg/debian/control 2011-11-03 21:30:33.000000000 +0000 +++ why-2.30+dfsg/debian/control 2012-01-02 14:57:17.000000000 +0000 @@ -14,11 +14,12 @@ camlp4, liblablgtk2-ocaml-dev (>= 2.12.0-3~), coq (>= 8.3~), + libfloat-coq, libocamlgraph-ocaml-dev (>= 1.4~), - frama-c-base (>= 20110201+carbon+dfsg-2~), + frama-c-base (>= 20111001+nitrogen+dfsg-1~), libapron-ocaml-dev (>= 0.9.10-4~), camlidl -Standards-Version: 3.9.0 +Standards-Version: 3.9.2 Homepage: http://why.lri.fr/ Vcs-Browser: http://git.debian.org/?p=pkg-ocaml-maint/packages/why.git Vcs-Git: git://git.debian.org/git/pkg-ocaml-maint/packages/why.git @@ -32,7 +33,7 @@ make Suggests: libwhy-coq (= ${binary:Version}) Recommends: alt-ergo -Description: A software verification tool +Description: Software verification tool Why aims at being a verification conditions generator (VCG) back-end for other verification tools. It provides a powerful input language including higher-order functions, polymorphism, references, arrays and diff -Nru why-2.29+dfsg/debian/copyright why-2.30+dfsg/debian/copyright --- why-2.29+dfsg/debian/copyright 2011-11-03 21:30:33.000000000 +0000 +++ why-2.30+dfsg/debian/copyright 2012-01-02 14:57:17.000000000 +0000 @@ -85,4 +85,4 @@ On Debian systems, the complete text of the GNU Lesser General Public License can be found in `/usr/share/common-licenses/LGPL-2' and BSD -License in `/usr/share/common-licenses/BSD'. +License. diff -Nru why-2.29+dfsg/debian/patches/0001-Why-2.29-do-support-Coq-8.3.patch why-2.30+dfsg/debian/patches/0001-Why-2.29-do-support-Coq-8.3.patch --- why-2.29+dfsg/debian/patches/0001-Why-2.29-do-support-Coq-8.3.patch 2011-11-03 21:30:33.000000000 +0000 +++ why-2.30+dfsg/debian/patches/0001-Why-2.29-do-support-Coq-8.3.patch 2012-01-02 14:57:17.000000000 +0000 @@ -7,15 +7,15 @@ 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tools/dpConfig.ml b/tools/dpConfig.ml -index edaf366..8856081 100644 +index e298bcf..66be764 100644 --- a/tools/dpConfig.ml +++ b/tools/dpConfig.ml -@@ -199,7 +199,7 @@ let coq = +@@ -221,7 +221,7 @@ let coq = version = ""; version_switch = "-v"; version_regexp = "The Coq Proof Assistant, version \\([^ ]+\\)"; - versions_ok = ["8.0"; "8.1";"8.2";"8.2pl1"]; -+ versions_ok = ["8.0"; "8.1";"8.2";"8.2pl1";"8.3pl2"]; ++ versions_ok = ["8.0"; "8.1";"8.2";"8.2pl1";"8.3pl2";"8.3pl3"]; versions_old = ["7.4"]; command = "coqc"; command_switches = ""; diff -Nru why-2.29+dfsg/debian/patches/0002-Mark-alt-ergo-0.93-as-compatible.patch why-2.30+dfsg/debian/patches/0002-Mark-alt-ergo-0.93-as-compatible.patch --- why-2.29+dfsg/debian/patches/0002-Mark-alt-ergo-0.93-as-compatible.patch 2011-11-03 21:30:33.000000000 +0000 +++ why-2.30+dfsg/debian/patches/0002-Mark-alt-ergo-0.93-as-compatible.patch 2012-01-02 14:57:17.000000000 +0000 @@ -1,22 +1,22 @@ -From: Mehdi Dogguy -Date: Sat, 23 Apr 2011 20:07:20 +0200 -Subject: Mark alt-ergo 0.93 as compatible +From: Mehdi Dogguy +Date: Thu, 8 Dec 2011 16:42:30 +0100 +Subject: Mark alt-ergo > 0.93 as compatible --- tools/dpConfig.ml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tools/dpConfig.ml b/tools/dpConfig.ml -index 8856081..fe72bf9 100644 +index 66be764..da10db6 100644 --- a/tools/dpConfig.ml +++ b/tools/dpConfig.ml @@ -84,7 +84,7 @@ let alt_ergo = version = ""; version_switch = "-version"; version_regexp = ".*Ergo \\([^ ]*\\)"; -- versions_ok = ["0.91"; "0.92.1"; "0.92.2"]; -+ versions_ok = ["0.91"; "0.92.1"; "0.92.2"; "0.93"]; - versions_old = ["0.8"; "0.9"]; +- versions_ok = ["0.93"]; ++ versions_ok = ["0.93"; "0.93.1"; "0.94"]; + versions_old = ["0.8"; "0.9" ; "0.91"; "0.92.1"; "0.92.2" ]; command = "alt-ergo"; command_switches = ""; -- diff -Nru why-2.29+dfsg/debian/patches/0003-Fix-non-exhaustive-pattern-matching-in-jc_annot_infe.patch why-2.30+dfsg/debian/patches/0003-Fix-non-exhaustive-pattern-matching-in-jc_annot_infe.patch --- why-2.29+dfsg/debian/patches/0003-Fix-non-exhaustive-pattern-matching-in-jc_annot_infe.patch 2011-11-03 21:30:33.000000000 +0000 +++ why-2.30+dfsg/debian/patches/0003-Fix-non-exhaustive-pattern-matching-in-jc_annot_infe.patch 2012-01-02 14:57:17.000000000 +0000 @@ -7,7 +7,7 @@ 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jc/jc_annot_inference.ml b/jc/jc_annot_inference.ml -index e7a1eae..d62a53c 100644 +index f4c9791..d9dbbd7 100644 --- a/jc/jc_annot_inference.ml +++ b/jc/jc_annot_inference.ml @@ -148,7 +148,7 @@ let rec destruct_pointer t = diff -Nru why-2.29+dfsg/debian/patches/0004-Default-to-why2-for-jessie-atp.patch why-2.30+dfsg/debian/patches/0004-Default-to-why2-for-jessie-atp.patch --- why-2.29+dfsg/debian/patches/0004-Default-to-why2-for-jessie-atp.patch 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/debian/patches/0004-Default-to-why2-for-jessie-atp.patch 2012-01-02 14:57:17.000000000 +0000 @@ -0,0 +1,22 @@ +From: Mehdi Dogguy +Date: Thu, 8 Dec 2011 16:46:48 +0100 +Subject: Default to why2 for -jessie-atp + +--- + frama-c-plugin/jessie_options.ml | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/frama-c-plugin/jessie_options.ml b/frama-c-plugin/jessie_options.ml +index 8e57656..8da0b66 100644 +--- a/frama-c-plugin/jessie_options.ml ++++ b/frama-c-plugin/jessie_options.ml +@@ -175,7 +175,7 @@ module Atp = + (struct + let option_name = "-jessie-atp" + let module_name = "-jessie-atp" +- let default = "why3ml" ++ let default = "why2" + let arg_name = "" + let help = "use given automated theorem prover, among `alt-ergo', `cvc3', `simplify', `vampire', `yices' and `z3'. Use `goals' to simply generate goals in Why syntax." + let kind = `Tuning +-- diff -Nru why-2.29+dfsg/debian/patches/0005-Fix-Jc_annot_inference-use-old_reg_pos.patch why-2.30+dfsg/debian/patches/0005-Fix-Jc_annot_inference-use-old_reg_pos.patch --- why-2.29+dfsg/debian/patches/0005-Fix-Jc_annot_inference-use-old_reg_pos.patch 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/debian/patches/0005-Fix-Jc_annot_inference-use-old_reg_pos.patch 2012-01-02 14:57:17.000000000 +0000 @@ -0,0 +1,22 @@ +From: Mehdi Dogguy +Date: Thu, 8 Dec 2011 17:08:36 +0100 +Subject: Fix Jc_annot_inference (use old_reg_pos) + +--- + jc/jc_annot_inference.ml | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/jc/jc_annot_inference.ml b/jc/jc_annot_inference.ml +index d9dbbd7..0d3143e 100644 +--- a/jc/jc_annot_inference.ml ++++ b/jc/jc_annot_inference.ml +@@ -491,7 +491,7 @@ let reg_annot ?id ?kind ?name ~pos ~anchor a = + in + Format.fprintf Format.str_formatter "%a" Jc_output.assertion a; + let formula = Format.flush_str_formatter () in +- let lab = Output.reg_pos "G" ?id ?kind ?name ~formula loc in ++ let lab = Output.old_reg_pos "G" ?id ?kind ?name ~formula (Loc.extract loc) in + new assertion_with ~mark:lab a + + +-- diff -Nru why-2.29+dfsg/debian/patches/0006-Fix-spelling-error-in-binary.patch why-2.30+dfsg/debian/patches/0006-Fix-spelling-error-in-binary.patch --- why-2.29+dfsg/debian/patches/0006-Fix-spelling-error-in-binary.patch 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/debian/patches/0006-Fix-spelling-error-in-binary.patch 2012-01-02 14:57:17.000000000 +0000 @@ -0,0 +1,36 @@ +From: Mehdi Dogguy +Date: Mon, 2 Jan 2012 15:57:10 +0100 +Subject: Fix spelling-error-in-binary + +--- + src/smtlib.ml | 2 +- + tools/dp.ml | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/smtlib.ml b/src/smtlib.ml +index 7c99f9d..3dcfe16 100644 +--- a/src/smtlib.ml ++++ b/src/smtlib.ml +@@ -311,7 +311,7 @@ let print_obligation fmt loc _is_lemma _o s = + fprintf fmt "@]@\n@\n" + (* + +- useless since goals are splitted ++ useless since goals are split + (moreover, may trigger a bug with Z3: proves the lemma using the aussmption given after) + + if is_lemma then begin +diff --git a/tools/dp.ml b/tools/dp.ml +index c09f436..b672d8e 100644 +--- a/tools/dp.ml ++++ b/tools/dp.ml +@@ -72,7 +72,7 @@ let spec = + "-select", Arg.Set select_hypotheses, + "applies some selection of hypotheses (only Alt-Ergo)"; + "-simple", Arg.Set simple, "Print only Valid, I don't know, Invalid, Fail, Timeout"; +- "-split", Arg.Set split, "Create a directory wich contains all the goal splitted in different file"; ++ "-split", Arg.Set split, "Create a directory wich contains all the goal split in different file"; + "-prover", Arg.Symbol ( + ["Alt-Ergo";"CVC3";"CVCL";"Z3";"Yices";"Simplify";"Vampire"; "VeriT"],(fun s -> prover := Some s)), "Select the prover to use" + ] +-- diff -Nru why-2.29+dfsg/debian/patches/series why-2.30+dfsg/debian/patches/series --- why-2.29+dfsg/debian/patches/series 2011-11-03 21:30:33.000000000 +0000 +++ why-2.30+dfsg/debian/patches/series 2012-01-02 14:57:17.000000000 +0000 @@ -1,3 +1,6 @@ 0001-Why-2.29-do-support-Coq-8.3.patch 0002-Mark-alt-ergo-0.93-as-compatible.patch 0003-Fix-non-exhaustive-pattern-matching-in-jc_annot_infe.patch +0004-Default-to-why2-for-jessie-atp.patch +0005-Fix-Jc_annot_inference-use-old_reg_pos.patch +0006-Fix-spelling-error-in-binary.patch diff -Nru why-2.29+dfsg/.depend why-2.30+dfsg/.depend --- why-2.29+dfsg/.depend 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/.depend 2011-10-24 15:21:06.000000000 +0000 @@ -1,151 +1,151 @@ src/annot.cmo: src/util.cmi src/types.cmi src/options.cmi src/misc.cmi \ src/logic.cmi src/ident.cmi src/env.cmi src/effect.cmi src/ast.cmi \ - src/annot.cmi + src/annot.cmi src/annot.cmx: src/util.cmx src/types.cmi src/options.cmx src/misc.cmx \ src/logic.cmi src/ident.cmx src/env.cmx src/effect.cmx src/ast.cmi \ - src/annot.cmi + src/annot.cmi src/coq.cmo: src/vcg.cmi src/util.cmi src/types.cmi src/report.cmi \ src/regen.cmi src/print_real.cmo src/pp.cmi src/options.cmi src/misc.cmi \ src/logic_decl.cmi src/logic.cmi src/loc.cmi src/ident.cmi src/error.cmi \ - src/env.cmi src/cc.cmi src/coq.cmi + src/env.cmi src/cc.cmi src/coq.cmi src/coq.cmx: src/vcg.cmx src/util.cmx src/types.cmi src/report.cmx \ src/regen.cmx src/print_real.cmx src/pp.cmx src/options.cmx src/misc.cmx \ src/logic_decl.cmi src/logic.cmi src/loc.cmx src/ident.cmx src/error.cmi \ - src/env.cmx src/cc.cmi src/coq.cmi + src/env.cmx src/cc.cmi src/coq.cmi src/cvcl.cmo: src/vcg.cmi src/util.cmi src/report.cmi src/print_real.cmo \ src/pp.cmi src/options.cmi src/misc.cmi src/ltyping.cmi \ src/logic_decl.cmi src/logic.cmi src/loc.cmi src/ident.cmi src/error.cmi \ src/env.cmi src/encoding_mono_inst.cmi src/encoding.cmi src/cc.cmi \ - src/cvcl.cmi + src/cvcl.cmi src/cvcl.cmx: src/vcg.cmx src/util.cmx src/report.cmx src/print_real.cmx \ src/pp.cmx src/options.cmx src/misc.cmx src/ltyping.cmx \ src/logic_decl.cmi src/logic.cmi src/loc.cmx src/ident.cmx src/error.cmi \ src/env.cmx src/encoding_mono_inst.cmx src/encoding.cmx src/cc.cmi \ - src/cvcl.cmi + src/cvcl.cmi src/dispatcher.cmo: src/zenon.cmi src/vcg.cmi src/theory_filtering.cmo \ src/smtlib.cmi src/simplify.cmi src/pvs.cmi src/pretty.cmi \ src/options.cmi src/logic_decl.cmi src/logic.cmi src/lib.cmi \ src/harvey.cmi src/gappa.cmi src/env.cmi tools/dpConfig.cmi src/cvcl.cmi \ - src/coq.cmi src/cc.cmi tools/calldp.cmi src/dispatcher.cmi + src/coq.cmi src/cc.cmi tools/calldp.cmi src/dispatcher.cmi src/dispatcher.cmx: src/zenon.cmx src/vcg.cmx src/theory_filtering.cmx \ src/smtlib.cmx src/simplify.cmx src/pvs.cmx src/pretty.cmx \ src/options.cmx src/logic_decl.cmi src/logic.cmi src/lib.cmx \ src/harvey.cmx src/gappa.cmx src/env.cmx tools/dpConfig.cmx src/cvcl.cmx \ - src/coq.cmx src/cc.cmi tools/calldp.cmx src/dispatcher.cmi -src/effect.cmo: src/ident.cmi src/effect.cmi -src/effect.cmx: src/ident.cmx src/effect.cmi + src/coq.cmx src/cc.cmi tools/calldp.cmx src/dispatcher.cmi +src/effect.cmo: src/ident.cmi src/effect.cmi +src/effect.cmx: src/ident.cmx src/effect.cmi src/encoding.cmo: src/predDefExpansor.cmi src/options.cmi src/monomorph.cmi \ src/logic_decl.cmi src/ident.cmi src/encoding_strat.cmi \ src/encoding_rec.cmi src/encoding_pred.cmi src/encoding_mono_inst.cmi \ - src/encoding_mono.cmo src/encoding.cmi + src/encoding_mono.cmo src/encoding.cmi src/encoding.cmx: src/predDefExpansor.cmx src/options.cmx src/monomorph.cmx \ src/logic_decl.cmi src/ident.cmx src/encoding_strat.cmx \ src/encoding_rec.cmx src/encoding_pred.cmx src/encoding_mono_inst.cmx \ - src/encoding_mono.cmx src/encoding.cmi + src/encoding_mono.cmx src/encoding.cmi src/encoding_mono.cmo: src/util.cmi src/predDefExpansor.cmi src/misc.cmi \ src/logic_decl.cmi src/logic.cmi src/loc.cmi src/ident.cmi src/env.cmi \ - src/cc.cmi + src/cc.cmi src/encoding_mono.cmx: src/util.cmx src/predDefExpansor.cmx src/misc.cmx \ src/logic_decl.cmi src/logic.cmi src/loc.cmx src/ident.cmx src/env.cmx \ - src/cc.cmi + src/cc.cmi src/encoding_mono2.cmo: src/util.cmi src/misc.cmi src/logic_decl.cmi \ - src/logic.cmi src/loc.cmi src/ident.cmi src/env.cmi src/cc.cmi + src/logic.cmi src/loc.cmi src/ident.cmi src/env.cmi src/cc.cmi src/encoding_mono2.cmx: src/util.cmx src/misc.cmx src/logic_decl.cmi \ - src/logic.cmi src/loc.cmx src/ident.cmx src/env.cmx src/cc.cmi + src/logic.cmi src/loc.cmx src/ident.cmx src/env.cmx src/cc.cmi src/encoding_mono_inst.cmo: src/util.cmi src/predDefExpansor.cmi src/pp.cmi \ src/options.cmi src/mapenv.cmo src/logic_decl.cmi src/logic.cmi \ src/loc.cmi src/ident.cmi src/env.cmi src/cc.cmi \ - src/encoding_mono_inst.cmi + src/encoding_mono_inst.cmi src/encoding_mono_inst.cmx: src/util.cmx src/predDefExpansor.cmx src/pp.cmx \ src/options.cmx src/mapenv.cmx src/logic_decl.cmi src/logic.cmi \ src/loc.cmx src/ident.cmx src/env.cmx src/cc.cmi \ - src/encoding_mono_inst.cmi + src/encoding_mono_inst.cmi src/encoding_pred.cmo: src/logic_decl.cmi src/logic.cmi src/loc.cmi \ - src/ident.cmi src/env.cmi src/cc.cmi src/encoding_pred.cmi + src/ident.cmi src/env.cmi src/cc.cmi src/encoding_pred.cmi src/encoding_pred.cmx: src/logic_decl.cmi src/logic.cmi src/loc.cmx \ - src/ident.cmx src/env.cmx src/cc.cmi src/encoding_pred.cmi + src/ident.cmx src/env.cmx src/cc.cmi src/encoding_pred.cmi src/encoding_rec.cmo: src/options.cmi src/logic_decl.cmi src/logic.cmi \ - src/loc.cmi src/ident.cmi src/env.cmi src/cc.cmi src/encoding_rec.cmi + src/loc.cmi src/ident.cmi src/env.cmi src/cc.cmi src/encoding_rec.cmi src/encoding_rec.cmx: src/options.cmx src/logic_decl.cmi src/logic.cmi \ - src/loc.cmx src/ident.cmx src/env.cmx src/cc.cmi src/encoding_rec.cmi + src/loc.cmx src/ident.cmx src/env.cmx src/cc.cmi src/encoding_rec.cmi src/encoding_strat.cmo: src/util.cmi src/logic_decl.cmi src/logic.cmi \ - src/loc.cmi src/ident.cmi src/env.cmi src/cc.cmi src/encoding_strat.cmi + src/loc.cmi src/ident.cmi src/env.cmi src/cc.cmi src/encoding_strat.cmi src/encoding_strat.cmx: src/util.cmx src/logic_decl.cmi src/logic.cmi \ - src/loc.cmx src/ident.cmx src/env.cmx src/cc.cmi src/encoding_strat.cmi + src/loc.cmx src/ident.cmx src/env.cmx src/cc.cmi src/encoding_strat.cmi src/env.cmo: src/types.cmi src/report.cmi src/misc.cmi src/logic.cmi \ src/loc.cmi src/ident.cmi src/error.cmi src/effect.cmi src/cc.cmi \ - src/ast.cmi src/env.cmi + src/ast.cmi src/env.cmi src/env.cmx: src/types.cmi src/report.cmx src/misc.cmx src/logic.cmi \ src/loc.cmx src/ident.cmx src/error.cmi src/effect.cmx src/cc.cmi \ - src/ast.cmi src/env.cmi -src/explain.cmo: src/logic_decl.cmi src/logic.cmi src/explain.cmi -src/explain.cmx: src/logic_decl.cmi src/logic.cmi src/explain.cmi + src/ast.cmi src/env.cmi +src/explain.cmo: src/logic_decl.cmi src/logic.cmi src/explain.cmi +src/explain.cmx: src/logic_decl.cmi src/logic.cmi src/explain.cmi src/fastwp.cmo: src/wp.cmi src/util.cmi src/types.cmi src/misc.cmi \ src/logic.cmi src/ident.cmi src/env.cmi src/effect.cmi src/cc.cmi \ - src/ast.cmi src/fastwp.cmi + src/ast.cmi src/fastwp.cmi src/fastwp.cmx: src/wp.cmx src/util.cmx src/types.cmi src/misc.cmx \ src/logic.cmi src/ident.cmx src/env.cmx src/effect.cmx src/cc.cmi \ - src/ast.cmi src/fastwp.cmi + src/ast.cmi src/fastwp.cmi src/fpi.cmo: src/pp.cmi src/misc.cmi src/logic.cmi src/loc.cmi src/ident.cmi \ - src/cc.cmi src/fpi.cmi + src/cc.cmi src/fpi.cmi src/fpi.cmx: src/pp.cmx src/misc.cmx src/logic.cmi src/loc.cmx src/ident.cmx \ - src/cc.cmi src/fpi.cmi + src/cc.cmi src/fpi.cmi src/gappa.cmo: src/predDefExpansor.cmi src/pp.cmi src/options.cmi \ src/misc.cmi src/logic_decl.cmi src/logic.cmi src/ident.cmi src/error.cmi \ - src/env.cmi src/cc.cmi src/gappa.cmi + src/env.cmi src/cc.cmi src/gappa.cmi src/gappa.cmx: src/predDefExpansor.cmx src/pp.cmx src/options.cmx \ src/misc.cmx src/logic_decl.cmi src/logic.cmi src/ident.cmx src/error.cmi \ - src/env.cmx src/cc.cmi src/gappa.cmi -src/graphviz.cmo: src/graphviz.cmi -src/graphviz.cmx: src/graphviz.cmi + src/env.cmx src/cc.cmi src/gappa.cmi +src/graphviz.cmo: src/graphviz.cmi +src/graphviz.cmx: src/graphviz.cmi src/harvey.cmo: src/util.cmi src/print_real.cmo src/pp.cmi src/options.cmi \ src/misc.cmi src/logic_decl.cmi src/logic.cmi src/loc.cmi src/ident.cmi \ - src/error.cmi src/env.cmi src/encoding.cmi src/cc.cmi src/harvey.cmi + src/error.cmi src/env.cmi src/encoding.cmi src/cc.cmi src/harvey.cmi src/harvey.cmx: src/util.cmx src/print_real.cmx src/pp.cmx src/options.cmx \ src/misc.cmx src/logic_decl.cmi src/logic.cmi src/loc.cmx src/ident.cmx \ - src/error.cmi src/env.cmx src/encoding.cmx src/cc.cmi src/harvey.cmi + src/error.cmi src/env.cmx src/encoding.cmx src/cc.cmi src/harvey.cmi src/hol4.cmo: src/vcg.cmi src/util.cmi src/print_real.cmo src/pp.cmi \ src/misc.cmi src/logic_decl.cmi src/logic.cmi src/ident.cmi src/error.cmi \ - src/env.cmi src/cc.cmi src/hol4.cmi + src/env.cmi src/cc.cmi src/hol4.cmi src/hol4.cmx: src/vcg.cmx src/util.cmx src/print_real.cmx src/pp.cmx \ src/misc.cmx src/logic_decl.cmi src/logic.cmi src/ident.cmx src/error.cmi \ - src/env.cmx src/cc.cmi src/hol4.cmi + src/env.cmx src/cc.cmi src/hol4.cmi src/holl.cmo: src/vcg.cmi src/util.cmi src/print_real.cmo src/pp.cmi \ src/misc.cmi src/logic_decl.cmi src/logic.cmi src/ident.cmi src/error.cmi \ - src/env.cmi src/cc.cmi src/holl.cmi + src/env.cmi src/cc.cmi src/holl.cmi src/holl.cmx: src/vcg.cmx src/util.cmx src/print_real.cmx src/pp.cmx \ src/misc.cmx src/logic_decl.cmi src/logic.cmi src/ident.cmx src/error.cmi \ - src/env.cmx src/cc.cmi src/holl.cmi + src/env.cmx src/cc.cmi src/holl.cmi src/hypotheses_filtering.cmo: src/util.cmi src/pp.cmi src/options.cmi \ src/misc.cmi src/logic_decl.cmi src/logic.cmi src/ident.cmi src/error.cmi \ - src/env.cmi src/cc.cmi + src/env.cmi src/cc.cmi src/hypotheses_filtering.cmx: src/util.cmx src/pp.cmx src/options.cmx \ src/misc.cmx src/logic_decl.cmi src/logic.cmi src/ident.cmx src/error.cmi \ - src/env.cmx src/cc.cmi -src/ident.cmo: src/ident.cmi -src/ident.cmx: src/ident.cmi + src/env.cmx src/cc.cmi +src/ident.cmo: src/ident.cmi +src/ident.cmx: src/ident.cmi src/isabelle.cmo: src/vcg.cmi src/util.cmi src/regen.cmi src/print_real.cmo \ src/pp.cmi src/options.cmi src/misc.cmi src/logic_decl.cmi src/logic.cmi \ src/loc.cmi src/ident.cmi src/error.cmi src/env.cmi src/cc.cmi \ - src/isabelle.cmi + src/isabelle.cmi src/isabelle.cmx: src/vcg.cmx src/util.cmx src/regen.cmx src/print_real.cmx \ src/pp.cmx src/options.cmx src/misc.cmx src/logic_decl.cmi src/logic.cmi \ src/loc.cmx src/ident.cmx src/error.cmi src/env.cmx src/cc.cmi \ - src/isabelle.cmi -src/lexer.cmo: src/parser.cmi src/logic.cmi src/loc.cmi src/lexer.cmi -src/lexer.cmx: src/parser.cmx src/logic.cmi src/loc.cmx src/lexer.cmi -src/lib.cmo: src/lib.cmi -src/lib.cmx: src/lib.cmi -src/linenum.cmo: src/linenum.cmi -src/linenum.cmx: src/linenum.cmi -src/loc.cmo: src/loc.cmi -src/loc.cmx: src/loc.cmi + src/isabelle.cmi +src/lexer.cmo: src/parser.cmi src/logic.cmi src/loc.cmi src/lexer.cmi +src/lexer.cmx: src/parser.cmx src/logic.cmi src/loc.cmx src/lexer.cmi +src/lib.cmo: src/lib.cmi +src/lib.cmx: src/lib.cmi +src/linenum.cmo: src/linenum.cmi +src/linenum.cmx: src/linenum.cmi +src/loc.cmo: src/loc.cmi +src/loc.cmx: src/loc.cmi src/ltyping.cmo: src/util.cmi src/types.cmi src/report.cmi src/ptree.cmi \ src/options.cmi src/misc.cmi src/logic.cmi src/ident.cmi src/error.cmi \ - src/env.cmi src/effect.cmi src/ast.cmi src/ltyping.cmi + src/env.cmi src/effect.cmi src/ast.cmi src/ltyping.cmi src/ltyping.cmx: src/util.cmx src/types.cmi src/report.cmx src/ptree.cmi \ src/options.cmx src/misc.cmx src/logic.cmi src/ident.cmx src/error.cmi \ - src/env.cmx src/effect.cmx src/ast.cmi src/ltyping.cmi + src/env.cmx src/effect.cmx src/ast.cmi src/ltyping.cmi src/main.cmo: src/zenon.cmi src/z3.cmi src/wp.cmi src/why3.cmi src/vcg.cmi \ src/util.cmi src/typing.cmi src/types.cmi src/smtlib.cmi src/simplify.cmi \ src/report.cmi src/red.cmi src/rc.cmi src/pvs.cmi src/ptree.cmi \ @@ -155,7 +155,7 @@ src/lexer.cmi src/isabelle.cmi src/ident.cmi src/hypotheses_filtering.cmo \ src/holl.cmi src/hol4.cmi src/harvey.cmi src/gappa.cmi src/fastwp.cmi \ src/error.cmi src/env.cmi src/effect.cmi src/dispatcher.cmi src/cvcl.cmi \ - src/coq.cmi src/cc.cmi src/ast.cmi + src/coq.cmi src/cc.cmi src/ast.cmi src/main.cmx: src/zenon.cmx src/z3.cmx src/wp.cmx src/why3.cmx src/vcg.cmx \ src/util.cmx src/typing.cmx src/types.cmi src/smtlib.cmx src/simplify.cmx \ src/report.cmx src/red.cmx src/rc.cmx src/pvs.cmx src/ptree.cmi \ @@ -165,1120 +165,1120 @@ src/lexer.cmx src/isabelle.cmx src/ident.cmx src/hypotheses_filtering.cmx \ src/holl.cmx src/hol4.cmx src/harvey.cmx src/gappa.cmx src/fastwp.cmx \ src/error.cmi src/env.cmx src/effect.cmx src/dispatcher.cmx src/cvcl.cmx \ - src/coq.cmx src/cc.cmi src/ast.cmi -src/mapenv.cmo: src/misc.cmi src/logic.cmi src/ident.cmi -src/mapenv.cmx: src/misc.cmx src/logic.cmi src/ident.cmx + src/coq.cmx src/cc.cmi src/ast.cmi +src/mapenv.cmo: src/misc.cmi src/logic.cmi src/ident.cmi +src/mapenv.cmx: src/misc.cmx src/logic.cmi src/ident.cmx src/misc.cmo: src/types.cmi src/ptree.cmi src/options.cmi src/option_misc.cmi \ src/logic.cmi src/loc.cmi src/ident.cmi src/effect.cmi src/cc.cmi \ - src/ast.cmi src/misc.cmi + src/ast.cmi src/misc.cmi src/misc.cmx: src/types.cmi src/ptree.cmi src/options.cmx src/option_misc.cmx \ src/logic.cmi src/loc.cmx src/ident.cmx src/effect.cmx src/cc.cmi \ - src/ast.cmi src/misc.cmi + src/ast.cmi src/misc.cmi src/mizar.cmo: src/vcg.cmi src/util.cmi src/regen.cmi src/pp.cmi \ src/options.cmi src/misc.cmi src/logic_decl.cmi src/logic.cmi src/loc.cmi \ - src/ident.cmi src/error.cmi src/env.cmi src/cc.cmi src/mizar.cmi + src/ident.cmi src/error.cmi src/env.cmi src/cc.cmi src/mizar.cmi src/mizar.cmx: src/vcg.cmx src/util.cmx src/regen.cmx src/pp.cmx \ src/options.cmx src/misc.cmx src/logic_decl.cmi src/logic.cmi src/loc.cmx \ - src/ident.cmx src/error.cmi src/env.cmx src/cc.cmi src/mizar.cmi + src/ident.cmx src/error.cmi src/env.cmx src/cc.cmi src/mizar.cmi src/mlize.cmo: src/util.cmi src/typing.cmi src/types.cmi src/rename.cmi \ src/monadSig.cmi src/monad.cmi src/misc.cmi src/logic.cmi src/ident.cmi \ - src/env.cmi src/cc.cmi src/ast.cmi src/mlize.cmi + src/env.cmi src/cc.cmi src/ast.cmi src/mlize.cmi src/mlize.cmx: src/util.cmx src/typing.cmx src/types.cmi src/rename.cmx \ src/monadSig.cmi src/monad.cmx src/misc.cmx src/logic.cmi src/ident.cmx \ - src/env.cmx src/cc.cmi src/ast.cmi src/mlize.cmi + src/env.cmx src/cc.cmi src/ast.cmi src/mlize.cmi src/monad.cmo: src/util.cmi src/typing.cmi src/types.cmi src/rename.cmi \ src/misc.cmi src/logic.cmi src/loc.cmi src/ident.cmi src/env.cmi \ - src/effect.cmi src/cc.cmi src/ast.cmi src/monad.cmi + src/effect.cmi src/cc.cmi src/ast.cmi src/monad.cmi src/monad.cmx: src/util.cmx src/typing.cmx src/types.cmi src/rename.cmx \ src/misc.cmx src/logic.cmi src/loc.cmx src/ident.cmx src/env.cmx \ - src/effect.cmx src/cc.cmi src/ast.cmi src/monad.cmi + src/effect.cmx src/cc.cmi src/ast.cmi src/monad.cmi src/monomorph.cmo: src/vcg.cmi src/pp.cmi src/options.cmi src/misc.cmi \ src/logic_decl.cmi src/logic.cmi src/ident.cmi src/env.cmi src/cc.cmi \ - src/monomorph.cmi + src/monomorph.cmi src/monomorph.cmx: src/vcg.cmx src/pp.cmx src/options.cmx src/misc.cmx \ src/logic_decl.cmi src/logic.cmi src/ident.cmx src/env.cmx src/cc.cmi \ - src/monomorph.cmi + src/monomorph.cmi src/ocaml.cmo: src/util.cmi src/types.cmi src/pp.cmi src/options.cmi \ src/misc.cmi src/logic.cmi src/ident.cmi src/env.cmi src/ast.cmi \ - src/ocaml.cmi + src/ocaml.cmi src/ocaml.cmx: src/util.cmx src/types.cmi src/pp.cmx src/options.cmx \ src/misc.cmx src/logic.cmi src/ident.cmx src/env.cmx src/ast.cmi \ - src/ocaml.cmi -src/option_misc.cmo: src/option_misc.cmi -src/option_misc.cmx: src/option_misc.cmi -src/options.cmo: src/version.cmo src/rc.cmi src/lib.cmi src/options.cmi -src/options.cmx: src/version.cmx src/rc.cmx src/lib.cmx src/options.cmi + src/ocaml.cmi +src/option_misc.cmo: src/option_misc.cmi +src/option_misc.cmx: src/option_misc.cmi +src/options.cmo: src/version.cmo src/rc.cmi src/lib.cmi src/options.cmi +src/options.cmx: src/version.cmx src/rc.cmx src/lib.cmx src/options.cmi src/parser.cmo: src/types.cmi src/ptree.cmi src/logic.cmi src/loc.cmi \ - src/ident.cmi src/error.cmi src/parser.cmi + src/ident.cmi src/error.cmi src/parser.cmi src/parser.cmx: src/types.cmi src/ptree.cmi src/logic.cmi src/loc.cmx \ - src/ident.cmx src/error.cmi src/parser.cmi -src/pp.cmo: src/pp.cmi -src/pp.cmx: src/pp.cmi + src/ident.cmx src/error.cmi src/parser.cmi +src/pp.cmo: src/pp.cmi +src/pp.cmx: src/pp.cmi src/predDefExpansor.cmo: src/util.cmi src/types.cmi src/options.cmi \ src/misc.cmi src/ltyping.cmi src/logic_decl.cmi src/logic.cmi \ - src/ident.cmi src/env.cmi src/cc.cmi src/predDefExpansor.cmi + src/ident.cmi src/env.cmi src/cc.cmi src/predDefExpansor.cmi src/predDefExpansor.cmx: src/util.cmx src/types.cmi src/options.cmx \ src/misc.cmx src/ltyping.cmx src/logic_decl.cmi src/logic.cmi \ - src/ident.cmx src/env.cmx src/cc.cmi src/predDefExpansor.cmi + src/ident.cmx src/env.cmx src/cc.cmi src/predDefExpansor.cmi src/pretty.cmo: src/util.cmi src/project.cmi src/print_real.cmo src/pp.cmi \ src/options.cmi src/misc.cmi src/logic_decl.cmi src/logic.cmi src/loc.cmi \ src/ident.cmi src/explain.cmi src/env.cmi src/encoding.cmi src/cc.cmi \ - src/pretty.cmi + src/pretty.cmi src/pretty.cmx: src/util.cmx src/project.cmx src/print_real.cmx src/pp.cmx \ src/options.cmx src/misc.cmx src/logic_decl.cmi src/logic.cmi src/loc.cmx \ src/ident.cmx src/explain.cmx src/env.cmx src/encoding.cmx src/cc.cmi \ - src/pretty.cmi -src/print_real.cmo: src/logic.cmi -src/print_real.cmx: src/logic.cmi + src/pretty.cmi +src/print_real.cmo: src/logic.cmi +src/print_real.cmx: src/logic.cmi src/project.cmo: src/xml.cmi src/rc.cmi src/logic_decl.cmi src/logic.cmi \ - src/loc.cmi src/explain.cmi src/project.cmi + src/loc.cmi src/explain.cmi src/project.cmi src/project.cmx: src/xml.cmx src/rc.cmx src/logic_decl.cmi src/logic.cmi \ - src/loc.cmx src/explain.cmx src/project.cmi + src/loc.cmx src/explain.cmx src/project.cmi src/pvs.cmo: src/vcg.cmi src/util.cmi src/types.cmi src/print_real.cmo \ src/predDefExpansor.cmi src/pp.cmi src/options.cmi src/misc.cmi \ src/logic_decl.cmi src/logic.cmi src/loc.cmi src/ident.cmi src/env.cmi \ - src/cc.cmi src/pvs.cmi + src/cc.cmi src/pvs.cmi src/pvs.cmx: src/vcg.cmx src/util.cmx src/types.cmi src/print_real.cmx \ src/predDefExpansor.cmx src/pp.cmx src/options.cmx src/misc.cmx \ src/logic_decl.cmi src/logic.cmi src/loc.cmx src/ident.cmx src/env.cmx \ - src/cc.cmi src/pvs.cmi -src/rc.cmo: src/rc.cmi -src/rc.cmx: src/rc.cmi + src/cc.cmi src/pvs.cmi +src/rc.cmo: src/rc.cmi +src/rc.cmx: src/rc.cmi src/red.cmo: src/util.cmi src/misc.cmi src/logic.cmi src/ident.cmi src/cc.cmi \ - src/ast.cmi src/red.cmi + src/ast.cmi src/red.cmi src/red.cmx: src/util.cmx src/misc.cmx src/logic.cmi src/ident.cmx src/cc.cmi \ - src/ast.cmi src/red.cmi + src/ast.cmi src/red.cmi src/regen.cmo: src/vcg.cmi src/pp.cmi src/options.cmi src/misc.cmi \ src/logic_decl.cmi src/logic.cmi src/loc.cmi src/env.cmi src/cc.cmi \ - src/regen.cmi + src/regen.cmi src/regen.cmx: src/vcg.cmx src/pp.cmx src/options.cmx src/misc.cmx \ src/logic_decl.cmi src/logic.cmi src/loc.cmx src/env.cmx src/cc.cmi \ - src/regen.cmi + src/regen.cmi src/rename.cmo: src/report.cmi src/pp.cmi src/misc.cmi src/ident.cmi \ - src/error.cmi src/rename.cmi + src/error.cmi src/rename.cmi src/rename.cmx: src/report.cmx src/pp.cmx src/misc.cmx src/ident.cmx \ - src/error.cmi src/rename.cmi + src/error.cmi src/rename.cmi src/report.cmo: src/types.cmi src/misc.cmi src/logic.cmi src/loc.cmi \ src/lexer.cmi src/ident.cmi src/error.cmi src/effect.cmi src/ast.cmi \ - src/report.cmi + src/report.cmi src/report.cmx: src/types.cmi src/misc.cmx src/logic.cmi src/loc.cmx \ src/lexer.cmx src/ident.cmx src/error.cmi src/effect.cmx src/ast.cmi \ - src/report.cmi + src/report.cmi src/simplify.cmo: src/util.cmi src/report.cmi src/predDefExpansor.cmi \ src/pp.cmi src/options.cmi src/misc.cmi src/logic_decl.cmi src/logic.cmi \ src/loc.cmi src/ident.cmi src/error.cmi src/env.cmi src/encoding.cmi \ - src/cc.cmi src/simplify.cmi + src/cc.cmi src/simplify.cmi src/simplify.cmx: src/util.cmx src/report.cmx src/predDefExpansor.cmx \ src/pp.cmx src/options.cmx src/misc.cmx src/logic_decl.cmi src/logic.cmi \ src/loc.cmx src/ident.cmx src/error.cmi src/env.cmx src/encoding.cmx \ - src/cc.cmi src/simplify.cmi + src/cc.cmi src/simplify.cmi src/smtlib.cmo: src/print_real.cmo src/pp.cmi src/options.cmi src/misc.cmi \ src/logic_decl.cmi src/logic.cmi src/loc.cmi src/ident.cmi src/error.cmi \ - src/env.cmi src/encoding.cmi src/cc.cmi src/smtlib.cmi + src/env.cmi src/encoding.cmi src/cc.cmi src/smtlib.cmi src/smtlib.cmx: src/print_real.cmx src/pp.cmx src/options.cmx src/misc.cmx \ src/logic_decl.cmi src/logic.cmi src/loc.cmx src/ident.cmx src/error.cmi \ - src/env.cmx src/encoding.cmx src/cc.cmi src/smtlib.cmi + src/env.cmx src/encoding.cmx src/cc.cmi src/smtlib.cmi src/theory_filtering.cmo: src/unionfind.cmo src/pp.cmi src/options.cmi \ src/misc.cmi src/logic_decl.cmi src/logic.cmi src/ident.cmi src/error.cmi \ - src/env.cmi src/cc.cmi + src/env.cmi src/cc.cmi src/theory_filtering.cmx: src/unionfind.cmx src/pp.cmx src/options.cmx \ src/misc.cmx src/logic_decl.cmi src/logic.cmi src/ident.cmx src/error.cmi \ - src/env.cmx src/cc.cmi + src/env.cmx src/cc.cmi src/theoryreducer.cmo: src/unionfind.cmo src/pp.cmi src/options.cmi \ src/misc.cmi src/logic_decl.cmi src/logic.cmi src/ident.cmi src/error.cmi \ - src/env.cmi src/cc.cmi + src/env.cmi src/cc.cmi src/theoryreducer.cmx: src/unionfind.cmx src/pp.cmx src/options.cmx \ src/misc.cmx src/logic_decl.cmi src/logic.cmi src/ident.cmx src/error.cmi \ - src/env.cmx src/cc.cmi + src/env.cmx src/cc.cmi src/typing.cmo: src/util.cmi src/types.cmi src/report.cmi src/rename.cmi \ src/ptree.cmi src/options.cmi src/misc.cmi src/ltyping.cmi src/logic.cmi \ src/loc.cmi src/ident.cmi src/error.cmi src/env.cmi src/effect.cmi \ - src/ast.cmi src/typing.cmi + src/ast.cmi src/typing.cmi src/typing.cmx: src/util.cmx src/types.cmi src/report.cmx src/rename.cmx \ src/ptree.cmi src/options.cmx src/misc.cmx src/ltyping.cmx src/logic.cmi \ src/loc.cmx src/ident.cmx src/error.cmi src/env.cmx src/effect.cmx \ - src/ast.cmi src/typing.cmi -src/unionfind.cmo: -src/unionfind.cmx: + src/ast.cmi src/typing.cmi +src/unionfind.cmo: +src/unionfind.cmx: src/util.cmo: src/types.cmi src/rename.cmi src/rc.cmi src/ptree.cmi \ src/print_real.cmo src/pp.cmi src/options.cmi src/misc.cmi \ src/logic_decl.cmi src/logic.cmi src/loc.cmi src/ident.cmi \ src/explain.cmi src/env.cmi src/effect.cmi src/cc.cmi src/ast.cmi \ - src/util.cmi + src/util.cmi src/util.cmx: src/types.cmi src/rename.cmx src/rc.cmx src/ptree.cmi \ src/print_real.cmx src/pp.cmx src/options.cmx src/misc.cmx \ src/logic_decl.cmi src/logic.cmi src/loc.cmx src/ident.cmx \ src/explain.cmx src/env.cmx src/effect.cmx src/cc.cmi src/ast.cmi \ - src/util.cmi + src/util.cmi src/vcg.cmo: src/util.cmi src/types.cmi src/pp.cmi src/options.cmi \ src/misc.cmi src/logic_decl.cmi src/logic.cmi src/log.cmi src/ident.cmi \ - src/cc.cmi src/ast.cmi src/vcg.cmi + src/cc.cmi src/ast.cmi src/vcg.cmi src/vcg.cmx: src/util.cmx src/types.cmi src/pp.cmx src/options.cmx \ src/misc.cmx src/logic_decl.cmi src/logic.cmi src/log.cmi src/ident.cmx \ - src/cc.cmi src/ast.cmi src/vcg.cmi -src/version.cmo: -src/version.cmx: -src/why.cmo: src/report.cmi src/main.cmo -src/why.cmx: src/report.cmx src/main.cmx + src/cc.cmi src/ast.cmi src/vcg.cmi +src/version.cmo: +src/version.cmx: +src/why.cmo: src/report.cmi src/main.cmo +src/why.cmx: src/report.cmx src/main.cmx src/why3.cmo: src/util.cmi src/print_real.cmo src/pp.cmi src/options.cmi \ - src/misc.cmi src/logic_decl.cmi src/logic.cmi src/ident.cmi src/env.cmi \ - src/encoding.cmi src/cc.cmi src/why3.cmi + src/misc.cmi src/logic_decl.cmi src/logic.cmi src/ident.cmi \ + src/explain.cmi src/env.cmi src/encoding.cmi src/cc.cmi src/why3.cmi src/why3.cmx: src/util.cmx src/print_real.cmx src/pp.cmx src/options.cmx \ - src/misc.cmx src/logic_decl.cmi src/logic.cmi src/ident.cmx src/env.cmx \ - src/encoding.cmx src/cc.cmi src/why3.cmi + src/misc.cmx src/logic_decl.cmi src/logic.cmi src/ident.cmx \ + src/explain.cmx src/env.cmx src/encoding.cmx src/cc.cmi src/why3.cmi src/whyweb.cmo: src/wserver.cmi src/version.cmo src/project.cmi src/pp.cmi \ - src/logic_decl.cmi src/explain.cmi + src/logic_decl.cmi src/explain.cmi src/whyweb.cmx: src/wserver.cmx src/version.cmx src/project.cmx src/pp.cmx \ - src/logic_decl.cmi src/explain.cmx + src/logic_decl.cmi src/explain.cmx src/wp.cmo: src/util.cmi src/typing.cmi src/types.cmi src/report.cmi \ src/options.cmi src/option_misc.cmi src/misc.cmi src/logic.cmi \ src/loc.cmi src/ident.cmi src/error.cmi src/env.cmi src/effect.cmi \ - src/cc.cmi src/ast.cmi src/wp.cmi + src/cc.cmi src/ast.cmi src/wp.cmi src/wp.cmx: src/util.cmx src/typing.cmx src/types.cmi src/report.cmx \ src/options.cmx src/option_misc.cmx src/misc.cmx src/logic.cmi \ src/loc.cmx src/ident.cmx src/error.cmi src/env.cmx src/effect.cmx \ - src/cc.cmi src/ast.cmi src/wp.cmi -src/wserver.cmo: src/wserver.cmi -src/wserver.cmx: src/wserver.cmi -src/xml.cmo: src/rc.cmi src/xml.cmi -src/xml.cmx: src/rc.cmx src/xml.cmi + src/cc.cmi src/ast.cmi src/wp.cmi +src/wserver.cmo: src/wserver.cmi +src/wserver.cmx: src/wserver.cmi +src/xml.cmo: src/rc.cmi src/xml.cmi +src/xml.cmx: src/rc.cmx src/xml.cmi src/z3.cmo: src/print_real.cmo src/pp.cmi src/options.cmi src/misc.cmi \ src/logic_decl.cmi src/logic.cmi src/loc.cmi src/ident.cmi src/error.cmi \ src/env.cmi src/encoding_mono_inst.cmi src/encoding.cmi src/cc.cmi \ - src/z3.cmi + src/z3.cmi src/z3.cmx: src/print_real.cmx src/pp.cmx src/options.cmx src/misc.cmx \ src/logic_decl.cmi src/logic.cmi src/loc.cmx src/ident.cmx src/error.cmi \ src/env.cmx src/encoding_mono_inst.cmx src/encoding.cmx src/cc.cmi \ - src/z3.cmi + src/z3.cmi src/zenon.cmo: src/vcg.cmi src/util.cmi src/report.cmi src/print_real.cmo \ src/pp.cmi src/options.cmi src/misc.cmi src/ltyping.cmi \ src/logic_decl.cmi src/logic.cmi src/loc.cmi src/ident.cmi src/error.cmi \ - src/env.cmi src/encoding.cmi src/cc.cmi src/zenon.cmi + src/env.cmi src/encoding.cmi src/cc.cmi src/zenon.cmi src/zenon.cmx: src/vcg.cmx src/util.cmx src/report.cmx src/print_real.cmx \ src/pp.cmx src/options.cmx src/misc.cmx src/ltyping.cmx \ src/logic_decl.cmi src/logic.cmi src/loc.cmx src/ident.cmx src/error.cmi \ - src/env.cmx src/encoding.cmx src/cc.cmi src/zenon.cmi -src/annot.cmi: src/types.cmi src/logic.cmi src/env.cmi src/ast.cmi + src/env.cmx src/encoding.cmx src/cc.cmi src/zenon.cmi +src/annot.cmi: src/types.cmi src/logic.cmi src/env.cmi src/ast.cmi src/ast.cmi: src/types.cmi src/ptree.cmi src/logic.cmi src/loc.cmi \ - src/ident.cmi src/cc.cmi -src/cc.cmi: src/logic.cmi src/loc.cmi src/ident.cmi + src/ident.cmi src/cc.cmi +src/cc.cmi: src/logic.cmi src/loc.cmi src/ident.cmi src/coq.cmi: src/vcg.cmi src/logic_decl.cmi src/logic.cmi src/ident.cmi \ - src/cc.cmi -src/cvcl.cmi: src/logic_decl.cmi src/cc.cmi + src/cc.cmi +src/cvcl.cmi: src/logic_decl.cmi src/cc.cmi src/dispatcher.cmi: src/options.cmi src/logic_decl.cmi src/loc.cmi \ - src/env.cmi tools/dpConfig.cmi src/cc.cmi tools/calldp.cmi -src/effect.cmi: src/logic.cmi src/ident.cmi -src/encoding.cmi: src/logic_decl.cmi src/logic.cmi src/ident.cmi src/cc.cmi -src/encoding_mono_inst.cmi: src/logic_decl.cmi -src/encoding_pred.cmi: src/logic_decl.cmi src/cc.cmi -src/encoding_rec.cmi: src/logic_decl.cmi src/cc.cmi -src/encoding_strat.cmi: src/logic_decl.cmi src/cc.cmi + src/env.cmi tools/dpConfig.cmi src/cc.cmi tools/calldp.cmi +src/effect.cmi: src/logic.cmi src/ident.cmi +src/encoding.cmi: src/logic_decl.cmi src/logic.cmi src/ident.cmi src/cc.cmi +src/encoding_mono_inst.cmi: src/logic_decl.cmi +src/encoding_pred.cmi: src/logic_decl.cmi src/cc.cmi +src/encoding_rec.cmi: src/logic_decl.cmi src/cc.cmi +src/encoding_strat.cmi: src/logic_decl.cmi src/cc.cmi src/env.cmi: src/types.cmi src/logic.cmi src/loc.cmi src/ident.cmi \ - src/effect.cmi src/cc.cmi src/ast.cmi -src/error.cmi: src/ident.cmi src/effect.cmi -src/explain.cmi: src/logic_decl.cmi src/loc.cmi -src/fastwp.cmi: src/logic.cmi src/env.cmi -src/fpi.cmi: src/cc.cmi -src/gappa.cmi: src/logic_decl.cmi src/cc.cmi -src/graphviz.cmi: -src/harvey.cmi: src/vcg.cmi src/logic_decl.cmi src/cc.cmi -src/hol4.cmi: src/vcg.cmi src/logic_decl.cmi src/cc.cmi -src/holl.cmi: src/vcg.cmi src/logic_decl.cmi src/cc.cmi -src/ident.cmi: -src/isabelle.cmi: src/logic_decl.cmi src/cc.cmi -src/lexer.cmi: src/ptree.cmi src/parser.cmi -src/lib.cmi: -src/linenum.cmi: -src/loc.cmi: -src/log.cmi: -src/logic.cmi: src/ident.cmi + src/effect.cmi src/cc.cmi src/ast.cmi +src/error.cmi: src/ident.cmi src/effect.cmi +src/explain.cmi: src/logic_decl.cmi src/loc.cmi +src/fastwp.cmi: src/logic.cmi src/env.cmi +src/fpi.cmi: src/cc.cmi +src/gappa.cmi: src/logic_decl.cmi src/cc.cmi +src/graphviz.cmi: +src/harvey.cmi: src/vcg.cmi src/logic_decl.cmi src/cc.cmi +src/hol4.cmi: src/vcg.cmi src/logic_decl.cmi src/cc.cmi +src/holl.cmi: src/vcg.cmi src/logic_decl.cmi src/cc.cmi +src/ident.cmi: +src/isabelle.cmi: src/logic_decl.cmi src/cc.cmi +src/lexer.cmi: src/ptree.cmi src/parser.cmi +src/lib.cmi: +src/linenum.cmi: +src/loc.cmi: +src/log.cmi: +src/logic.cmi: src/ident.cmi src/logic_decl.cmi: src/logic.cmi src/loc.cmi src/ident.cmi src/env.cmi \ - src/cc.cmi + src/cc.cmi src/ltyping.cmi: src/types.cmi src/ptree.cmi src/logic.cmi src/loc.cmi \ - src/ident.cmi src/env.cmi src/effect.cmi src/ast.cmi + src/ident.cmi src/env.cmi src/effect.cmi src/ast.cmi src/misc.cmi: src/types.cmi src/ptree.cmi src/logic.cmi src/loc.cmi \ - src/ident.cmi src/cc.cmi src/ast.cmi -src/mizar.cmi: src/logic_decl.cmi src/cc.cmi + src/ident.cmi src/cc.cmi src/ast.cmi +src/mizar.cmi: src/logic_decl.cmi src/cc.cmi src/mlize.cmi: src/rename.cmi src/logic.cmi src/env.cmi src/cc.cmi \ - src/ast.cmi -src/monad.cmi: src/monadSig.cmi + src/ast.cmi +src/monad.cmi: src/monadSig.cmi src/monadSig.cmi: src/types.cmi src/rename.cmi src/logic.cmi src/loc.cmi \ - src/ident.cmi src/env.cmi src/cc.cmi src/ast.cmi -src/monomorph.cmi: src/logic_decl.cmi src/logic.cmi src/ident.cmi -src/ocaml.cmi: src/types.cmi src/ident.cmi src/env.cmi -src/option_misc.cmi: -src/options.cmi: src/rc.cmi src/project.cmi -src/parser.cmi: src/ptree.cmi src/logic.cmi -src/pp.cmi: + src/ident.cmi src/env.cmi src/cc.cmi src/ast.cmi +src/monomorph.cmi: src/logic_decl.cmi src/logic.cmi src/ident.cmi +src/ocaml.cmi: src/types.cmi src/ident.cmi src/env.cmi +src/option_misc.cmi: +src/options.cmi: src/rc.cmi src/project.cmi +src/parser.cmi: src/ptree.cmi src/logic.cmi +src/pp.cmi: src/predDefExpansor.cmi: src/logic_decl.cmi src/logic.cmi src/ident.cmi \ - src/env.cmi -src/pretty.cmi: src/project.cmi src/logic_decl.cmi -src/project.cmi: src/logic_decl.cmi src/loc.cmi -src/ptree.cmi: src/types.cmi src/logic.cmi src/loc.cmi src/ident.cmi -src/purify.cmi: src/env.cmi -src/pvs.cmi: src/vcg.cmi src/logic_decl.cmi src/cc.cmi -src/rc.cmi: -src/red.cmi: src/logic.cmi src/cc.cmi + src/env.cmi +src/pretty.cmi: src/project.cmi src/logic_decl.cmi +src/project.cmi: src/logic_decl.cmi src/loc.cmi +src/ptree.cmi: src/types.cmi src/logic.cmi src/loc.cmi src/ident.cmi +src/purify.cmi: src/env.cmi +src/pvs.cmi: src/vcg.cmi src/logic_decl.cmi src/cc.cmi +src/rc.cmi: +src/red.cmi: src/logic.cmi src/cc.cmi src/regen.cmi: src/vcg.cmi src/logic_decl.cmi src/logic.cmi src/loc.cmi \ - src/env.cmi src/cc.cmi -src/rename.cmi: src/ident.cmi -src/report.cmi: src/loc.cmi src/error.cmi -src/simplify.cmi: src/logic_decl.cmi src/cc.cmi -src/smtlib.cmi: src/logic_decl.cmi src/cc.cmi -src/types.cmi: src/logic.cmi src/ident.cmi src/effect.cmi + src/env.cmi src/cc.cmi +src/rename.cmi: src/ident.cmi +src/report.cmi: src/loc.cmi src/error.cmi +src/simplify.cmi: src/logic_decl.cmi src/cc.cmi +src/smtlib.cmi: src/logic_decl.cmi src/cc.cmi +src/types.cmi: src/logic.cmi src/ident.cmi src/effect.cmi src/typing.cmi: src/types.cmi src/ptree.cmi src/loc.cmi src/env.cmi \ - src/ast.cmi + src/ast.cmi src/util.cmi: src/types.cmi src/rename.cmi src/ptree.cmi src/misc.cmi \ src/logic_decl.cmi src/logic.cmi src/loc.cmi src/ident.cmi src/env.cmi \ - src/effect.cmi src/cc.cmi src/ast.cmi + src/effect.cmi src/cc.cmi src/ast.cmi src/vcg.cmi: src/types.cmi src/logic_decl.cmi src/logic.cmi src/log.cmi \ - src/loc.cmi src/ident.cmi src/cc.cmi src/ast.cmi -src/why3.cmi: src/logic_decl.cmi -src/wp.cmi: src/logic.cmi src/env.cmi src/ast.cmi -src/wserver.cmi: -src/xml.cmi: src/rc.cmi -src/z3.cmi: src/logic_decl.cmi src/cc.cmi -src/zenon.cmi: src/logic_decl.cmi src/cc.cmi -jc/jc_ai.cmi: src/loc.cmi jc/jc_fenv.cmo jc/jc_ast.cmi -jc/jc_ast.cmi: src/loc.cmi jc/jc_stdlib.cmo jc/jc_region.cmo jc/jc_env.cmi + src/loc.cmi src/ident.cmi src/cc.cmi src/ast.cmi +src/why3.cmi: src/logic_decl.cmi +src/wp.cmi: src/logic.cmi src/env.cmi src/ast.cmi +src/wserver.cmi: +src/xml.cmi: src/rc.cmi +src/z3.cmi: src/logic_decl.cmi src/cc.cmi +src/zenon.cmi: src/logic_decl.cmi src/cc.cmi +jc/jc_ai.cmi: src/loc.cmi jc/jc_fenv.cmo jc/jc_ast.cmi +jc/jc_ast.cmi: src/loc.cmi jc/jc_stdlib.cmo jc/jc_region.cmo jc/jc_env.cmi jc/jc_callgraph.cmi: src/loc.cmi jc/jc_stdlib.cmo jc/jc_fenv.cmo \ - jc/jc_constructors.cmi -jc/jc_common_options.cmi: jc/jc_env.cmi + jc/jc_constructors.cmi +jc/jc_common_options.cmi: jc/jc_env.cmi jc/jc_constructors.cmi: src/loc.cmi jc/jc_fenv.cmo jc/jc_env.cmi \ - jc/jc_ast.cmi -jc/jc_env.cmi: -jc/jc_envset.cmi: jc/jc_stdlib.cmo jc/jc_env.cmi -jc/jc_frame.cmi: jc/output.cmi jc/jc_fenv.cmo jc/jc_ast.cmi + jc/jc_ast.cmi +jc/jc_env.cmi: +jc/jc_envset.cmi: jc/jc_stdlib.cmo jc/jc_env.cmi +jc/jc_frame.cmi: jc/output.cmi jc/jc_fenv.cmo jc/jc_ast.cmi jc/jc_interp.cmi: jc/output.cmi src/loc.cmi jc/jc_typing.cmi \ jc/jc_type_var.cmi jc/jc_region.cmo jc/jc_fenv.cmo jc/jc_envset.cmi \ - jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_env.cmi jc/jc_ast.cmi jc/jc_interp_misc.cmi: jc/output.cmi jc/jc_stdlib.cmo jc/jc_region.cmo \ - jc/jc_fenv.cmo jc/jc_envset.cmi jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_fenv.cmo jc/jc_envset.cmi jc/jc_env.cmi jc/jc_ast.cmi jc/jc_iterators.cmi: src/loc.cmi jc/jc_fenv.cmo jc/jc_envset.cmi \ - jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi -jc/jc_lexer.cmi: src/loc.cmi jc/jc_parser.cmi jc/jc_ast.cmi -jc/jc_norm.cmi: jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi +jc/jc_lexer.cmi: src/loc.cmi jc/jc_parser.cmi jc/jc_ast.cmi +jc/jc_norm.cmi: jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi jc/jc_options.cmi: src/rc.cmi jc/output.cmi src/loc.cmi jc/jc_stdlib.cmo \ - jc/jc_env.cmi -jc/jc_parser.cmi: jc/jc_ast.cmi + jc/jc_env.cmi +jc/jc_parser.cmi: jc/jc_ast.cmi jc/jc_pervasives.cmi: jc/jc_stdlib.cmo jc/jc_fenv.cmo jc/jc_envset.cmi \ - jc/jc_env.cmi jc/jc_ast.cmi -jc/jc_struct_tools.cmi: jc/jc_env.cmi -jc/jc_type_var.cmi: src/loc.cmi jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_env.cmi jc/jc_ast.cmi +jc/jc_struct_tools.cmi: jc/jc_env.cmi +jc/jc_type_var.cmi: src/loc.cmi jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi jc/jc_typing.cmi: src/loc.cmi jc/jc_stdlib.cmo jc/jc_fenv.cmo jc/jc_env.cmi \ - jc/jc_constructors.cmi jc/jc_ast.cmi -jc/numconst.cmi: -jc/output.cmi: src/loc.cmi -jc/jc_ai.cmo: jc/jc_ai.cmi -jc/jc_ai.cmx: jc/jc_ai.cmi -jc/jc_annot_fail.cmo: -jc/jc_annot_fail.cmx: + jc/jc_constructors.cmi jc/jc_ast.cmi +jc/numconst.cmi: +jc/output.cmi: src/loc.cmi +jc/jc_ai.cmo: jc/jc_ai.cmi +jc/jc_ai.cmx: jc/jc_ai.cmi +jc/jc_annot_fail.cmo: +jc/jc_annot_fail.cmx: jc/jc_annot_inference.cmo: src/pp.cmi src/parser.cmi jc/output.cmi \ src/option_misc.cmi src/loc.cmi jc/jc_typing.cmi jc/jc_stdlib.cmo \ jc/jc_separation.cmo jc/jc_region.cmo jc/jc_pervasives.cmi \ jc/jc_output.cmo jc/jc_options.cmi jc/jc_norm.cmi jc/jc_iterators.cmi \ jc/jc_fenv.cmo jc/jc_envset.cmi jc/jc_env.cmi jc/jc_effect.cmo \ - jc/jc_constructors.cmi jc/jc_ast.cmi + jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_annot_inference.cmx: src/pp.cmx src/parser.cmx jc/output.cmx \ src/option_misc.cmx src/loc.cmx jc/jc_typing.cmx jc/jc_stdlib.cmx \ jc/jc_separation.cmx jc/jc_region.cmx jc/jc_pervasives.cmx \ jc/jc_output.cmx jc/jc_options.cmx jc/jc_norm.cmx jc/jc_iterators.cmx \ jc/jc_fenv.cmx jc/jc_envset.cmx jc/jc_env.cmi jc/jc_effect.cmx \ - jc/jc_constructors.cmx jc/jc_ast.cmi + jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_callgraph.cmo: src/pp.cmi src/option_misc.cmi src/loc.cmi \ jc/jc_typing.cmi jc/jc_stdlib.cmo jc/jc_pervasives.cmi jc/jc_options.cmi \ jc/jc_iterators.cmi jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi \ - jc/jc_callgraph.cmi + jc/jc_callgraph.cmi jc/jc_callgraph.cmx: src/pp.cmx src/option_misc.cmx src/loc.cmx \ jc/jc_typing.cmx jc/jc_stdlib.cmx jc/jc_pervasives.cmx jc/jc_options.cmx \ jc/jc_iterators.cmx jc/jc_fenv.cmx jc/jc_env.cmi jc/jc_ast.cmi \ - jc/jc_callgraph.cmi -jc/jc_common_options.cmo: jc/jc_env.cmi jc/jc_common_options.cmi -jc/jc_common_options.cmx: jc/jc_env.cmi jc/jc_common_options.cmi + jc/jc_callgraph.cmi +jc/jc_common_options.cmo: jc/jc_env.cmi jc/jc_common_options.cmi +jc/jc_common_options.cmx: jc/jc_env.cmi jc/jc_common_options.cmi jc/jc_constructors.cmo: src/loc.cmi jc/jc_region.cmo jc/jc_fenv.cmo \ - jc/jc_env.cmi jc/jc_ast.cmi jc/jc_constructors.cmi + jc/jc_env.cmi jc/jc_ast.cmi jc/jc_constructors.cmi jc/jc_constructors.cmx: src/loc.cmx jc/jc_region.cmx jc/jc_fenv.cmx \ - jc/jc_env.cmi jc/jc_ast.cmi jc/jc_constructors.cmi -jc/jc_control_flow.cmo: jc/jc_ast.cmi -jc/jc_control_flow.cmx: jc/jc_ast.cmi + jc/jc_env.cmi jc/jc_ast.cmi jc/jc_constructors.cmi +jc/jc_control_flow.cmo: jc/jc_ast.cmi +jc/jc_control_flow.cmx: jc/jc_ast.cmi jc/jc_effect.cmo: src/pp.cmi src/option_misc.cmi jc/jc_typing.cmi \ jc/jc_struct_tools.cmi jc/jc_stdlib.cmo jc/jc_region.cmo \ jc/jc_pervasives.cmi jc/jc_output_misc.cmo jc/jc_output.cmo \ jc/jc_options.cmi jc/jc_name.cmo jc/jc_iterators.cmi jc/jc_fenv.cmo \ - jc/jc_envset.cmi jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi + jc/jc_envset.cmi jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_effect.cmx: src/pp.cmx src/option_misc.cmx jc/jc_typing.cmx \ jc/jc_struct_tools.cmx jc/jc_stdlib.cmx jc/jc_region.cmx \ jc/jc_pervasives.cmx jc/jc_output_misc.cmx jc/jc_output.cmx \ jc/jc_options.cmx jc/jc_name.cmx jc/jc_iterators.cmx jc/jc_fenv.cmx \ - jc/jc_envset.cmx jc/jc_env.cmi jc/jc_constructors.cmx jc/jc_ast.cmi -jc/jc_envset.cmo: jc/jc_stdlib.cmo jc/jc_env.cmi jc/jc_envset.cmi -jc/jc_envset.cmx: jc/jc_stdlib.cmx jc/jc_env.cmi jc/jc_envset.cmi + jc/jc_envset.cmx jc/jc_env.cmi jc/jc_constructors.cmx jc/jc_ast.cmi +jc/jc_envset.cmo: jc/jc_stdlib.cmo jc/jc_env.cmi jc/jc_envset.cmi +jc/jc_envset.cmx: jc/jc_stdlib.cmx jc/jc_env.cmi jc/jc_envset.cmi jc/jc_fenv.cmo: jc/jc_stdlib.cmo jc/jc_region.cmo jc/jc_envset.cmi \ - jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_env.cmi jc/jc_ast.cmi jc/jc_fenv.cmx: jc/jc_stdlib.cmx jc/jc_region.cmx jc/jc_envset.cmx \ - jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_env.cmi jc/jc_ast.cmi jc/jc_frame.cmo: src/pp.cmi jc/output.cmi jc/jc_typing.cmi \ jc/jc_struct_tools.cmi jc/jc_stdlib.cmo jc/jc_separation.cmo \ jc/jc_region.cmo jc/jc_pervasives.cmi jc/jc_pattern.cmo jc/jc_options.cmi \ jc/jc_name.cmo jc/jc_invariants.cmo jc/jc_interp_misc.cmi \ jc/jc_interp.cmi jc/jc_frame_notin.cmo jc/jc_fenv.cmo jc/jc_envset.cmi \ jc/jc_env.cmi jc/jc_effect.cmo jc/jc_constructors.cmi jc/jc_ast.cmi \ - jc/jc_frame.cmi + jc/jc_frame.cmi jc/jc_frame.cmx: src/pp.cmx jc/output.cmx jc/jc_typing.cmx \ jc/jc_struct_tools.cmx jc/jc_stdlib.cmx jc/jc_separation.cmx \ jc/jc_region.cmx jc/jc_pervasives.cmx jc/jc_pattern.cmx jc/jc_options.cmx \ jc/jc_name.cmx jc/jc_invariants.cmx jc/jc_interp_misc.cmx \ jc/jc_interp.cmx jc/jc_frame_notin.cmx jc/jc_fenv.cmx jc/jc_envset.cmx \ jc/jc_env.cmi jc/jc_effect.cmx jc/jc_constructors.cmx jc/jc_ast.cmi \ - jc/jc_frame.cmi + jc/jc_frame.cmi jc/jc_frame_notin.cmo: src/pp.cmi jc/output.cmi jc/jc_typing.cmi \ jc/jc_type_var.cmi jc/jc_struct_tools.cmi jc/jc_stdlib.cmo \ jc/jc_separation.cmo jc/jc_region.cmo jc/jc_pervasives.cmi \ jc/jc_pattern.cmo jc/jc_name.cmo jc/jc_invariants.cmo \ jc/jc_interp_misc.cmi jc/jc_fenv.cmo jc/jc_envset.cmi jc/jc_env.cmi \ - jc/jc_effect.cmo jc/jc_constructors.cmi jc/jc_ast.cmi + jc/jc_effect.cmo jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_frame_notin.cmx: src/pp.cmx jc/output.cmx jc/jc_typing.cmx \ jc/jc_type_var.cmx jc/jc_struct_tools.cmx jc/jc_stdlib.cmx \ jc/jc_separation.cmx jc/jc_region.cmx jc/jc_pervasives.cmx \ jc/jc_pattern.cmx jc/jc_name.cmx jc/jc_invariants.cmx \ jc/jc_interp_misc.cmx jc/jc_fenv.cmx jc/jc_envset.cmx jc/jc_env.cmi \ - jc/jc_effect.cmx jc/jc_constructors.cmx jc/jc_ast.cmi + jc/jc_effect.cmx jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_interp.cmo: src/rc.cmi src/pp.cmi jc/output.cmi src/option_misc.cmi \ jc/numconst.cmi src/loc.cmi jc/jc_typing.cmi jc/jc_type_var.cmi \ jc/jc_struct_tools.cmi jc/jc_stdlib.cmo jc/jc_separation.cmo \ jc/jc_region.cmo jc/jc_pervasives.cmi jc/jc_pattern.cmo jc/jc_options.cmi \ jc/jc_name.cmo jc/jc_iterators.cmi jc/jc_invariants.cmo \ jc/jc_interp_misc.cmi jc/jc_fenv.cmo jc/jc_envset.cmi jc/jc_env.cmi \ - jc/jc_effect.cmo jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_interp.cmi + jc/jc_effect.cmo jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_interp.cmi jc/jc_interp.cmx: src/rc.cmx src/pp.cmx jc/output.cmx src/option_misc.cmx \ jc/numconst.cmx src/loc.cmx jc/jc_typing.cmx jc/jc_type_var.cmx \ jc/jc_struct_tools.cmx jc/jc_stdlib.cmx jc/jc_separation.cmx \ jc/jc_region.cmx jc/jc_pervasives.cmx jc/jc_pattern.cmx jc/jc_options.cmx \ jc/jc_name.cmx jc/jc_iterators.cmx jc/jc_invariants.cmx \ jc/jc_interp_misc.cmx jc/jc_fenv.cmx jc/jc_envset.cmx jc/jc_env.cmi \ - jc/jc_effect.cmx jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_interp.cmi + jc/jc_effect.cmx jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_interp.cmi jc/jc_interp_misc.cmo: src/pp.cmi jc/output.cmi src/option_misc.cmi \ jc/numconst.cmi jc/jc_typing.cmi jc/jc_type_var.cmi \ jc/jc_struct_tools.cmi jc/jc_stdlib.cmo jc/jc_region.cmo \ jc/jc_pervasives.cmi jc/jc_options.cmi jc/jc_name.cmo jc/jc_fenv.cmo \ jc/jc_envset.cmi jc/jc_env.cmi jc/jc_effect.cmo jc/jc_constructors.cmi \ - jc/jc_ast.cmi jc/jc_interp_misc.cmi + jc/jc_ast.cmi jc/jc_interp_misc.cmi jc/jc_interp_misc.cmx: src/pp.cmx jc/output.cmx src/option_misc.cmx \ jc/numconst.cmx jc/jc_typing.cmx jc/jc_type_var.cmx \ jc/jc_struct_tools.cmx jc/jc_stdlib.cmx jc/jc_region.cmx \ jc/jc_pervasives.cmx jc/jc_options.cmx jc/jc_name.cmx jc/jc_fenv.cmx \ jc/jc_envset.cmx jc/jc_env.cmi jc/jc_effect.cmx jc/jc_constructors.cmx \ - jc/jc_ast.cmi jc/jc_interp_misc.cmi + jc/jc_ast.cmi jc/jc_interp_misc.cmi jc/jc_invariants.cmo: jc/output.cmi src/loc.cmi jc/jc_typing.cmi \ jc/jc_struct_tools.cmi jc/jc_stdlib.cmo jc/jc_region.cmo \ jc/jc_pervasives.cmi jc/jc_options.cmi jc/jc_name.cmo jc/jc_iterators.cmi \ jc/jc_interp_misc.cmi jc/jc_fenv.cmo jc/jc_envset.cmi jc/jc_env.cmi \ - jc/jc_constructors.cmi jc/jc_common_options.cmi jc/jc_ast.cmi + jc/jc_constructors.cmi jc/jc_common_options.cmi jc/jc_ast.cmi jc/jc_invariants.cmx: jc/output.cmx src/loc.cmx jc/jc_typing.cmx \ jc/jc_struct_tools.cmx jc/jc_stdlib.cmx jc/jc_region.cmx \ jc/jc_pervasives.cmx jc/jc_options.cmx jc/jc_name.cmx jc/jc_iterators.cmx \ jc/jc_interp_misc.cmx jc/jc_fenv.cmx jc/jc_envset.cmx jc/jc_env.cmi \ - jc/jc_constructors.cmx jc/jc_common_options.cmx jc/jc_ast.cmi + jc/jc_constructors.cmx jc/jc_common_options.cmx jc/jc_ast.cmi jc/jc_iterators.cmo: src/option_misc.cmi jc/jc_fenv.cmo jc/jc_envset.cmi \ - jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_iterators.cmi + jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_iterators.cmi jc/jc_iterators.cmx: src/option_misc.cmx jc/jc_fenv.cmx jc/jc_envset.cmx \ - jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_iterators.cmi + jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_iterators.cmi jc/jc_lexer.cmo: jc/jc_pervasives.cmi jc/jc_parser.cmi jc/jc_options.cmi \ - jc/jc_env.cmi jc/jc_ast.cmi jc/jc_lexer.cmi + jc/jc_env.cmi jc/jc_ast.cmi jc/jc_lexer.cmi jc/jc_lexer.cmx: jc/jc_pervasives.cmx jc/jc_parser.cmx jc/jc_options.cmx \ - jc/jc_env.cmi jc/jc_ast.cmi jc/jc_lexer.cmi + jc/jc_env.cmi jc/jc_ast.cmi jc/jc_lexer.cmi jc/jc_main.cmo: src/pp.cmi jc/output.cmi src/option_misc.cmi src/loc.cmi \ src/lib.cmi jc/jc_typing.cmi jc/jc_stdlib.cmo jc/jc_separation.cmo \ jc/jc_region.cmo jc/jc_poutput.cmo jc/jc_options.cmi jc/jc_norm.cmi \ jc/jc_make.cmo jc/jc_lexer.cmi jc/jc_invariants.cmo jc/jc_interp_misc.cmi \ jc/jc_interp.cmi jc/jc_frame.cmi jc/jc_fenv.cmo jc/jc_env.cmi \ - jc/jc_effect.cmo jc/jc_callgraph.cmi jc/jc_ast.cmi jc/jc_ai.cmi + jc/jc_effect.cmo jc/jc_callgraph.cmi jc/jc_ast.cmi jc/jc_ai.cmi jc/jc_main.cmx: src/pp.cmx jc/output.cmx src/option_misc.cmx src/loc.cmx \ src/lib.cmx jc/jc_typing.cmx jc/jc_stdlib.cmx jc/jc_separation.cmx \ jc/jc_region.cmx jc/jc_poutput.cmx jc/jc_options.cmx jc/jc_norm.cmx \ jc/jc_make.cmx jc/jc_lexer.cmx jc/jc_invariants.cmx jc/jc_interp_misc.cmx \ jc/jc_interp.cmx jc/jc_frame.cmx jc/jc_fenv.cmx jc/jc_env.cmi \ - jc/jc_effect.cmx jc/jc_callgraph.cmx jc/jc_ast.cmi jc/jc_ai.cmx -jc/jc_make.cmo: src/pp.cmi jc/jc_options.cmi -jc/jc_make.cmx: src/pp.cmx jc/jc_options.cmx + jc/jc_effect.cmx jc/jc_callgraph.cmx jc/jc_ast.cmi jc/jc_ai.cmx +jc/jc_make.cmo: src/pp.cmi jc/jc_options.cmi +jc/jc_make.cmx: src/pp.cmx jc/jc_options.cmx jc/jc_name.cmo: jc/output.cmi jc/jc_region.cmo jc/jc_pervasives.cmi \ - jc/jc_env.cmi jc/jc_common_options.cmi jc/jc_ast.cmi + jc/jc_env.cmi jc/jc_common_options.cmi jc/jc_ast.cmi jc/jc_name.cmx: jc/output.cmx jc/jc_region.cmx jc/jc_pervasives.cmx \ - jc/jc_env.cmi jc/jc_common_options.cmx jc/jc_ast.cmi + jc/jc_env.cmi jc/jc_common_options.cmx jc/jc_ast.cmi jc/jc_norm.cmo: src/pp.cmi src/option_misc.cmi jc/jc_pervasives.cmi \ jc/jc_options.cmi jc/jc_iterators.cmi jc/jc_fenv.cmo jc/jc_envset.cmi \ - jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_norm.cmi + jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_norm.cmi jc/jc_norm.cmx: src/pp.cmx src/option_misc.cmx jc/jc_pervasives.cmx \ jc/jc_options.cmx jc/jc_iterators.cmx jc/jc_fenv.cmx jc/jc_envset.cmx \ - jc/jc_env.cmi jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_norm.cmi + jc/jc_env.cmi jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_norm.cmi jc/jc_noutput.cmo: src/pp.cmi jc/jc_pervasives.cmi jc/jc_output_misc.cmo \ - jc/jc_ast.cmi + jc/jc_ast.cmi jc/jc_noutput.cmx: src/pp.cmx jc/jc_pervasives.cmx jc/jc_output_misc.cmx \ - jc/jc_ast.cmi + jc/jc_ast.cmi jc/jc_options.cmo: src/version.cmo src/rc.cmi jc/output.cmi src/loc.cmi \ - jc/jc_stdlib.cmo jc/jc_env.cmi jc/jc_common_options.cmi jc/jc_options.cmi + jc/jc_stdlib.cmo jc/jc_env.cmi jc/jc_common_options.cmi jc/jc_options.cmi jc/jc_options.cmx: src/version.cmx src/rc.cmx jc/output.cmx src/loc.cmx \ - jc/jc_stdlib.cmx jc/jc_env.cmi jc/jc_common_options.cmx jc/jc_options.cmi + jc/jc_stdlib.cmx jc/jc_env.cmi jc/jc_common_options.cmx jc/jc_options.cmi jc/jc_output.cmo: src/pp.cmi src/option_misc.cmi jc/jc_type_var.cmi \ jc/jc_poutput.cmo jc/jc_pervasives.cmi jc/jc_output_misc.cmo \ - jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi + jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_output.cmx: src/pp.cmx src/option_misc.cmx jc/jc_type_var.cmx \ jc/jc_poutput.cmx jc/jc_pervasives.cmx jc/jc_output_misc.cmx \ - jc/jc_fenv.cmx jc/jc_env.cmi jc/jc_constructors.cmx jc/jc_ast.cmi + jc/jc_fenv.cmx jc/jc_env.cmi jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_output_misc.cmo: src/pp.cmi jc/jc_pervasives.cmi jc/jc_env.cmi \ - jc/jc_ast.cmi + jc/jc_ast.cmi jc/jc_output_misc.cmx: src/pp.cmx jc/jc_pervasives.cmx jc/jc_env.cmi \ - jc/jc_ast.cmi + jc/jc_ast.cmi jc/jc_parser.cmo: src/loc.cmi jc/jc_pervasives.cmi jc/jc_options.cmi \ jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi src/error.cmi \ - jc/jc_parser.cmi + jc/jc_parser.cmi jc/jc_parser.cmx: src/loc.cmx jc/jc_pervasives.cmx jc/jc_options.cmx \ jc/jc_env.cmi jc/jc_constructors.cmx jc/jc_ast.cmi src/error.cmi \ - jc/jc_parser.cmi + jc/jc_parser.cmi jc/jc_pattern.cmo: jc/output.cmi jc/jc_region.cmo jc/jc_pervasives.cmi \ jc/jc_name.cmo jc/jc_interp_misc.cmi jc/jc_env.cmi jc/jc_effect.cmo \ - jc/jc_ast.cmi + jc/jc_ast.cmi jc/jc_pattern.cmx: jc/output.cmx jc/jc_region.cmx jc/jc_pervasives.cmx \ jc/jc_name.cmx jc/jc_interp_misc.cmx jc/jc_env.cmi jc/jc_effect.cmx \ - jc/jc_ast.cmi + jc/jc_ast.cmi jc/jc_pervasives.cmo: src/pp.cmi src/option_misc.cmi src/loc.cmi \ jc/jc_stdlib.cmo jc/jc_region.cmo jc/jc_fenv.cmo jc/jc_envset.cmi \ - jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_pervasives.cmi + jc/jc_env.cmi jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_pervasives.cmi jc/jc_pervasives.cmx: src/pp.cmx src/option_misc.cmx src/loc.cmx \ jc/jc_stdlib.cmx jc/jc_region.cmx jc/jc_fenv.cmx jc/jc_envset.cmx \ - jc/jc_env.cmi jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_pervasives.cmi + jc/jc_env.cmi jc/jc_constructors.cmx jc/jc_ast.cmi jc/jc_pervasives.cmi jc/jc_poutput.cmo: src/pp.cmi src/option_misc.cmi jc/jc_pervasives.cmi \ - jc/jc_output_misc.cmo jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_output_misc.cmo jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi jc/jc_poutput.cmx: src/pp.cmx src/option_misc.cmx jc/jc_pervasives.cmx \ - jc/jc_output_misc.cmx jc/jc_fenv.cmx jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_output_misc.cmx jc/jc_fenv.cmx jc/jc_env.cmi jc/jc_ast.cmi jc/jc_region.cmo: src/pp.cmi jc/jc_stdlib.cmo jc/jc_envset.cmi jc/jc_env.cmi \ - jc/jc_common_options.cmi + jc/jc_common_options.cmi jc/jc_region.cmx: src/pp.cmx jc/jc_stdlib.cmx jc/jc_envset.cmx jc/jc_env.cmi \ - jc/jc_common_options.cmx + jc/jc_common_options.cmx jc/jc_separation.cmo: src/pp.cmi src/option_misc.cmi jc/jc_typing.cmi \ jc/jc_stdlib.cmo jc/jc_region.cmo jc/jc_pervasives.cmi jc/jc_options.cmi \ jc/jc_iterators.cmi jc/jc_fenv.cmo jc/jc_envset.cmi jc/jc_env.cmi \ - jc/jc_constructors.cmi jc/jc_ast.cmi + jc/jc_constructors.cmi jc/jc_ast.cmi jc/jc_separation.cmx: src/pp.cmx src/option_misc.cmx jc/jc_typing.cmx \ jc/jc_stdlib.cmx jc/jc_region.cmx jc/jc_pervasives.cmx jc/jc_options.cmx \ jc/jc_iterators.cmx jc/jc_fenv.cmx jc/jc_envset.cmx jc/jc_env.cmi \ - jc/jc_constructors.cmx jc/jc_ast.cmi -jc/jc_stdlib.cmo: -jc/jc_stdlib.cmx: -jc/jc_stdlib_ge312.cmo: -jc/jc_stdlib_ge312.cmx: -jc/jc_stdlib_lt312.cmo: -jc/jc_stdlib_lt312.cmx: + jc/jc_constructors.cmx jc/jc_ast.cmi +jc/jc_stdlib.cmo: +jc/jc_stdlib.cmx: +jc/jc_stdlib_ge312.cmo: +jc/jc_stdlib_ge312.cmx: +jc/jc_stdlib_lt312.cmo: +jc/jc_stdlib_lt312.cmx: jc/jc_struct_tools.cmo: jc/jc_pervasives.cmi jc/jc_output_misc.cmo \ jc/jc_options.cmi jc/jc_name.cmo jc/jc_envset.cmi jc/jc_env.cmi \ - jc/jc_struct_tools.cmi + jc/jc_struct_tools.cmi jc/jc_struct_tools.cmx: jc/jc_pervasives.cmx jc/jc_output_misc.cmx \ jc/jc_options.cmx jc/jc_name.cmx jc/jc_envset.cmx jc/jc_env.cmi \ - jc/jc_struct_tools.cmi + jc/jc_struct_tools.cmi jc/jc_type_var.cmo: src/pp.cmi src/loc.cmi jc/jc_pervasives.cmi \ jc/jc_iterators.cmi jc/jc_envset.cmi jc/jc_env.cmi jc/jc_constructors.cmi \ - jc/jc_type_var.cmi + jc/jc_type_var.cmi jc/jc_type_var.cmx: src/pp.cmx src/loc.cmx jc/jc_pervasives.cmx \ jc/jc_iterators.cmx jc/jc_envset.cmx jc/jc_env.cmi jc/jc_constructors.cmx \ - jc/jc_type_var.cmi + jc/jc_type_var.cmi jc/jc_typing.cmo: src/pp.cmi src/option_misc.cmi src/loc.cmi \ jc/jc_type_var.cmi jc/jc_struct_tools.cmi jc/jc_stdlib.cmo \ jc/jc_region.cmo jc/jc_pervasives.cmi jc/jc_output_misc.cmo \ jc/jc_output.cmo jc/jc_options.cmi jc/jc_noutput.cmo jc/jc_norm.cmi \ jc/jc_iterators.cmi jc/jc_fenv.cmo jc/jc_envset.cmi jc/jc_env.cmi \ jc/jc_constructors.cmi jc/jc_common_options.cmi jc/jc_ast.cmi \ - jc/jc_typing.cmi + jc/jc_typing.cmi jc/jc_typing.cmx: src/pp.cmx src/option_misc.cmx src/loc.cmx \ jc/jc_type_var.cmx jc/jc_struct_tools.cmx jc/jc_stdlib.cmx \ jc/jc_region.cmx jc/jc_pervasives.cmx jc/jc_output_misc.cmx \ jc/jc_output.cmx jc/jc_options.cmx jc/jc_noutput.cmx jc/jc_norm.cmx \ jc/jc_iterators.cmx jc/jc_fenv.cmx jc/jc_envset.cmx jc/jc_env.cmi \ jc/jc_constructors.cmx jc/jc_common_options.cmx jc/jc_ast.cmi \ - jc/jc_typing.cmi -jc/numconst.cmo: jc/numconst.cmi -jc/numconst.cmx: jc/numconst.cmi -jc/output.cmo: src/pp.cmi src/option_misc.cmi src/loc.cmi jc/output.cmi -jc/output.cmx: src/pp.cmx src/option_misc.cmx src/loc.cmx jc/output.cmi -c/cast.cmi: src/loc.cmi c/info.cmi c/ctypes.cmi c/clogic.cmi c/cconst.cmi -c/cast_misc.cmi: c/cast.cmi -c/cconst.cmi: src/loc.cmi -c/ceffect.cmi: jc/output.cmi src/loc.cmi c/info.cmi c/clogic.cmi c/cast.cmi -c/cenv.cmi: src/loc.cmi src/lib.cmi c/info.cmi c/ctypes.cmi c/cast.cmi -c/cerror.cmi: c/ctypes.cmi -c/cgraph.cmi: c/info.cmi c/cast.cmi -c/cinit.cmi: src/loc.cmi c/info.cmi c/cast.cmi -c/cinterp.cmi: jc/output.cmi c/cast.cmi -c/clogic.cmi: src/loc.cmi c/info.cmi -c/clparser.cmi: c/clogic.cmi c/cast.cmi -c/cltyping.cmi: src/loc.cmi src/env.cmi c/clogic.cmi c/cenv.cmi c/cast.cmi -c/cmake.cmi: -c/cnorm.cmi: c/info.cmi c/ctypes.cmi c/clogic.cmi c/cast.cmi -c/coptions.cmi: -c/cparser.cmi: c/clogic.cmi c/cast.cmi -c/cpp.cmi: -c/cprint.cmi: c/clogic.cmi c/cast.cmi -c/cprint_graph.cmi: -c/cptr.cmi: c/info.cmi c/cenv.cmi c/cast.cmi -c/creport.cmi: src/loc.cmi c/ctypes.cmi c/cerror.cmi + jc/jc_typing.cmi +jc/numconst.cmo: jc/numconst.cmi +jc/numconst.cmx: jc/numconst.cmi +jc/output.cmo: src/pp.cmi src/option_misc.cmi src/loc.cmi jc/output.cmi +jc/output.cmx: src/pp.cmx src/option_misc.cmx src/loc.cmx jc/output.cmi +c/cast.cmi: src/loc.cmi c/info.cmi c/ctypes.cmi c/clogic.cmi c/cconst.cmi +c/cast_misc.cmi: c/cast.cmi +c/cconst.cmi: src/loc.cmi +c/ceffect.cmi: jc/output.cmi src/loc.cmi c/info.cmi c/clogic.cmi c/cast.cmi +c/cenv.cmi: src/loc.cmi src/lib.cmi c/info.cmi c/ctypes.cmi c/cast.cmi +c/cerror.cmi: c/ctypes.cmi +c/cgraph.cmi: c/info.cmi c/cast.cmi +c/cinit.cmi: src/loc.cmi c/info.cmi c/cast.cmi +c/cinterp.cmi: jc/output.cmi c/cast.cmi +c/clogic.cmi: src/loc.cmi c/info.cmi +c/clparser.cmi: c/clogic.cmi c/cast.cmi +c/cltyping.cmi: src/loc.cmi src/env.cmi c/clogic.cmi c/cenv.cmi c/cast.cmi +c/cmake.cmi: +c/cnorm.cmi: c/info.cmi c/ctypes.cmi c/clogic.cmi c/cast.cmi +c/coptions.cmi: +c/cparser.cmi: c/clogic.cmi c/cast.cmi +c/cpp.cmi: +c/cprint.cmi: c/clogic.cmi c/cast.cmi +c/cprint_graph.cmi: +c/cptr.cmi: c/info.cmi c/cenv.cmi c/cast.cmi +c/creport.cmi: src/loc.cmi c/ctypes.cmi c/cerror.cmi c/cseparation.cmi: src/loc.cmi c/info.cmi c/ctypes.cmi c/clogic.cmi \ - c/cast.cmi -c/ctypes.cmi: -c/ctyping.cmi: c/ctypes.cmi c/cast.cmi -c/cutil.cmi: -c/info.cmi: jc/output.cmi c/ctypes.cmi + c/cast.cmi +c/ctypes.cmi: +c/ctyping.cmi: c/ctypes.cmi c/cast.cmi +c/cutil.cmi: +c/info.cmi: jc/output.cmi c/ctypes.cmi c/invariant.cmi: c/info.cmi c/ctypes.cmi c/creport.cmi c/cnorm.cmi \ - c/clogic.cmi c/cenv.cmi c/cast.cmi + c/clogic.cmi c/cenv.cmi c/cast.cmi c/cabsint.cmo: src/loc.cmi c/info.cmi c/cutil.cmi c/ctypes.cmi c/cprint.cmi \ - c/coptions.cmi c/clogic.cmi c/cenv.cmi c/ceffect.cmi c/cast.cmi + c/coptions.cmi c/clogic.cmi c/cenv.cmi c/ceffect.cmi c/cast.cmi c/cabsint.cmx: src/loc.cmx c/info.cmx c/cutil.cmx c/ctypes.cmx c/cprint.cmx \ - c/coptions.cmx c/clogic.cmi c/cenv.cmx c/ceffect.cmx c/cast.cmi -c/cast_misc.cmo: c/ctypes.cmi c/cast.cmi c/cast_misc.cmi -c/cast_misc.cmx: c/ctypes.cmx c/cast.cmi c/cast_misc.cmi -c/cconst.cmo: c/creport.cmi c/cconst.cmi -c/cconst.cmx: c/creport.cmx c/cconst.cmi + c/coptions.cmx c/clogic.cmi c/cenv.cmx c/ceffect.cmx c/cast.cmi +c/cast_misc.cmo: c/ctypes.cmi c/cast.cmi c/cast_misc.cmi +c/cast_misc.cmx: c/ctypes.cmx c/cast.cmi c/cast_misc.cmi +c/cconst.cmo: c/creport.cmi c/cconst.cmi +c/cconst.cmx: c/creport.cmx c/cconst.cmi c/ceffect.cmo: src/pp.cmi jc/output.cmi src/loc.cmi c/info.cmi c/ctypes.cmi \ c/cseparation.cmi c/creport.cmi c/coptions.cmi c/cnorm.cmi c/clogic.cmi \ - c/cinit.cmi c/cenv.cmi c/cast.cmi c/ceffect.cmi + c/cinit.cmi c/cenv.cmi c/cast.cmi c/ceffect.cmi c/ceffect.cmx: src/pp.cmx jc/output.cmx src/loc.cmx c/info.cmx c/ctypes.cmx \ c/cseparation.cmx c/creport.cmx c/coptions.cmx c/cnorm.cmx c/clogic.cmi \ - c/cinit.cmx c/cenv.cmx c/cast.cmi c/ceffect.cmi + c/cinit.cmx c/cenv.cmx c/cast.cmi c/ceffect.cmi c/cenv.cmo: jc/output.cmi src/loc.cmi src/lib.cmi c/info.cmi c/cutil.cmi \ - c/ctypes.cmi c/creport.cmi c/coptions.cmi c/cast.cmi c/cenv.cmi + c/ctypes.cmi c/creport.cmi c/coptions.cmi c/cast.cmi c/cenv.cmi c/cenv.cmx: jc/output.cmx src/loc.cmx src/lib.cmx c/info.cmx c/cutil.cmx \ - c/ctypes.cmx c/creport.cmx c/coptions.cmx c/cast.cmi c/cenv.cmi + c/ctypes.cmx c/creport.cmx c/coptions.cmx c/cast.cmi c/cenv.cmi c/cgraph.cmo: c/info.cmi c/coptions.cmi c/clogic.cmi c/cenv.cmi c/cast.cmi \ - c/cgraph.cmi + c/cgraph.cmi c/cgraph.cmx: c/info.cmx c/coptions.cmx c/clogic.cmi c/cenv.cmx c/cast.cmi \ - c/cgraph.cmi + c/cgraph.cmi c/cinit.cmo: src/loc.cmi c/info.cmi c/ctyping.cmi c/ctypes.cmi c/coptions.cmi \ - c/cltyping.cmi c/clogic.cmi c/cenv.cmi c/cast.cmi c/cinit.cmi + c/cltyping.cmi c/clogic.cmi c/cenv.cmi c/cast.cmi c/cinit.cmi c/cinit.cmx: src/loc.cmx c/info.cmx c/ctyping.cmx c/ctypes.cmx c/coptions.cmx \ - c/cltyping.cmx c/clogic.cmi c/cenv.cmx c/cast.cmi c/cinit.cmi + c/cltyping.cmx c/clogic.cmi c/cenv.cmx c/cast.cmi c/cinit.cmi c/cinterp.cmo: src/pp.cmi jc/output.cmi src/option_misc.cmi src/loc.cmi \ c/invariant.cmi c/info.cmi c/ctypes.cmi c/cseparation.cmi c/creport.cmi \ c/coptions.cmi c/cnorm.cmi c/clogic.cmi c/cinit.cmi c/cerror.cmi \ - c/cenv.cmi c/ceffect.cmi c/cconst.cmi c/cast.cmi c/cinterp.cmi + c/cenv.cmi c/ceffect.cmi c/cconst.cmi c/cast.cmi c/cinterp.cmi c/cinterp.cmx: src/pp.cmx jc/output.cmx src/option_misc.cmx src/loc.cmx \ c/invariant.cmx c/info.cmx c/ctypes.cmx c/cseparation.cmx c/creport.cmx \ c/coptions.cmx c/cnorm.cmx c/clogic.cmi c/cinit.cmx c/cerror.cmi \ - c/cenv.cmx c/ceffect.cmx c/cconst.cmx c/cast.cmi c/cinterp.cmi + c/cenv.cmx c/ceffect.cmx c/cconst.cmx c/cast.cmi c/cinterp.cmi c/clexer.cmo: c/ctypes.cmi c/creport.cmi c/cparser.cmi c/clogic.cmi \ - c/cllexer.cmo c/cerror.cmi c/cast.cmi + c/cllexer.cmo c/cerror.cmi c/cast.cmi c/clexer.cmx: c/ctypes.cmx c/creport.cmx c/cparser.cmx c/clogic.cmi \ - c/cllexer.cmx c/cerror.cmi c/cast.cmi + c/cllexer.cmx c/cerror.cmi c/cast.cmi c/cllexer.cmo: src/loc.cmi c/creport.cmi c/clparser.cmi c/clogic.cmi \ - c/cerror.cmi + c/cerror.cmi c/cllexer.cmx: src/loc.cmx c/creport.cmx c/clparser.cmx c/clogic.cmi \ - c/cerror.cmi + c/cerror.cmi c/clparser.cmo: src/loc.cmi c/info.cmi c/ctypes.cmi c/creport.cmi \ - c/clogic.cmi c/cast_misc.cmi c/cast.cmi c/clparser.cmi + c/clogic.cmi c/cast_misc.cmi c/cast.cmi c/clparser.cmi c/clparser.cmx: src/loc.cmx c/info.cmx c/ctypes.cmx c/creport.cmx \ - c/clogic.cmi c/cast_misc.cmx c/cast.cmi c/clparser.cmi + c/clogic.cmi c/cast_misc.cmx c/cast.cmi c/clparser.cmi c/cltyping.cmo: src/loc.cmi c/info.cmi src/env.cmi c/ctypes.cmi c/creport.cmi \ c/coptions.cmi c/clogic.cmi c/cerror.cmi c/cenv.cmi c/cconst.cmi \ - c/cast.cmi c/cltyping.cmi + c/cast.cmi c/cltyping.cmi c/cltyping.cmx: src/loc.cmx c/info.cmx src/env.cmx c/ctypes.cmx c/creport.cmx \ c/coptions.cmx c/clogic.cmi c/cerror.cmi c/cenv.cmx c/cconst.cmx \ - c/cast.cmi c/cltyping.cmi + c/cast.cmi c/cltyping.cmi c/cmain.cmo: src/pp.cmi jc/output.cmi src/loc.cmi src/lib.cmi c/invariant.cmi \ c/info.cmi c/ctyping.cmi c/cseparation.cmi c/creport.cmi c/cptr.cmi \ c/cprint_graph.cmi c/cprint.cmi c/cpp.cmi c/coptions.cmi c/cnorm.cmi \ c/cmake.cmi c/clexer.cmo c/cinterp.cmi c/cinit.cmi c/cgraph.cmi \ - c/cerror.cmi c/cenv.cmi c/ceffect.cmi + c/cerror.cmi c/cenv.cmi c/ceffect.cmi c/cmain.cmx: src/pp.cmx jc/output.cmx src/loc.cmx src/lib.cmx c/invariant.cmx \ c/info.cmx c/ctyping.cmx c/cseparation.cmx c/creport.cmx c/cptr.cmx \ c/cprint_graph.cmx c/cprint.cmx c/cpp.cmx c/coptions.cmx c/cnorm.cmx \ c/cmake.cmx c/clexer.cmx c/cinterp.cmx c/cinit.cmx c/cgraph.cmx \ - c/cerror.cmi c/cenv.cmx c/ceffect.cmx -c/cmake.cmo: src/pp.cmi c/coptions.cmi c/cmake.cmi -c/cmake.cmx: src/pp.cmx c/coptions.cmx c/cmake.cmi + c/cerror.cmi c/cenv.cmx c/ceffect.cmx +c/cmake.cmo: src/pp.cmi c/coptions.cmi c/cmake.cmi +c/cmake.cmx: src/pp.cmx c/coptions.cmx c/cmake.cmi c/cnorm.cmo: jc/output.cmi src/option_misc.cmi src/loc.cmi c/info.cmi \ c/ctyping.cmi c/ctypes.cmi c/creport.cmi c/cprint.cmi c/coptions.cmi \ c/cltyping.cmi c/clogic.cmi c/cenv.cmi c/cconst.cmi c/cast.cmi \ - c/cnorm.cmi + c/cnorm.cmi c/cnorm.cmx: jc/output.cmx src/option_misc.cmx src/loc.cmx c/info.cmx \ c/ctyping.cmx c/ctypes.cmx c/creport.cmx c/cprint.cmx c/coptions.cmx \ c/cltyping.cmx c/clogic.cmi c/cenv.cmx c/cconst.cmx c/cast.cmi \ - c/cnorm.cmi -c/coptions.cmo: src/version.cmo c/cversion.cmo c/coptions.cmi -c/coptions.cmx: src/version.cmx c/cversion.cmx c/coptions.cmi + c/cnorm.cmi +c/coptions.cmo: src/version.cmo c/cversion.cmo c/coptions.cmi +c/coptions.cmx: src/version.cmx c/cversion.cmx c/coptions.cmi c/cparser.cmo: src/ptree.cmi src/loc.cmi c/ctypes.cmi c/creport.cmi \ c/coptions.cmi c/clogic.cmi c/cerror.cmi c/cast_misc.cmi c/cast.cmi \ - c/cparser.cmi + c/cparser.cmi c/cparser.cmx: src/ptree.cmi src/loc.cmx c/ctypes.cmx c/creport.cmx \ c/coptions.cmx c/clogic.cmi c/cerror.cmi c/cast_misc.cmx c/cast.cmi \ - c/cparser.cmi -c/cpp.cmo: c/coptions.cmi c/cpp.cmi -c/cpp.cmx: c/coptions.cmx c/cpp.cmi + c/cparser.cmi +c/cpp.cmo: c/coptions.cmi c/cpp.cmi +c/cpp.cmx: c/coptions.cmx c/cpp.cmi c/cprint.cmo: src/pp.cmi c/info.cmi c/cutil.cmi c/ctypes.cmi c/clogic.cmi \ - c/cenv.cmi c/cconst.cmi c/cast.cmi c/cprint.cmi + c/cenv.cmi c/cconst.cmi c/cast.cmi c/cprint.cmi c/cprint.cmx: src/pp.cmx c/info.cmx c/cutil.cmx c/ctypes.cmx c/clogic.cmi \ - c/cenv.cmx c/cconst.cmx c/cast.cmi c/cprint.cmi + c/cenv.cmx c/cconst.cmx c/cast.cmi c/cprint.cmi c/cprint_annot.cmo: src/pp.cmi c/info.cmi c/ctypes.cmi c/clogic.cmi \ - c/cenv.cmi c/cast.cmi + c/cenv.cmi c/cast.cmi c/cprint_annot.cmx: src/pp.cmx c/info.cmx c/ctypes.cmx c/clogic.cmi \ - c/cenv.cmx c/cast.cmi -c/cprint_graph.cmo: c/info.cmi c/cenv.cmi c/cprint_graph.cmi -c/cprint_graph.cmx: c/info.cmx c/cenv.cmx c/cprint_graph.cmi + c/cenv.cmx c/cast.cmi +c/cprint_graph.cmo: c/info.cmi c/cenv.cmi c/cprint_graph.cmi +c/cprint_graph.cmx: c/info.cmx c/cenv.cmx c/cprint_graph.cmi c/cptr.cmo: src/loc.cmi c/info.cmi c/cutil.cmi c/ctypes.cmi c/coptions.cmi \ - c/clogic.cmi c/cenv.cmi c/cast.cmi c/cabsint.cmo c/cptr.cmi + c/clogic.cmi c/cenv.cmi c/cast.cmi c/cabsint.cmo c/cptr.cmi c/cptr.cmx: src/loc.cmx c/info.cmx c/cutil.cmx c/ctypes.cmx c/coptions.cmx \ - c/clogic.cmi c/cenv.cmx c/cast.cmi c/cabsint.cmx c/cptr.cmi + c/clogic.cmi c/cenv.cmx c/cast.cmi c/cabsint.cmx c/cptr.cmi c/creport.cmo: src/loc.cmi c/ctypes.cmi c/coptions.cmi c/cerror.cmi \ - c/creport.cmi + c/creport.cmi c/creport.cmx: src/loc.cmx c/ctypes.cmx c/coptions.cmx c/cerror.cmi \ - c/creport.cmi + c/creport.cmi c/cseparation.cmo: jc/output.cmi src/loc.cmi c/info.cmi c/ctypes.cmi \ c/creport.cmi c/coptions.cmi c/cnorm.cmi c/clogic.cmi c/cenv.cmi \ - c/cast.cmi c/cseparation.cmi + c/cast.cmi c/cseparation.cmi c/cseparation.cmx: jc/output.cmx src/loc.cmx c/info.cmx c/ctypes.cmx \ c/creport.cmx c/coptions.cmx c/cnorm.cmx c/clogic.cmi c/cenv.cmx \ - c/cast.cmi c/cseparation.cmi + c/cast.cmi c/cseparation.cmi c/csymbol.cmo: src/pp.cmi c/ctypes.cmi c/cprint.cmi c/coptions.cmi \ - c/clogic.cmi c/cabsint.cmo + c/clogic.cmi c/cabsint.cmo c/csymbol.cmx: src/pp.cmx c/ctypes.cmx c/cprint.cmx c/coptions.cmx \ - c/clogic.cmi c/cabsint.cmx -c/ctypes.cmo: src/lib.cmi c/coptions.cmi c/ctypes.cmi -c/ctypes.cmx: src/lib.cmx c/coptions.cmx c/ctypes.cmi + c/clogic.cmi c/cabsint.cmx +c/ctypes.cmo: src/lib.cmi c/coptions.cmi c/ctypes.cmi +c/ctypes.cmx: src/lib.cmx c/coptions.cmx c/ctypes.cmi c/ctyping.cmo: src/pp.cmi src/option_misc.cmi src/loc.cmi src/lib.cmi \ c/info.cmi src/env.cmi c/ctypes.cmi c/creport.cmi c/coptions.cmi \ c/cltyping.cmi c/clogic.cmi c/cerror.cmi c/cenv.cmi c/cconst.cmi \ - c/cast.cmi c/ctyping.cmi + c/cast.cmi c/ctyping.cmi c/ctyping.cmx: src/pp.cmx src/option_misc.cmx src/loc.cmx src/lib.cmx \ c/info.cmx src/env.cmx c/ctypes.cmx c/creport.cmx c/coptions.cmx \ c/cltyping.cmx c/clogic.cmi c/cerror.cmi c/cenv.cmx c/cconst.cmx \ - c/cast.cmi c/ctyping.cmi -c/cutil.cmo: c/cutil.cmi -c/cutil.cmx: c/cutil.cmi -c/cversion.cmo: -c/cversion.cmx: + c/cast.cmi c/ctyping.cmi +c/cutil.cmo: c/cutil.cmi +c/cutil.cmx: c/cutil.cmi +c/cversion.cmo: +c/cversion.cmx: c/info.cmo: jc/output.cmi c/ctypes.cmi c/creport.cmi c/coptions.cmi \ - c/info.cmi + c/info.cmi c/info.cmx: jc/output.cmx c/ctypes.cmx c/creport.cmx c/coptions.cmx \ - c/info.cmi + c/info.cmi c/invariant.cmo: src/loc.cmi c/info.cmi c/ctypes.cmi c/cseparation.cmi \ c/creport.cmi c/cprint.cmi c/coptions.cmi c/cnorm.cmi c/clogic.cmi \ - c/cenv.cmi c/cast.cmi c/invariant.cmi + c/cenv.cmi c/cast.cmi c/invariant.cmi c/invariant.cmx: src/loc.cmx c/info.cmx c/ctypes.cmx c/cseparation.cmx \ c/creport.cmx c/cprint.cmx c/coptions.cmx c/cnorm.cmx c/clogic.cmi \ - c/cenv.cmx c/cast.cmi c/invariant.cmi -java/java_ast.cmi: src/loc.cmi java/java_env.cmi + c/cenv.cmx c/cast.cmi c/invariant.cmi +java/java_ast.cmi: src/loc.cmi java/java_env.cmi java/java_callgraph.cmi: java/java_typing.cmi java/java_tast.cmi \ - java/java_env.cmi -java/java_env.cmi: src/loc.cmi -java/java_parser.cmi: java/java_ast.cmi -java/java_tast.cmi: src/loc.cmi java/java_env.cmi java/java_ast.cmi + java/java_env.cmi +java/java_env.cmi: src/loc.cmi +java/java_parser.cmi: java/java_ast.cmi +java/java_tast.cmi: src/loc.cmi java/java_env.cmi java/java_ast.cmi java/java_typing.cmi: src/loc.cmi java/java_tast.cmi java/java_env.cmi \ - java/java_ast.cmi -java/java_abstract.cmo: src/pp.cmi java/java_env.cmi java/java_ast.cmi -java/java_abstract.cmx: src/pp.cmx java/java_env.cmi java/java_ast.cmi + java/java_ast.cmi +java/java_abstract.cmo: src/pp.cmi java/java_env.cmi java/java_ast.cmi +java/java_abstract.cmx: src/pp.cmx java/java_env.cmi java/java_ast.cmi java/java_analysis.cmo: src/option_misc.cmi java/java_typing.cmi \ java/java_tast.cmi java/java_pervasives.cmo java/java_options.cmo \ - java/java_env.cmi java/java_ast.cmi + java/java_env.cmi java/java_ast.cmi java/java_analysis.cmx: src/option_misc.cmx java/java_typing.cmx \ java/java_tast.cmi java/java_pervasives.cmx java/java_options.cmx \ - java/java_env.cmi java/java_ast.cmi + java/java_env.cmi java/java_ast.cmi java/java_callgraph.cmo: src/pp.cmi src/option_misc.cmi java/java_typing.cmi \ java/java_tast.cmi java/java_options.cmo java/java_env.cmi \ - java/java_callgraph.cmi + java/java_callgraph.cmi java/java_callgraph.cmx: src/pp.cmx src/option_misc.cmx java/java_typing.cmx \ java/java_tast.cmi java/java_options.cmx java/java_env.cmi \ - java/java_callgraph.cmi + java/java_callgraph.cmi java/java_interp.cmo: jc/output.cmi src/option_misc.cmi src/loc.cmi \ jc/jc_pervasives.cmi jc/jc_output.cmo jc/jc_fenv.cmo jc/jc_env.cmi \ jc/jc_constructors.cmi jc/jc_ast.cmi java/java_typing.cmi \ java/java_tast.cmi java/java_pervasives.cmo java/java_options.cmo \ - java/java_env.cmi java/java_ast.cmi java/java_analysis.cmo + java/java_env.cmi java/java_ast.cmi java/java_analysis.cmo java/java_interp.cmx: jc/output.cmx src/option_misc.cmx src/loc.cmx \ jc/jc_pervasives.cmx jc/jc_output.cmx jc/jc_fenv.cmx jc/jc_env.cmi \ jc/jc_constructors.cmx jc/jc_ast.cmi java/java_typing.cmx \ java/java_tast.cmi java/java_pervasives.cmx java/java_options.cmx \ - java/java_env.cmi java/java_ast.cmi java/java_analysis.cmx + java/java_env.cmi java/java_ast.cmi java/java_analysis.cmx java/java_lexer.cmo: jc/jc_env.cmi java/java_pervasives.cmo \ java/java_parser.cmi java/java_options.cmo java/java_env.cmi \ - java/java_ast.cmi + java/java_ast.cmi java/java_lexer.cmx: jc/jc_env.cmi java/java_pervasives.cmx \ java/java_parser.cmx java/java_options.cmx java/java_env.cmi \ - java/java_ast.cmi -java/java_main.cmo: src/pp.cmi jc/output.cmi src/option_misc.cmi \ + java/java_ast.cmi +java/java_main.cmo: src/pp.cmi jc/output.cmi src/option_misc.cmi src/loc.cmi \ jc/jc_poutput.cmo jc/jc_constructors.cmi java/java_typing.cmi \ java/java_syntax.cmo java/java_options.cmo java/java_interp.cmo \ java/java_env.cmi java/java_callgraph.cmi java/java_ast.cmi \ - java/java_analysis.cmo java/java_abstract.cmo -java/java_main.cmx: src/pp.cmx jc/output.cmx src/option_misc.cmx \ + java/java_analysis.cmo java/java_abstract.cmo +java/java_main.cmx: src/pp.cmx jc/output.cmx src/option_misc.cmx src/loc.cmx \ jc/jc_poutput.cmx jc/jc_constructors.cmx java/java_typing.cmx \ java/java_syntax.cmx java/java_options.cmx java/java_interp.cmx \ java/java_env.cmi java/java_callgraph.cmx java/java_ast.cmi \ - java/java_analysis.cmx java/java_abstract.cmx + java/java_analysis.cmx java/java_abstract.cmx java/java_options.cmo: src/version.cmo src/loc.cmi jc/jc_env.cmi \ - java/java_env.cmi + java/java_env.cmi java/java_options.cmx: src/version.cmx src/loc.cmx jc/jc_env.cmi \ - java/java_env.cmi + java/java_env.cmi java/java_parser.cmo: src/loc.cmi java/java_pervasives.cmo \ java/java_options.cmo java/java_env.cmi java/java_ast.cmi \ - java/java_parser.cmi + java/java_parser.cmi java/java_parser.cmx: src/loc.cmx java/java_pervasives.cmx \ java/java_options.cmx java/java_env.cmi java/java_ast.cmi \ - java/java_parser.cmi + java/java_parser.cmi java/java_pervasives.cmo: src/loc.cmi java/java_tast.cmi java/java_env.cmi \ - java/java_ast.cmi + java/java_ast.cmi java/java_pervasives.cmx: src/loc.cmx java/java_tast.cmi java/java_env.cmi \ - java/java_ast.cmi + java/java_ast.cmi java/java_syntax.cmo: src/option_misc.cmi src/loc.cmi \ java/java_pervasives.cmo java/java_parser.cmi java/java_options.cmo \ - java/java_lexer.cmo java/java_ast.cmi + java/java_lexer.cmo java/java_ast.cmi java/java_syntax.cmx: src/option_misc.cmx src/loc.cmx \ java/java_pervasives.cmx java/java_parser.cmx java/java_options.cmx \ - java/java_lexer.cmx java/java_ast.cmi + java/java_lexer.cmx java/java_ast.cmi java/java_typing.cmo: src/pp.cmi src/option_misc.cmi jc/numconst.cmi \ src/loc.cmi java/java_tast.cmi java/java_syntax.cmo \ java/java_pervasives.cmo java/java_options.cmo java/java_env.cmi \ - java/java_ast.cmi java/java_typing.cmi + java/java_ast.cmi java/java_typing.cmi java/java_typing.cmx: src/pp.cmx src/option_misc.cmx jc/numconst.cmx \ src/loc.cmx java/java_tast.cmi java/java_syntax.cmx \ java/java_pervasives.cmx java/java_options.cmx java/java_env.cmi \ - java/java_ast.cmi java/java_typing.cmi + java/java_ast.cmi java/java_typing.cmi intf/astnprinter.cmo: src/util.cmi intf/tools.cmo intf/tags.cmo \ src/print_real.cmo src/pp.cmi src/misc.cmi src/logic.cmi src/ident.cmi \ - src/cc.cmi intf/astprinter.cmo + src/cc.cmi intf/astprinter.cmo intf/astnprinter.cmx: src/util.cmx intf/tools.cmx intf/tags.cmx \ src/print_real.cmx src/pp.cmx src/misc.cmx src/logic.cmi src/ident.cmx \ - src/cc.cmi intf/astprinter.cmx + src/cc.cmi intf/astprinter.cmx intf/astpprinter.cmo: intf/tools.cmo intf/tags.cmo src/print_real.cmo \ src/pp.cmi src/misc.cmi src/logic.cmi src/ident.cmi src/cc.cmi \ - intf/astprinter.cmo + intf/astprinter.cmo intf/astpprinter.cmx: intf/tools.cmx intf/tags.cmx src/print_real.cmx \ src/pp.cmx src/misc.cmx src/logic.cmi src/ident.cmx src/cc.cmi \ - intf/astprinter.cmx + intf/astprinter.cmx intf/astprinter.cmo: intf/tags.cmo src/pp.cmi src/misc.cmi src/logic.cmi \ - src/ident.cmi src/coq.cmi src/cc.cmi + src/ident.cmi src/coq.cmi src/cc.cmi intf/astprinter.cmx: intf/tags.cmx src/pp.cmx src/misc.cmx src/logic.cmi \ - src/ident.cmx src/coq.cmx src/cc.cmi -intf/cache.cmo: src/options.cmi src/logic.cmi src/env.cmi src/cc.cmi -intf/cache.cmx: src/options.cmx src/logic.cmi src/env.cmx src/cc.cmi -intf/colors.cmo: intf/colors.cmi -intf/colors.cmx: intf/colors.cmi + src/ident.cmx src/coq.cmx src/cc.cmi +intf/cache.cmo: src/options.cmi src/logic.cmi src/env.cmi src/cc.cmi +intf/cache.cmx: src/options.cmx src/logic.cmi src/env.cmx src/cc.cmi +intf/colors.cmo: intf/colors.cmi +intf/colors.cmx: intf/colors.cmi intf/config.cmo: intf/tools.cmo src/rc.cmi intf/model.cmi intf/colors.cmi \ - intf/cache.cmo + intf/cache.cmo intf/config.cmx: intf/tools.cmx src/rc.cmx intf/model.cmx intf/colors.cmx \ - intf/cache.cmx + intf/cache.cmx intf/gConfig.cmo: intf/tools.cmo src/rc.cmi intf/model.cmi tools/dpConfig.cmi \ - intf/colors.cmi intf/gConfig.cmi + intf/colors.cmi intf/gConfig.cmi intf/gConfig.cmx: intf/tools.cmx src/rc.cmx intf/model.cmx tools/dpConfig.cmx \ - intf/colors.cmx intf/gConfig.cmi -intf/hilight.cmo: intf/tags.cmo intf/colors.cmi -intf/hilight.cmx: intf/tags.cmx intf/colors.cmx + intf/colors.cmx intf/gConfig.cmi +intf/hilight.cmo: intf/tags.cmo intf/colors.cmi +intf/hilight.cmx: intf/tags.cmx intf/colors.cmx intf/model.cmo: src/util.cmi intf/tools.cmo src/options.cmi \ src/logic_decl.cmi src/explain.cmi tools/dpConfig.cmi src/dispatcher.cmi \ - intf/model.cmi + intf/model.cmi intf/model.cmx: src/util.cmx intf/tools.cmx src/options.cmx \ src/logic_decl.cmi src/explain.cmx tools/dpConfig.cmx src/dispatcher.cmx \ - intf/model.cmi -intf/navig.cmo: intf/navig.cmi -intf/navig.cmx: intf/navig.cmi + intf/model.cmi +intf/navig.cmo: intf/navig.cmi +intf/navig.cmx: intf/navig.cmi intf/pprinter.cmo: intf/whyhilight.cmo src/version.cmo src/vcg.cmi \ intf/tools.cmo intf/tagsplit.cmo intf/tags.cmo src/options.cmi \ src/misc.cmi src/logic.cmi src/loc.cmi src/ident.cmi intf/hilight.cmo \ src/env.cmi intf/colors.cmi src/cc.cmi intf/astprinter.cmo \ - intf/astpprinter.cmo intf/astnprinter.cmo intf/pprinter.cmi + intf/astpprinter.cmo intf/astnprinter.cmo intf/pprinter.cmi intf/pprinter.cmx: intf/whyhilight.cmx src/version.cmx src/vcg.cmx \ intf/tools.cmx intf/tagsplit.cmx intf/tags.cmx src/options.cmx \ src/misc.cmx src/logic.cmi src/loc.cmx src/ident.cmx intf/hilight.cmx \ src/env.cmx intf/colors.cmx src/cc.cmi intf/astprinter.cmx \ - intf/astpprinter.cmx intf/astnprinter.cmx intf/pprinter.cmi -intf/preferences.cmo: intf/tools.cmo intf/colors.cmi -intf/preferences.cmx: intf/tools.cmx intf/colors.cmx + intf/astpprinter.cmx intf/astnprinter.cmx intf/pprinter.cmi +intf/preferences.cmo: intf/tools.cmo intf/colors.cmi +intf/preferences.cmx: intf/tools.cmx intf/colors.cmx intf/stat.cmo: src/util.cmi intf/tools.cmo intf/tags.cmo src/report.cmi \ intf/pprinter.cmi src/options.cmi intf/model.cmi src/main.cmo \ src/logic_decl.cmi intf/gConfig.cmi src/explain.cmi src/env.cmi \ tools/dpConfig.cmi src/dispatcher.cmi intf/colors.cmi tools/calldp.cmi \ - intf/cache.cmo src/ast.cmi + intf/cache.cmo src/ast.cmi intf/stat.cmx: src/util.cmx intf/tools.cmx intf/tags.cmx src/report.cmx \ intf/pprinter.cmx src/options.cmx intf/model.cmx src/main.cmx \ src/logic_decl.cmi intf/gConfig.cmx src/explain.cmx src/env.cmx \ tools/dpConfig.cmx src/dispatcher.cmx intf/colors.cmx tools/calldp.cmx \ - intf/cache.cmx src/ast.cmi -intf/tags.cmo: intf/colors.cmi -intf/tags.cmx: intf/colors.cmx -intf/tagsplit.cmo: intf/tags.cmo intf/colors.cmi -intf/tagsplit.cmx: intf/tags.cmx intf/colors.cmx -intf/tools.cmo: intf/tags.cmo src/options.cmi intf/colors.cmi -intf/tools.cmx: intf/tags.cmx src/options.cmx intf/colors.cmx + intf/cache.cmx src/ast.cmi +intf/tags.cmo: intf/colors.cmi +intf/tags.cmx: intf/colors.cmx +intf/tagsplit.cmo: intf/tags.cmo intf/colors.cmi +intf/tagsplit.cmx: intf/tags.cmx intf/colors.cmx +intf/tools.cmo: intf/tags.cmo src/options.cmi intf/colors.cmi +intf/tools.cmx: intf/tags.cmx src/options.cmx intf/colors.cmx intf/viewer.cmo: src/util.cmi intf/tags.cmo src/report.cmi src/options.cmi \ intf/navig.cmi src/main.cmo src/log.cmi src/loc.cmi intf/hilight.cmo \ - src/env.cmi src/ast.cmi + src/env.cmi src/ast.cmi intf/viewer.cmx: src/util.cmx intf/tags.cmx src/report.cmx src/options.cmx \ intf/navig.cmx src/main.cmx src/log.cmi src/loc.cmx intf/hilight.cmx \ - src/env.cmx src/ast.cmi -intf/whyhilight.cmo: intf/tags.cmo intf/colors.cmi -intf/whyhilight.cmx: intf/tags.cmx intf/colors.cmx -intf/colors.cmi: -intf/gConfig.cmi: + src/env.cmx src/ast.cmi +intf/whyhilight.cmo: intf/tags.cmo intf/colors.cmi +intf/whyhilight.cmx: intf/tags.cmx intf/colors.cmx +intf/colors.cmi: +intf/gConfig.cmi: intf/model.cmi: src/options.cmi src/logic_decl.cmi src/loc.cmi src/env.cmi \ - tools/dpConfig.cmi src/cc.cmi -intf/navig.cmi: + tools/dpConfig.cmi src/cc.cmi +intf/navig.cmi: intf/pprinter.cmi: intf/tags.cmo src/logic_decl.cmi src/logic.cmi src/env.cmi \ - src/cc.cmi -tools/calldp.cmi: tools/dpConfig.cmi -tools/cvcl_split.cmi: -tools/dpConfig.cmi: -tools/ergo_split.cmi: -tools/simplify_ast.cmi: -tools/simplify_parser.cmi: tools/simplify_ast.cmi -tools/simplify_split.cmi: -tools/toolstat_pars.cmi: tools/toolstat_types.cmi -tools/toolstat_types.cmi: -tools/zenon_split.cmi: -tools/cadlog.cmo: src/version.cmo c/cversion.cmo -tools/cadlog.cmx: src/version.cmx c/cversion.cmx -tools/calldp.cmo: src/lib.cmi tools/dpConfig.cmi tools/calldp.cmi -tools/calldp.cmx: src/lib.cmx tools/dpConfig.cmx tools/calldp.cmi -tools/cvcl_split.cmo: tools/cvcl_split.cmi -tools/cvcl_split.cmx: tools/cvcl_split.cmi + src/cc.cmi +tools/calldp.cmi: tools/dpConfig.cmi +tools/cvcl_split.cmi: +tools/dpConfig.cmi: +tools/ergo_split.cmi: +tools/simplify_ast.cmi: +tools/simplify_parser.cmi: tools/simplify_ast.cmi +tools/simplify_split.cmi: +tools/toolstat_pars.cmi: tools/toolstat_types.cmi +tools/toolstat_types.cmi: +tools/zenon_split.cmi: +tools/cadlog.cmo: src/version.cmo c/cversion.cmo +tools/cadlog.cmx: src/version.cmx c/cversion.cmx +tools/calldp.cmo: src/lib.cmi tools/dpConfig.cmi tools/calldp.cmi +tools/calldp.cmx: src/lib.cmx tools/dpConfig.cmx tools/calldp.cmi +tools/cvcl_split.cmo: tools/cvcl_split.cmi +tools/cvcl_split.cmx: tools/cvcl_split.cmi tools/dp.cmo: tools/zenon_split.cmi tools/smtlib_split.cmo \ tools/simplify_split.cmi tools/rv_split.cmo src/lib.cmi \ tools/ergo_split.cmi tools/dpConfig.cmi tools/cvcl_split.cmi \ - tools/calldp.cmi + tools/calldp.cmi tools/dp.cmx: tools/zenon_split.cmx tools/smtlib_split.cmx \ tools/simplify_split.cmx tools/rv_split.cmx src/lib.cmx \ tools/ergo_split.cmx tools/dpConfig.cmx tools/cvcl_split.cmx \ - tools/calldp.cmx -tools/dpConfig.cmo: src/rc.cmi tools/dpConfig.cmi -tools/dpConfig.cmx: src/rc.cmx tools/dpConfig.cmi -tools/ergo_split.cmo: tools/ergo_split.cmi -tools/ergo_split.cmx: tools/ergo_split.cmi -tools/make_float_model.cmo: -tools/make_float_model.cmx: + tools/calldp.cmx +tools/dpConfig.cmo: src/rc.cmi tools/dpConfig.cmi +tools/dpConfig.cmx: src/rc.cmx tools/dpConfig.cmi +tools/ergo_split.cmo: tools/ergo_split.cmi +tools/ergo_split.cmx: tools/ergo_split.cmi +tools/make_float_model.cmo: +tools/make_float_model.cmx: tools/obfuscator.cmo: src/types.cmi src/ptree.cmi src/print_real.cmo \ - src/pp.cmi src/logic.cmi src/loc.cmi src/lexer.cmi src/ident.cmi + src/pp.cmi src/logic.cmi src/loc.cmi src/lexer.cmi src/ident.cmi tools/obfuscator.cmx: src/types.cmi src/ptree.cmi src/print_real.cmx \ - src/pp.cmx src/logic.cmi src/loc.cmx src/lexer.cmx src/ident.cmx -tools/regtest.cmo: -tools/regtest.cmx: -tools/rv_merge.cmo: -tools/rv_merge.cmx: -tools/rv_split.cmo: src/lib.cmi -tools/rv_split.cmx: src/lib.cmx -tools/simplify_lexer.cmo: tools/simplify_parser.cmi tools/simplify_ast.cmi -tools/simplify_lexer.cmx: tools/simplify_parser.cmx tools/simplify_ast.cmi -tools/simplify_parser.cmo: tools/simplify_ast.cmi tools/simplify_parser.cmi -tools/simplify_parser.cmx: tools/simplify_ast.cmi tools/simplify_parser.cmi -tools/simplify_split.cmo: src/lib.cmi tools/simplify_split.cmi -tools/simplify_split.cmx: src/lib.cmx tools/simplify_split.cmi + src/pp.cmx src/logic.cmi src/loc.cmx src/lexer.cmx src/ident.cmx +tools/regtest.cmo: +tools/regtest.cmx: +tools/rv_merge.cmo: +tools/rv_merge.cmx: +tools/rv_split.cmo: src/lib.cmi +tools/rv_split.cmx: src/lib.cmx +tools/simplify_lexer.cmo: tools/simplify_parser.cmi tools/simplify_ast.cmi +tools/simplify_lexer.cmx: tools/simplify_parser.cmx tools/simplify_ast.cmi +tools/simplify_parser.cmo: tools/simplify_ast.cmi tools/simplify_parser.cmi +tools/simplify_parser.cmx: tools/simplify_ast.cmi tools/simplify_parser.cmi +tools/simplify_split.cmo: src/lib.cmi tools/simplify_split.cmi +tools/simplify_split.cmx: src/lib.cmx tools/simplify_split.cmi tools/simplify_towhy.cmo: tools/simplify_parser.cmi tools/simplify_lexer.cmo \ - tools/simplify_ast.cmi src/pp.cmi + tools/simplify_ast.cmi src/pp.cmi tools/simplify_towhy.cmx: tools/simplify_parser.cmx tools/simplify_lexer.cmx \ - tools/simplify_ast.cmi src/pp.cmx -tools/smtlib_split.cmo: -tools/smtlib_split.cmx: + tools/simplify_ast.cmi src/pp.cmx +tools/smtlib_split.cmo: +tools/smtlib_split.cmx: tools/toolstat.cmo: tools/toolstat_types.cmi tools/toolstat_lex.cmo \ - src/loc.cmi + src/loc.cmi tools/toolstat.cmx: tools/toolstat_types.cmi tools/toolstat_lex.cmx \ - src/loc.cmx -tools/toolstat_lex.cmo: tools/toolstat_pars.cmi src/pp.cmi src/loc.cmi -tools/toolstat_lex.cmx: tools/toolstat_pars.cmx src/pp.cmx src/loc.cmx -tools/toolstat_pars.cmo: tools/toolstat_types.cmi tools/toolstat_pars.cmi -tools/toolstat_pars.cmx: tools/toolstat_types.cmi tools/toolstat_pars.cmi -tools/why2html.cmo: -tools/why2html.cmx: -tools/whyConfig.cmo: tools/dpConfig.cmi -tools/whyConfig.cmx: tools/dpConfig.cmx + src/loc.cmx +tools/toolstat_lex.cmo: tools/toolstat_pars.cmi src/pp.cmi src/loc.cmi +tools/toolstat_lex.cmx: tools/toolstat_pars.cmx src/pp.cmx src/loc.cmx +tools/toolstat_pars.cmo: tools/toolstat_types.cmi tools/toolstat_pars.cmi +tools/toolstat_pars.cmx: tools/toolstat_types.cmi tools/toolstat_pars.cmi +tools/why2html.cmo: +tools/why2html.cmx: +tools/whyConfig.cmo: tools/dpConfig.cmi +tools/whyConfig.cmx: tools/dpConfig.cmx tools/whystat.cmo: src/ptree.cmi src/pp.cmi src/logic.cmi src/loc.cmi \ - src/lexer.cmi src/ident.cmi + src/lexer.cmi src/ident.cmi tools/whystat.cmx: src/ptree.cmi src/pp.cmx src/logic.cmi src/loc.cmx \ - src/lexer.cmx src/ident.cmx -tools/zenon_split.cmo: src/lib.cmi tools/zenon_split.cmi -tools/zenon_split.cmx: src/lib.cmx tools/zenon_split.cmi -mix/mix_ast.cmi: -mix/mix_cfg.cmi: -mix/mix_parser.cmi: mix/mix_ast.cmi -mix/mix_cfg.cmo: mix/mix_cfg.cmi -mix/mix_cfg.cmx: mix/mix_cfg.cmi -mix/mix_interp.cmo: src/pp.cmi mix/mix_seq.cmo mix/mix_ast.cmi -mix/mix_interp.cmx: src/pp.cmx mix/mix_seq.cmx mix/mix_ast.cmi -mix/mix_lexer.cmo: mix/mix_parser.cmi mix/mix_ast.cmi -mix/mix_lexer.cmx: mix/mix_parser.cmx mix/mix_ast.cmi + src/lexer.cmx src/ident.cmx +tools/zenon_split.cmo: src/lib.cmi tools/zenon_split.cmi +tools/zenon_split.cmx: src/lib.cmx tools/zenon_split.cmi +mix/mix_ast.cmi: +mix/mix_cfg.cmi: +mix/mix_parser.cmi: mix/mix_ast.cmi +mix/mix_cfg.cmo: mix/mix_cfg.cmi +mix/mix_cfg.cmx: mix/mix_cfg.cmi +mix/mix_interp.cmo: src/pp.cmi mix/mix_seq.cmo mix/mix_ast.cmi +mix/mix_interp.cmx: src/pp.cmx mix/mix_seq.cmx mix/mix_ast.cmi +mix/mix_lexer.cmo: mix/mix_parser.cmi mix/mix_ast.cmi +mix/mix_lexer.cmx: mix/mix_parser.cmx mix/mix_ast.cmi mix/mix_main.cmo: src/pp.cmi mix/mix_seq.cmo mix/mix_parser.cmi \ - mix/mix_lexer.cmo mix/mix_interp.cmo mix/mix_ast.cmi + mix/mix_lexer.cmo mix/mix_interp.cmo mix/mix_ast.cmi mix/mix_main.cmx: src/pp.cmx mix/mix_seq.cmx mix/mix_parser.cmx \ - mix/mix_lexer.cmx mix/mix_interp.cmx mix/mix_ast.cmi -mix/mix_parser.cmo: mix/mix_ast.cmi mix/mix_parser.cmi -mix/mix_parser.cmx: mix/mix_ast.cmi mix/mix_parser.cmi -mix/mix_seq.cmo: mix/mix_cfg.cmi mix/mix_ast.cmi -mix/mix_seq.cmx: mix/mix_cfg.cmx mix/mix_ast.cmi -mix/test.cmo: -mix/test.cmx: -ml/ml_constant.cmo: ml/ml_misc.cmo jc/jc_env.cmi jc/jc_ast.cmi -ml/ml_constant.cmx: ml/ml_misc.cmx jc/jc_env.cmi jc/jc_ast.cmi + mix/mix_lexer.cmx mix/mix_interp.cmx mix/mix_ast.cmi +mix/mix_parser.cmo: mix/mix_ast.cmi mix/mix_parser.cmi +mix/mix_parser.cmx: mix/mix_ast.cmi mix/mix_parser.cmi +mix/mix_seq.cmo: mix/mix_cfg.cmi mix/mix_ast.cmi +mix/mix_seq.cmx: mix/mix_cfg.cmx mix/mix_ast.cmi +mix/test.cmo: +mix/test.cmx: +ml/ml_constant.cmo: ml/ml_misc.cmo jc/jc_env.cmi jc/jc_ast.cmi +ml/ml_constant.cmx: ml/ml_misc.cmx jc/jc_env.cmi jc/jc_ast.cmi ml/ml_env.cmo: ml/ml_misc.cmo jc/jc_pervasives.cmi jc/jc_fenv.cmo \ - jc/jc_env.cmi ml/ml_env.cmi + jc/jc_env.cmi ml/ml_env.cmi ml/ml_env.cmx: ml/ml_misc.cmx jc/jc_pervasives.cmx jc/jc_fenv.cmx \ - jc/jc_env.cmi ml/ml_env.cmi + jc/jc_env.cmi ml/ml_env.cmi ml/ml_interp.cmo: ml/ml_type.cmi ml/ml_pattern.cmi ml/ml_misc.cmo \ ml/ml_env.cmi ml/ml_constant.cmo src/loc.cmi jc/jc_pervasives.cmi \ - jc/jc_output.cmo jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_output.cmo jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi ml/ml_interp.cmx: ml/ml_type.cmx ml/ml_pattern.cmx ml/ml_misc.cmx \ ml/ml_env.cmx ml/ml_constant.cmx src/loc.cmx jc/jc_pervasives.cmx \ - jc/jc_output.cmx jc/jc_fenv.cmx jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_output.cmx jc/jc_fenv.cmx jc/jc_env.cmi jc/jc_ast.cmi ml/ml_main.cmo: ml/ml_type.cmi ml/ml_pervasives.cmo ml/ml_options.cmi \ - ml/ml_misc.cmo ml/ml_interp.cmo jc/jc_output.cmo + ml/ml_misc.cmo ml/ml_interp.cmo jc/jc_output.cmo ml/ml_main.cmx: ml/ml_type.cmx ml/ml_pervasives.cmx ml/ml_options.cmx \ - ml/ml_misc.cmx ml/ml_interp.cmx jc/jc_output.cmx + ml/ml_misc.cmx ml/ml_interp.cmx jc/jc_output.cmx ml/ml_misc.cmo: src/loc.cmi jc/jc_region.cmo jc/jc_pervasives.cmi \ - jc/jc_output.cmo jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_output.cmo jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi ml/ml_misc.cmx: src/loc.cmx jc/jc_region.cmx jc/jc_pervasives.cmx \ - jc/jc_output.cmx jc/jc_fenv.cmx jc/jc_env.cmi jc/jc_ast.cmi -ml/ml_options.cmo: ml/ml_options.cmi -ml/ml_options.cmx: ml/ml_options.cmi + jc/jc_output.cmx jc/jc_fenv.cmx jc/jc_env.cmi jc/jc_ast.cmi +ml/ml_options.cmo: ml/ml_options.cmi +ml/ml_options.cmx: ml/ml_options.cmi ml/ml_pattern.cmo: ml/ml_type.cmi ml/ml_misc.cmo ml/ml_env.cmi \ ml/ml_constant.cmo src/loc.cmi jc/jc_env.cmi jc/jc_ast.cmi \ - ml/ml_pattern.cmi + ml/ml_pattern.cmi ml/ml_pattern.cmx: ml/ml_type.cmx ml/ml_misc.cmx ml/ml_env.cmx \ ml/ml_constant.cmx src/loc.cmx jc/jc_env.cmi jc/jc_ast.cmi \ - ml/ml_pattern.cmi -ml/ml_pervasives.cmo: ml/ml_env.cmi src/env.cmi -ml/ml_pervasives.cmx: ml/ml_env.cmx src/env.cmx + ml/ml_pattern.cmi +ml/ml_pervasives.cmo: ml/ml_env.cmi src/env.cmi +ml/ml_pervasives.cmx: ml/ml_env.cmx src/env.cmx ml/ml_type.cmo: ml/ml_misc.cmo jc/jc_output.cmo jc/jc_fenv.cmo jc/jc_env.cmi \ - jc/jc_ast.cmi ml/ml_type.cmi + jc/jc_ast.cmi ml/ml_type.cmi ml/ml_type.cmx: ml/ml_misc.cmx jc/jc_output.cmx jc/jc_fenv.cmx jc/jc_env.cmi \ - jc/jc_ast.cmi ml/ml_type.cmi -ml/ml_env.cmi: jc/jc_fenv.cmo jc/jc_env.cmi -ml/ml_options.cmi: -ml/ml_pattern.cmi: ml/ml_env.cmi jc/jc_env.cmi jc/jc_ast.cmi -ml/ml_type.cmi: jc/jc_output.cmo jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi + jc/jc_ast.cmi ml/ml_type.cmi +ml/ml_env.cmi: jc/jc_fenv.cmo jc/jc_env.cmi +ml/ml_options.cmi: +ml/ml_pattern.cmi: ml/ml_env.cmi jc/jc_env.cmi jc/jc_ast.cmi +ml/ml_type.cmi: jc/jc_output.cmo jc/jc_fenv.cmo jc/jc_env.cmi jc/jc_ast.cmi ml/parsing/lexer.cmo: ml/utils/warnings.cmi ml/parsing/parser.cmi \ - ml/utils/misc.cmi ml/parsing/location.cmi ml/parsing/lexer.cmi + ml/utils/misc.cmi ml/parsing/location.cmi ml/parsing/lexer.cmi ml/parsing/lexer.cmx: ml/utils/warnings.cmx ml/parsing/parser.cmx \ - ml/utils/misc.cmx ml/parsing/location.cmx ml/parsing/lexer.cmi -ml/parsing/linenum.cmo: ml/utils/misc.cmi ml/parsing/linenum.cmi -ml/parsing/linenum.cmx: ml/utils/misc.cmx ml/parsing/linenum.cmi + ml/utils/misc.cmx ml/parsing/location.cmx ml/parsing/lexer.cmi +ml/parsing/linenum.cmo: ml/utils/misc.cmi ml/parsing/linenum.cmi +ml/parsing/linenum.cmx: ml/utils/misc.cmx ml/parsing/linenum.cmi ml/parsing/location.cmo: ml/utils/warnings.cmi ml/utils/terminfo.cmi \ - ml/parsing/linenum.cmi ml/parsing/location.cmi + ml/parsing/linenum.cmi ml/parsing/location.cmi ml/parsing/location.cmx: ml/utils/warnings.cmx ml/utils/terminfo.cmx \ - ml/parsing/linenum.cmx ml/parsing/location.cmi -ml/parsing/longident.cmo: ml/utils/misc.cmi ml/parsing/longident.cmi -ml/parsing/longident.cmx: ml/utils/misc.cmx ml/parsing/longident.cmi + ml/parsing/linenum.cmx ml/parsing/location.cmi +ml/parsing/longident.cmo: ml/utils/misc.cmi ml/parsing/longident.cmi +ml/parsing/longident.cmx: ml/utils/misc.cmx ml/parsing/longident.cmi ml/parsing/parser.cmo: ml/parsing/syntaxerr.cmi ml/parsing/parsetree.cmi \ ml/parsing/longident.cmi ml/parsing/location.cmi ml/parsing/asttypes.cmi \ - ml/parsing/parser.cmi + ml/parsing/parser.cmi ml/parsing/parser.cmx: ml/parsing/syntaxerr.cmx ml/parsing/parsetree.cmi \ ml/parsing/longident.cmx ml/parsing/location.cmx ml/parsing/asttypes.cmi \ - ml/parsing/parser.cmi -ml/parsing/syntaxerr.cmo: ml/parsing/location.cmi ml/parsing/syntaxerr.cmi -ml/parsing/syntaxerr.cmx: ml/parsing/location.cmx ml/parsing/syntaxerr.cmi -ml/parsing/asttypes.cmi: -ml/parsing/lexer.cmi: ml/parsing/parser.cmi ml/parsing/location.cmi -ml/parsing/linenum.cmi: -ml/parsing/location.cmi: ml/utils/warnings.cmi -ml/parsing/longident.cmi: -ml/parsing/parser.cmi: ml/parsing/parsetree.cmi + ml/parsing/parser.cmi +ml/parsing/syntaxerr.cmo: ml/parsing/location.cmi ml/parsing/syntaxerr.cmi +ml/parsing/syntaxerr.cmx: ml/parsing/location.cmx ml/parsing/syntaxerr.cmi +ml/parsing/asttypes.cmi: +ml/parsing/lexer.cmi: ml/parsing/parser.cmi ml/parsing/location.cmi +ml/parsing/linenum.cmi: +ml/parsing/location.cmi: ml/utils/warnings.cmi +ml/parsing/longident.cmi: +ml/parsing/parser.cmi: ml/parsing/parsetree.cmi ml/parsing/parsetree.cmi: ml/parsing/longident.cmi ml/parsing/location.cmi \ - ml/parsing/asttypes.cmi -ml/parsing/syntaxerr.cmi: ml/parsing/location.cmi + ml/parsing/asttypes.cmi +ml/parsing/syntaxerr.cmi: ml/parsing/location.cmi ml/typing/btype.cmo: ml/typing/types.cmi ml/typing/path.cmi ml/utils/misc.cmi \ - ml/typing/btype.cmi + ml/typing/btype.cmi ml/typing/btype.cmx: ml/typing/types.cmx ml/typing/path.cmx ml/utils/misc.cmx \ - ml/typing/btype.cmi + ml/typing/btype.cmi ml/typing/ctype.cmo: ml/typing/types.cmi ml/typing/subst.cmi \ ml/typing/path.cmi ml/utils/misc.cmi ml/parsing/longident.cmi \ ml/typing/ident.cmi ml/typing/env.cmi ml/utils/clflags.cmi \ - ml/typing/btype.cmi ml/parsing/asttypes.cmi ml/typing/ctype.cmi + ml/typing/btype.cmi ml/parsing/asttypes.cmi ml/typing/ctype.cmi ml/typing/ctype.cmx: ml/typing/types.cmx ml/typing/subst.cmx \ ml/typing/path.cmx ml/utils/misc.cmx ml/parsing/longident.cmx \ ml/typing/ident.cmx ml/typing/env.cmx ml/utils/clflags.cmx \ - ml/typing/btype.cmx ml/parsing/asttypes.cmi ml/typing/ctype.cmi + ml/typing/btype.cmx ml/parsing/asttypes.cmi ml/typing/ctype.cmi ml/typing/datarepr.cmo: ml/typing/types.cmi ml/typing/predef.cmi \ ml/typing/path.cmi ml/utils/misc.cmi ml/parsing/asttypes.cmi \ - ml/typing/datarepr.cmi + ml/typing/datarepr.cmi ml/typing/datarepr.cmx: ml/typing/types.cmx ml/typing/predef.cmx \ ml/typing/path.cmx ml/utils/misc.cmx ml/parsing/asttypes.cmi \ - ml/typing/datarepr.cmi + ml/typing/datarepr.cmi ml/typing/env.cmo: ml/typing/types.cmi ml/utils/tbl.cmi ml/typing/subst.cmi \ ml/typing/predef.cmi ml/typing/path.cmi ml/utils/misc.cmi \ ml/parsing/longident.cmi ml/typing/ident.cmi ml/typing/datarepr.cmi \ ml/utils/consistbl.cmi ml/utils/config.cmi ml/utils/clflags.cmi \ - ml/typing/btype.cmi ml/parsing/asttypes.cmi ml/typing/env.cmi + ml/typing/btype.cmi ml/parsing/asttypes.cmi ml/typing/env.cmi ml/typing/env.cmx: ml/typing/types.cmx ml/utils/tbl.cmx ml/typing/subst.cmx \ ml/typing/predef.cmx ml/typing/path.cmx ml/utils/misc.cmx \ ml/parsing/longident.cmx ml/typing/ident.cmx ml/typing/datarepr.cmx \ ml/utils/consistbl.cmx ml/utils/config.cmx ml/utils/clflags.cmx \ - ml/typing/btype.cmx ml/parsing/asttypes.cmi ml/typing/env.cmi -ml/typing/ident.cmo: ml/typing/ident.cmi -ml/typing/ident.cmx: ml/typing/ident.cmi + ml/typing/btype.cmx ml/parsing/asttypes.cmi ml/typing/env.cmi +ml/typing/ident.cmo: ml/typing/ident.cmi +ml/typing/ident.cmx: ml/typing/ident.cmi ml/typing/includeclass.cmo: ml/typing/types.cmi ml/typing/printtyp.cmi \ - ml/typing/ctype.cmi ml/typing/includeclass.cmi + ml/typing/ctype.cmi ml/typing/includeclass.cmi ml/typing/includeclass.cmx: ml/typing/types.cmx ml/typing/printtyp.cmx \ - ml/typing/ctype.cmx ml/typing/includeclass.cmi + ml/typing/ctype.cmx ml/typing/includeclass.cmi ml/typing/includecore.cmo: ml/typing/types.cmi ml/typing/typedtree.cmi \ ml/typing/predef.cmi ml/typing/path.cmi ml/utils/misc.cmi \ ml/typing/ctype.cmi ml/typing/btype.cmi ml/parsing/asttypes.cmi \ - ml/typing/includecore.cmi + ml/typing/includecore.cmi ml/typing/includecore.cmx: ml/typing/types.cmx ml/typing/typedtree.cmx \ ml/typing/predef.cmx ml/typing/path.cmx ml/utils/misc.cmx \ ml/typing/ctype.cmx ml/typing/btype.cmx ml/parsing/asttypes.cmi \ - ml/typing/includecore.cmi + ml/typing/includecore.cmi ml/typing/includemod.cmo: ml/typing/types.cmi ml/typing/typedtree.cmi \ ml/utils/tbl.cmi ml/typing/subst.cmi ml/typing/printtyp.cmi \ ml/typing/path.cmi ml/typing/mtype.cmi ml/utils/misc.cmi \ ml/typing/includecore.cmi ml/typing/includeclass.cmi ml/typing/ident.cmi \ - ml/typing/env.cmi ml/typing/ctype.cmi ml/typing/includemod.cmi + ml/typing/env.cmi ml/typing/ctype.cmi ml/typing/includemod.cmi ml/typing/includemod.cmx: ml/typing/types.cmx ml/typing/typedtree.cmx \ ml/utils/tbl.cmx ml/typing/subst.cmx ml/typing/printtyp.cmx \ ml/typing/path.cmx ml/typing/mtype.cmx ml/utils/misc.cmx \ ml/typing/includecore.cmx ml/typing/includeclass.cmx ml/typing/ident.cmx \ - ml/typing/env.cmx ml/typing/ctype.cmx ml/typing/includemod.cmi + ml/typing/env.cmx ml/typing/ctype.cmx ml/typing/includemod.cmi ml/typing/mtype.cmo: ml/typing/types.cmi ml/typing/subst.cmi \ ml/typing/path.cmi ml/typing/ident.cmi ml/typing/env.cmi \ - ml/typing/ctype.cmi ml/typing/btype.cmi ml/typing/mtype.cmi + ml/typing/ctype.cmi ml/typing/btype.cmi ml/typing/mtype.cmi ml/typing/mtype.cmx: ml/typing/types.cmx ml/typing/subst.cmx \ ml/typing/path.cmx ml/typing/ident.cmx ml/typing/env.cmx \ - ml/typing/ctype.cmx ml/typing/btype.cmx ml/typing/mtype.cmi + ml/typing/ctype.cmx ml/typing/btype.cmx ml/typing/mtype.cmi ml/typing/oprint.cmo: ml/typing/outcometree2.cmi ml/parsing/asttypes.cmi \ - ml/typing/oprint.cmi + ml/typing/oprint.cmi ml/typing/oprint.cmx: ml/typing/outcometree2.cmi ml/parsing/asttypes.cmi \ - ml/typing/oprint.cmi + ml/typing/oprint.cmi ml/typing/parmatch.cmo: ml/utils/warnings.cmi ml/typing/types.cmi \ ml/typing/typedtree.cmi ml/typing/predef.cmi ml/typing/path.cmi \ ml/utils/misc.cmi ml/parsing/location.cmi ml/typing/ident.cmi \ ml/typing/env.cmi ml/typing/datarepr.cmi ml/typing/ctype.cmi \ - ml/typing/btype.cmi ml/parsing/asttypes.cmi ml/typing/parmatch.cmi + ml/typing/btype.cmi ml/parsing/asttypes.cmi ml/typing/parmatch.cmi ml/typing/parmatch.cmx: ml/utils/warnings.cmx ml/typing/types.cmx \ ml/typing/typedtree.cmx ml/typing/predef.cmx ml/typing/path.cmx \ ml/utils/misc.cmx ml/parsing/location.cmx ml/typing/ident.cmx \ ml/typing/env.cmx ml/typing/datarepr.cmx ml/typing/ctype.cmx \ - ml/typing/btype.cmx ml/parsing/asttypes.cmi ml/typing/parmatch.cmi -ml/typing/path.cmo: ml/typing/ident.cmi ml/typing/path.cmi -ml/typing/path.cmx: ml/typing/ident.cmx ml/typing/path.cmi + ml/typing/btype.cmx ml/parsing/asttypes.cmi ml/typing/parmatch.cmi +ml/typing/path.cmo: ml/typing/ident.cmi ml/typing/path.cmi +ml/typing/path.cmx: ml/typing/ident.cmx ml/typing/path.cmi ml/typing/predef.cmo: ml/typing/types.cmi ml/typing/path.cmi \ ml/typing/ident.cmi ml/typing/btype.cmi ml/parsing/asttypes.cmi \ - ml/typing/predef.cmi + ml/typing/predef.cmi ml/typing/predef.cmx: ml/typing/types.cmx ml/typing/path.cmx \ ml/typing/ident.cmx ml/typing/btype.cmx ml/parsing/asttypes.cmi \ - ml/typing/predef.cmi -ml/typing/primitive.cmo: ml/utils/misc.cmi ml/typing/primitive.cmi -ml/typing/primitive.cmx: ml/utils/misc.cmx ml/typing/primitive.cmi + ml/typing/predef.cmi +ml/typing/primitive.cmo: ml/utils/misc.cmi ml/typing/primitive.cmi +ml/typing/primitive.cmx: ml/utils/misc.cmx ml/typing/primitive.cmi ml/typing/printtyp.cmo: ml/typing/types.cmi ml/typing/primitive.cmi \ ml/typing/predef.cmi ml/typing/path.cmi ml/typing/outcometree2.cmi \ ml/typing/oprint.cmi ml/utils/misc.cmi ml/parsing/longident.cmi \ ml/typing/ident.cmi ml/typing/env.cmi ml/typing/ctype.cmi \ ml/utils/clflags.cmi ml/typing/btype.cmi ml/parsing/asttypes.cmi \ - ml/typing/printtyp.cmi + ml/typing/printtyp.cmi ml/typing/printtyp.cmx: ml/typing/types.cmx ml/typing/primitive.cmx \ ml/typing/predef.cmx ml/typing/path.cmx ml/typing/outcometree2.cmi \ ml/typing/oprint.cmx ml/utils/misc.cmx ml/parsing/longident.cmx \ ml/typing/ident.cmx ml/typing/env.cmx ml/typing/ctype.cmx \ ml/utils/clflags.cmx ml/typing/btype.cmx ml/parsing/asttypes.cmi \ - ml/typing/printtyp.cmi + ml/typing/printtyp.cmi ml/typing/stypes.cmo: ml/typing/typedtree.cmi ml/typing/printtyp.cmi \ - ml/parsing/location.cmi ml/utils/clflags.cmi ml/typing/stypes.cmi + ml/parsing/location.cmi ml/utils/clflags.cmi ml/typing/stypes.cmi ml/typing/stypes.cmx: ml/typing/typedtree.cmx ml/typing/printtyp.cmx \ - ml/parsing/location.cmx ml/utils/clflags.cmx ml/typing/stypes.cmi + ml/parsing/location.cmx ml/utils/clflags.cmx ml/typing/stypes.cmi ml/typing/subst.cmo: ml/typing/types.cmi ml/utils/tbl.cmi ml/typing/path.cmi \ ml/utils/misc.cmi ml/typing/ident.cmi ml/typing/btype.cmi \ - ml/typing/subst.cmi + ml/typing/subst.cmi ml/typing/subst.cmx: ml/typing/types.cmx ml/utils/tbl.cmx ml/typing/path.cmx \ ml/utils/misc.cmx ml/typing/ident.cmx ml/typing/btype.cmx \ - ml/typing/subst.cmi + ml/typing/subst.cmi ml/typing/typeclass.cmo: ml/utils/warnings.cmi ml/typing/typetexp.cmi \ ml/typing/types.cmi ml/typing/typedtree.cmi ml/typing/typedecl.cmi \ ml/typing/typecore.cmi ml/typing/subst.cmi ml/typing/stypes.cmi \ @@ -1287,7 +1287,7 @@ ml/parsing/longident.cmi ml/parsing/location.cmi \ ml/typing/includeclass.cmi ml/typing/ident.cmi ml/typing/env.cmi \ ml/typing/ctype.cmi ml/utils/clflags.cmi ml/typing/btype.cmi \ - ml/parsing/asttypes.cmi ml/typing/typeclass.cmi + ml/parsing/asttypes.cmi ml/typing/typeclass.cmi ml/typing/typeclass.cmx: ml/utils/warnings.cmx ml/typing/typetexp.cmx \ ml/typing/types.cmx ml/typing/typedtree.cmx ml/typing/typedecl.cmx \ ml/typing/typecore.cmx ml/typing/subst.cmx ml/typing/stypes.cmx \ @@ -1296,7 +1296,7 @@ ml/parsing/longident.cmx ml/parsing/location.cmx \ ml/typing/includeclass.cmx ml/typing/ident.cmx ml/typing/env.cmx \ ml/typing/ctype.cmx ml/utils/clflags.cmx ml/typing/btype.cmx \ - ml/parsing/asttypes.cmi ml/typing/typeclass.cmi + ml/parsing/asttypes.cmi ml/typing/typeclass.cmi ml/typing/typecore.cmo: ml/utils/warnings.cmi ml/typing/typetexp.cmi \ ml/typing/types.cmi ml/typing/typedtree.cmi ml/typing/stypes.cmi \ ml/typing/printtyp.cmi ml/typing/primitive.cmi ml/typing/predef.cmi \ @@ -1304,7 +1304,7 @@ ml/utils/misc.cmi ml/parsing/longident.cmi ml/parsing/location.cmi \ ml/typing/ident.cmi ml/typing/env.cmi ml/typing/ctype.cmi \ ml/utils/clflags.cmi ml/typing/btype.cmi ml/parsing/asttypes.cmi \ - ml/typing/typecore.cmi + ml/typing/typecore.cmi ml/typing/typecore.cmx: ml/utils/warnings.cmx ml/typing/typetexp.cmx \ ml/typing/types.cmx ml/typing/typedtree.cmx ml/typing/stypes.cmx \ ml/typing/printtyp.cmx ml/typing/primitive.cmx ml/typing/predef.cmx \ @@ -1312,7 +1312,7 @@ ml/utils/misc.cmx ml/parsing/longident.cmx ml/parsing/location.cmx \ ml/typing/ident.cmx ml/typing/env.cmx ml/typing/ctype.cmx \ ml/utils/clflags.cmx ml/typing/btype.cmx ml/parsing/asttypes.cmi \ - ml/typing/typecore.cmi + ml/typing/typecore.cmi ml/typing/typedecl.cmo: ml/typing/typetexp.cmi ml/typing/types.cmi \ ml/typing/typedtree.cmi ml/typing/subst.cmi ml/typing/printtyp.cmi \ ml/typing/primitive.cmi ml/typing/predef.cmi ml/typing/path.cmi \ @@ -1320,7 +1320,7 @@ ml/parsing/location.cmi ml/typing/includecore.cmi ml/typing/ident.cmi \ ml/typing/env.cmi ml/typing/ctype.cmi ml/utils/config.cmi \ ml/utils/clflags.cmi ml/typing/btype.cmi ml/parsing/asttypes.cmi \ - ml/typing/typedecl.cmi + ml/typing/typedecl.cmi ml/typing/typedecl.cmx: ml/typing/typetexp.cmx ml/typing/types.cmx \ ml/typing/typedtree.cmx ml/typing/subst.cmx ml/typing/printtyp.cmx \ ml/typing/primitive.cmx ml/typing/predef.cmx ml/typing/path.cmx \ @@ -1328,15 +1328,15 @@ ml/parsing/location.cmx ml/typing/includecore.cmx ml/typing/ident.cmx \ ml/typing/env.cmx ml/typing/ctype.cmx ml/utils/config.cmx \ ml/utils/clflags.cmx ml/typing/btype.cmx ml/parsing/asttypes.cmi \ - ml/typing/typedecl.cmi + ml/typing/typedecl.cmi ml/typing/typedtree.cmo: ml/typing/types.cmi ml/typing/primitive.cmi \ ml/typing/path.cmi ml/utils/misc.cmi ml/parsing/location.cmi \ ml/typing/ident.cmi ml/typing/env.cmi ml/parsing/asttypes.cmi \ - ml/typing/typedtree.cmi + ml/typing/typedtree.cmi ml/typing/typedtree.cmx: ml/typing/types.cmx ml/typing/primitive.cmx \ ml/typing/path.cmx ml/utils/misc.cmx ml/parsing/location.cmx \ ml/typing/ident.cmx ml/typing/env.cmx ml/parsing/asttypes.cmi \ - ml/typing/typedtree.cmi + ml/typing/typedtree.cmi ml/typing/typemod.cmo: ml/typing/typetexp.cmi ml/typing/types.cmi \ ml/typing/typedtree.cmi ml/typing/typedecl.cmi ml/typing/typecore.cmi \ ml/typing/typeclass.cmi ml/typing/subst.cmi ml/typing/stypes.cmi \ @@ -1345,7 +1345,7 @@ ml/parsing/location.cmi ml/typing/includemod.cmi ml/typing/ident.cmi \ ml/typing/env.cmi ml/typing/ctype.cmi ml/utils/config.cmi \ ml/utils/clflags.cmi ml/typing/btype.cmi ml/parsing/asttypes.cmi \ - ml/typing/typemod.cmi + ml/typing/typemod.cmi ml/typing/typemod.cmx: ml/typing/typetexp.cmx ml/typing/types.cmx \ ml/typing/typedtree.cmx ml/typing/typedecl.cmx ml/typing/typecore.cmx \ ml/typing/typeclass.cmx ml/typing/subst.cmx ml/typing/stypes.cmx \ @@ -1354,101 +1354,101 @@ ml/parsing/location.cmx ml/typing/includemod.cmx ml/typing/ident.cmx \ ml/typing/env.cmx ml/typing/ctype.cmx ml/utils/config.cmx \ ml/utils/clflags.cmx ml/typing/btype.cmx ml/parsing/asttypes.cmi \ - ml/typing/typemod.cmi + ml/typing/typemod.cmi ml/typing/types.cmo: ml/typing/primitive.cmi ml/typing/path.cmi \ ml/utils/misc.cmi ml/typing/ident.cmi ml/parsing/asttypes.cmi \ - ml/typing/types.cmi + ml/typing/types.cmi ml/typing/types.cmx: ml/typing/primitive.cmx ml/typing/path.cmx \ ml/utils/misc.cmx ml/typing/ident.cmx ml/parsing/asttypes.cmi \ - ml/typing/types.cmi + ml/typing/types.cmi ml/typing/typetexp.cmo: ml/utils/warnings.cmi ml/typing/types.cmi \ ml/utils/tbl.cmi ml/typing/printtyp.cmi ml/typing/path.cmi \ ml/parsing/parsetree.cmi ml/utils/misc.cmi ml/parsing/longident.cmi \ ml/parsing/location.cmi ml/typing/env.cmi ml/typing/ctype.cmi \ - ml/utils/clflags.cmi ml/typing/btype.cmi ml/typing/typetexp.cmi + ml/utils/clflags.cmi ml/typing/btype.cmi ml/typing/typetexp.cmi ml/typing/typetexp.cmx: ml/utils/warnings.cmx ml/typing/types.cmx \ ml/utils/tbl.cmx ml/typing/printtyp.cmx ml/typing/path.cmx \ ml/parsing/parsetree.cmi ml/utils/misc.cmx ml/parsing/longident.cmx \ ml/parsing/location.cmx ml/typing/env.cmx ml/typing/ctype.cmx \ - ml/utils/clflags.cmx ml/typing/btype.cmx ml/typing/typetexp.cmi + ml/utils/clflags.cmx ml/typing/btype.cmx ml/typing/typetexp.cmi ml/typing/unused_var.cmo: ml/utils/warnings.cmi ml/parsing/parsetree.cmi \ ml/parsing/longident.cmi ml/parsing/location.cmi ml/parsing/asttypes.cmi \ - ml/typing/unused_var.cmi + ml/typing/unused_var.cmi ml/typing/unused_var.cmx: ml/utils/warnings.cmx ml/parsing/parsetree.cmi \ ml/parsing/longident.cmx ml/parsing/location.cmx ml/parsing/asttypes.cmi \ - ml/typing/unused_var.cmi + ml/typing/unused_var.cmi ml/typing/btype.cmi: ml/typing/types.cmi ml/typing/path.cmi \ - ml/parsing/asttypes.cmi + ml/parsing/asttypes.cmi ml/typing/ctype.cmi: ml/typing/types.cmi ml/typing/path.cmi \ - ml/typing/ident.cmi ml/typing/env.cmi ml/parsing/asttypes.cmi + ml/typing/ident.cmi ml/typing/env.cmi ml/parsing/asttypes.cmi ml/typing/datarepr.cmi: ml/typing/types.cmi ml/typing/path.cmi \ - ml/parsing/asttypes.cmi + ml/parsing/asttypes.cmi ml/typing/env.cmi: ml/typing/types.cmi ml/typing/path.cmi \ - ml/parsing/longident.cmi ml/typing/ident.cmi ml/utils/consistbl.cmi -ml/typing/ident.cmi: + ml/parsing/longident.cmi ml/typing/ident.cmi ml/utils/consistbl.cmi +ml/typing/ident.cmi: ml/typing/includeclass.cmi: ml/typing/types.cmi ml/typing/typedtree.cmi \ - ml/typing/env.cmi ml/typing/ctype.cmi + ml/typing/env.cmi ml/typing/ctype.cmi ml/typing/includecore.cmi: ml/typing/types.cmi ml/typing/typedtree.cmi \ - ml/typing/ident.cmi ml/typing/env.cmi + ml/typing/ident.cmi ml/typing/env.cmi ml/typing/includemod.cmi: ml/typing/types.cmi ml/typing/typedtree.cmi \ ml/typing/path.cmi ml/typing/ident.cmi ml/typing/env.cmi \ - ml/typing/ctype.cmi + ml/typing/ctype.cmi ml/typing/mtype.cmi: ml/typing/types.cmi ml/typing/path.cmi \ - ml/typing/ident.cmi ml/typing/env.cmi -ml/typing/oprint.cmi: ml/typing/outcometree2.cmi -ml/typing/outcometree2.cmi: ml/parsing/asttypes.cmi + ml/typing/ident.cmi ml/typing/env.cmi +ml/typing/oprint.cmi: ml/typing/outcometree2.cmi +ml/typing/outcometree2.cmi: ml/parsing/asttypes.cmi ml/typing/parmatch.cmi: ml/typing/types.cmi ml/typing/typedtree.cmi \ - ml/parsing/location.cmi ml/typing/env.cmi -ml/typing/path.cmi: ml/typing/ident.cmi + ml/parsing/location.cmi ml/typing/env.cmi +ml/typing/path.cmi: ml/typing/ident.cmi ml/typing/predef.cmi: ml/typing/types.cmi ml/typing/path.cmi \ - ml/typing/ident.cmi -ml/typing/primitive.cmi: + ml/typing/ident.cmi +ml/typing/primitive.cmi: ml/typing/printtyp.cmi: ml/typing/types.cmi ml/typing/path.cmi \ - ml/typing/outcometree2.cmi ml/parsing/longident.cmi ml/typing/ident.cmi -ml/typing/stypes.cmi: ml/typing/typedtree.cmi ml/parsing/location.cmi + ml/typing/outcometree2.cmi ml/parsing/longident.cmi ml/typing/ident.cmi +ml/typing/stypes.cmi: ml/typing/typedtree.cmi ml/parsing/location.cmi ml/typing/subst.cmi: ml/typing/types.cmi ml/typing/path.cmi \ - ml/typing/ident.cmi + ml/typing/ident.cmi ml/typing/typeclass.cmi: ml/typing/types.cmi ml/typing/typedtree.cmi \ ml/parsing/parsetree.cmi ml/parsing/longident.cmi ml/parsing/location.cmi \ ml/typing/ident.cmi ml/typing/env.cmi ml/typing/ctype.cmi \ - ml/parsing/asttypes.cmi + ml/parsing/asttypes.cmi ml/typing/typecore.cmi: ml/typing/types.cmi ml/typing/typedtree.cmi \ ml/typing/path.cmi ml/parsing/parsetree.cmi ml/parsing/longident.cmi \ ml/parsing/location.cmi ml/typing/ident.cmi ml/typing/env.cmi \ - ml/parsing/asttypes.cmi + ml/parsing/asttypes.cmi ml/typing/typedecl.cmi: ml/typing/types.cmi ml/typing/path.cmi \ ml/parsing/parsetree.cmi ml/parsing/longident.cmi ml/parsing/location.cmi \ - ml/typing/ident.cmi ml/typing/env.cmi + ml/typing/ident.cmi ml/typing/env.cmi ml/typing/typedtree.cmi: ml/typing/types.cmi ml/typing/primitive.cmi \ ml/typing/path.cmi ml/parsing/location.cmi ml/typing/ident.cmi \ - ml/typing/env.cmi ml/parsing/asttypes.cmi + ml/typing/env.cmi ml/parsing/asttypes.cmi ml/typing/typemod.cmi: ml/typing/types.cmi ml/typing/typedtree.cmi \ ml/parsing/parsetree.cmi ml/parsing/longident.cmi ml/parsing/location.cmi \ - ml/typing/includemod.cmi ml/typing/ident.cmi ml/typing/env.cmi + ml/typing/includemod.cmi ml/typing/ident.cmi ml/typing/env.cmi ml/typing/types.cmi: ml/typing/primitive.cmi ml/typing/path.cmi \ - ml/typing/ident.cmi ml/parsing/asttypes.cmi + ml/typing/ident.cmi ml/parsing/asttypes.cmi ml/typing/typetexp.cmi: ml/typing/types.cmi ml/typing/path.cmi \ ml/parsing/parsetree.cmi ml/parsing/longident.cmi ml/parsing/location.cmi \ - ml/typing/env.cmi -ml/typing/unused_var.cmi: ml/parsing/parsetree.cmi -ml/utils/clflags.cmo: ml/utils/config.cmi ml/utils/clflags.cmi -ml/utils/clflags.cmx: ml/utils/config.cmx ml/utils/clflags.cmi -ml/utils/config.cmo: ml/utils/config.cmi -ml/utils/config.cmx: ml/utils/config.cmi -ml/utils/consistbl.cmo: ml/utils/consistbl.cmi -ml/utils/consistbl.cmx: ml/utils/consistbl.cmi -ml/utils/misc.cmo: ml/utils/misc.cmi -ml/utils/misc.cmx: ml/utils/misc.cmi -ml/utils/tbl.cmo: ml/utils/tbl.cmi -ml/utils/tbl.cmx: ml/utils/tbl.cmi -ml/utils/terminfo.cmo: ml/utils/terminfo.cmi -ml/utils/terminfo.cmx: ml/utils/terminfo.cmi -ml/utils/warnings.cmo: ml/utils/warnings.cmi -ml/utils/warnings.cmx: ml/utils/warnings.cmi -ml/utils/clflags.cmi: -ml/utils/config.cmi: -ml/utils/consistbl.cmi: -ml/utils/misc.cmi: -ml/utils/tbl.cmi: -ml/utils/terminfo.cmi: -ml/utils/warnings.cmi: + ml/typing/env.cmi +ml/typing/unused_var.cmi: ml/parsing/parsetree.cmi +ml/utils/clflags.cmo: ml/utils/config.cmi ml/utils/clflags.cmi +ml/utils/clflags.cmx: ml/utils/config.cmx ml/utils/clflags.cmi +ml/utils/config.cmo: ml/utils/config.cmi +ml/utils/config.cmx: ml/utils/config.cmi +ml/utils/consistbl.cmo: ml/utils/consistbl.cmi +ml/utils/consistbl.cmx: ml/utils/consistbl.cmi +ml/utils/misc.cmo: ml/utils/misc.cmi +ml/utils/misc.cmx: ml/utils/misc.cmi +ml/utils/tbl.cmo: ml/utils/tbl.cmi +ml/utils/tbl.cmx: ml/utils/tbl.cmi +ml/utils/terminfo.cmo: ml/utils/terminfo.cmi +ml/utils/terminfo.cmx: ml/utils/terminfo.cmi +ml/utils/warnings.cmo: ml/utils/warnings.cmi +ml/utils/warnings.cmx: ml/utils/warnings.cmi +ml/utils/clflags.cmi: +ml/utils/config.cmi: +ml/utils/consistbl.cmi: +ml/utils/misc.cmi: +ml/utils/tbl.cmi: +ml/utils/terminfo.cmi: +ml/utils/warnings.cmi: diff -Nru why-2.29+dfsg/.depend.coq why-2.30+dfsg/.depend.coq --- why-2.29+dfsg/.depend.coq 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/.depend.coq 2011-10-24 15:21:06.000000000 +0000 @@ -1,43 +1,44 @@ -lib/coq/Caduceus.vo: lib/coq/Caduceus.v lib/coq/caduceus_why.vo lib/coq/caduceus_tactics.vo lib/coq/caduceus_lists.vo -lib/coq/JessieGappa.vo: lib/coq/JessieGappa.v lib/coq/WhyFloats.vo -lib/coq/Why.vo: lib/coq/Why.v lib/coq/WhyCoqCompat.vo lib/coq/WhyTuples.vo lib/coq/WhyInt.vo lib/coq/WhyBool.vo lib/coq/WhyArrays.vo lib/coq/WhyPermut.vo lib/coq/WhySorted.vo lib/coq/WhyTactics.vo lib/coq/WhyExn.vo lib/coq/WhyLemmas.vo lib/coq/WhyPrelude.vo -lib/coq/WhyArrays.vo: lib/coq/WhyArrays.v lib/coq/WhyInt.vo -lib/coq/WhyArraysFMap.vo: lib/coq/WhyArraysFMap.v lib/coq/WhyInt.vo -lib/coq/WhyBool.vo: lib/coq/WhyBool.v -lib/coq/WhyCM.vo: lib/coq/WhyCM.v lib/coq/WhyArrays.vo -lib/coq/WhyCoq8.vo: lib/coq/WhyCoq8.v -lib/coq/WhyCoqCompat.vo: lib/coq/WhyCoqCompat.v -lib/coq/WhyCoqDev.vo: lib/coq/WhyCoqDev.v -lib/coq/WhyExn.vo: lib/coq/WhyExn.v -lib/coq/WhyFloats.vo: lib/coq/WhyFloats.v -lib/coq/WhyFloatsStrict.vo: lib/coq/WhyFloatsStrict.v lib/coq/WhyFloats.vo -lib/coq/WhyInt.vo: lib/coq/WhyInt.v -lib/coq/WhyLemmas.vo: lib/coq/WhyLemmas.v lib/coq/WhyInt.vo lib/coq/WhyTuples.vo -lib/coq/WhyNTMonad.vo: lib/coq/WhyNTMonad.v -lib/coq/WhyPermut.vo: lib/coq/WhyPermut.v lib/coq/WhyArrays.vo -lib/coq/WhyPrelude.vo: lib/coq/WhyPrelude.v lib/coq/WhyCoqCompat.vo lib/coq/WhyTuples.vo lib/coq/WhyInt.vo lib/coq/WhyBool.vo lib/coq/WhyArrays.vo lib/coq/WhyPermut.vo lib/coq/WhySorted.vo lib/coq/WhyTactics.vo lib/coq/WhyExn.vo lib/coq/WhyLemmas.vo -lib/coq/WhyReal.vo: lib/coq/WhyReal.v lib/coq/Why.vo -lib/coq/WhySorted.vo: lib/coq/WhySorted.v lib/coq/WhyArrays.vo lib/coq/WhyPermut.vo -lib/coq/WhyTactics.vo: lib/coq/WhyTactics.v lib/coq/WhyArrays.vo lib/coq/WhyPermut.vo -lib/coq/WhyTuples.vo: lib/coq/WhyTuples.v -lib/coq/caduceus_lists.vo: lib/coq/caduceus_lists.v lib/coq/Why.vo lib/coq/caduceus_why.vo -lib/coq/caduceus_tactics.vo: lib/coq/caduceus_tactics.v lib/coq/caduceus_why.vo -lib/coq/caduceus_why.vo: lib/coq/caduceus_why.v lib/coq/Why.vo -lib/coq/jessie_why.vo: lib/coq/jessie_why.v lib/coq/Why.vo -lib/coq-v7/Why.vo: lib/coq-v7/Why.v lib/coq-v7/WhyCoqCompat.vo lib/coq-v7/WhyTuples.vo lib/coq-v7/WhyInt.vo lib/coq-v7/WhyBool.vo lib/coq-v7/WhyArrays.vo lib/coq-v7/WhyPermut.vo lib/coq-v7/WhySorted.vo lib/coq-v7/WhyTactics.vo lib/coq-v7/WhyExn.vo lib/coq-v7/WhyLemmas.vo lib/coq-v7/WhyCM.vo -lib/coq-v7/WhyArrays.vo: lib/coq-v7/WhyArrays.v lib/coq-v7/WhyInt.vo -lib/coq-v7/WhyBool.vo: lib/coq-v7/WhyBool.v lib/coq-v7/WhyCoqCompat.vo -lib/coq-v7/WhyCM.vo: lib/coq-v7/WhyCM.v lib/coq-v7/WhyArrays.vo -lib/coq-v7/WhyCoq73.vo: lib/coq-v7/WhyCoq73.v -lib/coq-v7/WhyCoqCompat.vo: lib/coq-v7/WhyCoqCompat.v -lib/coq-v7/WhyCoqDev.vo: lib/coq-v7/WhyCoqDev.v -lib/coq-v7/WhyExn.vo: lib/coq-v7/WhyExn.v -lib/coq-v7/WhyInt.vo: lib/coq-v7/WhyInt.v -lib/coq-v7/WhyLemmas.vo: lib/coq-v7/WhyLemmas.v lib/coq-v7/WhyInt.vo lib/coq-v7/WhyTuples.vo -lib/coq-v7/WhyPermut.vo: lib/coq-v7/WhyPermut.v lib/coq-v7/WhyArrays.vo -lib/coq-v7/WhyReal.vo: lib/coq-v7/WhyReal.v lib/coq-v7/Why.vo -lib/coq-v7/WhySorted.vo: lib/coq-v7/WhySorted.v lib/coq-v7/WhyArrays.vo lib/coq-v7/WhyPermut.vo -lib/coq-v7/WhyTactics.vo: lib/coq-v7/WhyTactics.v lib/coq-v7/WhyArrays.vo lib/coq-v7/WhyPermut.vo -lib/coq-v7/WhyTuples.vo: lib/coq-v7/WhyTuples.v -lib/coq-v7/caduceus_tactics.vo: lib/coq-v7/caduceus_tactics.v -lib/coq-v7/caduceus_why.vo: lib/coq-v7/caduceus_why.v lib/coq-v7/Why.vo lib/coq-v7/WhyReal.vo +lib/coq/Caduceus.vo lib/coq/Caduceus.glob: lib/coq/Caduceus.v lib/coq/caduceus_why.vo lib/coq/caduceus_tactics.vo lib/coq/caduceus_lists.vo +lib/coq/JessieGappa.vo lib/coq/JessieGappa.glob: lib/coq/JessieGappa.v lib/coq/WhyFloats.vo +lib/coq/Why.vo lib/coq/Why.glob: lib/coq/Why.v lib/coq/WhyCoqCompat.vo lib/coq/WhyTuples.vo lib/coq/WhyInt.vo lib/coq/WhyBool.vo lib/coq/WhyArrays.vo lib/coq/WhyPermut.vo lib/coq/WhySorted.vo lib/coq/WhyTactics.vo lib/coq/WhyExn.vo lib/coq/WhyLemmas.vo lib/coq/WhyPrelude.vo +lib/coq/WhyArrays.vo lib/coq/WhyArrays.glob: lib/coq/WhyArrays.v lib/coq/WhyInt.vo +lib/coq/WhyArraysFMap.vo lib/coq/WhyArraysFMap.glob: lib/coq/WhyArraysFMap.v lib/coq/WhyInt.vo +lib/coq/WhyBool.vo lib/coq/WhyBool.glob: lib/coq/WhyBool.v +lib/coq/WhyCM.vo lib/coq/WhyCM.glob: lib/coq/WhyCM.v lib/coq/WhyArrays.vo +lib/coq/WhyCoq8.vo lib/coq/WhyCoq8.glob: lib/coq/WhyCoq8.v +lib/coq/WhyCoqCompat.vo lib/coq/WhyCoqCompat.glob: lib/coq/WhyCoqCompat.v +lib/coq/WhyCoqDev.vo lib/coq/WhyCoqDev.glob: lib/coq/WhyCoqDev.v +lib/coq/WhyExn.vo lib/coq/WhyExn.glob: lib/coq/WhyExn.v +lib/coq/WhyFloats.vo lib/coq/WhyFloats.glob: lib/coq/WhyFloats.v +lib/coq/WhyFloatsStrict.vo lib/coq/WhyFloatsStrict.glob: lib/coq/WhyFloatsStrict.v lib/coq/WhyFloats.vo +lib/coq/WhyFloatsStrictLegacy.vo lib/coq/WhyFloatsStrictLegacy.glob: lib/coq/WhyFloatsStrictLegacy.v +lib/coq/WhyInt.vo lib/coq/WhyInt.glob: lib/coq/WhyInt.v +lib/coq/WhyLemmas.vo lib/coq/WhyLemmas.glob: lib/coq/WhyLemmas.v lib/coq/WhyInt.vo lib/coq/WhyTuples.vo +lib/coq/WhyNTMonad.vo lib/coq/WhyNTMonad.glob: lib/coq/WhyNTMonad.v +lib/coq/WhyPermut.vo lib/coq/WhyPermut.glob: lib/coq/WhyPermut.v lib/coq/WhyArrays.vo +lib/coq/WhyPrelude.vo lib/coq/WhyPrelude.glob: lib/coq/WhyPrelude.v lib/coq/WhyCoqCompat.vo lib/coq/WhyTuples.vo lib/coq/WhyInt.vo lib/coq/WhyBool.vo lib/coq/WhyArrays.vo lib/coq/WhyPermut.vo lib/coq/WhySorted.vo lib/coq/WhyTactics.vo lib/coq/WhyExn.vo lib/coq/WhyLemmas.vo +lib/coq/WhyReal.vo lib/coq/WhyReal.glob: lib/coq/WhyReal.v lib/coq/Why.vo +lib/coq/WhySorted.vo lib/coq/WhySorted.glob: lib/coq/WhySorted.v lib/coq/WhyArrays.vo lib/coq/WhyPermut.vo +lib/coq/WhyTactics.vo lib/coq/WhyTactics.glob: lib/coq/WhyTactics.v lib/coq/WhyArrays.vo lib/coq/WhyPermut.vo +lib/coq/WhyTuples.vo lib/coq/WhyTuples.glob: lib/coq/WhyTuples.v +lib/coq/caduceus_lists.vo lib/coq/caduceus_lists.glob: lib/coq/caduceus_lists.v lib/coq/Why.vo lib/coq/caduceus_why.vo +lib/coq/caduceus_tactics.vo lib/coq/caduceus_tactics.glob: lib/coq/caduceus_tactics.v lib/coq/caduceus_why.vo +lib/coq/caduceus_why.vo lib/coq/caduceus_why.glob: lib/coq/caduceus_why.v lib/coq/Why.vo +lib/coq/jessie_why.vo lib/coq/jessie_why.glob: lib/coq/jessie_why.v lib/coq/Why.vo +lib/coq-v7/Why.vo lib/coq-v7/Why.glob: lib/coq-v7/Why.v lib/coq-v7/WhyCoqCompat.vo lib/coq-v7/WhyTuples.vo lib/coq-v7/WhyInt.vo lib/coq-v7/WhyBool.vo lib/coq-v7/WhyArrays.vo lib/coq-v7/WhyPermut.vo lib/coq-v7/WhySorted.vo lib/coq-v7/WhyTactics.vo lib/coq-v7/WhyExn.vo lib/coq-v7/WhyLemmas.vo lib/coq-v7/WhyCM.vo +lib/coq-v7/WhyArrays.vo lib/coq-v7/WhyArrays.glob: lib/coq-v7/WhyArrays.v lib/coq-v7/WhyInt.vo +lib/coq-v7/WhyBool.vo lib/coq-v7/WhyBool.glob: lib/coq-v7/WhyBool.v lib/coq-v7/WhyCoqCompat.vo +lib/coq-v7/WhyCM.vo lib/coq-v7/WhyCM.glob: lib/coq-v7/WhyCM.v lib/coq-v7/WhyArrays.vo +lib/coq-v7/WhyCoq73.vo lib/coq-v7/WhyCoq73.glob: lib/coq-v7/WhyCoq73.v +lib/coq-v7/WhyCoqCompat.vo lib/coq-v7/WhyCoqCompat.glob: lib/coq-v7/WhyCoqCompat.v +lib/coq-v7/WhyCoqDev.vo lib/coq-v7/WhyCoqDev.glob: lib/coq-v7/WhyCoqDev.v +lib/coq-v7/WhyExn.vo lib/coq-v7/WhyExn.glob: lib/coq-v7/WhyExn.v +lib/coq-v7/WhyInt.vo lib/coq-v7/WhyInt.glob: lib/coq-v7/WhyInt.v +lib/coq-v7/WhyLemmas.vo lib/coq-v7/WhyLemmas.glob: lib/coq-v7/WhyLemmas.v lib/coq-v7/WhyInt.vo lib/coq-v7/WhyTuples.vo +lib/coq-v7/WhyPermut.vo lib/coq-v7/WhyPermut.glob: lib/coq-v7/WhyPermut.v lib/coq-v7/WhyArrays.vo +lib/coq-v7/WhyReal.vo lib/coq-v7/WhyReal.glob: lib/coq-v7/WhyReal.v lib/coq-v7/Why.vo +lib/coq-v7/WhySorted.vo lib/coq-v7/WhySorted.glob: lib/coq-v7/WhySorted.v lib/coq-v7/WhyArrays.vo lib/coq-v7/WhyPermut.vo +lib/coq-v7/WhyTactics.vo lib/coq-v7/WhyTactics.glob: lib/coq-v7/WhyTactics.v lib/coq-v7/WhyArrays.vo lib/coq-v7/WhyPermut.vo +lib/coq-v7/WhyTuples.vo lib/coq-v7/WhyTuples.glob: lib/coq-v7/WhyTuples.v +lib/coq-v7/caduceus_tactics.vo lib/coq-v7/caduceus_tactics.glob: lib/coq-v7/caduceus_tactics.v +lib/coq-v7/caduceus_why.vo lib/coq-v7/caduceus_why.glob: lib/coq-v7/caduceus_why.v lib/coq-v7/Why.vo lib/coq-v7/WhyReal.vo diff -Nru why-2.29+dfsg/doc/Makefile why-2.30+dfsg/doc/Makefile --- why-2.29+dfsg/doc/Makefile 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/doc/Makefile 2011-10-24 15:21:06.000000000 +0000 @@ -1,6 +1,19 @@ -HEVEA=hevea -fix +HEVEA=hevea -noiso -entities -exec xxdate.exe -fix -all: main.pdf manual.ps caduceus.ps $(KFILES) krakatoa.pdf +all: main.pdf manual.ps $(KFILES) krakatoa.pdf \ + sourcepp jessie.pdf krakatoa.html jessie.html \ + index.html + +install: all + cp krakatoa.pdf jessie.pdf krakatoa.html jessie.html \ + why_frama_c2-mps.png \ + /users/www-perso/projets/krakatoa + cp index.html /users/www-perso/projets/krakatoa/index.html + +index.html:: why_frama_c2-mps.png + +%.html: %.prehtml + yamlpp $< -o $@ doc.dvi: doc.tex rules.tex macros.tex code.tex dep.ps @@ -21,6 +34,27 @@ contracts.bnf lexpr.bnf \ Gcd-nospec.pp Gcd-spec.pp Gcd.pp Gcd-lemmas.pp +# for jessie +SNIPPET=$(wildcard codes/*.c) +SNIPPETPP:=$(patsubst codes/%.c, texpp/%.cpp, $(SNIPPET)) + +sourcepp: $(SNIPPETPP) $(EXAMPLESPP) + +why_frama_c1.mps: why_frama_c.ml + mlpost -pdf -latex jessie.tex why_frama_c.ml + +why_frama_c1-mps.pdf: why_frama_c1.mps + mptopdf why_frama_c1.mps + +why_frama_c2.mps: why_frama_c.ml + mlpost -pdf -latex jessie.tex why_frama_c.ml + +why_frama_c2-mps.pdf: why_frama_c2.mps + mptopdf why_frama_c2.mps + +why_frama_c2-mps.png: why_frama_c2-mps.pdf + pdftoppm -r 150 why_frama_c2-mps.pdf | pnmtopng -transparent white > why_frama_c2-mps.png + dep.ps: (cd ../src; ocamldep *.ml* | ocamldot | dot -Tps) > dep.ps @@ -65,6 +99,13 @@ pdflatex krakatoa.tex pdflatex krakatoa.tex +jessie.pdf: sourcepp jessie.tex version.tex + pdflatex jessie.tex + bibtex jessie + makeindex jessie + pdflatex jessie.tex + pdflatex jessie.tex + february2008.pdf: $(KFILES) version.tex pdflatex february2008.tex @@ -72,6 +113,10 @@ rm -f krakatoa.aux $(HEVEA) krakatoa.tex +jessie.html: jessie.tex version.tex + rm -f jessie.aux + $(HEVEA) jessie.tex + main.html: main.tex version.tex rm -f main.aux $(HEVEA) main.tex @@ -90,6 +135,10 @@ %.pp: %.java pp ./pp -java $< > $@ +texpp/%.cpp: codes/%.c pp Makefile + mkdir -p texpp + ./pp -c $< > $@ + %.dvi: %.tex latex $< && latex $< diff -Nru why-2.29+dfsg/frama-c-plugin/common.ml why-2.30+dfsg/frama-c-plugin/common.ml --- why-2.29+dfsg/frama-c-plugin/common.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/common.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -139,9 +139,11 @@ let integral_type_size_in_bytes ty = match unrollType ty with | TInt(IBool,_attr) -> (* TODO *) - Extlib.not_yet_implemented "Common.integral_type_size_in_bytes IBool" + Extlib.not_yet_implemented "Common.integral_type_size_in_bytes IBool" | TInt(ik,_attr) -> size_in_bytes ik - | TEnum _ -> theMachine.theMachine.sizeof_enum + | TEnum ({ekind = IBool},_) -> + Extlib.not_yet_implemented "Common.integral_type_size_in_bytes IBool" + | TEnum (ei,_) -> size_in_bytes ei.ekind | _ -> assert false let integral_type_size_in_bits ty = @@ -153,19 +155,18 @@ match bitsize with Some siz -> siz | None -> size_in_bytes * 8 in if signed then - Big_int.minus_big_int - (Big_int.power_int_positive_int 2 + My_bigint.neg + (My_bigint.power_int_positive_int 2 (numbits - 1)) - else Big_int.zero_big_int + else My_bigint.zero in match unrollType ty with - | TInt(IBool,_attr) -> Big_int.zero_big_int + | TInt(IBool,_attr) -> My_bigint.zero | TInt(ik,_attr) -> min_of (isSigned ik) (size_in_bytes ik) - | TEnum _ -> - min_of - theMachine.theMachine.Cil_types.enum_are_signed - theMachine.theMachine.sizeof_enum + | TEnum ({ ekind = IBool},_) -> My_bigint.zero + | TEnum ({ekind=ik},_) -> + min_of (isSigned ik) (size_in_bytes ik) | _ -> assert false let max_value_of_integral_type ?bitsize ty = @@ -174,22 +175,20 @@ match bitsize with Some siz -> siz | None -> size_in_bytes * 8 in if signed then - Big_int.pred_big_int - (Big_int.power_int_positive_int 2 + My_bigint.pred + (My_bigint.power_int_positive_int 2 (numbits - 1)) else - Big_int.pred_big_int - (Big_int.power_int_positive_int 2 + My_bigint.pred + (My_bigint.power_int_positive_int 2 numbits) in match unrollType ty with - | TInt(IBool,_attr) -> Big_int.unit_big_int + | TInt(IBool,_attr) -> My_bigint.one | TInt(ik,_attr) -> max_of (isSigned ik) (size_in_bytes ik) - | TEnum _ -> - max_of - theMachine.theMachine.Cil_types.enum_are_signed - theMachine.theMachine.sizeof_enum + | TEnum ({ekind=IBool},_) -> My_bigint.one + | TEnum ({ekind=ik},_) -> max_of (isSigned ik) (size_in_bytes ik) | _ -> assert false let all_integral_types = Hashtbl.create 5 @@ -207,10 +206,8 @@ | TInt(IBool,_attr) -> "_bool" | TInt(ik,_attr) -> name_it (isSigned ik) (size_in_bytes ik) - | TEnum _ -> - name_it - theMachine.theMachine.Cil_types.enum_are_signed - theMachine.theMachine.sizeof_enum + | TEnum ({ekind= IBool},_) -> "_bool" + | TEnum ({ekind = ik},_) -> name_it (isSigned ik) (size_in_bytes ik) | _ -> assert false (* Reference type *) @@ -240,7 +237,7 @@ (* Format.eprintf "mkTRef, coming from %s@." msg; *) - let size = constant_expr 1L and attr = [] in + let size = constant_expr My_bigint.one and attr = [] in (* Do the same as in [mkTRefArray] *) let siz = expToAttrParam size in let attr = addAttribute (Attr(arraylen_attr_name,[siz])) attr in @@ -477,11 +474,11 @@ let logic_type_name ty = ignore (flush_str_formatter ()); - let old_mode = Parameters.UseUnicode.get() in - Parameters.UseUnicode.set false; + let old_mode = Kernel.Unicode.get() in + Kernel.Unicode.set false; fprintf str_formatter "%a" !Ast_printer.d_logic_type ty; let name = flush_str_formatter () in - Parameters.UseUnicode.set old_mode; + Kernel.Unicode.set old_mode; filter_alphanumeric name [('*','x')] '_' let name_of_padding_type = (*reserved_logic_name*) "padding" @@ -590,9 +587,28 @@ class proxy_frama_c_visitor (visitor : Visitor.frama_c_visitor) = object + (* [VP 2011-08-24] Do not inherit from Visitor.frama_c_visitor: all methods + that are not overloaded have to come from visitor. Otherwise, proxy will + fail to delegate some of its actions. *) - inherit Visitor.generic_frama_c_visitor - (Project.current ()) (Cil.inplace_visit ()) as super + method set_current_kf kf = visitor#set_current_kf kf + + method set_current_func f = visitor#set_current_func f + + method current_kf = visitor#current_kf + + method current_func = visitor#current_func + + method push_stmt s = visitor#push_stmt s + method pop_stmt s = visitor#pop_stmt s + + method current_stmt = visitor#current_stmt + method current_kinstr = visitor#current_kinstr + + method get_filling_actions = visitor#get_filling_actions + method fill_global_tables = visitor#fill_global_tables + + method vlogic_label = visitor#vlogic_label (* Modify visitor on functions so that it prepends/postpends statements *) method vfunc f = @@ -671,6 +687,28 @@ method vcode_annot = visitor#vcode_annot method vannotation = visitor#vannotation + method behavior = visitor#behavior + method frama_c_plain_copy = visitor#frama_c_plain_copy + method is_annot_before = visitor#is_annot_before + method plain_copy_visitor = visitor#plain_copy_visitor + method queueInstr = visitor#queueInstr + method reset_current_func = visitor#reset_current_func + method reset_current_kf = visitor#reset_current_kf + method unqueueInstr = visitor#unqueueInstr + method vcompinfo = visitor#vcompinfo + method venuminfo = visitor#venuminfo + method venumitem = visitor#venumitem + method vfieldinfo = visitor#vfieldinfo + method vfrom = visitor#vfrom + method vglob = visitor#vglob + method vimpact_pragma = visitor#vimpact_pragma + method vlogic_ctor_info_decl = visitor#vlogic_ctor_info_decl + method vlogic_ctor_info_use = visitor#vlogic_ctor_info_use + method vlogic_type_def = visitor#vlogic_type_def + method vlogic_type_info_decl = visitor#vlogic_type_info_decl + method vlogic_type_info_use = visitor#vlogic_type_info_use + method vstmt = visitor#vstmt + end let visit_and_push_statements_visitor visitor = @@ -863,7 +901,7 @@ let print_to_stdout file = (* Printer takes into account annotations *) let printer = new Printer.print () in - Log.print_on_output "%a" (Cil.d_file printer) file + Log.print_on_output (Extlib.swap (Cil.d_file printer) file) class checkTypes = let preaction_expr e = ignore (typeOf e); e in @@ -1084,7 +1122,11 @@ let subty = direct_element_type ty in if isArrayType subty then let siz = array_size subty in - TIndex(change_idx idx1 (constant_term Cil_datatype.Location.unknown 0L) siz, TNoOffset) + TIndex(change_idx + idx1 + (constant_term Cil_datatype.Location.unknown My_bigint.zero) + siz, + TNoOffset) else off | TIndex _ | TField _ | TNoOffset -> off @@ -1142,7 +1184,9 @@ let mkalloc_array v ty num loc = let callee = new_exp ~loc (Lval(Var(malloc_function ()),NoOffset)) in - let arg = constant_expr (Int64.mul num (Int64.of_int (sizeOf_int ty))) in + let arg = constant_expr + (My_bigint.of_int64 (Int64.mul num (Int64.of_int (sizeOf_int ty)))) + in Call(Some(Var v,NoOffset),callee,[arg],loc) let mkalloc_array_statement v ty num loc = diff -Nru why-2.29+dfsg/frama-c-plugin/common.mli why-2.30+dfsg/frama-c-plugin/common.mli --- why-2.29+dfsg/frama-c-plugin/common.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/common.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -84,10 +84,10 @@ val integral_type_size_in_bits : Cil_types.typ -> int val max_value_of_integral_type : - ?bitsize:int -> Cil_types.typ -> Big_int.big_int + ?bitsize:int -> Cil_types.typ -> My_bigint.t val min_value_of_integral_type : - ?bitsize:int -> Cil_types.typ -> Big_int.big_int + ?bitsize:int -> Cil_types.typ -> My_bigint.t val all_integral_types : (string, Cil_types.typ * int) Hashtbl.t @@ -205,7 +205,7 @@ val visit_until_convergence : Visitor.frama_c_visitor -> Cil_types.file -> unit -type proxy_frama_c_visitor = Visitor.frama_c_visitor +class proxy_frama_c_visitor: Visitor.frama_c_visitor -> Visitor.frama_c_visitor val visit_and_push_statements_visitor : Visitor.frama_c_visitor -> proxy_frama_c_visitor @@ -217,4 +217,4 @@ val print_to_stdout : Cil_types.file -> unit -val constant_expr : ?loc:Cil_datatype.Location.t -> int64 -> Cil_types.exp +val constant_expr : ?loc:Cil_datatype.Location.t -> My_bigint.t -> Cil_types.exp diff -Nru why-2.29+dfsg/frama-c-plugin/integer.ml why-2.30+dfsg/frama-c-plugin/integer.ml --- why-2.29+dfsg/frama-c-plugin/integer.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/integer.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/frama-c-plugin/interp.ml why-2.30+dfsg/frama-c-plugin/interp.ml --- why-2.29+dfsg/frama-c-plugin/interp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/interp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -38,7 +38,6 @@ open Cil_datatype open Ast_info open Extlib -open Db_types (* Import from Why *) open Jc @@ -97,7 +96,11 @@ (* Locate Jessie expressions on source program. *) (*****************************************************************************) -let reg_pos ?id ?kind ?name pos = Output.reg_pos "C" ?id ?kind ?name pos +let reg_pos ?id ?kind ?name pos = + Output.old_reg_pos "C" ?id ?kind ?name pos + +let reg_position ?id ?kind ?name pos = + Output.old_reg_pos "C" ?id ?kind ?name (Loc.extract pos) (* [locate] should be called on every Jessie expression which we would like to * locate in the original source program. @@ -115,19 +118,19 @@ in let lab = match alarm with | None -> - reg_pos pos - | Some Alarms.Division_alarm -> - reg_pos ~kind:Output.DivByZero pos - | Some Alarms.Memory_alarm | Some Alarms.Index_alarm -> - reg_pos ~kind:Output.PointerDeref pos - | Some (Alarms.Shift_alarm|Alarms.Signed_overflow_alarm) -> - reg_pos ~kind:Output.ArithOverflow pos - | Some Alarms.Pointer_compare_alarm - | Some Alarms.Using_nan_or_infinite_alarm - | Some Alarms.Result_is_nan_or_infinite_alarm -> - reg_pos pos - | Some Alarms.Separation_alarm -> reg_pos pos - | Some Alarms.Other_alarm -> reg_pos pos + reg_position pos + | Some Division_alarm -> + reg_position ~kind:Output.DivByZero pos + | Some Memory_alarm | Some Index_alarm -> + reg_position ~kind:Output.PointerDeref pos + | Some (Shift_alarm|Signed_overflow_alarm) -> + reg_position ~kind:Output.ArithOverflow pos + | Some Pointer_compare_alarm + | Some Using_nan_or_infinite_alarm + | Some Result_is_nan_or_infinite_alarm -> + reg_position pos + | Some Separation_alarm -> reg_position pos + | Some Other_alarm -> reg_position pos in let e = match e#node with | JCPEbinary(e1,`Bland,e2) -> @@ -567,7 +570,7 @@ JCPEconst(JCCinteger s) | CInt64(i,_ik,None) -> - JCPEconst(JCCinteger(Int64.to_string i)) + JCPEconst(JCCinteger(My_bigint.to_string i)) | CStr _ | CWStr _ -> assert false (* Should have been rewritten *) @@ -598,7 +601,8 @@ and boolean_const = function | CInt64(i,_ik,_text) -> - if i = Int64.zero then JCCboolean false else JCCboolean true + if My_bigint.equal i My_bigint.zero then JCCboolean false + else JCCboolean true | CStr _ | CWStr _ -> JCCboolean true @@ -723,9 +727,10 @@ | TBinOp(Shiftrt,t1,t2) -> begin match possible_value_of_integral_term t2 with - | Some i when i >= 0L && i < 63L -> + | Some i when My_bigint.ge i My_bigint.zero + && My_bigint.lt i (My_bigint.of_int 63) -> (* Right shift by constant is division by constant *) - let pow = constant_term t2.term_loc (power_of_two i) in + let pow = constant_term t2.term_loc (My_bigint.two_power i) in List.map (fun x ->JCPEbinary(x,`Bdiv,term pow)) (terms t1) | _ -> let op = match t1.term_type with @@ -740,9 +745,10 @@ | TBinOp(Shiftlt as op,t1,t2) -> begin match possible_value_of_integral_term t2 with - | Some i when i >= 0L && i < 63L -> + | Some i when My_bigint.ge i My_bigint.zero && + My_bigint.lt i (My_bigint.of_int 63) -> (* Left shift by constant is multiplication by constant *) - let pow = constant_term t2.term_loc (power_of_two i) in + let pow = constant_term t2.term_loc (My_bigint.two_power i) in List.map (fun x -> JCPEbinary(x,`Bmul,term pow)) (terms t1) | _ -> product (fun x y -> JCPEbinary(x,binop op,y)) @@ -784,7 +790,8 @@ | Tnull -> [JCPEconst JCCnull] | TConst c - when is_integral_const c && value_of_integral_const c = Int64.zero -> + when is_integral_const c && + My_bigint.equal (value_of_integral_const c) My_bigint.zero -> [JCPEconst JCCnull] | _ -> (* if isLogicIntegralType t.term_type then *) @@ -877,8 +884,6 @@ product (fun f x -> f x) (product (fun x y z -> JCPEif(x,y,z)) t1 t2) t3 - | Told t -> List.map (fun x -> JCPEold x) (terms t) - | Tat(t,lab) -> List.map (fun x -> JCPEat(x,logic_label lab)) (terms t) | Tbase_addr t -> List.map (fun x -> JCPEbase_block x) (terms t) @@ -1131,8 +1136,6 @@ JCPEquantifier(Exists,ltype v.lv_type, [new identifier v.lv_name], [],pred newp) - | Pold p -> JCPEold(pred p) - | Pat(p,lab) -> JCPEat(pred p,logic_label lab) | Pvalid_index(t1,t2) -> @@ -1216,6 +1219,8 @@ | Pseparated(_seps) -> (* TODO *) Extlib.not_yet_implemented "Interp.pred Pseparated" + | Pinitialized _ -> + Extlib.not_yet_implemented "Interp.pred Pinitialized" in mkexpr enode p.loc @@ -1409,17 +1414,8 @@ else i)) l -let code_annot pos ((acc_assert_before,acc_assert_after,contract) as acc) a = - let a, is_after = - match a with - | Before ca -> ca,false - | After ca -> ca,true - in - let push s = - if is_after - then (acc_assert_before,s::acc_assert_after,contract) - else (s::acc_assert_before,acc_assert_after,contract) - in +let code_annot pos ((acc_assert_before,contract) as acc) a = + let push s = s::acc_assert_before,contract in match a with | User annot -> begin @@ -1443,12 +1439,14 @@ | APragma _ -> acc (* just ignored *) | AAssigns (_, _) -> acc (* should be handled elsewhere *) | AVariant _ -> acc (* should be handled elsewhere *) - | AStmtSpec s -> + | AStmtSpec ([],s) -> (* TODO: handle case of for *) begin match contract with - | None -> (acc_assert_before,acc_assert_after,Some s) + | None -> (acc_assert_before,Some s) | Some _ -> assert false end + | AStmtSpec _ -> + unsupported "statement contract for a specific behavior" end | AI(alarm,annot) -> begin match annot.annot_content with @@ -1553,7 +1551,7 @@ match e.enode with | Const c when is_integral_const c - && value_of_integral_const c = Int64.zero -> + && My_bigint.equal (value_of_integral_const c) My_bigint.zero -> JCPEconst JCCnull | _ -> let ety = typeOf e in @@ -1692,9 +1690,10 @@ | BinOp(Shiftrt,e1,e2,_ty) -> let e = match possible_value_of_integral_expr e2 with - | Some i when i >= 0L && i < 63L -> + | Some i when My_bigint.ge i My_bigint.zero && + My_bigint.lt i (My_bigint.of_int 63) -> (* Right shift by constant is division by constant *) - let pow = constant_expr (power_of_two i) in + let pow = constant_expr (My_bigint.two_power i) in locate (mkexpr (JCPEbinary(expr e1,`Bdiv,expr pow)) e.eloc) | _ -> let op = @@ -1707,9 +1706,10 @@ | BinOp(Shiftlt as op,e1,e2,_ty) -> let e = match possible_value_of_integral_expr e2 with - | Some i when i >= 0L && i < 63L -> + | Some i when My_bigint.ge i My_bigint.zero && + My_bigint.lt i (My_bigint.of_int 63) -> (* Left shift by constant is multiplication by constant *) - let pow = constant_expr (power_of_two i) in + let pow = constant_expr (My_bigint.two_power i) in locate (mkexpr (JCPEbinary(expr e1,`Bmul,expr pow)) e.eloc) | _ -> locate (mkexpr (JCPEbinary(expr e1,binop op,expr e2)) e.eloc) @@ -1840,7 +1840,7 @@ let enode = if is_malloc_function v || is_realloc_function v then let lvtyp = pointed_type (typeOfLval lv) in - let lvsiz = (bits_sizeof lvtyp) lsr 3 in + let lvsiz = My_bigint.of_int64 ((bits_sizeof lvtyp) lsr 3) in let arg = if is_malloc_function v then as_singleton eargs else (* realloc *) @@ -1851,15 +1851,18 @@ let ty,arg = match arg.enode with | Info _ -> assert false | Const c when is_integral_const c -> - let allocsiz = (value_of_integral_expr arg) / lvsiz in - let siznode = JCPEconst(JCCinteger(Int64.to_string allocsiz)) in + let allocsiz = My_bigint.div (value_of_integral_expr arg) lvsiz + in + let siznode = + JCPEconst(JCCinteger(My_bigint.to_string allocsiz)) + in lvtyp, mkexpr siznode pos | BinOp(Mult,({enode = Const c} as arg),nelem,_ty) | BinOp(Mult,nelem,({enode = Const c} as arg),_ty) when is_integral_const c -> - let factor = (value_of_integral_expr arg) / lvsiz in + let factor = My_bigint.div (value_of_integral_expr arg) lvsiz in let siz = - if factor = Int64.one then expr nelem + if My_bigint.equal factor My_bigint.one then expr nelem else let factor = constant_expr factor in expr @@ -1867,7 +1870,7 @@ in lvtyp, siz | _ -> - if lvsiz = Int64.one then lvtyp, expr arg + if My_bigint.equal lvsiz My_bigint.one then lvtyp, expr arg else let esiz = constant_expr ~loc lvsiz in lvtyp, expr (new_exp ~loc (BinOp(Div,arg,esiz,typeOf arg))) @@ -1888,10 +1891,10 @@ | Info _ -> assert false | Const c when is_integral_const c -> let lvtyp = pointed_type (typeOfLval lv) in - let lvsiz = (bits_sizeof lvtyp) lsr 3 in - let factor = (value_of_integral_expr arg) / lvsiz in + let lvsiz = My_bigint.of_int64 ((bits_sizeof lvtyp) lsr 3) in + let factor = My_bigint.div (value_of_integral_expr arg) lvsiz in let siz = - if factor = Int64.one then + if My_bigint.equal factor My_bigint.one then expr nelem else let factor = constant_expr ~loc factor in @@ -1900,7 +1903,7 @@ lvtyp, siz | _ -> let lvtyp = pointed_type (typeOfLval lv) in - let lvsiz = (bits_sizeof lvtyp) lsr 3 in + let lvsiz = My_bigint.of_int64 ((bits_sizeof lvtyp) lsr 3) in let esiz = constant_expr ~loc lvsiz in lvtyp, expr @@ -1968,9 +1971,9 @@ in *) - let assert_before, assert_after, contract = + let assert_before, contract = List.fold_left (code_annot pos) - ([],[],None) + ([],None) (Annotations.get_filter (fun _ -> true) s) in let snode = match s.skind with @@ -2144,7 +2147,7 @@ (JCPEcontract(requires, decreases, behaviors, s)) pos in - let s = match assert_before @ s :: assert_after with + let s = match assert_before @ [s] with | [s] -> s | slist -> mkexpr (JCPEblock slist) pos in @@ -2215,6 +2218,9 @@ | Dlemma(name,is_axiom,labels,_poly,property,pos) -> CurrentLoc.set pos; + ignore + (reg_position ~id:name + ~name:("Lemma " ^ name) pos); begin try [JCDlemma(name,is_axiom,[],logic_labels labels,pred property)] with (Unsupported _ | NotImplemented _) @@ -2371,7 +2377,12 @@ | Dtype _ -> (* TODO *) Extlib.not_yet_implemented "Interp.annotation Dtype" - + | Dvolatile _ -> + (* TODO *) + Extlib.not_yet_implemented "Interp.annotation Dvolatile" + | Dmodel_annot _ -> + (* TODO *) + Extlib.not_yet_implemented "Interp.annotation Dmodel_annot" | Daxiomatic(id,l,pos) -> CurrentLoc.set pos; (* @@ -2503,14 +2514,18 @@ in let emin = List.fold_left (fun acc enum -> - if acc < enum then acc else enum) (List.hd enums) enums + if My_bigint.lt acc enum then acc else enum) + (List.hd enums) + enums in - let min = Num.num_of_string (Int64.to_string emin) in + let min = Num.num_of_string (My_bigint.to_string emin) in let emax = List.fold_left (fun acc enum -> - if acc > enum then acc else enum) (List.hd enums) enums + if My_bigint.gt acc enum then acc else enum) + (List.hd enums) + enums in - let max = Num.num_of_string (Int64.to_string emax) in + let max = Num.num_of_string (My_bigint.to_string emax) in [JCDenum_type(enuminfo.ename,min,max)] | GEnumTagDecl _ -> [] (* No enumeration declaration in Jessie *) @@ -2530,7 +2545,10 @@ in let id = mkidentifier v.vname pos in let kf = Globals.Functions.get v in + Jessie_options.debug + "Getting spec of %s" (Kernel_function.get_name kf); let funspec = Kernel_function.get_spec kf in + Jessie_options.debug "OK"; let params = Globals.Functions.get_params kf in let formal v = true, ctype v.vtype, unique_name_if_empty v.vname in let formals = List.map formal params in @@ -2599,7 +2617,7 @@ in let body = mkexpr (JCPEblock body) pos in ignore - (reg_pos ~id:f.svar.vname + (reg_position ~id:f.svar.vname ~name:("Function " ^ f.svar.vname) f.svar.vdecl); [JCDfun(ctype rty,id,formals,s,Some body)] with (Unsupported _ | NotImplemented _) when drop_on_unsupported_feature -> @@ -2621,8 +2639,8 @@ List.map (fun dnode -> mkdecl dnode pos) dnodes let integral_type name ty bitsize = - let min = Num.num_of_big_int (min_value_of_integral_type ~bitsize ty) in - let max = Num.num_of_big_int (max_value_of_integral_type ~bitsize ty) in + let min = My_bigint.to_num (min_value_of_integral_type ~bitsize ty) in + let max = My_bigint.to_num (max_value_of_integral_type ~bitsize ty) in mkdecl (JCDenum_type(name,min,max)) Loc.dummy_position (* let all_integral_kinds = *) diff -Nru why-2.29+dfsg/frama-c-plugin/interp.mli why-2.30+dfsg/frama-c-plugin/interp.mli --- why-2.29+dfsg/frama-c-plugin/interp.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/interp.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/frama-c-plugin/jessie_config.ml why-2.30+dfsg/frama-c-plugin/jessie_config.ml --- why-2.29+dfsg/frama-c-plugin/jessie_config.ml 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/jessie_config.ml 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1 @@ +let jessie_local = false diff -Nru why-2.29+dfsg/frama-c-plugin/Jessie.mli why-2.30+dfsg/frama-c-plugin/Jessie.mli --- why-2.29+dfsg/frama-c-plugin/Jessie.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/Jessie.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/frama-c-plugin/jessie_options.ml why-2.30+dfsg/frama-c-plugin/jessie_options.ml --- why-2.29+dfsg/frama-c-plugin/jessie_options.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/jessie_options.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -82,19 +82,19 @@ ForceAdHocNormalization.add_set_hook (fun _ b -> if b then begin - Parameters.SimplifyCfg.on (); - Parameters.KeepSwitch.on (); - Parameters.Constfold.on (); - Parameters.PreprocessAnnot.on (); + Kernel.SimplifyCfg.on (); + Kernel.KeepSwitch.on (); + Kernel.Constfold.on (); + Kernel.PreprocessAnnot.on (); Cabs2cil.setDoTransformWhile (); Cabs2cil.setDoAlternateConditional (); end); State_dependency_graph.Static.add_dependencies ~from:ForceAdHocNormalization.self - [ Parameters.SimplifyCfg.self; - Parameters.KeepSwitch.self; - Parameters.Constfold.self; - Parameters.PreprocessAnnot.self ] + [ Kernel.SimplifyCfg.self; + Kernel.KeepSwitch.self; + Kernel.Constfold.self; + Kernel.PreprocessAnnot.self ] let () = Analysis.add_set_hook (fun _ b -> ForceAdHocNormalization.set b); @@ -138,6 +138,17 @@ let kind = `Correctness end) +(* +module Why3Backend = + False + (struct + let option_name = "-jessie-why3" + let module_name = "-jessie-why3" + let help = "Use the Why3 VC generator and GUI backend" + let kind = `Tuning + end) +*) + module CpuLimit = Zero (struct @@ -164,9 +175,9 @@ (struct let option_name = "-jessie-atp" let module_name = "-jessie-atp" - let default = "gui" + let default = "why3ml" let arg_name = "" - let help = "use given automated theorem prover, among `alt-ergo', `cvc3', `simplify', `yices' and `z3'. Use `goals' to simply generate goals in Why syntax." + let help = "use given automated theorem prover, among `alt-ergo', `cvc3', `simplify', `vampire', `yices' and `z3'. Use `goals' to simply generate goals in Why syntax." let kind = `Tuning end) diff -Nru why-2.29+dfsg/frama-c-plugin/jessie_options.mli why-2.30+dfsg/frama-c-plugin/jessie_options.mli --- why-2.29+dfsg/frama-c-plugin/jessie_options.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/jessie_options.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -32,17 +32,17 @@ open Plugin include Plugin.S -module ProjectName: STRING -module Behavior: STRING -module Analysis: BOOL -module WhyOpt: STRING_SET -module JcOpt: STRING_SET -module GenOnly: BOOL -module InferAnnot: STRING -module AbsDomain: STRING -module Atp: STRING -module CpuLimit: INT -module HintLevel: INT +module ProjectName: Plugin.String +module Behavior: Plugin.String +module Analysis: Plugin.Bool +module WhyOpt: Plugin.String_set +module JcOpt: Plugin.String_set +module GenOnly: Plugin.Bool +module InferAnnot: Plugin.String +module AbsDomain: Plugin.String +module Atp: Plugin.String +module CpuLimit: Plugin.Int +module HintLevel: Plugin.Int (* Local Variables: diff -Nru why-2.29+dfsg/frama-c-plugin/Makefile why-2.30+dfsg/frama-c-plugin/Makefile --- why-2.29+dfsg/frama-c-plugin/Makefile 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/Makefile 2011-10-24 15:21:06.000000000 +0000 @@ -51,7 +51,6 @@ #PLUGIN_DEPFLAGS:=$(JESSIE_INCLUDES) PLUGIN_DOCFLAGS:=$(JESSIE_INCLUDES) PLUGIN_TESTS_DIRS:=jessie -PLUGIN_NO_DEFAULT_TEST:=yes ifeq ($(FRAMAC_MAKE),yes) unexport $(FRAMAC_MAKE) diff -Nru why-2.29+dfsg/frama-c-plugin/norm.ml why-2.30+dfsg/frama-c-plugin/norm.ml --- why-2.29+dfsg/frama-c-plugin/norm.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/norm.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -209,7 +209,7 @@ varset := Cil_datatype.Varinfo.Set.add v !varset; (* Change the variable type *) let newty = - if array_size v.vtype > 0L then + if My_bigint.gt (array_size v.vtype) My_bigint.zero then begin (* Change the type into "reference" type, that behaves almost like * a pointer, except validity is ensured. @@ -240,7 +240,10 @@ let elemty = force_app_term_type element_type lv.lv_type in lvarset := Cil_datatype.Logic_var.Set.add lv !lvarset; let newty = - if force_app_term_type array_size lv.lv_type > 0L then + if My_bigint.gt + (force_app_term_type array_size lv.lv_type) + My_bigint.zero + then begin let size = constant_expr (force_app_term_type array_size lv.lv_type) @@ -276,8 +279,8 @@ let p = Pvalid_range( variable_term v.vdecl (cvar_to_lvar v), - constant_term v.vdecl 0L, - constant_term v.vdecl (size - 1L)) + constant_term v.vdecl My_bigint.zero, + constant_term v.vdecl (My_bigint.pred size)) in let globinv = Cil_const.make_logic_info (unique_logic_name ("valid_" ^ v.vname)) in @@ -299,7 +302,9 @@ if Cil_datatype.Varinfo.Set.mem v !allocvarset then let ty = Cil_datatype.Varinfo.Hashtbl.find var_to_array_type v in let elemty = element_type ty in - let ast = mkalloc_array_statement v elemty (array_size ty) v.vdecl in + let ast = mkalloc_array_statement v elemty + (My_bigint.to_int64 (array_size ty)) v.vdecl + in add_pending_statement ~beginning:true ast; let fst = mkfree_statement v v.vdecl in add_pending_statement ~beginning:false fst @@ -415,28 +420,6 @@ | Ctype _ | Ltype _ | Lvar _ | Linteger | Lreal | Larrow _ -> ty in let rec annot = function -(* - | Dpredicate_reads(_name,_poly,params,_) - | Dpredicate_def(_name,_poly,params,_) - | Dinductive_def(_name,_poly,params,_) -> - List.iter var params; - DoChildren - | Dlogic_reads(info,poly,params,rt,tlocs) -> - List.iter var params; - let rt = return_type rt in - ChangeDoChildrenPost - (Dlogic_reads(info,poly,params,rt,tlocs), fun x -> x) - | Dlogic_def(name,poly,params,rt,t) -> - List.iter var params; - let rt = return_type rt in - ChangeDoChildrenPost - (Dlogic_def(name,poly,params,rt,t), fun x -> x) - | Dlogic_axiomatic(name,poly,params,rt,axioms) -> - List.iter var params; - let rt = return_type rt in - ChangeDoChildrenPost - (Dlogic_axiomatic(name,poly,params,rt,axioms), fun x -> x) -*) | Dfun_or_pred (li,loc) -> List.iter var li.l_profile; begin @@ -461,9 +444,9 @@ | Ctype _ | Ltype _ | Lvar _ | Linteger | Lreal | Larrow _ -> DoChildren end - | Dtype _ | Dlemma _ | Dinvariant _ -> DoChildren + | Dtype _ | Dlemma _ | Dinvariant _ | Dvolatile _ -> DoChildren | Daxiomatic _ -> DoChildren (* FIXME: correct ? *) - + | Dmodel_annot _ -> DoChildren (* FIXME: correct ? *) in annot method vterm_lval tlv = @@ -555,7 +538,6 @@ let pairs = ref [] in let new_return_type = ref None in let return_var = ref None in - let curFundec : fundec ref = ref (emptyFunction "@dummy@") in let postaction_term_lval (host,off) = let host = match host with @@ -620,10 +602,12 @@ expand_assign newlv newe (direct_element_type ty) loc in let rec all_elem acc i = - if i >= 0L then all_elem (elem i @ acc) (i - 1L) else acc + if My_bigint.ge i My_bigint.zero + then all_elem (elem i @ acc) (My_bigint.pred i) + else acc in assert (not (is_reference_type ty)); - all_elem [] (direct_array_size ty - 1L) + all_elem [] (My_bigint.pred (direct_array_size ty)) | _ -> [Set (lv, e, loc)] in @@ -642,22 +626,24 @@ expand newlv (direct_element_type ty) loc in let rec all_elem acc i = - if i >= 0L then all_elem (elem i @ acc) (i - 1L) else acc + if My_bigint.ge i My_bigint.zero then + all_elem (elem i @ acc) (My_bigint.pred i) + else acc in assert (not (is_reference_type ty)); - all_elem [] (direct_array_size ty - 1L) + all_elem [] (My_bigint.pred (direct_array_size ty)) | _ -> [ lv ] in -object - - inherit Visitor.generic_frama_c_visitor - (Project.current ()) (Cil.inplace_visit ()) as super +object(self) + inherit Visitor.frama_c_inplace as super method vglob_aux = let retype_func fvi = let formal (n,ty,a) = - let ty = if isStructOrUnionType ty then mkTRef ty "Norm.vglob_aux" else ty in + let ty = + if isStructOrUnionType ty then mkTRef ty "Norm.vglob_aux" else ty + in n, ty, a in let rt,params,isva,a = splitFunctionTypeVI fvi in @@ -665,7 +651,11 @@ | None -> None | Some p -> Some(List.map formal p) in - let rt = if isStructOrUnionType rt then mkTRef rt "Norm.vgloab_aux(2)" else rt in + let rt = + if isStructOrUnionType rt then + mkTRef rt "Norm.vgloab_aux(2)" + else rt + in fvi.vtype <- TFun(rt,params,isva,a) in function @@ -678,7 +668,6 @@ | GEnumTag _ | GAsm _ | GPragma _ | GText _ -> SkipChildren method vfunc f = - curFundec := f; let var v = if isStructOrUnionType v.vtype then let newv = copyVarinfo v (unique_name ("v_" ^ v.vname)) in @@ -706,7 +695,7 @@ (* Add local variable for return *) let rt = getReturnType f.svar.vtype in if isStructOrUnionType rt then - let rv = makeTempVar !curFundec rt in + let rv = makeTempVar (Extlib.the self#current_func) rt in return_var := Some rv; Cil_datatype.Varinfo.Hashtbl.add return_vars rv () else @@ -719,6 +708,9 @@ DoChildren method vbehavior b = + let kf = Extlib.the self#current_kf in + let ki = self#current_kinstr in + let old = Property.ip_all_of_behavior kf ki b in let lval loc lv = expand lv (typeOfLval lv) loc in let term t = match t.term_node with | TLval tlv -> @@ -747,7 +739,6 @@ | Tunion _ | Tinter _ | Tcomprehension _ - | Told _ | Tif _ | Tnull -> [ t ] (* those cases can not appear as assigns *) @@ -772,6 +763,8 @@ WritesAny -> () | Writes l -> b.b_assigns <- Writes (List.flatten (List.map assign l))); + let props = Property.ip_all_of_behavior kf ki b in + Property_status.merge ~old props; DoChildren method vstmt_aux s = match s.skind with @@ -821,7 +814,10 @@ (* Type of [lv] has not been changed. *) let lvty = typeOfLval lv in if isStructOrUnionType lvty then - let tmpv = makeTempVar !curFundec (mkTRef lvty "Norm.vinst") in + let tmpv = + makeTempVar + (Extlib.the self#current_func) (mkTRef lvty "Norm.vinst") + in let tmplv = Var tmpv, NoOffset in let call = Call(Some tmplv,callee,args,loc) in let deref = @@ -961,8 +957,8 @@ let p = Pvalid_range( variable_term v.vdecl (cvar_to_lvar v), - constant_term v.vdecl 0L, - constant_term v.vdecl 0L) + constant_term v.vdecl My_bigint.zero, + constant_term v.vdecl My_bigint.zero) in let globinv = Cil_const.make_logic_info (unique_logic_name ("valid_" ^ v.vname)) @@ -1533,7 +1529,7 @@ None (* Already in a suitable form for Jessie translation. *) else if is_array_reference_type ty then (* Do not lose the information that this type is a reference *) - let size = constant_expr (reference_size ty) in + let size = constant_expr (My_bigint.of_int64 (reference_size ty)) in assert (not (!flatten_multi_dim_array && is_reference_type elemty)); Some(mkTRefArray(self#new_wrapper_for_type elemty,size,[])) else if is_reference_type ty then diff -Nru why-2.29+dfsg/frama-c-plugin/norm.mli why-2.30+dfsg/frama-c-plugin/norm.mli --- why-2.29+dfsg/frama-c-plugin/norm.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/norm.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/frama-c-plugin/ptests_local_config.ml why-2.30+dfsg/frama-c-plugin/ptests_local_config.ml --- why-2.29+dfsg/frama-c-plugin/ptests_local_config.ml 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/ptests_local_config.ml 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,6 @@ +Ptests_config.default_suites:= [ "jessie"; ];; +Ptests_config.toplevel_path :="/usr/local/bin/frama-c";; +Ptests_config.framac_share :="/usr/local/share/frama-c";; +Ptests_config.framac_plugin :=".";; +Ptests_config.framac_plugin_gui :="./gui";; +Ptests_config.framac_lib :="/usr/local/lib/frama-c";; diff -Nru why-2.29+dfsg/frama-c-plugin/register.ml why-2.30+dfsg/frama-c-plugin/register.ml --- why-2.29+dfsg/frama-c-plugin/register.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/register.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -36,8 +36,8 @@ open Cil open Cilutil open Extlib -module FCAst=Ast -module FCProject=Project +module FCAst = Ast +module FCProject = Project (* Import from Why *) open Jc open Jc_ast @@ -54,15 +54,15 @@ let prolog_h_name = Filename.concat std_include "jessie_prolog.h" let treat_jessie_prolog () = - Parameters.CppExtraArgs.add ("-include " ^ prolog_h_name) + Kernel.CppExtraArgs.add ("-include " ^ prolog_h_name) let treat_jessie_std_headers () = - Parameters.CppExtraArgs.add ("-I " ^ std_include) + Kernel.CppExtraArgs.add ("-I " ^ std_include) *) let treat_integer_model () = if !Interp.int_model = Interp.IMexact then - Parameters.CppExtraArgs.add ("-D JESSIE_EXACT_INT_MODEL") + Kernel.CppExtraArgs.add ("-D JESSIE_EXACT_INT_MODEL") let () = (* [JS 2009/10/04] @@ -72,7 +72,7 @@ (* let treat_jessie_no_prolog () = - Parameters.CppExtraArgs.add ("-D JESSIE_NO_PROLOG") + Kernel.CppExtraArgs.add ("-D JESSIE_NO_PROLOG") *) let apply_if_dir_exist name f = @@ -143,9 +143,11 @@ (* Phase 5: C to Jessie translation, should be quite straighforward at this * stage (after normalization) *) - + Jessie_options.debug "Jessie pragmas"; let pragmas = Interp.pragmas file in + Jessie_options.debug "Jessie translation"; let pfile = Interp.file file in + Jessie_options.debug "Printing Jessie program"; (* Phase 6: pretty-printing of Jessie program *) @@ -157,7 +159,7 @@ let projname = Jessie_options.ProjectName.get () in let projname = if projname <> "" then projname else - match Parameters.Files.get() with + match Kernel.Files.get() with | [f] -> (try Filename.chop_extension f @@ -188,7 +190,7 @@ (* locname is 'file.cloc' *) let locname = basename ^ ".cloc" in - Pp.print_in_file Output.print_pos (Filename.concat jessie_subdir locname); + Pp.print_in_file Output.old_print_pos (Filename.concat jessie_subdir locname); Jessie_options.feedback "File %s/%s written." jessie_subdir locname; if Jessie_options.GenOnly.get () then () else @@ -251,9 +253,10 @@ let atp = Jessie_options.Atp.get () in - let jessie_opt = + let jessie_opt = match atp with | "why3" | "why3ide" -> "" + | "why3ml" -> "-why3ml" | _ -> "-why-opt -split-user-conj" in let cmd = @@ -290,13 +293,13 @@ warn_general "Unsupported feature(s).@\nJessie plugin can not be used on your code." ; if Jessie_options.debug_atleast 1 then raise e else () | NotImplemented _ -> - warn_general "Not implemented feature(s). + warn_general "Not implemented feature(s). \ Please submit `feature request' report." - | Assert_failure(file,a,b) -> + (*| Assert_failure(file,a,b) -> fatal "Unexpected failure.@\nPlease submit bug report (Ref. \"%s:%d:%d\")." file a b - (*| exn -> + | exn -> fatal "Unexpected exception.@\nPlease submit bug report (Ref. \"%s\")." (Printexc.to_string exn) diff -Nru why-2.29+dfsg/frama-c-plugin/retype.ml why-2.30+dfsg/frama-c-plugin/retype.ml --- why-2.29+dfsg/frama-c-plugin/retype.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/retype.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/frama-c-plugin/rewrite.ml why-2.30+dfsg/frama-c-plugin/rewrite.ml --- why-2.29+dfsg/frama-c-plugin/rewrite.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/frama-c-plugin/rewrite.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -38,7 +38,6 @@ open Ast_info open Extlib -open Db_types open Visitor (* Utility functions *) @@ -49,21 +48,18 @@ (*****************************************************************************) class add_default_behavior = - object(_self) + object(self) inherit Visitor.generic_frama_c_visitor (Project.current()) (Cil.inplace_visit()) method vspec s = if not (List.exists (fun x -> x.b_name = Cil.default_behavior_name) s.spec_behavior) then begin - s.spec_behavior <- - { b_name = Cil.default_behavior_name; - b_assumes = []; - b_requires = []; - b_extended = []; - b_assigns = WritesAny; - b_post_cond = []; - } :: s.spec_behavior + let bhv = Cil.mk_behavior ~name:Cil.default_behavior_name () in + let kf = Extlib.the self#current_kf in + let props = Property.ip_all_of_behavior kf Kglobal bhv in + List.iter Property_status.register props; + s.spec_behavior <- bhv :: s.spec_behavior end; SkipChildren @@ -151,11 +147,14 @@ (fun kf -> add_variable (Globals.Functions.get_vi kf); List.iter add_variable (Globals.Functions.get_params kf)); - Globals.Annotations.replace_all +(* [VP 2011-08-22] replace_all has disappeared from kernel's API, but + it appears that info in Globals.Annotations is not used by Jessie. *) +(* Globals.Annotations.replace_all (fun annot gen -> let rec replace_annot annot = match annot with | Dfun_or_pred _ -> annot - | Daxiomatic(id, l, loc) -> + | Dvolatile _ -> annot + | Daxiomatic(id, l, loc) -> Daxiomatic(id, List.map replace_annot l,loc) | Dtype(infos,loc) -> Dtype({ infos with @@ -176,6 +175,7 @@ ) | Dlemma(name,is_axiom,labels,poly,property,loc) -> Dlemma(unique_logic_name name,is_axiom,labels,poly,property,loc) + | Dmodel_annot _ -> annot | Dtype_annot _ | Dinvariant _ -> (* Useful ? harmless ? info.l_name <- unique_logic_name info.l_name; @@ -183,7 +183,7 @@ annot in replace_annot annot,gen ); - +*) (* preprocess of renaming logic functions *) Logic_env.Logic_info.iter (fun name _li -> @@ -366,7 +366,7 @@ else mkterm (Tapp(strlen,[],[tv])) strlen_type v.vdecl in - let size = constant_term v.vdecl (Int64.of_int size) in + let size = constant_term v.vdecl (My_bigint.of_int size) in let psize = Prel(Req,strsize,size) in let p = Pand(predicate v.vdecl pstring,predicate v.vdecl psize) in let globinv = @@ -471,7 +471,7 @@ (BinOp(op, new_exp ~loc:e.eloc (BinOp(MinusPP,e1,e2,theMachine.ptrdiffType)), - constant_expr 0L,ty)) + constant_expr My_bigint.zero,ty)) | _ -> e in object @@ -497,7 +497,7 @@ term_loc = loc; term_name = []; } in - let p = Prel(rel,tsub,constant_term loc 0L) in + let p = Prel(rel,tsub,constant_term loc My_bigint.zero) in ChangeDoChildrenPost (p, fun x -> x) | _ -> DoChildren @@ -770,7 +770,7 @@ new_exp ~loc:e.eloc (UnOp(Neg,off2,theMachine.ptrdiffType)) | None,None -> - constant_expr 0L + constant_expr My_bigint.zero else e with Not_found -> e end | _ -> e @@ -828,7 +828,7 @@ let voff = Cil_datatype.Varinfo.Hashtbl.find cursor_to_offset v in let initst = mkStmt(Instr(Set((Var voff,NoOffset), - constant_expr 0L, + constant_expr My_bigint.zero, CurrentLoc.get ()))) in add_pending_statement ~beginning:true initst @@ -877,7 +877,7 @@ with Not_found -> e end | Some(v2,None) -> begin try expr_offset v2 - with Not_found -> constant_expr 0L end + with Not_found -> constant_expr My_bigint.zero end in ChangeDoChildrenPost ([Set((Var voff,NoOffset),eoff,loc)], fun x -> x) @@ -1108,7 +1108,7 @@ let voff = Cil_datatype.Varinfo.Hashtbl.find cursor_to_offset v in let initst = mkStmt(Instr(Set((Var voff,NoOffset), - constant_expr 0L, + constant_expr My_bigint.zero, CurrentLoc.get ()))) in add_pending_statement ~beginning:true initst @@ -1141,7 +1141,7 @@ begin try let voff2 = Cil_datatype.Varinfo.Hashtbl.find cursor_to_offset v2 in new_exp ~loc (Lval(Var voff2,NoOffset)) - with Not_found -> constant_expr 0L end + with Not_found -> constant_expr My_bigint.zero end in ChangeDoChildrenPost ([Set((Var voff,NoOffset),eoff,loc)], fun x -> x) @@ -1210,7 +1210,7 @@ begin match destruct_pointer e with | None -> None | Some(v,Some off) -> Some(v,off) - | Some(v,None) -> Some(v,constant_expr 0L) + | Some(v,None) -> Some(v,constant_expr My_bigint.zero) end | Var v, off -> if isCharPtrType v.vtype then @@ -1304,11 +1304,10 @@ let off = !Db.Properties.Interp.force_exp_to_term off in let app = within_bounds ~strict:false v off in let cur_stmt = the self#current_stmt in - Annotations.add_alarm - cur_stmt + let cur_kf = the self#current_kf in + Annotations.add_assert + cur_kf cur_stmt [ Jessie_options.Analysis.self ] - ~before:true - Alarms.Other_alarm app end; DoChildren @@ -1326,19 +1325,16 @@ let off = !Db.Properties.Interp.force_exp_to_term off in let rel1 = within_bounds ~strict:true v off in let supst = mkStmt(Instr(Skip(CurrentLoc.get()))) in - Annotations.add_alarm - supst + let curr_kf = the self#current_kf in + Annotations.add_assert + curr_kf supst [ Jessie_options.Analysis.self ] - ~before:true - Alarms.Other_alarm rel1; let rel2 = reach_upper_bound ~loose:false v off in let eqst = mkStmt(Instr(Skip(CurrentLoc.get()))) in - Annotations.add_alarm - eqst + Annotations.add_assert + curr_kf eqst [ Jessie_options.Analysis.self ] - ~before:true - Alarms.Other_alarm rel2; (* Rather add skip statement as blocks may be empty *) @@ -1371,31 +1367,17 @@ Logic_const.pred_of_id_pred { rel with ip_name = [ name_of_hint_assertion ] } in - Annotations.add_alarm - s + let curr_kf = the self#current_kf in + Annotations.add_assert + curr_kf s [ Jessie_options.Analysis.self ] - ~before:false - Alarms.Other_alarm prel; - (* Further help ATP by asserting that index should be - positive *) -(* let rel = *) -(* Logic_const.new_predicate *) -(* (Logic_const.prel (Rle,lzero(),off)) *) -(* in *) -(* let prel = Logic_const.pred_of_id_pred *) -(* { rel with ip_name = [ name_of_hint_assertion ] } *) -(* in *) -(* Annotations.add_alarm *) -(* s ~before:false Alarms.Other_alarm prel; *) (* If setting a character to zero in a buffer, this should be the new length of a string *) let rel = reach_upper_bound ~loose:true v off in - Annotations.add_alarm - s + Annotations.add_assert + curr_kf s [ Jessie_options.Analysis.self ] - ~before:false - Alarms.Other_alarm rel else (); s @@ -1434,8 +1416,10 @@ inherit Visitor.generic_frama_c_visitor (Project.current ()) (Cil.inplace_visit ()) as super - method vexpr e = match e.enode with + method vexpr e = + match e.enode with | BinOp((Shiftlt | Shiftrt as op),e1,e2,_ty) -> + let curr_kf = the self#current_kf in let cur_stmt = the self#current_stmt in let is_left_shift = match op with Shiftlt -> true | _ -> false in let ty1 = typeOf e1 in @@ -1448,26 +1432,26 @@ (* Check that signed shift has a positive right operand *) if isSignedInteger ty1 then begin match possible_value_of_integral_expr e2' with - | Some i when i >= 0L -> () + | Some i when My_bigint.ge i My_bigint.zero -> () | _ -> let check = - new_exp ~loc:e.eloc (BinOp(Ge,e2',constant_expr 0L,intType)) + new_exp ~loc:e.eloc (BinOp(Ge,e2', + constant_expr My_bigint.zero, + intType)) in let check = !Db.Properties.Interp.force_exp_to_predicate check in - Annotations.add_alarm - cur_stmt + Annotations.add_assert + curr_kf cur_stmt [ Jessie_options.Analysis.self ] - ~before:true - Alarms.Shift_alarm check end else (); (* Check that shift has not too big a right operand. *) - let max_right = Int64.of_int (integral_type_size_in_bits ty1) in + let max_right = My_bigint.of_int (integral_type_size_in_bits ty1) in begin match possible_value_of_integral_expr e2' with - | Some i when i < max_right -> () + | Some i when My_bigint.lt i max_right -> () | _ -> let max_right = constant_expr max_right in let check = @@ -1475,29 +1459,25 @@ let check = !Db.Properties.Interp.force_exp_to_predicate check in - Annotations.add_alarm - cur_stmt + Annotations.add_assert + curr_kf cur_stmt [ Jessie_options.Analysis.self ] - ~before:true - Alarms.Shift_alarm check end; (* Check that signed left shift has a positive left operand *) if is_left_shift && isSignedInteger ty1 then begin match possible_value_of_integral_expr e1' with - | Some i when i >= 0L -> () + | Some i when My_bigint.ge i My_bigint.zero -> () | _ -> let check = new_exp ~loc:e.eloc - (BinOp(Ge,e1',constant_expr 0L,intType)) in + (BinOp(Ge,e1',constant_expr My_bigint.zero,intType)) in let check = !Db.Properties.Interp.force_exp_to_predicate check in - Annotations.add_alarm - cur_stmt + Annotations.add_assert + curr_kf cur_stmt [ Jessie_options.Analysis.self ] - ~before:true - Alarms.Shift_alarm check end else (); @@ -1506,27 +1486,21 @@ * operand. *) if is_left_shift && isSignedInteger ty1 then - let max_int = Int64.of_string - (Big_int.string_of_big_int (max_value_of_integral_type ty1)) - in + let max_int = max_value_of_integral_type ty1 in begin match possible_value_of_integral_expr e2' with - | Some i when i >= 0L && i < 64L -> - (* Only use optimization where [Int64.shift_right] is - * defined in OCaml - *) - let i = Int64.to_int i in - let max_left = constant_expr (Int64.shift_right max_int i) in + | Some i when My_bigint.ge i My_bigint.zero && + My_bigint.lt i (My_bigint.of_int 64) -> + let max_left = constant_expr (My_bigint.shift_right max_int i) + in let check = new_exp ~loc:e.eloc (BinOp(Le,e1',max_left,intType)) in let check = !Db.Properties.Interp.force_exp_to_predicate check in - Annotations.add_alarm - cur_stmt + Annotations.add_assert + curr_kf cur_stmt [ Jessie_options.Analysis.self ] - ~before:true - Alarms.Shift_alarm check | _ -> let max_int = constant_expr max_int in @@ -1539,11 +1513,9 @@ let check = !Db.Properties.Interp.force_exp_to_predicate check in - Annotations.add_alarm - cur_stmt + Annotations.add_assert + curr_kf cur_stmt [ Jessie_options.Analysis.self ] - ~before:true - Alarms.Shift_alarm check end else (); @@ -1585,8 +1557,7 @@ class debugVoid = object - inherit Visitor.generic_frama_c_visitor - (Project.current ()) (Cil.inplace_visit ()) as super + inherit Visitor.frama_c_inplace as super method vterm ts = match ts.term_node with | TLval(TResult _,_) -> DoChildren | _ -> @@ -1598,6 +1569,54 @@ let visitor = new rewriteVoidPointer in visitFramacFile visitor file +(* Jessie/Why has trouble with Pre labels inside function contracts. *) +class rewritePreOld : Visitor.frama_c_visitor = +object(self) + inherit Visitor.frama_c_inplace + val mutable rep_lab = Logic_const.pre_label + method vbehavior b = + rep_lab <- Logic_const.here_label; + let requires = + Visitor.visitFramacPredicates + (self:>Visitor.frama_c_visitor) b.b_requires + in + let assumes = + Visitor.visitFramacPredicates + (self:>Visitor.frama_c_visitor) b.b_assumes + in + rep_lab <- Logic_const.old_label; + let assigns = + Visitor.visitFramacAssigns + (self:>Visitor.frama_c_visitor) b.b_assigns + in + let ensures = + Cil.mapNoCopy + (fun (k,p as e) -> + let p' = + Visitor.visitFramacIdPredicate + (self:>Visitor.frama_c_visitor) p + in + if p != p' then (k,p') else e) + b.b_post_cond + in + b.b_requires <- requires; + b.b_assumes <- assumes; + b.b_assigns <- assigns; + b.b_post_cond <- ensures; + rep_lab <- Logic_const.pre_label; + SkipChildren + + method vlogic_label l = + if Cil_datatype.Logic_label.equal l Logic_const.pre_label + && self#current_kinstr = Kglobal (* Do not rewrite Pre in stmt annot. *) + then + ChangeTo rep_lab + else DoChildren +end + +let rewrite_pre_old file = + let visitor = new rewritePreOld in + visitFramacFile visitor file (*****************************************************************************) (* Rewrite the C file for Jessie translation. *) @@ -1681,6 +1700,9 @@ Jessie_options.debug "Rewrite type void* and (un)signed char* into char*"; rewrite_void_pointer file; if checking then check_types file; + Jessie_options.debug "Rewrite Pre as Old in funspec"; + rewrite_pre_old file; + if checking then check_types file; (* Rewrite cursor pointers into offsets from base pointers. *) (* order: after [rewrite_pointer_compare] *) if Jessie_options.InferAnnot.get () <> "" then diff -Nru why-2.29+dfsg/intf/astnprinter.ml why-2.30+dfsg/intf/astnprinter.ml --- why-2.29+dfsg/intf/astnprinter.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/astnprinter.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/astpprinter.ml why-2.30+dfsg/intf/astpprinter.ml --- why-2.29+dfsg/intf/astpprinter.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/astpprinter.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/astprinter.ml why-2.30+dfsg/intf/astprinter.ml --- why-2.29+dfsg/intf/astprinter.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/astprinter.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/cache.ml why-2.30+dfsg/intf/cache.ml --- why-2.29+dfsg/intf/cache.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/cache.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/colors.ml why-2.30+dfsg/intf/colors.ml --- why-2.29+dfsg/intf/colors.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/colors.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -34,6 +34,8 @@ let window_width = ref 1024 let window_height = ref 768 +let colorblind = ref false + let font_size = ref 10 let font_family = "Monospace" diff -Nru why-2.29+dfsg/intf/colors.mli why-2.30+dfsg/intf/colors.mli --- why-2.29+dfsg/intf/colors.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/colors.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -33,6 +33,7 @@ val window_width : int ref val window_height : int ref +val colorblind : bool ref val font_size : int ref val font_family : string diff -Nru why-2.29+dfsg/intf/config.mll why-2.30+dfsg/intf/config.mll --- why-2.29+dfsg/intf/config.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/config.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/gConfig.ml why-2.30+dfsg/intf/gConfig.ml --- why-2.29+dfsg/intf/gConfig.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/gConfig.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -47,6 +47,7 @@ fprintf fmt "window_height = %d@." !Colors.window_height; fprintf fmt "font_size = %d@." !Colors.font_size; fprintf fmt "boomy_icons = %b@." (Tools.is_boomy ()); + fprintf fmt "colorblind = %b@." (!Colors.colorblind); fprintf fmt "@." let save_prover_setting fmt (p,s) = @@ -85,6 +86,7 @@ | "window_height" -> Colors.window_height := Rc.int arg | "font_size" -> Colors.font_size := Rc.int arg | "boomy_icons" -> Tools.set_boomy (Rc.bool arg) + | "colorblind" -> Colors.colorblind := Rc.bool arg | _ -> printf "Unknown field `%s' in section [main] of rc file@." key @@ -111,7 +113,8 @@ match pid with | Ergo -> Model.ergo | Simplify -> Model.simplify - | Z3 -> Model.z3SS + | Vampire -> Model.simplify + | Z3 -> Model.z3SS | Cvc3 -> Model.cvc3SS | Yices -> Model.yicesSS | Gappa -> Model.gappa diff -Nru why-2.29+dfsg/intf/gConfig.mli why-2.30+dfsg/intf/gConfig.mli --- why-2.29+dfsg/intf/gConfig.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/gConfig.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/hilight.mll why-2.30+dfsg/intf/hilight.mll --- why-2.29+dfsg/intf/hilight.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/hilight.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/model.ml why-2.30+dfsg/intf/model.ml --- why-2.29+dfsg/intf/model.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/model.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -139,6 +139,16 @@ pr_enc = Recursive; } +let vampire = { + pr_id = DpConfig.Vampire; + pr_info = DpConfig.vampire; + pr_result = cols#add int; + pr_icon = cols#add GtkStock.conv; + pr_image = cols#add Gobject.Data.gobject; + pr_viewcol = None; + pr_enc = NoEncoding; + } + let gappa = { pr_id = DpConfig.Gappa; pr_info = DpConfig.gappa; @@ -335,6 +345,7 @@ (*ergoSS;*) simplify; simplify_select; + vampire; z3SS ; yicesSS; cvc3SS; diff -Nru why-2.29+dfsg/intf/model.mli why-2.30+dfsg/intf/model.mli --- why-2.29+dfsg/intf/model.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/model.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/navig.ml why-2.30+dfsg/intf/navig.ml --- why-2.29+dfsg/intf/navig.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/navig.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/navig.mli why-2.30+dfsg/intf/navig.mli --- why-2.29+dfsg/intf/navig.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/navig.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/pprinter.ml why-2.30+dfsg/intf/pprinter.ml --- why-2.29+dfsg/intf/pprinter.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/pprinter.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/pprinter.mli why-2.30+dfsg/intf/pprinter.mli --- why-2.29+dfsg/intf/pprinter.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/pprinter.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/preferences.ml why-2.30+dfsg/intf/preferences.ml --- why-2.29+dfsg/intf/preferences.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/preferences.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/stat.ml why-2.30+dfsg/intf/stat.ml --- why-2.29+dfsg/intf/stat.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/stat.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/tags.ml why-2.30+dfsg/intf/tags.ml --- why-2.29+dfsg/intf/tags.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/tags.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/tagsplit.mll why-2.30+dfsg/intf/tagsplit.mll --- why-2.29+dfsg/intf/tagsplit.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/tagsplit.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/tools.ml why-2.30+dfsg/intf/tools.ml --- why-2.29+dfsg/intf/tools.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/tools.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -79,7 +79,10 @@ (* todo: size should adapt to current font_size ! *) let image ?size f = - let n = Filename.concat Options.lib_dir (Filename.concat "images" (f^".png")) + let name = + if !Colors.colorblind then f^"-bw.png" else f^"32.png" + in + let n = Filename.concat Options.lib_dir (Filename.concat "images" name) in match size with | None -> @@ -94,16 +97,16 @@ let is_boomy () = !boomy -let iconname_default = "pause32" -let iconname_running = "play32" -let iconname_valid = "accept32" -let iconname_unknown = "help32" -let iconname_invalid = "delete32" -let iconname_timeout = "clock32" -let iconname_failure = "bug32" -let iconname_yes = "accept32" -let iconname_no = "delete32" -let iconname_down = "play32" +let iconname_default = "pause" +let iconname_running = "play" +let iconname_valid = "accept" +let iconname_unknown = "help" +let iconname_invalid = "delete" +let iconname_timeout = "clock" +let iconname_failure = "bug" +let iconname_yes = "accept" +let iconname_no = "delete" +let iconname_down = "play" let image_default = ref (image ~size:32 iconname_default) let image_running = ref !image_default diff -Nru why-2.29+dfsg/intf/viewer.ml why-2.30+dfsg/intf/viewer.ml --- why-2.29+dfsg/intf/viewer.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/viewer.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/intf/whyhilight.mll why-2.30+dfsg/intf/whyhilight.mll --- why-2.29+dfsg/intf/whyhilight.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/intf/whyhilight.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/java/java_abstract.ml why-2.30+dfsg/java/java_abstract.ml --- why-2.29+dfsg/java/java_abstract.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_abstract.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/java/java_analysis.ml why-2.30+dfsg/java/java_analysis.ml --- why-2.29+dfsg/java/java_analysis.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_analysis.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/java/java_ast.mli why-2.30+dfsg/java/java_ast.mli --- why-2.29+dfsg/java/java_ast.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_ast.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/java/java_callgraph.ml why-2.30+dfsg/java/java_callgraph.ml --- why-2.29+dfsg/java/java_callgraph.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_callgraph.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -39,6 +39,7 @@ | JTapp (f,_labs,lt) -> f::(List.fold_left term acc lt) | JTat(t,_) -> term acc t | JTbin (t1,_,_,t2) -> term (term acc t1) t2 + | JTbin_obj (t1,_,t2) -> term (term acc t1) t2 | JTun (_,_,t1) -> term acc t1 | JTif(t1,t2,t3) -> term (term (term acc t1) t2) t3 (* diff -Nru why-2.29+dfsg/java/java_callgraph.mli why-2.30+dfsg/java/java_callgraph.mli --- why-2.29+dfsg/java/java_callgraph.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_callgraph.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/java/java_env.mli why-2.30+dfsg/java/java_env.mli --- why-2.29+dfsg/java/java_env.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_env.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/java/java_interp.ml why-2.30+dfsg/java/java_interp.ml --- why-2.29+dfsg/java/java_interp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_interp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -51,15 +51,18 @@ let var_id v = new identifier v.jc_var_info_name let fi_name f = f.jc_field_info_name -let reg_pos ?id ?kind ?name pos = Output.reg_pos "K" ?id ?kind ?name pos +let reg_pos ?id ?kind ?name pos = Output.old_reg_pos "K" ?id ?kind ?name pos + +let reg_position ?id ?kind ?name pos = + Output.old_reg_pos "K" ?id ?kind ?name (Loc.extract pos) let locate ?id ?kind ?name pos e = - let lab = reg_pos ?id ?kind ?name pos in + let lab = reg_position ?id ?kind ?name pos in new pexpr ~pos (JCPElabel(lab,e)) (*s loop tags *) -let get_loop_counter = +let get_loop_counter = let counter = ref 0 in function () -> let tag = !counter in incr counter; tag @@ -113,15 +116,15 @@ ~name: ri.jc_enum_info_name ~left: ri.jc_enum_info_min ~right: ri.jc_enum_info_max - ())::acc) + ())::acc) acc [ byte_range ; short_range ; int_range ; long_range ; char_range ] let byte_type = JCTenum byte_range -let short_type = JCTenum short_range -let int_type = JCTenum int_range -let long_type = JCTenum long_range -let char_type = JCTenum char_range +let short_type = JCTenum short_range +let int_type = JCTenum int_range +let long_type = JCTenum long_range +let char_type = JCTenum char_range let get_enum_info t = match t with @@ -138,19 +141,19 @@ | Tunit -> Jc_pervasives.unit_type | Tboolean -> Jc_pervasives.boolean_type | Tinteger -> Jc_pervasives.integer_type - | Tshort -> + | Tshort -> if !Java_options.ignore_overflow then Jc_pervasives.integer_type else short_type - | Tint -> + | Tint -> if !Java_options.ignore_overflow then Jc_pervasives.integer_type else int_type - | Tlong -> + | Tlong -> if !Java_options.ignore_overflow then Jc_pervasives.integer_type else long_type - | Tchar -> + | Tchar -> if !Java_options.ignore_overflow then Jc_pervasives.integer_type else char_type - | Tbyte -> + | Tbyte -> if !Java_options.ignore_overflow then Jc_pervasives.integer_type else byte_type | Treal -> Jc_pervasives.real_type @@ -205,7 +208,7 @@ } *) -let st_interface = +let st_interface = { jc_struct_info_params = []; jc_struct_info_name = "Object/*interface*/"; @@ -221,23 +224,23 @@ let num_minus_one = Num.Int (-1) let array_struct_table = Hashtbl.create 17 - -let rec get_array_struct pos t = - let n = Java_analysis.name_type t in + +let rec get_array_struct pos t = + let n = Java_analysis.name_type t in try (Hashtbl.find array_struct_table n : struct_info) - with Not_found -> - eprintf "Array struct for type %a (name : %s) not found: %a@." + with Not_found -> + eprintf "Array struct for type %a (name : %s) not found: %a@." Java_typing.print_type t n Loc.report_position pos; raise Not_found and tr_type pos t = match t with - | JTYbase t -> tr_base_type t + | JTYbase t -> tr_base_type t | JTYnull -> JCTnull - | JTYclass (non_null, ci) -> + | JTYclass (non_null, ci) -> let st = get_class ci.class_info_name in - JCTpointer + JCTpointer (JCtag(st, []), Some num_zero, if non_null then Some num_zero else None) | JTYinterface _ii -> JCTpointer(JCtag(st_interface, []), Some num_zero,None) @@ -246,7 +249,7 @@ JCTpointer(st,Some num_zero, (* if non_null then Some num_zero else *) None) *) - + | JTYarray (non_null, t) -> let st = get_array_struct pos t in JCTpointer (JCtag(st, []), Some num_zero, if non_null then Some num_minus_one else None) @@ -275,15 +278,15 @@ try Hashtbl.find fi_table fi.java_field_info_tag with - Not_found -> - eprintf "Internal error: field '%s' not found@." + Not_found -> + eprintf "Internal error: field '%s' not found@." fi.java_field_info_name; assert false let create_field pos fi = Java_options.lprintf "Creating JC field '%s'@." fi.java_field_info_name; let ty = tr_type pos fi.java_field_info_type in - let ci = + let ci = match fi.java_field_info_class_or_interface with | TypeClass ci -> get_class ci.class_info_name | TypeInterface ii -> get_class ii.interface_info_name @@ -314,10 +317,10 @@ try Hashtbl.find static_fields_table fi.java_field_info_tag with - Not_found -> + Not_found -> eprintf "Java_interp.get_static_var->Not_found: %s@." fi.java_field_info_name; raise Not_found - + (* local variables and parameters *) @@ -327,8 +330,8 @@ try Hashtbl.find vi_table vi.java_var_info_tag with - Not_found -> - eprintf "Java_interp.get_var->Not_found: '%s', %a@." + Not_found -> + eprintf "Java_interp.get_var->Not_found: '%s', %a@." vi.java_var_info_final_name Loc.report_position vi.java_var_info_decl_loc ; @@ -354,10 +357,10 @@ try Hashtbl.find logics_table fi.java_logic_info_tag with - Not_found -> + Not_found -> eprintf "Anomaly: cannot find logic symbol `%s'@." fi.java_logic_info_name; eprintf "["; - Hashtbl.iter + Hashtbl.iter (fun _ d -> eprintf "%s;" d.jc_logic_info_name) logics_table; eprintf "]@."; assert false @@ -366,9 +369,9 @@ | LabelPre -> Jc_env.LabelPre | LabelHere -> Jc_env.LabelHere | LabelOld -> Jc_env.LabelOld - | LabelName s -> - Jc_env.LabelName { - label_info_name = s; + | LabelName s -> + Jc_env.LabelName { + label_info_name = s; label_info_final_name = s; times_used = 0; } @@ -377,14 +380,14 @@ let nfi = match fi.java_logic_info_result_type with | None -> - Jc_pervasives.make_pred fi.java_logic_info_name + Jc_pervasives.make_pred fi.java_logic_info_name | Some t -> - Jc_pervasives.make_logic_fun fi.java_logic_info_name - (tr_type pos t) + Jc_pervasives.make_logic_fun fi.java_logic_info_name + (tr_type pos t) in nfi.jc_logic_info_parameters <- List.map (create_var pos) fi.java_logic_info_parameters; - nfi.jc_logic_info_labels <- + nfi.jc_logic_info_labels <- List.map tr_logic_label fi.java_logic_info_labels; Hashtbl.add logics_table fi.java_logic_info_tag nfi; nfi @@ -402,7 +405,7 @@ try Hashtbl.find funs_table tag with - Not_found -> + Not_found -> eprintf "Java_interp.get_fun->Not_found: %a@." Loc.report_position pos; raise Not_found @@ -410,11 +413,11 @@ let nfi = match result with | None -> - Jc_pervasives.make_fun_info name + Jc_pervasives.make_fun_info name Jc_pervasives.unit_type | Some vi -> Jc_pervasives.make_fun_info name - (tr_type pos vi.java_var_info_type) + (tr_type pos vi.java_var_info_type) in nfi.jc_fun_info_parameters <- List.map (fun (vi, _) -> (true,create_var pos vi)) params; @@ -423,7 +426,7 @@ (*s exceptions *) -let exceptions_table = Hashtbl.create 17 +let exceptions_table = Hashtbl.create 17 let get_exception ty = match ty with @@ -432,7 +435,7 @@ try Hashtbl.find exceptions_table ci.class_info_name with - Not_found -> + Not_found -> eprintf "exception %s not found@." ci.class_info_name; assert false end @@ -445,7 +448,7 @@ let ei = { jc_exception_info_name = n; jc_exception_info_tag = !exceptions_tag; - jc_exception_info_type = ty + jc_exception_info_type = ty } in Hashtbl.add exceptions_table n ei; @@ -454,22 +457,26 @@ (*s terms *) -let any_string = +let any_string = mkapp ~fun_name: "any_string" ~args: [] () -(* +(**) let any_string_decl = mkfun_def - ~result_type: (new ptype (JCPTpointer("String",[],0,0))) - ~name: "any_string" + ~result_type: (new ptype (JCPTpointer("String",[],Some num_zero,None))) + ~name: (new identifier "any_string") ~params: [] ~clauses: [] () -*) +(**) + +let decl_any_string = + if !Java_options.javacard then [] else + [ any_string_decl ] let lit l = match l with @@ -483,9 +490,9 @@ match op with | Unot -> `Unot | Uminus when (t = Tinteger || t = Tint || t = Treal) -> `Uminus - | Uminus -> + | Uminus -> begin match t with - | Tstring -> assert false + | Tstring -> assert false | Tshort -> assert false (* TODO *) | Tboolean -> assert false (* TODO *) | Tbyte -> assert false (* TODO *) @@ -500,7 +507,7 @@ end | Uplus -> assert false | Ucompl -> `Ubw_not - + let lbin_op _t op: [> Jc_ast.bin_op] = match op with | Bgt -> `Bgt @@ -533,10 +540,10 @@ | _ -> assert false (* non_null funs & preds *) - + let non_null_funs = Hashtbl.create 17 let non_null_preds = Hashtbl.create 17 - + let non_null_fun si = try Hashtbl.find non_null_funs si.jc_struct_info_name @@ -547,13 +554,13 @@ try Hashtbl.find non_null_preds name with - Not_found -> + Not_found -> Format.eprintf "Java_interp: non_null_pred(%s)@." name; assert false - + let create_non_null_fun si = - let fi = - Jc_pervasives.make_fun_info + let fi = + Jc_pervasives.make_fun_info ("non_null_" ^ si.jc_struct_info_name) Jc_pervasives.boolean_type in @@ -561,8 +568,8 @@ fi let create_non_null_pred si = - let li = - Jc_pervasives.make_pred + let li = + Jc_pervasives.make_pred ("Non_null_" ^ si.jc_struct_info_name) in Hashtbl.add non_null_preds si.jc_struct_info_name li; @@ -571,12 +578,12 @@ let dummy_pos_term ty t = new term ~typ:ty t -let term_zero = - dummy_loc_term Jc_pervasives.integer_type +let term_zero = + dummy_loc_term Jc_pervasives.integer_type (JCTconst (JCCinteger "0")) -let term_maxint = - dummy_loc_term Jc_pervasives.integer_type +let term_maxint = + dummy_loc_term Jc_pervasives.integer_type (JCTconst (JCCinteger "2147483647")) let term_plus_one t = @@ -605,7 +612,34 @@ ~op:(lbin_op t op) ~expr2:(term e2) () - | JTapp (fi, labels, el) -> + | JTbin_obj (e1, op, e2) -> (* case e1 != null *) + if op = Bne && e2.java_term_node = JTlit Null then + let t1 = term e1 in + match e1.java_term_type with + | JTYbase _ | JTYnull | JTYlogic _ -> assert false + | JTYclass (_, _ci) -> + mkapp + ~fun_name: (non_null_pred "Object").jc_logic_info_name + ~args: [t1] + () + | JTYinterface _ii -> + mkeq + ~expr1: (mkoffset_max ~expr:t1 ()) + ~expr2: zero + () + | JTYarray (_, t) -> + let si = get_array_struct Loc.dummy_position t in + let li = non_null_pred si.jc_struct_info_name in + mkapp + ~fun_name: li.jc_logic_info_name + ~args: [t1] + () + else mkbinary + ~expr1: (term e1) + ~op: (lobj_op op) + ~expr2: (term e2) + () + | JTapp (fi, labels, el) -> mkapp ~fun_name: (get_logic_fun fi).jc_logic_info_name ~labels:(List.map (fun (_,l) -> tr_logic_label l) labels) @@ -618,9 +652,9 @@ ~expr: (term t) ~field: (fi_name (get_field fi)) () - | JTstatic_field_access(_ci,fi) -> + | JTstatic_field_access(_ci,fi) -> mkvar ~name:(var_name (get_static_var fi)) () - | JTarray_length(t) -> + | JTarray_length(t) -> begin match t.java_term_type with | JTYarray (_, ty) -> @@ -629,7 +663,7 @@ plus_one (mkoffset_max ~pos:t#pos ~expr:t ()) | _ -> assert false end - | JTarray_access(t1,t2) -> + | JTarray_access(t1,t2) -> begin match t1.java_term_type with | JTYarray (_, ty) -> @@ -688,9 +722,9 @@ mkboolean ~value:true () | JAfalse -> mkboolean ~value:false () - | JAat(a,lab) -> - mkat - ~expr:(assertion a) + | JAat(a,lab) -> + mkat + ~expr:(assertion a) ~label:(tr_logic_label lab) () | JAnot a -> @@ -701,7 +735,7 @@ ~op: (lbin_op t op) ~expr2: (term e2) () - | JAbin_obj (e1, op, e2) -> (* case e1 != null *) + | JAbin_obj (e1, op, e2) -> (* case e1 != null *) if op = Bne && e2.java_term_node = JTlit Null then let t1 = term e1 in match e1.java_term_type with @@ -728,13 +762,13 @@ ~op: (lobj_op op) ~expr2: (term e2) () - | JAapp (fi, labels, el)-> + | JAapp (fi, labels, el)-> mkapp ~fun_name: (get_logic_fun fi).jc_logic_info_name ~labels:(List.map (fun (_,l) -> tr_logic_label l) labels) ~args: (List.map term el) () - | JAquantifier (q, vi, a)-> + | JAquantifier (q, vi, a)-> let vi = create_var a.java_assertion_loc vi in mkquantifier ~quantifier: (quantifier q) @@ -742,22 +776,22 @@ ~vars: [var_id vi] ~body: (assertion a) () - | JAimpl (a1, a2)-> + | JAimpl (a1, a2)-> mkimplies ~expr1: (assertion a1) ~expr2: (assertion a2) () - | JAiff (a1, a2)-> + | JAiff (a1, a2)-> mkiff ~expr1: (assertion a1) ~expr2: (assertion a2) () - | JAor (a1, a2)-> + | JAor (a1, a2)-> mkor ~expr1: (assertion a1) ~expr2: (assertion a2) () - | JAand (a1, a2)-> + | JAand (a1, a2)-> mkand ~expr1: (assertion ~reg a1) ~expr2: (assertion ~reg a2) @@ -784,9 +818,9 @@ in let a' = new pexpr ~pos:a.java_assertion_loc a'#node in if reg then locate a.java_assertion_loc a' else a' - + (*let dummy_loc_assertion a = - { jc_assertion_loc = Loc.dummy_position; + { jc_assertion_loc = Loc.dummy_position; jc_assertion_label = ""; jc_assertion_node = a } *) @@ -800,12 +834,12 @@ (*s translation of structure types *) -let rec term_of_expr e = +let rec term_of_expr e = let t = match e.java_expr_node with | JElit l -> JTlit l | JEvar vi -> JTvar vi - | JEbin (e1, op, e2) -> + | JEbin (e1, op, e2) -> JTbin (term_of_expr e1, Tinteger, op, term_of_expr e2) | JEun (op, e) -> JTun (Tinteger, op, term_of_expr e) | JEfield_access (e, fi) -> JTfield_access (term_of_expr e, fi) @@ -818,7 +852,7 @@ { java_term_loc = e.java_expr_loc; java_term_type = e.java_expr_type; java_term_node = t } - + (* exceptions *) let tr_exception ei acc = @@ -826,26 +860,26 @@ ~name:ei.jc_exception_info_name ?arg_type:(Option_misc.map ptype_of_type ei.jc_exception_info_type) ()) :: acc - + (* array_length funs *) let java_array_length_funs = Hashtbl.create 17 let java_array_length_fun st = try - Hashtbl.find java_array_length_funs st.jc_struct_info_name + Hashtbl.find java_array_length_funs st.jc_struct_info_name with Not_found -> assert false let create_java_array_length_fun st = - let fi = - Jc_pervasives.make_fun_info + let fi = + Jc_pervasives.make_fun_info ("java_array_length_" ^ st.jc_struct_info_name) Jc_pervasives.integer_type in Hashtbl.add java_array_length_funs st.jc_struct_info_name fi; fi - + let array_types decls = Java_options.lprintf "(**********************)@."; Java_options.lprintf "(* array types *)@."; @@ -861,7 +895,7 @@ jc_struct_info_root = Some object_variant; } in - let fi = { + let fi = { jc_field_info_name = f; jc_field_info_final_name = f; jc_field_info_tag = 0 (* TODO *); @@ -876,17 +910,17 @@ st.jc_struct_info_fields <- [fi]; Java_options.lprintf "%s@." st.jc_struct_info_name; Hashtbl.add array_struct_table n st; - + (* predicate non_null *) let non_null_pred = create_non_null_pred st in - + (* java_array_length fun *) let fi = create_java_array_length_fun st in let vi = - (* type is T[0..-1] here + (* type is T[0..-1] here (i.e. access to array length has meaning for non null arrays only) *) - Jc_pervasives.var - (JCTpointer (JCtag (st, []), Some num_zero, Some num_minus_one)) "x" + Jc_pervasives.var + (JCTpointer (JCtag (st, []), Some num_zero, Some num_minus_one)) "x" in let vie = mkvar ~name:(var_name vi) () in let result_var = mkvar ~name:"\\result" () in @@ -918,7 +952,7 @@ ~name: (new identifier fi.jc_fun_info_name) ~params: args ~clauses: spec - ()) + ()) in (* non_null fun & pred *) let non_null_fi = create_non_null_fun st in @@ -940,8 +974,8 @@ ] in let vi = (* type is T[0..] here *) - Jc_pervasives.var - (JCTpointer (JCtag (st, []), Some num_zero, None)) "x" + Jc_pervasives.var + (JCTpointer (JCtag (st, []), Some num_zero, None)) "x" in let args = [false, ptype_of_type vi.jc_var_info_type, var_name vi] in let largs = [ptype_of_type vi.jc_var_info_type, var_name vi] in @@ -976,22 +1010,22 @@ None end st.jc_struct_info_fields) ()) :: acc, - array_length_fun :: + array_length_fun :: non_null_fun :: decls) Java_analysis.array_struct_table - ([], + ([], ((mktag_def ~name:"interface" ()) :: (mkvariant_type_def ~name:"interface" ~tags:[ new identifier "interface" ] ()) - ::if !Java_options.minimal_class_hierarchy then [] + ::if !Java_options.minimal_class_hierarchy then [] else [ mkvariant_type_def ~name:"Object" ~tags:[ new identifier "Object" ] () ] ), decls) - + (***************** @@ -1004,10 +1038,11 @@ | JTlit _l -> assert false (* TODO *) | JTun(_t,_op,_e1) -> assert false (* TODO *) | JTbin(_e1,_t,_op,_e2) -> assert false (* TODO *) + | JTbin_obj(_e1,_op,_e2) -> assert false (* TODO *) | JTapp (_, _, _) -> assert false (* TODO *) | JTvar vi -> mkvar ~name:(var_name (get_var vi)) () - | JTfield_access(t,fi) -> + | JTfield_access(t,fi) -> begin match logic_label with | None -> assert false | Some lab -> @@ -1020,7 +1055,7 @@ | JTstatic_field_access(_ci,fi) -> mkvar ~name:(var_name (get_static_var fi)) () | JTarray_length(_t) -> assert false (* TODO *) - | JTarray_access(t1,t2) -> + | JTarray_access(t1,t2) -> begin match t1.java_term_type with | JTYarray (_, ty) -> @@ -1040,7 +1075,7 @@ end | _ -> assert false end - | JTarray_range(t1,t2,t3) -> + | JTarray_range(t1,t2,t3) -> begin match t1.java_term_type with | JTYarray (_, ty) -> @@ -1070,10 +1105,11 @@ | JTlit _l -> assert false (* TODO *) | JTun(_t,_op,_e1) -> assert false (* TODO *) | JTbin(_e1,_t,_op,_e2) -> assert false (* TODO *) + | JTbin_obj(_e1,_op,_e2) -> assert false (* TODO *) | JTapp (_, _, _) -> assert false (* TODO *) | JTvar vi -> mkvar ~name:(var_name (get_var vi)) () - | JTfield_access(t,fi) -> + | JTfield_access(t,fi) -> begin match logic_label with | None -> assert false | Some lab -> @@ -1086,7 +1122,7 @@ | JTstatic_field_access(_ci,fi) -> mkvar ~name:(var_name (get_static_var fi)) () | JTarray_length(_t) -> assert false (* TODO *) - | JTarray_access(t1,t2) -> + | JTarray_access(t1,t2) -> begin match t1.java_term_type with | JTYarray (_, ty) -> @@ -1106,7 +1142,7 @@ end | _ -> assert false end - | JTarray_range(t1,t2,t3) -> + | JTarray_range(t1,t2,t3) -> begin match t1.java_term_type with | JTYarray (_, ty) -> @@ -1130,7 +1166,7 @@ | JTat _ -> assert false (* TODO, maybe change logic_label ? *) | JTcast(_ty,_t) -> assert false (* TODO *) | JTif _ -> assert false (* TODO *) - + let un_op op: [> Jc_ast.unary_op] = match op with @@ -1149,7 +1185,7 @@ | Biff -> assert false | Bor -> `Blor | Band -> `Bland - | Bimpl -> assert false + | Bimpl -> assert false | Bgt -> `Bgt | Bne -> `Bneq | Beq -> `Beq @@ -1190,13 +1226,13 @@ | JElit (String _s) -> any_string | JElit l -> mkconst ~const:(lit l) () - | JEincr_local_var(op,v) -> + | JEincr_local_var(op,v) -> reg := true; mkunary ~op: (incr_op op) ~expr: (mkvar ~name:(var_name (get_var v)) ()) () - | JEincr_field(op,e1,fi) -> + | JEincr_field(op,e1,fi) -> reg := true; mkincr_heap ~op: (incr_op op) @@ -1223,9 +1259,9 @@ () | _ -> assert false end - | JEun (op, e1) -> + | JEun (op, e1) -> let e1 = expr e1 in - reg := true; + reg := true; int_cast e.java_expr_loc e.java_expr_type (mkunary ~op:(un_op op) ~expr:e1 ()) | JEbin (e1, op, e2) (* case e1 == null *) @@ -1240,7 +1276,7 @@ mknot ~expr: (mkapp - (* Romain: pourquoi non_null_fun et pas null_fun ? + (* Romain: pourquoi non_null_fun et pas null_fun ? Claude: parce que mknot au-dessus *) ~fun_name: (non_null_fun st).jc_fun_info_name ~args: [e] @@ -1266,7 +1302,7 @@ reg := true; int_cast e.java_expr_loc e.java_expr_type (mkbinary ~expr1:e1 ~op:(bin_op op) ~expr2:e2 ()) - | JEif (e1,e2,e3) -> + | JEif (e1,e2,e3) -> mkif ~condition: (expr e1) ~expr_then: (expr e2) @@ -1276,10 +1312,10 @@ mkvar ~name:(var_name (get_var vi)) () | JEstatic_field_access(_ci,fi) -> mkvar ~name:(var_name (get_static_var fi)) () - | JEfield_access(e1,fi) -> + | JEfield_access(e1,fi) -> reg := true; mkderef ~expr:(expr e1) ~field:(fi_name (get_field fi)) () - | JEarray_length e -> + | JEarray_length e -> begin match e.java_expr_type with | JTYarray (_, ty) -> @@ -1291,7 +1327,7 @@ () | _ -> assert false end - | JEarray_access(e1,e2) -> + | JEarray_access(e1,e2) -> begin match e1.java_expr_type with | JTYarray (_, ty) -> @@ -1396,21 +1432,21 @@ () | _ -> assert false end - | JEcall(e1,mi,args) -> + | JEcall(e1,mi,args) -> reg := true; mkapp ~fun_name: (get_fun e.java_expr_loc mi.method_info_tag).jc_fun_info_name ~args: (List.map expr (e1 :: args)) () - | JEconstr_call (e1, ci, args) -> + | JEconstr_call (e1, ci, args) -> reg := true; mkapp ~fun_name: (get_fun e.java_expr_loc ci.constr_info_tag).jc_fun_info_name ~args: (List.map expr (e1 :: args)) () - | JEstatic_call(mi,args) -> + | JEstatic_call(mi,args) -> reg := true; mkapp ~fun_name: @@ -1452,7 +1488,7 @@ | JEcast(ty,e1) -> begin match ty with - | JTYbase _t -> + | JTYbase _t -> if !Java_options.ignore_overflow then expr e1 else begin reg := true; mkcast @@ -1461,11 +1497,11 @@ () end | JTYclass(_,_ci) -> - reg := true; - mkcast ~expr:(expr e1) + reg := true; + mkcast ~expr:(expr e1) ~typ: (ptype_of_type (tr_type e.java_expr_loc ty)) () - | JTYinterface _ii -> + | JTYinterface _ii -> begin match e1.java_expr_type with | JTYclass _ -> expr e1 (* TODO *) @@ -1478,11 +1514,11 @@ *) end | JTYarray (_, ty) -> - reg := true; - mkcast ~expr:(expr e1) + reg := true; + mkcast ~expr:(expr e1) ~typ: (ptype_of_type (tr_type e.java_expr_loc ty)) () - | JTYnull | JTYlogic _ -> assert false + | JTYnull | JTYlogic _ -> assert false end | JEinstanceof(e,ty) -> begin @@ -1503,7 +1539,7 @@ | JIexpr e -> expr ~reg:true e | JIlist il -> begin match ty with - | JTYarray (_, ty) -> + | JTYarray (_, ty) -> let si = get_array_struct Loc.dummy_position ty in mkalloc ~count: (mkint ~value:(List.length il) ()) @@ -1515,7 +1551,7 @@ (* let dummy_loc_statement s = - { jc_tstatement_loc = Loc.dummy_position; + { jc_tstatement_loc = Loc.dummy_position; jc_tstatement_node = s } let make_block l = @@ -1544,15 +1580,15 @@ match v with | None -> None | Some(t,None) -> Some(reg_term t,None) - | Some(t,Some fi) -> + | Some(t,Some fi) -> Some(reg_term t,Some (new identifier fi.java_logic_info_name)) let loop_annot annot = let invariant = reg_assertion annot.loop_inv in let behs_inv = - List.map - (fun ((loc,id),a) -> - ([new identifier ~pos:loc id],Some (reg_assertion a), None)) + List.map + (fun ((loc,id),a) -> + ([new identifier ~pos:loc id],Some (reg_assertion a), None)) annot.behs_loop_inv in let v = variant annot.loop_var in @@ -1586,13 +1622,13 @@ mkvoid () | JSlabel(lab,s) -> mklabel lab (statement s) () - | JSbreak label -> + | JSbreak label -> mkbreak ?label () - | JScontinue label -> + | JScontinue label -> mkcontinue ?label () | JSreturn_void -> mkreturn () - | JSreturn e -> + | JSreturn e -> let _ = tr_type e.java_expr_loc e.java_expr_type in mkreturn ~expr:(expr e) () | JSthrow e -> @@ -1602,10 +1638,10 @@ let li = non_null_pred "Object" in let tmp_name = "java_thrown_exception" in let tmp_var = mkvar ~name:"java_thrown_exception" () in - let ass = - mkassert - ~expr:(mkapp ~fun_name:li.jc_logic_info_name - ~args:[tmp_var] ()) () + let ass = + mkassert + ~expr:(mkapp ~fun_name:li.jc_logic_info_name + ~args:[tmp_var] ()) () in let th = mkthrow @@ -1621,7 +1657,7 @@ () | JSblock l -> mkblock ~exprs:(List.map statement l) () - | JSvar_decl (vi, init, s) -> + | JSvar_decl (vi, init, s) -> let ty = vi.java_var_info_type in let vi = create_var s.java_statement_loc vi in mklet @@ -1638,7 +1674,7 @@ () | JSdo (s, annot, e) -> let (behaviors, variant) = loop_annot annot in - let while_expr = + let while_expr = mkwhile ~behaviors ?variant ~condition:(expr e) ~body:(statement s) () in @@ -1685,24 +1721,24 @@ ()) in mkblock ~exprs:[res] () | JSexpr e -> expr e - | JSassert(forid,id,e) -> + | JSassert(forid,id,e) -> let pos = e.java_assertion_loc in let e' = reg_assertion e in - let behs = + let behs = Option_misc.fold_left - (fun acc id -> + (fun acc id -> (new identifier id)::acc) [] forid in let e = mkassert ~behs:behs ~expr:e' () in locate ?id pos e - | JSswitch(e,l) -> + | JSswitch(e,l) -> mkswitch ~expr:(expr e) ~cases:(List.map switch_case l) () | JStry(s1, catches, finally) -> mktry ~expr: (block s1) ~catches: - (List.map + (List.map (fun (vi,s2) -> let e = get_exception vi.java_var_info_type in let vti = create_var s.java_statement_loc vi in @@ -1755,24 +1791,24 @@ (fun vi -> (true, ptype_of_type vi.jc_var_info_type, (var_name vi))) params in - let return_type = - Option_misc.map - (fun vi -> - let _nvi = create_var Loc.dummy_position vi in - vi.java_var_info_type) - mi.method_info_result - in - let behaviors = - List.map (fun beh -> Jc_ast.JCCbehavior (behavior beh)) behs - in - let nfi = - create_fun Loc.dummy_position - mi.method_info_tag mi.method_info_result + let return_type = + Option_misc.map + (fun vi -> + let _nvi = create_var Loc.dummy_position vi in + vi.java_var_info_type) + mi.method_info_result + in + let behaviors = + List.map (fun beh -> Jc_ast.JCCbehavior (behavior beh)) behs + in + let nfi = + create_fun Loc.dummy_position + mi.method_info_tag mi.method_info_result mi.method_info_trans_name mi.method_info_parameters in let body = Option_misc.map block b in - let _ = - reg_pos ~id:nfi.jc_fun_info_name + let _ = + reg_pos ~id:nfi.jc_fun_info_name ~name:("Method " ^ mi.method_info_name) mi.method_info_loc in @@ -1799,7 +1835,7 @@ () in def::acc *) - + let tr_method_spec mi req dec behs b acc = let java_params = mi.method_info_parameters in let params = @@ -1813,23 +1849,23 @@ (fun vi -> (true, ptype_of_type vi.jc_var_info_type, (var_name vi))) params in - let return_type = - Option_misc.map - (fun vi -> - let _nvi = create_var Loc.dummy_position vi in - vi.java_var_info_type) - mi.method_info_result - in - let behaviors = - List.map (fun beh -> Jc_ast.JCCbehavior (behavior beh)) behs - in - let nfi = - create_fun Loc.dummy_position - mi.method_info_tag mi.method_info_result + let return_type = + Option_misc.map + (fun vi -> + let _nvi = create_var Loc.dummy_position vi in + vi.java_var_info_type) + mi.method_info_result + in + let behaviors = + List.map (fun beh -> Jc_ast.JCCbehavior (behavior beh)) behs + in + let nfi = + create_fun Loc.dummy_position + mi.method_info_tag mi.method_info_result mi.method_info_trans_name mi.method_info_parameters in - let _ = - reg_pos ~id:nfi.jc_fun_info_name + let _ = + reg_position ~id:nfi.jc_fun_info_name ~name:("Method " ^ mi.method_info_name) mi.method_info_loc in @@ -1859,11 +1895,11 @@ ?body () in def::acc - + let default_base_value t = match t with | Tshort | Tbyte | Tchar | Tint | Tlong -> - JCCinteger "0" + JCCinteger "0" | Tboolean -> JCCboolean false | Tfloat | Tdouble -> JCCreal "0.0" | Tinteger | Treal -> assert false @@ -1888,47 +1924,47 @@ let tr_constr ci req behs b acc = let params = List.map (fun (vi, _) -> create_var Loc.dummy_position vi) - ci.constr_info_parameters + ci.constr_info_parameters in let this = match ci.constr_info_this with | None -> assert false - | Some vi -> (create_var Loc.dummy_position vi) + | Some vi -> (create_var Loc.dummy_position vi) in - let nfi = + let nfi = create_fun Loc.dummy_position ci.constr_info_tag None ci.constr_info_trans_name ci.constr_info_parameters in let body = statements b (* -@ +@ [dummy_loc_statement (JCTSreturn(this.jc_var_info_type, - dummy_loc_expr + dummy_loc_expr this.jc_var_info_type - (JCTEvar this)))] + (JCTEvar this)))] *) in -(* NO: TODO - let body = +(* NO: TODO + let body = dummy_loc_statement (JCTSdecl(this,None,make_block body)) in *) let fields = ci.constr_info_class.class_info_fields in - let body = + let body = List.fold_right - (fun fi acc -> + (fun fi acc -> if fi.java_field_info_is_static then acc else try init_field (mkvar ~name:(var_name this) ()) fi::acc with Assert_failure _ -> acc) fields body in - let _ = - reg_pos ~id:nfi.jc_fun_info_name + let _ = + reg_pos ~id:nfi.jc_fun_info_name ~name:("Constructor of class "^ci.constr_info_class.class_info_name) - ci.constr_info_loc + ci.constr_info_loc in - let params = + let params = (* false because this not yet valid *) (false, ptype_of_type this.jc_var_info_type, var_name this) :: @@ -1937,8 +1973,8 @@ params in let requires = mkrequires_clause (reg_assertion_option req) in - let behaviors = - List.map (fun beh -> Jc_ast.JCCbehavior (behavior beh)) behs + let behaviors = + List.map (fun beh -> Jc_ast.JCCbehavior (behavior beh)) behs in let def = mkfun_def ~name: (new identifier nfi.jc_fun_info_name) @@ -1952,23 +1988,23 @@ let tr_constr_spec ci req behs b acc = let params = List.map (fun (vi, _) -> create_var Loc.dummy_position vi) - ci.constr_info_parameters + ci.constr_info_parameters in let this = match ci.constr_info_this with | None -> assert false - | Some vi -> (create_var Loc.dummy_position vi) + | Some vi -> (create_var Loc.dummy_position vi) in - let nfi = + let nfi = create_fun Loc.dummy_position ci.constr_info_tag None ci.constr_info_trans_name ci.constr_info_parameters in - let _ = - reg_pos ~id:nfi.jc_fun_info_name + let _ = + reg_position ~id:nfi.jc_fun_info_name ~name:("Constructor of class "^ci.constr_info_class.class_info_name) - ci.constr_info_loc + ci.constr_info_loc in - let params = + let params = (* false because this not yet valid *) (false, ptype_of_type this.jc_var_info_type, var_name this) :: @@ -1977,30 +2013,30 @@ params in let requires = mkrequires_clause (reg_assertion_option req) in - let behaviors = - List.map (fun beh -> Jc_ast.JCCbehavior (behavior beh)) behs + let behaviors = + List.map (fun beh -> Jc_ast.JCCbehavior (behavior beh)) behs in (ci,this,nfi,params,requires::behaviors,b) :: acc let tr_constr_body (ci,this,nfi,params,clauses,b) acc = let body = statements b (* - @ + @ [dummy_loc_statement (JCTSreturn(this.jc_var_info_type, - dummy_loc_expr + dummy_loc_expr this.jc_var_info_type - (JCTEvar this)))] + (JCTEvar this)))] *) in - (* NO: TODO - let body = + (* NO: TODO + let body = dummy_loc_statement (JCTSdecl(this,None,make_block body)) in *) let fields = ci.constr_info_class.class_info_fields in - let body = + let body = List.fold_right - (fun fi acc -> + (fun fi acc -> if fi.java_field_info_is_static then acc else try init_field (mkvar ~name:(var_name this) ()) fi::acc @@ -2014,7 +2050,7 @@ ~clauses () in def :: acc - + let default_label l = match l with | [l] -> Some l @@ -2026,7 +2062,7 @@ (JCTpointer (JCtag(si, []), Some num_zero, None)) "x" in let vit = mkvar ~name:(var_name vi) () in let offset_maxt = mkoffset_max ~expr:vit () in - let offset_maxa = mkeq ~expr1:offset_maxt ~expr2:zero () in + let offset_maxa = mkbinary ~op:`Bge ~expr1:offset_maxt ~expr2:zero () in let non_null_pred = create_non_null_pred si in mklogic_def ~name: non_null_pred.jc_logic_info_name @@ -2034,8 +2070,8 @@ ~params: [ptype_of_type vi.jc_var_info_type, var_name vi] ~body: offset_maxa () - -let tr_logic_fun fi (b : logic_decl_body) acc = + +let tr_logic_fun fi (b : logic_decl_body) acc = if b = `Builtin then acc else let nfi = create_logic_fun Loc.dummy_position fi in let def_ = @@ -2050,17 +2086,17 @@ in let def = match b with | `Assertion a -> def_ ~body:(assertion a) () - | `Inductive l -> + | `Inductive l -> def_ ~inductive: - (List.map - (fun ((loc,id),labels,a) -> + (List.map + (fun ((loc,id),labels,a) -> (new identifier ~pos:loc id, List.map tr_logic_label labels, - assertion a)) l) + assertion a)) l) () | `Term t -> def_ ~body:(term t) () | `None -> def_ () - | `Reads l -> + | `Reads l -> let logic_label = default_label fi.java_logic_info_labels in def_ ~reads:(List.map (location logic_label) l) () | `Builtin -> assert false @@ -2068,7 +2104,12 @@ (*s axioms *) -let tr_axiom id is_axiom lab p acc = +let tr_axiom id is_axiom loc lab p acc = + let (_ : string) = + reg_pos ~id + ~name:("Lemma " ^ id) + loc + in let def = mklemma_def ~name: id ~axiom:is_axiom @@ -2082,7 +2123,7 @@ match d with | Aaxiom(id,is_axiom,labels,a) -> acc | Atype _ -> assert false - | Areads (fi, r) -> tr_logic_fun fi (JReads r) + | Areads (fi, r) -> tr_logic_fun fi (JReads r) | Aind_def (_, _) -> assert false | Afun_def (_, _) -> assert false | Apred_def (_, _) -> assert false @@ -2105,18 +2146,18 @@ let tr_axiomatic_decl acc d = match d with | Aaxiom(_id,_is_axiom,_labels,_a) -> acc - | Atype s -> + | Atype s -> Java_options.lprintf "translating logic type %s@." s; tr_logic_type s acc - | Adecl(fi, b) -> + | Adecl(fi, b) -> Java_options.lprintf "translating axiomatic function %s@." fi.java_logic_info_name; - tr_logic_fun fi b acc + tr_logic_fun fi b acc let tr_axiomatic_axiom acc d = match d with - | Aaxiom(id,is_axiom,labels,a) -> + | Aaxiom(id,is_axiom,labels,a) -> Java_options.lprintf "translating axiom %s@." id; - tr_axiom id is_axiom labels a acc + tr_axiom id is_axiom Loc.dummy_floc labels a acc | Atype _s -> acc | Adecl(_fi, _b) -> acc @@ -2131,31 +2172,31 @@ let vi_ty = vi.jc_var_info_type in let fi_ty = fi.java_field_info_type in if fi.java_field_info_is_final then - let logic_body, axiom_body = + let logic_body, axiom_body = try - let e = + let e = Hashtbl.find Java_typing.field_initializer_table fi.java_field_info_tag in let values = Hashtbl.find Java_typing.final_field_values_table fi.java_field_info_tag in let get_value value = match fi_ty with - | JTYarray (_,JTYbase t) | JTYbase t -> + | JTYarray (_,JTYbase t) | JTYbase t -> begin match t with - | Tshort | Tbyte | Tchar | Tint - | Tlong | Tdouble | Tinteger -> + | Tshort | Tbyte | Tchar | Tint + | Tlong | Tdouble | Tinteger -> JCCinteger (Num.string_of_num value) - | Tboolean -> + | Tboolean -> let b = match Num.string_of_num value with | "0" -> false | "1" -> true | _ -> assert false (* should never happen *) in JCCboolean b - | Tfloat | Treal -> assert false (* TODO *) + | Tfloat | Treal -> assert false (* TODO *) | Tstring -> assert false (* TODO *) | Tunit -> assert false end - | JTYnull | JTYclass _ | JTYinterface _ | JTYarray _ | JTYlogic _ -> + | JTYnull | JTYclass _ | JTYinterface _ | JTYarray _ | JTYlogic _ -> assert false in match e with @@ -2192,7 +2233,7 @@ ()) () in - let fi' = List.hd si.jc_struct_info_fields in + let fi' = List.hd si.jc_struct_info_fields in let a, _ = List.fold_left2 begin fun (acc, cpt) init n -> match init with | JIexpr e -> @@ -2220,22 +2261,22 @@ with Not_found -> Java_options.lprintf "Warning: final field '%s' of %a has no known value@." - fi.java_field_info_name - Java_typing.print_type_name + fi.java_field_info_name + Java_typing.print_type_name fi.java_field_info_class_or_interface; None, None in let def1 = mklogic_var_def ~typ: (ptype_of_type vi_ty) - ~name: (var_name vi) - ?body:logic_body + ~name: (var_name vi) + ?body:logic_body () in match logic_body,axiom_body with | (Some _,None) -> - def1 :: acc - | (None, _ (* Some a *)) -> + def1 :: acc + | (None, _ (* Some a *)) -> let ax = mkaxiomatic ~name: (fi.java_field_info_name^"_theory") @@ -2254,8 +2295,8 @@ ax :: acc | _ -> assert false else - let e = - try match Hashtbl.find Java_typing.field_initializer_table + let e = + try match Hashtbl.find Java_typing.field_initializer_table fi.java_field_info_tag with | None -> None | Some e -> Some (tr_initializer fi_ty e) @@ -2273,23 +2314,23 @@ (* class *) let tr_class ci acc0 acc = - let non_final_fields = + let non_final_fields = List.filter (fun fi -> not fi.java_field_info_is_final) ci.class_info_fields in - let (static_fields, fields) = - List.partition + let (static_fields, fields) = + List.partition (fun fi -> fi.java_field_info_is_static) non_final_fields in let super = let superclass = Option_misc.map (fun ci -> ci.class_info_name, []) - ci.class_info_extends + ci.class_info_extends in - match superclass with - | None -> - if ci.class_info_name = "Object" + match superclass with + | None -> + if ci.class_info_name = "Object" then None else Some ("Object", []) | _ -> superclass @@ -2298,14 +2339,14 @@ (* create exceptions if subclass of Exception *) begin if ci.class_info_is_exception then - ignore (create_exception + ignore (create_exception (Some (tr_type Loc.dummy_position (JTYclass (false, ci)))) ci.class_info_name); end; let jc_fields = List.map (create_field Loc.dummy_position) fields in (* non_null fun & pred *) let si = get_class ci.class_info_name in - let acc = + let acc = if ci.class_info_name = "Object" then let non_null_fi = create_non_null_fun si in let vi = Jc_pervasives.var @@ -2350,12 +2391,12 @@ ~tags:[ new identifier ci.class_info_name ] ())::acc0 else acc0) , acc - + (* interfaces *) -let tr_interface ii acc = - let fields = - List.filter +let tr_interface ii acc = + let fields = + List.filter (fun fi -> not fi.java_field_info_is_static) ii.interface_info_fields in @@ -2364,33 +2405,33 @@ let tr_class_or_interface ti acc0 acc = match ti with - | TypeClass ci -> + | TypeClass ci -> Java_options.lprintf "Creating JC structure for class '%s'@." ci.class_info_name; tr_class ci acc0 acc - | TypeInterface ii -> + | TypeInterface ii -> Java_options.lprintf "Handling interface '%s'@." ii.interface_info_name; (acc0, tr_interface ii acc) let tr_final_static_fields ti acc = match ti with - | TypeClass ci -> - let final_static_fields = + | TypeClass ci -> + let final_static_fields = List.filter - (fun fi -> + (fun fi -> fi.java_field_info_is_final && fi.java_field_info_is_static) ci.class_info_fields in List.fold_left (tr_field ci.class_info_name) acc final_static_fields - | TypeInterface ii -> - List.fold_left - (tr_field ii.interface_info_name) - acc ii.interface_info_final_fields + | TypeInterface ii -> + List.fold_left + (tr_field ii.interface_info_name) + acc ii.interface_info_final_fields let tr_invariants ci id invs decls = let invs = List.map - (fun ((_, s), a) -> + (fun ((_, s), a) -> let vi = create_var Loc.dummy_position id in new identifier s, var_name vi, assertion a) invs @@ -2409,12 +2450,12 @@ (* static invariants *) -let tr_static_invariant (s, a) = +let tr_static_invariant (s, a) = mkglobal_inv_def ~name:s ~body:(assertion a) () (* -Local Variables: +Local Variables: compile-command: "LC_ALL=C make -C .. byte" -End: +End: *) diff -Nru why-2.29+dfsg/java/java_lexer.mll why-2.30+dfsg/java/java_lexer.mll --- why-2.29+dfsg/java/java_lexer.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_lexer.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/java/java_main.ml why-2.30+dfsg/java/java_main.ml --- why-2.29+dfsg/java/java_main.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_main.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -50,13 +50,13 @@ Java_options.lprintf "(****** typing phase 3 : type specs *****)@."; Java_typing.type_specs p t; printf "Typing OK.@."; - + if !Java_options.abstract <> "" then begin match astl with | [a] -> - Pp.print_in_file - (fun fmt -> Java_abstract.compilation_unit fmt a) + Pp.print_in_file + (fun fmt -> Java_abstract.compilation_unit fmt a) !Java_options.abstract; exit 0 | _ -> @@ -67,34 +67,34 @@ (************) (* Analyses *) (************) - - Hashtbl.iter + + Hashtbl.iter (fun _ (f,t) -> Java_callgraph.compute_logic_calls f t) Java_typing.logic_defs_table; - - Hashtbl.iter - (fun _ mt -> - Option_misc.iter - (Java_callgraph.compute_calls + + Hashtbl.iter + (fun _ mt -> + Option_misc.iter + (Java_callgraph.compute_calls mt.Java_typing.mt_method_info - mt.Java_typing.mt_requires) + mt.Java_typing.mt_requires) mt.Java_typing.mt_body) Java_typing.methods_table; - - Hashtbl.iter - (fun _ ct -> - Java_callgraph.compute_constr_calls + + Hashtbl.iter + (fun _ ct -> + Java_callgraph.compute_constr_calls ct.Java_typing.ct_constr_info ct.Java_typing.ct_requires ct.Java_typing.ct_body) Java_typing.constructors_table; - - let _logic_components = - Java_callgraph.compute_logic_components + + let _logic_components = + Java_callgraph.compute_logic_components Java_typing.logic_defs_table in - let components = - Java_callgraph.compute_components + let components = + Java_callgraph.compute_components Java_typing.methods_table Java_typing.constructors_table in @@ -106,72 +106,72 @@ (* Hashtbl.iter (fun mi mti -> - Java_analysis.do_method - mti.Java_typing.mt_method_info + Java_analysis.do_method + mti.Java_typing.mt_method_info mti.Java_typing.mt_requires mti.Java_typing.mt_ensures - mti.Java_typing.mt_behaviors + mti.Java_typing.mt_behaviors mti.Java_typing.mt_body) Java_typing.methods_table; Hashtbl.iter (fun ci cti -> - Java_analysis.do_constructor - cti.Java_typing.ct_constr_info + Java_analysis.do_constructor + cti.Java_typing.ct_constr_info cti.Java_typing.ct_requires cti.Java_typing.ct_ensures - cti.Java_typing.ct_behaviors + cti.Java_typing.ct_behaviors cti.Java_typing.ct_body) Java_typing.constructors_table; *) - + (* analyze following call graph order TODO: precise the meaning of call graph with dynamic calls *) Array.iter - (List.iter - (fun mi -> + (List.iter + (fun mi -> match mi with - | MethodInfo mi -> + | MethodInfo mi -> let mti = Hashtbl.find Java_typing.methods_table mi.method_info_tag in - Java_analysis.do_method - mti.Java_typing.mt_method_info + Java_analysis.do_method + mti.Java_typing.mt_method_info mti.Java_typing.mt_requires - mti.Java_typing.mt_behaviors + mti.Java_typing.mt_behaviors mti.Java_typing.mt_body | ConstructorInfo ci -> let cti = Hashtbl.find Java_typing.constructors_table ci.constr_info_tag in Java_analysis.do_constructor - cti.Java_typing.ct_constr_info + cti.Java_typing.ct_constr_info cti.Java_typing.ct_requires - cti.Java_typing.ct_behaviors + cti.Java_typing.ct_behaviors cti.Java_typing.ct_body)) components; - + (*******************************) (* production of jessie output *) (*******************************) - + Java_options.lprintf "production phase 1.1 : generation of Jessie logic types@."; - let decls = + let decls = (* - Hashtbl.fold - (fun _ id acc -> + Hashtbl.fold + (fun _ id acc -> Java_options.lprintf "generating logic type `%s'@." id; - Java_interp.tr_logic_type id acc) - Java_typing.logic_types_table + Java_interp.tr_logic_type id acc) + Java_typing.logic_types_table *) - [] - in - + [] + in + Java_options.lprintf "production phase 1.2 : generation of Jessie range_types@."; let decls = Java_interp.range_types decls in - + let non_null_preds, acc, decls_arrays = Java_interp.array_types [] in - let decls_constants = + let decls_constants = Hashtbl.fold (fun _ id acc -> Java_interp.tr_final_static_fields id acc) Java_typing.type_table @@ -180,100 +180,112 @@ Java_options.lprintf "production phase 1.4 : generation of Jessie struct types@."; let non_null_preds = Java_interp.tr_non_null_logic_fun () :: non_null_preds in let decls_java_types, decls_structs = - Hashtbl.fold + Hashtbl.fold (fun _ id (acc0, acc) -> Java_interp.tr_class_or_interface id acc0 acc) Java_typing.type_table ([], decls_arrays) in - let decls = decls_structs @ acc @ decls_java_types @ decls_constants @ non_null_preds @ decls in - + let decl_any_string = Java_interp.decl_any_string in + let decls = decls_structs @ acc @ decls_java_types @ decl_any_string @ decls_constants @ non_null_preds @ decls in + Java_options.lprintf "production phase 1.3 : generation of Jessie logic functions@."; - let decls = - Hashtbl.fold + let decls = + Hashtbl.fold (fun _ (li,p) acc -> - Java_options.lprintf "generating logic function `%s'@." + Java_options.lprintf "generating logic function `%s'@." li.java_logic_info_name; Java_interp.tr_logic_fun li (p :> Java_typing.logic_decl_body) acc) - Java_typing.logic_defs_table + Java_typing.logic_defs_table decls in - let decls = + let decls = Hashtbl.fold Java_interp.tr_axiomatic Java_typing.axiomatics_table decls - in + in (* production phase 1.5 : generation of Jessie lemmas *) - let decls = - Hashtbl.fold - (fun id (lab,p) -> - Java_options.lprintf "generating lemma `%s'@." id; - Java_interp.tr_axiom id false lab p) + let lemmas = + Hashtbl.fold + (fun id (loc,lab,p) acc -> (id,Loc.extract loc,lab,p)::acc) Java_typing.lemmas_table + [] + in + let compare_locs (id1,(_,l1,_,_),_,_) (id2,(_,l2,_,_),_,_) = + let c = Pervasives.compare l1 l2 in + if c = 0 then Pervasives.compare id1 id2 else c + in + let lemmas = List.sort compare_locs lemmas in + let decls = + List.fold_left + (fun acc (id,loc,lab,p) -> + Java_options.lprintf "generating lemma `%s'@." id; + Java_interp.tr_axiom id false loc lab p acc) decls + lemmas in (* any_string function *) (* let decls = Java_interp.any_string_decl :: decls in *) (* class invariants *) - let decls = + let decls = Hashtbl.fold (fun _ (ci, id, invs) acc -> Java_interp.tr_invariants ci id invs acc) Java_typing.invariants_table decls in - + (* production phase 1.5: generation of Jessie global invariants *) let decls = Hashtbl.fold - (fun _ invs acc -> + (fun _ invs acc -> (List.map (Java_interp.tr_static_invariant) invs) @ acc) Java_typing.static_invariants_table decls in - + (* production phase 1.6 : generation of Jessie exceptions *) let decls = - Hashtbl.fold + Hashtbl.fold (fun _ ei acc -> Java_interp.tr_exception ei acc) Java_interp.exceptions_table decls - in - - + in + + (* production phase 4 : generation of Jessie functions *) let decls = Array.fold_left (fun acc l -> let methods,constrs = - List.fold_left - (fun (m,c) f -> + List.fold_left + (fun (m,c) f -> match f with - | MethodInfo mi -> + | MethodInfo mi -> let mt = Hashtbl.find Java_typing.methods_table mi.method_info_tag in - printf "Generating JC function %s for method %a.%s@." + printf "Generating JC function %s for method %a.%s@." mi.method_info_trans_name - Java_typing.print_type_name + Java_typing.print_type_name mi.method_info_class_or_interface mi.method_info_name; - (Java_interp.tr_method_spec mi - mt.Java_typing.mt_requires + (Java_interp.tr_method_spec mi + mt.Java_typing.mt_requires mt.Java_typing.mt_decreases - mt.Java_typing.mt_behaviors + mt.Java_typing.mt_behaviors mt.Java_typing.mt_body m, c) | ConstructorInfo ci -> let ct = Hashtbl.find Java_typing.constructors_table ci.constr_info_tag in - printf "Generating JC function %s for constructor %s@." + printf "Generating JC function %s for constructor %s@." ci.constr_info_trans_name ci.constr_info_class.class_info_name; - (m,Java_interp.tr_constr_spec ci - ct.Java_typing.ct_requires - ct.Java_typing.ct_behaviors + (m,Java_interp.tr_constr_spec ci + ct.Java_typing.ct_requires + ct.Java_typing.ct_behaviors ct.Java_typing.ct_body c)) ([],[]) l @@ -293,12 +305,12 @@ decls components in - + (* production phase 5 : produce Jessie file *) - let decls = + let decls = (mkinvariant_policy_def ~value:!Java_options.inv_sem ()) - :: (mktermination_policy_def ~value:!Java_options.termination_policy ()) - :: (mkseparation_policy_def ~value:!Java_options.separation_policy ()) + :: (mktermination_policy_def ~value:!Java_options.termination_policy ()) + :: (mkseparation_policy_def ~value:!Java_options.separation_policy ()) :: (mkannotation_policy_def ~value:!Java_options.annotation_sem ()) :: (mkabstract_domain_def ~value:!Java_options.ai_domain ()) :: List.rev decls @@ -307,7 +319,7 @@ let f = Filename.chop_extension f in let cout = Pp.print_in_file_no_close (fun fmt -> fprintf fmt "%a@." Jc_poutput.pdecls decls) - (f ^ ".jc") + (f ^ ".jc") in output_string cout "/*\n"; output_string cout "Local Variables:\n"; @@ -322,12 +334,28 @@ output_string cout "End:\n"; output_string cout "*/\n"; close_out cout; - + (* production phase 5.2 : produce locs file *) - Pp.print_in_file Output.print_pos (f ^ ".jloc"); - - printf "Done.@." - + Pp.print_in_file Output.old_print_pos (f ^ ".jloc"); + + printf "Done.@."; + if not !Java_options.gen_only then + begin + printf "Calling Jessie...@."; + let ret = Sys.command ("jessie -why3ml -locs " ^ f ^ ".jloc " ^ f ^ ".jc") in + if ret <> 0 then + printf "Jessie failed, abort.@." + else + begin + let d = Filename.dirname f in + let b = Filename.basename f in + printf "Calling Why3...@."; + let _ret = Sys.command ("make -C " ^ d ^" -f " ^ b ^ ".makefile why3ml") in + () + end + end + + (* with *) (* | Java_typing.Typing_error(l,s) -> *) (* eprintf "%a: typing error: %s@." Loc.gen_report_position l s; *) @@ -335,15 +363,15 @@ (* | Java_options.Java_error(l,s) -> *) (* eprintf "%a: %s@." Loc.gen_report_position l s; *) (* exit 1 *) - - -let _ = + + +let _ = Sys.catch_break true; Java_typing.catch_typing_errors main () - - + + (* - Local Variables: + Local Variables: compile-command: "LC_ALL=C make -j -C .. bin/krakatoa.byte" - End: + End: *) diff -Nru why-2.29+dfsg/java/java_options.ml why-2.30+dfsg/java/java_options.ml --- why-2.29+dfsg/java/java_options.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_options.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -50,12 +50,12 @@ (*s environment variables *) -let libdir = +let libdir = try let v = Sys.getenv "KRAKATOALIB" in lprintf "KRAKATOALIB is set to %s@." v; v - with Not_found -> + with Not_found -> let p = Version.libdir in lprintf "KRAKATOALIB is not set, using %s as default@." p; p @@ -69,17 +69,18 @@ h::(split ch t) with Not_found -> [s] - + let libfile = "krakatoa.why" let javacard = ref false - + (*s command-line options *) - + let parse_only = ref false let type_only = ref false +let gen_only = ref false let abstract = ref "" let print_graph = ref false let debug = ref false @@ -103,24 +104,26 @@ let add_file f = files_ := f :: !files_ let files () = List.rev !files_ -let version () = +let version () = Printf.printf "This is Krakatoa version %s, compiled on %s -Copyright (c) 2006-2008 - INRIA team-project ProVal +Copyright (c) 2006-2011 - INRIA team-project ProVal This is free software with ABSOLUTELY NO WARRANTY (use option -warranty) " Version.version Version.date; exit 0 let usage = "krakatoa [options] files" -let _ = - Arg.parse - [ "-parse-only", Arg.Set parse_only, +let _ = + Arg.parse + [ "-parse-only", Arg.Set parse_only, " stops after parsing"; - "-type-only", Arg.Set type_only, + "-type-only", Arg.Set type_only, " stops after typing"; "-abstract", Arg.String ((:=) abstract), " stops after typing and output abstract view to " ; - "-print-call-graph", Arg.Set print_graph, + "-gen-only", Arg.Set gen_only, + " stops after producing .jc" ; + "-print-call-graph", Arg.Set print_graph, " stops after call graph and print call graph"; "-d", Arg.Set debug, " debugging mode"; @@ -137,7 +140,7 @@ "-javacard", Arg.Set javacard, " source is Java Card"; "-nonnull-sem", Arg.String - (function + (function | "none" -> nonnull_sem := Java_env.NonNullNone | "fields" -> nonnull_sem := Java_env.NonNullFields | "all" -> nonnull_sem := Java_env.NonNullAll @@ -158,36 +161,36 @@ let werror = !werror let why_opt = !why_opt -let classpath = +let classpath = let p = try let v = Sys.getenv "KRAKATOACLASSPATH" in lprintf "KRAKATOACLASSPATH is set to %s@." v; split ':' v - with Not_found -> - let p = Filename.concat libdir - (if !javacard then "javacard_api" else "java_api") + with Not_found -> + let p = Filename.concat libdir + (if !javacard then "javacard_api" else "java_api") in lprintf "KRAKATOACLASSPATH is not set, using %s as default@." p; [p] in - "." :: p + "." :: p (*s error handling *) exception Java_error of Loc.position * string -let parsing_error l f = - Format.ksprintf - (fun s -> +let parsing_error l f = + Format.ksprintf + (fun s -> let s = if s="" then s else " ("^s^")" in raise (Java_error(l, "syntax error" ^ s))) f (* -Local Variables: +Local Variables: compile-command: "make -j -C .. bin/krakatoa.byte" -End: +End: *) diff -Nru why-2.29+dfsg/java/java_pervasives.ml why-2.30+dfsg/java/java_pervasives.ml --- why-2.29+dfsg/java/java_pervasives.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_pervasives.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/java/java_syntax.ml why-2.30+dfsg/java/java_syntax.ml --- why-2.29+dfsg/java/java_syntax.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_syntax.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/java/java_tast.mli why-2.30+dfsg/java/java_tast.mli --- why-2.29+dfsg/java/java_tast.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_tast.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -43,12 +43,13 @@ | JTlit of literal | JTvar of java_var_info | JTat of term * logic_label - | JTbin of term * base_type * bin_op * term + | JTbin of term * base_type * bin_op * term + | JTbin_obj of term * bin_op * term | JTun of base_type * un_op * term | JTapp of java_logic_info * label_assoc * term list | JTfield_access of term * java_field_info | JTstatic_field_access of java_type_info * java_field_info - | JTarray_length of term + | JTarray_length of term | JTarray_access of term * term | JTarray_range of term * term option * term option | JTcast of java_type * term @@ -67,15 +68,15 @@ | JAtrue | JAfalse | JAat of assertion * logic_label - | JAnot of assertion + | JAnot of assertion | JAand of assertion * assertion | JAor of assertion * assertion | JAimpl of assertion * assertion | JAiff of assertion * assertion | JAquantifier of quantifier * java_var_info * assertion | JAbool_expr of term - | JAbin of term * base_type * bin_op * term - | JAbin_obj of term * bin_op * term + | JAbin of term * base_type * bin_op * term + | JAbin_obj of term * bin_op * term | JAapp of java_logic_info * label_assoc * term list | JAinstanceof of term * logic_label * java_type | JAif of term * assertion * assertion @@ -100,14 +101,14 @@ | JEif of expr * expr * expr (*r pre-post incr/decr operations *) | JEincr_local_var of incr_decr_op * java_var_info - | JEincr_field of incr_decr_op * expr * java_field_info + | JEincr_field of incr_decr_op * expr * java_field_info | JEincr_array of incr_decr_op * expr * expr | JEstatic_field_access of java_type_info * java_field_info | JEfield_access of expr * java_field_info - | JEarray_length of expr + | JEarray_length of expr | JEarray_access of expr * expr - | JEassign_local_var of java_var_info * expr - | JEassign_local_var_op of java_var_info * bin_op * expr + | JEassign_local_var of java_var_info * expr + | JEassign_local_var_op of java_var_info * bin_op * expr | JEassign_field of expr * java_field_info * expr | JEassign_field_op of expr * java_field_info * bin_op * expr | JEassign_static_field of java_field_info * expr @@ -129,8 +130,8 @@ | Super_method_call of identifier * pexpr list | Instanceof of pexpr * type_expr (* in annotations only *) - | Type of type_expr - | Typeof of expr + | Type of type_expr + | Typeof of expr *) (* statements *) @@ -161,18 +162,18 @@ and statement_node = | JSskip (*r empty statement *) | JSif of expr * statement * statement - | JSreturn_void - | JSreturn of expr + | JSreturn_void + | JSreturn of expr | JSvar_decl of java_var_info * initialiser option * statement | JSblock of block - | JSdo of statement * loop_annot * expr + | JSdo of statement * loop_annot * expr (*r loop body, annot, condition *) - | JSwhile of expr * loop_annot * statement + | JSwhile of expr * loop_annot * statement (*r condition, annot, loop body *) - | JSfor of expr list * expr * loop_annot * expr list * statement + | JSfor of expr list * expr * loop_annot * expr list * statement (*r init, condition, annot, steps, loop body *) - | JSfor_decl of (java_var_info * initialiser option) list * - expr * loop_annot * expr list * statement + | JSfor_decl of (java_var_info * initialiser option) list * + expr * loop_annot * expr list * statement (*r decls, condition, annot, steps, loop body *) | JSexpr of expr | JSassert of string option * string option * assertion @@ -181,8 +182,8 @@ | JScontinue of string option | JSthrow of expr | JStry of block * (java_var_info * block) list * block option - | JSstatement_spec of - assertion option * (term * java_logic_info option) option + | JSstatement_spec of + assertion option * (term * java_logic_info option) option * behavior list * statement (*r requires, decreases, behaviors, statement *) | JSlabel of string * statement @@ -199,7 +200,7 @@ ;; (* -Local Variables: +Local Variables: compile-command: "make -C .. bin/krakatoa.byte" -End: +End: *) diff -Nru why-2.29+dfsg/java/java_typing.ml why-2.30+dfsg/java/java_typing.ml --- why-2.29+dfsg/java/java_typing.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_typing.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -658,7 +658,7 @@ let make_logic_bin_op loc op t1 e1 t2 e2 = match op with | Bconcat -> assert false - | Bgt | Blt | Bge | Ble | Beq | Bne -> + | Bgt | Blt | Bge | Ble -> begin try let t = logic_binary_numeric_promotion t1 t2 in @@ -666,6 +666,21 @@ with Not_found -> typing_error loc "numeric types expected for >,<,>= and <=" end + | Beq | Bne -> + begin + try + let t = logic_binary_numeric_promotion t1 t2 in + boolean_type,JTbin(e1,t,op,e2) + with Not_found -> + if is_boolean t1 && is_boolean t2 then + boolean_type,JTbin(e1,Tboolean,op,e2) + else + if is_reference_type t1 && is_reference_type t2 then + boolean_type,JTbin_obj(e1,op,e2) + else + typing_error loc "numeric, boolean or object types expected for == and !=" + end + | Basr | Blsr | Blsl -> begin try @@ -748,7 +763,7 @@ let t = logic_binary_numeric_promotion t1 t2 in JAbin(e1,t,op,e2) with Not_found -> - typing_error loc "numeric types expected for >,<,>= and <=" + typing_error loc "numeric types expected for >, <, >= and <=" end | Beq | Bne -> begin @@ -2273,7 +2288,7 @@ is_subclass cfrom cto || is_subclass cto cfrom | JTYclass (_, ci), JTYinterface ii -> if ci.class_info_is_final then implements ci ii else - true (* JLS 2.0: OK, JLS 3.0: TO COMPLTE *) + true (* JLS 2.0: OK, JLS 3.0: TO COMPLETE *) | JTYclass(_,c), JTYarray _ -> c == !object_class | JTYinterface _,JTYclass _ -> assert false (* TODO *) @@ -2282,7 +2297,9 @@ (* TODO: check this: JLS p73 appears to be incomplete *) | JTYinterface _,JTYarray _ -> assert false (* TODO *) | JTYarray _,_ -> assert false (* TODO *) - | JTYnull,_ | _, JTYnull -> assert false + | JTYnull, JTYclass _ -> true + | JTYnull,_ -> assert false + | _,JTYnull -> assert false (**********************) @@ -2431,6 +2448,7 @@ | JTarray_range _ -> assert false (* TODO *) | JTapp (_, _, _) -> assert false (* TODO *) | JTbin (_, _, _, _) -> assert false (* TODO *) + | JTbin_obj (_, _, _) -> assert false (* TODO *) | JTun (_t, _op, _e1) -> assert false (* TODO *) | JTlit _ -> assert false (* TODO *) | JTcast(ty,t) -> JEcast(ty,expr_of_term t) @@ -3381,6 +3399,13 @@ local_decl ~ghost:true env s.java_pstatement_loc vd rem | JPSvar_decl vd -> local_decl ~ghost:false env s.java_pstatement_loc vd rem + | JPSlabel ((_loc,id), s)-> + [{ java_statement_node = + JSlabel(id, block + {env with label_env = + (id, LabelName id)::env.label_env} + (s :: rem)) ; + java_statement_loc = s.java_pstatement_loc }] | JPSloop_annot (inv,behs_inv,dec) -> let annot = (inv,behs_inv,dec) in begin @@ -4002,7 +4027,7 @@ begin if is_axiom then typing_error loc "axioms not allowed outside axiomatics"; - Hashtbl.add lemmas_table id (tlabels,te); + Hashtbl.add lemmas_table id (loc,tlabels,te); acc end | JPTlogic_type_decl (loc,id) -> diff -Nru why-2.29+dfsg/java/java_typing.mli why-2.30+dfsg/java/java_typing.mli --- why-2.29+dfsg/java/java_typing.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/java/java_typing.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -80,7 +80,7 @@ val final_field_values_table : (int, Num.num list) Hashtbl.t -val lemmas_table : (string,(Java_env.logic_label list * Java_tast.assertion)) Hashtbl.t +val lemmas_table : (string,(Loc.position * Java_env.logic_label list * Java_tast.assertion)) Hashtbl.t type logic_def_body = diff -Nru why-2.29+dfsg/jc/jc_ai.mli why-2.30+dfsg/jc/jc_ai.mli --- why-2.29+dfsg/jc/jc_ai.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_ai.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_annot_fail.ml why-2.30+dfsg/jc/jc_annot_fail.ml --- why-2.29+dfsg/jc/jc_annot_fail.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_annot_fail.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_annot_inference.ml why-2.30+dfsg/jc/jc_annot_inference.ml --- why-2.29+dfsg/jc/jc_annot_inference.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_annot_inference.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_ast.mli why-2.30+dfsg/jc/jc_ast.mli --- why-2.29+dfsg/jc/jc_ast.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_ast.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_callgraph.ml why-2.30+dfsg/jc/jc_callgraph.ml --- why-2.29+dfsg/jc/jc_callgraph.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_callgraph.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_callgraph.mli why-2.30+dfsg/jc/jc_callgraph.mli --- why-2.29+dfsg/jc/jc_callgraph.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_callgraph.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_common_options.ml why-2.30+dfsg/jc/jc_common_options.ml --- why-2.29+dfsg/jc/jc_common_options.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_common_options.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_common_options.mli why-2.30+dfsg/jc/jc_common_options.mli --- why-2.29+dfsg/jc/jc_common_options.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_common_options.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_constructors.ml why-2.30+dfsg/jc/jc_constructors.ml --- why-2.29+dfsg/jc/jc_constructors.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_constructors.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_constructors.mli why-2.30+dfsg/jc/jc_constructors.mli --- why-2.29+dfsg/jc/jc_constructors.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_constructors.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_control_flow.ml why-2.30+dfsg/jc/jc_control_flow.ml --- why-2.29+dfsg/jc/jc_control_flow.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_control_flow.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_effect.ml why-2.30+dfsg/jc/jc_effect.ml --- why-2.29+dfsg/jc/jc_effect.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_effect.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_env.mli why-2.30+dfsg/jc/jc_env.mli --- why-2.29+dfsg/jc/jc_env.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_env.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_envset.ml why-2.30+dfsg/jc/jc_envset.ml --- why-2.29+dfsg/jc/jc_envset.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_envset.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_envset.mli why-2.30+dfsg/jc/jc_envset.mli --- why-2.29+dfsg/jc/jc_envset.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_envset.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_fenv.ml why-2.30+dfsg/jc/jc_fenv.ml --- why-2.29+dfsg/jc/jc_fenv.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_fenv.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_frame.ml why-2.30+dfsg/jc/jc_frame.ml --- why-2.29+dfsg/jc/jc_frame.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_frame.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -362,31 +362,36 @@ match f.jc_logic_info_result_type, ta with | None, JCAssertion a -> (* Predicate *) let body = fa a in - [Predicate(false, f.jc_logic_info_final_name, params, body)] + [Predicate(false, id_no_loc f.jc_logic_info_final_name, + params, body)] | Some ty, JCTerm t -> (* Function *) let ty' = tr_base_type ty in let t' = ft t in let t' = term_coerce t#pos ty t#typ t t' in if List.mem f f.jc_logic_info_calls then - let logic = Logic(false,f.jc_logic_info_final_name, params, ty') + let logic = Logic(false, id_no_loc f.jc_logic_info_final_name, + params, ty') in let fstparams = List.map (fun (s,_) -> LVar s) params in let app = (LApp(f.jc_logic_info_final_name,fstparams)) in let axiom = - Goal(KAxiom,jc_axiom^f.jc_logic_info_final_name, + Goal(KAxiom,id_no_loc (jc_axiom^f.jc_logic_info_final_name), make_forall_list params [[LPatT app]] (make_eq app t')) in [logic;axiom] else - [Function(false, f.jc_logic_info_final_name, params, ty', t')] + [Function(false, id_no_loc f.jc_logic_info_final_name, + params, ty', t')] | ty_opt, (JCNone | JCReads _) -> (* Logic *) let ty' = match ty_opt with | None -> simple_logic_type prop_type | Some ty -> tr_base_type ty in - [Logic(false, f.jc_logic_info_final_name, params, ty')] + [Logic(false, id_no_loc f.jc_logic_info_final_name, + params, ty')] | None, JCInductive l -> - [Inductive(false, f.jc_logic_info_final_name, params, + [Inductive(false, id_no_loc f.jc_logic_info_final_name, + params, List.map (fun (id,_labels,a) -> let ef = Jc_effect.assertion empty_effects a in @@ -464,7 +469,7 @@ let name = "no_update_" ^ f.jc_logic_info_name ^ "_" ^ string_of_int count in - count + 1, Goal(KAxiom,name,a) :: acc + count + 1, Goal(KAxiom,id_no_loc name,a) :: acc ) (0,acc) params) let gen_no_assign_axioms f ta _fa _ft _term_coerce params acc = @@ -531,7 +536,7 @@ let name = "no_assign_" ^ f.jc_logic_info_name ^ "_" ^ string_of_int count in - count + 1, Goal(KAxiom,name,a) :: acc + count + 1, Goal(KAxiom,id_no_loc name,a) :: acc ) (0,acc) params) (* memory_param_reads ? *) let gen_alloc_extend_axioms f ta _fa _ft _term_coerce params acc = @@ -592,7 +597,7 @@ let name = "alloc_extend_" ^ f.jc_logic_info_name ^ "_" ^ string_of_int count in - count + 1, Goal(KAxiom,name,a) :: acc + count + 1, Goal(KAxiom,id_no_loc name,a) :: acc ) (0,acc) alloc_params_reads) let reduce f = function @@ -1391,7 +1396,7 @@ let rec term_extract_application acc e = match e with - | LConst _ | LVar _ | LVarAtLabel _ -> acc + | LConst _ | LVar _ | LDeref _ | LDerefAtLabel _ -> acc | Tnamed (_,t) -> term_extract_application acc t | LApp (s,lt) -> (trad_app s lt):: (List.fold_left term_extract_application acc lt) @@ -1438,7 +1443,7 @@ (interp s lt) lt | LVar _ -> LFalse | Tnamed (_,t) -> term_interp_or interp t - | LVarAtLabel _ -> + | LDerefAtLabel _ -> failwith "Not implemented, how to do that? Show me the example!!! thx" | _ -> failwith "Not implemented" @@ -1453,7 +1458,7 @@ (interp s lt) lt | LVar _ -> LTrue | Tnamed (_,t) -> term_interp_and interp t - | LVarAtLabel _ -> + | LDerefAtLabel _ -> failwith "Not implemented, how to do that? Show me the example!!! thx" | _ -> failwith "Not implemented" @@ -1564,7 +1569,7 @@ (* bindvars must be fresh variables... *) let inductive_to_axioms name pred bindvars l acc = let constr acc (ident,assertion) = - Goal(KAxiom,name^ident,assertion)::acc in + Goal(KAxiom,id_no_loc (name^ident),assertion)::acc in let acc = List.fold_left constr acc l in let rec rewrite = function | LForall(v,t,_,a) -> LExists(v,t,[],rewrite a) @@ -1578,7 +1583,7 @@ let assertions = make_or_list assertions in let assertion = LImpl(pred,assertions) in let assertion = make_forall_list bindvars [] assertion in - Goal(KAxiom,"axiom_"^name,assertion) :: acc + Goal(KAxiom,id_no_loc ("axiom_"^name),assertion) :: acc let rec define_In notin ta_conv acc = @@ -1586,7 +1591,7 @@ (* Devrait peut-être utiliser la vrai transformation d'inductif en 1 unique axiom*) | [Inductive (_,f_name,params,l)] -> - let name = (in_name notin f_name) in + let name = (in_name notin f_name.name) in Jc_options.lprintf "Define logic in : %s :@." name; (* let acc = Logic(false, name, params, NotIn.ty notin)::acc in *) let var = ("jc_var",NotIn.ty_elt notin) in @@ -1607,17 +1612,17 @@ let l = List.fold_left gen_case [] l in let var = ((fst var)^tmp_suffix,snd var) in let lt = List.map (fun (s,ty) -> (s^tmp_suffix,ty)) params in - let pred = in_interp_app var notin f_name + let pred = in_interp_app var notin f_name.name (List.map (fun x -> LVar (fst x)) lt) in inductive_to_axioms ("In"^name) pred (var::lt) l acc | [Function (_,f_name,params,_,term)] -> - let name = in_name notin f_name in + let name = in_name notin f_name.name in Jc_options.lprintf "Generate logic notin (fun): %s :@." name; let acc = Logic(false, - name, + {f_name with name = name}, params, NotIn.ty notin)::acc in - let axiom_name = "axiom"^"_in_"^(NotIn.mem_name2 notin)^f_name in + let axiom_name = "axiom"^"_in_"^(NotIn.mem_name2 notin)^f_name.name in Jc_options.lprintf "Generate axiom notin : %s :@." axiom_name; let var = ("jc_var",NotIn.ty_elt notin) in let interp s lt = @@ -1625,12 +1630,12 @@ then in_interp_app var notin s lt else LFalse in let asser = term_interp_or interp term in - let conclu = in_interp_app var notin f_name + let conclu = in_interp_app var notin f_name.name (List.map (fun (x,_) -> LVar x) params) in let asser = make_equiv asser conclu in let params = var::params in let asser = make_forall_list params [] asser in - let asser = Goal(KAxiom,axiom_name,asser) in + let asser = Goal(KAxiom,id_no_loc axiom_name,asser) in asser::acc | [Logic(_bool,f_name,params,_ltype); Goal(KAxiom,_,ax_asser)] -> @@ -1649,7 +1654,7 @@ (* Devrait peut-être utiliser la vrai transformation d'inductif en 1 unique axiom*) | [Inductive (_,f_name,params,l)] -> - let name = (in_name notin f_name) in + let name = (in_name notin f_name.name) in let var = ("jc_var",NotIn.ty notin) in let gen_case acc (ident,assertion) = let effects = inductive_extract_effect assertion in @@ -1667,11 +1672,11 @@ let l = List.fold_left gen_case [] l in let var = ((fst var)^tmp_suffix,snd var) in let lt = List.map (fun (s,ty) -> (s^tmp_suffix,ty)) params in - let pred = disj_interp_app var notin f_name + let pred = disj_interp_app var notin f_name.name (List.map (fun s -> LVar (fst s)) lt) in inductive_to_axioms ("disj"^name) pred (var::lt) l acc | [Function (_,f_name,params,_,term)] -> - let axiom_name = "axiom"^"_disj_"^(NotIn.mem_name2 notin)^f_name in + let axiom_name = "axiom"^"_disj_"^(NotIn.mem_name2 notin)^f_name.name in Jc_options.lprintf "Generate axiom disj : %s :@." axiom_name; let var = ("jc_var",NotIn.ty notin) in let interp s lt = @@ -1679,12 +1684,12 @@ then disj_interp_app var notin s lt else LTrue in let asser = term_interp_and interp term in - let conclu = disj_interp_app var notin f_name + let conclu = disj_interp_app var notin f_name.name (List.map (fun (x,_) -> LVar x) params) in let asser = make_equiv asser conclu in let params = var::params in let asser = make_forall_list params [] asser in - let asser = Goal(KAxiom,axiom_name,asser) in + let asser = Goal(KAxiom,id_no_loc axiom_name,asser) in asser::acc | [Logic(_bool,f_name,params,_ltype); Goal(KAxiom,_,ax_asser)] -> @@ -1708,7 +1713,7 @@ (* Devrait peut-être utiliser la vrai transformation d'inductif en 1 unique axiom*) | [Inductive (_,f_name,_,l)] -> - let name = (in_name notin f_name) in + let name = (in_name notin f_name.name) in Jc_options.lprintf "Define logic in : %s :@." name; (* let acc = Logic(false, name, params, NotIn.ty notin)::acc in *) let var = ("jc_mem", notin.NotIn.ty_mem) in @@ -1731,16 +1736,17 @@ List.fold_left rewrite acc effects in let l = List.fold_left gen_case [] l in let constr acc (ident,assertion) = - Goal(KAxiom,frame_between_name^f_name^ident,assertion)::acc in + Goal(KAxiom,id_no_loc (frame_between_name^f_name.name^ident), + assertion)::acc in List.fold_left constr acc l | [Function (_,f_name,params,_,term)] -> - let name = in_name notin f_name in + let name = in_name notin f_name.name in Jc_options.lprintf "Generate logic notin (fun): %s :@." name; let acc = Logic(false, - name, + {f_name with name = name}, params, NotIn.ty notin)::acc in - let axiom_name = "axiom"^"_in_"^(NotIn.mem_name2 notin)^f_name in + let axiom_name = "axiom"^"_in_"^(NotIn.mem_name2 notin)^f_name.name in Jc_options.lprintf "Generate axiom notin : %s :@." axiom_name; let var = ("jc_mem",NotIn.ty notin) in let interp s lt = @@ -1748,12 +1754,12 @@ then frame_between_interp_app var notin s lt else LFalse in let asser = term_interp_or interp term in - let conclu = frame_between_interp_app var notin f_name + let conclu = frame_between_interp_app var notin f_name.name (List.map (fun (x,_) -> LVar x) params) in let asser = make_equiv asser conclu in let params = var::params in let asser = make_forall_list params [] asser in - let asser = Goal(KAxiom,axiom_name,asser) in + let asser = Goal(KAxiom,id_no_loc axiom_name,asser) in asser::acc | [Logic(_bool,f_name,params,_ltype); Goal(KAxiom,_,ax_asser)] -> @@ -1773,7 +1779,7 @@ (* Devrait peut-être utiliser la vrai transformation d'inductif en 1 unique axiom*) | [Inductive (_,f_name,_,l)] -> - let name = (in_name notin f_name) in + let name = (in_name notin f_name.name) in Jc_options.lprintf "Define logic in : %s :@." name; (* let acc = Logic(false, name, params, NotIn.ty notin)::acc in *) let var = ("jc_var",NotIn.ty notin) in @@ -1796,17 +1802,17 @@ let name = ("X_Sub"^name) in let l = List.fold_left gen_case [] l in let constr acc (ident,assertion) = - Goal(KAxiom,name^ident,assertion)::acc in + Goal(KAxiom,id_no_loc (name^ident),assertion)::acc in let acc = List.fold_left constr acc l in acc | [Function (_,f_name,params,_,term)] -> - let name = in_name notin f_name in + let name = in_name notin f_name.name in Jc_options.lprintf "Generate logic notin (fun): %s :@." name; let acc = Logic(false, - name, + {f_name with name = name}, params, NotIn.ty notin)::acc in - let axiom_name = "axiom"^"_in_"^(NotIn.mem_name2 notin)^f_name in + let axiom_name = "axiom"^"_in_"^(NotIn.mem_name2 notin)^f_name.name in Jc_options.lprintf "Generate axiom notin : %s :@." axiom_name; let var = ("jc_var",NotIn.ty_elt notin) in let interp s lt = @@ -1814,12 +1820,12 @@ then in_interp_app var notin s lt else LFalse in let asser = term_interp_or interp term in - let conclu = in_interp_app var notin f_name + let conclu = in_interp_app var notin f_name.name (List.map (fun (x,_) -> LVar x) params) in let asser = make_equiv asser conclu in let params = var::params in let asser = make_forall_list params [] asser in - let asser = Goal(KAxiom,axiom_name,asser) in + let asser = Goal(KAxiom,id_no_loc axiom_name,asser) in asser::acc | [Logic(_bool,f_name,params,_ltype); Goal(KAxiom,_,ax_asser)] -> @@ -1838,7 +1844,7 @@ (* Devrait peut-être utiliser la vrai transformation d'inductif en 1 unique axiom*) | [Inductive (_,f_name,_,l)] -> - let name = (in_name notin f_name) in + let name = (in_name notin f_name.name) in let var = ("jc_var",NotIn.ty notin) in let gen_case acc (ident,assertion) = let effects = inductive_extract_effect assertion in @@ -1858,11 +1864,11 @@ let name = ("Sub_X"^name) in let l = List.fold_left gen_case [] l in let constr acc (ident,assertion) = - Goal(KAxiom,name^ident,assertion)::acc in + Goal(KAxiom,id_no_loc (name^ident),assertion)::acc in let acc = List.fold_left constr acc l in acc | [Function (_,f_name,params,_,term)] -> - let axiom_name = "axiom"^"_disj_"^(NotIn.mem_name2 notin)^f_name in + let axiom_name = "axiom"^"_disj_"^(NotIn.mem_name2 notin)^f_name.name in Jc_options.lprintf "Generate axiom disj : %s :@." axiom_name; let var = ("jc_var",NotIn.ty notin) in let interp s lt = @@ -1870,12 +1876,12 @@ then disj_interp_app var notin s lt else LTrue in let asser = term_interp_and interp term in - let conclu = disj_interp_app var notin f_name + let conclu = disj_interp_app var notin f_name.name (List.map (fun (x,_) -> LVar x) params) in let asser = make_equiv asser conclu in let params = var::params in let asser = make_forall_list params [] asser in - let asser = Goal(KAxiom,axiom_name,asser) in + let asser = Goal(KAxiom,id_no_loc axiom_name,asser) in asser::acc | [Logic(_bool,f_name,params,_ltype); Goal(KAxiom,_,ax_asser)] -> @@ -1926,7 +1932,7 @@ LForall (elt_val,NotIn.ty_elt_val in_update,[],a)) in let axiom_name = "axiom"^"_no_update_"^axiom_name^ (NotIn.mem_name in_update) in - Goal(KAxiom,axiom_name,a) + Goal(KAxiom,id_no_loc axiom_name,a) let gen_many axiom_name f_name gen_framed notins params framed_params = (* frame for many update *) @@ -1982,7 +1988,7 @@ (String.concat "_" (List.map (fun (_,_,_,notin) -> NotIn.mem_name notin) mems)) in - Goal(KAxiom,axiom_name,a) + Goal(KAxiom,id_no_loc axiom_name,a) @@ -2018,7 +2024,7 @@ let in_for_in f_name args notin framed acc = let name = in_name notin f_name in - let acc = Logic(false, name, args, NotIn.ty notin)::acc in + let acc = Logic(false, id_no_loc name, args, NotIn.ty notin)::acc in let var = ("jc_var",NotIn.ty_elt notin) in let conjs = List.map (fun (f,params) -> @@ -2031,7 +2037,7 @@ let code = make_equiv code conclu in let code = make_forall_list (var::args) [] code in let axiom_name = name^"_def" in - Goal(KAxiom,axiom_name,code)::acc + Goal(KAxiom,id_no_loc axiom_name,code)::acc let disj_for_in f_name args notin framed acc = let name = in_name notin f_name in @@ -2047,7 +2053,7 @@ let code = make_equiv code conclu in let code = make_forall_list (var::args) [] code in let axiom_name = name^"_disj_def" in - Goal(KAxiom,axiom_name,code)::acc + Goal(KAxiom,id_no_loc axiom_name,code)::acc end diff -Nru why-2.29+dfsg/jc/jc_frame.mli why-2.30+dfsg/jc/jc_frame.mli --- why-2.29+dfsg/jc/jc_frame.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_frame.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_frame_notin.ml why-2.30+dfsg/jc/jc_frame_notin.ml --- why-2.29+dfsg/jc/jc_frame_notin.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_frame_notin.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_interp_misc.ml why-2.30+dfsg/jc/jc_interp_misc.ml --- why-2.29+dfsg/jc/jc_interp_misc.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_interp_misc.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -368,9 +368,9 @@ let tr_var_type v = tr_type ~region:v.jc_var_info_region v.jc_var_info_type -let any_value t = - match t with - | JCTnative ty -> +let any_value t = + match t with + | JCTnative ty -> begin match ty with | Tunit -> void | Tboolean -> make_app "any_bool" [void] @@ -379,16 +379,16 @@ | Tgenfloat _ -> make_app ("any_"^(native_name ty)) [void] | Tstring -> make_app "any_string" [void] end - | JCTnull + | JCTnull | JCTpointer _ -> make_app "any_pointer" [void] | JCTenum ri -> make_app (fun_any_enum ri) [void] - | JCTlogic _ as ty -> - let t = + | JCTlogic _ as ty -> + let t = Annot_type(LTrue, Base_type (tr_base_type ty), [], [], LTrue, []) in mk_expr (BlackBox t) | JCTany -> assert false | JCTtype_var _ -> assert false (* TODO: need environment *) - + (* model types *) let pset_type ac = raw_pset_type (alloc_class_type ac) @@ -437,9 +437,9 @@ | None -> lab | Some l -> try List.assoc lab l with Not_found -> lab -let lvar_name ~constant ~label_in_name ?label_assoc lab n = +let lvar_name ~label_in_name ?label_assoc lab n = let lab = transpose_label ~label_assoc lab in - if label_in_name && not constant then + if label_in_name then match lab with | LabelHere -> n | LabelOld -> assert false @@ -449,15 +449,17 @@ else n let lvar ~constant ~label_in_name lab n = - let n = lvar_name ~constant ~label_in_name lab n in - if label_in_name then + let n = lvar_name ~label_in_name lab n in + if constant then LVar n + else if label_in_name then + LDeref n else match lab with - | LabelHere -> LVar n - | LabelOld -> LVarAtLabel(n,"") - | LabelPre -> LVarAtLabel(n,"init") - | LabelPost -> LVar n - | LabelName lab -> LVarAtLabel(n,lab.label_info_final_name) + | LabelHere -> LDeref n + | LabelOld -> LDerefAtLabel(n,"") + | LabelPre -> LDerefAtLabel(n,"init") + | LabelPost -> LDeref n + | LabelName lab -> LDerefAtLabel(n,lab.label_info_final_name) (* simple variables *) @@ -481,11 +483,14 @@ tr_base_type ~region:v.jc_var_info_region v.jc_var_info_type let tvar_name ~label_in_name lab v = - lvar_name ~constant:(not v.jc_var_info_assigned) ~label_in_name + let constant = not v.jc_var_info_assigned in + lvar_name ~label_in_name:(label_in_name && not constant) lab v.jc_var_info_final_name + let tvar ~label_in_name lab v = - lvar ~constant:(not v.jc_var_info_assigned) ~label_in_name + let constant = not v.jc_var_info_assigned in + lvar ~constant ~label_in_name:(label_in_name && not constant) lab v.jc_var_info_final_name let tparam ~label_in_name lab v = @@ -543,7 +548,7 @@ let tmemory_var ~label_in_name lab (mc,r) = let mem = memory_name (mc,r) in let constant = match !current_function with - | None -> false (* Variables at different labels should be different *) + | None -> true | Some infunction -> not (mutable_memory infunction (mc,r)) in lvar ~constant ~label_in_name lab mem @@ -551,10 +556,10 @@ let tmemory_param ~label_in_name lab (mc,r) = let mem = memory_name (mc,r) in let constant = match !current_function with - | None -> false (* Variables at different labels should be different *) + | None -> true | Some infunction -> not (mutable_memory infunction (mc,r)) in - let n = lvar_name ~constant ~label_in_name lab mem in + let n = lvar_name (* ~constant *) ~label_in_name lab mem in let v = lvar ~constant ~label_in_name lab mem in let ty' = memory_type mc in n, v, ty' @@ -572,18 +577,19 @@ let talloc_table_var ~label_in_name lab (ac,r) = let alloc = alloc_table_name (ac,r) in let constant = match !current_function with - | None -> false (* Variables at different labels should be different *) + | None -> true | Some infunction -> not (mutable_alloc_table infunction (ac,r)) in not constant,lvar ~constant ~label_in_name lab alloc + let talloc_table_param ~label_in_name lab (ac,r) = let alloc = alloc_table_name (ac,r) in let constant = match !current_function with - | None -> false (* Variables at different labels should be different *) + | None -> true | Some infunction -> not (mutable_alloc_table infunction (ac,r)) in - let n = lvar_name ~constant ~label_in_name lab alloc in + let n = lvar_name (* ~constant *) ~label_in_name lab alloc in let v = lvar ~constant ~label_in_name lab alloc in let ty' = alloc_table_type ac in n, v, ty' @@ -599,7 +605,7 @@ let ttag_table_var ~label_in_name lab (vi,r) = let tag = tag_table_name (vi,r) in let constant = match !current_function with - | None -> false (* Variables at different labels should be different *) + | None -> true | Some infunction -> not (mutable_tag_table infunction (vi,r)) in lvar ~constant ~label_in_name lab tag @@ -607,10 +613,10 @@ let ttag_table_param ~label_in_name lab (vi,r) = let tag = tag_table_name (vi,r) in let constant = match !current_function with - | None -> false (* Variables at different labels should be different *) + | None -> true | Some infunction -> not (mutable_tag_table infunction (vi,r)) in - let n = lvar_name ~constant ~label_in_name lab tag in + let n = lvar_name (* ~constant *) ~label_in_name lab tag in let v = lvar ~constant ~label_in_name lab tag in let ty' = tag_table_type vi in n, v, ty' @@ -941,12 +947,12 @@ let define_locals ?(reads=[]) ?(writes=[]) e' = let e' = - List.fold_left + List.fold_left (fun acc (n,ty') -> mk_expr (Let(n,any_value' ty',acc))) e' reads in let e' = - List.fold_left + List.fold_left (fun acc (n,ty') -> mk_expr (Let_ref(n,any_value' ty',acc))) e' writes in @@ -954,7 +960,8 @@ (* Validity *) -let make_valid_pred_app ~equal (ac, r) pc p ao bo = +let make_valid_pred_app ~in_param ~equal (ac, r) pc p ao bo = + assert (in_param = in_param); let all_allocs = match ac with | JCalloc_bitvector -> [ ac ] | JCalloc_root rt -> @@ -964,7 +971,25 @@ | RplainUnion -> [ ac ] in let allocs = - List.map (fun ac -> LVar(alloc_table_name (ac,r))) all_allocs + List.map (fun ac -> + (* + let v = alloc_table_name(ac,r) in + if in_param then LDeref v else LVar v + *) + let is_not_cte,v = + talloc_table_var ~label_in_name:false LabelHere (ac,r) + in + match v with + | LDeref x -> + assert is_not_cte; + assert in_param; + if is_not_cte then v else LVar x + | LVar x -> + assert (not is_not_cte); + (* assert (not in_param); *) + (* if in_param then *) LDeref x (* else v *) + | _ -> assert false + ) all_allocs in let all_mems = match ac with | JCalloc_bitvector -> [] @@ -974,7 +999,11 @@ | RdiscrUnion -> all_memories ~select:fully_allocated pc | RplainUnion -> [] in - let mems = List.map (fun mc -> LVar(memory_name (mc,r))) all_mems in + let mems = + List.map (fun mc -> + tmemory_var ~label_in_name:false LabelHere (mc,r)) + all_mems + in let params = allocs @ mems in let f x acc = x :: acc in let params = Option_misc.fold f bo params in @@ -993,7 +1022,7 @@ valid_T'(p.f, a', b', allocs ...) If T is a variant, then we only have the condition on offset_min and max. *) -let make_valid_pred ~equal ?(left=true) ?(right=true) ac pc = +let make_valid_pred ~in_param ~equal ?(left=true) ?(right=true) ac pc = let p = "p" in let a = "a" in let b = "b" in @@ -1034,7 +1063,7 @@ | JCtag ({ jc_struct_info_parent = Some(st, pp) }, _) -> LTrue, LTrue, - make_valid_pred_app ~equal + make_valid_pred_app ~in_param ~equal (ac,dummy_region) (JCtag(st, pp)) (LVar p) (if left then Some (LVar a) else None) (if right then Some (LVar b) else None) @@ -1055,7 +1084,7 @@ (function | { jc_field_info_type = JCTpointer(fpc, Some fa, Some fb) } as fi -> - make_valid_pred_app ~equal (ac,dummy_region) fpc + make_valid_pred_app ~in_param ~equal (ac,dummy_region) fpc (make_select_fi fi (LVar p)) (if left then Some (const_of_num fa) else None) (if right then Some (const_of_num fb) else None) @@ -1072,7 +1101,8 @@ let validity = if left then omin :: validity else validity in make_and_list validity in - Predicate(false, valid_pred_name ~equal ~left ~right ac pc, params, validity) + Predicate(false, id_no_loc (valid_pred_name ~equal ~left ~right ac pc), + params, validity) (* Allocation *) @@ -1161,7 +1191,7 @@ let tag = generic_tag_table_name (struct_root st) in (* [instanceof(tagtab,result,tag_st)] *) [ LPred("instanceof", - [LVar tag;LVar "result";LVar(tag_name st)]) ] + [LDeref tag;LVar "result";LVar(tag_name st)]) ] | JCroot _ -> [] end | RdiscrUnion @@ -1179,14 +1209,14 @@ make_and_list ( [ (* [valid_st(result,0,n-1,alloc...)] *) - make_valid_pred_app ~equal:true (ac,dummy_region) pc + make_valid_pred_app ~in_param:true ~equal:true (ac,dummy_region) pc (LVar "result") (Some (LConst(Prim_int "0"))) (Some (LApp("sub_int",[LVar n; LConst(Prim_int "1")]))); (* [alloc_extends(old(alloc),alloc)] *) - LPred("alloc_extends",[LVarAtLabel(alloc,"");LVar alloc]); + LPred("alloc_extends",[LDerefAtLabel(alloc,"");LDeref alloc]); (* [alloc_fresh(old(alloc),result,n)] *) - LPred("alloc_fresh",[LVarAtLabel(alloc,"");LVar "result";LVar n]) + LPred("alloc_fresh",[LDerefAtLabel(alloc,"");LVar "result";LVar n]) ] @ instanceof_post ), (* no exceptional post *) @@ -1197,7 +1227,7 @@ params alloc_type in let name = alloc_param_name ~check_size ac pc in - Param(false,name,alloc_type) + Param(false,id_no_loc name,alloc_type) (* Conversion to and from bitvector *) @@ -1224,7 +1254,7 @@ List.fold_right (fun (n,ty') acc -> Prod_type(n, ty', acc)) params annot_type in - Param(false,name,annot_type) + Param(false,id_no_loc name,annot_type) let conv_bw_alloc_parameters ~deref r _pc = let ac = JCalloc_bitvector in @@ -2048,8 +2078,8 @@ read_model_parameters ~type_safe:false ~mode:`MLocal ~callee_reads ~callee_writes ~region_list ~params ~already_used:[] () in - List.map (function ({expr_node = Var n},ty') -> (n,ty') - | ({expr_node = Deref n},ty') -> + List.map (function ({expr_node = Var n},ty') -> (n,ty') + | ({expr_node = Deref n},ty') -> printf "Deref %s with type %a@." n Output.fprintf_logic_type ty'; assert false | _ -> assert false @@ -2263,7 +2293,7 @@ let ofapp = append alloc_ofapp mem_ofapp in let toapp = append alloc_toapp mem_toapp in locals @ acc, append ofapp pro, append toapp epi - ) ([],void,void) (PointerSet.to_list bw_pointers) + ) ([],void,void) (PointerSet.to_list bw_pointers) in let locals = fst (List.fold_left diff -Nru why-2.29+dfsg/jc/jc_interp_misc.mli why-2.30+dfsg/jc/jc_interp_misc.mli --- why-2.29+dfsg/jc/jc_interp_misc.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_interp_misc.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -184,12 +184,12 @@ val eq_of_enum : Jc_env.enum_info -> string -val make_valid_pred : equal:bool -> +val make_valid_pred : in_param:bool -> equal:bool -> ?left:bool -> ?right:bool -> Jc_env.alloc_class -> Jc_env.pointer_class -> Output.why_decl -val make_valid_pred_app : equal:bool -> +val make_valid_pred_app : in_param:bool -> equal:bool -> Jc_env.alloc_class * Jc_region.RegionTable.key -> Jc_env.pointer_class -> Output.term -> diff -Nru why-2.29+dfsg/jc/jc_interp.ml why-2.30+dfsg/jc/jc_interp.ml --- why-2.29+dfsg/jc/jc_interp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_interp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -31,7 +31,9 @@ +(* open Jc_stdlib +*) open Jc_env open Jc_envset open Jc_region @@ -59,8 +61,6 @@ (* source positioning *) (******************************************************************************) -let pos_table = Hashtbl.create 97 - let abs_fname f = if Filename.is_relative f then Filename.concat (Unix.getcwd ()) f @@ -81,11 +81,13 @@ } let reg_pos sce gui = - if gui.out_mark <> "" && StdHashtbl.mem Output.pos_table gui.out_mark then - (* If GUI element already refered to in output table, do not - * reference it twice. This is the case in particular for generated - * annotations. *) - gui.out_mark + if gui.out_mark <> "" && false (* Jc_stdlib.StdHashtbl.mem Output.my_pos_table gui.out_mark *) then + begin + (* If GUI element already refered to in output table, do not + * reference it twice. This is the case in particular for generated + * annotations. *) + gui.out_mark + end else (* Generate a new mark if not fixed in GUI element *) let mark = @@ -94,10 +96,10 @@ else gui.out_mark in let (n,f,l,b,e,k) = - if sce.in_mark <> "" && Hashtbl.mem Jc_options.pos_table sce.in_mark then + if sce.in_mark <> "" && Jc_stdlib.Hashtbl.mem Jc_options.pos_table sce.in_mark then (* If source location present in input table, copy information to * output table. *) - let (f,l,b,e,k,o) = Hashtbl.find Jc_options.pos_table sce.in_mark in + let (f,l,b,e,k,o) = Jc_stdlib.Hashtbl.find Jc_options.pos_table sce.in_mark in let n = try match List.assoc "name" o with | Rc.RCident s | Rc.RCstring s -> Some s @@ -106,17 +108,19 @@ in (n,f,l,b,e,k) else - (* By default, refer to the Jessie source file *) - let b,e = sce.pos in - let f = abs_fname b.Lexing.pos_fname in - let l = b.Lexing.pos_lnum in - let fc = b.Lexing.pos_cnum - b.Lexing.pos_bol in - let lc = e.Lexing.pos_cnum - b.Lexing.pos_bol in - (gui.name,f,l,fc,lc,None) + begin + (* By default, refer to the Jessie source file *) + let b,e = sce.pos in + let f = abs_fname b.Lexing.pos_fname in + let l = b.Lexing.pos_lnum in + let fc = b.Lexing.pos_cnum - b.Lexing.pos_bol in + let lc = e.Lexing.pos_cnum - b.Lexing.pos_bol in + (gui.name,f,l,fc,lc,None) + end in (* If present, always prefer new kind *) let k = match gui.kind with None -> k | Some k -> Some k in - Hashtbl.replace pos_table mark (k,n,gui.beh,f,l,b,e); + my_add_pos mark (k,n,gui.beh,f,l,b,e); mark let reg_check ?mark ?kind pos = @@ -143,10 +147,16 @@ let make_guarded_app ~mark kind pos f args = make_check ~mark ~kind pos (make_app f args) - +(* let print_locs fmt = Hashtbl.iter - (fun id (kind,name,beh,f,l,b,e) -> + (fun id (kind,name,beh,(f,l,b,e)) -> +(* + let f = b.Lexing.pos_fname in + let l = b.Lexing.pos_lnum in + let fc = b.Lexing.pos_cnum - b.Lexing.pos_bol in + let lc = e.Lexing.pos_cnum - b.Lexing.pos_bol in +*) fprintf fmt "[%s]@\n" id; Option_misc.iter (fun k -> fprintf fmt "kind = %a@\n" print_kind k) kind; @@ -158,8 +168,8 @@ fprintf fmt "line = %d@\n" l; fprintf fmt "begin = %d@\n" b; fprintf fmt "end = %d@\n@\n" e) - pos_table - + Output.pos_table + *) (******************************************************************************) (* Operators *) @@ -260,18 +270,18 @@ | `Ble, `Real -> "le_real_" | `Beq, `Real -> "eq_real_" | `Bneq, `Real -> "neq_real_" - | `Bgt, `Float -> "gt_single" - | `Blt, `Float -> "lt_single" - | `Bge, `Float -> "ge_single" - | `Ble, `Float -> "le_single" - | `Beq, `Float -> "eq_single" - | `Bneq,`Float -> "ne_single" - | `Bgt, `Double -> "gt_double" - | `Blt, `Double -> "lt_double" - | `Bge, `Double -> "ge_double" - | `Ble, `Double -> "le_double" - | `Beq, `Double -> "eq_double" - | `Bneq, `Double -> "ne_double" + | `Bgt, `Float -> "gt_single_" + | `Blt, `Float -> "lt_single_" + | `Bge, `Float -> "ge_single_" + | `Ble, `Float -> "le_single_" + | `Beq, `Float -> "eq_single_" + | `Bneq,`Float -> "ne_single_" + | `Bgt, `Double -> "gt_double_" + | `Blt, `Double -> "lt_double_" + | `Bge, `Double -> "ge_double_" + | `Ble, `Double -> "le_double_" + | `Beq, `Double -> "eq_double_" + | `Bneq, `Double -> "ne_double_" | `Badd, `Real -> "add_real" | `Bsub, `Real -> "sub_real" | `Bmul, `Real -> "mul_real" @@ -356,14 +366,14 @@ | `Blt, `Integer -> "lt_int" | `Bge, `Integer -> "ge_int" | `Ble, `Integer -> "le_int" - | `Beq, `Integer -> "eq_int" - | `Bneq, `Integer -> "neq_int" + | `Beq, `Integer -> "eq" + | `Bneq, `Integer -> "neq" (* pointer *) | `Beq, (`Pointer | `Logic) -> "eq" | `Bneq, (`Pointer | `Logic) -> "neq" (* real *) - | `Beq, `Real -> "eq_real" - | `Bneq, `Real -> "neq_real" + | `Beq, `Real -> "eq" + | `Bneq, `Real -> "neq" | `Bgt, `Real -> "gt_real" | `Blt, `Real -> "lt_real" | `Bge, `Real -> "ge_real" @@ -374,8 +384,8 @@ | `Biff, `Boolean | `Bimplies, `Boolean -> assert false (* TODO *) (* boolean *) - | `Beq, `Boolean -> "eq_bool" - | `Bneq, `Boolean -> "eq_bool" + | `Beq, `Boolean -> "eq" + | `Bneq, `Boolean -> "eq" | op, opty -> Jc_typing.typing_error Loc.dummy_position "Can't use operator %s with type %s in assertions" @@ -430,11 +440,12 @@ let mem = memory_type (JCmem_field fi) in Param( false, - field_memory_name fi, + id_no_loc (field_memory_name fi), Ref_type(Base_type mem))::acc) acc st.jc_struct_info_fields in (* Declarations of translation functions for union *) +(* let vi = struct_root st in let acc = if not (root_is_union vi) then acc else @@ -443,11 +454,11 @@ List.fold_left (fun acc fi -> if has_equality_op fi.jc_field_info_type then - Logic(false,logic_field_of_union fi, + Logic(false,id_no_loc (logic_field_of_union fi), [("",uty)],tr_base_type fi.jc_field_info_type) - :: Logic(false,logic_union_of_field fi, + :: Logic(false,id_no_loc (logic_union_of_field fi), [("",tr_base_type fi.jc_field_info_type)],uty) - :: Goal(KAxiom,(logic_field_of_union fi)^"_of_"^(logic_union_of_field fi), + :: Goal(KAxiom,id_no_loc ((logic_field_of_union fi)^"_of_"^(logic_union_of_field fi)), LForall("x",tr_base_type fi.jc_field_info_type, [], LPred(equality_op_for_type fi.jc_field_info_type, [LApp(logic_field_of_union fi, @@ -458,9 +469,10 @@ else acc) acc st.jc_struct_info_fields in +*) (* declaration of the tag_id *) let acc = - Logic(false,tag_name st,[],tagid_type)::acc + Logic(false,id_no_loc (tag_name st),[],tagid_type)::acc in let acc = @@ -468,19 +480,24 @@ else let pc = JCtag(st,[]) in let ac = alloc_class_of_pointer_class pc in + let in_param = false in (* Validity parameters *) - make_valid_pred ~equal:true ac pc - :: make_valid_pred ~equal:false ac pc - :: make_valid_pred ~equal:false ~right:false ac pc - :: make_valid_pred ~equal:false ~left:false ac pc - :: make_valid_pred ~equal:true (* TODO ? *) JCalloc_bitvector pc + make_valid_pred ~in_param ~equal:true ac pc + :: make_valid_pred ~in_param ~equal:false ac pc + :: make_valid_pred ~in_param ~equal:false ~right:false ac pc + :: make_valid_pred ~in_param ~equal:false ~left:false ac pc +(* + :: make_valid_pred ~in_param ~equal:true (* TODO ? *) JCalloc_bitvector pc +*) (* Allocation parameters *) :: make_alloc_param ~check_size:true ac pc :: make_alloc_param ~check_size:false ac pc +(* :: make_alloc_param ~check_size:true JCalloc_bitvector pc :: make_alloc_param ~check_size:false JCalloc_bitvector pc +*) :: (if Region.exists_bitwise () then make_conversion_params pc else []) - @ acc + @ acc in match st.jc_struct_info_parent with @@ -488,7 +505,7 @@ (* axiom for parenttag *) let name = st.jc_struct_info_name ^ "_parenttag_bottom" in let p = LPred("parenttag", [ LVar (tag_name st); LVar "bottom_tag" ]) in - Goal(KAxiom,name, p)::acc + Goal(KAxiom,id_no_loc name, p)::acc | Some(p, _) -> (* axiom for parenttag *) let name = @@ -497,7 +514,7 @@ let p = LPred("parenttag", [ LVar (tag_name st); LVar (tag_name p) ]) in - Goal(KAxiom,name, p)::acc + Goal(KAxiom,id_no_loc name, p)::acc (******************************************************************************) @@ -527,7 +544,8 @@ else match f,x with | _ , "0.5" -> x - | `Float, "0.1" -> "0x0.199999Ap0" + | `Float, "0.1" -> "0x1.99999ap-4" + | `Double, "0.1" -> "0x1.999999999999ap-4" | _ -> raise Not_found let rec term_coerce ~type_safe ~global_assertion lab ?(cast=false) pos @@ -701,15 +719,14 @@ | _, `Float -> false | `Double, _ -> true | _, _ -> false in + let name = (float_format f1)^"_of_"^(float_format f2) in if enlarge then - make_app ((float_format f2)^"_to_"^(float_format f1)) [ e' ] + make_app name [ e' ] else if check_int_overflow then - make_guarded_app ~mark FPoverflow pos - ((float_format f2)^"_to_"^(float_format f1)) - [current_rounding_mode () ; e' ] - else - make_app ((float_format f2)^"_to_"^(float_format f1)) + make_guarded_app ~mark FPoverflow pos name [ current_rounding_mode () ; e' ] + else + make_app (name^"_safe") [ current_rounding_mode () ; e' ] | JCTnative (Tgenfloat f), JCTnative Treal -> begin try @@ -1103,6 +1120,18 @@ let t1' = ft t1 in let t2' = ft t2 in LPred (pred_bin_op (op :> pred_bin_op),[ t1'; t2' ]) +(* disabled because cause other problems + + o [Jessie] removed some superfluous conversion on enums which + prevented some proofs by rewriting + + | JCArelation(t1, (((`Beq | `Bneq), _)as op),t2) -> + +(* if Jc_options.debug then printf "%a@." Jc_output.assertion a; *) + let t1' = ft t1 in + let t2' = ft t2 in + LPred(pred_bin_op (op), [ t1'; t2' ]) +*) | JCArelation(t1,(_, #native_operator_type as op),t2) -> (* if Jc_options.debug then printf "%a@." Jc_output.assertion a; *) let t1' = ft t1 in @@ -1396,7 +1425,7 @@ [alloc; lvar ~constant:false (* <<- CHANGE THIS *) ~label_in_name:false before v; - LVar v; location_list' p]) in + LDeref v; location_list' p]) in LNamed(reg_check loc,a)) ) mems a @@ -1432,7 +1461,7 @@ begin try let _, init = - Hashtbl.find + Jc_stdlib.Hashtbl.find Jc_typing.logic_constants_table vi.jc_var_info_tag in @@ -1443,7 +1472,7 @@ begin try let _, init = - Hashtbl.find + Jc_stdlib.Hashtbl.find Jc_typing.logic_constants_table app.jc_app_fun.jc_logic_info_tag in @@ -1492,7 +1521,7 @@ begin try let _, init = - Hashtbl.find + Jc_stdlib.Hashtbl.find Jc_typing.logic_constants_table vi.jc_var_info_tag in @@ -1505,7 +1534,7 @@ begin try let _, init = - Hashtbl.find + Jc_stdlib.Hashtbl.find Jc_typing.logic_constants_table li.jc_logic_info_tag in @@ -2403,7 +2432,8 @@ let with_body = try let _f,body = - Hashtbl.find Jc_typing.logic_functions_table + Jc_stdlib.Hashtbl.find + Jc_typing.logic_functions_table f.jc_logic_info_tag in match body with @@ -2489,7 +2519,8 @@ let with_body = try let _f,_loc,_s,body = - Hashtbl.find Jc_typing.functions_table f.jc_fun_info_tag + Jc_stdlib.Hashtbl.find + Jc_typing.functions_table f.jc_fun_info_tag in body <> None with Not_found -> @@ -2997,11 +3028,11 @@ (mk_expr (Triple(true,LTrue,expr e,post,[]))) else (* - let reads = read_effects + let reads = read_effects ~callee_reads:ef.jc_reads ~callee_writes:ef.jc_writes ~params:[] ~region_list:[] in - let _writes = write_effects + let _writes = write_effects ~callee_reads:ef.jc_reads ~callee_writes:ef.jc_writes ~params:[] ~region_list:[] in @@ -3067,7 +3098,10 @@ in let e' = if e#typ = Jc_pervasives.unit_type then - if e#original_type <> Jc_pervasives.unit_type then + if match e#original_type with + | JCTany | JCTnative Tunit -> false + | _ -> true + then match e'.expr_node with | MultiAssign _ -> e' | _ -> @@ -3161,7 +3195,7 @@ (pset_of_interval i) l in - LPred("not_assigns",[talloc;LVarAtLabel(mem,"") ; LVar mem ; pset]) + LPred("not_assigns",[talloc;LDerefAtLabel(mem,"") ; LDeref mem ; pset]) @@ -3208,6 +3242,7 @@ *) match l with | [] -> assert false +(**) | [(i,b1,b2,e')] -> if i=0 then make_lets lets @@ -3221,7 +3256,8 @@ make_lets lets (make_lets [tmpshift,make_app "shift" [mk_var tmpe; mk_expr (Cte i)]] (make_old_style_update ~mark ~pos alloc tmpe tmpshift mem i b1 b2 e')) - | _ -> +(**) + | _ -> let pre = if safety_checking() then make_and_list @@ -3255,7 +3291,7 @@ (* (e+i).f == e' *) LPred("eq", [ LApp("select", - [ LVar mem; + [ LDeref mem; LApp("shift", [ LVar tmpe ; LConst (Prim_int (string_of_int i))] )]); LVar e'])) l) @@ -3263,6 +3299,7 @@ let reads = if isrefalloc then match talloc with | LVar v -> [v;mem] + | LDeref v -> [v;mem] | _ -> assert false else [mem] @@ -3296,10 +3333,11 @@ ~name:id ~beh:(if is_axiom then "axiom" else "lemma") loc; - let a' = - List.fold_right (fun (n,_v,ty') a' -> LForall(n,ty',[],a')) params a' + let a' = + List.fold_right (fun (n,_v,ty') a' -> LForall(n,ty',[],a')) params a' in - Goal((if is_axiom then KAxiom else KLemma),new_id,a') :: acc + Goal((if is_axiom then KAxiom else KLemma), + {Output.name = new_id; loc = Loc.extract loc},a') :: acc @@ -3383,9 +3421,9 @@ in make_impl a' post -let function_prototypes = Hashtbl.create 0 +let function_prototypes = Hashtbl.create 7 -let get_valid_pred_app vi = +let get_valid_pred_app ~in_param vi = match vi.jc_var_info_type with | JCTpointer (pc, n1o, n2o) -> (* TODO: what about bitwise? *) @@ -3398,7 +3436,7 @@ | Some n, None -> let ac = alloc_class_of_pointer_class pc in let a' = - make_valid_pred_app ~equal:false + make_valid_pred_app ~in_param ~equal:false (ac, vi.jc_var_info_region) pc v' (Some (const_of_num n)) None in @@ -3406,7 +3444,7 @@ | None, Some n -> let ac = alloc_class_of_pointer_class pc in let a' = - make_valid_pred_app ~equal:false + make_valid_pred_app ~in_param ~equal:false (ac, vi.jc_var_info_region) pc v' None (Some (const_of_num n)) in @@ -3414,7 +3452,7 @@ | Some n1, Some n2 -> let ac = alloc_class_of_pointer_class pc in let a' = - make_valid_pred_app ~equal:false (ac, vi.jc_var_info_region) pc + make_valid_pred_app ~in_param ~equal:false (ac, vi.jc_var_info_region) pc v' (Some (const_of_num n1)) (Some (const_of_num n2)) in bind_pattern_lets a' @@ -3437,8 +3475,23 @@ if Jc_options.debug then Format.printf "[interp] function %s@." f.jc_fun_info_name; - Jc_options.lprintf "Jc_interp: function %s@." f.jc_fun_info_name; + + (* handle parameters that are assigned in the body *) + + let assigned_params = + List.fold_left + (fun acc (_,v) -> + if v.jc_var_info_assigned then + begin + v.jc_var_info_assigned <- false; + v :: acc + end + else + acc) + [] f.jc_fun_info_parameters + in + (* global variables valid predicates *) let variables_valid_pred_apps = LTrue (* Yannick: commented out because not taken into account in effects @@ -3480,7 +3533,7 @@ let internal_requires = List.fold_left (fun acc (_,v) -> - let req = get_valid_pred_app v in + let req = get_valid_pred_app ~in_param:true v in make_and req acc) internal_requires f.jc_fun_info_parameters in @@ -3722,7 +3775,7 @@ in let newid = f.jc_fun_info_final_name ^ "_requires" in Hashtbl.add function_prototypes newid fun_type; - Param(false, newid, fun_type) :: acc + Param(false, id_no_loc newid, fun_type) :: acc in let acc = (* function declaration without precondition *) let annot_type = @@ -3736,9 +3789,16 @@ in let newid = f.jc_fun_info_final_name in Hashtbl.add function_prototypes newid fun_type; - Param(false, newid, fun_type) :: acc + Param(false, id_no_loc newid, fun_type) :: acc in + + (* restore assigned status for parameters assigned in the body *) + + List.iter + (fun v -> v.jc_var_info_assigned <- true) + assigned_params; + (* Function body *) match body with @@ -3823,7 +3883,7 @@ if is_purely_exceptional_fun spec then acc else if Jc_options.verify_invariants_only then acc else Def( - newid, + id_no_loc newid, mk_expr (Fun( params, internal_requires, @@ -3842,8 +3902,8 @@ let normal_body = wrap_body f spec id body in let newid = f.jc_fun_info_name ^ "_ensures_" ^ id in let beh = - if id="default" then "Default behavior" else - "Normal behavior `"^id^"'" + if id="default" then "default behavior" else + "Behavior `"^id^"'" in reg_decl ~out_mark:newid @@ -3852,7 +3912,7 @@ ~beh funpos; Def( - newid, + id_no_loc newid, mk_expr (Fun( params, assume_in_precondition b internal_requires, @@ -3877,9 +3937,9 @@ ~out_mark:newid ~in_mark:f.jc_fun_info_name ~name:("function " ^ f.jc_fun_info_name) - ~beh:("Exceptional behavior `" ^ id ^ "'") + ~beh:("Behavior `" ^ id ^ "'") funpos; - Def(newid, + Def(id_no_loc newid, mk_expr (Fun( params, assume_in_precondition b internal_requires, @@ -3946,9 +4006,12 @@ | LVar(id) -> let id = StringMap.find_or_default id id param_name_assoc in LVar id - | LVarAtLabel(id,l) -> + | LDeref(id) -> let id = StringMap.find_or_default id id param_name_assoc in - LVarAtLabel(id,l) + LDeref id + | LDerefAtLabel(id,l) -> + let id = StringMap.find_or_default id id param_name_assoc in + LDerefAtLabel(id,l) | Tnamed(n,t) -> Tnamed(n,modif_term t) | TIf(t1,t2,t3) -> TIf(modif_term t1,modif_term t2,modif_term t3) @@ -3966,14 +4029,14 @@ let fun_type = Hashtbl.find function_prototypes fname in let new_fun_type = modif_why_type fun_type in - Param(false, n, new_fun_type) :: acc + Param(false, id_no_loc n, new_fun_type) :: acc (******************************************************************************) (* Logic entities *) (******************************************************************************) -let tr_logic_type (id,l) acc = Type(id,List.map Jc_type_var.name l) :: acc +let tr_logic_type (id,l) acc = Type(id_no_loc id,List.map Jc_type_var.name l) :: acc let tr_exception ei acc = @@ -3982,7 +4045,7 @@ | Some tei -> Some (tr_base_type tei) | None -> None in - Exception(exception_name ei, typ) :: acc + Exception(id_no_loc (exception_name ei), typ) :: acc (* let tr_native_type nty acc = *) (* let lt = tr_base_type (JCTnative nty) in *) @@ -4048,16 +4111,20 @@ in let bv_conv = if !Region.some_bitwise_region then - [Logic(false,logic_bitvector_of_enum ri,["",lt],bitvector_type) ; - Logic(false,logic_enum_of_bitvector ri,["",bitvector_type],lt) ; - Goal(KAxiom,(logic_enum_of_bitvector ri)^"_of_"^(logic_bitvector_of_enum ri), - LForall("x",lt, [], - LPred(equality_op_for_type (JCTenum ri), + [Logic(false,id_no_loc (logic_bitvector_of_enum ri), + ["",lt],bitvector_type) ; + Logic(false,id_no_loc (logic_enum_of_bitvector ri), + ["",bitvector_type],lt) ; + Goal(KAxiom,id_no_loc ((logic_enum_of_bitvector ri)^"_of_"^ + (logic_bitvector_of_enum ri)), + LForall("x",lt, [], + LPred(equality_op_for_type (JCTenum ri), [LApp(logic_enum_of_bitvector ri, [LApp(logic_bitvector_of_enum ri, [LVar "x"])]); LVar "x"]))); - Goal(KAxiom,(logic_bitvector_of_enum ri)^"_of_"^(logic_enum_of_bitvector ri), + Goal(KAxiom,id_no_loc ((logic_bitvector_of_enum ri)^"_of_"^ + (logic_enum_of_bitvector ri)), LForall("x",bitvector_type, [], LPred("eq", (* TODO: equality for bitvectors ? *) [LApp(logic_bitvector_of_enum ri, @@ -4066,40 +4133,40 @@ LVar "x"]))) ] else [] in - Type(name,[]) - :: Logic(false,logic_int_of_enum ri, + Type(id_no_loc name,[]) + :: Logic(false,id_no_loc (logic_int_of_enum ri), [("",lt)],why_integer_type) - :: Logic(false,logic_enum_of_int ri, + :: Logic(false,id_no_loc (logic_enum_of_int ri), [("",why_integer_type)],lt) - :: Predicate(false,eq_of_enum ri,[("x",lt);("y",lt)], + :: Predicate(false,id_no_loc (eq_of_enum ri),[("x",lt);("y",lt)], LPred("eq_int",[LApp(logic_int_of_enum ri,[LVar "x"]); LApp(logic_int_of_enum ri,[LVar "y"])])) :: (if !Jc_options.int_model = IMmodulo then let width = LConst (Prim_int width) in let fmod t = LApp (mod_of_enum ri, [t]) in - [Logic (false, mod_of_enum ri, + [Logic (false, id_no_loc (mod_of_enum ri), ["x", simple_logic_type "int"], simple_logic_type "int"); - Goal(KAxiom,name ^ "_mod_def", + Goal(KAxiom,id_no_loc (name ^ "_mod_def"), LForall ("x", simple_logic_type "int", [], LPred ("eq_int", [LApp (mod_of_enum ri, [LVar "x"]); LApp (logic_int_of_enum ri, [LApp (logic_enum_of_int ri, [LVar "x"])])]))); - Goal(KAxiom,name ^ "_mod_lb", + Goal(KAxiom,id_no_loc (name ^ "_mod_lb"), LForall ("x", simple_logic_type "int", [], LPred ("ge_int", [LApp (mod_of_enum ri, [LVar "x"]); LConst (Prim_int min)]))); - Goal(KAxiom,name ^ "_mod_gb", + Goal(KAxiom,id_no_loc (name ^ "_mod_gb"), LForall ("x", simple_logic_type "int", [], LPred ("le_int", [LApp (mod_of_enum ri, [LVar "x"]); LConst (Prim_int max)]))); - Goal(KAxiom,name ^ "_mod_id", + Goal(KAxiom,id_no_loc (name ^ "_mod_id"), LForall ("x", simple_logic_type "int", [], LImpl (in_bounds (LVar "x"), LPred ("eq_int", [LApp (mod_of_enum ri, [LVar "x"]); LVar "x"])))); - Goal(KAxiom,name ^ "_mod_lt", + Goal(KAxiom,id_no_loc (name ^ "_mod_lt"), LForall ("x", simple_logic_type "int", [], LImpl (LPred ("lt_int", [LVar "x"; LConst (Prim_int min)]), @@ -4107,7 +4174,7 @@ fmod (LApp ("add_int", [LVar "x"; width]))])))); - Goal(KAxiom,name ^ "_mod_gt", + Goal(KAxiom,id_no_loc (name ^ "_mod_gt"), LForall ("x", simple_logic_type "int", [], LImpl (LPred ("gt_int", [LVar "x"; LConst (Prim_int max)]), @@ -4117,13 +4184,13 @@ width]))])))); ] else []) - @ Param(false,fun_enum_of_int ri,of_int_type) - :: Param(false,safe_fun_enum_of_int ri,safe_of_int_type) - :: Param(false,fun_any_enum ri,any_type) - :: Goal(KAxiom,name^"_range", + @ Param(false,id_no_loc (fun_enum_of_int ri),of_int_type) + :: Param(false,id_no_loc (safe_fun_enum_of_int ri),safe_of_int_type) + :: Param(false,id_no_loc (fun_any_enum ri),any_type) + :: Goal(KAxiom,id_no_loc (name^"_range"), LForall("x",lt, [],in_bounds (LApp(logic_int_of_enum ri,[LVar "x"])))) - :: Goal(KAxiom,name^"_coerce", + :: Goal(KAxiom,id_no_loc (name^"_coerce"), LForall("x",why_integer_type, [], LImpl(in_bounds (LVar "x"), LPred("eq_int", @@ -4131,6 +4198,25 @@ [LApp(logic_enum_of_int ri, [LVar "x"])]) ; LVar "x"])))) +(* + :: Goal(KAxiom,id_no_loc (name^"_extensionality"), + LForall("x",lt, [], + LForall("y",lt, [ (* [LPatP(LPred(eq_of_enum ri, + [LVar "x"; LVar "y"]))] *) ], + LImpl(LPred(eq_of_enum ri,[LVar "x"; LVar "y"]), + LPred("eq",[LVar "x"; LVar "y"]) + )))) +*) + :: Goal(KAxiom,id_no_loc (name^"_extensionality"), + LForall("x",lt, [], + LForall("y",lt, [ (* [LPatP(LPred("eq_int", + [LApp(logic_int_of_enum ri, [LVar "x"]); + LApp(logic_int_of_enum ri, [LVar "y"])]))] *)], + LImpl(LPred("eq_int", + [LApp(logic_int_of_enum ri, [LVar "x"]); + LApp(logic_int_of_enum ri, [LVar "y"])]), + LPred("eq",[LVar "x"; LVar "y"]) + )))) :: bv_conv @ acc @@ -4163,7 +4249,7 @@ *) let modsmall = LApp(mod_of_enum smallri,[LVar "x"]) in let modbig = LApp(mod_of_enum bigri,[LVar "x"]) in - Goal(KAxiom,smallname ^ "_" ^ bigname ^ "_mod_coincide", + Goal(KAxiom,id_no_loc (smallname ^ "_" ^ bigname ^ "_mod_coincide"), LForall("x",why_integer_type, [], LImpl(in_bounds modbig, LPred("eq_int",[modsmall;modbig])))) @@ -4179,27 +4265,27 @@ let tr_variable vi _e acc = if vi.jc_var_info_assigned then let t = Ref_type(tr_var_type vi) in - Param(false,vi.jc_var_info_final_name,t)::acc + Param(false,id_no_loc vi.jc_var_info_final_name,t)::acc else let t = tr_base_type vi.jc_var_info_type in - Logic(false,vi.jc_var_info_final_name,[],t)::acc + Logic(false,id_no_loc vi.jc_var_info_final_name,[],t)::acc let tr_region r acc = - Type(r.jc_reg_final_name,[]) :: acc + Type(id_no_loc r.jc_reg_final_name,[]) :: acc let tr_memory (mc,r) acc = Param( - false,memory_name(mc,r), + false,id_no_loc (memory_name(mc,r)), Ref_type(Base_type(memory_type mc))) :: acc let tr_alloc_table (pc,r) acc = Param( - false,alloc_table_name(pc,r), + false,id_no_loc (alloc_table_name(pc,r)), Ref_type(Base_type(alloc_table_type pc))) :: acc let tr_tag_table (rt,r) acc = Param( - false,tag_table_name(rt,r), + false,id_no_loc (tag_table_name(rt,r)), Ref_type(Base_type(tag_table_type rt))) :: acc @@ -4218,30 +4304,38 @@ then acc else let mem = bitvector_type in - Param(false,union_memory_name rt,Ref_type(Base_type mem)) :: acc + Param(false,id_no_loc (union_memory_name rt), + Ref_type(Base_type mem)) :: acc in + let in_param = false in (* Validity parameters *) - make_valid_pred ~equal:true ac pc - :: make_valid_pred ~equal:false ac pc - :: make_valid_pred ~equal:false ~right:false ac pc - :: make_valid_pred ~equal:false ~left:false ac pc - :: make_valid_pred ~equal:false (* TODO ? *) JCalloc_bitvector pc + make_valid_pred ~in_param ~equal:true ac pc + :: make_valid_pred ~in_param ~equal:false ac pc + :: make_valid_pred ~in_param ~equal:false ~right:false ac pc + :: make_valid_pred ~in_param ~equal:false ~left:false ac pc +(* + :: make_valid_pred ~in_param ~equal:false (* TODO ? *) JCalloc_bitvector pc +*) (* Allocation parameter *) :: make_alloc_param ~check_size:true ac pc :: make_alloc_param ~check_size:false ac pc +(* :: make_alloc_param ~check_size:true JCalloc_bitvector pc :: make_alloc_param ~check_size:false JCalloc_bitvector pc +*) :: acc else - make_valid_pred ~equal:true ac pc :: make_valid_pred ~equal:false ac pc :: acc + make_valid_pred ~in_param:false ~equal:true ac pc + :: make_valid_pred ~in_param:false ~equal:false ac pc + :: acc in let of_ptr_addr = - Logic(false, of_pointer_address_name rt, + Logic(false, id_no_loc (of_pointer_address_name rt), [ ("",raw_pointer_type why_unit_type) ], pointer_type ac pc) in let addr_axiom = let p = "p" in - Goal(KAxiom,"pointer_addr_of_" ^ (of_pointer_address_name rt), + Goal(KAxiom,id_no_loc ("pointer_addr_of_" ^ (of_pointer_address_name rt)), LForall(p, raw_pointer_type why_unit_type, [], make_eq_pred (JCTpointer(pc,None,None)) (LVar p) @@ -4251,7 +4345,7 @@ in let rev_addr_axiom = let p = "p" in - Goal(KAxiom,(of_pointer_address_name rt) ^ "_of_pointer_addr", + Goal(KAxiom,id_no_loc ((of_pointer_address_name rt) ^ "_of_pointer_addr"), LForall(p, pointer_type ac pc, [], make_eq_pred (JCTpointer(pc,None,None)) (LVar p) @@ -4262,16 +4356,20 @@ let lt = tr_base_type (JCTpointer(pc,None,None)) in let conv = if !Region.some_bitwise_region then - [Logic(false,logic_bitvector_of_variant rt,["",lt],bitvector_type); - Logic(false,logic_variant_of_bitvector rt,["",bitvector_type],lt); - Goal(KAxiom,(logic_variant_of_bitvector rt)^"_of_"^(logic_bitvector_of_variant rt), + [Logic(false,id_no_loc (logic_bitvector_of_variant rt), + ["",lt],bitvector_type); + Logic(false,id_no_loc (logic_variant_of_bitvector rt), + ["",bitvector_type],lt); + Goal(KAxiom,id_no_loc ((logic_variant_of_bitvector rt)^"_of_"^ + (logic_bitvector_of_variant rt)), LForall("x",lt, [], LPred(equality_op_for_type (JCTpointer (pc,None,None)), [LApp(logic_variant_of_bitvector rt, [LApp(logic_bitvector_of_variant rt, [LVar "x"])]); LVar "x"]))); - Goal(KAxiom,(logic_bitvector_of_variant rt)^"_of_"^(logic_variant_of_bitvector rt), + Goal(KAxiom,id_no_loc ((logic_bitvector_of_variant rt)^"_of_"^ + (logic_variant_of_bitvector rt)), LForall("x",bitvector_type, [], LPred("eq", (* TODO: equality for bitvectors ? *) [LApp(logic_bitvector_of_variant rt, @@ -4285,7 +4383,7 @@ let tag_table = Param( false, - variant_tag_table_name rt, + id_no_loc (variant_tag_table_name rt), Ref_type( Base_type { logic_type_name = tag_table_type_name; @@ -4295,20 +4393,20 @@ let alloc_table = Param( false, - variant_alloc_table_name rt, + id_no_loc (variant_alloc_table_name rt), Ref_type( Base_type { logic_type_name = alloc_table_type_name; logic_type_args = [root_model_type rt]; })) in - let type_def = Type(root_type_name rt, []) in + let type_def = Type(id_no_loc (root_type_name rt), []) in (* Axiom: the variant can only have the given tags *) let axiom_variant_has_tag = let v = "x" in let tag_table = generic_tag_table_name rt in Goal(KAxiom, - variant_axiom_on_tags_name rt, + id_no_loc (variant_axiom_on_tags_name rt), LForall( v, pointer_type ac pc, [], @@ -4326,7 +4424,7 @@ (fun (acc, index) st -> let axiom = Goal(KAxiom, - axiom_int_of_tag_name st, + id_no_loc (axiom_int_of_tag_name st), make_eq (make_int_of_tag st) (LConst(Prim_int(string_of_int index))) diff -Nru why-2.29+dfsg/jc/jc_interp.mli why-2.30+dfsg/jc/jc_interp.mli --- why-2.29+dfsg/jc/jc_interp.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_interp.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -159,8 +159,9 @@ (** {2 locations and explanations} *) +(* val print_locs : Format.formatter -> unit - + *) (* Local Variables: diff -Nru why-2.29+dfsg/jc/jc_invariants.ml why-2.30+dfsg/jc/jc_invariants.ml --- why-2.29+dfsg/jc/jc_invariants.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_invariants.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -542,12 +542,12 @@ (* mutable_T: T tag_id *) Param( false, - mutable_name st, + id_no_loc (mutable_name st), Ref_type(Base_type (mutable_memory_type st))) (* committed_T: bool *) ::Param( false, - committed_name st, + id_no_loc (committed_name st), Ref_type(Base_type (committed_memory_type st))) ::acc else @@ -924,7 +924,8 @@ (* return the predicate *) match params with | [] -> acc (* Not supposed to happen though *) - | _ -> Predicate(false, hierarchy_invariant_name root, params, body)::acc + | _ -> Predicate(false, id_no_loc (hierarchy_invariant_name root), + params, body)::acc let make_global_invariants acc = let h = hierarchies () in @@ -1070,9 +1071,9 @@ let pset = pset_union_list pset_list in (* "not_assigns" saying that only the pointers of pset have been modified *) - let not_assigns = make_not_assigns (LVar alloc) - (LVarAtLabel(com, "")) - (LVar com) + let not_assigns = make_not_assigns (LDeref alloc) + (LDerefAtLabel(com, "")) + (LDeref com) pset in (* new values for the fields in their ranges *) @@ -1207,7 +1208,7 @@ [ LVar mutable_name; LApp( "store", - [ LVarAtLabel(mutable_name, ""); + [ LDerefAtLabel(mutable_name, ""); LVar this; LVar tag ])])) components_post @@ -1225,7 +1226,7 @@ if st.jc_struct_info_parent = None then Param( false, - pack_name st, + id_no_loc (pack_name st), Prod_type( this, Base_type this_type, @@ -1269,10 +1270,10 @@ make_and (LPred( "eq", - [ LVar mutable_name; + [ LDeref mutable_name; LApp( "store", - [ LVarAtLabel(mutable_name, ""); + [ LDerefAtLabel(mutable_name, ""); LVar this; LVar tag ])])) components_post @@ -1290,7 +1291,7 @@ if st.jc_struct_info_parent = None then Param( false, - "unpack_"^(root_name st), + id_no_loc ("unpack_"^(root_name st)), Prod_type( this, Base_type this_type, diff -Nru why-2.29+dfsg/jc/jc_iterators.ml why-2.30+dfsg/jc/jc_iterators.ml --- why-2.29+dfsg/jc/jc_iterators.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_iterators.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_iterators.mli why-2.30+dfsg/jc/jc_iterators.mli --- why-2.29+dfsg/jc/jc_iterators.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_iterators.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_lexer.mli why-2.30+dfsg/jc/jc_lexer.mli --- why-2.29+dfsg/jc/jc_lexer.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_lexer.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_lexer.mll why-2.30+dfsg/jc/jc_lexer.mll --- why-2.29+dfsg/jc/jc_lexer.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_lexer.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_main.ml why-2.30+dfsg/jc/jc_main.ml --- why-2.29+dfsg/jc/jc_main.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_main.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -173,8 +173,8 @@ (* phase 8: computation of effects *) compute_effects logic_components components; - (* (optional) - generation of the separation predicates : compute the needed + (* (optional) + generation of the separation predicates : compute the needed generated predicates *) if Jc_options.gen_frame_rule_with_ft then (Jc_options.lprintf "Compute needed predicates@."; @@ -387,22 +387,55 @@ (* PART 5: OUTPUT FILES *) (*************************************************************************) + (* union and pointer casts: disabled *) + if !Region.some_bitwise_region then + begin + eprintf "Jessie support for unions and pointer casts is disabled@."; + exit 1 + end; + let decls = pop_decls () in (* output phase 1: produce Why file *) - Jc_options.lprintf "Produce Why file@."; - Pp.print_in_file - (fun fmt -> fprintf fmt "%a@." Output.fprintf_why_decls decls) - (Lib.file_subdir "why" (filename ^ ".why")); - - (* output phase 2: produce locs file *) - Jc_options.lprintf "Produce locs file@."; - let cout_locs,fmt_locs = - Pp.open_file_and_formatter (Lib.file_subdir "." (filename ^ ".loc")) - in - Jc_interp.print_locs fmt_locs; - Output.print_pos fmt_locs; (* Generated annotations. *) - Pp.close_file_and_formatter (cout_locs,fmt_locs); + if Jc_options.why3_backend then + begin + Jc_options.lprintf "Produce Why3ml file@."; + Pp.print_in_file + (fun fmt -> fprintf fmt "%a@." + (Output.fprintf_why_decls ~why3:true + ~use_floats:!Jc_options.has_floats + ~full_floats:(!Jc_options.float_model = Jc_env.FMfull) + ) decls) + (filename ^ ".mlw"); + (* not used by why3, but useful for debugging traceability *) + let cout_locs,fmt_locs = + Pp.open_file_and_formatter (Lib.file_subdir "." (filename ^ ".loc")) + in + Output.my_print_locs fmt_locs; + Pp.close_file_and_formatter (cout_locs,fmt_locs); + end + else + begin + Jc_options.lprintf "Produce Why file@."; + Pp.print_in_file + (fun fmt -> fprintf fmt "%a@." + (Output.fprintf_why_decls ~why3:false + ~use_floats:!Jc_options.has_floats + ~full_floats:(!Jc_options.float_model = Jc_env.FMfull) + ) decls) + (Lib.file_subdir "why" (filename ^ ".why")); + + (* output phase 2: produce locs file *) + Jc_options.lprintf "Produce locs file@."; + let cout_locs,fmt_locs = + Pp.open_file_and_formatter (Lib.file_subdir "." (filename ^ ".loc")) + in + Output.my_print_locs fmt_locs; +(* + Output.old_print_pos fmt_locs; (* Generated annotations. *) +*) + Pp.close_file_and_formatter (cout_locs,fmt_locs); + end; (* output phase 3: produce makefile *) Jc_options.lprintf "Produce makefile@."; @@ -410,12 +443,6 @@ we first have to update Jc_options.libfiles depending on the current pragmas *) - if !Region.some_bitwise_region then - begin - eprintf "Jessie support for unions and pointer casts is disabled@."; - exit 1 - end; - Jc_options.add_to_libfiles (if !Region.some_bitwise_region then "jessie_bitvectors.why" else "jessie.why"); diff -Nru why-2.29+dfsg/jc/jc_make.ml why-2.30+dfsg/jc/jc_make.ml --- why-2.29+dfsg/jc/jc_make.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_make.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -43,6 +43,7 @@ *) let simplify fmt f = fprintf fmt "simplify/%s_why.sx" f +let vampire fmt f = fprintf fmt "vampire/%s_why.vp" f let coq_v fmt f = fprintf fmt "coq/%s_why.v" f let coq_vo fmt f = fprintf fmt "coq/%s_why.vo" f let pvs fmt f = fprintf fmt "pvs/%s_why.pvs" f @@ -77,10 +78,12 @@ (String.escaped (Filename.concat "$(WHYLIB)" (Filename.concat "why" s)))) (Jc_options.get_libfiles ()); - out "@\n@\n"; + out "@\n"; + out "JESSIE3LIB ?=%s@\n@\n" (String.escaped (Filename.concat "$(WHYLIB)" + "why3")); out "COQDEP = coqdep@\n@\n"; - out ".PHONY: all coq pvs simplify cvcl harvey smtlib zenon@\n@\n"; + out ".PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon@\n@\n"; out "all: %a@\n@\n" (print_files simplify) targets; @@ -137,6 +140,12 @@ out "simplify/%%_why.sx: why/%%.why@\n"; out "\t@@echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why@\n@\n"; + out "vampire: %a@\n" (print_files vampire) targets; + out "\t@@echo 'Running Vampire on proof obligations' && ($(DP) $^)@\n@\n"; + out "vampire/%%_why.vp: WHYOPT=-vampire -dir vampire@\n"; + out "vampire/%%_why.vp: why/%%.why@\n"; + out "\t@@echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why@\n@\n"; + out "alt-ergo ergo: %a@\n" (print_files ergo) targets; out "\t@@echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^)@\n@\n"; out "why/%%_why.why: WHYOPT=-alt-ergo -dir why@\n"; @@ -211,6 +220,16 @@ out "\t@@echo 'why3ide [...] $<' \ && why3ide $<@\n@\n"; + let why3ml_target = + (match targets with f::_ -> f^".mlw" | [] -> "") + in + out "why3ml: %s@\n" why3ml_target; + out "\t@@echo 'why3ml [...] $<' \ + && why3ide -I $(JESSIE3LIB) $<@\n@\n"; +(* + out "\twhy3ide -I $(JESSIE3LIB) $<@\n@\n"; +*) + out "-include %s.depend@\n@\n" f; out "depend: %a@\n" (print_files coq_v) targets; out "\t-$(COQDEP) -I coq coq/%s*_why.v > %s.depend@\n@\n" f f; diff -Nru why-2.29+dfsg/jc/jc_name.ml why-2.30+dfsg/jc/jc_name.ml --- why-2.29+dfsg/jc/jc_name.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_name.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_norm.ml why-2.30+dfsg/jc/jc_norm.ml --- why-2.29+dfsg/jc/jc_norm.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_norm.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_norm.mli why-2.30+dfsg/jc/jc_norm.mli --- why-2.29+dfsg/jc/jc_norm.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_norm.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_noutput.ml why-2.30+dfsg/jc/jc_noutput.ml --- why-2.29+dfsg/jc/jc_noutput.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_noutput.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_options.ml why-2.30+dfsg/jc/jc_options.ml --- why-2.29+dfsg/jc/jc_options.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_options.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -87,6 +87,8 @@ let verify = ref [] let behavior = ref "" +let why3_backend = ref false + let add_why_opt s = why_opt := !why_opt ^ " " ^ s let annotation_sem = ref AnnotNone @@ -113,7 +115,7 @@ let version () = Printf.printf "This is Jessie version %s, compiled on %s -Copyright (c) 2006-2008 - INRIA team-project ProVal +Copyright (c) 2006-2011 - CNRS/INRIA/Univ Paris 11, team ProVal This is free software with ABSOLUTELY NO WARRANTY (use option -warranty) " Version.version Version.date; exit 0 @@ -137,6 +139,9 @@ "-behavior", Arg.String (fun s -> behavior := s), " verify only specified behavior (safety, default or user-defined behavior)"; + "-why3ml", Arg.Set why3_backend, + " (experimental) produce a program in why3ml syntax" ; + "-why-opt", Arg.String add_why_opt, " passes options to Why"; "-v", Arg.Set verbose, @@ -198,6 +203,7 @@ let debug = !debug let verbose = !verbose let werror = !werror +let why3_backend = !why3_backend let why_opt = !why_opt let inv_sem = inv_sem let separation_sem = separation_sem diff -Nru why-2.29+dfsg/jc/jc_options.mli why-2.30+dfsg/jc/jc_options.mli --- why-2.29+dfsg/jc/jc_options.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_options.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -51,6 +51,7 @@ val debug : bool val verbose : bool val werror : bool +val why3_backend : bool val why_opt : string val verify_all_offsets : bool diff -Nru why-2.29+dfsg/jc/jc_output_misc.ml why-2.30+dfsg/jc/jc_output_misc.ml --- why-2.29+dfsg/jc/jc_output_misc.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_output_misc.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_output.ml why-2.30+dfsg/jc/jc_output.ml --- why-2.29+dfsg/jc/jc_output.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_output.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_parser.mly why-2.30+dfsg/jc/jc_parser.mly --- why-2.29+dfsg/jc/jc_parser.mly 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_parser.mly 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/jc/jc_pattern.ml why-2.30+dfsg/jc/jc_pattern.ml --- why-2.29+dfsg/jc/jc_pattern.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_pattern.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_pervasives.ml why-2.30+dfsg/jc/jc_pervasives.ml --- why-2.29+dfsg/jc/jc_pervasives.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_pervasives.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -89,6 +89,12 @@ | JCTany | JCTtype_var _ -> assert false (* TODO? *) | JCTnull | JCTpointer _ -> `Pointer +let eq_operator_of_type = function + | JCTnative n -> operator_of_native n + | JCTenum _ | JCTlogic _ -> `Logic + | JCTany | JCTtype_var _ -> assert false (* TODO? *) + | JCTnull | JCTpointer _ -> `Pointer + let new_label_name = let label_name_counter = ref 0 in function () -> incr label_name_counter; @@ -851,7 +857,7 @@ let pointer_struct = function | JCTpointer(JCtag(st, []), _, _) -> st - | ty -> + | ty -> Format.printf "%a@." print_type ty; assert false @@ -1059,11 +1065,10 @@ Some (JCTnative Tboolean), "\\single_is_plus_infinity", "single_is_plus_infinity", [float_type]; Some (JCTnative Tboolean), "\\double_is_plus_infinity", "double_is_plus_infinity", [double_type]; - Some real_type, "\\exp", "exp", [real_type] ; Some real_type, "\\log", "log", [real_type] ; Some real_type, "\\log10", "log10", [real_type] ; - + Some real_type, "\\cos", "cos", [real_type] ; Some real_type, "\\sin", "sin", [real_type] ; Some real_type, "\\tan", "tan", [real_type] ; @@ -1079,7 +1084,7 @@ Some real_type, "\\round_float", "round_float", [float_format; rounding_mode; real_type]; None, "\\no_overflow_single", "no_overflow_single", [rounding_mode; real_type]; None, "\\no_overflow_double", "no_overflow_double", [rounding_mode; real_type]; - + Some real_type, "\\round_single", "round_single", [rounding_mode; real_type]; Some real_type, "\\round_double", "round_double", [rounding_mode; real_type]; @@ -1095,24 +1100,24 @@ Some sign, "\\Positive", "Positive", []; Some sign, "\\Negative", "Negative", []; - - Some (JCTnative Tboolean), "\\le_float", "le_single", [float_type;float_type]; - Some (JCTnative Tboolean), "\\le_double", "le_double", [double_type;double_type]; - Some (JCTnative Tboolean), "\\lt_float", "lt_single", [float_type;float_type]; - Some (JCTnative Tboolean), "\\lt_double", "lt_double", [double_type;double_type]; + Some (JCTnative Tboolean), "\\le_float", "le_single_full", [float_type;float_type]; + Some (JCTnative Tboolean), "\\le_double", "le_double_full", [double_type;double_type]; + + Some (JCTnative Tboolean), "\\lt_float", "lt_single_full", [float_type;float_type]; + Some (JCTnative Tboolean), "\\lt_double", "lt_double_full", [double_type;double_type]; - Some (JCTnative Tboolean), "\\ge_float", "ge_single", [float_type;float_type]; - Some (JCTnative Tboolean), "\\ge_double", "ge_double", [double_type;double_type]; + Some (JCTnative Tboolean), "\\ge_float", "ge_single_full", [float_type;float_type]; + Some (JCTnative Tboolean), "\\ge_double", "ge_double_full", [double_type;double_type]; - Some (JCTnative Tboolean), "\\gt_float", "gt_single", [float_type;float_type]; - Some (JCTnative Tboolean), "\\gt_double", "gt_double", [double_type;double_type]; + Some (JCTnative Tboolean), "\\gt_float", "gt_single_full", [float_type;float_type]; + Some (JCTnative Tboolean), "\\gt_double", "gt_double_full", [double_type;double_type]; - Some (JCTnative Tboolean), "\\eq_float", "eq_single", [float_type;float_type]; - Some (JCTnative Tboolean), "\\eq_double", "eq_double", [double_type;double_type]; + Some (JCTnative Tboolean), "\\eq_float", "eq_single_full", [float_type;float_type]; + Some (JCTnative Tboolean), "\\eq_double", "eq_double_full", [double_type;double_type]; - Some (JCTnative Tboolean), "\\ne_float", "ne_single", [float_type;float_type]; - Some (JCTnative Tboolean), "\\ne_double", "ne_double", [double_type;double_type]; + Some (JCTnative Tboolean), "\\ne_float", "ne_single_full", [float_type;float_type]; + Some (JCTnative Tboolean), "\\ne_double", "ne_double_full", [double_type;double_type]; ] let treatdouble = TreatGenFloat (`Double :> float_format) diff -Nru why-2.29+dfsg/jc/jc_pervasives.mli why-2.30+dfsg/jc/jc_pervasives.mli --- why-2.29+dfsg/jc/jc_pervasives.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_pervasives.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -58,6 +58,7 @@ val operator_of_native: native_type -> [> native_operator_type] val operator_of_type: jc_type -> [> operator_type] +val eq_operator_of_type: jc_type -> [> operator_type] val integer_type : Jc_env.jc_type val boolean_type : Jc_env.jc_type diff -Nru why-2.29+dfsg/jc/jc_poutput.ml why-2.30+dfsg/jc/jc_poutput.ml --- why-2.29+dfsg/jc/jc_poutput.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_poutput.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_region.ml why-2.30+dfsg/jc/jc_region.ml --- why-2.29+dfsg/jc/jc_region.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_region.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_separation.ml why-2.30+dfsg/jc/jc_separation.ml --- why-2.29+dfsg/jc/jc_separation.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_separation.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -130,36 +130,39 @@ let single_assertion _rresult a = match a#node with - | JCAapp app -> - let li = app.jc_app_fun in - let param_regions = - if in_current_logic_component li then - (* No generalization here, plain unification *) - List.map (fun vi -> vi.jc_var_info_region) - li.jc_logic_info_parameters - else - (* Apply generalization before unification *) - let regions = li.jc_logic_info_param_regions in - let assoc = RegionList.duplicate regions in - app.jc_app_region_assoc <- assoc; - List.map (fun vi -> - if is_dummy_region vi.jc_var_info_region then dummy_region else - try RegionList.assoc vi.jc_var_info_region assoc - with Not_found -> assert false) - li.jc_logic_info_parameters - in - let arg_regions = - List.map (fun t -> t#region) app.jc_app_args - in - Jc_options.lprintf "param:%a@." (print_list comma Region.print) param_regions; - Jc_options.lprintf "arg:%a@." (print_list comma Region.print) arg_regions; - List.iter2 Region.unify param_regions arg_regions - | JCAtrue | JCAfalse | JCArelation _ | JCAeqtype _ - | JCAinstanceof _ | JCAbool_term _ | JCAmutable _ - | JCAand _ | JCAor _ | JCAimplies _ | JCAiff _ | JCAif _ - | JCAlet _ | JCAmatch _ - | JCAnot _ | JCAquantifier _ | JCAold _ | JCAat _ | JCAsubtype _ -> - () + | JCArelation(t1,(_,`Pointer),t2) -> + Region.unify t1#region t2#region + | JCArelation _ -> () + | JCAapp app -> + let li = app.jc_app_fun in + let param_regions = + if in_current_logic_component li then + (* No generalization here, plain unification *) + List.map (fun vi -> vi.jc_var_info_region) + li.jc_logic_info_parameters + else + (* Apply generalization before unification *) + let regions = li.jc_logic_info_param_regions in + let assoc = RegionList.duplicate regions in + app.jc_app_region_assoc <- assoc; + List.map (fun vi -> + if is_dummy_region vi.jc_var_info_region then dummy_region else + try RegionList.assoc vi.jc_var_info_region assoc + with Not_found -> assert false) + li.jc_logic_info_parameters + in + let arg_regions = + List.map (fun t -> t#region) app.jc_app_args + in + Jc_options.lprintf "param:%a@." (print_list comma Region.print) param_regions; + Jc_options.lprintf "arg:%a@." (print_list comma Region.print) arg_regions; + List.iter2 Region.unify param_regions arg_regions + | JCAtrue | JCAfalse | JCAeqtype _ + | JCAinstanceof _ | JCAbool_term _ | JCAmutable _ + | JCAand _ | JCAor _ | JCAimplies _ | JCAiff _ | JCAif _ + | JCAlet _ | JCAmatch _ + | JCAnot _ | JCAquantifier _ | JCAold _ | JCAat _ | JCAsubtype _ -> + () let assertion rresult a = Jc_iterators.iter_term_and_assertion diff -Nru why-2.29+dfsg/jc/jc_stdlib_ge312.ml why-2.30+dfsg/jc/jc_stdlib_ge312.ml --- why-2.29+dfsg/jc/jc_stdlib_ge312.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_stdlib_ge312.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_stdlib_lt312.ml why-2.30+dfsg/jc/jc_stdlib_lt312.ml --- why-2.29+dfsg/jc/jc_stdlib_lt312.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_stdlib_lt312.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_struct_tools.ml why-2.30+dfsg/jc/jc_struct_tools.ml --- why-2.29+dfsg/jc/jc_struct_tools.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_struct_tools.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_struct_tools.mli why-2.30+dfsg/jc/jc_struct_tools.mli --- why-2.29+dfsg/jc/jc_struct_tools.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_struct_tools.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_type_var.ml why-2.30+dfsg/jc/jc_type_var.ml --- why-2.29+dfsg/jc/jc_type_var.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_type_var.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_type_var.mli why-2.30+dfsg/jc/jc_type_var.mli --- why-2.29+dfsg/jc/jc_type_var.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_type_var.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/jc_typing.ml why-2.30+dfsg/jc/jc_typing.ml --- why-2.29+dfsg/jc/jc_typing.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_typing.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -300,6 +300,8 @@ | JCTnative n1, JCTnative n2 -> if n1=n2 then t1 else raise Not_found (* TODO: integer is subtype of real *) + | JCTenum e1, JCTenum e2 -> + if e1=e2 then t1 else Jc_pervasives.integer_type | (JCTenum _ | JCTnative Tinteger), (JCTenum _| JCTnative Tinteger) -> Jc_pervasives.integer_type | JCTlogic s1, JCTlogic s2 -> @@ -342,6 +344,8 @@ let comparable_types t1 t2 = match t1,t2 with + | JCTnative Tinteger, JCTnative Treal -> true + | JCTnative Treal, JCTnative Tinteger -> true | JCTnative t1, JCTnative t2 -> t1=t2 | JCTenum _, JCTenum _ -> true | JCTenum _, JCTnative Tinteger -> true @@ -1233,13 +1237,15 @@ else typing_error loc "numeric types expected for >, <, >= and <=" | `Beq | `Bneq -> +(**) if is_numeric t1 && is_numeric t2 then let t = lub_numeric_types t1 t2 in JCArelation(term_coerce t1 t e1, rel_bin_op (operator_of_native t) op, term_coerce t2 t e2) else - let t = operator_of_type (mintype loc t1 t2) in +(**) + let t = eq_operator_of_type (mintype loc t1 t2) in if comparable_types t1 t2 then JCArelation(e1, rel_bin_op t op, e2) else diff -Nru why-2.29+dfsg/jc/jc_typing.mli why-2.30+dfsg/jc/jc_typing.mli --- why-2.29+dfsg/jc/jc_typing.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/jc_typing.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/numconst.mli why-2.30+dfsg/jc/numconst.mli --- why-2.29+dfsg/jc/numconst.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/numconst.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/numconst.mll why-2.30+dfsg/jc/numconst.mll --- why-2.29+dfsg/jc/numconst.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/numconst.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/jc/output.ml why-2.30+dfsg/jc/output.ml --- why-2.29+dfsg/jc/output.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/output.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -35,6 +35,8 @@ open Format open Pp +let why3syntax = ref false + type constant = | Prim_void | Prim_int of string @@ -46,19 +48,29 @@ let fprintf_constant form e = match e with - | Prim_void -> fprintf form "void" - | Prim_int(n) -> fprintf form "(%s)" n + | Prim_void -> + if !why3syntax then + fprintf form "()" + else + fprintf form "void" + | Prim_int(n) -> + fprintf form "(%s)" n | Prim_real(f) -> fprintf form "%s" f - | Prim_bool(b) -> fprintf form "%b" b + | Prim_bool(b) -> + if !why3syntax then + fprintf form "%s" (if b then "True" else "False") + else + fprintf form "%b" b (* | Prim_string s -> fprintf form "\"%s\"" s *) -type term = +type term = | LConst of constant | LApp of string * term list - | LVar of string - | LVarAtLabel of string * string (*r x@L *) + | LVar of string (*r immutable logic var *) + | LDeref of string (*r !r *) + | LDerefAtLabel of string * string (*r x@L *) | Tnamed of string * term | TIf of term * term * term | TLet of string * term * term @@ -67,54 +79,400 @@ match t with | LConst(_c) -> () | LApp(id,l) -> f id; List.iter (iter_term f) l - | LVar(id) -> f id - | LVarAtLabel(id,_l) -> f id + | LVar id | LDeref id | LDerefAtLabel(id,_) -> f id | Tnamed(_,t) -> iter_term f t - | TIf(t1,t2,t3) -> + | TIf(t1,t2,t3) -> iter_term f t1; iter_term f t2; iter_term f t3 - | TLet(id,t1,t2) -> + | TLet(id,t1,t2) -> f id; iter_term f t1; iter_term f t2 let rec match_term acc t1 t2 = match t1, t2 with | LVar id, _ -> (id,t2)::acc - | LApp(id1,l1), LApp(id2,l2) when id1 = id2 -> + | LApp(id1,l1), LApp(id2,l2) when id1 = id2 -> List.fold_left2 match_term acc l1 l2 | _ -> invalid_arg "match_term : t1 is not a valid context" +let why3id s = + match s.[0] with + | 'A'..'Z' -> "_" ^ s + | _ -> s + +let why3constr s = + match s.[0] with + | 'A'..'Z' -> s + | 'a'..'z' -> String.capitalize s + | _ -> "U_" ^ s + +let why3id_if s = + if !why3syntax then why3id s else s + +let why3ident s = + match s with + | "le_int" -> "Int.(<=)" + | "le_int_" -> "Int.(<=)" + | "le_int_bool" -> "Int.(<=)" + | "ge_int" -> "Int.(>=)" + | "ge_int_" -> "Int.(>=)" + | "ge_int_bool" -> "Int.(>=)" + | "lt_int" -> "Int.(<)" + | "lt_int_" -> "Int.(<)" + | "lt_int_bool" -> "Int.(<)" + | "gt_int" -> "Int.(>)" + | "gt_int_" -> "Int.(>)" + | "gt_int_bool" -> "Int.(>)" + | "add_int" -> "Int.(+)" + | "sub_int" -> "Int.(-)" + | "neg_int" -> "Int.(-_)" + | "mul_int" -> "Int.(*)" + | "computer_div" -> "ComputerDivision.div" + | "computer_mod" -> "ComputerDivision.mod" + | "int_min" -> "IntMinMax.min" + | "int_max" -> "IntMinMax.max" + (* reals *) + | "le_real" -> "Real.(<=)" + | "le_real_" -> "Real.(<=)" + | "le_real_bool" -> "Real.(<=)" + | "ge_real" -> "Real.(>=)" + | "ge_real_" -> "Real.(>=)" + | "ge_real_bool" -> "Real.(>=)" + | "lt_real" -> "Real.(<)" + | "lt_real_" -> "Real.(<)" + | "lt_real_bool" -> "Real.(<)" + | "gt_real" -> "Real.(>)" + | "gt_real_" -> "Real.(>)" + | "gt_real_bool" -> "Real.(>)" + | "add_real" -> "Real.(+)" + | "sub_real" -> "Real.(-)" + | "neg_real" -> "Real.(-_)" + | "mul_real" -> "Real.(*)" + | "div_real" -> "Real.(/)" + (* real functions *) + | "real_of_int" -> "FromInt.from_int" + | "truncate_real_to_int" -> "Truncate.truncate" + | "real_min" -> "RealMinMax.min" + | "real_max" -> "RealMinMax.max" + | "abs_real" -> "AbsReal.abs" + | "sqrt_real" -> "Square.sqrt" + | "pow_real" -> "Power.pow" + | "cos" -> "Trigonometry.cos" + | "sin" -> "Trigonometry.sin" + | "tan" -> "Trigonometry.tan" + | "atan" -> "Trigonometry.atan" + (* floats *) + | "nearest_even" -> "Rounding.NearestTiesToEven" + | "single_value" -> "Single.value" + | "single_exact" -> "Single.exact" + | "single_round_error" -> "Single.round_error" + | "round_single" -> "Single.round" + | "double_value" -> "Double.value" + | "double_exact" -> "Double.exact" + | "double_round_error" -> "Double.round_error" + | "round_double" -> "Double.round" + (* floats full *) + | "le_double_full" -> "DoubleFull.le_full" + | "lt_double_full" -> "DoubleFull.lt_full" + | "ge_double_full" -> "DoubleFull.ge_full" + | "gt_double_full" -> "DoubleFull.gt_full" + | "eq_double_full" -> "DoubleFull.eq_full" + | "ne_double_full" -> "DoubleFull.ne_full" + | "double_is_NaN" -> "DoubleFull.is_NaN" + | _ -> why3id s + +let why3ident_if s = + if !why3syntax then why3ident s else s + +let why3param s = + match s with + | "le_int_" -> "Int.(<=)" + | "ge_int_" -> "Int.(>=)" + | "lt_int_" -> "Int.(<)" + | "gt_int_" -> "Int.(>)" + (* reals *) + | "le_real_" -> "Real.(<=)" + | "ge_real_" -> "Real.(>=)" + | "lt_real_" -> "Real.(<)" + | "gt_real_" -> "Real.(>)" + | _ -> why3ident s + + + +let why3_ComputerDivision = ref false +let why3_IntMinMax = ref false +let why3_reals = ref false +let why3_FromInt = ref false +let why3_Truncate = ref false +let why3_Square = ref false +let why3_Power = ref false +let why3_RealMinMax = ref false +let why3_AbsReal = ref false +let why3_Trigonometry = ref false + +let compute_why3_dependencies f = + match f with + | "computer_div" + | "computer_mod" -> why3_ComputerDivision := true + | "int_min" + | "int_max" -> why3_IntMinMax := true + | "add_real" + | "sub_real" + | "neg_real" + | "mul_real" + | "div_real" -> why3_reals := true + | "sqrt_real" -> why3_Square := true + | "pow_real" -> why3_Power := true + | "real_of_int" -> why3_FromInt := true + | "truncate_real_to_int" -> why3_Truncate := true + | "real_min" + | "real_max" -> why3_RealMinMax := true + | "abs_real" -> why3_AbsReal := true + | "cos" + | "sin" + | "tan" + | "atan" -> why3_Trigonometry := true + | _ -> () + + +(* localization *) + +type kind = + | VarDecr + | ArithOverflow + | DownCast + | IndexBounds + | PointerDeref + | UserCall + | DivByZero + | AllocSize + | Pack + | Unpack + | FPoverflow + + +(* +let pos_table : + (string, (kind option * string option * string option * + string * int * int * int)) + Hashtbl.t + = Hashtbl.create 97 +*) + +let old_pos_table = Hashtbl.create 97 + +let name_counter = ref 0 + +let old_reg_pos prefix ?id ?kind ?name ?formula pos = + let id = match id with + | None -> + incr name_counter; + prefix ^ "_" ^ string_of_int !name_counter + | Some n -> n + in + Hashtbl.add old_pos_table id (kind,name,formula,pos); + id + +let print_kind fmt k = + fprintf fmt "%s" + (match k with + | VarDecr -> "VarDecr" + | Pack -> "Pack" + | Unpack -> "Unpack" + | DivByZero -> "DivByZero" + | AllocSize -> "AllocSize" + | UserCall -> "UserCall" + | PointerDeref -> "PointerDeref" + | IndexBounds -> "IndexBounds" + | DownCast -> "DownCast" + | ArithOverflow -> "ArithOverflow" + | FPoverflow -> "FPOverflow") + +let print_kind_why3 fmt k = + fprintf fmt "%s" + (match k with + | VarDecr -> "variant decreases" + | Pack -> "pack" + | Unpack -> "unpack" + | DivByZero -> "division by zero" + | AllocSize -> "allocation size" + | UserCall -> "precondition for call" + | PointerDeref -> "pointer dereference" + | IndexBounds -> "index bounds" + | DownCast -> "downcast" + | ArithOverflow -> "arithmetic overflow" + | FPoverflow -> "floating-point overflow") + +let abs_fname f = + if Filename.is_relative f then + Filename.concat (Unix.getcwd ()) f + else f + +(* +let print_pos fmt = + Hashtbl.iter + (fun id (kind,name,formula,f,l,fc,lc) -> + fprintf fmt "[%s]@\n" id; + Option_misc.iter + (fun k -> fprintf fmt "kind = %a@\n" print_kind k) kind; + Option_misc.iter + (fun n -> fprintf fmt "name = \"%s\"@\n" n) name; + Option_misc.iter + (fun n -> fprintf fmt "formula = \"%s\"@\n" n) formula; +(* + let f = b.Lexing.pos_fname in +*) + fprintf fmt "file = \"%s\"@\n" + (String.escaped (abs_fname f)); +(* + let l = b.Lexing.pos_lnum in + let fc = b.Lexing.pos_cnum - b.Lexing.pos_bol in + let lc = e.Lexing.pos_cnum - b.Lexing.pos_bol in +*) + fprintf fmt "line = %d@\n" l; + fprintf fmt "begin = %d@\n" fc; + fprintf fmt "end = %d@\n@\n" lc) + pos_table +*) + +let old_print_pos fmt = + Hashtbl.iter + (fun id (kind,name,formula,(f,l,fc,lc)) -> + fprintf fmt "[%s]@\n" id; + Option_misc.iter + (fun k -> fprintf fmt "kind = %a@\n" print_kind k) kind; + Option_misc.iter + (fun n -> fprintf fmt "name = \"%s\"@\n" n) name; + Option_misc.iter + (fun n -> fprintf fmt "formula = \"%s\"@\n" n) formula; + fprintf fmt "file = \"%s\"@\n" + (String.escaped (abs_fname f)); + fprintf fmt "line = %d@\n" l; + fprintf fmt "begin = %d@\n" fc; + fprintf fmt "end = %d@\n@\n" lc) + old_pos_table + + +let my_pos_table : + (string, (kind option * string option * string option * + string * int * int * int)) + Hashtbl.t + = Hashtbl.create 97 + +let my_add_pos m pos = Hashtbl.add my_pos_table m pos + +let my_print_locs fmt = + Hashtbl.iter + (fun id (kind,name,beh,f,l,fc,lc) -> + fprintf fmt "[%s]@\n" id; + Option_misc.iter + (fun k -> fprintf fmt "kind = %a@\n" print_kind k) kind; + Option_misc.iter + (fun n -> fprintf fmt "name = \"%s\"@\n" n) name; + Option_misc.iter + (fun b -> fprintf fmt "behavior = \"%s\"@\n" b) beh; + fprintf fmt "file = \"%s\"@\n" (String.escaped f); + fprintf fmt "line = %d@\n" l; + fprintf fmt "begin = %d@\n" fc; + fprintf fmt "end = %d@\n@\n" lc) + my_pos_table + +let why3_prloc fmt (f,l,fc,lc) = + fprintf fmt "#\"%s\" %d %d %d#" f l (max fc 0) (max lc 0) + +let why3loc ~prog fmt lab = + try + let (k,n,beh,f,l,fc,lc) = Hashtbl.find my_pos_table lab in + begin + match n,beh,k with + | Some n, None,_ -> fprintf fmt "\"expl:%s\"@ " n + | Some n, Some b,_ -> fprintf fmt "\"expl:%s, %s\"@ " n b + | None, _, Some k -> fprintf fmt "\"expl:%a\"@ " print_kind_why3 k + | _ -> () + end; +(* + Option_misc.iter (fun n -> fprintf fmt "\"fun:%s\"@ " n) n; + Option_misc.iter (fun b -> fprintf fmt "\"beh:%s\"@ " b) beh; + Option_misc.iter (fun k -> fprintf fmt "\"expl:%a\"@ " print_kind_why3 k) k; +*) + why3_prloc fmt (f,l,fc,lc) + with + Not_found -> + if prog then + fprintf fmt "'%s:" (why3constr lab) + else + fprintf fmt "\"%s\"" lab + +let why3_locals = Hashtbl.create 97 + +let is_why3_local id = Hashtbl.mem why3_locals id + +let add_why3_local id = Hashtbl.add why3_locals id () + +let remove_why3_local id = Hashtbl.remove why3_locals id + let rec fprintf_term form t = match t with | LConst(c) -> fprintf_constant form c | LApp("eq_pointer",[t1;t2]) -> - fprintf form "@[(%a=%a)@]" + fprintf form "@[(%a=%a)@]" fprintf_term t1 fprintf_term t2 | LApp("ne_pointer",[t1;t2]) -> - fprintf form "@[(%a<>%a)@]" + fprintf form "@[(%a<>%a)@]" fprintf_term t1 fprintf_term t2 | LApp(id,t::tl) -> - fprintf form "@[%s(%a" id fprintf_term t; - List.iter (fun t -> fprintf form ",@ %a" fprintf_term t) tl; - fprintf form ")@]" - | LApp(id,[]) - | LVar(id) -> fprintf form "%s" id - | LVarAtLabel(id,l) -> fprintf form "%s@@%s" id l - | Tnamed(lab,t) -> - fprintf form "(%s : %a)" lab fprintf_term t - | TIf(t1,t2,t3) -> - fprintf form "@[(if %a@ then %a@ else %a)@]" + if !why3syntax then + begin + fprintf form "@[(%s@ %a" (why3ident id) fprintf_term t; + List.iter (fun t -> fprintf form "@ %a" fprintf_term t) tl; + fprintf form ")@]" + end + else + begin + fprintf form "@[%s(%a" id fprintf_term t; + List.iter (fun t -> fprintf form ",@ %a" fprintf_term t) tl; + fprintf form ")@]" + end + | LApp(id,[]) -> + fprintf form "%s" (why3ident_if id) + | LVar id -> + fprintf form "%s" (why3ident_if id) + | LDeref id -> + if !why3syntax then + if is_why3_local id then + fprintf form "%s" (why3ident_if id) + else + fprintf form "!%s" (why3ident id) + else + fprintf form "%s" id + | LDerefAtLabel(id,l) -> + if !why3syntax then + if l="" then + fprintf form "(old !%s)" (why3ident id) + else + fprintf form "(at !%s '%s)" (why3ident id) (why3constr l) + else + fprintf form "%s@@%s" id l + | Tnamed(lab,t) -> + if !why3syntax then + fprintf form "(%a %a)" (why3loc ~prog:false) lab fprintf_term t + else + fprintf form "(%s : %a)" lab fprintf_term t + | TIf(t1,t2,t3) -> + fprintf form "@[(if %a@ then %a@ else %a)@]" fprintf_term t1 fprintf_term t2 fprintf_term t3 - | TLet(v,t1,t2) -> + | TLet(v,t1,t2) -> fprintf form "@[(let %s@ = %a@ in %a)@]" v - fprintf_term t1 fprintf_term t2 + fprintf_term t1 fprintf_term t2 -type logic_type = +type logic_type = { logic_type_name : string; logic_type_args : logic_type list; } (*r int, float, int list, ... *) +let is_prop t = t.logic_type_name = "prop" + let logic_type_var s = { logic_type_name = "'"^s; logic_type_args = []; } @@ -122,8 +480,8 @@ let rec iter_logic_type f t = f t.logic_type_name; List.iter (iter_logic_type f) t.logic_type_args - -type assertion = + +type assertion = | LTrue | LFalse | LAnd of assertion * assertion | LOr of assertion * assertion @@ -217,115 +575,158 @@ let rec iter_assertion f a = match a with | LTrue -> () - | LFalse -> () - | LAnd(a1,a2) -> iter_assertion f a1; iter_assertion f a2 - | LOr(a1,a2) -> iter_assertion f a1; iter_assertion f a2 - | LIff(a1,a2) -> iter_assertion f a1; iter_assertion f a2 + | LFalse -> () + | LAnd(a1,a2) -> iter_assertion f a1; iter_assertion f a2 + | LOr(a1,a2) -> iter_assertion f a1; iter_assertion f a2 + | LIff(a1,a2) -> iter_assertion f a1; iter_assertion f a2 | LNot(a1) -> iter_assertion f a1 - | LImpl(a1,a2) -> iter_assertion f a1; iter_assertion f a2 - | LIf(t,a1,a2) -> - iter_term f t; iter_assertion f a1; iter_assertion f a2 + | LImpl(a1,a2) -> iter_assertion f a1; iter_assertion f a2 + | LIf(t,a1,a2) -> + iter_term f t; iter_assertion f a1; iter_assertion f a2 | LLet(_id,t,a) -> iter_term f t; iter_assertion f a - | LForall(_id,t,trigs,a) -> iter_logic_type f t; + | LForall(_id,t,trigs,a) -> iter_logic_type f t; iter_triggers f trigs; iter_assertion f a - | LExists(_id,t,trigs,a) -> iter_logic_type f t; + | LExists(_id,t,trigs,a) -> iter_logic_type f t; iter_triggers f trigs; iter_assertion f a | LPred(id,l) -> f id; List.iter (iter_term f) l | LNamed (_, a) -> iter_assertion f a and iter_triggers f trigs = - List.iter (List.iter - (function + List.iter (List.iter + (function | LPatP a -> iter_assertion f a | LPatT t -> iter_term f t)) trigs +let logic_type_name t = + if !why3syntax then + match t.logic_type_name with + | "unit" -> "()" + | s -> why3ident s + else + t.logic_type_name + let rec fprintf_logic_type form t = match t.logic_type_args with - | [] -> fprintf form "%s" t.logic_type_name + | [] -> fprintf form "%s" (logic_type_name t) | [x] -> - fprintf form "%a %s" fprintf_logic_type x t.logic_type_name + if !why3syntax then + fprintf form "(%s %a)" (logic_type_name t) fprintf_logic_type x + else + fprintf form "%a %s" fprintf_logic_type x t.logic_type_name | l -> - fprintf form "(%a) %s" - (print_list simple_comma fprintf_logic_type) l - t.logic_type_name + if !why3syntax then + fprintf form "(%s %a)" + (logic_type_name t) + (print_list space fprintf_logic_type) l + else + fprintf form "(%a) %s" + (print_list simple_comma fprintf_logic_type) l + t.logic_type_name let rec fprintf_assertion form a = match a with | LTrue -> fprintf form "true" | LFalse -> fprintf form "false" - | LAnd(a1,a2) -> - fprintf form "@[(%a@ and %a)@]" - fprintf_assertion a1 + | LAnd(a1,a2) -> + fprintf form "@[(%a@ %s %a)@]" + fprintf_assertion a1 + (if !why3syntax then "/\\" else "and") fprintf_assertion a2 - | LOr(a1,a2) -> - fprintf form "@[(%a@ or %a)@]" - fprintf_assertion a1 + | LOr(a1,a2) -> + fprintf form "@[(%a@ %s %a)@]" + fprintf_assertion a1 + (if !why3syntax then "\\/" else "or") fprintf_assertion a2 - | LIff(a1,a2) -> - fprintf form "@[(%a@ <-> %a)@]" - fprintf_assertion a1 + | LIff(a1,a2) -> + fprintf form "@[(%a@ <-> %a)@]" + fprintf_assertion a1 fprintf_assertion a2 - | LNot(a1) -> - fprintf form "@[(not %a)@]" + | LNot(a1) -> + fprintf form "@[(not %a)@]" fprintf_assertion a1 - | LImpl(a1,a2) -> - fprintf form "@[(%a ->@ %a)@]" + | LImpl(a1,a2) -> + fprintf form "@[(%a ->@ %a)@]" fprintf_assertion a1 fprintf_assertion a2 - | LIf(t,a1,a2) -> - fprintf form "@[(if %a@ then %a@ else %a)@]" + | LIf(t,a1,a2) when !why3syntax -> + fprintf form "@[(if %a@ = True@ then %a@ else %a)@]" + fprintf_term t fprintf_assertion a1 fprintf_assertion a2 + | LIf(t,a1,a2) -> + fprintf form "@[(if %a@ then %a@ else %a)@]" fprintf_term t fprintf_assertion a1 fprintf_assertion a2 - | LLet(id,t,a) -> + | LLet(id,t,a) -> fprintf form "@[(let @[%s =@ %a in@]@ %a)@]" id fprintf_term t fprintf_assertion a - | LForall(id,t,trigs,a) -> - fprintf form "@[(forall@ %s:@,%a@,%a@,.@ %a)@]" + | LForall(id,t,trigs,a) when !why3syntax -> + fprintf form "@[(forall@ %s:@,%a@,%a@,.@ %a)@]" + (why3ident id) fprintf_logic_type t + fprintf_triggers trigs fprintf_assertion a + | LForall(id,t,trigs,a) -> + fprintf form "@[(forall@ %s:@,%a@,%a@,.@ %a)@]" id fprintf_logic_type t fprintf_triggers trigs fprintf_assertion a - | LExists(id,t,trigs,a) -> - fprintf form "@[(exists %s:%a%a.@ %a)@]" + | LExists(id,t,trigs,a) -> + fprintf form "@[(exists %s:%a%a.@ %a)@]" id fprintf_logic_type t fprintf_triggers trigs fprintf_assertion a +(* + | LPred(id,[t1;t2]) when is_eq id-> + fprintf form "@[(%a = %a)@]" + fprintf_term t1 + fprintf_term t2 +*) | LPred("le",[t1;t2]) -> - fprintf form "@[(%a <= %a)@]" + fprintf form "@[(%a <= %a)@]" fprintf_term t1 fprintf_term t2 | LPred("ge",[t1;t2]) -> - fprintf form "@[(%a >= %a)@]" + fprintf form "@[(%a >= %a)@]" fprintf_term t1 fprintf_term t2 - | LPred("eq",[t1;t2]) -> - fprintf form "@[(%a = %a)@]" + | LPred(id,[t1;t2]) when id = "eq" || !why3syntax && id = "eq_int" -> + fprintf form "@[(%a = %a)@]" fprintf_term t1 fprintf_term t2 | LPred("neq",[t1;t2]) -> - fprintf form "@[(%a <> %a)@]" + fprintf form "@[(%a <> %a)@]" fprintf_term t1 fprintf_term t2 | LPred(id,t::tl) -> - fprintf form "@[%s(%a" id fprintf_term t; - List.iter (fun t -> fprintf form ",@ %a" fprintf_term t) tl; - fprintf form ")@]" - | LPred (id, []) -> - fprintf form "%s" id + if !why3syntax then + begin + fprintf form "@[(%s@ %a" (why3ident id) fprintf_term t; + List.iter (fun t -> fprintf form "@ %a" fprintf_term t) tl; + fprintf form ")@]" + end + else + begin + fprintf form "@[%s(%a" id fprintf_term t; + List.iter (fun t -> fprintf form ",@ %a" fprintf_term t) tl; + fprintf form ")@]" + end + | LPred (id, []) -> + fprintf form "%s" (why3ident_if id) | LNamed (n, a) -> - fprintf form "@[(%s:@ %a)@]" n fprintf_assertion a + if !why3syntax then + fprintf form "@[(%a@ %a)@]" (why3loc ~prog:false) n fprintf_assertion a + else + fprintf form "@[(%s:@ %a)@]" n fprintf_assertion a -and fprintf_triggers fmt trigs = +and fprintf_triggers fmt trigs = let pat fmt = function | LPatT t -> fprintf_term fmt t | LPatP p -> fprintf_assertion fmt p in - print_list_delim lsquare rsquare alt (print_list comma pat) fmt trigs + print_list_delim lsquare rsquare alt (print_list comma pat) fmt trigs (*s types *) -type why_type = +type why_type = | Prod_type of string * why_type * why_type (*r (x:t1)->t2 *) | Base_type of logic_type | Ref_type of why_type - | Annot_type of - assertion * why_type * + | Annot_type of + assertion * why_type * string list * string list * assertion * ((string * assertion) list) (*r { P } t reads r writes w { Q | E => R } *) ;; @@ -347,7 +748,7 @@ | Prod_type(_,t1,t2) -> iter_why_type f t1; iter_why_type f t2 | Base_type b -> iter_logic_type f b - | Ref_type(t) -> iter_why_type f t + | Ref_type(t) -> iter_why_type f t | Annot_type (pre,t,reads,writes,post,signals) -> iter_assertion f pre; iter_why_type f t; @@ -361,58 +762,94 @@ let rec fprint_comma_string_list form l = match l with | [] -> () - | x::l -> + | x::l -> fprintf form ",%s" x; fprint_comma_string_list form l ;; -let rec fprintf_type anon form t = +let rec fprintf_type ~need_colon anon form t = match t with | Prod_type(id,t1,t2) -> - if id="" or anon then - fprintf form "@[%a ->@ %a@]" - (fprintf_type anon) t1 (fprintf_type anon) t2 - else - fprintf form "@[%s:%a ->@ %a@]" id - (fprintf_type anon) t1 (fprintf_type anon) t2 - | Base_type t -> + if !why3syntax then + let id = if id="" or anon then "_anonymous" else id in + fprintf form "@[(%s:%a)@ %a@]" (why3ident id) + (fprintf_type ~need_colon:false anon) t1 + (fprintf_type ~need_colon anon) t2 + else + if id="" or anon then + fprintf form "@[%a ->@ %a@]" + (fprintf_type ~need_colon:false anon) t1 + (fprintf_type ~need_colon anon) t2 + else + fprintf form "@[%s:%a ->@ %a@]" id + (fprintf_type ~need_colon:false anon) t1 + (fprintf_type ~need_colon anon) t2 + | Base_type t -> + if need_colon then fprintf form ": "; fprintf_logic_type form t - | Ref_type(t) -> - fprintf form "%a ref" (fprintf_type anon) t + | Ref_type(t) -> + if need_colon then fprintf form ": "; + if !why3syntax then + fprintf form "ref %a" (fprintf_type ~need_colon:false anon) t + else + fprintf form "%a ref" (fprintf_type ~need_colon:false anon) t | Annot_type(p,t,reads,writes,q,signals) -> begin - fprintf form "@[@[{ "; - if is_not_true p + if need_colon then fprintf form ": "; + fprintf form "@[@[{ "; + if is_not_true p then fprintf_assertion form p; - fprintf form "}@]@ %a@ " (fprintf_type anon) t; + fprintf form "}@]@ %a@ " (fprintf_type ~need_colon:false anon) t; begin match List.sort compare reads with | [] -> () - | r::l -> + | r::l as reads -> + if !why3syntax then + fprintf form "reads@ %a@ " + (print_list space + (fun form r -> fprintf form "%s" (why3ident r))) reads + else fprintf form "reads %s%a@ " r fprint_comma_string_list l end; begin match List.sort compare writes with | [] -> () - | r::l -> - fprintf form "writes %s%a@ " r fprint_comma_string_list l + | r::l as writes -> + if !why3syntax then + fprintf form "writes@ %a@ " + (print_list space + (fun form r -> fprintf form "%s" (why3ident r))) writes + else + fprintf form "writes %s%a@ " r fprint_comma_string_list l end; begin match signals with - | [] -> + | [] -> fprintf form "@[{ %a }@]@]" fprintf_assertion q | l -> - fprintf form - "raises%a@ @[{ %a@ | %a }@]@]" - (print_list comma (fun fmt (e,_r) -> fprintf fmt " %s" e)) - l - fprintf_assertion q - (print_list alt (fun fmt (e,r) -> - fprintf fmt "@[%s =>@ %a@]" e - fprintf_assertion r)) - l - end - + if !why3syntax then + fprintf form + "raises%a@ @[{ %a@ } | %a @]@]" + (print_list comma (fun fmt (e,_r) -> fprintf fmt " %s" e)) + l + fprintf_assertion q + (print_list alt + (fun fmt (e,r) -> + fprintf fmt "@[%s ->@ { %a }@]" e + fprintf_assertion r)) + l + else + fprintf form + "raises%a@ @[{ %a@ | %a }@]@]" + (print_list comma (fun fmt (e,_r) -> fprintf fmt " %s" e)) + l + fprintf_assertion q + (print_list alt (fun fmt (e,r) -> + fprintf fmt "@[%s =>@ %a@]" e + fprintf_assertion r)) + l + end + end ;; @@ -434,34 +871,31 @@ | Void | Deref of string | If of expr * expr * expr - | While of + | While of expr (* loop condition *) - * assertion (* invariant *) - * variant option (* variant *) + * assertion (* invariant *) + * variant option (* variant *) * expr list (* loop body *) | Block of expr list | Assign of string * expr - | MultiAssign of string * Loc.position * (string * expr) list * - bool * term * expr * string * expr * string * + | MultiAssign of string * Loc.position * (string * expr) list * + bool * term * expr * string * expr * string * (int * bool * bool * string) list | Let of string * expr * expr | Let_ref of string * expr * expr | App of expr * expr | Raise of string * expr option | Try of expr * string * string option * expr - | Fun of (string * why_type) list * + | Fun of (string * why_type) list * assertion * expr * assertion * ((string * assertion) list) - | Triple of opaque * + | Triple of opaque * assertion * expr * assertion * ((string * assertion) list) | Assert of assert_kind * assertion * expr -(* - | Label of string * expr -*) | BlackBox of why_type | Absurd | Loc of Lexing.position * expr -and expr = +and expr = { expr_labels : string list; expr_node : expr_node; } @@ -483,19 +917,19 @@ | If(e1,e2,e3) -> iter_expr f e1; iter_expr f e2; iter_expr f e3 | While(e1,inv,var,e2) -> - iter_expr f e1; - iter_assertion f inv; + iter_expr f e1; + iter_assertion f inv; option_iter (fun (var,r) -> iter_term f var; match r with | None -> () | Some id -> f id - ) var; + ) var; List.iter (iter_expr f) e2 | Block(el) -> List.iter (iter_expr f) el | Assign(id,e) -> f id; iter_expr f e - | MultiAssign _ -> - eprintf "Fatal error: Output.iter_expr called on MultiAssign@."; - assert false + | MultiAssign _ -> + eprintf "Fatal error: Output.iter_expr should not be called on MultiAssign@."; + assert false | Let(_id,e1,e2) -> iter_expr f e1; iter_expr f e2 | Let_ref(_id,e1,e2) -> iter_expr f e1; iter_expr f e2 | App(e1,e2) -> iter_expr f e1; iter_expr f e2 @@ -513,9 +947,6 @@ iter_assertion f post; List.iter (fun (_,a) -> iter_assertion f a) exceps | Assert(_,p, e) -> iter_assertion f p; iter_expr f e -(* - | Label (_,e) -*) | Loc (_,e) -> iter_expr f e | BlackBox(ty) -> iter_why_type f ty | Absurd -> () @@ -523,32 +954,59 @@ let fprintf_variant form = function | None -> () - | Some (t, None) -> fprintf form "variant %a" fprintf_term t - | Some (t, Some r) -> fprintf form "variant %a for %s" fprintf_term t r - + | Some (t, None) -> + if !why3syntax then + fprintf form "variant { %a }" fprintf_term t + else + fprintf form "variant %a" fprintf_term t + | Some (t, Some r) -> + if !why3syntax then + fprintf form "variant { %a } with %s" fprintf_term t r + else + fprintf form "variant %a for %s" fprintf_term t r + let rec fprintf_expr_node form e = match e with | Cte(c) -> fprintf_constant form c - | Var(id) -> fprintf form "%s" id + | Var(id) -> + fprintf form "%s" (if !why3syntax then why3param id else id) | And(e1,e2) -> - fprintf form "@[(%a && %a)@]" + fprintf form "@[(%a && %a)@]" fprintf_expr e1 fprintf_expr e2 | Or(e1,e2) -> - fprintf form "@[(%a || %a)@]" + fprintf form "@[(%a || %a)@]" fprintf_expr e1 fprintf_expr e2 | Not(e1) -> - fprintf form "@[(not %a)@]" - fprintf_expr e1 - | Void -> fprintf form "void" - | Deref(id) -> fprintf form "!%s" id + fprintf form "@[(not %a)@]" + fprintf_expr e1 + | Void -> + if !why3syntax then + fprintf form "()" + else + fprintf form "void" + | Deref(id) -> + fprintf form "!%s" (why3id_if id) | If(e1,e2,e3) -> - fprintf form - "@[(if %a@ @[then@ %a@]@ @[else@ %a@])@]" + fprintf form + "@[(if %a@ @[then@ %a@]@ @[else@ %a@])@]" fprintf_expr e1 fprintf_expr e2 fprintf_expr e3 + | While(e1,inv,var,e2) when !why3syntax && e1.expr_node = Cte (Prim_bool true) -> + fprintf form + "@[loop@ @[@[@[invariant@ { %a }@]@ @[%a@]@]@ %a@]@ end@]" + fprintf_assertion inv + fprintf_variant var + fprintf_expr_list e2 + | While(e1,inv,var,e2) when !why3syntax -> + fprintf form + "@[while %a do@ @[@[@[invariant@ { %a }@]@ @[%a@]@]@ %a@]@ done@]" + fprintf_expr e1 + fprintf_assertion inv + fprintf_variant var + fprintf_expr_list e2 | While(e1,inv,var,e2) -> - fprintf form - "@[while %a do@ @[@[{ @[invariant@ %a@]@ @[%a@] }@]@ %a@]@ done@]" - fprintf_expr e1 + fprintf form + "@[while %a do@ @[@[{ @[invariant@ %a@]@ @[%a@] }@]@ %a@]@ done@]" + fprintf_expr e1 fprintf_assertion inv fprintf_variant var fprintf_expr_list e2 @@ -557,16 +1015,21 @@ | Block(el) -> fprintf form "@[begin@ @[ %a@]@ end@]" fprintf_expr_list el | Assign(id,e) -> - fprintf form "@[(%s := %a)@]" - id fprintf_expr e - | MultiAssign _ -> - fprintf form "@[(MultiAssign ...)@]" + fprintf form "@[(%s := %a)@]" (why3id_if id) fprintf_expr e + | MultiAssign _ -> + fprintf form "@[(MultiAssign ...)@]" | Let(id,e1,e2) -> - fprintf form "@[(let %s =@ %a in@ %a)@]" id + fprintf form "@[(let %s =@ %a in@ %a)@]" (why3id_if id) fprintf_expr e1 fprintf_expr e2 | Let_ref(id,e1,e2) -> - fprintf form "@[(let %s =@ ref %a in@ %a)@]" id + fprintf form "@[(let %s =@ ref %a in@ %a)@]" (why3id_if id) fprintf_expr e1 fprintf_expr e2 + | App({expr_node = App({expr_node = Var id},e1)},e2) + when !why3syntax && id="eq_int_" -> + fprintf form "@[(%a = %a)@]" fprintf_expr e1 fprintf_expr e2 + | App({expr_node = App({expr_node = Var id},e1)},e2) + when !why3syntax && id="neq_int_" -> + fprintf form "@[(%a <> %a)@]" fprintf_expr e1 fprintf_expr e2 | App(e1,e2) -> fprintf form "@[(%a %a)@]" fprintf_expr e1 fprintf_expr e2 | Raise(id,None) -> @@ -574,92 +1037,115 @@ | Raise(id,Some e) -> fprintf form "@[(raise@ (%s@ %a))@]" id fprintf_expr e | Try(e1,exc,None,e2) -> - fprintf form "@[try@ %a@ with@ %s ->@ %a end@]" + fprintf form "@[try@ %a@ with@ %s ->@ %a end@]" fprintf_expr e1 exc fprintf_expr e2 | Try(e1,exc,Some id,e2) -> - fprintf form "@[try@ %a@ with@ %s %s ->@ %a end@]" + fprintf form "@[try@ %a@ with@ %s %s ->@ %a end@]" fprintf_expr e1 exc id fprintf_expr e2 | Fun(params,pre,body,post,signals) -> fprintf form "@[fun @["; - List.iter - (fun (x,t) -> fprintf form "(%s : %a) " x (fprintf_type false) t) + List.iter + (fun (x,t) -> + (match t with + | Ref_type _ -> () + | _ -> add_why3_local x); + fprintf form "(%s : %a) " (why3id_if x) + (fprintf_type ~need_colon:false false) t) params; - fprintf form "@]->@ @[{ "; - if pre <> LTrue + fprintf form "@]->@ @[{ "; + if pre <> LTrue then fprintf_assertion form pre; fprintf form " }@ %a@]@ " fprintf_expr body; begin match signals with - | [] -> + | [] -> fprintf form "@[{ %a }@]@]" fprintf_assertion post | l -> - fprintf form "@[{ %a@ | %a }@]" - fprintf_assertion post - (print_list alt - (fun fmt (e,r) -> - fprintf fmt "@[%s =>@ %a@]" e - fprintf_assertion r)) - l - end + if !why3syntax then + fprintf form "@[{ %a@ } | %a @]" + fprintf_assertion post + (print_list alt + (fun fmt (e,r) -> + fprintf fmt "@[%s ->@ { %a }@]" e + fprintf_assertion r)) + l + else + fprintf form "@[{ %a@ | %a }@]" + fprintf_assertion post + (print_list alt + (fun fmt (e,r) -> + fprintf fmt "@[%s =>@ %a@]" e + fprintf_assertion r)) + l + end; + List.iter + (fun (x,t) -> + (match t with + | Ref_type _ -> () + | _ -> remove_why3_local x)) + params; | Triple(_,pre,e,LTrue,[]) -> - fprintf form "@[(assert { %a };@ (%a))@]" + fprintf form "@[(assert { %a };@ (%a))@]" fprintf_assertion pre fprintf_expr e | Triple(o,pre,e,post,exceps) -> - fprintf form "@[(assert { %a };@ ((%a)@ " + fprintf form "@[(assert { %a };@ ((%a)@ " fprintf_assertion pre fprintf_expr e; begin match exceps with - | [] -> + | [] -> (if o then fprintf form "{{ %a }}" else fprintf form "{ %a }") fprintf_assertion post | l -> - (if o then - fprintf form "@[{{ %a@ | %a }}@]" + (if o then + fprintf form "@[{{ %a@ | %a }}@]" else fprintf form "@[{ %a@ | %a }@]") fprintf_assertion post (print_list alt - (fun fmt (e,r) -> + (fun fmt (e,r) -> fprintf fmt "@[%s =>@ %a@]" e fprintf_assertion r)) l end; fprintf form "))@]" | Assert(k,p, e) -> - fprintf form "@[(%s@ { %a };@ %a)@]" + fprintf form "@[(%s@ { %a };@ %a)@]" (match k with `ASSERT -> "assert" | `CHECK -> "check") fprintf_assertion p fprintf_expr e -(* - | Label (s, e) -> - fprintf form "@[(%s:@ %a)@]" s fprintf_expr e -*) | BlackBox(t) -> - fprintf form "@[[ %a ]@]" - (fprintf_type false) t + if !why3syntax then + fprintf form "@[any %a @]" + (fprintf_type ~need_colon:false false) t + else + fprintf form "@[[ %a ]@]" + (fprintf_type ~need_colon:false false) t | Absurd -> - fprintf form "@[absurd@ @]" + fprintf form "@[absurd@ @]" | Loc (_l, e) -> fprintf_expr form e (* - fprintf form "@[#%S %d %d#%a@]" l.pos_fname l.pos_lnum + fprintf form "@[#%S %d %d#%a@]" l.pos_fname l.pos_lnum (l.pos_cnum - l.pos_bol) fprintf_expr e *) and fprintf_expr form e = let rec aux l = - match l with + match l with | [] -> fprintf_expr_node form e.expr_node | s::l -> (* if s="L2" then Format.eprintf "Output.fprintf_expr: printing label %s for expression %a@." s fprintf_expr_node e.expr_node; *) - fprintf form "@[(%s:@ " s; + if !why3syntax then + fprintf form "@[(%a@ " (why3loc ~prog:true) s + else + fprintf form "@[(%s:@ " s; aux l; fprintf form ")@]" - in aux e.expr_labels + in aux e.expr_labels and fprintf_expr_list form l = match l with @@ -693,7 +1179,7 @@ | (_,_) -> mk_expr (And(a1,a2)) -let make_app_rec ~logic f l = +let make_app_rec ~logic f l = let rec make_rec accu = function | [] -> accu | e::r -> make_rec (mk_expr (App(accu,e))) r @@ -710,13 +1196,13 @@ let make_app_e = make_app_rec ~logic:false let make_while cond inv var e = - let body = + let body = match e.expr_node with | Block(l) -> l | _ -> [e] in mk_expr (While(cond,inv,var,body)) -let make_label label e = +let make_label label e = (* if label = "L2" then Format.eprintf "Output.make_label: adding label %s@." label; *) @@ -740,12 +1226,12 @@ | [] -> [e] | e'::rem -> match e.expr_node,e'.expr_node with - | MultiAssign(mark1,pos1,lets1,isrefa1,ta1,a1,tmpe1,e1,f1,l1), + | MultiAssign(mark1,pos1,lets1,isrefa1,ta1,a1,tmpe1,e1,f1,l1), MultiAssign(_,_,lets2,_isrefa2,_ta2,a2,_tmpe2,e2,f2,l2) -> (* - Format.eprintf + Format.eprintf "Found multi-assigns: a1=%a, a2=%a, e1=%a, e2=%a, f1=%s,f2=%s@." - fprintf_expr a1 fprintf_expr a2 + fprintf_expr a1 fprintf_expr a2 fprintf_expr e1 fprintf_expr e2 f1 f2; *) if a1 = a2 && e1 = e2 && f1 = f2 then @@ -753,15 +1239,15 @@ try let l = List.merge compare_parallel_assign l1 l2 in (* - Format.eprintf "append_list, merge successful!@."; + Format.eprintf "append_list, merge successful!@."; *) { expr_labels = e.expr_labels @ e'.expr_labels ; - expr_node = + expr_node = MultiAssign(mark1,pos1,lets1@lets2,isrefa1,ta1,a1,tmpe1,e1,f1,l) } ::rem with Exit -> (* - Format.eprintf "append_list, merge failed...@."; + Format.eprintf "append_list, merge failed...@."; *) e::l end @@ -783,77 +1269,81 @@ Format.eprintf "MultiAssign not preceeded by MultiAssign@."; *) e::l - | _ -> + | _ -> (* Format.eprintf "no MultiAssign at all@."; *) e::l - + let make_block labels l = match l with | [] -> assert false | [e] -> {e with expr_labels = labels @ e.expr_labels } | _ -> { expr_labels = labels ; expr_node = Block l } - + let append e1 e2 = match e1.expr_node,e2.expr_node with - | Void,_ -> assert (e1.expr_labels = []); e2 + | Void,_ -> (* assert (e1.expr_labels = []);*) e2 | _,Void -> assert (e2.expr_labels = []); e1 - | Block(l1),Block(l2) -> - make_block (e1.expr_labels@e2.expr_labels) + | Block(l1),Block(l2) -> + make_block (e1.expr_labels@e2.expr_labels) (List.fold_right append_list l1 l2) - | Block(l1),_ -> + | Block(l1),_ -> make_block e1.expr_labels (List.fold_right append_list l1 [e2]) - | _,Block(l2) -> + | _,Block(l2) -> make_block e2 .expr_labels (append_list e1 l2) | _ -> make_block [] (append_list e1 [e2]) type goal_kind = KAxiom | KLemma | KGoal +type why_id = { name : string ; loc : Loc.floc } + +let id_no_loc s = { name = s; loc = Loc.dummy_floc } + type why_decl = - | Param of bool * string * why_type (*r parameter in why *) - | Def of string * expr (*r global let in why *) - | Logic of bool * string * (string * logic_type) list * logic_type (*r logic decl in why *) - | Predicate of bool * string * (string * logic_type) list * assertion - | Inductive of bool * string * (string * logic_type) list * + | Param of bool * why_id * why_type (*r parameter in why *) + | Def of why_id * expr (*r global let in why *) + | Logic of bool * why_id * (string * logic_type) list * logic_type (*r logic decl in why *) + | Predicate of bool * why_id * (string * logic_type) list * assertion + | Inductive of bool * why_id * (string * logic_type) list * (string * assertion) list (*r inductive definition *) - | Goal of goal_kind * string * assertion (*r Goal *) - | Function of bool * string * (string * logic_type) list * logic_type * term - | Type of string * string list - | Exception of string * logic_type option + | Goal of goal_kind * why_id * assertion (*r Goal *) + | Function of bool * why_id * (string * logic_type) list * logic_type * term + | Type of why_id * string list + | Exception of why_id * logic_type option let get_why_id d = match d with - | Param(_,id,_) + | Param(_,id,_) | Logic(_,id,_,_) - | Def(id,_) - | Goal(_,id,_) - | Predicate(_,id,_,_) - | Function(_,id,_,_,_) + | Def(id,_) + | Goal(_,id,_) + | Predicate(_,id,_,_) + | Function(_,id,_,_,_) | Inductive(_,id,_,_) - | Type (id,_) + | Type (id,_) | Exception(id,_) -> id let iter_why_decl f d = match d with | Param(_,_,t) -> iter_why_type f t | Def(_id,t) -> iter_expr f t - | Logic(_,_id,args,t) -> + | Logic(_,_id,args,t) -> List.iter (fun (_,t) -> iter_logic_type f t) args; iter_logic_type f t | Inductive(_,_id,args,cases) -> List.iter (fun (_,t) -> iter_logic_type f t) args; List.iter (fun (_,a) -> iter_assertion f a) cases - | Predicate(_,_id,args,p) -> + | Predicate(_,_id,args,p) -> List.iter (fun (_,t) -> iter_logic_type f t) args; iter_assertion f p | Goal(_,_id,t) -> iter_assertion f t - | Function(_,_id,args,t,p) -> + | Function(_,_id,args,t,p) -> List.iter (fun (_,t) -> iter_logic_type f t) args; iter_logic_type f t; iter_term f p @@ -875,34 +1365,52 @@ let rec do_topo decl_map iter_fun output_fun id d = match d.state with | `DONE -> () - | `RUNNING -> + | `RUNNING -> eprintf "Warning: recursive definition of %s in generated file@." id | `TODO -> d.state <- `RUNNING; iter_fun (fun id -> - try + try let s = StringMap.find id decl_map in do_topo decl_map iter_fun output_fun id s with Not_found -> ()) - d.decl; + d.decl; output_fun d.decl; d.state <- `DONE ;; +let compare_ids + { name = id1; loc = (_,l1,_,_)} + { name = id2; loc = (_,l2,_,_)} = + let c = Pervasives.compare l1 l2 in + if c = 0 then Pervasives.compare id1 id2 else c let build_map get_id decl_list = - List.fold_left - (fun acc decl -> - let id = get_id decl in - StringMap.add id { state = `TODO ; decl = decl } acc) - StringMap.empty - decl_list + let m = + List.fold_left + (fun acc decl -> + let id = get_id decl in + let d = { state = `TODO ; decl = decl } in + StringMap.add id.name (id,d) acc) + StringMap.empty + decl_list + in + let m,l = StringMap.fold + (fun name (id,d) (m,l) -> + (StringMap.add name d m, (id,d)::l)) + m (StringMap.empty,[]) + in + m, List.sort (fun (id1,_) (id2,_) -> + compare_ids id1 id2) l ;; let fprint_logic_arg form (id,t) = - fprintf form "%s:%a" id fprintf_logic_type t + if !why3syntax then + fprintf form "(%s:%a)" (why3ident id) fprintf_logic_type t + else + fprintf form "%s:%a" id fprintf_logic_type t let str_of_goal_kind = function | KAxiom -> "axiom" @@ -911,73 +1419,172 @@ let fprintf_why_decl form d = match d with + | Param(b,id,t) when !why3syntax -> + fprintf form "@[%sval %s@ %a@]@.@." + (if b then "external " else "") (why3ident id.name) + (fprintf_type ~need_colon:true false) t | Param(b,id,t) -> - fprintf form "@[%sparameter %s :@ %a@]@.@." - (if b then "external " else "") id - (fprintf_type false) t + fprintf form "@[%sparameter %s :@ %a@]@.@." + (if b then "external " else "") id.name + (fprintf_type ~need_colon:false false) t + | Logic(b,id,args,t) when !why3syntax -> + if is_prop t then + fprintf form "@[%spredicate %s %a @.@." + (if b then "external " else "") + (why3ident id.name) + (print_list space (fun fmt (_id,t) -> fprintf_logic_type fmt t)) args + else + fprintf form "@[%sfunction %s %a : %a@.@." + (if b then "external " else "") + (why3ident id.name) + (print_list space (fun fmt (_id,t) -> fprintf_logic_type fmt t)) args + fprintf_logic_type t + | Logic(b,id,args,t) -> fprintf form "@[%slogic %s: %a -> %a@.@." - (if b then "external " else "") id + (if b then "external " else "") id.name (print_list comma (fun fmt (_id,t) -> fprintf_logic_type fmt t)) args - fprintf_logic_type t + fprintf_logic_type t + | Inductive(b,id,args,cases) when !why3syntax -> + fprintf form "@[%sinductive %s @[%a@] =@\n@[%a@]@\n@." + (if b then "external " else "") (why3ident id.name) + (print_list space (fun fmt (_id,t) -> fprintf_logic_type fmt t)) args + (print_list newline + (fun _fmt (id,a) -> + fprintf form "| %s: @[%a@]" id fprintf_assertion a)) + cases | Inductive(b,id,args,cases) -> fprintf form "@[%sinductive %s: @[%a -> prop@] =@\n@[%a@]@\n@." - (if b then "external " else "") id + (if b then "external " else "") id.name (print_list comma (fun fmt (_id,t) -> fprintf_logic_type fmt t)) args - (print_list newline + (print_list newline (fun _fmt (id,a) -> fprintf form "| %s: @[%a@]" id fprintf_assertion a)) cases + | Goal(k,id,p) when !why3syntax -> + fprintf form "@[%s %s %a:@ %a@]@.@." (str_of_goal_kind k) + (why3id id.name) + (why3loc ~prog:false) id.name + fprintf_assertion p | Goal(k,id,p) -> - fprintf form "@[%s %s :@ %a@]@.@." (str_of_goal_kind k) id + fprintf form "@[%s %s :@ %a@]@.@." (str_of_goal_kind k) + id.name fprintf_assertion p + | Def(id,e) when !why3syntax -> + fprintf form "@[let %s %a=@ %a@]@.@." + (why3id id.name) + (why3loc ~prog:false) id.name + fprintf_expr e | Def(id,e) -> - fprintf form "@[let %s =@ %a@]@.@." id fprintf_expr e + fprintf form "@[let %s =@ %a@]@.@." (why3id_if id.name) + fprintf_expr e + | Predicate (b, id, args, p) when !why3syntax -> + List.iter (fun (id,_) -> add_why3_local id) args; + fprintf form "@[%spredicate %s%a =@ %a@]@.@." + (if b then "external " else "") (why3ident id.name) + (print_list space fprint_logic_arg) args + fprintf_assertion p; + List.iter (fun (id,_) -> remove_why3_local id) args | Predicate (b, id, args, p) -> fprintf form "@[%spredicate %s(%a) =@ %a@]@.@." - (if b then "external " else "") id + (if b then "external " else "") id.name (print_list comma fprint_logic_arg) args fprintf_assertion p + | Function(b,id,args,t,e) when !why3syntax -> + List.iter (fun (id,_) -> add_why3_local id) args; + fprintf form "@[%sfunction %s%a : %a =@ %a@]@.@." + (if b then "external " else "") (why3ident id.name) + (print_list space fprint_logic_arg) args + fprintf_logic_type t + fprintf_term e; + List.iter (fun (id,_) -> remove_why3_local id) args | Function(b,id,args,t,e) -> fprintf form "@[%sfunction %s(%a) : %a =@ %a@]@.@." - (if b then "external " else "") id + (if b then "external " else "") id.name (print_list comma fprint_logic_arg) args - fprintf_logic_type t + fprintf_logic_type t fprintf_term e + | Type (id, []) when !why3syntax -> + fprintf form "@[type %s@]@.@." (why3ident id.name) | Type (id, []) -> - fprintf form "@[type %s@]@.@." id + fprintf form "@[type %s@]@.@." id.name | Type (id, [t]) -> - fprintf form "@[type '%s %s@]@.@." t id + fprintf form "@[type '%s %s@]@.@." t id.name | Type (id, t::l) -> fprintf form "@[type ('%s" t; List.iter (fun t -> fprintf form ", '%s" t) l; - fprintf form ") %s@]@.@." id + fprintf form ") %s@]@.@." id.name | Exception(id, None) -> - fprintf form "@[exception %s@]@.@." id + fprintf form "@[exception %s@]@.@." id.name | Exception(id, Some t) -> - fprintf form "@[exception %s of %a@]@.@." id fprintf_logic_type t - + if !why3syntax then + fprintf form "@[exception %s %a@]@.@." id.name + fprintf_logic_type t + else + fprintf form "@[exception %s of %a@]@.@." id.name fprintf_logic_type t -let output_decls get_id iter_decl output_decl decls = - let map = build_map get_id decls in - StringMap.iter - (fun id decl -> - do_topo map iter_decl output_decl id decl) - map -;; -let fprintf_why_decls form decls = +let output_decls get_id iter_decl output_decl decls = + let map, l = build_map get_id decls in + List.iter + (fun (id,decl) -> + do_topo map iter_decl output_decl id.name decl) + l + +let output_why3_imports form use_floats full_floats = + fprintf form "use import int.Int@\n@\n"; + fprintf form "use import bool.Bool@\n@\n"; + if !why3_IntMinMax then + fprintf form "use import int.MinMax as IntMinMax@\n@\n"; + if !why3_ComputerDivision then + fprintf form "use import int.ComputerDivision@\n@\n"; + if !why3_reals then + fprintf form "use import real.RealInfix@\n@\n"; + if !why3_FromInt then + fprintf form "use import real.FromInt@\n@\n"; + if !why3_Truncate then + fprintf form "use import real.Truncate@\n@\n"; + if !why3_Square then + fprintf form "use import real.Square@\n@\n"; + if !why3_Power then + fprintf form "use import real.Power@\n@\n"; + if !why3_RealMinMax then + fprintf form "use import real.MinMax as RealMinMax@\n@\n"; + if !why3_AbsReal then + fprintf form "use import real.Abs as AbsReal@\n@\n"; + if !why3_Trigonometry then + fprintf form "use import real.Trigonometry@\n@\n"; + if use_floats then + begin + if full_floats then + begin + fprintf form "use import floating_point.SingleFull@\n"; + fprintf form "use import floating_point.DoubleFull@\n@\n"; + end + else + begin + fprintf form "use import floating_point.Single@\n"; + fprintf form "use import floating_point.Double@\n@\n"; + end + end; + fprintf form "use import jessie3.Jessie_memory_model@\n@\n" + + +let fprintf_why_decls ?(why3=false) ?(use_floats=false) + ?(full_floats=false) + form decls = + why3syntax := why3; (* Why do we need a partition ? - because one may have a type and a logic/parameter with the same name, + because one may have a type and a logic/parameter with the same name, and the computation of dependencies is confused in that case - - Type may depend on nothing + + Type may depend on nothing Logic may depend on Type, Logic and Predicate Predicate may depend on Type, Predicate and Logic Axiom may depend on Type, Predicate and Logic Parameter may depend on Type, Predicate and Logic Def may depend on Type, Parameter, Predicate, Logic, and Def - + - Claude, 16 nov 2006 *) @@ -997,14 +1604,16 @@ output_decls get_why_id iter_why_decl (fprintf_why_decl form) defs *) + if why3 then List.iter (iter_why_decl compute_why3_dependencies) decls; + (* Additional rules : - + Exception may depend on Type Parameter may depend on Exception - + - Nicolas R., 8 nov 2007 - + *) let (types, params, defs, others) = @@ -1012,90 +1621,44 @@ (fun (t, p, d, o) decl -> match decl with | Type _ -> (decl::t, p, d, o) - | Param _ -> (t, decl::p, d, o) + | Exception _ | Param _ -> (t, decl::p, d, o) | Def _ -> (t, p, decl::d, o) | _ -> (t, p, d, decl::o)) ([], [], [], []) decls in + if why3 then + begin + fprintf form "theory Jessie_model@\n@\n"; + output_why3_imports form use_floats full_floats + end; output_decls get_why_id iter_why_decl (fprintf_why_decl form) types; output_decls get_why_id iter_why_decl (fprintf_why_decl form) others; + if why3 then + begin + fprintf form "end@\n@\n"; + fprintf form "module Jessie_program@\n@\n"; + output_why3_imports form use_floats full_floats; + fprintf form "use import Jessie_model@\n@\n"; + fprintf form "use import module ref.Ref@\n@\n"; + fprintf form "use import module jessie3.JessieDivision@\n@\n"; + if use_floats then + begin + fprintf form "use import floating_point.Rounding@\n@\n"; + if full_floats then + fprintf form "use import module jessie3.JessieFloatsFull@\n@\n" + else + fprintf form "use import module jessie3.JessieFloats@\n@\n"; + end; + fprintf form "use import module jessie3.Jessie_memory_model_parameters@\n@\n"; + end; output_decls get_why_id iter_why_decl (fprintf_why_decl form) params; - output_decls get_why_id iter_why_decl (fprintf_why_decl form) defs - + output_decls get_why_id iter_why_decl (fprintf_why_decl form) defs; + if why3 then fprintf form "end@\n@\n" -(*s locs table *) -type kind = - | VarDecr - | ArithOverflow - | DownCast - | IndexBounds - | PointerDeref - | UserCall - | DivByZero - | AllocSize - | Pack - | Unpack - | FPoverflow - - -let pos_table : - (string, (kind option * string option * string option * Loc.position)) - Hashtbl.t - = Hashtbl.create 97 -let name_counter = ref 0 -let reg_pos prefix ?id ?kind ?name ?formula pos = - let id = match id with - | None -> - incr name_counter; - prefix ^ "_" ^ string_of_int !name_counter - | Some n -> n - in - Hashtbl.add pos_table id (kind,name,formula,pos); - id - -let print_kind fmt k = - fprintf fmt "%s" - (match k with - | VarDecr -> "VarDecr" - | Pack -> "Pack" - | Unpack -> "Unpack" - | DivByZero -> "DivByZero" - | AllocSize -> "AllocSize" - | UserCall -> "UserCall" - | PointerDeref -> "PointerDeref" - | IndexBounds -> "IndexBounds" - | DownCast -> "DownCast" - | ArithOverflow -> "ArithOverflow" - | FPoverflow -> "FPOverflow") - -let abs_fname f = - if Filename.is_relative f then - Filename.concat (Unix.getcwd ()) f - else f - -let print_pos fmt = - Hashtbl.iter - (fun id (kind,name,formula,(b,e)) -> - fprintf fmt "[%s]@\n" id; - Option_misc.iter - (fun k -> fprintf fmt "kind = %a@\n" print_kind k) kind; - Option_misc.iter - (fun n -> fprintf fmt "name = \"%s\"@\n" n) name; - Option_misc.iter - (fun n -> fprintf fmt "formula = \"%s\"@\n" n) formula; - fprintf fmt "file = \"%s\"@\n" - (String.escaped (abs_fname b.Lexing.pos_fname)); - let l = b.Lexing.pos_lnum in - let fc = b.Lexing.pos_cnum - b.Lexing.pos_bol in - let lc = e.Lexing.pos_cnum - b.Lexing.pos_bol in - fprintf fmt "line = %d@\n" l; - fprintf fmt "begin = %d@\n" fc; - fprintf fmt "end = %d@\n@\n" lc) - pos_table (* - Local Variables: + Local Variables: compile-command: "LC_ALL=C make -j -C .. bin/jessie.byte" - End: + End: *) diff -Nru why-2.29+dfsg/jc/output.mli why-2.30+dfsg/jc/output.mli --- why-2.29+dfsg/jc/output.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/jc/output.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -40,7 +40,7 @@ | Prim_string of string *) -type logic_type = +type logic_type = { logic_type_name : string; logic_type_args : logic_type list; } @@ -50,11 +50,12 @@ val fprintf_logic_type : Format.formatter -> logic_type -> unit -type term = +type term = | LConst of constant | LApp of string * term list - | LVar of string - | LVarAtLabel of string * string (*r x@L *) + | LVar of string (*r immutable logic var *) + | LDeref of string (*r !r *) + | LDerefAtLabel of string * string (*r x@L *) | Tnamed of string * term | TIf of term * term * term | TLet of string * term * term @@ -63,7 +64,7 @@ val fprintf_term : Format.formatter -> term -> unit -type assertion = +type assertion = | LTrue | LFalse | LAnd of assertion * assertion | LOr of assertion * assertion @@ -80,8 +81,8 @@ | LNamed of string * assertion and trigger = - |LPatP of assertion - |LPatT of term + | LPatP of assertion + | LPatT of term val make_var : string -> term @@ -90,7 +91,7 @@ val make_and : assertion -> assertion -> assertion val make_or_list : assertion list -> assertion val make_and_list : assertion list -> assertion -val make_forall_list : (string * logic_type) list -> trigger list list +val make_forall_list : (string * logic_type) list -> trigger list list -> assertion -> assertion val make_impl : assertion -> assertion -> assertion val make_impl_list : assertion -> assertion list -> assertion @@ -98,12 +99,12 @@ val fprintf_assertion : Format.formatter -> assertion -> unit -type why_type = +type why_type = | Prod_type of string * why_type * why_type (*r (x:t1)->t2 *) | Base_type of logic_type | Ref_type of why_type - | Annot_type of - assertion * why_type * + | Annot_type of + assertion * why_type * string list * string list * assertion * ((string * assertion) list) (*r { P } t reads r writes w raises E { Q | E => R } *) ;; @@ -128,28 +129,28 @@ | Void | Deref of string | If of expr * expr * expr - | While of + | While of expr (* loop condition *) - * assertion (* invariant *) - * variant option (* variant *) + * assertion (* invariant *) + * variant option (* variant *) * expr list (* loop body *) | Block of expr list | Assign of string * expr - | MultiAssign of string * Loc.position * (string * expr) list * - bool * term * expr * string * expr * string * + | MultiAssign of string * Loc.position * (string * expr) list * + bool * term * expr * string * expr * string * (int * bool * bool * string) list - (* + (* this construction is not in Why, but a temporary construction used by jessie to denote "parallel updates" - + [MultiAssign(mark,pos,lets,talloc,alloc,tmpe,e,f,l)] where [l] is a list of pair (i,b1,b2,e') for distincts i, denotes the parallel updates (lets) let tmpe = e in (tmpe+i).f = e' booleans [b1] and [b2] indicates whether it is safe to ignore bound checking on the left resp on the right - + [alloc] is the allocation table for safety conditions [lets] is a sequence of local bindings for expressions e' *) @@ -158,19 +159,19 @@ | App of expr * expr | Raise of string * expr option | Try of expr * string * string option * expr - | Fun of (string * why_type) list * + | Fun of (string * why_type) list * assertion * expr * assertion * ((string * assertion) list) - | Triple of opaque * + | Triple of opaque * assertion * expr * assertion * ((string * assertion) list) | Assert of assert_kind * assertion * expr (* | Label of string * expr *) | BlackBox of why_type - | Absurd + | Absurd | Loc of Lexing.position * expr -and expr = +and expr = { expr_labels : string list; expr_node : expr_node; } @@ -224,22 +225,28 @@ val append : expr -> expr -> expr +type why_id = { name : string ; loc : Loc.floc } + +val id_no_loc : string -> why_id + type goal_kind = KAxiom | KLemma | KGoal + type why_decl = - | Param of bool * string * why_type (*r parameter in why *) - | Def of string * expr (*r global let in why *) - | Logic of bool * string * (string * logic_type) list * logic_type (*r logic decl in why *) - | Predicate of bool * string * (string * logic_type) list * assertion - | Inductive of bool * string * (string * logic_type) list * + | Param of bool * why_id * why_type (*r parameter in why *) + | Def of why_id * expr (*r global let in why *) + | Logic of bool * why_id * (string * logic_type) list * logic_type (*r logic decl in why *) + | Predicate of bool * why_id * (string * logic_type) list * assertion + | Inductive of bool * why_id * (string * logic_type) list * (string * assertion) list (*r inductive definition *) - | Goal of goal_kind * string * assertion (*r Goal *) - | Function of bool * string * (string * logic_type) list * logic_type * term - | Type of string * string list - | Exception of string * logic_type option + | Goal of goal_kind * why_id * assertion (*r Goal *) + | Function of bool * why_id * (string * logic_type) list * logic_type * term + | Type of why_id * string list + | Exception of why_id * logic_type option val fprintf_why_decl : Format.formatter -> why_decl -> unit;; -val fprintf_why_decls : Format.formatter -> why_decl list -> unit +val fprintf_why_decls : ?why3:bool -> ?use_floats:bool -> + ?full_floats:bool -> Format.formatter -> why_decl list -> unit type kind = | VarDecr @@ -256,12 +263,31 @@ val print_kind : Format.formatter -> kind -> unit -val pos_table : - (string, (kind option * string option * string option * Loc.position)) - Hashtbl.t +(* +val pos_table : + (string, (kind option * string option * string option * + string * int * int * int)) + Hashtbl.t +*) + +(* +val my_pos_table : + (string, (kind option * string option * string option * + string * int * int * int)) + Hashtbl.t +*) + +val my_add_pos : + string -> (kind option * string option * string option * + string * int * int * int) -> unit + +val my_print_locs : Format.formatter -> unit + +(* backward compatibility for Krakatoa and Jessie plugin *) + +val old_reg_pos : string -> ?id:string -> ?kind:kind -> ?name:string + -> ?formula:string -> Loc.floc -> string -val reg_pos : string -> ?id:string -> ?kind:kind -> ?name:string - -> ?formula:string -> Loc.position -> string +val old_print_pos : Format.formatter -> unit -val print_pos : Format.formatter -> unit diff -Nru why-2.29+dfsg/lib/coq/WhyFloatsStrictLegacy.v why-2.30+dfsg/lib/coq/WhyFloatsStrictLegacy.v --- why-2.29+dfsg/lib/coq/WhyFloatsStrictLegacy.v 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/lib/coq/WhyFloatsStrictLegacy.v 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,601 @@ +(* Why model for floating-point numbers + Implements the file lib/why/floats_strict.why *) + +Require Export Reals. +Require Export AllFloat. +Require Export RND. + +Let radix := 2%Z. +Coercion Local FtoRradix := FtoR radix. + +Section Z2R. + +Fixpoint P2R (p : positive) := + match p with + | xH => 1%R + | xO xH => 2%R + | xO t => (2 * P2R t)%R + | xI xH => 3%R + | xI t => (1 + 2 * P2R t)%R + end. + +Definition Z2R n := + match n with + | Zpos p => P2R p + | Zneg p => Ropp (P2R p) + | Z0 => R0 + end. + +Lemma P2R_INR : + forall n, P2R n = INR (nat_of_P n). +Proof. +induction n ; simpl ; try ( + rewrite IHn ; + rewrite <- (mult_INR 2) ; + rewrite <- (nat_of_P_mult_morphism 2) ; + change (2 * n)%positive with (xO n)). +(* xI *) +rewrite (Rplus_comm 1). +change (nat_of_P (xO n)) with (Pmult_nat n 2). +case n ; intros ; simpl ; try apply refl_equal. +case (Pmult_nat p 4) ; intros ; try apply refl_equal. +rewrite Rplus_0_l. +apply refl_equal. +apply Rplus_comm. +(* xO *) +case n ; intros ; apply refl_equal. +(* xH *) +apply refl_equal. +Qed. + + +Lemma Z2R_IZR : + forall n, Z2R n = IZR n. +Proof. +intro. +case n ; intros ; simpl. +apply refl_equal. +apply P2R_INR. +apply Ropp_eq_compat. +apply P2R_INR. +Qed. + +End Z2R. + +Section Utiles. + +Lemma radixGreaterOne: (1 < radix)%Z. +auto with zarith. +Qed. + + +Definition nat_to_N (n:nat) := match n with + | 0 => N0 + | (S m) => (Npos (P_of_succ_nat m)) + end. + +Lemma nat_to_N_correct: forall n:nat, Z_of_N (nat_to_N n)=n. +intros. +intros; induction n; simpl; auto. +Qed. + + +Definition make_bound (p E:nat) := Bound + (P_of_succ_nat (pred (Zabs_nat (Zpower_nat radix p)))) + (nat_to_N E). + +Lemma make_EGivesEmin: forall p E:nat, + (Z_of_N (dExp (make_bound p E)))=E. +intros; simpl; apply nat_to_N_correct. +Qed. + +Lemma make_pGivesBound: forall p E:nat, + Zpos (vNum (make_bound p E))=(Zpower_nat radix p). +intros. +unfold make_bound, vNum. +apply + trans_eq + with + (Z_of_nat + (nat_of_P + (P_of_succ_nat + (pred (Zabs_nat (Zpower_nat radix p)))))). +unfold Z_of_nat in |- *; rewrite nat_of_P_o_P_of_succ_nat_eq_succ; + auto with zarith. +rewrite nat_of_P_o_P_of_succ_nat_eq_succ; auto with arith zarith. +cut (Zabs (Zpower_nat radix p) = Zpower_nat radix p). +intros H; pattern (Zpower_nat radix p) at 2 in |- *; rewrite <- H. +rewrite Zabs_absolu. +rewrite <- (S_pred (Zabs_nat (Zpower_nat radix p)) 0); + auto with arith zarith. +apply lt_Zlt_inv; simpl in |- *; auto with zarith arith. +rewrite <- Zabs_absolu; rewrite H; auto with arith zarith. +apply Zabs_eq; auto with arith zarith. +Qed. + + +Lemma Rmult_eq_compat: forall p1 p2 q1 q2, + p1=p2 -> q1 = q2 -> (p1*q1=p2*q2)%R. +intros; rewrite H; rewrite H0; trivial. +Qed. + +End Utiles. + +Inductive mode : Set := + | nearest_even : mode + | to_zero : mode + | up : mode + | down : mode + | nearest_away : mode. + +(** Double precision: definitions *) + +Let bdouble := make_bound 53 1074. + +Lemma pdGreaterThanOne: 1 < 53. +auto with arith. +Qed. + +Lemma pdGivesBound: Zpos (vNum bdouble) = Zpower_nat radix 53. +unfold bdouble; apply make_pGivesBound. +Qed. + +Record double : Set := mk_double { + df : float; + Hcandf : Fcanonic radix bdouble df; + double_exact : R; + double_model : R + }. + +Definition double_value (f:double) := FtoRradix (df f). + + +Definition round_double_aux (m:mode) (r r1 r2:R) := match m with + | nearest_even => mk_double (RND_EvenClosest bdouble radix 53 r) + (RND_EvenClosest_canonic bdouble radix 53 + radixGreaterOne pdGreaterThanOne pdGivesBound r) + r1 r2 + | to_zero => mk_double (RND_Zero bdouble radix 53 r) + (RND_Zero_canonic bdouble radix 53 + radixGreaterOne pdGreaterThanOne pdGivesBound r) + r1 r2 + | down => mk_double (RND_Min bdouble radix 53 r) + (RND_Min_canonic bdouble radix 53 + radixGreaterOne pdGreaterThanOne pdGivesBound r) + r1 r2 + | up => mk_double (RND_Max bdouble radix 53 r) + (RND_Max_canonic bdouble radix 53 + radixGreaterOne pdGreaterThanOne pdGivesBound r) + r1 r2 + | nearest_away => mk_double (RND_ClosestUp bdouble radix 53 r) + (RND_ClosestUp_canonic bdouble radix 53 + radixGreaterOne pdGreaterThanOne pdGivesBound r) + r1 r2 + end. + +Definition round_double_logic (m:mode) (r:R) := round_double_aux m r r r. +Definition round_double (m:mode) (r:R) := double_value (round_double_aux m r r r). + +Definition double_round_error (x:double) + := (Rabs (Rminus (double_value x) (double_exact x))). + +Definition double_total_error (x:double) + := (Rabs (Rminus (double_value x) (double_model x))). + +Definition any_double := round_double_logic nearest_even 0%R. + +Definition max_double + := (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R. + +Definition no_overflow_double (m:mode) (x:R) + := (Rle (Rabs (round_double m x)) max_double). + + +(** Single precision: definitions *) + +Let bsingle := make_bound 24 149. + +Lemma psGreaterThanOne: 1 < 24. +auto with arith. +Qed. + +Lemma psGivesBound: Zpos (vNum bsingle) = Zpower_nat radix 24. +unfold bsingle; apply make_pGivesBound. +Qed. + +Record single : Set := mk_single { + sf : float; + Hcansf : Fcanonic radix bsingle sf; + single_exact : R; + single_model : R + }. + +Definition single_value (f:single) := FtoRradix (sf f). + +Definition round_single_aux (m:mode) (r r1 r2:R) := match m with + | nearest_even => mk_single (RND_EvenClosest bsingle radix 24 r) + (RND_EvenClosest_canonic bsingle radix 24 + radixGreaterOne psGreaterThanOne psGivesBound r) + r1 r2 + | to_zero => mk_single (RND_Zero bsingle radix 24 r) + (RND_Zero_canonic bsingle radix 24 + radixGreaterOne psGreaterThanOne psGivesBound r) + r1 r2 + | up => mk_single (RND_Max bsingle radix 24 r) + (RND_Max_canonic bsingle radix 24 + radixGreaterOne psGreaterThanOne psGivesBound r) + r1 r2 + | down => mk_single (RND_Min bsingle radix 24 r) + (RND_Min_canonic bsingle radix 24 + radixGreaterOne psGreaterThanOne psGivesBound r) + r1 r2 + | nearest_away => mk_single (RND_ClosestUp bsingle radix 24 r) + (RND_ClosestUp_canonic bsingle radix 24 + radixGreaterOne psGreaterThanOne psGivesBound r) + r1 r2 + end. + + +Definition round_single_logic (m:mode) (r:R) := round_single_aux m r r r. +Definition round_single (m:mode) (r:R) := single_value (round_single_aux m r r r). + + +Definition single_round_error (x:single) + := (Rabs (Rminus (single_value x) (single_exact x))). + +Definition single_total_error (x:single) + := (Rabs (Rminus (single_value x) (single_model x))). + +Definition max_single + := (33554430 * 10141204801825835211973625643008)%R. + +Definition any_single := round_single_logic nearest_even 0%R. + +Definition no_overflow_single (m:mode) (x:R) + := (Rle (Rabs (round_single m x)) max_single). + + +Definition single_to_double (m:mode) (s:single) := + round_double_aux m (single_value s) (single_exact s) (single_model s). + +Definition double_to_single (m:mode) (d:double) := + round_single_aux m (double_value d) (double_exact d) (double_model d). + +(* Double and Single precision: axioms *) + +Axiom double_le_strict: forall (s:double), + (Rabs (double_value s) <= max_double)%R. + +Axiom single_le_strict: forall (s:single), + (Rabs (single_value s) <= max_single)%R. + +(* Double precision: lemmas *) + +Lemma mode_double_RoundingMode: forall m, exists P, RoundedModeP bdouble radix P /\ + forall x y z, P x (df (round_double_aux m x y z)). +intros m; case m; simpl. +exists (EvenClosest bdouble radix 53); split. +apply EvenClosestRoundedModeP; try apply pdGivesBound; auto with zarith. +intros; apply RND_EvenClosest_correct; try apply pdGivesBound; auto with zarith. +exists (ToZeroP bdouble radix); split. +apply ToZeroRoundedModeP with 53; try apply pdGivesBound; auto with zarith. +intros; apply RND_Zero_correct; try apply pdGivesBound; auto with zarith. +exists (isMax bdouble radix); split. +apply MaxRoundedModeP with 53; try apply pdGivesBound; auto with zarith. +intros; apply RND_Max_correct; try apply pdGivesBound; auto with zarith. +exists (isMin bdouble radix); split. +apply MinRoundedModeP with 53; try apply pdGivesBound; auto with zarith. +intros; apply RND_Min_correct; try apply pdGivesBound; auto with zarith. +exists (Closest bdouble radix); split. +apply ClosestRoundedModeP with 53; try apply pdGivesBound; auto with zarith. +intros; apply RND_ClosestUp_correct; try apply pdGivesBound; auto with zarith. +Qed. + + +Lemma max_double_bounded: + exists f:float, Fbounded bdouble f /\ FtoRradix f = max_double. +exists (Float 9007199254740991 971); split. +split. +rewrite pdGivesBound; simpl; auto with zarith. +simpl; auto with zarith. +unfold max_double. +unfold FtoRradix, FtoR. +simpl (Fnum (Float 9007199254740991 971)); simpl (Fexp (Float 9007199254740991 971)). +apply Rmult_eq_compat. +rewrite <- Z2R_IZR. +reflexivity. +replace 971%Z with (Z_of_nat 971) by reflexivity. +rewrite <- Zpower_nat_Z_powerRZ. +unfold Zpower_nat. +simpl (iter_nat 971 Z (fun x : Z => (radix * x)%Z) 1%Z). +rewrite <- Z2R_IZR. +reflexivity. +Qed. + + +Lemma bounded_real_no_overflow_double : + (forall (m:mode), + (forall (x:R), ((Rle (Rabs x) max_double) -> (no_overflow_double m x)))). +unfold no_overflow_double; intros. +elim (mode_double_RoundingMode m); intros P (H1,H2). +elim max_double_bounded; intros f (H3,H4). +rewrite <- H4. +apply RoundAbsMonotoner with bdouble 53 P x; try apply pdGivesBound; auto with zarith. +fold FtoRradix; rewrite H4; trivial. +Qed. + +Lemma round_double_down_le : + (forall (x:R), (Rle (round_double down x) x)). +intros; apply isMin_inv1 with bdouble. +simpl; apply RND_Min_correct; try apply pdGivesBound; auto with zarith. +Qed. + +Lemma round_up_double_ge : + (forall (x:R), (Rge (round_double up x) x)). +intros; apply Rle_ge; apply isMax_inv1 with bdouble. +simpl; apply RND_Max_correct; try apply pdGivesBound; auto with zarith. +Qed. + +Lemma round_down_double_neg : + (forall (x:R), (eq (round_double down (Ropp x)) (Ropp (round_double up x)))). +intros. +unfold round_double, double_value, FtoRradix; simpl. +rewrite <- Fopp_correct. +generalize (MinUniqueP bdouble radix); unfold UniqueP. +intros T; apply T with (-x)%R. +apply RND_Min_correct; try apply pdGivesBound; auto with zarith. +apply MaxOppMin. +apply RND_Max_correct; try apply pdGivesBound; auto with zarith. +Qed. + +Lemma round_up_double_neg : + (forall (x:R), (eq (round_double up (Ropp x)) (Ropp (round_double down x)))). +intros. +unfold round_double, double_value, FtoRradix; simpl. +rewrite <- Fopp_correct. +generalize (MaxUniqueP bdouble radix); unfold UniqueP. +intros T; apply T with (-x)%R. +apply RND_Max_correct; try apply pdGivesBound; auto with zarith. +apply MinOppMax. +apply RND_Min_correct; try apply pdGivesBound; auto with zarith. +Qed. + +Lemma round_double_idempotent : + (forall (m1:mode), + (forall (m2:mode), + (forall (x:R), + (eq (round_double m1 (round_double m2 x)) (round_double m2 x))))). +intros. +elim (mode_double_RoundingMode m1); intros P (H1,H2). +unfold round_double, double_value; simpl. +apply sym_eq. +apply RoundedModeProjectorIdemEq with bdouble 53 P; + try apply pdGivesBound; auto with zarith. +elim (mode_double_RoundingMode m2); intros P' (H1',H2'). +apply RoundedModeBounded with radix P' x; trivial. +Qed. + + +(* Single precision: lemmas *) + +Lemma mode_single_RoundingMode: forall m, exists P, RoundedModeP bsingle radix P /\ + forall x y z, P x (sf (round_single_aux m x y z)). +intros m; case m; simpl. +exists (EvenClosest bsingle radix 24); split. +apply EvenClosestRoundedModeP; try apply psGivesBound; auto with zarith. +intros; apply RND_EvenClosest_correct; try apply psGivesBound; auto with zarith. +exists (ToZeroP bsingle radix); split. +apply ToZeroRoundedModeP with 24; try apply psGivesBound; auto with zarith. +intros; apply RND_Zero_correct; try apply psGivesBound; auto with zarith. +exists (isMax bsingle radix); split. +apply MaxRoundedModeP with 24; try apply psGivesBound; auto with zarith. +intros; apply RND_Max_correct; try apply psGivesBound; auto with zarith. +exists (isMin bsingle radix); split. +apply MinRoundedModeP with 24; try apply psGivesBound; auto with zarith. +intros; apply RND_Min_correct; try apply psGivesBound; auto with zarith. +exists (Closest bsingle radix); split. +apply ClosestRoundedModeP with 24; try apply psGivesBound; auto with zarith. +intros; apply RND_ClosestUp_correct; try apply psGivesBound; auto with zarith. +Qed. + + +Lemma max_single_bounded: + exists f:float, Fbounded bsingle f /\ FtoRradix f = max_single. +exists (Float 16777215 104); split. +split. +rewrite psGivesBound; simpl; auto with zarith. +simpl; auto with zarith. +unfold max_single. +rewrite Rmult_assoc; rewrite Rmult_comm; rewrite Rmult_assoc. +unfold FtoRradix, FtoR. +simpl (Fnum (Float 16777215 104)); simpl (Fexp (Float 16777215 104)). +apply Rmult_eq_compat. +rewrite <- Z2R_IZR. +reflexivity. +simpl. +ring. +Qed. + + +Lemma bounded_real_no_overflow_single : + (forall (m:mode), + (forall (x:R), ((Rle (Rabs x) max_single) -> (no_overflow_single m x)))). +unfold no_overflow_single; intros. +elim (mode_single_RoundingMode m); intros P (H1,H2). +elim max_single_bounded; intros f (H3,H4). +rewrite <- H4. +apply RoundAbsMonotoner with bsingle 24 P x; try apply psGivesBound; auto with zarith. +fold FtoRradix; rewrite H4; trivial. +Qed. + +Lemma round_single_down_le : + (forall (x:R), (Rle (round_single down x) x)). +intros; apply isMin_inv1 with bsingle. +simpl; apply RND_Min_correct; try apply psGivesBound; auto with zarith. +Qed. + +Lemma round_up_single_ge : + (forall (x:R), (Rge (round_single up x) x)). +intros; apply Rle_ge; apply isMax_inv1 with bsingle. +simpl; apply RND_Max_correct; try apply psGivesBound; auto with zarith. +Qed. + +Lemma round_down_single_neg : + (forall (x:R), (eq (round_single down (Ropp x)) (Ropp (round_single up x)))). +intros. +unfold round_single, single_value, FtoRradix; simpl. +rewrite <- Fopp_correct. +generalize (MinUniqueP bsingle radix); unfold UniqueP. +intros T; apply T with (-x)%R. +apply RND_Min_correct; try apply psGivesBound; auto with zarith. +apply MaxOppMin. +apply RND_Max_correct; try apply psGivesBound; auto with zarith. +Qed. + +Lemma round_up_single_neg : + (forall (x:R), (eq (round_single up (Ropp x)) (Ropp (round_single down x)))). +intros. +unfold round_single, single_value, FtoRradix; simpl. +rewrite <- Fopp_correct. +generalize (MaxUniqueP bsingle radix); unfold UniqueP. +intros T; apply T with (-x)%R. +apply RND_Max_correct; try apply psGivesBound; auto with zarith. +apply MinOppMax. +apply RND_Min_correct; try apply psGivesBound; auto with zarith. +Qed. + +Lemma round_single_idempotent : + (forall (m1:mode), + (forall (m2:mode), + (forall (x:R), + (eq (round_single m1 (round_single m2 x)) (round_single m2 x))))). +intros. +elim (mode_single_RoundingMode m1); intros P (H1,H2). +unfold round_single, single_value; simpl. +apply sym_eq. +apply RoundedModeProjectorIdemEq with bsingle 24 P; + try apply psGivesBound; auto with zarith. +elim (mode_single_RoundingMode m2); intros P' (H1',H2'). +apply RoundedModeBounded with radix P' x; trivial. +Qed. + + +Lemma double_to_single_val : + (forall (m:mode), + (forall (s:single), + (eq (double_value (single_to_double m s)) (single_value s)))). +intros. +elim (mode_double_RoundingMode m); intros P (H1,H2). +apply sym_eq; unfold single_to_double. +apply RoundedModeProjectorIdemEq with bdouble 53 P; + try apply pdGivesBound; auto with zarith. +destruct s. +simpl (sf (mk_single sf0 Hcansf0 single_exact0 single_model0)). +assert (Fbounded bsingle sf0). +apply FcanonicBound with radix; exact Hcansf0. +elim H; intros H3 H4; split. +rewrite pdGivesBound. +apply Zlt_le_trans with (1:=H3). +rewrite psGivesBound; clear. +apply Zpower_nat_monotone_le;auto with zarith. +apply Zle_trans with (2:=H4). +clear; simpl; auto with zarith. +Qed. + +Lemma single_to_double_val : + (forall (m:mode), + (forall (d:double), + (eq (single_value (double_to_single m d)) (round_single + m (double_value d))))). +intros; case m; reflexivity. +Qed. + + +(* Various Why predicates. Only definitions are left. *) + +(*Why predicate*) Definition single_of_real_post (m:mode) (x:R) (res:single) + := (eq (single_value res) (round_single m x)) /\ + (eq (single_exact res) x) /\ (eq (single_model res) x). + +(*Why predicate*) Definition add_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rplus (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rplus (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rplus (single_model x) (single_model y))). + +(*Why predicate*) Definition sub_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rminus (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rminus (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rminus (single_model x) (single_model y))). + +(*Why predicate*) Definition mul_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rmult (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rmult (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rmult (single_model x) (single_model y))). + +(*Why predicate*) Definition div_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rdiv (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rdiv (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rdiv (single_model x) (single_model y))). + +(*Why predicate*) Definition sqrt_single_post (m:mode) (x:single) (res:single) + := (eq (single_value res) (round_single m (sqrt (single_value x)))) /\ + (eq (single_exact res) (sqrt (single_exact x))) /\ + (eq (single_model res) (sqrt (single_model x))). + +(*Why predicate*) Definition neg_single_post (x:single) (res:single) + := (eq (single_value res) (Ropp (single_value x))) /\ + (eq (single_exact res) (Ropp (single_exact x))) /\ + (eq (single_model res) (Ropp (single_model x))). + +(*Why predicate*) Definition abs_single_post (x:single) (res:single) + := (eq (single_value res) (Rabs (single_value x))) /\ + (eq (single_exact res) (Rabs (single_exact x))) /\ + (eq (single_model res) (Rabs (single_model x))). + +(*Why predicate*) Definition double_of_real_post (m:mode) (x:R) (res:double) + := (eq (double_value res) (round_double m x)) /\ + (eq (double_exact res) x) /\ (eq (double_model res) x). + +(*Why predicate*) Definition add_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rplus (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rplus (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rplus (double_model x) (double_model y))). + +(*Why predicate*) Definition sub_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rminus (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rminus (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rminus (double_model x) (double_model y))). + +(*Why predicate*) Definition mul_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rmult (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rmult (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rmult (double_model x) (double_model y))). + +(*Why predicate*) Definition div_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rdiv (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rdiv (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rdiv (double_model x) (double_model y))). + +(*Why predicate*) Definition sqrt_double_post (m:mode) (x:double) (res:double) + := (eq (double_value res) (round_double m (sqrt (double_value x)))) /\ + (eq (double_exact res) (sqrt (double_exact x))) /\ + (eq (double_model res) (sqrt (double_model x))). + +(*Why predicate*) Definition neg_double_post (x:double) (res:double) + := (eq (double_value res) (Ropp (double_value x))) /\ + (eq (double_exact res) (Ropp (double_exact x))) /\ + (eq (double_model res) (Ropp (double_model x))). + +(*Why predicate*) Definition abs_double_post (x:double) (res:double) + := (eq (double_value res) (Rabs (double_value x))) /\ + (eq (double_exact res) (Rabs (double_exact x))) /\ + (eq (double_model res) (Rabs (double_model x))). + diff -Nru why-2.29+dfsg/lib/coq/WhyFloatsStrict.v why-2.30+dfsg/lib/coq/WhyFloatsStrict.v --- why-2.29+dfsg/lib/coq/WhyFloatsStrict.v 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/lib/coq/WhyFloatsStrict.v 2011-10-24 15:21:06.000000000 +0000 @@ -3,13 +3,31 @@ Require Export WhyFloats. -(* Double and Single precision: axioms *) +Record single : Set := mk_single { + single_datum :> WhyFloats.single; + single_finite : is_finite 24 128 (single_float single_datum) = true +}. + +Record double : Set := mk_double { + double_datum :> WhyFloats.double; + double_finite : is_finite 53 1024 (double_float double_datum) = true +}. -Axiom double_le_strict: forall (s:double), - (Rabs (double_value s) <= max_double)%R. +(* Double and Single precision: axioms *) -Axiom single_le_strict: forall (s:single), - (Rabs (single_value s) <= max_single)%R. +(*Why axiom*) Lemma single_value_is_bounded : + (forall (x:single), (Rle (Rabs (single_value x)) max_single)). +Proof. +intros s. +apply value_is_bounded. +Qed. + +(*Why axiom*) Lemma double_value_is_bounded : + (forall (x:double), (Rle (Rabs (double_value x)) max_double)). +Proof. +intros s. +apply value_is_bounded. +Qed. (* Various Why predicates. Only definitions are left. *) @@ -17,6 +35,11 @@ := (eq (single_value res) (round_single m x)) /\ (eq (single_exact res) x) /\ (eq (single_model res) x). +(*Why predicate*) Definition single_of_double_post (m:mode) (x:double) (res:single) + := (eq (single_value res) (round_single m (double_value x))) /\ + (eq (single_exact res) (double_exact x)) /\ + (eq (single_model res) (double_model x)). + (*Why predicate*) Definition add_single_post (m:mode) (x:single) (y:single) (res:single) := (eq (single_value res) (round_single m (Rplus (single_value x) (single_value y)))) /\ @@ -60,6 +83,11 @@ := (eq (double_value res) (round_double m x)) /\ (eq (double_exact res) x) /\ (eq (double_model res) x). +(*Why predicate*) Definition double_of_single_post (x:single) (res:double) + := (eq (double_value res) (single_value x)) /\ + (eq (double_exact res) (single_exact x)) /\ + (eq (double_model res) (single_model x)). + (*Why predicate*) Definition add_double_post (m:mode) (x:double) (y:double) (res:double) := (eq (double_value res) (round_double m (Rplus (double_value x) (double_value y)))) /\ @@ -99,3 +127,193 @@ (eq (double_exact res) (Rabs (double_exact x))) /\ (eq (double_model res) (Rabs (double_model x))). +Lemma no_overflow_single_bounded : + forall m x, no_overflow_single m x -> + (Rabs (round_single m x) < bpow radix2 128)%R. +Proof. +intros m x Bx. +apply Rle_lt_trans with (1 := Bx). +change 128%Z with (24 + 104)%Z. +rewrite bpow_plus. +apply Rmult_lt_compat_r. +apply bpow_gt_0. +rewrite <- Z2R_Zpower. +now apply Z2R_lt. +easy. +Qed. + +Lemma single_of_real_specification : + forall m x, no_overflow_single m x -> + exists z, single_of_real_post m x z. +Proof. +intros m x Bx. +refine (_ (r_to_sd_correct 24 128 (refl_equal true) (refl_equal true) _ x (no_overflow_single_bounded _ x Bx))). +intros (H1, H2). +refine (let H := _ in ex_intro _ (mk_single (round_single_logic m x) H) _). +exact H1. +repeat split. +exact H2. +Qed. + +Axiom Bplus_correct : (* the statement from Flocq 1.4 is not strong enough; + the axiom can be removed once the library is converted to Flocq 2.0 *) + forall (prec emax : Z) (Hprec : (0 < prec)%Z) (Hmax : (prec < emax)%Z) + (m : Fappli_IEEE.mode) (x y : binary_float prec emax), + is_finite prec emax x = true -> + is_finite prec emax y = true -> + if Rlt_bool (Rabs (round radix2 (FLT_exp (3 - emax - prec) prec) (round_mode m) + (B2R prec emax x + B2R prec emax y))) (bpow radix2 emax) + then + B2R prec emax (Bplus prec emax Hprec Hmax m x y) = + round radix2 (FLT_exp (3 - emax - prec) prec) (round_mode m) (B2R prec emax x + B2R prec emax y) /\ + is_finite prec emax (Bplus prec emax Hprec Hmax m x y) = true + else + B2FF prec emax (Bplus prec emax Hprec Hmax m x y) = + binary_overflow prec emax m (Bsign prec emax x) /\ + Bsign prec emax x = Bsign prec emax y. + +Lemma add_single_specification : + forall m (x y : single), + no_overflow_single m (single_value x + single_value y) -> + exists z, add_single_post m x y z. +Proof. +intros m x y Br. +refine (_ (Bplus_correct 24 128 (refl_equal Lt) (refl_equal Lt) (rnd_of_mode m) (single_float x) (single_float y) + (single_finite x) (single_finite y))). +rewrite Rlt_bool_true. +2: now apply no_overflow_single_bounded. +fold b32_plus. +intros (H1, H2). +refine (ex_intro _ (mk_single (add_single m x y) H2) _). +repeat split. +exact H1. +Qed. + +Axiom Bmult_correct : (* the statement from Flocq 1.4 is not strong enough; + the axiom can be removed once the library is converted to Flocq 2.0 *) + forall (prec emax : Z) (Hprec : (0 < prec)%Z) (Hmax : (prec < emax)%Z) + (m : Fappli_IEEE.mode) (x y : binary_float prec emax), + if Rlt_bool (Rabs (round radix2 (FLT_exp (3 - emax - prec) prec) (round_mode m) + (B2R prec emax x * B2R prec emax y))) (bpow radix2 emax) + then + B2R prec emax (Bmult prec emax Hprec Hmax m x y) = + round radix2 (FLT_exp (3 - emax - prec) prec) (round_mode m) (B2R prec emax x * B2R prec emax y) /\ + is_finite prec emax (Bmult prec emax Hprec Hmax m x y) = andb (is_finite prec emax x) (is_finite prec emax y) + else + B2FF prec emax (Bmult prec emax Hprec Hmax m x y) = + binary_overflow prec emax m (xorb (Bsign prec emax x) (Bsign prec emax y)). + +Lemma mul_single_specification : + forall m (x y : single), + no_overflow_single m (single_value x * single_value y) -> + exists z, mul_single_post m x y z. +Proof. +intros m x y Br. +refine (_ (Bmult_correct 24 128 (refl_equal Lt) (refl_equal Lt) (rnd_of_mode m) (single_float x) (single_float y))). +rewrite Rlt_bool_true. +2: now apply no_overflow_single_bounded. +fold b32_mult. +intros (H1, H2). +rewrite (single_finite x), (single_finite y) in H2. +refine (ex_intro _ (mk_single (mul_single m x y) H2) _). +repeat split. +exact H1. +Qed. + +Axiom Bdiv_correct : (* the statement from Flocq 1.4 is not strong enough; + the axiom can be removed once the library is converted to Flocq 2.0 *) + forall (prec emax : Z) (Hprec : (0 < prec)%Z) (Hmax : (prec < emax)%Z) + (m : Fappli_IEEE.mode) (x y : binary_float prec emax), + B2R prec emax y <> 0%R -> + if Rlt_bool (Rabs (round radix2 (FLT_exp (3 - emax - prec) prec) (round_mode m) + (B2R prec emax x / B2R prec emax y))) (bpow radix2 emax) + then + B2R prec emax (Bdiv prec emax Hprec Hmax m x y) = + round radix2 (FLT_exp (3 - emax - prec) prec) (round_mode m) (B2R prec emax x / B2R prec emax y) /\ + is_finite prec emax (Bdiv prec emax Hprec Hmax m x y) = is_finite prec emax x + else + B2FF prec emax (Bdiv prec emax Hprec Hmax m x y) = + binary_overflow prec emax m (xorb (Bsign prec emax x) (Bsign prec emax y)). + +Lemma div_single_specification : + forall m (x y : single), single_value y <> R0 -> + no_overflow_single m (single_value x / single_value y) -> + exists z, div_single_post m x y z. +Proof. +intros m x y Zy Br. +refine (_ (Bdiv_correct 24 128 (refl_equal Lt) (refl_equal Lt) (rnd_of_mode m) (single_float x) (single_float y) Zy)). +rewrite Rlt_bool_true. +2: now apply no_overflow_single_bounded. +fold b32_div. +intros (H1, H2). +rewrite (single_finite x) in H2. +refine (ex_intro _ (mk_single (div_single m x y) H2) _). +repeat split. +exact H1. +Qed. + +Axiom Bsqrt_correct : (* the statement from Flocq 1.4 is not strong enough; + the axiom can be removed once the library is converted to Flocq 2.0 *) + forall (prec emax : Z) (Hprec : (0 < prec)%Z) (Hmax : (prec < emax)%Z) + (m : Fappli_IEEE.mode) (x : binary_float prec emax), + B2R prec emax (Bsqrt prec emax Hprec Hmax m x) = + round radix2 (FLT_exp (3 - emax - prec) prec) (round_mode m) (sqrt (B2R prec emax x)) /\ + is_finite prec emax (Bsqrt prec emax Hprec Hmax m x) = match x with B754_zero _ => true | B754_finite false _ _ _ => true | _ => false end. + +Lemma sqrt_single_specification : + forall m (x : single), Rle 0 (single_value x) -> + exists z, sqrt_single_post m x z. +Proof. +intros m x Zx. +refine (_ (Bsqrt_correct 24 128 (refl_equal Lt) (refl_equal Lt) (rnd_of_mode m) (single_float x))). +fold b32_sqrt. +intros (H1, H2). +assert (is_finite 24 128 (b32_sqrt (rnd_of_mode m) (single_float x)) = true). +rewrite H2. +revert Zx. +clear. +case x ; simpl. +intros (a,_,b,c) ; unfold single_value ; simpl. +destruct a as [| | |s m e H] ; try easy. +intros _. +case s ; try easy. +unfold B2R_coercion, B2R, F2R. simpl. +clear. intros H. +elim Rle_not_lt with (1 := H). +rewrite Ropp_mult_distr_l_reverse. +apply Ropp_lt_gt_0_contravar. +apply Rmult_gt_0_compat. +now apply (Z2R_lt 0 (Zpos m)). +apply bpow_gt_0. +refine (ex_intro _ (mk_single (sqrt_single m x) H) _). +repeat split. +exact H1. +Qed. + +Lemma no_overflow_double_bounded : + forall m x, no_overflow_double m x -> + (Rabs (round_double m x) < bpow radix2 1024)%R. +Proof. +intros m x Bx. +apply Rle_lt_trans with (1 := Bx). +change 1024%Z with (53 + 971)%Z. +rewrite bpow_plus. +apply Rmult_lt_compat_r. +apply bpow_gt_0. +rewrite <- Z2R_Zpower. +now apply Z2R_lt. +easy. +Qed. + +Lemma double_of_real_specification : + forall m x, no_overflow_double m x -> + exists z, double_of_real_post m x z. +Proof. +intros m x Bx. +refine (_ (r_to_sd_correct 53 1024 (refl_equal true) (refl_equal true) _ x (no_overflow_double_bounded _ x Bx))). +intros (H1, H2). +refine (let H := _ in ex_intro _ (mk_double (round_double_logic m x) H) _). +exact H1. +repeat split. +exact H2. +Qed. diff -Nru why-2.29+dfsg/lib/coq/WhyFloats.v why-2.30+dfsg/lib/coq/WhyFloats.v --- why-2.29+dfsg/lib/coq/WhyFloats.v 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/lib/coq/WhyFloats.v 2011-10-24 15:21:06.000000000 +0000 @@ -4,67 +4,179 @@ Require Export Reals. Require Export Fcore. - -Definition radix2 := Build_radix 2 (refl_equal _). +Require Export Fappli_IEEE. Inductive mode : Set := nearest_even | to_zero | up | down | nearest_away. -Lemma r_to_sd_aux : - forall emin prec, - Zlt_bool 0 prec = true -> - forall rnd x, - FLT_format radix2 emin prec (round radix2 (FLT_exp emin prec) rnd x). +Global Coercion B2R_coercion prec emax := @B2R prec emax. + +Section r_to_sd. + +Variable prec emax : Z. +Hypothesis Hprec : Zlt_bool 0 prec = true. +Hypothesis Hemax : Zlt_bool prec emax = true. +Let emin := (3 - emax - prec)%Z. +Let fexp := FLT_exp emin prec. +Lemma Hprec': (0 < prec)%Z. revert Hprec. now case Zlt_bool_spec. Qed. +Lemma Hemax': (prec < emax)%Z. revert Hemax. now case Zlt_bool_spec. Qed. +Let binary_round_correct := binary_round_sign_shl_correct prec emax Hprec' Hemax'. + +Definition r_to_sd rnd x : binary_float prec emax := + let r := round radix2 fexp (round_mode rnd) x in + let m := Ztrunc (scaled_mantissa radix2 fexp r) in + let e := canonic_exponent radix2 fexp r in + match m with + | Z0 => B754_zero prec emax false + | Zpos m => FF2B _ _ _ (proj1 (binary_round_correct rnd false m e)) + | Zneg m => FF2B _ _ _ (proj1 (binary_round_correct rnd true m e)) + end. + +Lemma is_finite_FF2B : + forall f H, + is_finite prec emax (FF2B prec emax f H) = + match f with + | F754_finite _ _ _ => true + | F754_zero _ => true + | _ => false + end. Proof. -intros emin prec Hp rnd x. -apply <- FLT_format_generic. -apply generic_format_round. -apply FLT_exp_correct. -now apply <- Zlt_is_lt_bool. -now apply <- Zlt_is_lt_bool. +now intros [| | |]. Qed. -Lemma neg_sd_aux : - forall emin prec, - Zlt_bool 0 prec = true -> - forall x, FLT_format radix2 emin prec x -> - FLT_format radix2 emin prec (-x)%R. -Proof. -intros emin prec Hp. -apply (FLT_format_satisfies_any radix2 emin prec). -now apply <- Zlt_is_lt_bool. +Theorem r_to_sd_correct : + forall rnd x, + let r := round radix2 fexp (round_mode rnd) x in + (Rabs r < bpow radix2 emax)%R -> + is_finite prec emax (r_to_sd rnd x) = true /\ + r_to_sd rnd x = r :>R. +Proof. +intros rnd x r Bx. +unfold r_to_sd. fold r. +assert (Gx: generic_format radix2 fexp r). +apply generic_format_round. +apply FLT_exp_correct. +exact Hprec'. +assert (Hr: Z2R (Ztrunc (scaled_mantissa radix2 fexp r)) = scaled_mantissa radix2 fexp r). +apply sym_eq. +now apply scaled_mantissa_generic. +revert Hr. +case_eq (Ztrunc (scaled_mantissa radix2 fexp r)). +(* *) +intros _ Hx. +repeat split. +apply Rmult_eq_reg_r with (bpow radix2 (- canonic_exponent radix2 fexp r)). +now rewrite Rmult_0_l. +apply Rgt_not_eq. +apply bpow_gt_0. +(* *) +intros p Hp Hx. +case binary_round_correct ; intros Hv. +unfold F2R, Fnum, Fexp, cond_Zopp. +rewrite Hx, scaled_mantissa_bpow. +rewrite round_generic with (1 := Gx). +rewrite Rlt_bool_true with (1 := Bx). +intros H. +split. +rewrite is_finite_FF2B. +revert H. +assert (0 <> r)%R. +intros H. +rewrite <- H, scaled_mantissa_0 in Hx. +now apply (Z2R_neq 0 (Zpos p)). +now case binary_round_sign_shl. +now rewrite B2R_FF2B. +(* *) +intros p Hp Hx. +case binary_round_correct ; intros Hv. +unfold F2R, Fnum, Fexp, cond_Zopp, Zopp. +rewrite Hx, scaled_mantissa_bpow. +rewrite round_generic with (1 := Gx). +rewrite Rlt_bool_true with (1 := Bx). +intros H. +split. +rewrite is_finite_FF2B. +revert H. +assert (0 <> r)%R. +intros H. +rewrite <- H, scaled_mantissa_0 in Hx. +now apply (Z2R_neq 0 (Zneg p)). +now case binary_round_sign_shl. +now rewrite B2R_FF2B. Qed. -Lemma abs_sd_aux : - forall emin prec, - Zlt_bool 0 prec = true -> - forall x, FLT_format radix2 emin prec x -> - FLT_format radix2 emin prec (Rabs x)%R. +Theorem r_to_sd_format : + forall rnd x, + FLT_format radix2 emin prec x -> + (Rabs x < bpow radix2 emax)%R -> + r_to_sd rnd x = x :>R. Proof. -intros emin prec Hp x Hx. -apply <- FLT_format_generic. -apply generic_format_abs. +intros rnd x Fx Bx. +assert (Gx: generic_format radix2 fexp x). apply -> FLT_format_generic. -exact Hx. -now apply <- Zlt_is_lt_bool. -now apply <- Zlt_is_lt_bool. +apply Fx. +exact Hprec'. +pattern x at 2 ; rewrite <- round_generic with (rnd := round_mode rnd) (1 := Gx). +refine (proj2 (r_to_sd_correct _ _ _)). +now rewrite round_generic with (1 := Gx). +Qed. + +End r_to_sd. + +Theorem value_is_bounded : + forall prec emax (v : binary_float (Zpos prec) emax), + (Rabs v <= F2R (Float radix2 (Zpower_pos 2 prec - 1) (emax - Zpos prec)))%R. +Proof. +intros prec emax v. +assert (Rabs 0 <= F2R (Float radix2 (Zpower_pos 2 prec - 1) (emax - Zpos prec)))%R. +rewrite Rabs_R0. +rewrite <- (F2R_0 radix2 (emax - Zpos prec)). +apply F2R_le_compat. +apply Zlt_succ_le. +change (0 < Zsucc (Zpred (Zpower_pos 2 prec)))%Z. +rewrite <- Zsucc_pred. +now apply Zpower_pos_gt_0. +destruct v ; try exact H. +clear H. +unfold B2R_coercion, B2R, F2R. simpl. +rewrite Rabs_mult, <- Z2R_abs, abs_cond_Zopp. +rewrite Rabs_pos_eq. +2: apply bpow_ge_0. +destruct (andb_prop _ _ e0) as (H1, H2). +apply Rmult_le_compat. +now apply (Z2R_le 0). +apply bpow_ge_0. +apply Z2R_le. +apply Zlt_succ_le. +change (Zpos m < Zsucc (Zpred (Zpower_pos 2 prec)))%Z. +rewrite <- Zsucc_pred. +generalize (Zeq_bool_eq _ _ H1). clear. +rewrite Fcalc_digits.Z_of_nat_S_digits2_Pnat. +intros H. +apply (Fcalc_digits.Zpower_gt_digits Fcalc_digits.radix2 (Zpos prec) (Zpos m)). +revert H. +unfold FLT_exp. +generalize (Fcalc_digits.digits Fcalc_digits.radix2 (Zpos m)). +intros ; zify ; omega. +apply bpow_le. +now apply Zle_bool_imp_le. Qed. Definition rnd_of_mode (m:mode) := match m with - | nearest_even => rndNE - | to_zero => rndZR - | up => rndUP - | down => rndDN - | nearest_away => rndNA + | nearest_even => mode_NE + | to_zero => mode_ZR + | up => mode_UP + | down => mode_DN + | nearest_away => mode_NA end. (** Single precision *) Record single : Set := mk_single { - single_value : R; + single_float : binary32; + single_value := (single_float : R); single_exact : R; - single_model : R; - single_value_in_format : FLT_format radix2 (-149) 24 single_value + single_model : R }. Definition single_round_error (f:single) := @@ -74,41 +186,38 @@ Rabs (single_model f - single_value f). Definition single_set_model (f:single) (r:R) := - mk_single (single_value f) (single_exact f) r (single_value_in_format f). + mk_single (single_float f) (single_exact f) r. Definition r_to_s_aux (m:mode) (r r1 r2:R) := - mk_single _ r1 r2 (r_to_sd_aux (-149) 24 (refl_equal _) (rnd_of_mode m) r). + mk_single (r_to_sd 24 128 (refl_equal true) (refl_equal true) (rnd_of_mode m) r) r1 r2. Definition round_single_logic (m:mode) (r:R) := r_to_s_aux m r r r. -Definition round_single (m:mode) (r:R) := round radix2 (FLT_exp (-149) 24) (rnd_of_mode m) r. +Definition round_single (m:mode) (r:R) := round radix2 (FLT_exp (-149) 24) (round_mode (rnd_of_mode m)) r. Definition add_single (m:mode) (f1 f2:single) := - r_to_s_aux m (single_value f1 + single_value f2) + mk_single (b32_plus (rnd_of_mode m) (single_float f1) (single_float f2)) (single_exact f1 + single_exact f2) (single_model f1 + single_model f2). Definition sub_single (m:mode) (f1 f2:single) := - r_to_s_aux m (single_value f1 - single_value f2) + mk_single (b32_minus (rnd_of_mode m) (single_float f1) (single_float f2)) (single_exact f1 - single_exact f2) (single_model f1 - single_model f2). Definition mul_single (m:mode) (f1 f2:single) := - r_to_s_aux m (single_value f1 * single_value f2) + mk_single (b32_mult (rnd_of_mode m) (single_float f1) (single_float f2)) (single_exact f1 * single_exact f2) (single_model f1 * single_model f2). Definition div_single (m:mode) (f1 f2:single) := - r_to_s_aux m (single_value f1 / single_value f2) + mk_single (b32_div (rnd_of_mode m) (single_float f1) (single_float f2)) (single_exact f1 / single_exact f2) (single_model f1 / single_model f2). Definition sqrt_single (m:mode) (f:single) := - r_to_s_aux m (sqrt (single_value f)) (sqrt (single_exact f)) (sqrt (single_model f)). + mk_single (b32_sqrt (rnd_of_mode m) (single_float f)) + (sqrt (single_exact f)) (sqrt (single_model f)). -Definition neg_single (m:mode) (f:single) := - mk_single _ (- single_exact f) (- single_model f) - (neg_sd_aux (-149) 24 (refl_equal _) (single_value f) (single_value_in_format f)). - -Definition abs_single (m:mode) (f:single) := - mk_single _ (Rabs (single_exact f)) (Rabs (single_model f)) - (abs_sd_aux (-149) 24 (refl_equal _) (single_value f) (single_value_in_format f)). +Definition neg_single (f:single) := + mk_single (b32_opp (single_float f)) + (- single_exact f) (- single_model f). Definition any_single := round_single_logic nearest_even 0%R. @@ -139,7 +248,7 @@ apply round_monotone with (2 := proj1 H0). now apply FLT_exp_correct. now apply generic_format_opp. -rewrite <- round_generic with (rnd := rnd_of_mode m) (1 := H). +rewrite <- round_generic with (rnd := round_mode (rnd_of_mode m)) (1 := H). apply round_monotone with (2 := proj2 H0). now apply FLT_exp_correct. Qed. @@ -203,10 +312,10 @@ (** Double precision *) Record double : Set := mk_double { - double_value : R; + double_float : binary64; + double_value := (double_float : R); double_exact : R; - double_model : R; - double_value_in_format : FLT_format radix2 (-1074) 53 double_value + double_model : R }. Definition double_round_error (f:double) := @@ -216,41 +325,38 @@ Rabs (double_model f - double_value f). Definition double_set_model (f:double) (r:R) := - mk_double (double_value f) (double_exact f) r (double_value_in_format f). + mk_double (double_float f) (double_exact f) r. Definition r_to_d_aux (m:mode) (r r1 r2:R) := - mk_double _ r1 r2 (r_to_sd_aux (-1074) 53 (refl_equal _) (rnd_of_mode m) r). + mk_double (r_to_sd 53 1024 (refl_equal true) (refl_equal true) (rnd_of_mode m) r) r1 r2. Definition round_double_logic (m:mode) (r:R) := r_to_d_aux m r r r. -Definition round_double (m:mode) (r:R) := round radix2 (FLT_exp (-1074) 53) (rnd_of_mode m) r. +Definition round_double (m:mode) (r:R) := round radix2 (FLT_exp (-1074) 53) (round_mode (rnd_of_mode m)) r. Definition add_double (m:mode) (f1 f2:double) := - r_to_d_aux m (double_value f1 + double_value f2) + mk_double (b64_plus (rnd_of_mode m) (double_float f1) (double_float f2)) (double_exact f1 + double_exact f2) (double_model f1 + double_model f2). Definition sub_double (m:mode) (f1 f2:double) := - r_to_d_aux m (double_value f1 - double_value f2) + mk_double (b64_minus (rnd_of_mode m) (double_float f1) (double_float f2)) (double_exact f1 - double_exact f2) (double_model f1 - double_model f2). Definition mul_double (m:mode) (f1 f2:double) := - r_to_d_aux m (double_value f1 * double_value f2) + mk_double (b64_mult (rnd_of_mode m) (double_float f1) (double_float f2)) (double_exact f1 * double_exact f2) (double_model f1 * double_model f2). Definition div_double (m:mode) (f1 f2:double) := - r_to_d_aux m (double_value f1 / double_value f2) + mk_double (b64_div (rnd_of_mode m) (double_float f1) (double_float f2)) (double_exact f1 / double_exact f2) (double_model f1 / double_model f2). Definition sqrt_double (m:mode) (f:double) := - r_to_d_aux m (sqrt (double_value f)) (sqrt (double_exact f)) (sqrt (double_model f)). + mk_double (b64_sqrt (rnd_of_mode m) (double_float f)) + (sqrt (double_exact f)) (sqrt (double_model f)). -Definition neg_double (m:mode) (f:double) := - mk_double _ (- double_exact f) (- double_model f) - (neg_sd_aux (-1074) 53 (refl_equal _) (double_value f) (double_value_in_format f)). - -Definition abs_double (m:mode) (f:double) := - mk_double _ (Rabs (double_exact f)) (Rabs (double_model f)) - (abs_sd_aux (-1074) 53 (refl_equal _) (double_value f) (double_value_in_format f)). +Definition neg_double (f:double) := + mk_double (b64_opp (double_float f)) + (- double_exact f) (- double_model f). Definition any_double := round_double_logic nearest_even 0%R. @@ -281,7 +387,7 @@ apply round_monotone with (2 := proj1 H0). now apply FLT_exp_correct. now apply generic_format_opp. -rewrite <- round_generic with (rnd := rnd_of_mode m) (1 := H). +rewrite <- round_generic with (rnd := round_mode (rnd_of_mode m)) (1 := H). apply round_monotone with (2 := proj2 H0). now apply FLT_exp_correct. Qed. @@ -395,6 +501,7 @@ (** Jumping from one format to another *) +(* Lemma single_to_double_aux: forall f:single, FLT_format radix2 (-1074) 53 (single_value f). Proof. @@ -443,7 +550,7 @@ Definition double_of_quad : mode -> quad -> double. Admitted. - +*) (** Small integers, like 1 or 2, do not suffer from rounding *) @@ -451,49 +558,33 @@ (Zabs z <= Zpower_nat 2 53)%Z -> (double_value (round_double_logic m (Z2R z))= Z2R z)%R. Proof. intros m z Hz. -simpl. -destruct (Z_eq_dec z 0) as [Zz|Zz]. -rewrite Zz. -apply round_0. -apply round_generic. -destruct (Zle_lt_or_eq _ _ Hz) as [Bz|Bz]. -rewrite <- (Rmult_1_r (Z2R z)). -change (Z2R z * 1)%R with (F2R (Float radix2 z 0)). -apply generic_format_canonic_exponent. +unfold round_double_logic, r_to_d_aux, double_value. +apply r_to_sd_format. +destruct (Zle_lt_or_eq _ _ Hz) as [Bz|Bz] ; clear Hz. +exists (Float radix2 z 0). unfold F2R. simpl. -rewrite Rmult_1_r. -unfold canonic_exponent. -destruct (ln_beta radix2 (Z2R z)) as (ez,Ez). simpl. -specialize (Ez (Z2R_neq _ _ Zz)). -unfold FLT_exp. -generalize (Zmax_spec (ez - 53) (-1074)). -cut (1 <= ez <= 53)%Z. clear. omega. split. -apply (bpow_lt_bpow radix2). -apply Rle_lt_trans with (2 := proj2 Ez). -rewrite <- Z2R_abs. -apply (Z2R_le 1). -clear -Zz. -generalize (Zabs_spec z). omega. -apply (bpow_lt_bpow radix2). -apply Rle_lt_trans with (1 := proj1 Ez). -change 53%Z with (Z_of_nat 53). -rewrite <- Z2R_Zpower_nat. -rewrite <- Z2R_abs. -now apply Z2R_lt. -destruct z. -now elim Zz. -simpl in Bz. +now rewrite Rmult_1_r. +now split. +apply <- FLT_format_generic. +2: easy. +change 2%Z with (radix_val radix2) in Bz. +destruct z as [|z|z] ; unfold Zabs in Bz. +apply generic_format_0. rewrite Bz. -rewrite (Z2R_Zpower_nat radix2). +rewrite Z2R_Zpower_nat. now apply generic_format_bpow. -simpl in Bz. -change (Zneg p) with (Zopp (Zpos p)). -rewrite Bz. -rewrite Z2R_opp. +change (Zneg z) with (Zopp (Zpos z)). +rewrite Bz, Z2R_opp. +rewrite Z2R_Zpower_nat. apply generic_format_opp. -rewrite (Z2R_Zpower_nat radix2). now apply generic_format_bpow. +apply Rle_lt_trans with (bpow radix2 53). +rewrite <- Z2R_abs. +change 53%Z with (Z_of_nat 53). +rewrite <- Z2R_Zpower_nat. +now apply Z2R_le. +now apply bpow_lt. Qed. Theorem zero_no_round: forall (m:mode), double_value (round_double_logic m (Z2R 0)) = 0%R. Binary files /tmp/iOf0A_xtYN/why-2.29+dfsg/lib/images/accept-bw.png and /tmp/1AO6Cld3H0/why-2.30+dfsg/lib/images/accept-bw.png differ Binary files /tmp/iOf0A_xtYN/why-2.29+dfsg/lib/images/bug-bw.png and /tmp/1AO6Cld3H0/why-2.30+dfsg/lib/images/bug-bw.png differ Binary files /tmp/iOf0A_xtYN/why-2.29+dfsg/lib/images/clock-bw.png and /tmp/1AO6Cld3H0/why-2.30+dfsg/lib/images/clock-bw.png differ Binary files /tmp/iOf0A_xtYN/why-2.29+dfsg/lib/images/delete-bw.png and /tmp/1AO6Cld3H0/why-2.30+dfsg/lib/images/delete-bw.png differ Binary files /tmp/iOf0A_xtYN/why-2.29+dfsg/lib/images/help-bw.png and /tmp/1AO6Cld3H0/why-2.30+dfsg/lib/images/help-bw.png differ Binary files /tmp/iOf0A_xtYN/why-2.29+dfsg/lib/images/pause-bw.png and /tmp/1AO6Cld3H0/why-2.30+dfsg/lib/images/pause-bw.png differ Binary files /tmp/iOf0A_xtYN/why-2.29+dfsg/lib/images/play-bw.png and /tmp/1AO6Cld3H0/why-2.30+dfsg/lib/images/play-bw.png differ Binary files /tmp/iOf0A_xtYN/why-2.29+dfsg/lib/images/stop-bw.png and /tmp/1AO6Cld3H0/why-2.30+dfsg/lib/images/stop-bw.png differ diff -Nru why-2.29+dfsg/lib/java_api/java/lang/System.java why-2.30+dfsg/lib/java_api/java/lang/System.java --- why-2.29+dfsg/lib/java_api/java/lang/System.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/lib/java_api/java/lang/System.java 2011-10-24 15:21:06.000000000 +0000 @@ -862,8 +862,8 @@ * inline access to them, since they are later set to more sensible values * by initializeSystemClass(). */ - /*KML - private static InputStream nullInputStream() throws NullPointerException { + private static InputStream nullInputStream() throws NullPointerException; + /*KML { if (currentTimeMillis() > 0) return null; throw new NullPointerException(); diff -Nru why-2.29+dfsg/lib/why/floats_common.why why-2.30+dfsg/lib/why/floats_common.why --- why-2.29+dfsg/lib/why/floats_common.why 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/lib/why/floats_common.why 2011-10-24 15:21:06.000000000 +0000 @@ -55,6 +55,10 @@ -9007199254740992 <= i <= 9007199254740992 (* 2^53 *) -> round_double(m,real_of_int(i)) = real_of_int(i) +axiom exact_round_double_for_doubles: + forall x:double. forall m:mode. + round_double(m,double_value(x)) = double_value(x) + axiom round_double_idempotent: forall m1:mode. forall m2:mode. forall x:real. round_double(m1,round_double(m2,x)) = round_double(m2,x) @@ -116,6 +120,10 @@ -16777216 <= i <= 16777216 (* 2^24 *) -> round_single(m,real_of_int(i)) = real_of_int(i) +axiom exact_round_single_for_singles: + forall x:single. forall m:mode. + round_single(m,single_value(x)) = single_value(x) + axiom round_single_idempotent: forall m1:mode. forall m2:mode. forall x:real. round_single(m1,round_single(m2,x)) = round_single(m2,x) @@ -133,25 +141,3 @@ axiom round_up_single_ge: forall x:real. round_single(up,x) >= x - - - - - - - - - - -(***************************) -(* Casts *) -(***************************) - -logic single_to_double: single -> double -logic double_to_single: mode, double -> single - -axiom single_to_double_val: forall s:single. - double_value(single_to_double(s)) = single_value(s) -axiom double_to_single_val: forall m:mode. forall d:double. - single_value(double_to_single(m,d))=round_single(m,double_value(d)) - diff -Nru why-2.29+dfsg/lib/why/floats_full.why why-2.30+dfsg/lib/why/floats_full.why --- why-2.29+dfsg/lib/why/floats_full.why 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/lib/why/floats_full.why 2011-10-24 15:21:06.000000000 +0000 @@ -12,10 +12,10 @@ (***************************************************) -(*************** additional views ******************) +(*************** additional views ******************) (***************************************************) -type Float_class = Finite | Infinite | NaN +type Float_class = Finite | Infinite | NaN type sign = Negative | Positive @@ -33,27 +33,27 @@ (***************************************************) -(*********** axioms on float_sign ******************) +(*********** axioms on float_sign ******************) (***************************************************) (* useful ??? -axiom single_sign_not_pos_neg : forall x:single. +axiom single_sign_not_pos_neg : forall x:single. single_sign(x) <> Positive -> single_sign(x) = Negative -axiom single_sign_not_neg_pos : forall x:single. +axiom single_sign_not_neg_pos : forall x:single. single_sign(x) <> Negative -> single_sign(x) = Positive -axiom double_sign_not_pos_neg : forall x:double. +axiom double_sign_not_pos_neg : forall x:double. double_sign(x) <> Positive -> double_sign(x) = Negative -axiom double_sign_not_neg_pos : forall x:double. +axiom double_sign_not_neg_pos : forall x:double. double_sign(x) <> Negative -> double_sign(x) = Positive *) axiom same_sign_real_bool_zero1 : forall b:sign. not same_sign_real_bool(b,0.0) -axiom same_sign_real_bool_zero2 : forall x:real. - same_sign_real_bool(Negative,x) and +axiom same_sign_real_bool_zero2 : forall x:real. + same_sign_real_bool(Negative,x) and same_sign_real_bool(Positive,x) -> false -axiom same_sign_real_bool_zero3 : forall b:sign. forall x:real. +axiom same_sign_real_bool_zero3 : forall b:sign. forall x:real. same_sign_real_bool(b,x) -> x <> 0.0 axiom same_sign_real_bool_correct2 : forall b:sign. forall x:real. same_sign_real_bool(b,x) -> (x < 0.0 <-> b = Negative) @@ -70,7 +70,7 @@ predicate single_same_sign(x:single,y:single) = single_sign(x) = single_sign(y) predicate single_diff_sign(x:single,y:single) = single_sign(x) <> single_sign(y) -predicate single_product_sign(z:single,x:single,y:single) = +predicate single_product_sign(z:single,x:single,y:single) = (single_same_sign(x,y) -> single_sign(z)= Positive) and (single_diff_sign(x,y) -> single_sign(z)= Negative) @@ -78,7 +78,7 @@ predicate double_same_sign(x:double,y:double) = double_sign(x) = double_sign(y) predicate double_diff_sign(x:double,y:double) = double_sign(x) <> double_sign(y) -predicate double_product_sign(z:double,x:double,y:double) = +predicate double_product_sign(z:double,x:double,y:double) = (double_same_sign(x,y) -> double_sign(z)= Positive) and (double_diff_sign(x,y) -> double_sign(z)= Negative) @@ -101,57 +101,57 @@ (* non-zero finite gen_float has the same sign as its float_value *) axiom single_finite_sign : forall x:single. - (single_class(x) = Finite and single_value(x) <> 0.0) -> + (single_class(x) = Finite and single_value(x) <> 0.0) -> single_same_sign_real(x,single_value(x)) -axiom single_finite_sign_neg1: forall x:single. - single_class(x) = Finite and single_value(x) < 0.0 -> +axiom single_finite_sign_neg1: forall x:single. + single_class(x) = Finite and single_value(x) < 0.0 -> single_sign(x) = Negative -axiom single_finite_sign_neg2: forall x:single. - single_class(x) = Finite and single_value(x) <> 0.0 +axiom single_finite_sign_neg2: forall x:single. + single_class(x) = Finite and single_value(x) <> 0.0 and single_sign(x) = Negative -> single_value(x) < 0.0 -axiom single_finite_sign_pos1: forall x:single. - single_class(x) = Finite and single_value(x) > 0.0 -> +axiom single_finite_sign_pos1: forall x:single. + single_class(x) = Finite and single_value(x) > 0.0 -> single_sign(x) = Positive -axiom single_finite_sign_pos2: forall x:single. - single_class(x) = Finite and single_value(x) <> 0.0 +axiom single_finite_sign_pos2: forall x:single. + single_class(x) = Finite and single_value(x) <> 0.0 and single_sign(x) = Positive -> single_value(x) > 0.0 axiom single_diff_sign_trans: forall x:single. forall y:single. forall z:single. single_diff_sign(x,y) and single_diff_sign(y,z) -> single_same_sign(x,z) axiom single_same_sign_product: forall x:single. forall y:single. - single_class(x) = Finite and single_class(y) = Finite and + single_class(x) = Finite and single_class(y) = Finite and single_same_sign(x,y) -> single_value(x) * single_value(y) >= 0.0 axiom single_diff_sign_product: forall x:single. forall y:single. - single_class(x) = Finite and single_class(y) = Finite and + single_class(x) = Finite and single_class(y) = Finite and single_value(x) * single_value(y) < 0.0 -> single_diff_sign(x,y) axiom double_finite_sign : forall x:double. - (double_class(x) = Finite and double_value(x) <> 0.0) -> + (double_class(x) = Finite and double_value(x) <> 0.0) -> double_same_sign_real(x,double_value(x)) -axiom double_finite_sign_neg1: forall x:double. - double_class(x) = Finite and double_value(x) < 0.0 -> +axiom double_finite_sign_neg1: forall x:double. + double_class(x) = Finite and double_value(x) < 0.0 -> double_sign(x) = Negative -axiom double_finite_sign_neg2: forall x:double. - double_class(x) = Finite and double_value(x) <> 0.0 +axiom double_finite_sign_neg2: forall x:double. + double_class(x) = Finite and double_value(x) <> 0.0 and double_sign(x) = Negative -> double_value(x) < 0.0 -axiom double_finite_sign_pos1: forall x:double. - double_class(x) = Finite and double_value(x) > 0.0 -> +axiom double_finite_sign_pos1: forall x:double. + double_class(x) = Finite and double_value(x) > 0.0 -> double_sign(x) = Positive -axiom double_finite_sign_pos2: forall x:double. - double_class(x) = Finite and double_value(x) <> 0.0 +axiom double_finite_sign_pos2: forall x:double. + double_class(x) = Finite and double_value(x) <> 0.0 and double_sign(x) = Positive -> double_value(x) > 0.0 axiom double_diff_sign_trans: forall x:double. forall y:double. forall z:double. double_diff_sign(x,y) and double_diff_sign(y,z) -> double_same_sign(x,z) axiom double_same_sign_product: forall x:double. forall y:double. - double_class(x) = Finite and double_class(y) = Finite and + double_class(x) = Finite and double_class(y) = Finite and double_same_sign(x,y) -> double_value(x) * double_value(y) >= 0.0 axiom double_diff_sign_product: forall x:double. forall y:double. - double_class(x) = Finite and double_class(y) = Finite and + double_class(x) = Finite and double_class(y) = Finite and double_value(x) * double_value(y) < 0.0 -> double_diff_sign(x,y) @@ -163,175 +163,175 @@ predicate single_is_infinite(x:single) = single_class(x) = Infinite predicate single_is_NaN(x:single) = single_class(x) = NaN predicate single_is_not_NaN(x:single) = single_is_finite(x) or single_is_infinite(x) -predicate single_is_minus_infinity(x:single) +predicate single_is_minus_infinity(x:single) = single_is_infinite(x) and single_sign(x) = Negative -predicate single_is_plus_infinity(x:single) +predicate single_is_plus_infinity(x:single) = single_is_infinite(x) and single_sign(x) = Positive predicate single_is_gen_zero(x:single)= single_is_finite(x) and single_value(x) = 0.0 -predicate single_is_gen_zero_plus(x:single) +predicate single_is_gen_zero_plus(x:single) = single_is_gen_zero(x) and single_sign(x) = Positive -predicate single_is_gen_zero_minus(x:single) +predicate single_is_gen_zero_minus(x:single) = single_is_gen_zero(x) and single_sign(x) = Negative predicate double_is_finite(x:double) = double_class(x) = Finite predicate double_is_infinite(x:double) = double_class(x) = Infinite predicate double_is_NaN(x:double) = double_class(x) = NaN predicate double_is_not_NaN(x:double) = double_is_finite(x) or double_is_infinite(x) -predicate double_is_minus_infinity(x:double) +predicate double_is_minus_infinity(x:double) = double_is_infinite(x) and double_sign(x) = Negative -predicate double_is_plus_infinity(x:double) +predicate double_is_plus_infinity(x:double) = double_is_infinite(x) and double_sign(x) = Positive predicate double_is_gen_zero(x:double)= double_is_finite(x) and double_value(x) = 0.0 -predicate double_is_gen_zero_plus(x:double) +predicate double_is_gen_zero_plus(x:double) = double_is_gen_zero(x) and double_sign(x) = Positive -predicate double_is_gen_zero_minus(x:double) +predicate double_is_gen_zero_minus(x:double) = double_is_gen_zero(x) and double_sign(x) = Negative (* predicate to use in case of overflow result of an operation *) -predicate single_overflow_value(m:mode,x:single) = +predicate single_overflow_value(m:mode,x:single) = (m = down -> (single_sign(x) = Negative -> single_is_infinite(x)) and - (single_sign(x) = Positive -> single_is_finite(x) and - single_value(x)= max_single)) + (single_sign(x) = Positive -> single_is_finite(x) and + single_value(x)= max_single)) and - (m = up -> (single_sign(x) = Negative -> single_is_finite(x) and - single_value(x)= - max_single) and - (single_sign(x) = Positive -> single_is_infinite(x))) - and - (m = to_zero -> single_is_finite(x) and - (single_sign(x) = Negative -> single_value(x)= - max_single) and - (single_sign(x) = Positive -> single_value(x)= max_single)) - and - (m = nearest_away or m = nearest_even -> single_is_infinite(x)) + (m = up -> (single_sign(x) = Negative -> single_is_finite(x) and + single_value(x)= - max_single) and + (single_sign(x) = Positive -> single_is_infinite(x))) + and + (m = to_zero -> single_is_finite(x) and + (single_sign(x) = Negative -> single_value(x)= - max_single) and + (single_sign(x) = Positive -> single_value(x)= max_single)) + and + (m = nearest_away or m = nearest_even -> single_is_infinite(x)) -predicate double_overflow_value(m:mode,x:double) = +predicate double_overflow_value(m:mode,x:double) = (m = down -> (double_sign(x) = Negative -> double_is_infinite(x)) and - (double_sign(x) = Positive -> double_is_finite(x) and - double_value(x)= max_double)) + (double_sign(x) = Positive -> double_is_finite(x) and + double_value(x)= max_double)) + and + (m = up -> (double_sign(x) = Negative -> double_is_finite(x) and + double_value(x)= - max_double) and + (double_sign(x) = Positive -> double_is_infinite(x))) + and + (m = to_zero -> double_is_finite(x) and + (double_sign(x) = Negative -> double_value(x)= - max_double) and + (double_sign(x) = Positive -> double_value(x)= max_double)) and - (m = up -> (double_sign(x) = Negative -> double_is_finite(x) and - double_value(x)= - max_double) and - (double_sign(x) = Positive -> double_is_infinite(x))) - and - (m = to_zero -> double_is_finite(x) and - (double_sign(x) = Negative -> double_value(x)= - max_double) and - (double_sign(x) = Positive -> double_value(x)= max_double)) - and - (m = nearest_away or m = nearest_even -> double_is_infinite(x)) + (m = nearest_away or m = nearest_even -> double_is_infinite(x)) (* predicate to use in case of underflow result of an operation *) -predicate single_underflow_value(m:mode,x:single) = - single_is_finite(x) +predicate single_underflow_value(m:mode,x:single) = + single_is_finite(x) and - (single_sign(x) = Positive -> - (m = down or m = to_zero or m = nearest_even or m = nearest_away -> - single_value(x) = 0.0) - and + (single_sign(x) = Positive -> + (m = down or m = to_zero or m = nearest_even or m = nearest_away -> + single_value(x) = 0.0) + and (m = up -> single_value(x) = min_single)) - and - (single_sign(x) = Negative -> - (m = up or m = to_zero or m = nearest_even or m = nearest_away -> - single_value(x) = 0.0) - and + and + (single_sign(x) = Negative -> + (m = up or m = to_zero or m = nearest_even or m = nearest_away -> + single_value(x) = 0.0) + and (m = down -> single_value(x) = - min_single)) -predicate double_underflow_value(m:mode,x:double) = - double_is_finite(x) +predicate double_underflow_value(m:mode,x:double) = + double_is_finite(x) and - (double_sign(x) = Positive -> - (m = down or m = to_zero or m = nearest_even or m = nearest_away -> - double_value(x) = 0.0) - and + (double_sign(x) = Positive -> + (m = down or m = to_zero or m = nearest_even or m = nearest_away -> + double_value(x) = 0.0) + and (m = up -> double_value(x) = min_double)) - and - (double_sign(x) = Negative -> - (m = up or m = to_zero or m = nearest_even or m = nearest_away -> - double_value(x) = 0.0) - and + and + (double_sign(x) = Negative -> + (m = up or m = to_zero or m = nearest_even or m = nearest_away -> + double_value(x) = 0.0) + and (m = down -> double_value(x) = - min_double)) (* predicate to get the sign of a zero result of an operation *) -predicate single_sign_zero_result(m:mode,x:single) = - single_value(x) = 0.0 -> - ((m = down -> single_sign(x) = Negative) - and - (m <> down -> single_sign(x) = Positive)) - -predicate double_sign_zero_result(m:mode,x:double) = - double_value(x) = 0.0 -> - ((m = down -> double_sign(x) = Negative) - and - (m <> down -> double_sign(x) = Positive)) +predicate single_sign_zero_result(m:mode,x:single) = + single_value(x) = 0.0 -> + ((m = down -> single_sign(x) = Negative) + and + (m <> down -> single_sign(x) = Positive)) + +predicate double_sign_zero_result(m:mode,x:double) = + double_value(x) = 0.0 -> + ((m = down -> double_sign(x) = Negative) + and + (m <> down -> double_sign(x) = Positive)) (**** Comparisons of floats in the logic ****) -predicate le_single(x:single,y:single) = - (single_is_finite(x) and single_is_finite(y) +predicate le_single_full(x:single,y:single) = + (single_is_finite(x) and single_is_finite(y) and single_value(x) <= single_value(y)) or (single_is_minus_infinity(x) and single_is_not_NaN(y)) or (single_is_not_NaN(x) and single_is_plus_infinity(y)) -predicate lt_single(x:single,y:single) = - (single_is_finite(x) and single_is_finite(y) +predicate lt_single_full(x:single,y:single) = + (single_is_finite(x) and single_is_finite(y) and single_value(x) < single_value(y)) - or (single_is_minus_infinity(x) and single_is_not_NaN(y) - and not single_is_minus_infinity(y)) - or (single_is_not_NaN(x) and not single_is_plus_infinity(x) + or (single_is_minus_infinity(x) and single_is_not_NaN(y) + and not single_is_minus_infinity(y)) + or (single_is_not_NaN(x) and not single_is_plus_infinity(x) and single_is_plus_infinity(y)) -predicate ge_single(x:single,y:single) = le_single(y,x) +predicate ge_single_full(x:single,y:single) = le_single_full(y,x) -predicate gt_single(x:single,y:single) = lt_single(y,x) +predicate gt_single_full(x:single,y:single) = lt_single_full(y,x) -predicate eq_single(x:single,y:single) = - single_is_not_NaN(x) and single_is_not_NaN(y) and - ((single_is_finite(x) and single_is_finite(y) +predicate eq_single_full(x:single,y:single) = + single_is_not_NaN(x) and single_is_not_NaN(y) and + ((single_is_finite(x) and single_is_finite(y) and single_value(x) = single_value(y)) - or - (single_is_infinite(x) and single_is_infinite(y) + or + (single_is_infinite(x) and single_is_infinite(y) and single_same_sign(x,y))) -predicate ne_single(x:single,y:single) = not eq_single(x,y) +predicate ne_single_full(x:single,y:single) = not eq_single_full(x,y) -predicate le_double(x:double,y:double) = - (double_is_finite(x) and double_is_finite(y) +predicate le_double_full(x:double,y:double) = + (double_is_finite(x) and double_is_finite(y) and double_value(x) <= double_value(y)) or (double_is_minus_infinity(x) and double_is_not_NaN(y)) or (double_is_not_NaN(x) and double_is_plus_infinity(y)) -predicate lt_double(x:double,y:double) = - (double_is_finite(x) and double_is_finite(y) +predicate lt_double_full(x:double,y:double) = + (double_is_finite(x) and double_is_finite(y) and double_value(x) < double_value(y)) - or (double_is_minus_infinity(x) and double_is_not_NaN(y) - and not double_is_minus_infinity(y)) - or (double_is_not_NaN(x) and not double_is_plus_infinity(x) + or (double_is_minus_infinity(x) and double_is_not_NaN(y) + and not double_is_minus_infinity(y)) + or (double_is_not_NaN(x) and not double_is_plus_infinity(x) and double_is_plus_infinity(y)) -predicate ge_double(x:double,y:double) = le_double(y,x) +predicate ge_double_full(x:double,y:double) = le_double_full(y,x) -predicate gt_double(x:double,y:double) = lt_double(y,x) +predicate gt_double_full(x:double,y:double) = lt_double_full(y,x) -predicate eq_double(x:double,y:double) = - double_is_not_NaN(x) and double_is_not_NaN(y) and - ((double_is_finite(x) and double_is_finite(y) +predicate eq_double_full(x:double,y:double) = + double_is_not_NaN(x) and double_is_not_NaN(y) and + ((double_is_finite(x) and double_is_finite(y) and double_value(x) = double_value(y)) - or - (double_is_infinite(x) and double_is_infinite(y) + or + (double_is_infinite(x) and double_is_infinite(y) and double_same_sign(x,y))) -predicate ne_double(x:double,y:double) = not eq_double(x,y) +predicate ne_double_full(x:double,y:double) = not eq_double_full(x,y) axiom le_lt_double_trans: forall x,y,z:double. - le_double(x,y) and lt_double(y,z) -> lt_double(x,z) + le_double_full(x,y) and lt_double_full(y,z) -> lt_double_full(x,z) axiom lt_le_double_trans: forall x,y,z:double. - lt_double(x,y) and le_double(y,z) -> lt_double(x,z) + lt_double_full(x,y) and le_double_full(y,z) -> lt_double_full(x,z) @@ -340,13 +340,13 @@ (***************************************************) axiom round_single1 : forall m:mode. forall x:real. - no_overflow_single(m,x) -> + no_overflow_single(m,x) -> (single_is_finite(round_single_logic(m,x)) and single_value(round_single_logic(m,x)) = round_single(m,x)) axiom round_single2 : forall m:mode. forall x:real. - not no_overflow_single(m,x) -> - (single_same_sign_real(round_single_logic(m,x),x) and + not no_overflow_single(m,x) -> + (single_same_sign_real(round_single_logic(m,x),x) and single_overflow_value(m,round_single_logic(m,x))) axiom round_single3 : forall m:mode. forall x:real. @@ -363,8 +363,8 @@ single_is_finite(round_single_logic(m,x)) -> abs_real(single_value(round_single_logic(m,x))) <= max_single -axiom round_single_no_overflow : forall m:mode. forall x:real. - abs_real(x) <= max_single -> +axiom round_single_no_overflow : forall m:mode. forall x:real. + abs_real(x) <= max_single -> (single_is_finite(round_single_logic(m,x)) and single_value(round_single_logic(m,x)) = round_single(m,x)) @@ -382,13 +382,13 @@ axiom round_double1 : forall m:mode. forall x:real. - no_overflow_double(m,x) -> + no_overflow_double(m,x) -> (double_is_finite(round_double_logic(m,x)) and double_value(round_double_logic(m,x)) = round_double(m,x)) axiom round_double2 : forall m:mode. forall x:real. - not no_overflow_double(m,x) -> - (double_same_sign_real(round_double_logic(m,x),x) and + not no_overflow_double(m,x) -> + (double_same_sign_real(round_double_logic(m,x),x) and double_overflow_value(m,round_double_logic(m,x))) axiom round_double3 : forall m:mode. forall x:real. @@ -405,8 +405,8 @@ double_is_finite(round_double_logic(m,x)) -> abs_real(double_value(round_double_logic(m,x))) <= max_double -axiom round_double_no_overflow : forall m:mode. forall x:real. - abs_real(x) <= max_double -> +axiom round_double_no_overflow : forall m:mode. forall x:real. + abs_real(x) <= max_double -> (double_is_finite(round_double_logic(m,x)) and double_value(round_double_logic(m,x)) = round_double(m,x)) @@ -422,26 +422,26 @@ double_value(round_double_logic(m,x)) < 0.0 and double_sign(round_double_logic(m,x)) = Negative - + (***************************************************) (************** axioms on gen_zero *****************) (***************************************************) axiom single_is_gen_zero_comp1 : forall x:single. forall y:single. - single_is_gen_zero(x) and single_value(x) = single_value(y) + single_is_gen_zero(x) and single_value(x) = single_value(y) and single_is_finite(y) -> single_is_gen_zero(y) -axiom single_is_gen_zero_comp2 : forall x:single. forall y:single. - single_is_finite(x) and not single_is_gen_zero(x) +axiom single_is_gen_zero_comp2 : forall x:single. forall y:single. + single_is_finite(x) and not single_is_gen_zero(x) and single_value(x) = single_value(y) -> not single_is_gen_zero(y) axiom double_is_gen_zero_comp1 : forall x:double. forall y:double. - double_is_gen_zero(x) and double_value(x) = double_value(y) + double_is_gen_zero(x) and double_value(x) = double_value(y) and double_is_finite(y) -> double_is_gen_zero(y) -axiom double_is_gen_zero_comp2 : forall x:double. forall y:double. - double_is_finite(x) and not double_is_gen_zero(x) +axiom double_is_gen_zero_comp2 : forall x:double. forall y:double. + double_is_finite(x) and not double_is_gen_zero(x) and double_value(x) = double_value(y) -> not double_is_gen_zero(y) @@ -456,307 +456,307 @@ { } single { (*result = single_round_logic(m,x) *) - (no_overflow_single(m,x) - -> (single_is_finite(result) and single_value(result) = round_single(m,x))) - and - (not no_overflow_single(m,x) + (no_overflow_single(m,x) + -> (single_is_finite(result) and single_value(result) = round_single(m,x))) + and + (not no_overflow_single(m,x) -> (single_same_sign_real(result,x) and single_overflow_value(m,result))) - and single_exact(result) = x + and single_exact(result) = x and single_model(result) = x } -parameter add_single : m:mode -> x:single -> y:single -> +parameter add_single : m:mode -> x:single -> y:single -> { } single { (single_is_NaN(x) or single_is_NaN(y) -> single_is_NaN(result)) - and - ((single_is_finite(x) and single_is_infinite(y)) + and + ((single_is_finite(x) and single_is_infinite(y)) -> (single_is_infinite(result) and single_same_sign(result,y))) - and + and ((single_is_infinite(x) and single_is_finite(y)) -> (single_is_infinite(result) and single_same_sign(result,x))) and - ((single_is_infinite(x) and single_is_infinite(y) and single_same_sign(x,y)) + ((single_is_infinite(x) and single_is_infinite(y) and single_same_sign(x,y)) -> (single_is_infinite(result) and single_same_sign(result,x))) and - ((single_is_infinite(x) and single_is_infinite(y) and single_diff_sign(x,y)) + ((single_is_infinite(x) and single_is_infinite(y) and single_diff_sign(x,y)) -> single_is_NaN(result)) - and - ((single_is_finite(x) and single_is_finite(y) - and no_overflow_single(m,single_value(x)+single_value(y))) + and + ((single_is_finite(x) and single_is_finite(y) + and no_overflow_single(m,single_value(x)+single_value(y))) -> (single_is_finite(result) and - single_value(result) = round_single(m,single_value(x)+single_value(y)) and + single_value(result) = round_single(m,single_value(x)+single_value(y)) and single_sign_zero_result(m,result))) - and - ((single_is_finite(x) and single_is_finite(y) - and not no_overflow_single(m,single_value(x)+single_value(y))) + and + ((single_is_finite(x) and single_is_finite(y) + and not no_overflow_single(m,single_value(x)+single_value(y))) -> (single_same_sign_real(result,single_value(x)+single_value(y)) and - single_overflow_value(m,result))) + single_overflow_value(m,result))) and - single_exact(result) = single_exact(x) + single_exact(y) and + single_exact(result) = single_exact(x) + single_exact(y) and single_model(result) = single_model(x) + single_model(y) } -parameter sub_single : m:mode -> x:single -> y:single -> +parameter sub_single : m:mode -> x:single -> y:single -> { } single { ((single_is_NaN(x) or single_is_NaN(y)) -> single_is_NaN(result)) - and - ((single_is_finite(x) and single_is_infinite(y)) + and + ((single_is_finite(x) and single_is_infinite(y)) -> (single_is_infinite(result) and single_diff_sign(result,y))) - and - ((single_is_infinite(x) and single_is_finite(y)) + and + ((single_is_infinite(x) and single_is_finite(y)) -> (single_is_infinite(result) and single_same_sign(result,x))) and - ((single_is_infinite(x) and single_is_infinite(y) and single_same_sign(x,y)) + ((single_is_infinite(x) and single_is_infinite(y) and single_same_sign(x,y)) -> single_is_NaN(result)) and - ((single_is_infinite(x) and single_is_infinite(y) and single_diff_sign(x,y)) + ((single_is_infinite(x) and single_is_infinite(y) and single_diff_sign(x,y)) -> (single_is_infinite(result) and single_same_sign(result,x))) - and - ((single_is_finite(x) and single_is_finite(y) - and no_overflow_single(m,single_value(x)-single_value(y))) + and + ((single_is_finite(x) and single_is_finite(y) + and no_overflow_single(m,single_value(x)-single_value(y))) -> (single_is_finite(result) and - single_value(result)= round_single(m,single_value(x)-single_value(y))and + single_value(result)= round_single(m,single_value(x)-single_value(y))and single_sign_zero_result(m,result))) - and - ((single_is_finite(x) and single_is_finite(y) - and not no_overflow_single(m,single_value(x)-single_value(y))) + and + ((single_is_finite(x) and single_is_finite(y) + and not no_overflow_single(m,single_value(x)-single_value(y))) -> (single_same_sign_real(result,single_value(x)-single_value(y)) and - single_overflow_value(m,result))) + single_overflow_value(m,result))) and - single_exact(result) = single_exact(x) - single_exact(y) and + single_exact(result) = single_exact(x) - single_exact(y) and single_model(result) = single_model(x) - single_model(y) } -parameter abs_single : m:mode -> x:single -> +parameter abs_single : m:mode -> x:single -> { } single { (single_is_NaN(x) -> single_is_NaN(result)) -and +and (single_is_infinite(x) -> single_is_infinite(result)) and (single_is_finite(x) -> (single_is_finite(result) and single_value(result)= abs_real(single_value(x)))) and - single_sign(result) = Positive and - single_exact(result) = abs_real(single_exact(x)) and + single_sign(result) = Positive and + single_exact(result) = abs_real(single_exact(x)) and single_model(result) = abs_real(single_model(x)) -} +} -parameter mul_single : m:mode -> x:single -> y:single -> +parameter mul_single : m:mode -> x:single -> y:single -> { } single { ((single_is_NaN(x) or single_is_NaN(y)) -> single_is_NaN(result)) -and +and ((single_is_gen_zero(x) and single_is_infinite(y)) -> single_is_NaN(result)) -and - ((single_is_finite(x) and single_is_infinite(y) and single_value(x) <> 0.0) +and + ((single_is_finite(x) and single_is_infinite(y) and single_value(x) <> 0.0) -> single_is_infinite(result)) -and +and ((single_is_infinite(x) and single_is_gen_zero(y)) -> single_is_NaN(result)) and - ((single_is_infinite(x) and single_is_finite(y) and single_value(y) <> 0.0) + ((single_is_infinite(x) and single_is_finite(y) and single_value(y) <> 0.0) -> single_is_infinite(result)) and ((single_is_infinite(x) and single_is_infinite(y)) -> single_is_infinite(result)) -and - ((single_is_finite(x) and single_is_finite(y) - and no_overflow_single(m,single_value(x)*single_value(y))) +and + ((single_is_finite(x) and single_is_finite(y) + and no_overflow_single(m,single_value(x)*single_value(y))) -> (single_is_finite(result) and single_value(result) = round_single(m,single_value(x) * single_value(y)))) -and - ((single_is_finite(x) and single_is_finite(y) - and not no_overflow_single(m,single_value(x)*single_value(y))) - -> (single_overflow_value(m,result))) and - single_product_sign(result,x,y) + ((single_is_finite(x) and single_is_finite(y) + and not no_overflow_single(m,single_value(x)*single_value(y))) + -> (single_overflow_value(m,result))) +and + single_product_sign(result,x,y) and - single_exact(result) = single_exact(x) * single_exact(y) and + single_exact(result) = single_exact(x) * single_exact(y) and single_model(result) = single_model(x) * single_model(y) } -parameter div_single : m:mode -> x:single -> y:single -> +parameter div_single : m:mode -> x:single -> y:single -> { } single { ((single_is_NaN(x) or single_is_NaN(y)) -> single_is_NaN(result)) -and +and ((single_is_finite(x) and single_is_infinite(y)) -> single_is_gen_zero(result)) -and +and ((single_is_infinite(x) and single_is_finite(y)) -> single_is_infinite(result)) and ((single_is_infinite(x) and single_is_infinite(y)) -> single_is_NaN(result)) -and - ((single_is_finite(x) and single_is_finite(y) and single_value(y) <> 0.0 and - no_overflow_single(m,single_value(x)/single_value(y))) +and + ((single_is_finite(x) and single_is_finite(y) and single_value(y) <> 0.0 and + no_overflow_single(m,single_value(x)/single_value(y))) -> (single_is_finite(result) and single_value(result)= round_single(m,single_value(x)/single_value(y)))) -and - ((single_is_finite(x) and single_is_finite(y) and single_value(y) <> 0.0 and - not no_overflow_single(m,single_value(x)/single_value(y))) - -> single_overflow_value(m,result)) -and - ((single_is_finite(x) and single_is_gen_zero(y) and single_value(x) <> 0.0) +and + ((single_is_finite(x) and single_is_finite(y) and single_value(y) <> 0.0 and + not no_overflow_single(m,single_value(x)/single_value(y))) + -> single_overflow_value(m,result)) +and + ((single_is_finite(x) and single_is_gen_zero(y) and single_value(x) <> 0.0) -> single_is_infinite(result)) -and +and ((single_is_gen_zero(x) and single_is_gen_zero(y)) -> single_is_NaN(result)) and - single_product_sign(result,x,y) + single_product_sign(result,x,y) and - single_exact(result) = single_exact(x)/single_exact(y) and + single_exact(result) = single_exact(x)/single_exact(y) and single_model(result) = single_model(x)/single_model(y) } -parameter sqrt_single : m:mode -> x:single -> +parameter sqrt_single : m:mode -> x:single -> { } single { (single_is_NaN(x) -> single_is_NaN(result)) -and +and (single_is_minus_infinity(x) -> single_is_NaN(result)) -and +and (single_is_plus_infinity(x) -> single_is_infinite(result)) -and +and ((single_is_finite(x) and single_value(x)< 0.0) -> single_is_NaN(result)) -and - (single_is_finite(x) and single_value(x) >= 0.0 - -> (single_is_finite(result) and +and + (single_is_finite(x) and single_value(x) >= 0.0 + -> (single_is_finite(result) and single_value(result)= round_single(m,sqrt_real(single_value(x))))) -and +and (* not always positive because sqrt(-0) = -0 *) - single_same_sign(result,x) -and - single_exact(result) = sqrt_real(single_exact(x)) and + single_same_sign(result,x) +and + single_exact(result) = sqrt_real(single_exact(x)) and single_model(result) = sqrt_real(single_model(x)) } - -parameter neg_single : x:single -> + +parameter neg_single : x:single -> { } single { (single_is_NaN(x) -> single_is_NaN(result)) -and +and (single_is_infinite(x) -> single_is_infinite(result)) -and - (single_is_finite(x) - -> (single_is_finite(result) and +and + (single_is_finite(x) + -> (single_is_finite(result) and single_value(result) = neg_real(single_value(x)))) and - single_diff_sign(result,x) + single_diff_sign(result,x) and - single_exact(result) = neg_real(single_exact(x)) and + single_exact(result) = neg_real(single_exact(x)) and single_model(result) = neg_real(single_model(x)) } -parameter lt_single : x:single -> y:single -> +parameter lt_single : x:single -> y:single -> { } bool -{ -if result then -single_is_not_NaN(x) and single_is_not_NaN(y) and +{ +if result then +single_is_not_NaN(x) and single_is_not_NaN(y) and (single_is_finite(x) and single_is_finite(y) and single_value(x) < single_value(y)) - or + or (single_is_minus_infinity(x) and single_is_plus_infinity(y)) or (single_is_minus_infinity(x) and single_is_finite(y)) - or + or (single_is_finite(x) and single_is_plus_infinity(y)) else (single_is_NaN(x) or single_is_NaN(y) - or + or (single_is_finite(x) and single_is_finite(y) and single_value(x) >= single_value(y)) - or - single_is_plus_infinity(x) - or + or + single_is_plus_infinity(x) + or single_is_minus_infinity(y)) } -parameter le_single : x:single -> y:single -> -{ } +parameter le_single : x:single -> y:single -> +{ } bool { ((single_is_NaN(x) or single_is_NaN(y)) -> result = false) and - ((single_is_finite(x) and single_is_infinite(y)) - -> if result then single_sign(y) = Positive + ((single_is_finite(x) and single_is_infinite(y)) + -> if result then single_sign(y) = Positive else single_sign(y) = Negative) -and - ((single_is_infinite(x) and single_is_finite(y)) +and + ((single_is_infinite(x) and single_is_finite(y)) -> if result then single_sign(x) = Negative else single_sign(x) = Positive) and ((single_is_infinite(x) and single_is_infinite(y)) -> - if result then (single_sign(x)= Negative or - single_sign(y)= Positive) - else (single_sign(x)= Positive and + if result then (single_sign(x)= Negative or + single_sign(y)= Positive) + else (single_sign(x)= Positive and single_sign(y)= Negative)) and - ((single_is_finite(x) and single_is_finite(y)) - -> if result then single_value(x) <= single_value(y) + ((single_is_finite(x) and single_is_finite(y)) + -> if result then single_value(x) <= single_value(y) else single_value(x) > single_value(y)) } -parameter gt_single : x:single -> y:single -> +parameter gt_single : x:single -> y:single -> { } bool -{ -if result then single_is_not_NaN(x) and single_is_not_NaN(y) and +{ +if result then single_is_not_NaN(x) and single_is_not_NaN(y) and (single_is_finite(x) and single_is_finite(y) and single_value(x) > single_value(y)) - or + or (single_is_plus_infinity(x) and single_is_minus_infinity(y)) or (single_is_plus_infinity(x) and single_is_finite(y)) - or + or (single_is_finite(x) and single_is_minus_infinity(y)) else (single_is_NaN(x) or single_is_NaN(y) - or + or (single_is_finite(x) and single_is_finite(y) and single_value(x) <= single_value(y)) - or - single_is_minus_infinity(x) - or + or + single_is_minus_infinity(x) + or single_is_plus_infinity(y)) } -parameter ge_single : x:single -> y:single -> +parameter ge_single : x:single -> y:single -> {} bool { ((single_is_NaN(x) or single_is_NaN(y)) -> result = false) and - ((single_is_finite(x) and single_is_infinite(y)) - -> if result then single_sign(y)= Negative + ((single_is_finite(x) and single_is_infinite(y)) + -> if result then single_sign(y)= Negative else single_sign(y)= Positive) -and - ((single_is_infinite(x) and single_is_finite(y)) +and + ((single_is_infinite(x) and single_is_finite(y)) -> if result then single_sign(x)= Positive else single_sign(x)= Negative) and - ((single_is_infinite(x) and single_is_infinite(y)) + ((single_is_infinite(x) and single_is_infinite(y)) -> if result then (single_sign(x)= Positive or single_sign(y)= Negative) else (single_sign(x)= Negative and single_sign(y)= Positive)) and - ((single_is_finite(x) and single_is_finite(y)) - -> if result then single_value(x) >= single_value(y) + ((single_is_finite(x) and single_is_finite(y)) + -> if result then single_value(x) >= single_value(y) else single_value(x) < single_value(y)) } @@ -764,40 +764,40 @@ parameter eq_single : -x:single -> y:single -> +x:single -> y:single -> { } bool { ((single_is_NaN(x) or single_is_NaN(y)) -> result = false) and ((single_is_finite(x) and single_is_infinite(y)) -> result = false) -and +and ((single_is_infinite(x) and single_is_finite(y)) -> result = false) and - ((single_is_infinite(x) and single_is_infinite(y)) + ((single_is_infinite(x) and single_is_infinite(y)) -> if result then single_same_sign(x,y) else single_diff_sign(x,y)) and - ((single_is_finite(x) and single_is_finite(y)) - -> if result then single_value(x) = single_value(y) + ((single_is_finite(x) and single_is_finite(y)) + -> if result then single_value(x) = single_value(y) else single_value(x) <> single_value(y)) } parameter neq_single : -x:single -> y:single -> +x:single -> y:single -> { } bool { ((single_is_NaN(x) or single_is_NaN(y)) -> result = true) and ((single_is_finite(x) and single_is_infinite(y)) -> result = true) -and +and ((single_is_infinite(x) and single_is_finite(y)) -> result = true) and - ((single_is_infinite(x) and single_is_infinite(y)) + ((single_is_infinite(x) and single_is_infinite(y)) -> if result then single_diff_sign(x,y) else single_same_sign(x,y)) and - ((single_is_finite(x) and single_is_finite(y)) - -> if result then single_value(x) <> single_value(y) + ((single_is_finite(x) and single_is_finite(y)) + -> if result then single_value(x) <> single_value(y) else single_value(x) = single_value(y)) } @@ -809,12 +809,12 @@ { } double { (*result = double_round_logic(m,x) *) - (no_overflow_double(m,x) - -> (double_is_finite(result) and double_value(result) = round_double(m,x))) - and - (not no_overflow_double(m,x) + (no_overflow_double(m,x) + -> (double_is_finite(result) and double_value(result) = round_double(m,x))) + and + (not no_overflow_double(m,x) -> (double_same_sign_real(result,x) and double_overflow_value(m,result))) - and double_exact(result) = x + and double_exact(result) = x and double_model(result) = x } @@ -841,344 +841,344 @@ -parameter add_double : m:mode -> x:double -> y:double -> +parameter add_double : m:mode -> x:double -> y:double -> { } double { (double_is_NaN(x) or double_is_NaN(y) -> double_is_NaN(result)) - and - ((double_is_finite(x) and double_is_infinite(y)) + and + ((double_is_finite(x) and double_is_infinite(y)) -> (double_is_infinite(result) and double_same_sign(result,y))) - and + and ((double_is_infinite(x) and double_is_finite(y)) -> (double_is_infinite(result) and double_same_sign(result,x))) and - ((double_is_infinite(x) and double_is_infinite(y) and double_same_sign(x,y)) + ((double_is_infinite(x) and double_is_infinite(y) and double_same_sign(x,y)) -> (double_is_infinite(result) and double_same_sign(result,x))) and - ((double_is_infinite(x) and double_is_infinite(y) and double_diff_sign(x,y)) + ((double_is_infinite(x) and double_is_infinite(y) and double_diff_sign(x,y)) -> double_is_NaN(result)) - and - ((double_is_finite(x) and double_is_finite(y) - and no_overflow_double(m,double_value(x)+double_value(y))) + and + ((double_is_finite(x) and double_is_finite(y) + and no_overflow_double(m,double_value(x)+double_value(y))) -> (double_is_finite(result) and - double_value(result) = round_double(m,double_value(x)+double_value(y)) and + double_value(result) = round_double(m,double_value(x)+double_value(y)) and double_sign_zero_result(m,result))) - and - ((double_is_finite(x) and double_is_finite(y) - and not no_overflow_double(m,double_value(x)+double_value(y))) + and + ((double_is_finite(x) and double_is_finite(y) + and not no_overflow_double(m,double_value(x)+double_value(y))) -> (double_same_sign_real(result,double_value(x)+double_value(y)) and - double_overflow_value(m,result))) + double_overflow_value(m,result))) and - double_exact(result) = double_exact(x) + double_exact(y) and + double_exact(result) = double_exact(x) + double_exact(y) and double_model(result) = double_model(x) + double_model(y) } -parameter sub_double : m:mode -> x:double -> y:double -> +parameter sub_double : m:mode -> x:double -> y:double -> { } double { ((double_is_NaN(x) or double_is_NaN(y)) -> double_is_NaN(result)) - and - ((double_is_finite(x) and double_is_infinite(y)) + and + ((double_is_finite(x) and double_is_infinite(y)) -> (double_is_infinite(result) and double_diff_sign(result,y))) - and - ((double_is_infinite(x) and double_is_finite(y)) + and + ((double_is_infinite(x) and double_is_finite(y)) -> (double_is_infinite(result) and double_same_sign(result,x))) and - ((double_is_infinite(x) and double_is_infinite(y) and double_same_sign(x,y)) + ((double_is_infinite(x) and double_is_infinite(y) and double_same_sign(x,y)) -> double_is_NaN(result)) and - ((double_is_infinite(x) and double_is_infinite(y) and double_diff_sign(x,y)) + ((double_is_infinite(x) and double_is_infinite(y) and double_diff_sign(x,y)) -> (double_is_infinite(result) and double_same_sign(result,x))) - and - ((double_is_finite(x) and double_is_finite(y) - and no_overflow_double(m,double_value(x)-double_value(y))) + and + ((double_is_finite(x) and double_is_finite(y) + and no_overflow_double(m,double_value(x)-double_value(y))) -> (double_is_finite(result) and - double_value(result)= round_double(m,double_value(x)-double_value(y))and + double_value(result)= round_double(m,double_value(x)-double_value(y))and double_sign_zero_result(m,result))) - and - ((double_is_finite(x) and double_is_finite(y) - and not no_overflow_double(m,double_value(x)-double_value(y))) + and + ((double_is_finite(x) and double_is_finite(y) + and not no_overflow_double(m,double_value(x)-double_value(y))) -> (double_same_sign_real(result,double_value(x)-double_value(y)) and - double_overflow_value(m,result))) + double_overflow_value(m,result))) and - double_exact(result) = double_exact(x) - double_exact(y) and + double_exact(result) = double_exact(x) - double_exact(y) and double_model(result) = double_model(x) - double_model(y) } -parameter abs_double : m:mode -> x:double -> +parameter abs_double : m:mode -> x:double -> { } double { (double_is_NaN(x) -> double_is_NaN(result)) -and +and (double_is_infinite(x) -> double_is_infinite(result)) and (double_is_finite(x) -> (double_is_finite(result) and double_value(result)= abs_real(double_value(x)))) and - double_sign(result) = Positive and - double_exact(result) = abs_real(double_exact(x)) and + double_sign(result) = Positive and + double_exact(result) = abs_real(double_exact(x)) and double_model(result) = abs_real(double_model(x)) -} +} -parameter mul_double : m:mode -> x:double -> y:double -> +parameter mul_double : m:mode -> x:double -> y:double -> { } double { ((double_is_NaN(x) or double_is_NaN(y)) -> double_is_NaN(result)) -and +and ((double_is_gen_zero(x) and double_is_infinite(y)) -> double_is_NaN(result)) -and - ((double_is_finite(x) and double_is_infinite(y) and double_value(x) <> 0.0) +and + ((double_is_finite(x) and double_is_infinite(y) and double_value(x) <> 0.0) -> double_is_infinite(result)) -and +and ((double_is_infinite(x) and double_is_gen_zero(y)) -> double_is_NaN(result)) and - ((double_is_infinite(x) and double_is_finite(y) and double_value(y) <> 0.0) + ((double_is_infinite(x) and double_is_finite(y) and double_value(y) <> 0.0) -> double_is_infinite(result)) and ((double_is_infinite(x) and double_is_infinite(y)) -> double_is_infinite(result)) -and - ((double_is_finite(x) and double_is_finite(y) - and no_overflow_double(m,double_value(x)*double_value(y))) +and + ((double_is_finite(x) and double_is_finite(y) + and no_overflow_double(m,double_value(x)*double_value(y))) -> (double_is_finite(result) and double_value(result) = round_double(m,double_value(x) * double_value(y)))) -and - ((double_is_finite(x) and double_is_finite(y) - and not no_overflow_double(m,double_value(x)*double_value(y))) - -> (double_overflow_value(m,result))) and - double_product_sign(result,x,y) + ((double_is_finite(x) and double_is_finite(y) + and not no_overflow_double(m,double_value(x)*double_value(y))) + -> (double_overflow_value(m,result))) +and + double_product_sign(result,x,y) and - double_exact(result) = double_exact(x) * double_exact(y) and + double_exact(result) = double_exact(x) * double_exact(y) and double_model(result) = double_model(x) * double_model(y) } -parameter div_double : m:mode -> x:double -> y:double -> +parameter div_double : m:mode -> x:double -> y:double -> { } double { ((double_is_NaN(x) or double_is_NaN(y)) -> double_is_NaN(result)) -and +and ((double_is_finite(x) and double_is_infinite(y)) -> double_is_gen_zero(result)) -and +and ((double_is_infinite(x) and double_is_finite(y)) -> double_is_infinite(result)) and ((double_is_infinite(x) and double_is_infinite(y)) -> double_is_NaN(result)) -and - ((double_is_finite(x) and double_is_finite(y) and double_value(y) <> 0.0 and - no_overflow_double(m,double_value(x)/double_value(y))) +and + ((double_is_finite(x) and double_is_finite(y) and double_value(y) <> 0.0 and + no_overflow_double(m,double_value(x)/double_value(y))) -> (double_is_finite(result) and double_value(result)= round_double(m,double_value(x)/double_value(y)))) -and - ((double_is_finite(x) and double_is_finite(y) and double_value(y) <> 0.0 and - not no_overflow_double(m,double_value(x)/double_value(y))) - -> double_overflow_value(m,result)) -and - ((double_is_finite(x) and double_is_gen_zero(y) and double_value(x) <> 0.0) +and + ((double_is_finite(x) and double_is_finite(y) and double_value(y) <> 0.0 and + not no_overflow_double(m,double_value(x)/double_value(y))) + -> double_overflow_value(m,result)) +and + ((double_is_finite(x) and double_is_gen_zero(y) and double_value(x) <> 0.0) -> double_is_infinite(result)) -and +and ((double_is_gen_zero(x) and double_is_gen_zero(y)) -> double_is_NaN(result)) and - double_product_sign(result,x,y) + double_product_sign(result,x,y) and - double_exact(result) = double_exact(x)/double_exact(y) and + double_exact(result) = double_exact(x)/double_exact(y) and double_model(result) = double_model(x)/double_model(y) } -parameter sqrt_double : m:mode -> x:double -> +parameter sqrt_double : m:mode -> x:double -> { } double { (double_is_NaN(x) -> double_is_NaN(result)) -and +and (double_is_minus_infinity(x) -> double_is_NaN(result)) -and +and (double_is_plus_infinity(x) -> double_is_infinite(result)) -and +and ((double_is_finite(x) and double_value(x)< 0.0) -> double_is_NaN(result)) -and - (double_is_finite(x) and double_value(x) >= 0.0 - -> (double_is_finite(result) and +and + (double_is_finite(x) and double_value(x) >= 0.0 + -> (double_is_finite(result) and double_value(result)= round_double(m,sqrt_real(double_value(x))))) -and +and (* not always positive because sqrt(-0) = -0 *) - double_same_sign(result,x) -and - double_exact(result) = sqrt_real(double_exact(x)) and + double_same_sign(result,x) +and + double_exact(result) = sqrt_real(double_exact(x)) and double_model(result) = sqrt_real(double_model(x)) } - -parameter neg_double : x:double -> + +parameter neg_double : x:double -> { } double { (double_is_NaN(x) -> double_is_NaN(result)) -and +and (double_is_infinite(x) -> double_is_infinite(result)) -and - (double_is_finite(x) - -> (double_is_finite(result) and +and + (double_is_finite(x) + -> (double_is_finite(result) and double_value(result) = neg_real(double_value(x)))) and - double_diff_sign(result,x) + double_diff_sign(result,x) and - double_exact(result) = neg_real(double_exact(x)) and + double_exact(result) = neg_real(double_exact(x)) and double_model(result) = neg_real(double_model(x)) } -parameter lt_double : x:double -> y:double -> +parameter lt_double_ : x:double -> y:double -> { } bool -{ -if result then lt_double(x,y) else not lt_double(x,y) +{ +if result then lt_double_full(x,y) else not lt_double_full(x,y) (* -double_is_not_NaN(x) and double_is_not_NaN(y) and +double_is_not_NaN(x) and double_is_not_NaN(y) and (double_is_finite(x) and double_is_finite(y) and double_value(x) < double_value(y)) - or + or (double_is_minus_infinity(x) and double_is_plus_infinity(y)) or (double_is_minus_infinity(x) and double_is_finite(y)) - or + or (double_is_finite(x) and double_is_plus_infinity(y)) else (double_is_NaN(x) or double_is_NaN(y) - or + or (double_is_finite(x) and double_is_finite(y) and double_value(x) >= double_value(y)) - or - double_is_plus_infinity(x) - or + or + double_is_plus_infinity(x) + or double_is_minus_infinity(y)) *) } -parameter le_double : x:double -> y:double -> -{ } +parameter le_double_ : x:double -> y:double -> +{ } bool { ((double_is_NaN(x) or double_is_NaN(y)) -> result = false) and - ((double_is_finite(x) and double_is_infinite(y)) - -> if result then double_sign(y) = Positive + ((double_is_finite(x) and double_is_infinite(y)) + -> if result then double_sign(y) = Positive else double_sign(y) = Negative) -and - ((double_is_infinite(x) and double_is_finite(y)) +and + ((double_is_infinite(x) and double_is_finite(y)) -> if result then double_sign(x) = Negative else double_sign(x) = Positive) and ((double_is_infinite(x) and double_is_infinite(y)) -> - if result then (double_sign(x)= Negative or - double_sign(y)= Positive) - else (double_sign(x)= Positive and + if result then (double_sign(x)= Negative or + double_sign(y)= Positive) + else (double_sign(x)= Positive and double_sign(y)= Negative)) and - ((double_is_finite(x) and double_is_finite(y)) - -> if result then double_value(x) <= double_value(y) + ((double_is_finite(x) and double_is_finite(y)) + -> if result then double_value(x) <= double_value(y) else double_value(x) > double_value(y)) } -parameter gt_double : x:double -> y:double -> +parameter gt_double_ : x:double -> y:double -> { } bool -{ -if result then gt_double(x,y) else not gt_double(x,y) - +{ +if result then gt_double_full(x,y) else not gt_double_full(x,y) + (* -double_is_not_NaN(x) and double_is_not_NaN(y) and +double_is_not_NaN(x) and double_is_not_NaN(y) and (double_is_finite(x) and double_is_finite(y) and double_value(x) > double_value(y)) - or + or (double_is_plus_infinity(x) and double_is_minus_infinity(y)) or (double_is_plus_infinity(x) and double_is_finite(y)) - or + or (double_is_finite(x) and double_is_minus_infinity(y)) else (double_is_NaN(x) or double_is_NaN(y) - or + or (double_is_finite(x) and double_is_finite(y) and double_value(x) <= double_value(y)) - or - double_is_minus_infinity(x) - or + or + double_is_minus_infinity(x) + or double_is_plus_infinity(y)) *) } -parameter ge_double : x:double -> y:double -> +parameter ge_double_ : x:double -> y:double -> {} bool { ((double_is_NaN(x) or double_is_NaN(y)) -> result = false) and - ((double_is_finite(x) and double_is_infinite(y)) - -> if result then double_sign(y)= Negative + ((double_is_finite(x) and double_is_infinite(y)) + -> if result then double_sign(y)= Negative else double_sign(y)= Positive) -and - ((double_is_infinite(x) and double_is_finite(y)) +and + ((double_is_infinite(x) and double_is_finite(y)) -> if result then double_sign(x)= Positive else double_sign(x)= Negative) and - ((double_is_infinite(x) and double_is_infinite(y)) + ((double_is_infinite(x) and double_is_infinite(y)) -> if result then (double_sign(x)= Positive or double_sign(y)= Negative) else (double_sign(x)= Negative and double_sign(y)= Positive)) and - ((double_is_finite(x) and double_is_finite(y)) - -> if result then double_value(x) >= double_value(y) + ((double_is_finite(x) and double_is_finite(y)) + -> if result then double_value(x) >= double_value(y) else double_value(x) < double_value(y)) } -parameter eq_double : -x:double -> y:double -> +parameter eq_double_ : +x:double -> y:double -> { } bool { ((double_is_NaN(x) or double_is_NaN(y)) -> result = false) and ((double_is_finite(x) and double_is_infinite(y)) -> result = false) -and +and ((double_is_infinite(x) and double_is_finite(y)) -> result = false) and - ((double_is_infinite(x) and double_is_infinite(y)) + ((double_is_infinite(x) and double_is_infinite(y)) -> if result then double_same_sign(x,y) else double_diff_sign(x,y)) and - ((double_is_finite(x) and double_is_finite(y)) - -> if result then double_value(x) = double_value(y) + ((double_is_finite(x) and double_is_finite(y)) + -> if result then double_value(x) = double_value(y) else double_value(x) <> double_value(y)) } -parameter neq_double : -x:double -> y:double -> +parameter neq_double_ : +x:double -> y:double -> { } bool { ((double_is_NaN(x) or double_is_NaN(y)) -> result = true) and ((double_is_finite(x) and double_is_infinite(y)) -> result = true) -and +and ((double_is_infinite(x) and double_is_finite(y)) -> result = true) and - ((double_is_infinite(x) and double_is_infinite(y)) + ((double_is_infinite(x) and double_is_infinite(y)) -> if result then double_diff_sign(x,y) else double_same_sign(x,y)) and - ((double_is_finite(x) and double_is_finite(y)) - -> if result then double_value(x) <> double_value(y) + ((double_is_finite(x) and double_is_finite(y)) + -> if result then double_value(x) <> double_value(y) else double_value(x) = double_value(y)) } diff -Nru why-2.29+dfsg/lib/why/floats_multi_rounding.why why-2.30+dfsg/lib/why/floats_multi_rounding.why --- why-2.29+dfsg/lib/why/floats_multi_rounding.why 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/lib/why/floats_multi_rounding.why 2011-10-24 15:21:06.000000000 +0000 @@ -397,32 +397,32 @@ (******** comparisons of doubles in the code ********) (***************************************************) -parameter lt_double : +parameter lt_double_ : x:double -> y:double -> {} bool { if result then double_value(x) < double_value(y) else double_value(x) >= double_value(y) } -parameter le_double : +parameter le_double_ : x:double -> y:double -> {} bool { if result then double_value(x) <= double_value(y) else double_value(x) > double_value(y) } -parameter gt_double : +parameter gt_double_ : x:double -> y:double -> {} bool { if result then double_value(x) > double_value(y) else double_value(x) <= double_value(y) } -parameter ge_double : +parameter ge_double_ : x:double -> y:double -> {} bool { if result then double_value(x) >= double_value(y) else double_value(x) < double_value(y) } -parameter eq_double : +parameter eq_double_ : x:double -> y:double -> {} bool { if result then double_value(x) = double_value(y) else double_value(x) <> double_value(y) } -parameter neq_double : +parameter neq_double_ : x:double -> y:double -> {} bool { if result then double_value(x) <> double_value(y) else double_value(x) = double_value(y) } diff -Nru why-2.29+dfsg/lib/why/floats_strict.why why-2.30+dfsg/lib/why/floats_strict.why --- why-2.29+dfsg/lib/why/floats_strict.why 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/lib/why/floats_strict.why 2011-10-24 15:21:06.000000000 +0000 @@ -6,8 +6,11 @@ include "floats_common.why" +axiom single_value_is_bounded: + forall x:single. abs_real(single_value(x)) <= max_single - +axiom double_value_is_bounded: + forall x:double. abs_real(double_value(x)) <= max_double (* Specification of operations in single precision *) predicate single_of_real_post(m:mode,x:real,res:single) = @@ -17,6 +20,13 @@ and single_model(res) = x +predicate single_of_double_post(m:mode,x:double,res:single) = + single_value(res) = round_single(m, double_value(x)) + and + single_exact(res) = double_exact(x) + and + single_model(res) = double_model(x) + predicate add_single_post(m:mode,x:single,y:single,res:single) = single_value(res) = round_single(m,single_value(x) + single_value(y)) and @@ -75,6 +85,13 @@ and double_model(res) = x +predicate double_of_single_post(x:single,res:double) = + double_value(res) = single_value(x) + and + double_exact(res) = single_exact(x) + and + double_model(res) = single_model(x) + predicate add_double_post(m:mode,x:double,y:double,res:double) = double_value(res) = round_double(m,double_value(x) + double_value(y)) and @@ -134,8 +151,7 @@ parameter single_of_real_safe : m:mode -> x:real -> { } single - { no_overflow_single(m,x) and - single_of_real_post(m,x,result) } + { single_of_real_post(m,x,result) } parameter single_of_real_exact : x:real -> { } single @@ -143,6 +159,15 @@ single_exact(result) = x and single_model(result) = x } +parameter single_of_double : m:mode -> x:double -> + { no_overflow_single(m, double_value(x)) } + single + { single_of_double_post(m,x,result) } +parameter single_of_double_safe : m:mode -> x:double -> + { } + single + { single_of_double_post(m,x,result) } + parameter add_single : m:mode -> x:single -> y:single -> { no_overflow_single(m,single_value(x) + single_value(y)) } single @@ -150,8 +175,7 @@ parameter add_single_safe : m:mode -> x:single -> y:single -> { } single - { no_overflow_single(m,single_value(x) + single_value(y)) and - add_single_post(m,x,y,result) } + { add_single_post(m,x,y,result) } parameter sub_single : m:mode -> x:single -> y:single -> { no_overflow_single(m,single_value(x) - single_value(y)) } @@ -160,8 +184,7 @@ parameter sub_single_safe : m:mode -> x:single -> y:single -> { } single - { no_overflow_single(m,single_value(x) - single_value(y)) and - sub_single_post(m,x,y,result) } + { sub_single_post(m,x,y,result) } parameter mul_single : m:mode -> x:single -> y:single -> { no_overflow_single(m,single_value(x) * single_value(y)) } @@ -170,8 +193,7 @@ parameter mul_single_safe : m:mode -> x:single -> y:single -> { } single - { no_overflow_single(m,single_value(x) * single_value(y)) and - mul_single_post(m,x,y,result) } + { mul_single_post(m,x,y,result) } parameter div_single : m:mode -> x:single -> y:single -> { single_value(y) <> 0.0 @@ -183,7 +205,6 @@ { } single { single_value(y) <> 0.0 and - no_overflow_single(m,single_value(x) / single_value(y)) and div_single_post(m,x,y,result) } parameter sqrt_single : m:mode -> x:single -> @@ -213,8 +234,7 @@ parameter double_of_real_safe : m:mode -> x:real -> { } double - { no_overflow_double(m,x) and - double_of_real_post(m,x,result) } + { double_of_real_post(m,x,result) } parameter double_of_real_exact : x:real -> { } double @@ -222,6 +242,11 @@ double_exact(result) = x and double_model(result) = x } +parameter double_of_single : x:single -> + { } + double + { double_of_single_post(x,result) } + parameter add_double : m:mode -> x:double -> y:double -> { no_overflow_double(m,double_value(x) + double_value(y)) } double @@ -229,8 +254,7 @@ parameter add_double_safe : m:mode -> x:double -> y:double -> { } double - { no_overflow_double(m,double_value(x) + double_value(y)) and - add_double_post(m,x,y,result) } + { add_double_post(m,x,y,result) } parameter sub_double : m:mode -> x:double -> y:double -> { no_overflow_double(m,double_value(x) - double_value(y)) } @@ -239,8 +263,7 @@ parameter sub_double_safe : m:mode -> x:double -> y:double -> { } double - { no_overflow_double(m,double_value(x) - double_value(y)) and - sub_double_post(m,x,y,result) } + { sub_double_post(m,x,y,result) } parameter mul_double : m:mode -> x:double -> y:double -> { no_overflow_double(m,double_value(x) * double_value(y)) } @@ -249,8 +272,7 @@ parameter mul_double_safe : m:mode -> x:double -> y:double -> { } double - { no_overflow_double(m,double_value(x) * double_value(y)) and - mul_double_post(m,x,y,result) } + { mul_double_post(m,x,y,result) } parameter div_double : m:mode -> x:double -> y:double -> { double_value(y) <> 0.0 @@ -262,7 +284,6 @@ { } double { double_value(y) <> 0.0 and - no_overflow_double(m,double_value(x) / double_value(y)) and div_double_post(m,x,y,result) } parameter sqrt_double : m:mode -> x:double -> @@ -286,43 +307,43 @@ (* Comparisons in single precision *) -parameter lt_single : x:single -> y:single -> +parameter lt_single_ : x:single -> y:single -> {} bool { if result then single_value(x) < single_value(y) else single_value(x) >= single_value(y) } -parameter le_single : x:single -> y:single -> +parameter le_single_ : x:single -> y:single -> {} bool { if result then single_value(x) <= single_value(y) else single_value(x) > single_value(y) } -parameter gt_single : x:single -> y:single -> +parameter gt_single_ : x:single -> y:single -> {} bool { if result then single_value(x) > single_value(y) else single_value(x) <= single_value(y) } -parameter ge_single : x:single -> y:single -> +parameter ge_single_ : x:single -> y:single -> {} bool { if result then single_value(x) >= single_value(y) else single_value(x) < single_value(y) } -parameter eq_single : x:single -> y:single -> +parameter eq_single_ : x:single -> y:single -> {} bool { if result then single_value(x) = single_value(y) else single_value(x) <> single_value(y) } -parameter ne_single : x:single -> y:single -> +parameter ne_single_ : x:single -> y:single -> {} bool { if result then single_value(x) <> single_value(y) else single_value(x) = single_value(y) } (* Comparisons in double precision *) -parameter lt_double : x:double -> y:double -> +parameter lt_double_ : x:double -> y:double -> {} bool { if result then double_value(x) < double_value(y) else double_value(x) >= double_value(y) } -parameter le_double : x:double -> y:double -> +parameter le_double_ : x:double -> y:double -> {} bool { if result then double_value(x) <= double_value(y) else double_value(x) > double_value(y) } -parameter gt_double : x:double -> y:double -> +parameter gt_double_ : x:double -> y:double -> {} bool { if result then double_value(x) > double_value(y) else double_value(x) <= double_value(y) } -parameter ge_double : x:double -> y:double -> +parameter ge_double_ : x:double -> y:double -> {} bool { if result then double_value(x) >= double_value(y) else double_value(x) < double_value(y) } -parameter eq_double : x:double -> y:double -> +parameter eq_double_ : x:double -> y:double -> {} bool { if result then double_value(x) = double_value(y) else double_value(x) <> double_value(y) } -parameter ne_double : x:double -> y:double -> +parameter ne_double_ : x:double -> y:double -> {} bool { if result then double_value(x) <> double_value(y) else double_value(x) = double_value(y) } diff -Nru why-2.29+dfsg/lib/why3/jessie3.mlw why-2.30+dfsg/lib/why3/jessie3.mlw --- why-2.29+dfsg/lib/why3/jessie3.mlw 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/lib/why3/jessie3.mlw 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,599 @@ + +module JessieDivision + +use import int.Int +use import int.ComputerDivision + +val computer_div_ (x:int) (y:int) : + { y<>0 } int { result = div x y } + +val computer_mod_ (x:int) (y:int) : + { y<>0 } int { result = mod x y } + +use import real.Real + +val div_real_ (x:real) (y:real) : + { y<>0.0 } real { result = Real.(/) x y } + +end + +module JessieFloats + +use import real.Real +use import floating_point.Rounding +use import floating_point.Single +use import floating_point.Double + +(* Specification of operations in single precision *) + +predicate single_of_double_post (m:mode) (x:double) (res:single) = + Single.value res = Single.round m (Double.value x) /\ + Single.exact res = Double.exact x /\ + Single.model res = Double.model x + +predicate neg_single_post (x res:single) = + Single.value res = - Single.value x /\ + Single.exact res = - Single.exact x /\ + Single.model res = - Single.model x + +predicate add_single_post (m:mode) (x y res:single) = + Single.value res = Single.round m (Single.value x + Single.value y) /\ + Single.exact res = Single.exact x + Single.exact y /\ + Single.model res = Single.model x + Single.model y + +predicate sub_single_post (m:mode) (x y res:single) = + Single.value res = Single.round m (Single.value x - Single.value y) /\ + Single.exact res = Single.exact x - Single.exact y /\ + Single.model res = Single.model x - Single.model y + +predicate mul_single_post (m:mode) (x y res:single) = + Single.value res = Single.round m (Single.value x * Single.value y) /\ + Single.exact res = Single.exact x * Single.exact y /\ + Single.model res = Single.model x * Single.model y + +predicate div_single_post (m:mode) (x y res:single) = + Single.value res = Single.round m (Single.value x / Single.value y) /\ + Single.exact res = Single.exact x / Single.exact y /\ + Single.model res = Single.model x / Single.model y + +val any_single : () -> { } single { } + +val single_of_real_exact (x:real) : + { } + single + { Single.value result = x /\ + Single.exact result = x /\ Single.model result = x } + +val single_of_double (m:mode) (x:double) : + { Single.no_overflow m (Double.value x) } + single + { single_of_double_post m x result } + +val single_of_double_safe (m:mode) (x:double) : + { } + single + { single_of_double_post m x result } + +val neg_single (x:single) : + { } + single + { neg_single_post x result } + +val add_single (m:mode) (x y:single) : + { Single.no_overflow m (Single.value x + Single.value y) } + single + { add_single_post m x y result } + +val add_single_safe (m:mode) (x y:single) : + { } + single + { add_single_post m x y result } + +val sub_single (m:mode) (x y:single) : + { Single.no_overflow m (Single.value x - Single.value y) } + single + { sub_single_post m x y result } + +val sub_single_safe (m:mode) (x y:single) : + { } + single + { sub_single_post m x y result } + +val mul_single (m:mode) (x y:single) : + { Single.no_overflow m (Single.value x * Single.value y) } + single + { mul_single_post m x y result } + +val mul_single_safe (m:mode) (x y:single) : + { } + single + { mul_single_post m x y result } + +val div_single (m:mode) (x y:single) : + { Single.value y <> 0.0 /\ + Single.no_overflow m (Single.value x / Single.value y) } + single + { div_single_post m x y result } + +val div_single_safe (m:mode) (x y:single) : + { } + single + { Single.value y <> 0.0 /\ + div_single_post m x y result } + +val lt_single_ (x y:single) : + {} bool { if result = True then Single.value x < Single.value y + else Single.value x >= Single.value y } + +val le_single_ (x y:single) : + {} bool { if result = True then Single.value x <= Single.value y + else Single.value x > Single.value y } + +val gt_single_ (x y:single) : + {} bool { if result = True then Single.value x > Single.value y + else Single.value x <= Single.value y } + +val ge_single_ (x y:single) : + {} bool { if result = True then Single.value x >= Single.value y + else Single.value x < Single.value y } + +val eq_single_ (x y:single) : + {} bool { if result = True then Single.value x = Single.value y + else Single.value x <> Single.value y } + +val ne_single_ (x y:single) : + {} bool { if result = True then Single.value x <> Single.value y + else Single.value x = Single.value y } + +(* Specification of operations in double precision *) + +predicate neg_double_post (x res:double) = + Double.value res = - Double.value x /\ + Double.exact res = - Double.exact x /\ + Double.model res = - Double.model x + +predicate add_double_post (m:mode) (x y res:double) = + Double.value res = Double.round m (Double.value x + Double.value y) /\ + Double.exact res = Double.exact x + Double.exact y /\ + Double.model res = Double.model x + Double.model y + +predicate sub_double_post (m:mode) (x y res:double) = + Double.value res = Double.round m (Double.value x - Double.value y) /\ + Double.exact res = Double.exact x - Double.exact y /\ + Double.model res = Double.model x - Double.model y + +predicate mul_double_post (m:mode) (x y res:double) = + Double.value res = Double.round m (Double.value x * Double.value y) /\ + Double.exact res = Double.exact x * Double.exact y /\ + Double.model res = Double.model x * Double.model y + +predicate div_double_post (m:mode) (x y res:double) = + Double.value res = Double.round m (Double.value x / Double.value y) /\ + Double.exact res = Double.exact x / Double.exact y /\ + Double.model res = Double.model x / Double.model y + +predicate double_of_real_post (m:mode) (x:real) (res:double) = + Double.value res = Double.round m x /\ + Double.exact res = x /\ + Double.model res = x + +predicate double_of_single_post (x:single) (res:double) = + Double.value res = Single.value x /\ + Double.exact res = Single.exact x /\ + Double.model res = Single.model x + +val any_double : () -> { } double { } + +val double_of_real (m:mode) (x:real) : + { Double.no_overflow m x } + double + { double_of_real_post m x result } + +val double_of_real_safe (m:mode) (x:real) : + { } + double + { double_of_real_post m x result } + +val double_of_real_exact : x:real -> + { } + double + { Double.value result = x /\ + Double.exact result = x /\ + Double.model result = x } + +val double_of_single (x:single) : + { } + double + { double_of_single_post x result } + +val neg_double (x:double) : + { } + double + { neg_double_post x result } + +val add_double (m:mode) (x y:double) : + { Double.no_overflow m (Double.value x + Double.value y) } + double + { add_double_post m x y result } + +val add_double_safe (m:mode) (x y:double) : + { } + double + { add_double_post m x y result } + +val sub_double (m:mode) (x y:double) : + { Double.no_overflow m (Double.value x - Double.value y) } + double + { sub_double_post m x y result } + +val sub_double_safe (m:mode) (x y:double) : + { } + double + { sub_double_post m x y result } + +val mul_double (m:mode) (x y:double) : + { Double.no_overflow m (Double.value x * Double.value y) } + double + { mul_double_post m x y result } + +val mul_double_safe (m:mode) (x y:double) : + { } + double + { mul_double_post m x y result } + +val div_double (m:mode) (x y:double) : + { Double.value y <> 0.0 /\ + Double.no_overflow m (Double.value x / Double.value y) } + double + { div_double_post m x y result } + +val div_double_safe (m:mode) (x y:double) : + { } + double + { Double.value y <> 0.0 /\ + div_double_post m x y result } + +val lt_double_ (x y:double) : + {} bool { if result = True then Double.value x < Double.value y + else Double.value x >= Double.value y } + +val le_double_ (x y:double) : + {} bool { if result = True then Double.value x <= Double.value y + else Double.value x > Double.value y } + +val gt_double_ (x y:double) : + {} bool { if result = True then Double.value x > Double.value y + else Double.value x <= Double.value y } + +val ge_double_ (x y:double) : + {} bool { if result = True then Double.value x >= Double.value y + else Double.value x < Double.value y } + +val eq_double_ (x y:double) : + {} bool { if result = True then Double.value x = Double.value y + else Double.value x <> Double.value y } + +val ne_double_ (x y:double) : + {} bool { if result = True then Double.value x <> Double.value y + else Double.value x = Double.value y } + +end + + +module JessieFloatsFull + +use import real.Real +use import floating_point.Rounding +use import floating_point.SingleFull +use import floating_point.DoubleFull + +val lt_double_ (x:double) (y:double) : +{ } +bool +{ if result = True then DoubleFull.lt_full x y else not (DoubleFull.lt_full x y) } + +val gt_double_ (x:double) (y:double) : +{ } +bool +{ if result = True then DoubleFull.gt_full x y else not (DoubleFull.gt_full x y) } + + +end + + +module Jessie_memory_model_parameters + +use import int.Int +use import jessie3.Jessie_memory_model +use import module ref.Ref + +val sub_pointer_ (p:pointer 't) (q:pointer 't) : + { same_block p q } int { result = sub_pointer p q } + +val safe_sub_pointer_ (p:pointer 't) (q:pointer 't) : + { } int { result = sub_pointer p q } + +(* pointer comparison *) + +val eq_pointer (p: pointer 't) (q: pointer 't) : + { same_block p q \/ p = null \/ q = null } + bool + { if result = True then p=q else p<>q } + +val safe_eq_pointer (p: pointer 't) (q: pointer 't) : + {} bool { if result = True then p=q else p<>q } + +val neq_pointer (p: pointer 't) (q: pointer 't) : + { same_block p q \/ p = null \/ q = null } + bool + { if result = True then p<>q else p=q } + +val safe_neq_pointer (p: pointer 't) (q: pointer 't) : + {} bool { if result = True then p<>q else p=q } + + +(*****************************************************************************) +(* access and update side-effect functions *) +(*****************************************************************************) + +(* normal access *) +val acc_ (alloc:alloc_table 't) (m:(memory 't 'v)) (p:pointer 't) : + { offset_min(alloc) p <= 0 /\ 0 <= offset_max(alloc) p } + 'v + { result = select(m) p } + +(* offset access *) +val offset_acc_ (alloc:alloc_table 't) (m:(memory 't 'v)) + (p:pointer 't) (off:int) : + { offset_min(alloc) p <= off /\ off <= offset_max(alloc) p } + 'v + { result = select m (shift p off) } + +(* safe access *) +val safe_acc_ (m: (memory 't 'v)) (p:pointer 't) : + { } + 'v + { result = select(m) p } + +(* bounded access *) +val bound_acc_ (m: (memory 't 'v)) (p:pointer 't) (off:int) (lb:int) (rb:int) : + { lb <= off /\ off <= rb } + 'v + { result = select m (shift p off) } + +(* bounded access with safe left bound *) +val lsafe_bound_acc_ (m: (memory 't 'v)) (p:pointer 't) (off:int) (rb:int) : + { off <= rb } + 'v + { result = select m (shift p off) } + +(* bounded access with safe right bound *) +val rsafe_bound_acc_ (m: (memory 't 'v)) (p:pointer 't) (off:int) (lb:int) : + { lb <= off } + 'v + { result = select m (shift p off) } + +(* left bounded access *) +val lbound_acc_ (alloc:alloc_table 't) (m: (memory 't 'v)) (p:pointer 't) + (off:int) (lb:int) : + { lb <= off /\ off <= offset_max(alloc) p } + 'v + { result = select m (shift p off) } + +(* left bounded access with safe left bound *) +val lsafe_lbound_acc_ (alloc:alloc_table 't) (m: (memory 't 'v)) (p:pointer 't) + (off:int) : + { off <= offset_max(alloc) p } + 'v + { result = select m (shift p off) } + +(* right bounded access *) +val rbound_acc_ (alloc:alloc_table 't) (m: (memory 't 'v)) (p:pointer 't) + (off:int) (rb:int) : + { offset_min(alloc) p <= off /\ off <= rb } + 'v + { result = select m (shift p off) } + +(* right bounded access with safe right bound *) +val rsafe_rbound_acc_ (alloc:alloc_table 't) (m: (memory 't 'v)) (p:pointer 't) + (off:int) : + { offset_min(alloc) p <= off } + 'v + { result = select m (shift p off) } + +(* normal update *) +val upd_ (alloc:alloc_table 't) (m: ref (memory 't 'v)) (p:pointer 't) (v:'v) : + { offset_min(alloc) p <= 0 /\ 0 <= offset_max(alloc) p } + (* and select(mutable) p = true *) + unit + reads m (* ,mutable *) + writes m + { !m = store (old !m) p v } + +(* offset update *) +val offset_upd_ (alloc:alloc_table 't) (m: ref (memory 't 'v)) (p:pointer 't) + (off:int) (v:'v) : + { offset_min(alloc) p <= off /\ off <= offset_max(alloc) p } + (* /\ select(mutable) p = true *) + unit + reads m (* ,mutable *) + writes m + { !m = store (old !m) (shift p off) v } + +(* safe update *) +val safe_upd_ (m: ref (memory 't 'v)) (p:pointer 't) (v:'v) : + { (* select(mutable) p = true *) } + unit + reads m (* ,mutable *) + writes m + { !m = store (old !m) p v } + +(* bounded update *) +val bound_upd_ (m: ref (memory 't 'v)) (p:pointer 't) (off:int) (lb:int) + (rb:int) (v:'v) : + { lb <= off /\ off <= rb } + unit + reads m + writes m + { !m = store (old !m) (shift p off) v } + +(* bounded update with safe left bound *) +(* unused +val lsafe_bound_upd_ (m: ref (memory 't 'v)) (p:pointer 't) (off:int) (rb:int) (v:'v : + { off <= rb } + unit + reads m + writes m + { m = store((old m),shift p (off),v) } +*) + +(* bounded update with safe right bound *) +val rsafe_bound_upd_ (m: ref (memory 't 'v)) (p:pointer 't) (off:int) (lb:int) + (v:'v) : + { lb <= off } + unit + reads m + writes m + { !m = store (old !m) (shift p off) v } + +(* left bounded update *) +val lbound_upd_ (alloc:alloc_table 't) (m: ref (memory 't 'v)) (p:pointer 't) + (off:int) (lb:int) (v:'v) : + { lb <= off /\ off <= offset_max(alloc) p } + unit + reads m + writes m + { !m = store (old !m) (shift p off) v } + +(* left bounded update with safe left bound *) +val lsafe_lbound_upd_ (alloc:alloc_table 't) (m: ref (memory 't 'v)) + (p:pointer 't) (off:int) (v:'v) : + { off <= offset_max(alloc) p } + unit + reads m + writes m + { !m = store (old !m) (shift p off) v } + +(* right bounded update *) +val rbound_upd_ (alloc:alloc_table 't) (m: ref (memory 't 'v)) (p:pointer 't) + (off:int) (rb:int) (v:'v) : + { offset_min(alloc) p <= off /\ off <= rb } + unit + reads m + writes m + { !m = store (old !m) (shift p off) v } + +(* right bounded update with safe right bound *) +val rsafe_rbound_upd_ (alloc:alloc_table 't) (m: ref (memory 't 'v)) + (p:pointer 't) (off:int) (v:'v) : + { offset_min(alloc) p <= off } + unit + reads m + writes m + { !m = store (old !m) (shift p off) v } + + +val instanceof_ (a:(tag_table 't)) (p:pointer 't) (s:(tag_id 't)) : + { } + bool + { if result = True then instanceof a p s else not (instanceof a p s) } + +val downcast_ (a:(tag_table 't)) (p:pointer 't) (s:(tag_id 't)) : + { instanceof a p (s) } + pointer 't + { result=p } + +val safe_downcast_ (a:(tag_table 't)) (p:pointer 't) (s:(tag_id 't)) : + { } + pointer 't + { result=p } + + +(*****************************************************************************) +(* default values *) +(*****************************************************************************) + +val any_int: () -> {} int { true } + +val any_real: () -> {} real { true } + +val any_bool: () -> {} bool { true } + +val any_pointer: () -> {} (pointer 'z) { true } + +val any_memory: () -> {} (memory 't 'v) { true } + +val any_alloc_table: () -> {} alloc_table 't { true } + +val any_tag_table: () -> {} tag_table 't { true } + + + +(*****************************************************************************) +(* exceptions for control flow handling *) +(*****************************************************************************) + +exception Return + + +val alloc_val_ownership (a:ref (alloc_table 't)) + (mut:ref (memory 't (tag_id 't))) (com:ref (memory 't bool)) + (tag:ref (tag_table 't)) (s:(tag_id 't)) (n:int) : + { n > 0 } + pointer 't + reads mut com + writes a tag + { alloc_extends (old !a) !a /\ alloc_fresh (old !a) result n + /\ offset_min !a result = 0 /\ offset_max !a result = n-1 + /\ instanceof !tag result s /\ select !mut result = bottom_tag + /\ select !com result = False } + +val free_val_ownership (a:ref (alloc_table 't)) (com:ref (memory 't bool)) + (p:pointer 't) : + { (*Cannot express yet offset_min a p = 0 /\*) offset_max !a p >= 0 + /\ select !com p = False } + unit + reads com + writes a + { offset_max !a p < offset_min !a p } + +(* With -inv-sem <> ownership *) + +val alloc_parameter (a:ref (alloc_table 't)) (tag:ref (tag_table 't)) (s:(tag_id 't)) + (n:int) : + { n > 0 } + pointer 't + writes a tag + { alloc_extends (old !a) !a /\ alloc_fresh (old !a) result n + /\ offset_min !a result = 0 /\ offset_max !a result = n-1 + /\ instanceof !tag result s } + +val safe_alloc_parameter (a:ref (alloc_table 't)) (tag:ref (tag_table 't)) + (s:(tag_id 't)) (n:int) : + { } + pointer 't + writes a tag + { alloc_extends (old !a) !a /\ alloc_fresh (old !a) result n + /\ offset_min !a (result) = 0 /\ offset_max !a (result) = n-1 + /\ instanceof !tag result s } + +val free_parameter (a:ref (alloc_table 't)) (p:pointer 't) : + { p = null (* allowed, see man 3 free *) /\ + (*Cannot express yet offset_min a p = 0 /\*) offset_max !a p >= 0 } + unit + writes a + { (p = null -> !a = (old !a)) /\ (p <> null -> + alloc_extends_except (old !a) !a + (pset_range (pset_singleton p) 0 (offset_max (old !a) p)) + /\ offset_max !a p < offset_min !a p) } + +val safe_free_parameter (a:ref (alloc_table 't)) (p:pointer 't) : + { } + unit + writes a + { alloc_extends_except (old !a) !a + (pset_range (pset_singleton p) 0 (offset_max (old !a) p)) + /\ offset_max !a p < offset_min !a p } + + +end diff -Nru why-2.29+dfsg/lib/why3/jessie3.why why-2.30+dfsg/lib/why3/jessie3.why --- why-2.29+dfsg/lib/why3/jessie3.why 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/lib/why3/jessie3.why 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,654 @@ + +theory Jessie_memory_model + +use import int.Int + +predicate zwf_zero (a:int) (b:int) = 0 <= b /\ a < b + +(* +use import real.Real +use import int.ComputerDivision +*) + +(*****************************************************************************) +(* pointers, allocation, validity *) +(*****************************************************************************) + +type alloc_table 't +type pointer 't +type block 't + +(* memory model *) + +function base_block (pointer 't) : block 't +function offset_max (alloc_table 't) (pointer 't) : int +function offset_min (alloc_table 't) (pointer 't) : int + +(* shortcuts *) + +predicate valid (a:alloc_table 't) (p:pointer 't) = + offset_min a p <= 0 /\ offset_max a p >= 0 + +predicate same_block (p: pointer 't) (q:pointer 't) = + base_block(p) = base_block(q) + +(* pointer arithmetic *) + +function sub_pointer (pointer 't) (pointer 't) : int +function shift (pointer 't) int : (pointer 't) + +(* null pointer*) + +function null : (pointer 't) + +(* address *) + +function pointer_address (pointer 't) : (pointer ()) +function absolute_address int : (pointer ()) +function address (pointer 't) : int + +axiom address_injective: + forall p:pointer 't. forall q:pointer 't. + p = q <-> address(p) = address(q) + +(* Not allowed in Why3 (undefined type variable) +axiom address_null: + address(null) = 0 +*) + +(* INCONSISTENT -> removed +axiom address_positive: + forall p:pointer 't. 0 <= address(p) +*) + +axiom address_shift_lt: + forall p:pointer 't. forall i:int. forall j:int + [address(shift p i), address(shift p j)]. + address(shift p i) < address(shift p j) <-> i < j + +axiom address_shift_le: + forall p:pointer 't. forall i:int. forall j:int + [address(shift p i), address(shift p j)]. + address(shift p i) <= address(shift p j) <-> i <= j + + +(* shift *) + +axiom shift_zero: + forall p:pointer 't [shift p 0]. shift p 0 = p + +axiom shift_shift: + forall p:pointer 't. forall i:int. forall j:int [shift (shift p i) j]. + shift (shift p i) j = shift p (i+j) + +axiom offset_max_shift: + forall a:alloc_table 't. forall p: pointer 't. forall i:int. + offset_max a (shift p i) = offset_max a p - i + +axiom offset_min_shift: + forall a:alloc_table 't. forall p: pointer 't. forall i:int. + offset_min a (shift p i) = offset_min a p - i + +axiom neq_shift: + forall p:pointer 't. forall i:int. forall j:int [shift p i,shift p j]. + i <> j -> shift p i <> shift p j + +(* null *) + +axiom null_not_valid: + forall a:alloc_table 't. not (valid a null) + +axiom null_pointer: + forall a:alloc_table 't. + offset_min a null >= 0 /\ offset_max a null <= -2 + +use import bool.Bool + +function eq_pointer_bool (pointer 't) (pointer 't) : bool +function neq_pointer_bool (pointer 't) (pointer 't) : bool + +axiom eq_pointer_bool_def: + forall p1: pointer 't. forall p2: pointer 't. + eq_pointer_bool p1 p2 = True <-> p1 = p2 + +axiom neq_pointer_bool_def: + forall p1: pointer 't. forall p2: pointer 't. + neq_pointer_bool p1 p2 = True <-> p1 <> p2 + +(* make Simplify loop on bench/java/Arrays.java !!! +axiom same_block_shift: + forall p: pointer 't. forall i:int. + same_block(p,shift p i) +*) + +axiom same_block_shift_right: + forall p: pointer 't. forall q:pointer 't. forall i:int + [same_block p (shift q i)]. + same_block p q -> same_block p (shift q i) + +axiom same_block_shift_left: + forall p: pointer 't. forall q:pointer 't. forall i:int + [same_block (shift q i) p]. + same_block q p -> same_block (shift q i) p + + +(* make Simplify loop on Jessie test roux.c +axiom sub_pointer_same_block: + forall p:pointer 't. forall q:pointer 't [sub_pointer(p,q),same_block(p,q)]. + sub_pointer(p,q) = 0 -> same_block(p,q) +*) + +(* sub_pointer *) + +axiom sub_pointer_shift: + forall p:pointer 't. forall q:pointer 't [sub_pointer p q]. + same_block p q -> + p = shift q (sub_pointer p q) + +axiom sub_pointer_self: + forall p:pointer 't [sub_pointer p p]. sub_pointer p p = 0 + +axiom sub_pointer_zero: + forall p:pointer 't. forall q:pointer 't [sub_pointer p q]. + same_block p q -> + sub_pointer p q = 0 -> p = q + +axiom sub_pointer_shift_left: + forall p:pointer 't. forall q:pointer 't. + forall i:int [sub_pointer (shift p i) q]. + sub_pointer (shift p i) q = sub_pointer p q + i + +axiom sub_pointer_shift_right: + forall p:pointer 't. forall q:pointer 't. + forall i:int [sub_pointer p (shift q i)]. + sub_pointer p (shift q i) = sub_pointer p q - i + +(*****************************************************************************) +(* heap memories, select and store *) +(*****************************************************************************) + +type memory 't 'v + +function select (memory 't 'v) (pointer 't) : 'v +function store (memory 't 'v) (pointer 't) 'v : (memory 't 'v) + +axiom select_store_eq: + forall m: (memory 't 'v). + forall p1: pointer 't. + forall p2: pointer 't. + forall a: 'v [store m p1 a, p2]. + p1=p2 -> select (store m p1 a) p2 = a + +(* redundant +axiom select_store: + forall m: (memory 't 'v). + forall p: pointer 't. + forall a: 'v [select(store(m,p,a),p)]. + select(store(m,p,a),p) = a +*) + +axiom select_store_neq: + forall m: (memory 't 'v). + forall p1: pointer 't. + forall p2: pointer 't. + forall a: 'v [store m p1 a,p2] . + p1 <> p2 -> select (store m p1 a) p2 = select m p2 + + + +(*****************************************************************************) +(* memory locations, not_assigns predicate, separation *) +(*****************************************************************************) + +type pset 't + +function pset_empty : (pset 't) +function pset_singleton (pointer 't) : (pset 't) +function pset_deref (memory 't (pointer 'v)) (pset 't) : pset 'v +function pset_union (pset 't) (pset 't) : (pset 't) +function pset_all (pset 'z) : (pset 'z) (* l(..) *) +function pset_range (pset 't) int int : (pset 't) (* l(a..b) *) +function pset_range_left (pset 'z) int : (pset 'z) (* l(..b) *) +function pset_range_right (pset 'z) int : (pset 'z) (* l(a..) *) + +predicate in_pset (pointer 't) (pset 't) +predicate valid_pset (alloc_table 't) (pset 't) + +predicate pset_disjoint (ps1:(pset 't)) (ps2:(pset 't)) = + forall p:pointer 't. + not (in_pset p ps1 /\ in_pset p ps2) + +predicate pset_included (ps1:(pset 't)) (ps2:(pset 't)) = + forall p:pointer 't. + in_pset p ps1 -> in_pset p ps2 + +axiom pset_included_self: + forall ps:(pset 't). pset_included ps ps + +axiom pset_included_range: + forall ps:(pset 't). forall a:int. forall b:int. forall c:int. forall d:int + [pset_included (pset_range ps a b) (pset_range ps c d)]. + c <= a /\ b <= d -> + pset_included (pset_range ps a b) (pset_range ps c d) + +axiom pset_included_range_all: + forall ps:(pset 't). forall a:int. forall b:int. forall c:int. forall d:int + [pset_included (pset_range ps a b) (pset_range ps c d)]. + pset_included (pset_range ps a b) (pset_all ps) + +axiom in_pset_empty: + forall p:pointer 't. not (in_pset p pset_empty) + +axiom in_pset_singleton: + forall p:pointer 't. + forall q:pointer 't. + in_pset p (pset_singleton q) <-> p=q + +axiom in_pset_deref: + forall p:pointer 'v. + forall m:memory 't (pointer 'v). + forall q:(pset 't). + in_pset p (pset_deref m q) <-> + exists r:pointer 't. in_pset r q /\ p = select m r + +axiom in_pset_all: + forall p:pointer 't. + forall q:(pset 't). + in_pset p (pset_all q) <-> + exists i:int. exists r:pointer 't. + in_pset r q /\ p = shift r i + +axiom in_pset_range: + forall p:pointer 't. + forall q:(pset 't). + forall a:int. forall b:int. + in_pset p (pset_range q a b) <-> + exists i:int. exists r:pointer 't. + a <= i /\ i <= b /\ in_pset r q /\ p=shift r i + +axiom in_pset_range_left: + forall p:pointer 't. + forall q:(pset 't). + forall b:int. + in_pset p (pset_range_left q b) <-> + exists i:int. exists r:pointer 't. + i <= b /\ in_pset r q /\ p = shift r i + +axiom in_pset_range_right: + forall p:pointer 't. + forall q:(pset 't). + forall a:int. + in_pset p (pset_range_right q a) <-> + exists i:int. exists r:pointer 't. + a <= i /\ in_pset r q /\ p = shift r i + +axiom in_pset_union: + forall p:pointer 't. + forall s1:(pset 't). + forall s2:(pset 't). + in_pset p (pset_union s1 s2) <-> in_pset p s1 \/ in_pset p s2 + +axiom valid_pset_empty: + forall a:alloc_table 't. valid_pset a pset_empty + +axiom valid_pset_singleton: + forall a:alloc_table 't. + forall p:pointer 't. + valid_pset a (pset_singleton p) <-> valid a p + +axiom valid_pset_deref: + forall a:alloc_table 'v . + forall m:memory 't (pointer 'v). + forall q:(pset 't). + valid_pset a (pset_deref m q) <-> + forall r:pointer 't. forall p:pointer 'v. + in_pset r q /\ p = select m r -> valid a p + +axiom valid_pset_range: + forall a:alloc_table 't. + forall q:(pset 't). + forall c:int. forall d:int. + valid_pset a (pset_range q c d) <-> + forall i:int. forall r:pointer 't. + in_pset r q /\ c <= i /\ i <= d -> valid a (shift r i) + +axiom valid_pset_union: + forall a:alloc_table 't. + forall s1:(pset 't). + forall s2:(pset 't). + valid_pset a (pset_union s1 s2) <-> valid_pset a (s1) /\ valid_pset a (s2) + +predicate not_assigns + (a:alloc_table 't) (m1:(memory 't 'v)) (m2:(memory 't 'v)) (l:(pset 't)) = + forall p:pointer 't. + valid a p /\ not in_pset p l -> select m2 p = select m1 p + +axiom not_assigns_refl: + forall a: alloc_table 't. + forall m: (memory 't 'v). + forall l:(pset 't). + not_assigns a m m l + +axiom not_assigns_trans: + forall a: alloc_table 't. + forall m1: (memory 't 'v). + forall m2: (memory 't 'v). + forall m3: (memory 't 'v). + forall l:(pset 't) [not_assigns a m1 m2 l, not_assigns a m1 m3 l] . + not_assigns a m1 m2 l -> + not_assigns a m2 m3 l -> + not_assigns a m1 m3 l + +predicate full_separated (pointer 't1) (pointer 't2) + +axiom full_separated_shift1: + forall p: (pointer 'z). forall q: (pointer 'z). + forall i: int [full_separated p q,shift q i]. + full_separated p q -> full_separated p (shift q i) + +axiom full_separated_shift2: + forall p: (pointer 'z). forall q: (pointer 'z). + forall i: int [full_separated p q,shift q i]. + full_separated p q -> full_separated (shift q i) p + +axiom full_separated_shift3: + forall p: (pointer 'z). forall q: (pointer 'z). + forall i: int [full_separated(q) p,shift q i]. + full_separated(q) p -> full_separated(shift q i) p + +axiom full_separated_shift4: + forall p: (pointer 'z). forall q: (pointer 'z). + forall i: int [full_separated(q) p,shift q i]. + full_separated(q) p -> full_separated p (shift q i) + + +(*****************************************************************************) +(* lattice of structures *) +(*****************************************************************************) + +(***** +typeof gives the dynamic type of an object. + +parenttag is defined by axioms in jc_interp, and defines the hierarchy. + parenttag(t1, t2) <-> t2 is the immediate superclass of t1 + +subtag is axiomatized from parenttag, and is the reflexive, transitive + closure of parenttag. + +subtag_ is the same as subtag but for booleans. + +instanceof is defined from typeof and subtag. + +int_of_tag gives a different integer to each tags to differenciate them. +*****) + +type tag_table 't + +type tag_id 't + +function int_of_tag (tag_id 't) : int + +function typeof(tag_table 't) (pointer 't) : (tag_id 't) + +predicate parenttag (tag_id 't) (tag_id 't) + +predicate subtag (tag_id 't) (tag_id 't) + +function subtag_bool (tag_id 't) (tag_id 't) : bool + +axiom subtag_bool_def: + forall t1: (tag_id 't). + forall t2: (tag_id 't). + subtag_bool t1 t2 = True <-> subtag t1 t2 + +axiom subtag_refl: + forall t: (tag_id 't). + subtag t t + +axiom subtag_parent: + forall t1: (tag_id 't). + forall t2: (tag_id 't). + forall t3: (tag_id 't). + subtag t1 t2 -> parenttag t2 t3 -> subtag t1 t3 + +predicate instanceof (a: (tag_table 't)) (p: pointer 't) (t: (tag_id 't)) = + subtag (typeof a p) t + +function downcast (tag_table 't) (pointer 't) (tag_id 't) : pointer 't + +axiom downcast_instanceof: + forall a:(tag_table 't). + forall p:pointer 't. + forall s:(tag_id 't). + instanceof a p (s) -> downcast a p (s)=p + +function bottom_tag: tag_id 'a + +axiom bottom_tag_axiom: + forall t: (tag_id 't). + subtag t bottom_tag + +predicate root_tag(t: (tag_id 't)) = parenttag t bottom_tag + +axiom root_subtag: + forall a: (tag_id 't). + forall b: (tag_id 't). + forall c: (tag_id 't). + root_tag(a) -> root_tag(b) -> a <> b -> subtag c a -> not (subtag c b) + +(*****************************************************************************) +(* structure invariants *) +(*****************************************************************************) + +predicate fully_packed (tag_table: tag_table 'a) + (_mutable: memory 'a (tag_id 'a)) + (this: pointer 'a) = + select _mutable this = typeof tag_table this + + + +(*****************************************************************************) +(* bitwise operations *) +(*****************************************************************************) +(* TODO: use bitvector.why instead *) + +function bw_compl int : int + +function bw_and int int : int + +(* Yannick: added for CVE-2003-0161-min-ok *) +axiom bw_and_not_null: + forall a:int. forall b:int. bw_and a (b) <> 0 -> a <> 0 /\ b <> 0 + +function bw_xor int int : int + +function bw_or int int : int + +(* logical left shift *) + +function lsl int int : int + +axiom lsl_left_positive_returns_positive: + forall a:int. forall b:int. 0 <= a /\ 0 <= b -> 0 <= lsl a (b) + +axiom lsl_left_positive_monotone: + forall a1:int. forall a2:int. forall b:int. + 0 <= a1 /\ a1 <= a2 /\ 0 <= b -> lsl a1 b <= lsl a2 b + +(* logical right shift *) + +function lsr int int : int + +axiom lsr_left_positive_returns_positive: + forall a:int. forall b:int. 0 <= a /\ 0 <= b -> 0 <= lsr a (b) + +axiom lsr_left_positive_decreases: + forall a:int. forall b:int. 0 <= a /\ 0 <= b -> lsr a (b) <= a + +(* arithmetic right shift *) + +function asr int int : int + +axiom asr_positive_on_positive: + forall a:int. forall b:int. 0 <= a /\ 0 <= b -> 0 <= asr a (b) + +axiom asr_decreases_on_positive: + forall a:int. forall b:int. 0 <= a /\ 0 <= b -> asr a (b) <= a + +(* combining shifts *) + +axiom asr_lsr_same_on_positive: + forall a:int. forall b:int. 0 <= a /\ 0 <= b -> asr a (b) = lsr a (b) + +axiom lsl_of_lsr_decreases_on_positive: + forall a:int. forall b:int. 0 <= a /\ 0 <= b -> lsl (lsr a b) b <= a + +axiom lsr_of_lsl_identity_on_positive: + forall a:int. forall b:int. 0 <= a /\ 0 <= b -> lsr (lsl a b) b = a + +(*****************************************************************************) +(* dynamic allocation/deallocation *) +(*****************************************************************************) + +predicate alloc_extends (alloc_table 't) (alloc_table 't) + +predicate alloc_fresh (a:alloc_table 't) (p:pointer 't) (n:int) = + forall i:int. 0 <= i /\ i < n -> not valid a (shift p i) + +axiom alloc_extends_offset_min: + forall a1:alloc_table 't. forall a2:alloc_table 't [alloc_extends a1 a2]. + alloc_extends a1 a2 -> + forall p:pointer 't. + valid(a1) p -> offset_min(a1) p = offset_min(a2) p + +axiom alloc_extends_offset_max: + forall a1:alloc_table 't. forall a2:alloc_table 't [alloc_extends a1 a2]. + alloc_extends a1 a2 -> + forall p:pointer 't. + valid(a1) p -> offset_max(a1) p = offset_max(a2) p + +axiom alloc_extends_not_assigns_empty: + forall a1:alloc_table 't. forall a2:alloc_table 't. + forall m1: (memory 't 'v). forall m2: (memory 't 'v). + forall l:(pset 't). forall p:pointer 't. forall n:int + [alloc_extends a1 a2, alloc_fresh a1 p n, not_assigns a2 m1 m2 l]. + alloc_extends a1 a2 /\ alloc_fresh a1 p n /\ not_assigns a2 m1 m2 l + /\ pset_included l (pset_all (pset_singleton p)) -> + not_assigns a1 m1 m2 pset_empty + +(* +axiom alloc_fresh_def: + forall a:alloc_table 't. forall p:pointer 't [alloc_fresh a p]. + alloc_fresh a p -> + forall q:(pset 't). + valid_pset a (q) -> not in_pset p q +*) + +predicate alloc_extends_except (alloc_table 't) (alloc_table 't) (pset 't) + +axiom alloc_extends_except_offset_min: + forall a1:alloc_table 't. forall a2:alloc_table 't. forall l:(pset 't) + [alloc_extends_except a1 a2 l]. + alloc_extends_except a1 a2 l -> + forall p:pointer 't. + valid(a1) p /\ not in_pset p (l) -> offset_min(a1) p = offset_min(a2) p + +axiom alloc_extends_except_offset_max: + forall a1:alloc_table 't. forall a2:alloc_table 't. forall l:(pset 't) + [alloc_extends_except a1 a2 l]. + alloc_extends_except a1 a2 l -> + forall p:pointer 't. + valid(a1) p /\ not in_pset p (l) -> offset_max(a1) p = offset_max(a2) p + + + +(* Frame predicate *) +(* Logic definitions used for separation pragma *) +(* For in *) +type mybag 'a + +predicate in_mybag 'a (mybag 'a) + +predicate disj_mybag (mybag 'a) (mybag 'a) + +axiom disj_sym : forall s1 s2 : (mybag 'a) [disj_mybag s1 s2]. + disj_mybag s1 s2 -> disj_mybag s2 s1 + +predicate sub_mybag (mybag 'a) (mybag 'a) + +axiom sub_refl : + forall sa : mybag (pointer 'a) [sub_mybag sa sa]. + sub_mybag sa sa + +axiom sub_disj : forall s1 s2 s3 : (mybag 'a) + [disj_mybag s1 s2, sub_mybag s2 s3 | + disj_mybag s1 s3, sub_mybag s2 s3]. + disj_mybag s1 s2 -> sub_mybag s2 s3 -> disj_mybag s1 s3 + +axiom sub_in : forall s1 s2 : (mybag 'a). forall p : 'a + [in_mybag p s1, sub_mybag s1 s2| + in_mybag p s2, sub_mybag s1 s2]. + (not in_mybag p s2) -> sub_mybag s1 s2 -> not (in_mybag p s1) + + +(* for the frame_rule *) + +(* footprint, memory after, memory before *) +predicate frame_between (mybag (pointer 'a)) (memory 'a 'b) (memory 'a 'b) +axiom frame_between_refl : + forall sa : mybag (pointer 'a). + forall m : memory 'a 'b [frame_between sa m m]. + frame_between sa m m + +axiom frame_between_gen : + forall sa : mybag (pointer 'a). + forall m1 m2 : memory 'a 'b. + forall p : pointer 'a. + forall v : 'b [frame_between sa m1 (store m2 p v)]. + frame_between sa m1 m2 -> in_mybag p sa -> + frame_between sa (store m1 p v) m2 + +axiom frame_between_gen2 : + forall sa : mybag (pointer 'a). + forall m1 m2 m3 : memory 'a 'b + [frame_between sa m1 m2,frame_between sa m1 m3| + frame_between sa m2 m3,frame_between sa m1 m3]. + frame_between sa m1 m2 -> frame_between sa m2 m3 -> + frame_between sa m1 m3 + +axiom frame_between_gen_sub1 : + forall s12 s23 s13 : mybag (pointer 'a). + forall m1 m2 m3 : memory 'a 'b + [frame_between s12 m1 m2,frame_between s13 m1 m3]. + sub_mybag s12 s13 -> frame_between s12 m1 m2 -> + frame_between s23 m2 m3 -> + frame_between s13 m1 m3 + +axiom frame_between_gen_sub2 : + forall s12 s23 s13 : mybag (pointer 'a). + forall m1 m2 m3 : memory 'a 'b + [frame_between s23 m2 m3,frame_between s13 m1 m3]. + frame_between s12 m1 m2 -> + sub_mybag s23 s13 -> frame_between s23 m2 m3 -> + frame_between s13 m1 m3 + +axiom frame_between_pointer : + forall sa : mybag (pointer 'a). + forall m1 m2 : memory 'a 'b. + forall p : pointer 'a. + forall v : 'b[frame_between sa m1 m2,select(m1) p| + frame_between sa m1 m2,select(m2) p]. + frame_between sa m1 m2 -> not in_mybag p (sa) -> + select(m1) p = select(m2) p + +axiom frame_between_sub : + forall sa : mybag (pointer 'a). + forall sb : mybag (pointer 'a). + forall m1 m2 : memory 'a 'b + [frame_between sa m1 m2,sub_mybag sa sb]. + frame_between sa m1 m2 -> sub_mybag sa sb -> + frame_between sb m1 m2 + + +end + diff -Nru why-2.29+dfsg/Makefile.in why-2.30+dfsg/Makefile.in --- why-2.29+dfsg/Makefile.in 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/Makefile.in 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ # # # The Why platform for program certification # # # -# Copyright (C) 2002-2010 # +# Copyright (C) 2002-2011 # # # -# Jean-Christophe FILLIATRE, CNRS # +# Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 # # Claude MARCHE, INRIA & Univ. Paris-sud 11 # # Yannick MOY, Univ. Paris-sud 11 # # Romain BARDOU, Univ. Paris-sud 11 # -# Thierry HUBERT, Univ. Paris-sud 11 # # # # Secondary contributors: # # # +# Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) # # Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) # # Ali AYAD, CNRS & CEA Saclay (floating-point support) # # Sylvie BOLDO, INRIA (floating-point support) # @@ -103,10 +103,8 @@ lib/coq/WhySorted.vo \ lib/coq/WhyExn.vo lib/coq/WhyLemmas.vo lib/coq/WhyTactics.vo \ lib/coq/WhyPrelude.vo lib/coq/WhyCM.vo lib/coq/Why.vo lib/coq/WhyReal.vo \ - @WHYFLOATS@ \ - lib/coq/caduceus_why.vo lib/coq/caduceus_tactics.vo \ - lib/coq/caduceus_lists.vo lib/coq/Caduceus.vo \ - @JESSIELIBCOQ@ + @JESSIELIBCOQ@ \ + @WHYFLOATS@ V8FILES=$(VO8:.vo=.v) @@ -141,7 +139,6 @@ BINARY=bin/why.$(OCAMLBEST) WHYCONFIG=bin/why-config.$(OCAMLBEST) -CADUCEUS=bin/caduceus.$(OCAMLBEST) JESSIE=bin/jessie.$(OCAMLBEST) KRAKATOA=bin/krakatoa.$(OCAMLBEST) JESSICA=bin/jessica.$(OCAMLBEST) @@ -167,14 +164,14 @@ all: all-without-frama-c-plugin .depend $(JESSIE_PLUGIN_BEST) -all-without-frama-c-plugin: $(BINARY) $(WHYCONFIG) check $(CADUCEUS) $(JESSIE) $(KRAKATOA) coq-@COQ@ pvs-@PVS@ $(TOOLS) gwhy-@LABLGTK2@ $(JCLIB) $(REGTEST) +all-without-frama-c-plugin: $(BINARY) $(WHYCONFIG) check $(JESSIE) $(KRAKATOA) coq-@COQ@ pvs-@PVS@ $(TOOLS) gwhy-@LABLGTK2@ $(JCLIB) $(REGTEST) # refrain parallel make (-j nn) from starting ocaml compilation too early *.cm*: .depend -opt: bin/why.opt bin/gwhy.opt bin/caduceus.opt bin/jessie.opt bin/krakatoa.opt \ +opt: bin/why.opt bin/gwhy.opt bin/jessie.opt bin/krakatoa.opt \ $(JESSIE_PLUGIN_OPT) -byte: bin/why.byte bin/gwhy.byte bin/caduceus.byte bin/jessie.byte bin/krakatoa.byte \ +byte: bin/why.byte bin/gwhy.byte bin/jessie.byte bin/krakatoa.byte \ $(JESSIE_PLUGIN_BYTE) .PHONY: check @@ -185,8 +182,7 @@ lib/why/mybag.why \ lib/why/mix.why \ lib/why/floats_common.why lib/why/floats_strict.why \ - lib/why/floats_full.why lib/why/floats_multi_rounding.why - + lib/why/floats_full.why lib/why/floats_multi_rounding.why @@ -276,38 +272,6 @@ # $(OFLAGS) -thread -o $@ str.cmxa unix.cmxa threads.cmxa $^ # $(STRIP) $@ -# caduceus -CCMO = src/lib.cmo src/linenum.cmo \ - src/loc.cmo src/pp.cmo src/option_misc.cmo \ - src/version.cmo jc/output.cmo \ - c/cversion.cmo c/coptions.cmo c/cutil.cmo \ - c/ctypes.cmo c/info.cmo c/creport.cmo c/cconst.cmo \ - c/cenv.cmo c/cltyping.cmo c/ctyping.cmo c/cprint_graph.cmo \ - c/cgraph.cmo c/cinit.cmo \ - c/cast_misc.cmo c/clparser.cmo c/cllexer.cmo \ - c/cparser.cmo c/clexer.cmo \ - c/cprint.cmo c/cnorm.cmo c/cseparation.cmo \ - c/invariant.cmo c/ceffect.cmo \ - c/cinterp.cmo c/cpp.cmo c/cmake.cmo c/cabsint.cmo c/cptr.cmo \ - c/csymbol.cmo c/cmain.cmo -CCMA = -CCMX = $(CCMO:.cmo=.cmx) -CCMXA = $(CCMA:.cma=.cmxa) - -bin/caduceus.opt: $(CCMXA) $(CCMX) - $(if $(QUIET),@echo 'Linking $@' &&) $(OCAMLOPT) \ - $(OFLAGS) -o $@ unix.cmxa str.cmxa graph.cmxa $^ - $(STRIP) $@ - -bin/caduceus.byte: $(CCMA) $(CCMO) - $(if $(QUIET),@echo 'Linking $@' &&) $(OCAMLC) \ - $(BFLAGS) -o $@ unix.cma str.cma graph.cma $^ - -bin/caduceus.static: $(CCMXA) $(CCMX) - $(if $(QUIET),@echo 'Linking $@' &&) $(OCAMLOPT) -cclib -static $(OFLAGS) -o $@ unix.cmxa str.cmxa graph.cmxa $^ - - $(STRIP) $@ - # jessie JCCML_EXPORT = jc/output.ml \ @@ -682,12 +646,6 @@ doc/version.tex src/version.ml c/cversion.ml: Version version.sh config.status BINDIR=$(BINDIR) LIBDIR=$(LIBDIR) COQVER=$(COQVER) ./version.sh -lib/coq/caduceus_why.v: lib/why/caduceus.why $(BINARY) - WHYLIB=lib $(BINARY) --dir lib/coq --coq-v8 lib/why/caduceus.why - -lib/coq-v7/caduceus_why.v: lib/why/caduceus.why $(BINARY) - WHYLIB=lib $(BINARY) --dir lib/coq-v7 --coq-v7 lib/why/caduceus.why - lib/coq/jessie_why.v: lib/why/jessie.why $(BINARY) WHYLIB=lib $(BINARY) --dir lib/coq --coq-v8 -coq-preamble \ "Require Export Reals. Require Export Why." \ @@ -731,15 +689,6 @@ ml-bench:: $(JESSICA) $(JESSIE) make -C bench/ml -f Makefile good.bench -BENCHLOG=bench-caduceus-`date +%d-%m-%y`.log - -bench-c:: $(CADUCEUS) $(WHYVO) bin/cadlog.opt - (cd bench/c; sh ./bench 2>&1) | bin/cadlog.opt $(BENCHLOG) - (cd examples-c/linked-lists; make swap reverse) - -bench-absint:: $(CADUCEUS) $(WHYVO) bin/cadlog.opt - (cd bench/c/absint; sh ./bench 2>&1) | bin/cadlog.opt $(BENCHLOG) - bench-pvs:: $(BINARY) $(WHYVO) cd bench; sh ./bench "../$(BINARY) --valid" pvs @@ -754,9 +703,6 @@ examples:: $(BINARY) $(WHYVO) make -C examples check -examples-c:: $(BINARY) $(CADUCEUS) $(WHYVO) - make -C examples-c - # debugging db debug: bin/why.byte src/logic.cmo @@ -778,7 +724,7 @@ install: install-binary install-lib install-man install-coq-@COQ@ install-pvs-@PVS@ -BINARYFILES = $(BINARY) $(WHYCONFIG) $(CADUCEUS) $(JESSIE) $(KRAKATOA) \ +BINARYFILES = $(BINARY) $(WHYCONFIG) $(JESSIE) $(KRAKATOA) \ $(WHY2HTML) $(DP) $(CPULIMIT) $(RVMERGE) bin/gwhy.$(OCAMLBEST) \ $(WHYSTAT) $(TOOLSTAT) $(WHYOBFUSCATOR) $(SIMPLIFY2WHY) @@ -788,7 +734,6 @@ mkdir -p $(BINDIR) cp -f $(BINARY) $(BINDIR)/why$(EXE) cp -f $(WHYCONFIG) $(BINDIR)/why-config$(EXE) - cp -f $(CADUCEUS) $(BINDIR)/caduceus$(EXE) cp -f $(JESSIE) $(BINDIR)/jessie$(EXE) cp -f $(KRAKATOA) $(BINDIR)/krakatoa$(EXE) cp -f bin/gwhy.sh $(BINDIR)/gwhy @@ -807,23 +752,16 @@ install-lib: $(JCLIB) mkdir -p $(LIBDIR)/why/why cp -f $(PRELUDE) $(LIBDIR)/why/why - mkdir -p $(LIBDIR)/caduceus/why + mkdir -p $(LIBDIR)/why/why3 + cp -f lib/why3/jessie3.why lib/why3/jessie3.mlw $(LIBDIR)/why/why3 mkdir -p $(LIBDIR)/jessie cp -f $(JCLIB) $(JCCMI_EXPORT) $(LIBDIR)/jessie - cp -f lib/why/caduceus.why $(LIBDIR)/caduceus/why - cp -f lib/why/caduceus_arith.why $(LIBDIR)/caduceus/why - mkdir -p $(LIBDIR)/caduceus/coq mkdir -p $(LIBDIR)/coq if test "@COQVER@" = "v7"; then \ - cp -f lib/coq-v7/caduceus_why.v lib/coq-v7/caduceus_tactics.v $(LIBDIR)/caduceus/coq; \ + true \ else \ - cp -f lib/coq/caduceus_why.v lib/coq/caduceus_tactics.v $(LIBDIR)/caduceus/coq; \ cp -f lib/coq/jessie_why.v $(LIBDIR)/coq; \ fi - mkdir -p $(LIBDIR)/caduceus/isabelle - cp -f lib/isabelle/caduceus_why.thy $(LIBDIR)/caduceus/isabelle - mkdir -p $(LIBDIR)/caduceus/harvey - cp -f lib/harvey/caduceus_why.rv $(LIBDIR)/caduceus/harvey cd lib; cp -rf java_api $(LIBDIR)/why cd lib; cp -rf javacard_api $(LIBDIR)/why mkdir -p $(LIBDIR)/why/images @@ -868,19 +806,17 @@ cp lib/mizar/why.miz @MIZARLIB@/mml cp lib/mizar/dict/why.voc @MIZARLIB@/mml/dict -local-install: $(BINARY) $(WHYCONFIG) $(CADUCEUS) $(JESSIE) bin/gwhy.$(OCAMLBEST) byte bin/gwhy.byte +local-install: $(BINARY) $(WHYCONFIG) $(JESSIE) bin/gwhy.$(OCAMLBEST) byte bin/gwhy.byte cp $(BINARY) $$HOME/bin/why cp $(WHYCONFIG) $$HOME/bin/why - cp $(CADUCEUS) $$HOME/bin/caduceus cp $(JESSIE) $$HOME/bin/jessie if test -f bin/gwhy.$(OCAMLBEST); then \ cp -f bin/gwhy.$(OCAMLBEST) $$HOME/bin/gwhy; \ fi local: install -# local: bin/why.opt $(CADUCEUS) $(WHY2HTML) $(DP) $(RVMERGE) coq-@COQ@ +# local: bin/why.opt $(WHY2HTML) $(DP) $(RVMERGE) coq-@COQ@ # cp -f bin/why.opt $$HOME/bin/$$OSTYPE/why -# cp -f $(CADUCEUS) $$HOME/bin/$$OSTYPE/caduceus # cp -f $(WHY2HTML) $$HOME/bin/$$OSTYPE/why2html # cp -f $(DP) $$HOME/bin/$$OSTYPE/dp # cp -f $(RVMERGE) $$HOME/bin/$$OSTYPE/rv_merge @@ -908,7 +844,7 @@ # doc -DOC=doc/manual.ps doc/manual.html doc/caduceus.ps doc/caduceus.html \ +DOC=doc/manual.ps doc/manual.html \ doc/krakatoa.pdf doc/krakatoa.html \ doc/main.pdf doc/main.html @@ -920,19 +856,12 @@ # doc/version.tex: Version Makefile.in # echo '\newcommand{\whyversion}'"{$(VERSION)}" > $@ -# echo '\newcommand{\caduceusversion}'"{$(CVERSION)}" >> $@ # echo '\newcommand{\jessieversion}'"{$(JCVERSION)}" >> $@ # echo '\newcommand{\krakatoaversion}'"{$(KVERSION)}" >> $@ doc/manual.html: doc/manual.tex doc/version.tex make -C doc manual.html -doc/caduceus.ps: doc/caduceus.tex doc/version.tex - make -C doc caduceus.ps - -doc/caduceus.html: doc/caduceus.tex doc/version.tex - make -C doc caduceus.html - doc/krakatoa.pdf: doc/krakatoa.tex doc/version.tex make -C doc krakatoa.pdf @@ -1080,6 +1009,7 @@ lib/pvs/pvscontext.el lib/pvs/*.pvs lib/pvs/*.prf \ lib/mizar/why.miz lib/mizar/dict/why.voc \ lib/why/*.why lib/isabelle/*.thy lib/hol4/*.ml lib/harvey/*.rv \ + lib/why3/*.why lib/why3/*.mlw \ lib/java_api/java/*/*.java \ lib/javacard_api/java/lang/*.java \ lib/javacard_api/javacard/*/*.java \ @@ -1095,7 +1025,7 @@ # ne pas distribuer ces tests-la frama-c-plugin/tests/jessie/*.c -distrib export: source export-doc export-www export-examples export-examples-c linux +distrib export: source export-doc export-www export-examples export-www: echo "<#def version>$(VERSION)" > /users/demons/filliatr/www/why/version.prehtml @@ -1103,7 +1033,7 @@ make -C /users/demons/filliatr/www/why install source: export/$(NAME).tar.gz - cp CHANGES CHANGES.caduceus export/$(NAME).tar.gz $(FTP) + cp CHANGES export/$(NAME).tar.gz $(FTP) export/$(NAME).tar.gz: $(FILES) rm -rf $(EXPORT) @@ -1128,19 +1058,10 @@ make -C $(WWW)/examples clean depend echo "*** faire make all dans $(WWW)/examples ***" -export-examples-c: - mkdir -p $(WWW)/caduceus/examples - cd examples-c; cp --parents */*.c */*.h $(WWW)/caduceus/examples - mkdir -p $(WWW)/caduceus/examples/bench - cp bench/c/good/*.c $(WWW)/caduceus/examples/bench - rm -f $(WWW)/caduceus/examples/bench/test.c - export-doc: $(DOC) export-krakatoa-doc cp doc/manual.ps doc/manual.html $(WWW)/manual cp doc/logic_syntax.bnf $(WWW)/manual (cd $(WWW)/manual; hacha manual.html) - cp doc/caduceus.ps doc/caduceus.html $(WWW)/caduceus/manual - (cd $(WWW)/caduceus/manual; hacha caduceus.html) export-krakatoa-doc: cp doc/krakatoa.pdf doc/krakatoa.html doc/*.png $(WWWKRAKATOA)/manual @@ -1167,6 +1088,8 @@ Makefile.in configure.in README \ */*.ml */*.ml[ily4] tools/*.c bench/c/good/*.c \ bench/java/good/*.java \ + tests/java/*.java \ + tests/c/*.c \ doc/*.tex # myself @@ -1197,7 +1120,6 @@ rm -f ml/utils/*.cm[iox] ml/utils/*.o ml/utils/*~ ml/utils/*.annot rm -f ml/typing/*.cm[iox] ml/typing/*.o ml/typing/*~ ml/typing/*.annot rm -f bin/why.opt bin/why.byte bin/why.static bin/top - rm -f bin/caduceus.opt bin/caduceus.byte rm -f bin/jessie.opt bin/jessie.byte rm -f bin/jessica.opt bin/jessica.byte rm -f bin/why-obfuscator.opt bin/why-obfuscator.byte diff -Nru why-2.29+dfsg/mix/mix_ast.mli why-2.30+dfsg/mix/mix_ast.mli --- why-2.29+dfsg/mix/mix_ast.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/mix/mix_ast.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/mix/mix_cfg.ml why-2.30+dfsg/mix/mix_cfg.ml --- why-2.29+dfsg/mix/mix_cfg.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/mix/mix_cfg.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/mix/mix_cfg.mli why-2.30+dfsg/mix/mix_cfg.mli --- why-2.29+dfsg/mix/mix_cfg.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/mix/mix_cfg.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/mix/mix_interp.ml why-2.30+dfsg/mix/mix_interp.ml --- why-2.29+dfsg/mix/mix_interp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/mix/mix_interp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/mix/mix_lexer.mll why-2.30+dfsg/mix/mix_lexer.mll --- why-2.29+dfsg/mix/mix_lexer.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/mix/mix_lexer.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/mix/mix_main.ml why-2.30+dfsg/mix/mix_main.ml --- why-2.29+dfsg/mix/mix_main.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/mix/mix_main.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/mix/mix_parser.mly why-2.30+dfsg/mix/mix_parser.mly --- why-2.29+dfsg/mix/mix_parser.mly 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/mix/mix_parser.mly 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/mix/mix_seq.ml why-2.30+dfsg/mix/mix_seq.ml --- why-2.29+dfsg/mix/mix_seq.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/mix/mix_seq.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/mix/test.ml why-2.30+dfsg/mix/test.ml --- why-2.29+dfsg/mix/test.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/mix/test.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_constant.ml why-2.30+dfsg/ml/ml_constant.ml --- why-2.29+dfsg/ml/ml_constant.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_constant.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_env.ml why-2.30+dfsg/ml/ml_env.ml --- why-2.29+dfsg/ml/ml_env.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_env.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_env.mli why-2.30+dfsg/ml/ml_env.mli --- why-2.29+dfsg/ml/ml_env.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_env.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_interp.ml why-2.30+dfsg/ml/ml_interp.ml --- why-2.29+dfsg/ml/ml_interp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_interp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_main.ml why-2.30+dfsg/ml/ml_main.ml --- why-2.29+dfsg/ml/ml_main.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_main.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_misc.ml why-2.30+dfsg/ml/ml_misc.ml --- why-2.29+dfsg/ml/ml_misc.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_misc.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_options.ml why-2.30+dfsg/ml/ml_options.ml --- why-2.29+dfsg/ml/ml_options.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_options.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_options.mli why-2.30+dfsg/ml/ml_options.mli --- why-2.29+dfsg/ml/ml_options.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_options.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_pattern.ml why-2.30+dfsg/ml/ml_pattern.ml --- why-2.29+dfsg/ml/ml_pattern.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_pattern.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_pattern.mli why-2.30+dfsg/ml/ml_pattern.mli --- why-2.29+dfsg/ml/ml_pattern.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_pattern.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_pervasives.ml why-2.30+dfsg/ml/ml_pervasives.ml --- why-2.29+dfsg/ml/ml_pervasives.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_pervasives.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_type.ml why-2.30+dfsg/ml/ml_type.ml --- why-2.29+dfsg/ml/ml_type.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_type.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/ml/ml_type.mli why-2.30+dfsg/ml/ml_type.mli --- why-2.29+dfsg/ml/ml_type.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/ml/ml_type.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/README why-2.30+dfsg/README --- why-2.29+dfsg/README 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/README 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ * * * The Why platform for program certification * * * -* Copyright (C) 2002-2010 * +* Copyright (C) 2002-2011 * * * -* Jean-Christophe FILLIATRE, CNRS * +* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 * * Claude MARCHE, INRIA & Univ. Paris-sud 11 * * Yannick MOY, Univ. Paris-sud 11 * * Romain BARDOU, Univ. Paris-sud 11 * -* Thierry HUBERT, Univ. Paris-sud 11 * * * * Secondary contributors: * * * +* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) * * Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) * * Ali AYAD, CNRS & CEA Saclay (floating-point support) * * Sylvie BOLDO, INRIA (floating-point support) * diff -Nru why-2.29+dfsg/src/annot.ml why-2.30+dfsg/src/annot.ml --- why-2.29+dfsg/src/annot.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/annot.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/annot.mli why-2.30+dfsg/src/annot.mli --- why-2.29+dfsg/src/annot.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/annot.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/ast.mli why-2.30+dfsg/src/ast.mli --- why-2.29+dfsg/src/ast.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/ast.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/cc.mli why-2.30+dfsg/src/cc.mli --- why-2.29+dfsg/src/cc.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/cc.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/coq.ml why-2.30+dfsg/src/coq.ml --- why-2.29+dfsg/src/coq.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/coq.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/coq.mli why-2.30+dfsg/src/coq.mli --- why-2.29+dfsg/src/coq.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/coq.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/cvcl.ml why-2.30+dfsg/src/cvcl.ml --- why-2.29+dfsg/src/cvcl.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/cvcl.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/cvcl.mli why-2.30+dfsg/src/cvcl.mli --- why-2.29+dfsg/src/cvcl.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/cvcl.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/dispatcher.ml why-2.30+dfsg/src/dispatcher.ml --- why-2.29+dfsg/src/dispatcher.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/dispatcher.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -75,7 +75,7 @@ if not pruning then assert (match e with Dgoal _ -> false | _ -> true); match p with - | Simplify -> Simplify.push_decl e + | Simplify | Vampire -> Simplify.push_decl e | Harvey -> Harvey.push_decl e | Cvcl -> Cvcl.push_decl e | Zenon -> Zenon.push_decl e @@ -89,7 +89,7 @@ let push_obligation p (loc, is_lemma, expl, id, s) = let g = Dgoal (loc, is_lemma, expl, id, s) in match p with - | Simplify -> Simplify.push_decl g + | Simplify | Vampire -> Simplify.push_decl g | Harvey -> Harvey.push_decl g | Cvcl -> Cvcl.push_decl g | Zenon -> Zenon.push_decl g @@ -117,7 +117,7 @@ Some e -> set_types_encoding e | None -> () end; begin match p with - | Simplify -> Simplify.reset () + | Simplify | Vampire -> Simplify.reset () | Harvey -> Harvey.reset () | Cvcl -> Cvcl.prelude_done := false; Cvcl.reset () | Zenon -> Zenon.prelude_done := false; Zenon.reset () @@ -158,6 +158,9 @@ | Simplify -> let f = Filename.temp_file "gwhy" "_why.sx" in Simplify.output_file ~allowedit:false f; f + | Vampire -> + let f = Filename.temp_file "gwhy" "_why.vp" in + Simplify.output_file ~allowedit:false f; f | Harvey -> let f = Filename.temp_file "gwhy" "_why.rv" in Harvey.output_file f; f @@ -235,6 +238,8 @@ let r = match p with | Simplify -> Calldp.simplify ~debug ?timeout ~filename () + | Vampire -> + Calldp.vampire ~debug ?timeout ~filename () | Harvey -> Calldp.harvey ~debug ?timeout ~filename () | Cvcl -> diff -Nru why-2.29+dfsg/src/dispatcher.mli why-2.30+dfsg/src/dispatcher.mli --- why-2.29+dfsg/src/dispatcher.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/dispatcher.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/effect.ml why-2.30+dfsg/src/effect.ml --- why-2.29+dfsg/src/effect.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/effect.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/effect.mli why-2.30+dfsg/src/effect.mli --- why-2.29+dfsg/src/effect.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/effect.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding.ml why-2.30+dfsg/src/encoding.ml --- why-2.29+dfsg/src/encoding.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding.mli why-2.30+dfsg/src/encoding.mli --- why-2.29+dfsg/src/encoding.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding_mono2.ml why-2.30+dfsg/src/encoding_mono2.ml --- why-2.29+dfsg/src/encoding_mono2.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding_mono2.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding_mono_inst.ml why-2.30+dfsg/src/encoding_mono_inst.ml --- why-2.29+dfsg/src/encoding_mono_inst.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding_mono_inst.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding_mono_inst.mli why-2.30+dfsg/src/encoding_mono_inst.mli --- why-2.29+dfsg/src/encoding_mono_inst.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding_mono_inst.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding_mono.ml why-2.30+dfsg/src/encoding_mono.ml --- why-2.29+dfsg/src/encoding_mono.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding_mono.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -125,7 +125,11 @@ Env.empty_scheme (Forall (false, x, x, t, pat, peq))))) htypes) @ - (** \forall x: U . T2u(s2T(sort(T, x))) = x **) + (** \forall x: U . T2u(s2T(sort(T, x))) = x from CADE'08 paper + but contradiction with one finite type and one infinite type protected. + So use \forall x: U . sort(T,T2u(s2T(sort(T, x)))) = sort(T,x) + (see perhaps FROCOS'11) + **) (List.map (fun t -> (Daxiom (loc, (c2u t)^"_inv_"^(s2c t), let x = Ident.create "x" in @@ -133,7 +137,9 @@ let sort_t_x = Tapp (Ident.create sort, [t_term; Tvar x], []) in let s2t_sort_t_x = Tapp (Ident.create (s2c t), [sort_t_x], []) in let lhs = Tapp (Ident.create (c2u t), [s2t_sort_t_x], []) in - let peq = Papp (Ident.t_eq,[lhs;Tvar x], []) in + let lhs' = Tapp (Ident.create sort, [t_term; lhs], []) in + let rhs = Tapp (Ident.create sort, [t_term; Tvar x], []) in + let peq = Papp (Ident.t_eq,[lhs';rhs], []) in Env.empty_scheme (Forall (false, x, x, ut, [[TPat lhs]], peq))))) htypes) diff -Nru why-2.29+dfsg/src/encoding_pred.ml why-2.30+dfsg/src/encoding_pred.ml --- why-2.29+dfsg/src/encoding_pred.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding_pred.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding_pred.mli why-2.30+dfsg/src/encoding_pred.mli --- why-2.29+dfsg/src/encoding_pred.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding_pred.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding_rec.ml why-2.30+dfsg/src/encoding_rec.ml --- why-2.29+dfsg/src/encoding_rec.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding_rec.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding_rec.mli why-2.30+dfsg/src/encoding_rec.mli --- why-2.29+dfsg/src/encoding_rec.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding_rec.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding_strat.ml why-2.30+dfsg/src/encoding_strat.ml --- why-2.29+dfsg/src/encoding_strat.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding_strat.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/encoding_strat.mli why-2.30+dfsg/src/encoding_strat.mli --- why-2.29+dfsg/src/encoding_strat.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/encoding_strat.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/env.ml why-2.30+dfsg/src/env.ml --- why-2.29+dfsg/src/env.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/env.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/env.mli why-2.30+dfsg/src/env.mli --- why-2.29+dfsg/src/env.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/env.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/error.mli why-2.30+dfsg/src/error.mli --- why-2.29+dfsg/src/error.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/error.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/explain.ml why-2.30+dfsg/src/explain.ml --- why-2.29+dfsg/src/explain.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/explain.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -75,56 +75,42 @@ if String.length s > 0 then fprintf fmt "formula = \"%s\"@\n" s +let string_of_kind k = + match k with + | EKOther _ -> "Other" + | EKAbsurd -> "Absurd" + | EKAssert -> "Assert" + | EKCheck -> "Check" + | EKPre _ -> "Pre" + | EKPost -> "Post" + | EKWfRel -> "WfRel" + | EKVarDecr -> "VarDecr" + | EKLoopInvInit _ -> "LoopInvInit" + | EKLoopInvPreserv _ -> "LoopInvPreserv" + | EKLemma -> "Lemma" + let print_kind ?(quote=false) fmt (loc,k,lab) = (* Option_misc.iter (fun lab -> fprintf fmt "label = %s@\n" lab) labopt; *) - if quote then - begin - match k with - | EKOther s -> fprintf fmt "kind = \"Other\"@\ntext = \"%s\"" s - | EKAbsurd -> fprintf fmt "kind = \"Absurd\"" - | EKAssert -> fprintf fmt "kind = \"Assert\"" - | EKCheck -> fprintf fmt "kind = \"Check\"" - | EKPre s -> fprintf fmt "kind = \"Pre\"@\ntext = \"%s\"" s - | EKPost -> fprintf fmt "kind = \"Post\"" - | EKWfRel -> fprintf fmt "kind = \"WfRel\"" - | EKVarDecr -> fprintf fmt "kind = \"VarDecr\"" - | EKLoopInvInit s -> - fprintf fmt "kind = \"LoopInvInit\""; - print_formula fmt s - | EKLoopInvPreserv s -> - fprintf fmt "kind = \"LoopInvPreserv\""; - print_formula fmt s - | EKLemma -> fprintf fmt "kind = \"Lemma\"" - end - else + if not quote then begin raw_loc fmt loc; - begin match lab with - | None -> () - | Some s -> + match lab with + | None -> () + | Some s -> fprintf fmt "source_label = \"%s\"@\n" s - end; - match k with - | EKOther s -> fprintf fmt "kind = Other@\ntext = \"%s\"@\n" s - | EKAbsurd -> fprintf fmt "kind = Absurd@\n" - | EKAssert -> fprintf fmt "kind = Assert@\n" - | EKCheck -> fprintf fmt "kind = Check@\n" - | EKPre s -> fprintf fmt "kind = Pre@\ntext = \"%s\"@\n" s - | EKPost -> fprintf fmt "kind = Post@\n" - | EKWfRel -> fprintf fmt "kind = WfRel@\n" - | EKVarDecr -> fprintf fmt "kind = VarDecr@\n" - | EKLoopInvInit s -> - fprintf fmt "kind = LoopInvInit@\n"; - print_formula fmt s - | EKLoopInvPreserv s -> - fprintf fmt "kind = LoopInvPreserv@\n"; - print_formula fmt s - | EKLemma -> fprintf fmt "kind = Lemma@\n" - end - - + end; + match k with + | EKOther s | EKPre s -> + fprintf fmt "kind = \"%s\"@\ntext = \"%s\"" (string_of_kind k) s + | EKAbsurd | EKAssert | EKCheck | EKPost | EKWfRel | EKVarDecr + | EKLemma -> + fprintf fmt "kind = \"%s\"" (string_of_kind k) + | EKLoopInvInit s | EKLoopInvPreserv s -> + fprintf fmt "kind = \"%s\"" (string_of_kind k); + print_formula fmt s + let print ?(quote=false) fmt e = print_kind ~quote fmt (e.vc_loc,e.vc_kind,e.vc_label) @@ -132,7 +118,7 @@ | "" -> "loop invariant" | s -> "generated loop inv. '" ^ s ^"'" -let msg_of_kind = +let msg_of_kind ?name = function | EKPre "PointerDeref" -> "pointer dereferencing" | EKPre "IndexBounds" -> "check index bounds" @@ -152,4 +138,4 @@ | EKVarDecr -> "variant decreases" | EKLoopInvInit s -> msg_of_loopinv s ^ " initially holds" | EKLoopInvPreserv s -> msg_of_loopinv s ^ " preserved" - | EKLemma -> "lemma" + | EKLemma -> "lemma" ^ (match name with None -> "" | Some s -> " " ^ s) diff -Nru why-2.29+dfsg/src/explain.mli why-2.30+dfsg/src/explain.mli --- why-2.29+dfsg/src/explain.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/explain.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -34,4 +34,5 @@ val raw_loc : ?quote:bool -> ?pref:string -> Format.formatter -> Loc.floc -> unit val print: ?quote:bool -> Format.formatter -> Logic_decl.vc_expl -> unit -val msg_of_kind : Logic_decl.expl_kind -> string +val msg_of_kind : ?name:string -> Logic_decl.expl_kind -> string + diff -Nru why-2.29+dfsg/src/fastwp.ml why-2.30+dfsg/src/fastwp.ml --- why-2.29+dfsg/src/fastwp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/fastwp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -1,565 +1,570 @@ -(**************************************************************************) -(* *) -(* The Why platform for program certification *) -(* *) -(* Copyright (C) 2002-2010 *) -(* *) -(* Jean-Christophe FILLIATRE, CNRS *) -(* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) -(* Yannick MOY, Univ. Paris-sud 11 *) -(* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) -(* *) -(* Secondary contributors: *) -(* *) -(* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) -(* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) -(* Sylvie BOLDO, INRIA (floating-point support) *) -(* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) *) -(* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) *) -(* *) -(* This software is free software; you can redistribute it and/or *) -(* modify it under the terms of the GNU Lesser General Public *) -(* License version 2.1, with the special exception on linking *) -(* described in file LICENSE. *) -(* *) -(* This software is distributed in the hope that it will be useful, *) -(* but WITHOUT ANY WARRANTY; without even the implied warranty of *) -(* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *) -(* *) -(**************************************************************************) - - -open Ident -open Logic -open Types -open Effect -open Misc -open Util -open Ast -open Env - -(* Fast weakest preconditions *) - -let idmap_union m1 m2 = - Idmap.fold - (fun x2 v m1 -> - if Idmap.mem x2 m1 - then begin assert (Idmap.find x2 m1 = v); m1 end - else Idmap.add x2 v m1) - m2 m1 - -module Subst = struct - - type t = { - current : Ident.t Idmap.t; (* current name for each variable *) - sigma : Ident.t Idmap.t; (* substitution for all variables *) - types : pure_type Idmap.t; (* types, for quantifiers *) - all_vars : Idset.t; (* all names already used *) - } - - let empty = - { current = Idmap.empty; - sigma = Idmap.empty; - types = Idmap.empty; - all_vars = Idset.empty } - - let add x pt s = - { current = Idmap.add x x s.sigma; - sigma = Idmap.add x x s.sigma; - types = Idmap.add x pt s.types; - all_vars = Idset.add x s.all_vars } - - let add_aux x pt s = - { s with - types = Idmap.add x pt s.types; - all_vars = Idset.add x s.all_vars } - - let frame env ef s = - let r,w,_,_ = Effect.get_repr ef in - List.fold_left - (fun s x -> - try - begin match Env.type_in_env env x with - | Ref pt -> add x pt s - | _ -> assert false end - with Not_found -> assert false) - s (r @ w) - - let find x s = Idmap.find x s.current - - let global_names = ref Idset.empty - - let next_away x s = - let x' = next_away x (Idset.union !global_names s) in - global_names := Idset.add x' !global_names; - x' - - let fresh x s = - assert (Idmap.mem x s.types); - let x' = next_away x s.all_vars in - x', - { current = Idmap.add x x' s.current; - sigma = Idmap.add x x' s.sigma; - types = Idmap.add x' (Idmap.find x s.types) s.types; - all_vars = Idset.add x' s.all_vars } - - let fresh_pure x pt s = - let x' = next_away x s.all_vars in - x', - { current = Idmap.add x x' s.current; - sigma = Idmap.add x x' s.sigma; - types = Idmap.add x' pt s.types; - all_vars = Idset.add x' s.all_vars } - - let write x s = let _,s = fresh x s in s - let writes = List.fold_right write - - let term s = Misc.subst_in_term s.sigma - let predicate s = Misc.subst_in_predicate s.sigma - - (* we cross the label l => - the values at label l are mapped to the current values of references *) - let label l s = - { s with sigma = - Idmap.fold - (fun x x' m -> - if not (is_at x) then Idmap.add (at_id x l) x' m else m) - s.current s.sigma } - - let add_vars s1 s2 = - { s1 with - types = idmap_union s1.types s2.types; - all_vars = Idset.union s1.all_vars s2.all_vars } - - (* debug *) - open Format - let print fmt s = - let print_map fmt m = - Idmap.iter - (fun x x' -> fprintf fmt "(%a->%a)" Ident.lprint x Ident.lprint x') m - in - let print_keys fmt m = - Idmap.iter - (fun x _ -> fprintf fmt "(%a)" Ident.lprint x) m - in - fprintf fmt "@[current=%a,@ sigma=%a,@ types=%a@]" - print_map s.current print_map s.sigma print_keys s.types - -end -open Subst - -let all_quantifiers ((_,s),ee) = - let s = - List.fold_left (fun s (_,(_,sx)) -> idmap_union s sx.types) s.types ee - in - let l = Idmap.fold (fun x pt acc -> (x, PureType pt) :: acc) s [] in - List.rev l - -let merge s1 s2 = - (* d = { x | s1(x) <> s2(x) } *) - let d = - Idmap.fold - (fun x x1 d -> - try - let x2 = Subst.find x s2 in if x1 != x2 then Idset.add x d else d - with Not_found -> - d) - s1.current Idset.empty - in - let s12 = - { s1 with - types = idmap_union s1.types s2.types; - all_vars = Idset.union s1.all_vars s2.all_vars } - in - Idset.fold - (fun x (s',r1,r2) -> - let x',s' = Subst.fresh x s' in - let ty = PureType (Idmap.find x s'.types) in - s', - wpand r1 (tequality ty (Tvar x') (Tvar (Subst.find x s1))), - wpand r2 (tequality ty (Tvar x') (Tvar (Subst.find x s2)))) - d (s12, Ptrue, Ptrue) - -let wpforall = pforall ~is_wp:true -let wpforalls = foralls_many ~is_wp:true - -let ssubst_in_predicate s p = simplify (tsubst_in_predicate s p) - -let norm (p,_) = p -let exn x pl s = try List.assoc x pl with Not_found -> Pfalse, s -let exns e ee = List.map (fun x -> x, ee x) (get_exns e.info.t_effect) - -let with_exception_type e v f x = match find_exception e, v with - | None, None -> x - | Some pt, Some v -> f v pt x - | _ -> assert false - -(* INPUT - - e : program - - s : Subst.t - OUTPUT - - ok : predicate = correctness of e - - (n,el) : predicate * (Ident.t * predicate) list, such that - * if e terminates normally then n holds - * if e raises exception E then List.assoc E el holds - - s' : Subst.t -*) - -let rec wp e s = - let _,(_,ee) as r = wp0 e.info e s in - assert (List.length ee = List.length (get_exns e.info.t_effect)); - r - -and wp0 info e s = - (*Format.eprintf "@[wp avec %a@]@." Subst.print s;*) - let v = result_type e in - match e.desc with - | Expression t -> - (* OK: true - NE: result=t *) - let t = Subst.term s (unref_term t) in - let p = match e.info.t_result_type with - | PureType PTunit -> Ptrue - | _ -> tequality v tresult t - in - Ptrue, ((p, s), []) - | If (e1, e2, e3) -> - (* OK: ok(e1) /\ (ne(e1,true) => ok(e2)) /\ (ne(e1,false) => ok(e3)) - NE: (ne(e1,true) /\ ne(e2,result)) \/ (ne(e1,false) /\ ne(e3,result)) - *) - let ok1,((ne1,s1),ee1) = wp e1 s in - let ok2,((ne2,s2),ee2) = wp e2 s1 in - let ok3,((ne3,s3),ee3) = wp e3 s1 in - let ne1true = ssubst_in_predicate (subst_one result ttrue) ne1 in - let ne1false = ssubst_in_predicate (subst_one result tfalse) ne1 in - let ok = wpands [ok1; wpimplies ne1true ok2; wpimplies ne1false ok3] in - let ne = - let s',r2,r3 = merge s2 s3 in - por (wpands [ne1true; ne2; r2]) (wpands [ne1false; ne3; r3]), s' - in - let ee x = - let ee2,s2 = exn x ee2 s1 and ee3,s3 = exn x ee3 s1 in - let s23,r2,r3 = merge s2 s3 in - let ee1,s1 = exn x ee1 s in - let s',q1,q23 = merge s1 s23 in - pors [wpand ee1 q1; - wpands [ne1true;ee2;r2;q23]; - wpands [ne1false;ee3;r3;q23]], s' - in - ok, (ne, exns e ee) - | Seq (e1, e2) -> - (* OK: ok(e1) /\ (ne(e1,void) => ok(e2)) - NE: ne(e1,void) /\ ne(e2,result) *) - let ok1,((ne1,s1),ee1) = wp e1 s in - let ok2,((ne2,s2),ee2) = wp e2 s1 in - let ne1void = tsubst_in_predicate (subst_one result tvoid) ne1 in - let ok = wpand ok1 (wpimplies ne1void ok2) in - let ne = wpand ne1void ne2 in - let ee x = - let ee1,sx1 = exn x ee1 s and ee2,sx2 = exn x ee2 s1 in - let s',r1,r2 = merge sx1 sx2 in - por (wpand ee1 r1) (wpands [ne1void; ee2; r2]), s' - in - ok, ((ne, s2), exns e ee) - | LetIn (x, e1, e2) -> - let ok1,((ne1,s1),ee1) = wp e1 s in - let x',s1 = match e1.info.t_result_type with - | PureType pt -> Subst.fresh_pure x pt s1 - | _ -> x, s1 - in - let ok2,((ne2,s2),ee2) = wp e2 s1 in - begin match e1.info.t_result_type with - | PureType _pt -> - let ne1x = subst_in_predicate (subst_onev result x') ne1 in - let subst = subst_in_predicate (subst_onev x x') in - let ok = wpand ok1 (wpimplies ne1x (subst ok2)) in - let ne = wpand ne1x (subst ne2) in - let ee x = - let ee1,sx1 = exn x ee1 s and ee2,sx2 = exn x ee2 s1 in - let s',r1,r2 = merge sx1 sx2 in - por (wpand ee1 r1) (wpands [ne1x; ee2; r2]), s' - in - ok, ((ne, s2), exns e ee) - | Arrow _ -> - assert (not (occur_predicate result ne1)); - assert (not (occur_predicate x ne2)); - let ok = wpand ok1 (wpimplies ne1 ok2) in (* ok1 /\ ok2 ? *) - let ne = wpand ne1 ne2 in - let ee x = - let ee1,sx1 = exn x ee1 s and ee2,sx2 = exn x ee2 s1 in - let s',r1,r2 = merge sx1 sx2 in - por (wpand ee1 r1) (wpands [ne1; ee2; r2]), s' - in - ok, ((ne, s2), exns e ee) - | Ref _ -> - assert false - end - | LetRef (x, e1, e2) -> - begin match e1.info.t_result_type with - | PureType pt -> - let ok1,((ne1,s1),ee1) = wp e1 s in - let s1 = Subst.add x pt s1 in - let ok2,((ne2,s2),ee2) = wp e2 s1 in - let ne1x = subst_in_predicate (subst_onev result x) ne1 in - let ok = wpand ok1 ((*wpforall x ty1*) (wpimplies ne1x ok2)) in - let ne = (*exists x ty1*) (wpand ne1x ne2) in - let ee x = - let ee1,sx1 = exn x ee1 s and ee2,sx2 = exn x ee2 s1 in - let s',r1,r2 = merge sx1 sx2 in - por (wpand ee1 r1) (wpands [ne1x; ee2; r2]), s' - in - let s2 = Subst.add_aux x pt s2 in - ok, ((ne, s2), exns e ee) - | Arrow _ | Ref _ -> - assert false - end - | Assertion (k, al, e1) -> - (* OK: al /\ ok(e1) - NE: al /\ ne(e1, result) *) - let ok, ((ne1, s'), ee1) = wp e1 s in - let pl = List.map (fun a -> subst_in_predicate s.sigma a.a_value) al in - let ee x = let ee, sx = exn x ee1 s in wpands (pl @ [ee]), sx in - (* wpands (pl@[ok]), ((wpands (pl@[ne1]), s'), exns e ee) *) - let expl = - match k with - | `ABSURD -> - Cc.VCEabsurd - | #Cc.assert_kind as k -> (* ASSERT and CHECK *) - Cc.VCEassert (k, List.map (fun a -> (a.a_loc, a.a_value)) al) - | `PRE -> - let lab = info.t_userlabel in - let loc = info.t_loc in - Cc.VCEpre (lab, loc, List.map (fun a -> (a.a_loc, a.a_value)) al) - in - let id = reg_explanation expl in - Pnamed (id, wpands (pl@[ok])), ((wpands (pl@[ne1]), s'), exns e ee) - | Post (e1, q, _) -> - (* TODO: what to do with the transparency here? *) - let lab = e1.info.t_label in - let s = Subst.label lab s in - let ok, ((ne1, s'), ee1) = wp e1 s in - let q, ql = post_app (asst_app (change_label "" lab)) q in - let q = - let id = reg_explanation (Cc.VCEpost (q.a_loc, q.a_value)) in - { q with a_value = Pnamed (id, q.a_value) } - in - let ql = - List.map - (fun (x, q) -> - let id = reg_explanation (Cc.VCEpost (q.a_loc, q.a_value)) in - x, { q with a_value = Pnamed (id, q.a_value) }) - ql - in - let subst p s = subst_in_predicate s.sigma p.a_value in - let q = subst q s' in - let ql = List.map2 (fun (_, (_,sx)) (x, qx) -> x, subst qx sx) ee1 ql in - let post_exn (x, (ex, _)) (x', qx) = - assert (x = x'); - let p = wpimplies ex qx in - match find_exception x with - | Some pt -> wpforall result (PureType pt) p - | None -> p - in - let ok = - wpands - (ok :: - wpforall result e1.info.t_result_type (wpimplies ne1 q) :: - List.map2 post_exn ee1 ql) - in - let ne = wpand ne1 q, s' in - let ee x = let ee, sx = exn x ee1 s in wpand ee (List.assoc x ql), sx in - ok, (ne, exns e ee) - | Label (l, e) -> - wp e (Subst.label l s) - | Var _ -> - (* this must be an impure function, thus OK = NE = true *) - Ptrue, ((Ptrue, s), []) - | Absurd -> - (* OK = NE = false *) - Pfalse, ((Pfalse, s), []) - | Loop (inv, var, e1) -> - (* OK: I /\ forall w. (I => (ok(e1) /\ (ne(e1,void) => I /\ var - let lab = info.t_userlabel in - let id = reg_explanation (Cc.VCEinvinit (lab, (inv.a_loc, inv.a_value))) in - { inv with a_value = Pnamed (id, inv.a_value) }) - inv - in - let inv2 = - option_app - (fun inv -> - let lab = info.t_userlabel in - let id = reg_explanation (Cc.VCEinvpreserv (lab, (inv.a_loc, inv.a_value))) in - { inv with a_value = Pnamed (id, inv.a_value) }) - inv - in - let subst_inv inv s = match inv with - | None -> Ptrue - | Some { a_value = i } -> Subst.predicate s i - in - let i0 = subst_inv inv1 s0 in - let i1 = subst_inv inv2 s0 in - let decphi = match var with - | None -> Ptrue - | Some (loc, phi, _, r) -> - let id = reg_explanation (Cc.VCEvardecr (loc, phi)) in - Pnamed (id, Papp (r, [Subst.term s1 phi; Subst.term s0 phi], [])) - in - let ok = - wpands - [Wp.well_founded_rel var; - subst_inv inv1 s; - wpimplies i1 - (wpand ok1 (wpimplies ne1void (wpand (subst_inv inv2 s1) decphi)))] - in - let ee x = - let ee,sx = exn x ee1 s0 in wpand i0 ee, sx - in - ok, ((Pfalse, s1), exns e ee) - | Raise (id, None) -> - (* OK: true - N : false - E : true *) - Ptrue, ((Pfalse, s), [id, (Ptrue, s)]) - | Raise (id, Some e1) -> - (* OK: ok(e1) - N : false - E : ne(e1) \/ E(e1) if E=id, E(e1) otherwise *) - let ok1,((ne1,s1),ee1) = wp e1 s in - let ee x = - if x == id then - try let ee1,sx = List.assoc x ee1 in por ne1 ee1, sx - with Not_found -> ne1, s1 - else - try List.assoc x ee1 with Not_found -> assert false - in - ok1, ((Pfalse, s1), exns e ee) - | Try (e1, hl) -> - let ok1,((ne1,s1),ee1) = wp e1 s in - let hl = - List.map - (fun ((x,v),ei) -> let _,sx = exn x ee1 s in ((x,v), wp ei sx)) - hl - in - let bind_result v p = match v with - | None -> p - | Some x -> subst_in_predicate (subst_onev result x) p - in - let handler_ok ((x,v), (oki,_)) = - let e1x,_ = exn x ee1 s in - let e1x = bind_result v e1x in - let p = wpimplies e1x oki in - with_exception_type x v (fun v pt -> wpforall v (PureType pt)) p - in - let ok = wpands (ok1 :: List.map handler_ok hl) in - let ne = - List.fold_left - (fun (ne,s) ((x,v), (_,((nei,si),_))) -> - let e1x,_ = exn x ee1 s in - let e1x = bind_result v e1x in - let si = with_exception_type x v Subst.add_aux si in - let s',r1,r2 = merge s si in - por (wpand ne r1) (wpands [e1x; nei; r2]), s') - (ne1,s1) hl - in - let ee x = - let eex,sx = - if List.exists (fun ((xi,_),_) -> x == xi) hl then - Pfalse, s - else - exn x ee1 s - in - List.fold_left - (fun (nex,sx) ((xi,vi),(_,(_,eei))) -> - let e1xi,sxi = exn xi ee1 s in - let eeix,sxi = exn x eei sxi in - let eeix = bind_result vi eeix in - let sxi = with_exception_type xi vi Subst.add_aux sxi in - let sx,r1,r2 = merge sx sxi in - por (wpand nex r1) (wpands [e1xi; eeix; r2]), sx) - (eex, sx) hl - in - ok, (ne, exns e ee) - | Lam (bl, pl, e) -> - (* OK: forall bl. pl => ok(e) - NE: forall bl. pl /\ ne(e, result) *) - let s = Subst.frame e.info.t_env e.info.t_effect s in - let ok,r = wp e s in - let qr = all_quantifiers r in - let pl = List.map (fun a -> subst_in_predicate s.sigma a.a_value) pl in - let q = List.filter (function (_,PureType _) -> true | _ -> false) bl in - wpforalls (q @ qr) (wpimplies (wpands pl) ok), - ((Ptrue, s), []) - | Rec (_f, bl, _v, var, pl, e) -> - (* OK: well_founded(R) /\ forall bl. pl => ok(e) - NE: forall bl. pl /\ ne(e, result) *) - let wfr = Wp.well_founded_rel var in - let s = Subst.frame e.info.t_env e.info.t_effect s in - let ok,r = wp e s in - let qr = all_quantifiers r in - let pl = List.map (fun a -> subst_in_predicate s.sigma a.a_value) pl in - let q = List.filter (function (_,PureType _) -> true | _ -> false) bl in - pand wfr (wpforalls (q @ qr) (wpimplies (wpands pl) ok)), - ((Ptrue, s), []) - | AppRef (e1, _, k) - | AppTerm (e1, _, k) -> - let lab = e1.info.t_label in - let s = Subst.label lab s in - let q = optpost_app (asst_app (change_label "" lab)) k.t_post in - let ok,(((ne,s'),ee) as nee) = wp e1 s in - assert (not (occur_predicate result ne)); - let wr s = Subst.writes (Effect.get_writes k.t_effect) s in - let nee = match q with - | Some (q', qe) -> - (let s' = wr s' in - wpand ne (Subst.predicate s' q'.a_value), s'), - (let ee x = - let q' = List.assoc x qe in - let ee,s' = exn x ee s in - let s' = wr s' in - por ee (wpand ne (Subst.predicate s' q'.a_value)), s' - in - exns e ee) - | None -> - nee - in - ok, nee - | Any k -> - let lab = e.info.t_label in - let s = Subst.label lab s in - let q = optpost_app (post_named e.info.t_loc) k.c_post in - let q = optpost_app (asst_app (change_label "" lab)) q in - let s' = Subst.writes (Effect.get_writes k.c_effect) s in - let nee = match q with - | Some (q', qe) -> - (Subst.predicate s' q'.a_value, s'), - (let ee x = - let q' = List.assoc x qe in - Subst.predicate s' q'.a_value, s' - in - exns e ee) - | None -> - let ee _x = Ptrue, s' in - (Ptrue, s'), exns e ee - in - Ptrue, nee - -let wp e = - let s = Subst.frame e.info.t_env e.info.t_effect Subst.empty in - let ok, _ = wp e s in - ok - -(* - Local Variables: - compile-command: "unset LANG; make -C .. byte" - End: -*) +(**************************************************************************) +(* *) +(* The Why platform for program certification *) +(* *) +(* Copyright (C) 2002-2011 *) +(* *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) +(* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) +(* Yannick MOY, Univ. Paris-sud 11 *) +(* Romain BARDOU, Univ. Paris-sud 11 *) +(* *) +(* Secondary contributors: *) +(* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) +(* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) +(* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) +(* Sylvie BOLDO, INRIA (floating-point support) *) +(* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) *) +(* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) *) +(* *) +(* This software is free software; you can redistribute it and/or *) +(* modify it under the terms of the GNU Lesser General Public *) +(* License version 2.1, with the special exception on linking *) +(* described in file LICENSE. *) +(* *) +(* This software is distributed in the hope that it will be useful, *) +(* but WITHOUT ANY WARRANTY; without even the implied warranty of *) +(* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *) +(* *) +(**************************************************************************) + + + + + +(* Fast weakest preconditions *) + + + +open Ident +open Logic +open Types +open Effect +open Misc +open Util +open Ast +open Env + +let idmap_union m1 m2 = + Idmap.fold + (fun x2 v m1 -> + if Idmap.mem x2 m1 + then begin assert (Idmap.find x2 m1 = v); m1 end + else Idmap.add x2 v m1) + m2 m1 + +module Subst = struct + + type t = { + current : Ident.t Idmap.t; (* current name for each variable *) + sigma : Ident.t Idmap.t; (* substitution for all variables *) + types : pure_type Idmap.t; (* types, for quantifiers *) + all_vars : Idset.t; (* all names already used *) + } + + let empty = + { current = Idmap.empty; + sigma = Idmap.empty; + types = Idmap.empty; + all_vars = Idset.empty } + + let add x pt s = + { current = Idmap.add x x s.sigma; + sigma = Idmap.add x x s.sigma; + types = Idmap.add x pt s.types; + all_vars = Idset.add x s.all_vars } + + let add_aux x pt s = + { s with + types = Idmap.add x pt s.types; + all_vars = Idset.add x s.all_vars } + + let frame env ef s = + let r,w,_,_ = Effect.get_repr ef in + List.fold_left + (fun s x -> + try + begin match Env.type_in_env env x with + | Ref pt -> add x pt s + | _ -> assert false end + with Not_found -> assert false) + s (r @ w) + + let find x s = Idmap.find x s.current + + let global_names = ref Idset.empty + + let next_away x s = + let x' = next_away x (Idset.union !global_names s) in + global_names := Idset.add x' !global_names; + x' + + let fresh x s = + assert (Idmap.mem x s.types); + let x' = next_away x s.all_vars in + x', + { current = Idmap.add x x' s.current; + sigma = Idmap.add x x' s.sigma; + types = Idmap.add x' (Idmap.find x s.types) s.types; + all_vars = Idset.add x' s.all_vars } + + let fresh_pure x pt s = + let x' = next_away x s.all_vars in + x', + { current = Idmap.add x x' s.current; + sigma = Idmap.add x x' s.sigma; + types = Idmap.add x' pt s.types; + all_vars = Idset.add x' s.all_vars } + + let write x s = let _,s = fresh x s in s + let writes = List.fold_right write + + let term s = Misc.subst_in_term s.sigma + let predicate s = Misc.subst_in_predicate s.sigma + + (* we cross the label l => + the values at label l are mapped to the current values of references *) + let label l s = + { s with sigma = + Idmap.fold + (fun x x' m -> + if not (is_at x) then Idmap.add (at_id x l) x' m else m) + s.current s.sigma } + + let add_vars s1 s2 = + { s1 with + types = idmap_union s1.types s2.types; + all_vars = Idset.union s1.all_vars s2.all_vars } + + (* debug *) + open Format + let print fmt s = + let print_map fmt m = + Idmap.iter + (fun x x' -> fprintf fmt "(%a->%a)" Ident.lprint x Ident.lprint x') m + in + let print_keys fmt m = + Idmap.iter + (fun x _ -> fprintf fmt "(%a)" Ident.lprint x) m + in + fprintf fmt "@[current=%a,@ sigma=%a,@ types=%a@]" + print_map s.current print_map s.sigma print_keys s.types + +end +open Subst + +let all_quantifiers ((_,s),ee) = + let s = + List.fold_left (fun s (_,(_,sx)) -> idmap_union s sx.types) s.types ee + in + let l = Idmap.fold (fun x pt acc -> (x, PureType pt) :: acc) s [] in + List.rev l + +let merge s1 s2 = + (* d = { x | s1(x) <> s2(x) } *) + let d = + Idmap.fold + (fun x x1 d -> + try + let x2 = Subst.find x s2 in if x1 != x2 then Idset.add x d else d + with Not_found -> + d) + s1.current Idset.empty + in + let s12 = + { s1 with + types = idmap_union s1.types s2.types; + all_vars = Idset.union s1.all_vars s2.all_vars } + in + Idset.fold + (fun x (s',r1,r2) -> + let x',s' = Subst.fresh x s' in + let ty = PureType (Idmap.find x s'.types) in + s', + wpand r1 (tequality ty (Tvar x') (Tvar (Subst.find x s1))), + wpand r2 (tequality ty (Tvar x') (Tvar (Subst.find x s2)))) + d (s12, Ptrue, Ptrue) + +let wpforall = pforall ~is_wp:true +let wpforalls = foralls_many ~is_wp:true + +let ssubst_in_predicate s p = simplify (tsubst_in_predicate s p) + +let norm (p,_) = p +let exn x pl s = try List.assoc x pl with Not_found -> Pfalse, s +let exns e ee = List.map (fun x -> x, ee x) (get_exns e.info.t_effect) + +let with_exception_type e v f x = match find_exception e, v with + | None, None -> x + | Some pt, Some v -> f v pt x + | _ -> assert false + +(* INPUT + - e : program + - s : Subst.t + OUTPUT + - ok : predicate = correctness of e + - (n,el) : predicate * (Ident.t * predicate) list, such that + * if e terminates normally then n holds + * if e raises exception E then List.assoc E el holds + - s' : Subst.t +*) + +let rec wp e s = + let _,(_,ee) as r = wp0 e.info e s in + assert (List.length ee = List.length (get_exns e.info.t_effect)); + r + +and wp0 info e s = + (*Format.eprintf "@[wp avec %a@]@." Subst.print s;*) + let v = result_type e in + match e.desc with + | Expression t -> + (* OK: true + NE: result=t *) + let t = Subst.term s (unref_term t) in + let p = match e.info.t_result_type with + | PureType PTunit -> Ptrue + | _ -> tequality v tresult t + in + Ptrue, ((p, s), []) + | If (e1, e2, e3) -> + (* OK: ok(e1) /\ (ne(e1,true) => ok(e2)) /\ (ne(e1,false) => ok(e3)) + NE: (ne(e1,true) /\ ne(e2,result)) \/ (ne(e1,false) /\ ne(e3,result)) + *) + let ok1,((ne1,s1),ee1) = wp e1 s in + let ok2,((ne2,s2),ee2) = wp e2 s1 in + let ok3,((ne3,s3),ee3) = wp e3 s1 in + let ne1true = ssubst_in_predicate (subst_one result ttrue) ne1 in + let ne1false = ssubst_in_predicate (subst_one result tfalse) ne1 in + let ok = wpands [ok1; wpimplies ne1true ok2; wpimplies ne1false ok3] in + let ne = + let s',r2,r3 = merge s2 s3 in + por (wpands [ne1true; ne2; r2]) (wpands [ne1false; ne3; r3]), s' + in + let ee x = + let ee2,s2 = exn x ee2 s1 and ee3,s3 = exn x ee3 s1 in + let s23,r2,r3 = merge s2 s3 in + let ee1,s1 = exn x ee1 s in + let s',q1,q23 = merge s1 s23 in + pors [wpand ee1 q1; + wpands [ne1true;ee2;r2;q23]; + wpands [ne1false;ee3;r3;q23]], s' + in + ok, (ne, exns e ee) + | Seq (e1, e2) -> + (* OK: ok(e1) /\ (ne(e1,void) => ok(e2)) + NE: ne(e1,void) /\ ne(e2,result) *) + let ok1,((ne1,s1),ee1) = wp e1 s in + let ok2,((ne2,s2),ee2) = wp e2 s1 in + let ne1void = tsubst_in_predicate (subst_one result tvoid) ne1 in + let ok = wpand ok1 (wpimplies ne1void ok2) in + let ne = wpand ne1void ne2 in + let ee x = + let ee1,sx1 = exn x ee1 s and ee2,sx2 = exn x ee2 s1 in + let s',r1,r2 = merge sx1 sx2 in + por (wpand ee1 r1) (wpands [ne1void; ee2; r2]), s' + in + ok, ((ne, s2), exns e ee) + | LetIn (x, e1, e2) -> + let ok1,((ne1,s1),ee1) = wp e1 s in + let x',s1 = match e1.info.t_result_type with + | PureType pt -> Subst.fresh_pure x pt s1 + | _ -> x, s1 + in + let ok2,((ne2,s2),ee2) = wp e2 s1 in + begin match e1.info.t_result_type with + | PureType _pt -> + let ne1x = subst_in_predicate (subst_onev result x') ne1 in + let subst = subst_in_predicate (subst_onev x x') in + let ok = wpand ok1 (wpimplies ne1x (subst ok2)) in + let ne = wpand ne1x (subst ne2) in + let ee x = + let ee1,sx1 = exn x ee1 s and ee2,sx2 = exn x ee2 s1 in + let s',r1,r2 = merge sx1 sx2 in + por (wpand ee1 r1) (wpands [ne1x; ee2; r2]), s' + in + ok, ((ne, s2), exns e ee) + | Arrow _ -> + assert (not (occur_predicate result ne1)); + assert (not (occur_predicate x ne2)); + let ok = wpand ok1 (wpimplies ne1 ok2) in (* ok1 /\ ok2 ? *) + let ne = wpand ne1 ne2 in + let ee x = + let ee1,sx1 = exn x ee1 s and ee2,sx2 = exn x ee2 s1 in + let s',r1,r2 = merge sx1 sx2 in + por (wpand ee1 r1) (wpands [ne1; ee2; r2]), s' + in + ok, ((ne, s2), exns e ee) + | Ref _ -> + assert false + end + | LetRef (x, e1, e2) -> + begin match e1.info.t_result_type with + | PureType pt -> + let ok1,((ne1,s1),ee1) = wp e1 s in + let s1 = Subst.add x pt s1 in + let ok2,((ne2,s2),ee2) = wp e2 s1 in + let ne1x = subst_in_predicate (subst_onev result x) ne1 in + let ok = wpand ok1 ((*wpforall x ty1*) (wpimplies ne1x ok2)) in + let ne = (*exists x ty1*) (wpand ne1x ne2) in + let ee x = + let ee1,sx1 = exn x ee1 s and ee2,sx2 = exn x ee2 s1 in + let s',r1,r2 = merge sx1 sx2 in + por (wpand ee1 r1) (wpands [ne1x; ee2; r2]), s' + in + let s2 = Subst.add_aux x pt s2 in + ok, ((ne, s2), exns e ee) + | Arrow _ | Ref _ -> + assert false + end + | Assertion (k, al, e1) -> + (* OK: al /\ ok(e1) + NE: al /\ ne(e1, result) *) + let ok, ((ne1, s'), ee1) = wp e1 s in + let pl = List.map (fun a -> subst_in_predicate s.sigma a.a_value) al in + let ee x = let ee, sx = exn x ee1 s in wpands (pl @ [ee]), sx in + (* wpands (pl@[ok]), ((wpands (pl@[ne1]), s'), exns e ee) *) + let expl = + match k with + | `ABSURD -> + Cc.VCEabsurd + | #Cc.assert_kind as k -> (* ASSERT and CHECK *) + Cc.VCEassert (k, List.map (fun a -> (a.a_loc, a.a_value)) al) + | `PRE -> + let lab = info.t_userlabel in + let loc = info.t_loc in + Cc.VCEpre (lab, loc, List.map (fun a -> (a.a_loc, a.a_value)) al) + in + let id = reg_explanation expl in + Pnamed (id, wpands (pl@[ok])), ((wpands (pl@[ne1]), s'), exns e ee) + | Post (e1, q, _) -> + (* TODO: what to do with the transparency here? *) + let lab = e1.info.t_label in + let s = Subst.label lab s in + let ok, ((ne1, s'), ee1) = wp e1 s in + let q, ql = post_app (asst_app (change_label "" lab)) q in + let q = + let id = reg_explanation (Cc.VCEpost (q.a_loc, q.a_value)) in + { q with a_value = Pnamed (id, q.a_value) } + in + let ql = + List.map + (fun (x, q) -> + let id = reg_explanation (Cc.VCEpost (q.a_loc, q.a_value)) in + x, { q with a_value = Pnamed (id, q.a_value) }) + ql + in + let subst p s = subst_in_predicate s.sigma p.a_value in + let q = subst q s' in + let ql = List.map2 (fun (_, (_,sx)) (x, qx) -> x, subst qx sx) ee1 ql in + let post_exn (x, (ex, _)) (x', qx) = + assert (x = x'); + let p = wpimplies ex qx in + match find_exception x with + | Some pt -> wpforall result (PureType pt) p + | None -> p + in + let ok = + wpands + (ok :: + wpforall result e1.info.t_result_type (wpimplies ne1 q) :: + List.map2 post_exn ee1 ql) + in + let ne = wpand ne1 q, s' in + let ee x = let ee, sx = exn x ee1 s in wpand ee (List.assoc x ql), sx in + ok, (ne, exns e ee) + | Label (l, e) -> + wp e (Subst.label l s) + | Var _ -> + (* this must be an impure function, thus OK = NE = true *) + Ptrue, ((Ptrue, s), []) + | Absurd -> + (* OK = NE = false *) + Pfalse, ((Pfalse, s), []) + | Loop (inv, var, e1) -> + (* OK: I /\ forall w. (I => (ok(e1) /\ (ne(e1,void) => I /\ var + let lab = info.t_userlabel in + let id = reg_explanation (Cc.VCEinvinit (lab, (inv.a_loc, inv.a_value))) in + { inv with a_value = Pnamed (id, inv.a_value) }) + inv + in + let inv2 = + option_app + (fun inv -> + let lab = info.t_userlabel in + let id = reg_explanation (Cc.VCEinvpreserv (lab, (inv.a_loc, inv.a_value))) in + { inv with a_value = Pnamed (id, inv.a_value) }) + inv + in + let subst_inv inv s = match inv with + | None -> Ptrue + | Some { a_value = i } -> Subst.predicate s i + in + let i0 = subst_inv inv1 s0 in + let i1 = subst_inv inv2 s0 in + let decphi = match var with + | None -> Ptrue + | Some (loc, phi, _, r) -> + let id = reg_explanation (Cc.VCEvardecr (loc, phi)) in + Pnamed (id, Papp (r, [Subst.term s1 phi; Subst.term s0 phi], [])) + in + let ok = + wpands + [Wp.well_founded_rel var; + subst_inv inv1 s; + wpimplies i1 + (wpand ok1 (wpimplies ne1void (wpand (subst_inv inv2 s1) decphi)))] + in + let ee x = + let ee,sx = exn x ee1 s0 in wpand i0 ee, sx + in + ok, ((Pfalse, s1), exns e ee) + | Raise (id, None) -> + (* OK: true + N : false + E : true *) + Ptrue, ((Pfalse, s), [id, (Ptrue, s)]) + | Raise (id, Some e1) -> + (* OK: ok(e1) + N : false + E : ne(e1) \/ E(e1) if E=id, E(e1) otherwise *) + let ok1,((ne1,s1),ee1) = wp e1 s in + let ee x = + if x == id then + try let ee1,sx = List.assoc x ee1 in por ne1 ee1, sx + with Not_found -> ne1, s1 + else + try List.assoc x ee1 with Not_found -> assert false + in + ok1, ((Pfalse, s1), exns e ee) + | Try (e1, hl) -> + let ok1,((ne1,s1),ee1) = wp e1 s in + let hl = + List.map + (fun ((x,v),ei) -> let _,sx = exn x ee1 s in ((x,v), wp ei sx)) + hl + in + let bind_result v p = match v with + | None -> p + | Some x -> subst_in_predicate (subst_onev result x) p + in + let handler_ok ((x,v), (oki,_)) = + let e1x,_ = exn x ee1 s in + let e1x = bind_result v e1x in + let p = wpimplies e1x oki in + with_exception_type x v (fun v pt -> wpforall v (PureType pt)) p + in + let ok = wpands (ok1 :: List.map handler_ok hl) in + let ne = + List.fold_left + (fun (ne,s) ((x,v), (_,((nei,si),_))) -> + let e1x,_ = exn x ee1 s in + let e1x = bind_result v e1x in + let si = with_exception_type x v Subst.add_aux si in + let s',r1,r2 = merge s si in + por (wpand ne r1) (wpands [e1x; nei; r2]), s') + (ne1,s1) hl + in + let ee x = + let eex,sx = + if List.exists (fun ((xi,_),_) -> x == xi) hl then + Pfalse, s + else + exn x ee1 s + in + List.fold_left + (fun (nex,sx) ((xi,vi),(_,(_,eei))) -> + let e1xi,sxi = exn xi ee1 s in + let eeix,sxi = exn x eei sxi in + let eeix = bind_result vi eeix in + let sxi = with_exception_type xi vi Subst.add_aux sxi in + let sx,r1,r2 = merge sx sxi in + por (wpand nex r1) (wpands [e1xi; eeix; r2]), sx) + (eex, sx) hl + in + ok, (ne, exns e ee) + | Lam (bl, pl, e) -> + (* OK: forall bl. pl => ok(e) + NE: forall bl. pl /\ ne(e, result) *) + let s = Subst.frame e.info.t_env e.info.t_effect s in + let ok,r = wp e s in + let qr = all_quantifiers r in + let pl = List.map (fun a -> subst_in_predicate s.sigma a.a_value) pl in + let q = List.filter (function (_,PureType _) -> true | _ -> false) bl in + wpforalls (q @ qr) (wpimplies (wpands pl) ok), + ((Ptrue, s), []) + | Rec (_f, bl, _v, var, pl, e) -> + (* OK: well_founded(R) /\ forall bl. pl => ok(e) + NE: forall bl. pl /\ ne(e, result) *) + let wfr = Wp.well_founded_rel var in + let s = Subst.frame e.info.t_env e.info.t_effect s in + let ok,r = wp e s in + let qr = all_quantifiers r in + let pl = List.map (fun a -> subst_in_predicate s.sigma a.a_value) pl in + let q = List.filter (function (_,PureType _) -> true | _ -> false) bl in + pand wfr (wpforalls (q @ qr) (wpimplies (wpands pl) ok)), + ((Ptrue, s), []) + | AppRef (e1, _, k) + | AppTerm (e1, _, k) -> + let lab = e1.info.t_label in + let s = Subst.label lab s in + let q = optpost_app (asst_app (change_label "" lab)) k.t_post in + let ok,(((ne,s'),ee) as nee) = wp e1 s in + assert (not (occur_predicate result ne)); + let wr s = Subst.writes (Effect.get_writes k.t_effect) s in + let nee = match q with + | Some (q', qe) -> + (let s' = wr s' in + wpand ne (Subst.predicate s' q'.a_value), s'), + (let ee x = + let q' = List.assoc x qe in + let ee,s' = exn x ee s in + let s' = wr s' in + por ee (wpand ne (Subst.predicate s' q'.a_value)), s' + in + exns e ee) + | None -> + nee + in + ok, nee + | Any k -> + let lab = e.info.t_label in + let s = Subst.label lab s in + let q = optpost_app (post_named e.info.t_loc) k.c_post in + let q = optpost_app (asst_app (change_label "" lab)) q in + let s' = Subst.writes (Effect.get_writes k.c_effect) s in + let nee = match q with + | Some (q', qe) -> + (Subst.predicate s' q'.a_value, s'), + (let ee x = + let q' = List.assoc x qe in + Subst.predicate s' q'.a_value, s' + in + exns e ee) + | None -> + let ee _x = Ptrue, s' in + (Ptrue, s'), exns e ee + in + Ptrue, nee + +let wp e = + let s = Subst.frame e.info.t_env e.info.t_effect Subst.empty in + let ok, _ = wp e s in + ok + +(* + Local Variables: + compile-command: "unset LANG; make -C .. byte" + End: +*) diff -Nru why-2.29+dfsg/src/fastwp.mli why-2.30+dfsg/src/fastwp.mli --- why-2.29+dfsg/src/fastwp.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/fastwp.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/fpi.ml why-2.30+dfsg/src/fpi.ml --- why-2.29+dfsg/src/fpi.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/fpi.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/fpi.mli why-2.30+dfsg/src/fpi.mli --- why-2.29+dfsg/src/fpi.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/fpi.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/gappa.ml why-2.30+dfsg/src/gappa.ml --- why-2.29+dfsg/src/gappa.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/gappa.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/gappa.mli why-2.30+dfsg/src/gappa.mli --- why-2.29+dfsg/src/gappa.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/gappa.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/graphviz.ml why-2.30+dfsg/src/graphviz.ml --- why-2.29+dfsg/src/graphviz.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/graphviz.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/graphviz.mli why-2.30+dfsg/src/graphviz.mli --- why-2.29+dfsg/src/graphviz.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/graphviz.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/harvey.ml why-2.30+dfsg/src/harvey.ml --- why-2.29+dfsg/src/harvey.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/harvey.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/harvey.mli why-2.30+dfsg/src/harvey.mli --- why-2.29+dfsg/src/harvey.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/harvey.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/hol4.ml why-2.30+dfsg/src/hol4.ml --- why-2.29+dfsg/src/hol4.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/hol4.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/hol4.mli why-2.30+dfsg/src/hol4.mli --- why-2.29+dfsg/src/hol4.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/hol4.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/holl.ml why-2.30+dfsg/src/holl.ml --- why-2.29+dfsg/src/holl.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/holl.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/holl.mli why-2.30+dfsg/src/holl.mli --- why-2.29+dfsg/src/holl.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/holl.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/hypotheses_filtering.ml why-2.30+dfsg/src/hypotheses_filtering.ml --- why-2.29+dfsg/src/hypotheses_filtering.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/hypotheses_filtering.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/ident.ml why-2.30+dfsg/src/ident.ml --- why-2.29+dfsg/src/ident.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/ident.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/ident.mli why-2.30+dfsg/src/ident.mli --- why-2.29+dfsg/src/ident.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/ident.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/isabelle.ml why-2.30+dfsg/src/isabelle.ml --- why-2.29+dfsg/src/isabelle.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/isabelle.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/isabelle.mli why-2.30+dfsg/src/isabelle.mli --- why-2.29+dfsg/src/isabelle.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/isabelle.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/lexer.mli why-2.30+dfsg/src/lexer.mli --- why-2.29+dfsg/src/lexer.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/lexer.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/lexer.mll why-2.30+dfsg/src/lexer.mll --- why-2.29+dfsg/src/lexer.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/lexer.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/lib.ml why-2.30+dfsg/src/lib.ml --- why-2.29+dfsg/src/lib.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/lib.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/lib.mli why-2.30+dfsg/src/lib.mli --- why-2.29+dfsg/src/lib.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/lib.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/linenum.mli why-2.30+dfsg/src/linenum.mli --- why-2.29+dfsg/src/linenum.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/linenum.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/linenum.mll why-2.30+dfsg/src/linenum.mll --- why-2.29+dfsg/src/linenum.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/linenum.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/loc.ml why-2.30+dfsg/src/loc.ml --- why-2.29+dfsg/src/loc.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/loc.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/loc.mli why-2.30+dfsg/src/loc.mli --- why-2.29+dfsg/src/loc.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/loc.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/logic_decl.mli why-2.30+dfsg/src/logic_decl.mli --- why-2.29+dfsg/src/logic_decl.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/logic_decl.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/logic.mli why-2.30+dfsg/src/logic.mli --- why-2.29+dfsg/src/logic.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/logic.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/log.mli why-2.30+dfsg/src/log.mli --- why-2.29+dfsg/src/log.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/log.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/ltyping.ml why-2.30+dfsg/src/ltyping.ml --- why-2.29+dfsg/src/ltyping.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/ltyping.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/ltyping.mli why-2.30+dfsg/src/ltyping.mli --- why-2.29+dfsg/src/ltyping.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/ltyping.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/main.ml why-2.30+dfsg/src/main.ml --- why-2.29+dfsg/src/main.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/main.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -63,8 +63,9 @@ | Isabelle -> Isabelle.reset () | Hol4 -> Hol4.reset () | SmtLib -> () - | Harvey | Simplify | Zenon | Z3 | CVCLite | Gappa - | Ergo | Why | MultiWhy | Why3 | Dispatcher | WhyProject -> () + | Harvey | Simplify | Zenon | Z3 | CVCLite | Gappa | Vampire + | Ergo | Why | MultiWhy | MultiAltergo | Why3 | Dispatcher + | WhyProject -> () let add_loc = function | Dtype (loc, s, _) @@ -101,7 +102,7 @@ -> Pretty.push_or_output_decl *) | Why | WhyProject -> Pretty.push_decl ~ergo:false | Why3 -> Why3.push_decl - | Ergo -> Pretty.push_decl ~ergo:true + | Ergo | MultiAltergo -> Pretty.push_decl ~ergo:true | Dispatcher -> (* (fun d -> @@ -114,7 +115,7 @@ Pretty.push_decl ~ergo:false d) *) | Harvey -> Harvey.push_decl - | Simplify -> Simplify.push_decl + | Simplify | Vampire -> Simplify.push_decl | Zenon -> Zenon.push_decl | Z3 -> Z3.push_decl | CVCLite -> Cvcl.push_decl @@ -164,8 +165,9 @@ | Coq _ -> if valid then Coq.push_parameter id tv | Pvs | HolLight | Isabelle | Hol4 | Mizar - | Harvey | Simplify | Zenon | Z3 | SmtLib | Gappa - | CVCLite | Ergo | Why | MultiWhy | Dispatcher | WhyProject | Why3 -> + | Harvey | Simplify | Vampire | Zenon | Z3 | SmtLib | Gappa + | CVCLite | Ergo | Why | MultiWhy | MultiAltergo + | Dispatcher | WhyProject | Why3 -> () let output is_last fwe = @@ -182,6 +184,7 @@ | Mizar -> Mizar.output_file fwe | Harvey -> Harvey.output_file fwe | Simplify -> Simplify.output_file ~allowedit:true (fwe ^ "_why.sx") + | Vampire -> Simplify.output_file ~allowedit:true (fwe ^ "_why.vp") | CVCLite -> Cvcl.output_file ~allowedit:true (fwe ^ "_why.cvc") | Zenon -> Zenon.output_file ~allowedit:true (fwe ^ "_why.znn") | Z3 -> Z3.output_file fwe @@ -198,7 +201,7 @@ | Ergo -> Pretty.output_file ~ergo:true (fwe ^ "_why.why") | Why -> Pretty.output_file ~ergo:false (fwe ^ "_why.why") | Why3 -> Why3.output_file fwe - | MultiWhy -> Pretty.output_files fwe + | MultiWhy | MultiAltergo -> Pretty.output_files fwe | WhyProject -> ignore(Pretty.output_project fwe) end @@ -218,10 +221,11 @@ | Hol4 -> Hol4.push_decl d | Gappa -> Gappa.push_decl d | Why | MultiWhy | WhyProject -> Pretty.push_decl d - | Ergo -> Pretty.push_decl ~ergo:true d + | Ergo | MultiAltergo -> Pretty.push_decl ~ergo:true d | Dispatcher -> Dispatcher.push_decl d | Harvey -> Harvey.push_decl d | Simplify -> Simplify.push_decl d + | Vampire -> Simplify.push_decl d | Zenon -> Zenon.push_decl d | Z3 -> Z3.push_decl d | CVCLite -> Cvcl.push_decl d @@ -659,7 +663,7 @@ try List.iter (load_file ~_prelude:true) lib_files_to_load; begin match prover () with - | Simplify when no_simplify_prelude -> Simplify.reset () + | Simplify | Vampire when no_simplify_prelude -> Simplify.reset () | _ -> () end with e -> @@ -678,8 +682,8 @@ if not parse_only then List.iter interp_decl p let single_file () = match prover () with - | Simplify | Harvey | Zenon | Z3 | CVCLite | Gappa | Dispatcher - | SmtLib | Ergo | Why | MultiWhy | WhyProject | Why3 -> true + | Simplify | Vampire | Harvey | Zenon | Z3 | CVCLite | Gappa | Dispatcher + | SmtLib | Ergo | Why | MultiWhy | MultiAltergo | WhyProject | Why3 -> true | Coq _ | Pvs | Mizar | Hol4 | HolLight | Isabelle -> false let deal_file is_last f = @@ -695,7 +699,20 @@ | [] -> () | [x] -> f true x | x::l -> f false x; iter_with_last f l - + +let delete_old_vcs files = + let base_name = Filename.chop_extension (last files) in + let cnt = ref 1 in + try + while true do + let po_name = base_name ^ "_po" ^ string_of_int !cnt ^ ".why" in + if Sys.file_exists po_name then Sys.remove po_name + else raise Exit; + incr cnt; + done; + with Exit -> () + + let main () = let t0 = Unix.times () in load_prelude (); @@ -706,6 +723,7 @@ end else begin + if Options.delete_old_vcs then delete_old_vcs files; iter_with_last deal_file files; if type_only then exit 0; if (pruning) or (Options.pruning_hyp_v != -1) then diff -Nru why-2.29+dfsg/src/mapenv.ml why-2.30+dfsg/src/mapenv.ml --- why-2.29+dfsg/src/mapenv.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/mapenv.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/misc.ml why-2.30+dfsg/src/misc.ml --- why-2.29+dfsg/src/misc.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/misc.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/misc.mli why-2.30+dfsg/src/misc.mli --- why-2.29+dfsg/src/misc.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/misc.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/mizar.ml why-2.30+dfsg/src/mizar.ml --- why-2.29+dfsg/src/mizar.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/mizar.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/mizar.mli why-2.30+dfsg/src/mizar.mli --- why-2.29+dfsg/src/mizar.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/mizar.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/mlize.ml why-2.30+dfsg/src/mlize.ml --- why-2.29+dfsg/src/mlize.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/mlize.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/mlize.mli why-2.30+dfsg/src/mlize.mli --- why-2.29+dfsg/src/mlize.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/mlize.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/monad.ml why-2.30+dfsg/src/monad.ml --- why-2.29+dfsg/src/monad.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/monad.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/monad.mli why-2.30+dfsg/src/monad.mli --- why-2.29+dfsg/src/monad.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/monad.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/monadSig.mli why-2.30+dfsg/src/monadSig.mli --- why-2.29+dfsg/src/monadSig.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/monadSig.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/monomorph.ml why-2.30+dfsg/src/monomorph.ml --- why-2.29+dfsg/src/monomorph.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/monomorph.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/monomorph.mli why-2.30+dfsg/src/monomorph.mli --- why-2.29+dfsg/src/monomorph.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/monomorph.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/ocaml.ml why-2.30+dfsg/src/ocaml.ml --- why-2.29+dfsg/src/ocaml.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/ocaml.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/ocaml.mli why-2.30+dfsg/src/ocaml.mli --- why-2.29+dfsg/src/ocaml.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/ocaml.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/option_misc.ml why-2.30+dfsg/src/option_misc.ml --- why-2.29+dfsg/src/option_misc.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/option_misc.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/option_misc.mli why-2.30+dfsg/src/option_misc.mli --- why-2.29+dfsg/src/option_misc.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/option_misc.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/options.ml why-2.30+dfsg/src/options.ml --- why-2.29+dfsg/src/options.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/options.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -94,6 +94,8 @@ let files_to_load_ = ref [] let show_time_ = ref false let locs_files = ref [] +let default_locs = ref false +let delete_old_vcs = ref false let explain_vc = ref false let locs_table = Hashtbl.create 97 @@ -138,8 +140,8 @@ type prover = | Coq of coq_version | Pvs | HolLight | Mizar | Harvey | Simplify | CVCLite - | SmtLib | Isabelle | Hol4 | Gappa | Zenon | Z3 - | Ergo | Why | MultiWhy | Why3 | Dispatcher | WhyProject + | SmtLib | Isabelle | Hol4 | Gappa | Zenon | Z3 | Vampire + | Ergo | Why | MultiWhy | MultiAltergo | Why3 | Dispatcher | WhyProject let prover_ = ref (Coq coq_version) @@ -198,7 +200,7 @@ let banner () = eprintf "\ This is why version %s, compiled on %s -Copyright (c) 2002 Jean-Christophe Filliâtre +Copyright (c) 2002-2011 CNRS/INRIA/Univ Paris 11, team ProVal This is free software with ABSOLUTELY NO WARRANTY (use option -warranty) " Version.version Version.date; flush stderr @@ -236,6 +238,10 @@ --total total correctness --explain outputs explanations for VCs in file.xpl --locs f reads source locations from file f + --default-locs reads source locations from file basename.loc + --delete-old-vcs delete files that originate from a previous call to Why on + the same file; active only when option --multi-why or + --multi-altergo is given --phantom declare as a phantom type VC transformation options: @@ -293,6 +299,7 @@ --why selects the Why pretty-printer --why3 selects the Why3 pretty-printer --multi-why selects the Why pretty-printer, with one file per goal + --multi-altergo selects the Alt-Ergo pretty-printer, with one file per goal --project selects the Why project format, with one file per goal Coq-specific options: @@ -375,6 +382,7 @@ | ("-mizar" | "--mizar") :: args -> prover_ := Mizar; parse args | ("-harvey" | "--harvey") :: args -> prover_ := Harvey; parse args | ("-simplify" | "--simplify") :: args -> prover_ := Simplify; parse args + | ("-vampire" | "--vampire") :: args -> prover_ := Vampire; parse args | ("-isabelle" | "--isabelle") :: args -> prover_ := Isabelle; parse args | ("-hol4" | "--hol4") :: args -> prover_ := Hol4; parse args | ("-cvcl" | "--cvcl") :: args -> prover_ := CVCLite; parse args @@ -384,6 +392,8 @@ | ("-why" | "--why") :: args -> prover_ := Why; parse args | ("-why3" | "--why3") :: args -> prover_ := Why3; parse args | ("-multi-why" | "--multi-why") :: args -> prover_ := MultiWhy; parse args + | ("-multi-altergo" | "--multi-altergo") :: args -> + prover_ := MultiAltergo; parse args | ("-project" | "--project") :: args -> prover_ := WhyProject; parse args | ("-gappa" | "--gappa") :: args -> prover_ := Gappa; parse args | ("-show-time" | "--show-time") :: args -> show_time_ := true; parse args @@ -604,6 +614,12 @@ | ("-locs" | "--locs") :: s :: args -> locs_files := s :: !locs_files; parse args + | ("-default-locs" | "--default-locs" ) :: args -> + default_locs := true; + parse args + | ("-delete-old-vcs" | "--delete-old-vcs" ) :: args -> + delete_old_vcs := true; + parse args | ("-phantom" | "--phantom") :: s :: args -> Hashtbl.add phantom_types s (); parse args @@ -621,6 +637,8 @@ let wp_only = !wp_only_ let prover (* ?(ignore_gui=false) *) () = if (* not ignore_gui &&*) !gui then Dispatcher else !prover_ +let delete_old_vcs = + !delete_old_vcs && (let p = prover () in p = MultiWhy || p = MultiAltergo) let valid = !valid_ let coq_tactic = !coq_tactic_ let coq_preamble = match !coq_preamble_ with @@ -732,6 +750,11 @@ let if_debug_3 f x y z = if debug then f x y z let () = + if !default_locs then + locs_files := + (List.map (fun s -> + Filename.chop_extension s ^ ".loc" ) files) @ !locs_files; + List.iter (fun f -> let l = Rc.from_file f in diff -Nru why-2.29+dfsg/src/options.mli why-2.30+dfsg/src/options.mli --- why-2.29+dfsg/src/options.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/options.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -129,8 +129,8 @@ type prover = | Coq of coq_version | Pvs | HolLight | Mizar | Harvey | Simplify | CVCLite - | SmtLib | Isabelle | Hol4 | Gappa | Zenon | Z3 - | Ergo | Why | MultiWhy | Why3 | Dispatcher | WhyProject + | SmtLib | Isabelle | Hol4 | Gappa | Zenon | Z3 | Vampire + | Ergo | Why | MultiWhy | MultiAltergo | Why3 | Dispatcher | WhyProject val prover : (* ?ignore_gui:bool -> *) unit -> prover @@ -150,6 +150,7 @@ val no_harvey_prelude : bool val no_zenon_prelude : bool val no_cvcl_prelude : bool +val delete_old_vcs : bool val floats : bool val show_time : bool diff -Nru why-2.29+dfsg/src/parser.mly why-2.30+dfsg/src/parser.mly --- why-2.29+dfsg/src/parser.mly 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/parser.mly 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/src/pp.ml why-2.30+dfsg/src/pp.ml --- why-2.29+dfsg/src/pp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/pp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/pp.mli why-2.30+dfsg/src/pp.mli --- why-2.29+dfsg/src/pp.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/pp.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/predDefExpansor.ml why-2.30+dfsg/src/predDefExpansor.ml --- why-2.29+dfsg/src/predDefExpansor.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/predDefExpansor.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/predDefExpansor.mli why-2.30+dfsg/src/predDefExpansor.mli --- why-2.29+dfsg/src/predDefExpansor.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/predDefExpansor.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/pretty.ml why-2.30+dfsg/src/pretty.ml --- why-2.29+dfsg/src/pretty.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/pretty.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/pretty.mli why-2.30+dfsg/src/pretty.mli --- why-2.29+dfsg/src/pretty.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/pretty.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/print_real.ml why-2.30+dfsg/src/print_real.ml --- why-2.29+dfsg/src/print_real.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/print_real.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/project.ml why-2.30+dfsg/src/project.ml --- why-2.29+dfsg/src/project.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/project.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/project.mli why-2.30+dfsg/src/project.mli --- why-2.29+dfsg/src/project.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/project.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/ptree.mli why-2.30+dfsg/src/ptree.mli --- why-2.29+dfsg/src/ptree.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/ptree.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/purify.mli why-2.30+dfsg/src/purify.mli --- why-2.29+dfsg/src/purify.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/purify.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/pvs.ml why-2.30+dfsg/src/pvs.ml --- why-2.29+dfsg/src/pvs.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/pvs.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/pvs.mli why-2.30+dfsg/src/pvs.mli --- why-2.29+dfsg/src/pvs.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/pvs.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/rc.mli why-2.30+dfsg/src/rc.mli --- why-2.29+dfsg/src/rc.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/rc.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/rc.mll why-2.30+dfsg/src/rc.mll --- why-2.29+dfsg/src/rc.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/rc.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/red.ml why-2.30+dfsg/src/red.ml --- why-2.29+dfsg/src/red.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/red.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/red.mli why-2.30+dfsg/src/red.mli --- why-2.29+dfsg/src/red.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/red.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/regen.ml why-2.30+dfsg/src/regen.ml --- why-2.29+dfsg/src/regen.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/regen.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/regen.mli why-2.30+dfsg/src/regen.mli --- why-2.29+dfsg/src/regen.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/regen.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/rename.ml why-2.30+dfsg/src/rename.ml --- why-2.29+dfsg/src/rename.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/rename.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/rename.mli why-2.30+dfsg/src/rename.mli --- why-2.29+dfsg/src/rename.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/rename.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/report.ml why-2.30+dfsg/src/report.ml --- why-2.29+dfsg/src/report.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/report.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/report.mli why-2.30+dfsg/src/report.mli --- why-2.29+dfsg/src/report.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/report.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/simplify.ml why-2.30+dfsg/src/simplify.ml --- why-2.29+dfsg/src/simplify.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/simplify.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/simplify.mli why-2.30+dfsg/src/simplify.mli --- why-2.29+dfsg/src/simplify.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/simplify.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/smtlib.ml why-2.30+dfsg/src/smtlib.ml --- why-2.29+dfsg/src/smtlib.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/smtlib.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/smtlib.mli why-2.30+dfsg/src/smtlib.mli --- why-2.29+dfsg/src/smtlib.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/smtlib.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/theory_filtering.ml why-2.30+dfsg/src/theory_filtering.ml --- why-2.29+dfsg/src/theory_filtering.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/theory_filtering.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/theoryreducer.ml why-2.30+dfsg/src/theoryreducer.ml --- why-2.29+dfsg/src/theoryreducer.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/theoryreducer.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/types.mli why-2.30+dfsg/src/types.mli --- why-2.29+dfsg/src/types.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/types.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/typing.ml why-2.30+dfsg/src/typing.ml --- why-2.29+dfsg/src/typing.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/typing.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/typing.mli why-2.30+dfsg/src/typing.mli --- why-2.29+dfsg/src/typing.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/typing.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/unionfind.ml why-2.30+dfsg/src/unionfind.ml --- why-2.29+dfsg/src/unionfind.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/unionfind.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/util.ml why-2.30+dfsg/src/util.ml --- why-2.29+dfsg/src/util.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/util.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -1188,14 +1188,14 @@ refined explanation. *) let cook_explanation (userlab : string option) e = - let e,l = + let e,l, maylab = match e with - | VCEexternal s -> EKOther s, dummy_reloc - | VCEabsurd -> EKAbsurd, dummy_reloc + | VCEexternal s -> EKOther s, dummy_reloc, None + | VCEabsurd -> EKAbsurd, dummy_reloc, None | VCEassert (k,p) -> (match k with | `ASSERT -> EKAssert - | `CHECK -> EKCheck), (reloc_xpl (List.hd p)) + | `CHECK -> EKCheck), (reloc_xpl (List.hd p)), None | VCEpre(lab,loc,_p) -> begin if debug then eprintf "Util.cook_explanation: label,loc for pre = %s,%a@." lab @@ -1209,37 +1209,39 @@ | _ -> raise Not_found in if debug then eprintf "Util: kind for '%s' is '%s'@." lab k; - EKPre k, (f,l,b,e) + EKPre k, (f,l,b,e), Some lab with Not_found -> if debug then eprintf "Util: cannot find a kind for '%s'@." lab; - EKPre "", (f,l,b,e) + EKPre "", (f,l,b,e), Some lab with Not_found -> if debug then eprintf "Util: cannot find a loc for '%s'@." lab; - EKPre "", Loc.extract loc + EKPre "", Loc.extract loc, Some lab end - | VCEpost p -> EKPost, (reloc_xpl p) - | VCEwfrel -> EKWfRel, dummy_reloc - | VCEvardecr p -> EKVarDecr, (reloc_xpl_term p) + | VCEpost p -> EKPost, (reloc_xpl p), None + | VCEwfrel -> EKWfRel, dummy_reloc, None + | VCEvardecr p -> EKVarDecr, (reloc_xpl_term p), None | VCEinvinit(internal_lab,p) -> let s,loc = cook_loop_invariant internal_lab userlab p in - EKLoopInvInit s, loc + EKLoopInvInit s, loc, None | VCEinvpreserv(internal_lab,p) -> let s,loc = cook_loop_invariant internal_lab userlab p in - EKLoopInvPreserv s, loc - in + EKLoopInvPreserv s, loc, None + in + let new_lab = if userlab = None then maylab else userlab in match e with | EKPre _ -> (* for pre-conditions, we want to focus on the call, not an the formula to prove *) - e,l + e,l, new_lab | _ -> e, - match userlab with + (match new_lab with | None -> l | Some lab -> - (try loc_of_label lab with Not_found -> + try loc_of_label lab with Not_found -> if debug then eprintf "Warning: no loc found for user label %s@." lab; - l) + l), + new_lab let explanation_table = Hashtbl.create 97 diff -Nru why-2.29+dfsg/src/util.mli why-2.30+dfsg/src/util.mli --- why-2.29+dfsg/src/util.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/util.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -172,7 +172,8 @@ val loc_of_label: string -> Loc.floc val cook_explanation : - string option -> raw_vc_explain -> Logic_decl.expl_kind * Loc.floc + string option -> raw_vc_explain -> + Logic_decl.expl_kind * Loc.floc * string option val program_locs : (string,(string * string * Loc.floc)) Hashtbl.t diff -Nru why-2.29+dfsg/src/vcg.ml why-2.30+dfsg/src/vcg.ml --- why-2.29+dfsg/src/vcg.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/vcg.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -732,27 +732,15 @@ let ctx',concl',pr_intros = intros ctx concl in let ol,prl = split (succ lvl) ctx' concl' in ol, (fun pl -> pr_intros (prl pl)) - | Pnamed (n, p1) as concl -> -(* - begin - match n with - | Internal i -> Format.eprintf "splitting on internal name %d@." i - | User n -> Format.eprintf "splitting on user name %s@." n - end; -*) + | Pnamed (n, p1) as _concl -> begin match split lvl ctx p1 with - | [_],_ -> [ctx,Pnamed(n,concl)], (function [pr] -> pr | _ -> assert false) - | gl,v -> (* - begin - match n with - | Internal _ -> gl,v - | _ -> + | [_],_ -> + [ctx,Pnamed(n,concl)], + (function [pr] -> pr | _ -> assert false) *) + | gl,v -> List.map (fun (ctx,c) -> ctx, Pnamed(n,c)) gl, v -(* - end -*) end | concl -> [ctx,concl], (function [pr] -> pr | _ -> assert false) @@ -894,13 +882,17 @@ let cpt = ref 0 in let push_one (ctx, concl) = let formula_userlab, raw_explain = explain_for_pred None None concl in - let kind,loc = Util.cook_explanation formula_userlab raw_explain in + let kind,loc, lab = Util.cook_explanation formula_userlab raw_explain in +(* + if formula_userlab = None then + Format.printf "formula_userlab unset: %s@." name; +*) let explain = (*Logic_decl.ExplVC*) { Logic_decl.lemma_or_fun_name = name ; Logic_decl.behavior = beh; Logic_decl.vc_loc = loc ; Logic_decl.vc_kind = kind ; - Logic_decl.vc_label = formula_userlab; + Logic_decl.vc_label = lab; } in try diff -Nru why-2.29+dfsg/src/vcg.mli why-2.30+dfsg/src/vcg.mli --- why-2.29+dfsg/src/vcg.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/vcg.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/why3.ml why-2.30+dfsg/src/why3.ml --- why-2.29+dfsg/src/why3.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/why3.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -50,24 +50,66 @@ let is_why3_keyword = let ht = Hashtbl.create 43 in List.iter (fun kw -> Hashtbl.add ht kw ()) - ["clone"; - "epsilon"; - "export"; - "import"; - "lemma"; - "meta"; - "namespace"; - "theory"; - "use"; - "abstract"; - "any"; - "assume"; - "downto"; - "label"; - "model"; - "module"; - "mutable"; - "to"; + [ + "as"; + "axiom"; + "clone"; + "else"; + "end"; + "epsilon"; + "exists"; + "export"; + "false"; + "forall"; + "function"; + "goal"; + "if"; + "import"; + "in"; + "inductive"; + "lemma"; + "let"; + "match"; + "meta"; + "namespace"; + "not"; + "predicate"; + "prop"; + "then"; + "theory"; + "true"; + "type"; + "use"; + "with"; + "abstract"; + "absurd"; + "any"; + "assert"; + "assume"; + "begin"; + "check"; + "do"; + "done"; + "downto"; + "exception"; + "for"; + "fun"; + "invariant"; + "label"; + "loop"; + "model"; + "module"; + "mutable"; + "raise"; + "raises"; + "reads"; + "rec"; + "to"; + "try"; + "val"; + "variant"; + "while"; + "writes"; ]; Hashtbl.mem ht @@ -82,6 +124,9 @@ let ident fmt s = let s = Ident.string s in let s = + if is_why3_keyword s then s ^ "_why3" else s + in + let s = if 'A' <= s.[0] && s.[0] <= 'Z' then "_" ^ s else s in if is_why3_keyword s then @@ -163,6 +208,8 @@ t_le_real , "Real.(<=)"; t_gt_real , "Real.(>)"; + t_real_of_int, "FromInt.from_int"; + t_abs_int , "AbsInt.abs"; t_abs_real , "AbsReal.abs"; @@ -237,7 +284,7 @@ | Papp (id, [t1; t2], _) when is_neq id -> fprintf fmt "(%a <> %a)" term t1 term t2 | Papp (id, [a;b], _) when id == t_zwf_zero -> - fprintf fmt "@[((Int.(<=) 0 %a) and@ (Int.(<) %a %a))@]" + fprintf fmt "@[((Int.(<=) 0 %a) /\\@ (Int.(<) %a %a))@]" term b term a term b | Papp (id, [_t], _) when id == well_founded -> fprintf fmt "@[false (* was well_founded(...) *)@]" @@ -254,13 +301,16 @@ | Pif (a, b, c) -> fprintf fmt "(@[if %a = Bool.True then@ %a else@ %a@])" term a predicate b predicate c - | Pand (_, _, a, b) -> - fprintf fmt "(@[%a and@ %a@])" predicate a predicate b + | Pand (_is_wp, is_sym, a, b) -> + if is_sym then + fprintf fmt "(@[%a /\\@ %a@])" predicate a predicate b + else + fprintf fmt "(@[%a &&@ %a@])" predicate a predicate b | Forallb (_, _ptrue, _pfalse) -> assert false (* TODO What is it? *) (* fprintf fmt "(@[forallb(%a,@ %a)@])" *) (* predicate ptrue predicate pfalse *) | Por (a, b) -> - fprintf fmt "(@[%a or@ %a@])" predicate a predicate b + fprintf fmt "(@[%a \\/@ %a@])" predicate a predicate b | Pnot a -> fprintf fmt "(not %a)" predicate a | Forall (_,id,n,v,tl,p) -> @@ -312,12 +362,17 @@ let logic_binder fmt (id, pt) = fprintf fmt "(%a : %a)" ident id pure_type pt -let logic_type fmt = function - | Predicate [] -> () - | Function ([], pt) -> fprintf fmt " : %a" pure_type pt - | Predicate ptl -> fprintf fmt "%a" (print_list space pure_type) ptl +let logic_type fmt id = function + | Predicate [] -> + fprintf fmt "@[predicate %a@]" ident id + | Function ([], pt) -> + fprintf fmt "@[function %a : %a@]" ident id pure_type pt + | Predicate ptl -> + fprintf fmt "@[predicate %a %a@]" ident id + (print_list space pure_type) ptl | Function (ptl, pt) -> - fprintf fmt "%a : %a" (print_list space pure_type) ptl pure_type pt + fprintf fmt "@[function %a %a : %a@]" ident id + (print_list space pure_type) ptl pure_type pt let type_parameters fmt l = let type_var fmt id = fprintf fmt "'%s" id in @@ -342,6 +397,18 @@ ident id alg_type_parameters vs (print_list newline alg_type_constructor) cs +let explanation fmt e = + fprintf fmt "\"fun:%s\"@ " e.lemma_or_fun_name; + fprintf fmt "\"beh:%s\"@ " e.behavior; + fprintf fmt "\"expl:%s\"@ " + (Explain.msg_of_kind ~name:e.lemma_or_fun_name e.vc_kind); + let (f,l,b,e) = e.vc_loc in + fprintf fmt "#\"%s\" %d %d %d#" f l (max b 0) (max e 0) + +let logic_kind fmt = function + | Function _ -> fprintf fmt "function" + | Predicate _ -> fprintf fmt "predicate" + let decl fmt d = match d with | Dtype (_, id, pl) -> @@ -351,10 +418,10 @@ fprintf fmt "@[type %a@]" (print_list andsep alg_type_single) ls | Dlogic (_, id, lt) -> let lt = specialize lt in - fprintf fmt "@[logic %a %a@]" ident id logic_type lt + logic_type fmt id lt | Dpredicate_def (_, id, def) -> let bl,p = specialize def in - fprintf fmt "@[logic %a %a =@ %a@]" ident id + fprintf fmt "@[predicate %a %a =@ %a@]" ident id (print_list space logic_binder) bl predicate p | Dinductive_def (_, id, indcases) -> let bl,l = specialize indcases in @@ -374,17 +441,19 @@ end | Dfunction_def (_, id, def) -> let bl,pt,t = specialize def in - fprintf fmt "@[logic %a %a : %a =@ %a@]" ident id + fprintf fmt "@[function %a %a : %a =@ %a@]" ident id (print_list space logic_binder) bl pure_type pt term t | Daxiom (_, id, p) -> let p = specialize p in fprintf fmt "@[axiom %a:@ %a@]" string_capitalize id predicate p - | Dgoal (_, is_lemma, _expl, id, sq) -> + | Dgoal (_, is_lemma, expl, id, sq) -> let sq = specialize sq in - fprintf fmt "@[%s %s:@\n%a@]" + fprintf fmt "@[%s %s %a:@\n%a@]" (if is_lemma then "lemma" else "goal") - (String.capitalize id) sequent sq + (String.capitalize id) + explanation expl + sequent sq let decl fmt d = fprintf fmt "@[%a@]@\n@\n" decl d @@ -470,6 +539,7 @@ fprintf fmt "use int.Abs as AbsInt@\n"; fprintf fmt "use int.ComputerDivision@\n"; fprintf fmt "use real.Real@\n"; + fprintf fmt "use real.FromInt@\n"; fprintf fmt "use real.Abs as AbsReal@\n"; fprintf fmt "use real.Square as SquareReal@\n"; fprintf fmt "use real.Trigonometry@\n"; @@ -526,7 +596,8 @@ *) SMap.iter (fun beh vcs -> - fprintf fmt "@[theory %a_%s@\n" string_capitalize (escape fname) (escape beh); + fprintf fmt "@[theory %a_%s@\n" string_capitalize + (escape fname) (escape beh); fprintf fmt "use import %s_ctx@\n" f; List.iter (decl fmt) (List.rev vcs); fprintf fmt "@]@\nend@\n@.") diff -Nru why-2.29+dfsg/src/why3.mli why-2.30+dfsg/src/why3.mli --- why-2.29+dfsg/src/why3.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/why3.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/why.ml why-2.30+dfsg/src/why.ml --- why-2.29+dfsg/src/why.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/why.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/whyweb.ml why-2.30+dfsg/src/whyweb.ml --- why-2.29+dfsg/src/whyweb.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/whyweb.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/wp.ml why-2.30+dfsg/src/wp.ml --- why-2.29+dfsg/src/wp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/wp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/wp.mli why-2.30+dfsg/src/wp.mli --- why-2.29+dfsg/src/wp.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/wp.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/wserver.ml why-2.30+dfsg/src/wserver.ml --- why-2.29+dfsg/src/wserver.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/wserver.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/wserver.ml4 why-2.30+dfsg/src/wserver.ml4 --- why-2.29+dfsg/src/wserver.ml4 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/wserver.ml4 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/wserver.mli why-2.30+dfsg/src/wserver.mli --- why-2.29+dfsg/src/wserver.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/wserver.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/xml.mli why-2.30+dfsg/src/xml.mli --- why-2.29+dfsg/src/xml.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/xml.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/xml.mll why-2.30+dfsg/src/xml.mll --- why-2.29+dfsg/src/xml.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/xml.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/z3.ml why-2.30+dfsg/src/z3.ml --- why-2.29+dfsg/src/z3.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/z3.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/z3.mli why-2.30+dfsg/src/z3.mli --- why-2.29+dfsg/src/z3.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/z3.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/zenon.ml why-2.30+dfsg/src/zenon.ml --- why-2.29+dfsg/src/zenon.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/zenon.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/src/zenon.mli why-2.30+dfsg/src/zenon.mli --- why-2.29+dfsg/src/zenon.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/src/zenon.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tests/c/array_max.c why-2.30+dfsg/tests/c/array_max.c --- why-2.29+dfsg/tests/c/array_max.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/array_max.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,38 @@ +/* +COST Verification Competition. vladimir@cost-ic0701.org + +Challenge 1: Maximum in an array + +Given: A non-empty integer array a. + +Verify that the index returned by the method max() given below points to +an element maximal in the array. + +*/ + +/*@ requires len > 0 && \valid_range(a,0,len-1); + @ ensures 0 <= \result < len && + @ \forall integer i; 0 <= i < len ==> a[i] <= a[\result]; + @*/ +int max(int *a, int len) { + int x = 0; + int y = len-1; + /*@ loop invariant 0 <= x <= y < len && + @ \forall integer i; + @ 0 <= i < x || y < i < len ==> + @ a[i] <= \max(a[x],a[y]); + @ loop variant y - x; + @*/ + while (x != y) { + if (a[x] <= a[y]) x++; + else y--; + } + return x; +} + +/* +Local Variables: +compile-command: "make array_max.why3ml" +End: +*/ + diff -Nru why-2.29+dfsg/tests/c/binary_heap.c why-2.30+dfsg/tests/c/binary_heap.c --- why-2.29+dfsg/tests/c/binary_heap.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/binary_heap.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,8 +1,37 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ struct heap; - heap create(uint sz); void insert(heap u, int e); diff -Nru why-2.29+dfsg/tests/c/binary_search.c why-2.30+dfsg/tests/c/binary_search.c --- why-2.29+dfsg/tests/c/binary_search.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/binary_search.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,6 +1,37 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // RUNSIMPLIFY this tells regtests to run Simplify in this example -// lemma mean: \forall integer x, y; x <= y ==> x <= (x+y)/2 <= y; +//@ lemma mean: \forall integer x, y; x <= y ==> x <= (x+y)/2 <= y; /*@ predicate sorted{L}(long *t, integer a, integer b) = @ \forall integer i,j; a <= i <= j <= b ==> t[i] <= t[j]; @@ -36,6 +67,6 @@ /* Local Variables: -compile-command: "frama-c -jessie binary_search.c" +compile-command: "make binary_search.why3ml" End: */ diff -Nru why-2.29+dfsg/tests/c/clock_drift.c why-2.30+dfsg/tests/c/clock_drift.c --- why-2.29+dfsg/tests/c/clock_drift.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/clock_drift.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,34 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // RUNGAPPA: will ask regtests to run gappa on VCs of this program #define NMAX 1000000 @@ -53,3 +84,11 @@ return t; } + +/* +Local Variables: +compile-command: "make clock_drift.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/c/duplets.c why-2.30+dfsg/tests/c/duplets.c --- why-2.29+dfsg/tests/c/duplets.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/duplets.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,89 @@ +/* +COST Verification Competition. vladimir@cost-ic0701.org + +Challenge 3: Two equal elements + +Given: An integer array a of length n+2 with n>=2. It is known that at +least two values stored in the array appear twice (i.e., there are at +least two duplets). + +Implement and verify a program finding such two values. + +You may assume that the array contains values between 0 and n-1. +*/ + +#define NULL (void*)0 + +/* equality between an integer and a possibly null int* */ +/*@ predicate eq_opt{L}(integer x, int *o) = + @ o != \null && x == *o ; + @*/ + +/* A duplet in array a is a pair of indexes (i,j) in the bounds of array + a such that a[i] = a[j] */ +/*@ predicate is_duplet{L}(int *a, integer len, integer i, integer j) = + @ 0 <= i < j < len && a[i] == a[j]; + @*/ + +/* duplet(a) returns the indexes (i,j) of a duplet in a. + * moreover, if except is not null, the value of this duplet must + * be different from it. + */ +/*@ requires 2 <= len && + @ \valid_range(a,0,len-1) && \valid(pi) && \valid(pj) && + @ ( except == \null || \valid(except)) && + @ \exists integer i,j; + @ is_duplet(a,len,i,j) && ! eq_opt(a[i],except) ; + @ assigns *pi,*pj; + @ ensures + @ is_duplet(a,len,*pi,*pj) && + @ ! eq_opt(a[*pi],except); + @*/ +void duplet(int *a, int len, int *except, int *pi, int *pj) { + /*@ loop invariant 0 <= i <= len-1 && + @ \forall integer k,l; 0 <= k < i && k < l < len ==> + @ ! eq_opt(a[k],except) ==> ! is_duplet(a,len,k,l); + @ loop variant len - i; + @*/ + for(int i=0; i <= len - 2; i++) { + int v = a[i]; + if (except == NULL || *except != v) { + /*@ loop invariant i+1 <= j <= len && + @ \forall integer l; i < l < j ==> ! is_duplet(a,len,i,l); + @ loop variant len - j; + @*/ + for (int j=i+1; j < len; j++) { + if (a[j] == v) { + *pi = i; *pj = j; return; + } + } + } + } + // assert \forall integer i j; ! is_duplet(a,i,j); + //@ assert \false; +} + + + +/*@ requires 4 <= len && + @ \valid_range(a,0,len-1) && \valid(pi) && \valid(pj) && + @ \valid(pk) && \valid(pl) && + @ \exists integer i,j,k,l; + @ is_duplet(a,len,i,j) && is_duplet(a,len,k,l) && a[i] != a[k]; + @ assigns *pi,*pj,*pk,*pl; + @ ensures is_duplet(a,len,*pi,*pj) && + @ is_duplet(a,len,*pk,*pl) && + @ a[*pi] != a[*pk]; + @*/ +void duplets(int a[], int len, int *pi, int *pj, int *pk, int *pl) { + duplet(a,len,NULL,pi,pj); + duplet(a,len,&a[*pi],pk,pl); +} + + +/* +Local Variables: +compile-command: "make duplets.why3ml" +End: +*/ + diff -Nru why-2.29+dfsg/tests/c/flag.c why-2.30+dfsg/tests/c/flag.c --- why-2.29+dfsg/tests/c/flag.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/flag.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,122 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +/* Dijkstra's dutch flag */ + +#pragma JessieIntegerModel(math) + +typedef char color; + +#define BLUE (color)1 +#define WHITE (color)2 +#define RED (color)3 + +/*@ predicate is_color(color c) = + @ c == BLUE || c == WHITE || c == RED ; + @*/ + +/*@ predicate is_color_array{L}(color *t, integer l) = + @ \valid_range(t,0,l-1) && + @ \forall integer i; 0 <= i < l ==> is_color(t[i]) ; + @*/ + +/*@ predicate is_monochrome{L}(color *t,integer i, integer j, color c) = + @ \forall integer k; i <= k < j ==> t[k] == c ; + @*/ + + +/*@ requires \valid_range(t,i,j); + @ behavior decides_monochromatic: + @ ensures \result <==> is_monochrome(t,i,j,c); + @*/ +int isMonochrome(color t[], int i, int j, color c) { + /*@ loop invariant i <= k && + @ \forall integer l; i <= l < k ==> t[l] == c; + @ loop variant j - k; + @*/ + for (int k = i; k < j; k++) if (t[k] != c) return 0; + return 1; +} + +/*@ requires \valid_index(t,i); + @ requires \valid_index(t,j); + @ behavior i_j_swapped: + @ assigns t[i],t[j]; + @ ensures t[i] == \old(t[j]) && t[j] == \old(t[i]); + @*/ +void swap(color t[], int i, int j) { + color z = t[i]; + t[i] = t[j]; + t[j] = z; +} + +/*@ requires l >= 0 && is_color_array(t, l); + @ behavior sorts: + @ ensures + @ (\exists integer b,r; + @ is_monochrome(t,0,b,BLUE) && + @ is_monochrome(t,b,r,WHITE) && + @ is_monochrome(t,r,l,RED)); + @*/ +void flag(color t[], int l) { + int b = 0; + int i = 0; + int r = l; + /*@ loop invariant + @ is_color_array(t,l) && + @ 0 <= b <= i <= r <= l && + @ is_monochrome(t,0,b,BLUE) && + @ is_monochrome(t,b,i,WHITE) && + @ is_monochrome(t,r,l,RED); + @ loop variant r - i; + @*/ + while (i < r) { + switch (t[i]) { + case BLUE: + swap(t,b++, i++); + break; + case WHITE: + i++; + break; + case RED: + swap(t,--r, i); + break; + } + } +} + + + +/* +Local Variables: +compile-command: "make flag.why3ml" +End: +*/ diff -Nru why-2.29+dfsg/tests/c/floats_bsearch.c why-2.30+dfsg/tests/c/floats_bsearch.c --- why-2.29+dfsg/tests/c/floats_bsearch.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/floats_bsearch.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,34 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + #pragma JessieFloatModel(full) /*@ predicate sorted{L}(double *t, integer a, integer b) = @@ -34,15 +65,13 @@ if (t[m] < v) l = m + 1; else if (t[m] > v) u = m - 1; else - //@ assert 0; return m; } - //@ assert 0; return -1; } /* Local Variables: -compile-command: "PPCHOME=../.. LC_ALL=C make floats_bsearch" +compile-command: "make floats_bsearch.why3ml" End: */ diff -Nru why-2.29+dfsg/tests/c/float_sqrt.c why-2.30+dfsg/tests/c/float_sqrt.c --- why-2.29+dfsg/tests/c/float_sqrt.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/float_sqrt.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,10 +1,76 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ /* contribution by Guillaume Melquiond */ // RUN GAPPA (does not work) -#pragma JessieFloatModel(strict) +#pragma JessieFloatModel(defensive) + +/* + With some help, the Gappa tool is able to prove the postcondition of the + sqrt function. + + First, it needs to know that Newton's iteration converges quadratically. + This formula on relative errors is denoted by the newton_rel predicate. + The newton states its general expression and it is proved by a short Coq + script performing algebraic manipulations. The newton lemma is then + instantiated by Alt-Ergo at each iteration of the loop to solve the + three assertions about the predicate. + + In order to prove the postcondition, Gappa also needs to be told that + the value computed after an iteration is close to both sqrt(x) and the + value that would have been computed with an infinite precision. This is + done by putting distance expressions into the context through three + other assertions about the closeness predicate. They are much weaker + than what Gappa will end up proving; they are only here to guide its + heuristics. + + Finally, Gappa also needs to know about the inverse square root trick. + That is what the assertion is for, and it is proved in Coq. +*/ + +/*@ + predicate newton_rel(real t, real x) = + (0.5 * t * (3 - t * t * x) - 1/\sqrt(x)) / (1/\sqrt(x)) == + - (1.5 + 0.5 * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))) * + (((t - 1/\sqrt(x)) / (1/\sqrt(x))) * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))); + + lemma newton: \forall real t, x; x > 0. ==> newton_rel(t, x); + + predicate closeness(real u, real t, real x) = + \abs(u - 0.5 * t * (3 - t * t * x)) <= 1 && + \abs(u - 1/\sqrt(x)) <= 1; +*/ /*@ requires 0.5 <= x <= 2; @@ -22,29 +88,30 @@ t = sqrt_init(x); u = 0.5 * t * (3 - t * t * x); - //@ assert \abs(u - 0.5 * t * (3 - t * t * x)) <= 1; - /*@ assert (0.5 * t * (3 - t * t * x) - 1/\sqrt(x)) / (1/\sqrt(x)) == - - (1.5 + 0.5 * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))) * - (((t - 1/\sqrt(x)) / (1/\sqrt(x))) * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))); */ - //@ assert \abs(u - 1/\sqrt(x)) <= 0x1p-10 * \abs(1/\sqrt(x)); + //@ assert newton_rel(t, x); + //@ assert closeness(u, t, x); t = u; u = 0.5 * t * (3 - t * t * x); - //@ assert \abs(u - 0.5 * t * (3 - t * t * x)) <= 1; - /*@ assert (0.5 * t * (3 - t * t * x) - 1/\sqrt(x)) / (1/\sqrt(x)) == - - (1.5 + 0.5 * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))) * - (((t - 1/\sqrt(x)) / (1/\sqrt(x))) * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))); */ - //@ assert \abs(u - 1/\sqrt(x)) <= 0x1p-10 * \abs(1/\sqrt(x)); + //@ assert newton_rel(t, x); + //@ assert closeness(u, t, x); t = u; u = 0.5 * t * (3 - t * t * x); - //@ assert \abs(u - 0.5 * t * (3 - t * t * x)) <= 1; - /*@ assert (0.5 * t * (3 - t * t * x) - 1/\sqrt(x)) / (1/\sqrt(x)) == - - (1.5 + 0.5 * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))) * - (((t - 1/\sqrt(x)) / (1/\sqrt(x))) * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))); */ - //@ assert \abs(u - 1/\sqrt(x)) <= 0x1p-10 * \abs(1/\sqrt(x)); + //@ assert newton_rel(t, x); + //@ assert closeness(u, t, x); t = u; //@ assert x * (1/\sqrt(x)) == \sqrt(x); return x * t; } + + + +/* +Local Variables: +compile-command: "make float_sqrt.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/c/heap_sort.c why-2.30+dfsg/tests/c/heap_sort.c --- why-2.29+dfsg/tests/c/heap_sort.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/heap_sort.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ #include "binary_heap.h" @@ -28,4 +58,4 @@ //@ assert arr[0] <= arr[1] && arr[1] <= arr[2]; //@ assert arr[0] == 13 && arr[1] == 42 && arr[2] == 42; } - + diff -Nru why-2.29+dfsg/tests/c/insertion_sort.c why-2.30+dfsg/tests/c/insertion_sort.c --- why-2.29+dfsg/tests/c/insertion_sort.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/insertion_sort.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,72 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +// RUNSIMPLIFY: will ask regtests to run Simplify on this program + +#pragma JessieIntegerModel(math) + +#include "sorting.h" + +/*@ requires \valid_range(t,0,n-1); + @ ensures Sorted(t,0,n-1); + @*/ +void insert_sort(int t[], int n) { + int i,j; + int mv; + if (n <= 1) return; + /*@ loop invariant 0 <= i <= n; + @ loop invariant Sorted(t,0,i); + @ loop variant n-i; + @*/ + for (i=1; i Sorted(t,0,i); + @ loop invariant j < i ==> Sorted(t,0,i+1); + @ loop invariant \forall integer k; j <= k < i ==> t[k] > mv; + @ loop variant j; + @*/ + // look for the right index j to put t[i] + for (j=i; j > 0; j--) { + if (t[j-1] <= mv) break; + t[j] = t[j-1]; + } + t[j] = mv; + } +} + + +/* +Local Variables: +compile-command: "make insertion_sort.why3ml" +End: +*/ diff -Nru why-2.29+dfsg/tests/c/isqrt.c why-2.30+dfsg/tests/c/isqrt.c --- why-2.29+dfsg/tests/c/isqrt.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/isqrt.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,64 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + + +#pragma JessieIntegerModel(math) + +//@ logic integer sqr(integer x) = x * x; + +/*@ requires x >= 0; + @ ensures \result >= 0 && sqr(\result) <= x && x < sqr(\result + 1); + @*/ +int isqrt(int x) { + int count = 0, sum = 1; + /*@ loop invariant count >= 0 && x >= sqr(count) && sum == sqr(count+1); + @ loop variant x - count; + @*/ + while (sum <= x) sum += 2 * ++count + 1; + return count; +} + +//@ ensures \result == 4; +int main () { + int r; + r = isqrt(17); + //@ assert r < 4 ==> \false; + //@ assert r > 4 ==> \false; + return r; +} + +/* +Local Variables: +compile-command: "make isqrt.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/c/maze.c why-2.30+dfsg/tests/c/maze.c --- why-2.29+dfsg/tests/c/maze.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/maze.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ void buildMaze(uint n) { diff -Nru why-2.29+dfsg/tests/c/minimum_sort.c why-2.30+dfsg/tests/c/minimum_sort.c --- why-2.29+dfsg/tests/c/minimum_sort.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/minimum_sort.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -// RUNSIMPLIFY: will ask regtests to run Simplify on this program - -#pragma JessieIntegerModel(math) - -#include "sorting.h" - -/*@ requires \valid(t+i) && \valid(t+j); - @ assigns t[i],t[j]; - @ ensures Swap{Old,Here}(t,i,j); - @*/ -void swap(int t[], int i, int j) { - int tmp = t[i]; - t[i] = t[j]; - t[j] = tmp; -} - -/*@ requires \valid_range(t,0,n-1); - @ behavior sorted: - @ ensures Sorted(t,0,n-1); - @ behavior permutation: - @ ensures Permut{Old,Here}(t,0,n-1); - @*/ -void min_sort(int t[], int n) { - int i,j; - int mi,mv; - if (n <= 0) return; - /*@ loop invariant 0 <= i < n; - @ for sorted: - @ loop invariant - @ Sorted(t,0,i) && - @ (\forall integer k1, k2 ; - @ 0 <= k1 < i <= k2 < n ==> t[k1] <= t[k2]) ; - @ for permutation: - @ loop invariant Permut{Pre,Here}(t,0,n-1); - @ loop variant n-i; - @*/ - for (i=0; i t[k] >= mv); - @ for permutation: - @ loop invariant - @ Permut{Pre,Here}(t,0,n-1); - @ loop variant n-j; - @*/ - for (j=i+1; j < n; j++) { - if (t[j] < mv) { - mi = j ; mv = t[j]; - } - } - swap(t,i,mi); - } -} - - -/* -Local Variables: -compile-command: "frama-c -jessie minimum_sort.c" -End: -*/ diff -Nru why-2.29+dfsg/tests/c/minmax.c why-2.30+dfsg/tests/c/minmax.c --- why-2.29+dfsg/tests/c/minmax.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/minmax.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,75 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + + +//@ ensures \result == \max(x,y); +int max(int x, int y) { + return (x <= y) ? y : x; +} + + +//@ ensures \result == \min(x,y); +int min(int x, int y) { + return (x <= y) ? x : y; +} + + +//@ ensures \result == \max(x,y); +float fmax(float x, float y) { + return (x <= y) ? y : x; +} + + +//@ ensures \result == \min(x,y); +float fmin(float x, float y) { + return (x <= y) ? x : y; +} + + +//@ ensures \result == \max(x,y); +double dmax(double x, double y) { + return (x <= y) ? y : x; +} + + +//@ ensures \result == \min(x,y); +double dmin(double x, double y) { + return (x <= y) ? x : y; +} + + + +/* +Local Variables: +compile-command: "make minmax.why3ml" +End: +*/ + diff -Nru why-2.29+dfsg/tests/c/muller.c why-2.30+dfsg/tests/c/muller.c --- why-2.29+dfsg/tests/c/muller.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/muller.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,103 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +/*@ axiomatic NumOfPos { + @ logic integer num_of_pos{L}(integer i,integer j,int *t); + @ axiom num_of_pos_empty{L} : + @ \forall integer i, j, int *t; + @ i >= j ==> num_of_pos(i,j,t) == 0; + @ axiom num_of_pos_true_case{L} : + @ \forall integer i, j, k, int *t; + @ i < j && t[j-1] > 0 ==> + @ num_of_pos(i,j,t) == num_of_pos(i,j-1,t) + 1; + @ axiom num_of_pos_false_case{L} : + @ \forall integer i, j, k, int *t; + @ i < j && ! (t[j-1] > 0) ==> + @ num_of_pos(i,j,t) == num_of_pos(i,j-1,t); + @ } + @*/ + + +/*@ lemma num_of_pos_non_negative{L} : + @ \forall integer i, j, int *t; 0 <= num_of_pos(i,j,t); + @*/ + +/*@ lemma num_of_pos_additive{L} : + @ \forall integer i, j, k, int *t; i <= j <= k ==> + @ num_of_pos(i,k,t) == num_of_pos(i,j,t) + num_of_pos(j,k,t); + @*/ + +/*@ lemma num_of_pos_increasing{L} : + @ \forall integer i, j, k, int *t; + @ j <= k ==> num_of_pos(i,j,t) <= num_of_pos(i,k,t); + @*/ + +/*@ lemma num_of_pos_strictly_increasing{L} : + @ \forall integer i, n, int *t; + @ 0 <= i < n && t[i] > 0 ==> + @ num_of_pos(0,i,t) < num_of_pos(0,n,t); + @*/ + +/*@ requires l >= 0 && \valid_range(t,0,l-1); + @*/ +int* m(int *t, int l) { + int i, count = 0; + int *u; + + /*@ loop invariant + @ 0 <= i <= l && + @ 0 <= count <= i && + @ count == num_of_pos(0,i,t) ; + @ loop variant l - i; + @*/ + for (i=0 ; i < l; i++) if (t[i] > 0) count++; + + u = (int*)calloc(count,sizeof(int)); + count = 0; + + /*@ loop invariant + @ 0 <= i <= l && + @ 0 <= count <= i && + @ count == num_of_pos(0,i,t); + @ loop variant l - i; + @*/ + for (int i=0 ; i < l; i++) { + if (t[i] > 0) u[count++] = t[i]; + } + return u; +} + + +/* +Local Variables: +compile-command: "make muller.why3ml" +End: +*/ diff -Nru why-2.29+dfsg/tests/c/my_cosine.c why-2.30+dfsg/tests/c/my_cosine.c --- why-2.29+dfsg/tests/c/my_cosine.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/my_cosine.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,34 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // does not work: RUN GAPPA: will ask regtests to run Gappa on this program // RUNCOQ: for the first VC @@ -14,11 +45,11 @@ return 1.0f - x * x * 0.5f; } -/*@ requires \abs(x) <= 0x1p-5 - @ && \round_error(x) == 0.0; +/*@ requires \abs(x) <= 0x1p-5 && \round_error(x) == 0.0; @ ensures \abs(\result - \cos(x)) <= 0x1p-23; @*/ float my_cos2(float x) { + //@ assert \exact(x) == x; float r = 1.0f - x * x * 0.5f; //@ assert \abs(\exact(r) - \cos(x)) <= 0x1p-24; return r; @@ -47,7 +78,7 @@ /* Local Variables: -compile-command: "frama-c -jessie my_cosine.c" +compile-command: "make my_cosine.why3ml" End: */ diff -Nru why-2.29+dfsg/tests/c/my_cosine.jessie/coq/floats_strict_why.v why-2.30+dfsg/tests/c/my_cosine.jessie/coq/floats_strict_why.v --- why-2.29+dfsg/tests/c/my_cosine.jessie/coq/floats_strict_why.v 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/my_cosine.jessie/coq/floats_strict_why.v 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,289 @@ +(* This file was originally generated by why. + It can be modified; only the generated parts will be overwritten. *) +Require Export jessie_why. + +(*Why type*) Inductive mode : Set := + | nearest_even : mode + | to_zero : mode + | up : mode + | down : mode + | nearest_away : mode. + +(*Why type*) Definition double: Set. +Admitted. + +(*Why logic*) Definition round_double : mode -> R -> R. +Admitted. + +(*Why logic*) Definition round_double_logic : mode -> R -> double. +Admitted. + +(*Why logic*) Definition double_value : double -> R. +Admitted. + +(*Why logic*) Definition double_exact : double -> R. +Admitted. + +(*Why logic*) Definition double_model : double -> R. +Admitted. + +(*Why function*) Definition double_round_error (x:double) + := (Rabs (Rminus (double_value x) (double_exact x))). + +(*Why function*) Definition double_total_error (x:double) + := (Rabs (Rminus (double_value x) (double_model x))). + +(*Why function*) Definition max_double + := (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R. + +(*Why predicate*) Definition no_overflow_double (m:mode) (x:R) + := (Rle (Rabs (round_double m x)) max_double). + +(*Why axiom*) Lemma bounded_real_no_overflow_double : + (forall (m:mode), + (forall (x:R), ((Rle (Rabs x) max_double) -> (no_overflow_double m x)))). +Admitted. +Dp_hint bounded_real_no_overflow_double. + +(*Why axiom*) Lemma round_double_monotonic : + (forall (x:R), + (forall (y:R), + (forall (m:mode), + ((Rle x y) -> (Rle (round_double m x) (round_double m y)))))). +Admitted. +Dp_hint round_double_monotonic. + +(*Why axiom*) Lemma exact_round_double_for_integers : + (forall (i:Z), + (forall (m:mode), + ((-9007199254740992) <= i /\ i <= 9007199254740992 -> + (eq (round_double m (IZR i)) (IZR i))))). +Admitted. +Dp_hint exact_round_double_for_integers. + +(*Why axiom*) Lemma exact_round_double_for_doubles : + (forall (x:double), + (forall (m:mode), (eq (round_double m (double_value x)) (double_value x)))). +Admitted. +Dp_hint exact_round_double_for_doubles. + +(*Why axiom*) Lemma round_double_idempotent : + (forall (m1:mode), + (forall (m2:mode), + (forall (x:R), + (eq (round_double m1 (round_double m2 x)) (round_double m2 x))))). +Admitted. +Dp_hint round_double_idempotent. + +(*Why axiom*) Lemma round_down_double_neg : + (forall (x:R), (eq (round_double down (Ropp x)) (Ropp (round_double up x)))). +Admitted. +Dp_hint round_down_double_neg. + +(*Why axiom*) Lemma round_up_double_neg : + (forall (x:R), (eq (round_double up (Ropp x)) (Ropp (round_double down x)))). +Admitted. +Dp_hint round_up_double_neg. + +(*Why axiom*) Lemma round_double_down_le : + (forall (x:R), (Rle (round_double down x) x)). +Admitted. +Dp_hint round_double_down_le. + +(*Why axiom*) Lemma round_up_double_ge : + (forall (x:R), (Rge (round_double up x) x)). +Admitted. +Dp_hint round_up_double_ge. + +(*Why type*) Definition single: Set. +Admitted. + +(*Why logic*) Definition round_single : mode -> R -> R. +Admitted. + +(*Why logic*) Definition round_single_logic : mode -> R -> single. +Admitted. + +(*Why logic*) Definition single_value : single -> R. +Admitted. + +(*Why logic*) Definition single_exact : single -> R. +Admitted. + +(*Why logic*) Definition single_model : single -> R. +Admitted. + +(*Why function*) Definition single_round_error (x:single) + := (Rabs (Rminus (single_value x) (single_exact x))). + +(*Why function*) Definition single_total_error (x:single) + := (Rabs (Rminus (single_value x) (single_model x))). + +(*Why function*) Definition max_single + := (33554430 * 10141204801825835211973625643008)%R. + +(*Why predicate*) Definition no_overflow_single (m:mode) (x:R) + := (Rle (Rabs (round_single m x)) max_single). + +(*Why axiom*) Lemma bounded_real_no_overflow_single : + (forall (m:mode), + (forall (x:R), ((Rle (Rabs x) max_single) -> (no_overflow_single m x)))). +Admitted. +Dp_hint bounded_real_no_overflow_single. + +(*Why axiom*) Lemma round_single_monotonic : + (forall (x:R), + (forall (y:R), + (forall (m:mode), + ((Rle x y) -> (Rle (round_single m x) (round_single m y)))))). +Admitted. +Dp_hint round_single_monotonic. + +(*Why axiom*) Lemma exact_round_single_for_integers : + (forall (i:Z), + (forall (m:mode), + ((-16777216) <= i /\ i <= 16777216 -> + (eq (round_single m (IZR i)) (IZR i))))). +Admitted. +Dp_hint exact_round_single_for_integers. + +(*Why axiom*) Lemma exact_round_single_for_singles : + (forall (x:single), + (forall (m:mode), (eq (round_single m (single_value x)) (single_value x)))). +Admitted. +Dp_hint exact_round_single_for_singles. + +(*Why axiom*) Lemma round_single_idempotent : + (forall (m1:mode), + (forall (m2:mode), + (forall (x:R), + (eq (round_single m1 (round_single m2 x)) (round_single m2 x))))). +Admitted. +Dp_hint round_single_idempotent. + +(*Why axiom*) Lemma round_down_single_neg : + (forall (x:R), (eq (round_single down (Ropp x)) (Ropp (round_single up x)))). +Admitted. +Dp_hint round_down_single_neg. + +(*Why axiom*) Lemma round_up_single_neg : + (forall (x:R), (eq (round_single up (Ropp x)) (Ropp (round_single down x)))). +Admitted. +Dp_hint round_up_single_neg. + +(*Why axiom*) Lemma round_single_down_le : + (forall (x:R), (Rle (round_single down x) x)). +Admitted. +Dp_hint round_single_down_le. + +(*Why axiom*) Lemma round_up_single_ge : + (forall (x:R), (Rge (round_single up x) x)). +Admitted. +Dp_hint round_up_single_ge. + +(*Why axiom*) Lemma single_value_is_bounded : + (forall (x:single), (Rle (Rabs (single_value x)) max_single)). +Admitted. +Dp_hint single_value_is_bounded. + +(*Why axiom*) Lemma double_value_is_bounded : + (forall (x:double), (Rle (Rabs (double_value x)) max_double)). +Admitted. +Dp_hint double_value_is_bounded. + +(*Why predicate*) Definition single_of_real_post (m:mode) (x:R) (res:single) + := (eq (single_value res) (round_single m x)) /\ + (eq (single_exact res) x) /\ (eq (single_model res) x). + +(*Why predicate*) Definition single_of_double_post (m:mode) (x:double) (res:single) + := (eq (single_value res) (round_single m (double_value x))) /\ + (eq (single_exact res) (double_exact x)) /\ + (eq (single_model res) (double_model x)). + +(*Why predicate*) Definition add_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rplus (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rplus (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rplus (single_model x) (single_model y))). + +(*Why predicate*) Definition sub_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rminus (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rminus (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rminus (single_model x) (single_model y))). + +(*Why predicate*) Definition mul_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rmult (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rmult (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rmult (single_model x) (single_model y))). + +(*Why predicate*) Definition div_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rdiv (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rdiv (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rdiv (single_model x) (single_model y))). + +(*Why predicate*) Definition sqrt_single_post (m:mode) (x:single) (res:single) + := (eq (single_value res) (round_single m (sqrt (single_value x)))) /\ + (eq (single_exact res) (sqrt (single_exact x))) /\ + (eq (single_model res) (sqrt (single_model x))). + +(*Why predicate*) Definition neg_single_post (x:single) (res:single) + := (eq (single_value res) (Ropp (single_value x))) /\ + (eq (single_exact res) (Ropp (single_exact x))) /\ + (eq (single_model res) (Ropp (single_model x))). + +(*Why predicate*) Definition abs_single_post (x:single) (res:single) + := (eq (single_value res) (Rabs (single_value x))) /\ + (eq (single_exact res) (Rabs (single_exact x))) /\ + (eq (single_model res) (Rabs (single_model x))). + +(*Why predicate*) Definition double_of_real_post (m:mode) (x:R) (res:double) + := (eq (double_value res) (round_double m x)) /\ + (eq (double_exact res) x) /\ (eq (double_model res) x). + +(*Why predicate*) Definition double_of_single_post (x:single) (res:double) + := (eq (double_value res) (single_value x)) /\ + (eq (double_exact res) (single_exact x)) /\ + (eq (double_model res) (single_model x)). + +(*Why predicate*) Definition add_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rplus (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rplus (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rplus (double_model x) (double_model y))). + +(*Why predicate*) Definition sub_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rminus (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rminus (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rminus (double_model x) (double_model y))). + +(*Why predicate*) Definition mul_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rmult (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rmult (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rmult (double_model x) (double_model y))). + +(*Why predicate*) Definition div_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rdiv (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rdiv (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rdiv (double_model x) (double_model y))). + +(*Why predicate*) Definition sqrt_double_post (m:mode) (x:double) (res:double) + := (eq (double_value res) (round_double m (sqrt (double_value x)))) /\ + (eq (double_exact res) (sqrt (double_exact x))) /\ + (eq (double_model res) (sqrt (double_model x))). + +(*Why predicate*) Definition neg_double_post (x:double) (res:double) + := (eq (double_value res) (Ropp (double_value x))) /\ + (eq (double_exact res) (Ropp (double_exact x))) /\ + (eq (double_model res) (Ropp (double_model x))). + +(*Why predicate*) Definition abs_double_post (x:double) (res:double) + := (eq (double_value res) (Rabs (double_value x))) /\ + (eq (double_exact res) (Rabs (double_exact x))) /\ + (eq (double_model res) (Rabs (double_model x))). + diff -Nru why-2.29+dfsg/tests/c/my_cosine.jessie/coq/my_cosine_why.v why-2.30+dfsg/tests/c/my_cosine.jessie/coq/my_cosine_why.v --- why-2.29+dfsg/tests/c/my_cosine.jessie/coq/my_cosine_why.v 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/my_cosine.jessie/coq/my_cosine_why.v 2011-10-24 15:21:06.000000000 +0000 @@ -1,11 +1,11 @@ (* This file was originally generated by why. It can be modified; only the generated parts will be overwritten. *) Require Export jessie_why. -Require Import floats_strict. -Require Import tactics. +Require Import WhyFloatsStrict. +Require Import Interval_tactic. +Require Import Rtrigo_def. - -(*Why type*) Definition char_P: Set. +(*Why type*) Definition charP: Set. Admitted. (*Why type*) Definition int8: Set. @@ -14,33 +14,37 @@ (*Why type*) Definition padding: Set. Admitted. -(*Why type*) Definition void_P: Set. +(*Why type*) Definition voidP: Set. Admitted. -(*Why logic*) Definition char_P_tag : (tag_id char_P). +(*Why logic*) Definition charP_tag : (tag_id charP). Admitted. -(*Why axiom*) Lemma char_P_int : (int_of_tag char_P_tag) = 1. +(*Why axiom*) Lemma charP_int : (int_of_tag charP_tag) = 1. Admitted. +Dp_hint charP_int. -(*Why logic*) Definition char_P_of_pointer_address : - (pointer unit) -> (pointer char_P). +(*Why logic*) Definition charP_of_pointer_address : + (pointer unit) -> (pointer charP). Admitted. -(*Why axiom*) Lemma char_P_of_pointer_address_of_pointer_addr : - (forall (p:(pointer char_P)), - p = (char_P_of_pointer_address (pointer_address p))). +(*Why axiom*) Lemma charP_of_pointer_address_of_pointer_addr : + (forall (p:(pointer charP)), + p = (charP_of_pointer_address (pointer_address p))). Admitted. +Dp_hint charP_of_pointer_address_of_pointer_addr. -(*Why axiom*) Lemma char_P_parenttag_bottom : - (parenttag char_P_tag (@bottom_tag char_P)). +(*Why axiom*) Lemma charP_parenttag_bottom : + (parenttag charP_tag (@bottom_tag charP)). Admitted. +Dp_hint charP_parenttag_bottom. -(*Why axiom*) Lemma char_P_tags : - (forall (x:(pointer char_P)), - (forall (char_P_tag_table:(tag_table char_P)), - (instanceof char_P_tag_table x char_P_tag))). +(*Why axiom*) Lemma charP_tags : + (forall (x:(pointer charP)), + (forall (charP_tag_table:(tag_table charP)), + (instanceof charP_tag_table x charP_tag))). Admitted. +Dp_hint charP_tags. (*Why logic*) Definition integer_of_int8 : int8 -> Z. Admitted. @@ -56,121 +60,123 @@ ((-128) <= x /\ x <= 127 -> (integer_of_int8 (int8_of_integer x)) = x)). Admitted. +(*Why axiom*) Lemma int8_extensionality : + (forall (x:int8), + (forall (y:int8), ((integer_of_int8 x) = (integer_of_int8 y) -> x = y))). +Admitted. +Dp_hint int8_extensionality. + (*Why axiom*) Lemma int8_range : (forall (x:int8), (-128) <= (integer_of_int8 x) /\ (integer_of_int8 x) <= 127). Admitted. -(*Why predicate*) Definition left_valid_struct_char_P (p:(pointer char_P)) (a:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a. +(*Why predicate*) Definition left_valid_struct_charP (p:(pointer charP)) (a:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a. -(*Why predicate*) Definition left_valid_struct_void_P (p:(pointer void_P)) (a:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a. +(*Why predicate*) Definition left_valid_struct_voidP (p:(pointer voidP)) (a:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a. -(* Why obligation from file "my_cosine.jc", line 26, characters 0-135: *) -(*Why goal*) Lemma method_error : - (forall (x_3:R), - ((Rle (Rabs x_3) (1 / 32)%R) -> - (Rle - (Rabs - (Rminus (Rminus (1)%R (Rmult (Rmult x_3 x_3) (05 / 10)%R)) (cos x_3))) - (1 / 16777216)%R))). -Proof. -intros x H. -interval with (i_bisect_diff x,i_nocheck). -Save. - -Dp_hint method_error. - -(*Why axiom*) Lemma pointer_addr_of_char_P_of_pointer_address : +(*Why axiom*) Lemma pointer_addr_of_charP_of_pointer_address : (forall (p:(pointer unit)), - p = (pointer_address (char_P_of_pointer_address p))). + p = (pointer_address (charP_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_charP_of_pointer_address. -(*Why logic*) Definition void_P_of_pointer_address : - (pointer unit) -> (pointer void_P). +(*Why logic*) Definition voidP_of_pointer_address : + (pointer unit) -> (pointer voidP). Admitted. -(*Why axiom*) Lemma pointer_addr_of_void_P_of_pointer_address : +(*Why axiom*) Lemma pointer_addr_of_voidP_of_pointer_address : (forall (p:(pointer unit)), - p = (pointer_address (void_P_of_pointer_address p))). + p = (pointer_address (voidP_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_voidP_of_pointer_address. -(*Why predicate*) Definition right_valid_struct_char_P (p:(pointer char_P)) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_max char_P_alloc_table p) >= b. +(*Why predicate*) Definition right_valid_struct_charP (p:(pointer charP)) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition right_valid_struct_void_P (p:(pointer void_P)) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_max void_P_alloc_table p) >= b. +(*Why predicate*) Definition right_valid_struct_voidP (p:(pointer voidP)) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_max voidP_alloc_table p) >= b. -(*Why predicate*) Definition strict_valid_root_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) = a /\ - (offset_max char_P_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_root_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) = a /\ + (offset_max charP_alloc_table p) = b. -(*Why predicate*) Definition strict_valid_root_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) = a /\ - (offset_max void_P_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_root_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) = a /\ + (offset_max voidP_alloc_table p) = b. -(*Why predicate*) Definition strict_valid_struct_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) = a /\ - (offset_max char_P_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_struct_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) = a /\ + (offset_max charP_alloc_table p) = b. -(*Why predicate*) Definition strict_valid_struct_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) = a /\ - (offset_max void_P_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_struct_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) = a /\ + (offset_max voidP_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_char_P (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. +(*Why predicate*) Definition valid_root_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a /\ + (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition valid_bitvector_struct_void_P (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. +(*Why predicate*) Definition valid_root_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a /\ + (offset_max voidP_alloc_table p) >= b. -(*Why predicate*) Definition valid_root_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a /\ - (offset_max char_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_struct_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a /\ + (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition valid_root_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a /\ - (offset_max void_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_struct_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a /\ + (offset_max voidP_alloc_table p) >= b. -(*Why predicate*) Definition valid_struct_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a /\ - (offset_max char_P_alloc_table p) >= b. - -(*Why predicate*) Definition valid_struct_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a /\ - (offset_max void_P_alloc_table p) >= b. - -(*Why logic*) Definition void_P_tag : (tag_id void_P). +(*Why logic*) Definition voidP_tag : (tag_id voidP). Admitted. -(*Why axiom*) Lemma void_P_int : (int_of_tag void_P_tag) = 1. +(*Why axiom*) Lemma voidP_int : (int_of_tag voidP_tag) = 1. Admitted. +Dp_hint voidP_int. -(*Why axiom*) Lemma void_P_of_pointer_address_of_pointer_addr : - (forall (p:(pointer void_P)), - p = (void_P_of_pointer_address (pointer_address p))). +(*Why axiom*) Lemma voidP_of_pointer_address_of_pointer_addr : + (forall (p:(pointer voidP)), + p = (voidP_of_pointer_address (pointer_address p))). Admitted. +Dp_hint voidP_of_pointer_address_of_pointer_addr. -(*Why axiom*) Lemma void_P_parenttag_bottom : - (parenttag void_P_tag (@bottom_tag void_P)). +(*Why axiom*) Lemma voidP_parenttag_bottom : + (parenttag voidP_tag (@bottom_tag voidP)). Admitted. +Dp_hint voidP_parenttag_bottom. -(*Why axiom*) Lemma void_P_tags : - (forall (x:(pointer void_P)), - (forall (void_P_tag_table:(tag_table void_P)), - (instanceof void_P_tag_table x void_P_tag))). +(*Why axiom*) Lemma voidP_tags : + (forall (x:(pointer voidP)), + (forall (voidP_tag_table:(tag_table voidP)), + (instanceof voidP_tag_table x voidP_tag))). Admitted. +Dp_hint voidP_tags. +(* Why obligation from file "my_cosine.c", line 36, characters 4-111: *) +(*Why goal*) Lemma method_error : + (forall (x_3:R), + ((Rle (Rabs x_3) (1 / 32)%R) -> + (Rle + (Rabs + (Rminus (Rminus (1)%R (Rmult (Rmult x_3 x_3) (05 / 10)%R)) (cos x_3))) + (1 / 16777216)%R))). +Proof. +intros x H. + +interval with (i_bisect_diff x). +Save. +Dp_hint method_error. -(* Why obligation from file "my_cosine.c", line 13, characters 13-53: *) +(* Why obligation from file "my_cosine.c", line 44, characters 13-53: *) (*Why goal*) Lemma my_cos1_ensures_default_po_1 : forall (x_0: single), forall (HW_1: (* JC_3 *) (Rle (Rabs (single_value x_0)) (1 / 32)%R)), (* JC_13 *) - (* JC_13 *) (Rle (Rabs (Rminus @@ -180,10 +186,10 @@ (1 / 16777216)%R). Proof. intros x H. -interval with (i_bisect_diff (single_value x),i_nocheck). +interval with (i_bisect_diff (single_value x)). Save. -(* Why obligation from file "my_cosine.c", line 10, characters 12-46: *) +(* Why obligation from file "my_cosine.c", line 41, characters 12-46: *) (*Why goal*) Lemma my_cos1_ensures_default_po_2 : forall (x_0: single), forall (HW_1: (* JC_3 *) (Rle (Rabs (single_value x_0)) (1 / 32)%R)), @@ -201,23 +207,15 @@ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_6: (no_overflow_single - nearest_even (Rmult (single_value x_0) (single_value x_0))) /\ - (mul_single_post nearest_even x_0 x_0 result0)), + forall (HW_6: (mul_single_post nearest_even x_0 x_0 result0)), forall (result1: single), forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_8: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_8: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_9: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_9: (sub_single_post nearest_even result result2 result3)), forall (__retres: single), forall (HW_10: __retres = result3), forall (why__return: single), @@ -230,7 +228,7 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 14, characters 16-21: *) +(* Why obligation from file "my_cosine.c", line 45, characters 16-21: *) (*Why goal*) Lemma my_cos1_safety_po_1 : forall (x_0: single), forall (HW_1: (* JC_3 *) (Rle (Rabs (single_value x_0)) (1 / 32)%R)), @@ -253,7 +251,7 @@ admit. Save. -(* Why obligation from file "my_cosine.c", line 14, characters 16-28: *) +(* Why obligation from file "my_cosine.c", line 45, characters 16-28: *) (*Why goal*) Lemma my_cos1_safety_po_2 : forall (x_0: single), forall (HW_1: (* JC_3 *) (Rle (Rabs (single_value x_0)) (1 / 32)%R)), @@ -285,7 +283,7 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 14, characters 9-28: *) +(* Why obligation from file "my_cosine.c", line 45, characters 9-28: *) (*Why goal*) Lemma my_cos1_safety_po_3 : forall (x_0: single), forall (HW_1: (* JC_3 *) (Rle (Rabs (single_value x_0)) (1 / 32)%R)), @@ -321,48 +319,50 @@ admit. Save. -(* Why obligation from file "my_cosine.c", line 23, characters 13-49: *) +(* Why obligation from file "my_cosine.c", line 52, characters 13-27: *) (*Why goal*) Lemma my_cos2_ensures_default_po_1 : forall (x_0_0: single), forall (HW_1: (* JC_23 *) ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + (* JC_34 *) (eq (single_exact x_0_0) (single_value x_0_0)). +Proof. +admit. +Save. + +(* Why obligation from file "my_cosine.c", line 54, characters 13-49: *) +(*Why goal*) Lemma my_cos2_ensures_default_po_2 : + forall (x_0_0: single), + forall (HW_1: (* JC_23 *) + ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ + (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + forall (HW_4: (* JC_34 *) (eq (single_exact x_0_0) (single_value x_0_0))), forall (result: single), - forall (HW_4: (eq (single_value result) (1)%R) /\ + forall (HW_5: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_5: (no_overflow_single - nearest_even (Rmult - (single_value x_0_0) (single_value x_0_0))) /\ - (mul_single_post nearest_even x_0_0 x_0_0 result0)), + forall (HW_6: (mul_single_post nearest_even x_0_0 x_0_0 result0)), forall (result1: single), - forall (HW_6: (eq (single_value result1) (05 / 10)%R) /\ + forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_7: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_8: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_8: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_9: (sub_single_post nearest_even result result2 result3)), forall (r: single), - forall (HW_9: r = result3), - (* JC_36 *) - (* JC_36 *) + forall (HW_10: r = result3), + (* JC_38 *) (Rle (Rabs (Rminus (single_exact r) (cos (single_value x_0_0)))) (1 / 16777216)%R). Proof. -intros x (H1,H2). +intros x (H1,H2) Heq. intros r (_,(exa_r,_)). -intros r0 (_,(_,(exa_r0,_))). +intros r0 (_,(exa_r0,_)). intros r1 (_,(exa_r1,_)). -intros r2 (_,(_,(exa_r2,_))). -intros r3 (_,(_,(exa_r3,_))). +intros r2 (_,(exa_r2,_)). +intros r3 (_,(exa_r3,_)). intros r4 r4_eq. subst r4. rewrite exa_r3; clear exa_r3 r3. @@ -371,49 +371,39 @@ rewrite exa_r0; clear exa_r0 r0. rewrite exa_r; clear exa_r r. unfold single_round_error in H2. -assert (h:single_exact x = single_value x). - admit. (* TODO *) -rewrite h. -interval with (i_bisect_diff (single_value x),i_nocheck). +rewrite Heq. +interval with (i_bisect_diff (single_value x)). Save. -(* Why obligation from file "my_cosine.c", line 19, characters 12-46: *) -(*Why goal*) Lemma my_cos2_ensures_default_po_2 : +(* Why obligation from file "my_cosine.c", line 49, characters 12-46: *) +(*Why goal*) Lemma my_cos2_ensures_default_po_3 : forall (x_0_0: single), forall (HW_1: (* JC_23 *) ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + forall (HW_4: (* JC_34 *) (eq (single_exact x_0_0) (single_value x_0_0))), forall (result: single), - forall (HW_4: (eq (single_value result) (1)%R) /\ + forall (HW_5: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_5: (no_overflow_single - nearest_even (Rmult - (single_value x_0_0) (single_value x_0_0))) /\ - (mul_single_post nearest_even x_0_0 x_0_0 result0)), + forall (HW_6: (mul_single_post nearest_even x_0_0 x_0_0 result0)), forall (result1: single), - forall (HW_6: (eq (single_value result1) (05 / 10)%R) /\ + forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_7: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_8: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_8: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_9: (sub_single_post nearest_even result result2 result3)), forall (r: single), - forall (HW_9: r = result3), - forall (HW_10: (* JC_36 *) + forall (HW_10: r = result3), + forall (HW_11: (* JC_38 *) (Rle (Rabs (Rminus (single_exact r) (cos (single_value x_0_0)))) (1 / 16777216)%R)), forall (why__return: single), - forall (HW_11: why__return = r), + forall (HW_12: why__return = r), (* JC_25 *) (Rle (Rabs (Rminus (single_value why__return) (cos (single_value x_0_0)))) (1 / 8388608)%R). @@ -422,14 +412,15 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 22, characters 19-24: *) +(* Why obligation from file "my_cosine.c", line 53, characters 19-24: *) (*Why goal*) Lemma my_cos2_safety_po_1 : forall (x_0_0: single), forall (HW_1: (* JC_23 *) ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + forall (HW_4: (* JC_29 *) (eq (single_exact x_0_0) (single_value x_0_0))), forall (result: single), - forall (HW_4: (eq (single_value result) (1)%R) /\ + forall (HW_5: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), (no_overflow_single @@ -439,23 +430,24 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 22, characters 19-31: *) +(* Why obligation from file "my_cosine.c", line 53, characters 19-31: *) (*Why goal*) Lemma my_cos2_safety_po_2 : forall (x_0_0: single), forall (HW_1: (* JC_23 *) ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + forall (HW_4: (* JC_29 *) (eq (single_exact x_0_0) (single_value x_0_0))), forall (result: single), - forall (HW_4: (eq (single_value result) (1)%R) /\ + forall (HW_5: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), - forall (HW_5: (no_overflow_single + forall (HW_6: (no_overflow_single nearest_even (Rmult (single_value x_0_0) (single_value x_0_0)))), forall (result0: single), - forall (HW_6: (mul_single_post nearest_even x_0_0 x_0_0 result0)), + forall (HW_7: (mul_single_post nearest_even x_0_0 x_0_0 result0)), forall (result1: single), - forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ + forall (HW_8: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), (no_overflow_single @@ -465,30 +457,31 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 22, characters 12-31: *) +(* Why obligation from file "my_cosine.c", line 53, characters 12-31: *) (*Why goal*) Lemma my_cos2_safety_po_3 : forall (x_0_0: single), forall (HW_1: (* JC_23 *) ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + forall (HW_4: (* JC_29 *) (eq (single_exact x_0_0) (single_value x_0_0))), forall (result: single), - forall (HW_4: (eq (single_value result) (1)%R) /\ + forall (HW_5: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), - forall (HW_5: (no_overflow_single + forall (HW_6: (no_overflow_single nearest_even (Rmult (single_value x_0_0) (single_value x_0_0)))), forall (result0: single), - forall (HW_6: (mul_single_post nearest_even x_0_0 x_0_0 result0)), + forall (HW_7: (mul_single_post nearest_even x_0_0 x_0_0 result0)), forall (result1: single), - forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ + forall (HW_8: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), - forall (HW_8: (no_overflow_single + forall (HW_9: (no_overflow_single nearest_even (Rmult (single_value result0) (single_value result1)))), forall (result2: single), - forall (HW_9: (mul_single_post nearest_even result0 result1 result2)), + forall (HW_10: (mul_single_post nearest_even result0 result1 result2)), (no_overflow_single nearest_even (Rminus (single_value result) (single_value result2))). Proof. @@ -496,38 +489,29 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 35, characters 13-57: *) +(* Why obligation from file "my_cosine.c", line 66, characters 13-57: *) (*Why goal*) Lemma my_cos3_ensures_default_po_1 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_5: (no_overflow_single - nearest_even (Rmult (single_value x_1) (single_value x_1))) /\ - (mul_single_post nearest_even x_1 x_1 result0)), + forall (HW_5: (mul_single_post nearest_even x_1 x_1 result0)), forall (result1: single), forall (HW_6: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_7: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_7: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_8: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_8: (sub_single_post nearest_even result result2 result3)), forall (r_0: single), forall (HW_9: r_0 = result3), - (* JC_60 *) - (* JC_60 *) + (* JC_62 *) (Rle (Rabs (Rminus (single_exact r_0) (cos (single_exact x_1)))) (1 / 16777216)%R). Proof. @@ -535,45 +519,36 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 30, characters 12-62: *) +(* Why obligation from file "my_cosine.c", line 61, characters 12-62: *) (*Why goal*) Lemma my_cos3_ensures_default_po_2 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_5: (no_overflow_single - nearest_even (Rmult (single_value x_1) (single_value x_1))) /\ - (mul_single_post nearest_even x_1 x_1 result0)), + forall (HW_5: (mul_single_post nearest_even x_1 x_1 result0)), forall (result1: single), forall (HW_6: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_7: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_7: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_8: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_8: (sub_single_post nearest_even result result2 result3)), forall (r_0: single), forall (HW_9: r_0 = result3), - forall (HW_10: (* JC_60 *) + forall (HW_10: (* JC_62 *) (Rle (Rabs (Rminus (single_exact r_0) (cos (single_exact x_1)))) (1 / 16777216)%R)), forall (why__return: single), forall (HW_11: why__return = r_0), + (* JC_49 *) (* JC_47 *) - (* JC_45 *) - (* JC_45 *) (Rle (Rabs (Rminus (single_exact why__return) (cos (single_exact x_1)))) (1 / 16777216)%R). Proof. @@ -581,45 +556,36 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 31, characters 11-61: *) +(* Why obligation from file "my_cosine.c", line 62, characters 11-61: *) (*Why goal*) Lemma my_cos3_ensures_default_po_3 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_5: (no_overflow_single - nearest_even (Rmult (single_value x_1) (single_value x_1))) /\ - (mul_single_post nearest_even x_1 x_1 result0)), + forall (HW_5: (mul_single_post nearest_even x_1 x_1 result0)), forall (result1: single), forall (HW_6: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_7: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_7: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_8: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_8: (sub_single_post nearest_even result result2 result3)), forall (r_0: single), forall (HW_9: r_0 = result3), - forall (HW_10: (* JC_60 *) + forall (HW_10: (* JC_62 *) (Rle (Rabs (Rminus (single_exact r_0) (cos (single_exact x_1)))) (1 / 16777216)%R)), forall (why__return: single), forall (HW_11: why__return = r_0), - (* JC_47 *) - (* JC_46 *) - (* JC_46 *) + (* JC_49 *) + (* JC_48 *) (Rle (single_round_error why__return) (Rplus (single_round_error x_1) (3 / 16777216)%R)). Proof. @@ -627,12 +593,12 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 34, characters 19-24: *) +(* Why obligation from file "my_cosine.c", line 65, characters 19-24: *) (*Why goal*) Lemma my_cos3_safety_po_1 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ @@ -644,12 +610,12 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 34, characters 19-31: *) +(* Why obligation from file "my_cosine.c", line 65, characters 19-31: *) (*Why goal*) Lemma my_cos3_safety_po_2 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ @@ -669,12 +635,12 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 34, characters 12-31: *) +(* Why obligation from file "my_cosine.c", line 65, characters 12-31: *) (*Why goal*) Lemma my_cos3_safety_po_3 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ @@ -699,12 +665,11 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 43, characters 13-55: *) +(* Why obligation from file "my_cosine.c", line 74, characters 13-55: *) (*Why goal*) Lemma my_cos4_ensures_default_po_1 : forall (x_2: single), - forall (HW_1: (* JC_63 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), - (* JC_73 *) - (* JC_73 *) + forall (HW_1: (* JC_65 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), + (* JC_75 *) (Rle (Rabs (Rminus @@ -717,11 +682,11 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 40, characters 12-46: *) +(* Why obligation from file "my_cosine.c", line 71, characters 12-46: *) (*Why goal*) Lemma my_cos4_ensures_default_po_2 : forall (x_2: single), - forall (HW_1: (* JC_63 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), - forall (HW_4: (* JC_73 *) + forall (HW_1: (* JC_65 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), + forall (HW_4: (* JC_75 *) (Rle (Rabs (Rminus @@ -735,28 +700,20 @@ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_6: (no_overflow_single - nearest_even (Rmult (single_value x_2) (single_value x_2))) /\ - (mul_single_post nearest_even x_2 x_2 result0)), + forall (HW_6: (mul_single_post nearest_even x_2 x_2 result0)), forall (result1: single), forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_8: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_8: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_9: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_9: (sub_single_post nearest_even result result2 result3)), forall (__retres_0: single), forall (HW_10: __retres_0 = result3), forall (why__return: single), forall (HW_11: why__return = __retres_0), - (* JC_65 *) + (* JC_67 *) (Rle (Rabs (Rminus (single_value why__return) (cos (single_value x_2)))) (1 / 1048576)%R). Proof. @@ -764,11 +721,11 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 44, characters 16-21: *) +(* Why obligation from file "my_cosine.c", line 75, characters 16-21: *) (*Why goal*) Lemma my_cos4_safety_po_1 : forall (x_2: single), - forall (HW_1: (* JC_63 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), - forall (HW_4: (* JC_69 *) + forall (HW_1: (* JC_65 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), + forall (HW_4: (* JC_71 *) (Rle (Rabs (Rminus @@ -788,11 +745,11 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 44, characters 16-28: *) +(* Why obligation from file "my_cosine.c", line 75, characters 16-28: *) (*Why goal*) Lemma my_cos4_safety_po_2 : forall (x_2: single), - forall (HW_1: (* JC_63 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), - forall (HW_4: (* JC_69 *) + forall (HW_1: (* JC_65 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), + forall (HW_4: (* JC_71 *) (Rle (Rabs (Rminus @@ -820,11 +777,11 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 44, characters 9-28: *) +(* Why obligation from file "my_cosine.c", line 75, characters 9-28: *) (*Why goal*) Lemma my_cos4_safety_po_3 : forall (x_2: single), - forall (HW_1: (* JC_63 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), - forall (HW_4: (* JC_69 *) + forall (HW_1: (* JC_65 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), + forall (HW_4: (* JC_71 *) (Rle (Rabs (Rminus @@ -857,3 +814,4 @@ (* FILL PROOF HERE *) Save. + diff -Nru why-2.29+dfsg/tests/c/oracle/array_max.res.oracle why-2.30+dfsg/tests/c/oracle/array_max.res.oracle --- why-2.29+dfsg/tests/c/oracle/array_max.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/array_max.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,3566 @@ +========== file tests/c/array_max.c ========== +/* +COST Verification Competition. vladimir@cost-ic0701.org + +Challenge 1: Maximum in an array + +Given: A non-empty integer array a. + +Verify that the index returned by the method max() given below points to +an element maximal in the array. + +*/ + +/*@ requires len > 0 && \valid_range(a,0,len-1); + @ ensures 0 <= \result < len && + @ \forall integer i; 0 <= i < len ==> a[i] <= a[\result]; + @*/ +int max(int *a, int len) { + int x = 0; + int y = len-1; + /*@ loop invariant 0 <= x <= y < len && + @ \forall integer i; + @ 0 <= i < x || y < i < len ==> + @ a[i] <= \max(a[x],a[y]); + @ loop variant y - x; + @*/ + while (x != y) { + if (a[x] <= a[y]) x++; + else y--; + } + return x; +} + +/* +Local Variables: +compile-command: "make array_max.why3ml" +End: +*/ + +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/array_max.c" +[jessie] Starting Jessie translation +[jessie] Producing Jessie files in subdir tests/c/array_max.jessie +[jessie] File tests/c/array_max.jessie/array_max.jc written. +[jessie] File tests/c/array_max.jessie/array_max.cloc written. +========== file tests/c/array_max.jessie/array_max.jc ========== +# IntModel = bounded +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +type int32 = -2147483648..2147483647 + +type int8 = -128..127 + +tag intP = { + int32 intM: 32; +} + +type intP = [intP] + +tag charP = { + int8 charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +int32 max(intP[..] a, int32 len) + requires (C_28 : ((C_29 : (len > 0)) && + ((C_31 : (\offset_min(a) <= 0)) && + (C_32 : (\offset_max(a) >= (len - 1)))))); +behavior default: + ensures (C_23 : (((C_25 : (0 <= \result)) && + (C_26 : (\result < \at(len,Old)))) && + (C_27 : (\forall integer i_0; + (((0 <= i_0) && (i_0 < \at(len,Old))) ==> + ((\at(a,Old) + i_0).intM <= + (\at(a,Old) + \result).intM)))))); +{ + (var int32 x); + + (var int32 y); + + { (C_1 : (x = 0)); + (C_4 : (y = (C_3 : ((C_2 : (len - 1)) :> int32)))); + + loop + behavior default: + invariant (C_6 : (((C_8 : (0 <= x)) && + ((C_10 : (x <= y)) && (C_11 : (y < len)))) && + (C_12 : (\forall integer i; + ((((0 <= i) && (i < x)) || + ((y < i) && (i < len))) ==> + ((a + i).intM <= + \integer_max((a + x).intM, + (a + y).intM))))))); + variant (C_5 : (y - x)); + while (true) + { + { (if (x != y) then () else + (goto while_0_break)); + + { (if ((C_22 : (C_21 : (a + x)).intM) <= + (C_20 : (C_19 : (a + y)).intM)) then (C_18 : (x = + (C_17 : ((C_16 : + (x + + 1)) :> int32)))) else + (C_15 : (y = (C_14 : ((C_13 : (y - 1)) :> int32))))) + } + } + }; + (while_0_break : ()); + + (return x) + } +} +========== file tests/c/array_max.jessie/array_max.cloc ========== +[C_10] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 26 +end = 32 + +[C_11] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 31 +end = 38 + +[C_12] +file = "HOME/tests/c/array_max.c" +line = 21 +begin = 11 +end = 111 + +[C_13] +file = "HOME/tests/c/array_max.c" +line = 28 +begin = 9 +end = 12 + +[C_14] +file = "HOME/tests/c/array_max.c" +line = 28 +begin = 9 +end = 12 + +[C_15] +file = "HOME/tests/c/array_max.c" +line = 28 +begin = 9 +end = 12 + +[C_16] +file = "HOME/tests/c/array_max.c" +line = 27 +begin = 22 +end = 25 + +[C_17] +file = "HOME/tests/c/array_max.c" +line = 27 +begin = 22 +end = 25 + +[C_18] +file = "HOME/tests/c/array_max.c" +line = 27 +begin = 22 +end = 25 + +[C_19] +file = "HOME/tests/c/array_max.c" +line = 27 +begin = 16 +end = 17 + +[C_1] +file = "HOME/tests/c/array_max.c" +line = 18 +begin = 2 +end = 5 + +[C_2] +file = "HOME/tests/c/array_max.c" +line = 19 +begin = 10 +end = 15 + +[C_3] +file = "HOME/tests/c/array_max.c" +line = 19 +begin = 10 +end = 15 + +[C_4] +file = "HOME/tests/c/array_max.c" +line = 19 +begin = 2 +end = 5 + +[C_20] +file = "HOME/tests/c/array_max.c" +line = 27 +begin = 16 +end = 20 + +[C_5] +file = "HOME/tests/c/array_max.c" +line = 24 +begin = 19 +end = 24 + +[C_21] +file = "HOME/tests/c/array_max.c" +line = 27 +begin = 8 +end = 9 + +[C_6] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 21 +end = 153 + +[C_22] +file = "HOME/tests/c/array_max.c" +line = 27 +begin = 8 +end = 12 + +[C_7] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 21 +end = 38 + +[C_23] +file = "HOME/tests/c/array_max.c" +line = 14 +begin = 12 +end = 94 + +[C_8] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 21 +end = 27 + +[C_24] +file = "HOME/tests/c/array_max.c" +line = 14 +begin = 12 +end = 30 + +[C_9] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 26 +end = 38 + +[C_25] +file = "HOME/tests/c/array_max.c" +line = 14 +begin = 12 +end = 24 + +[C_26] +file = "HOME/tests/c/array_max.c" +line = 14 +begin = 17 +end = 30 + +[C_27] +file = "HOME/tests/c/array_max.c" +line = 15 +begin = 6 +end = 60 + +[C_28] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 13 +end = 47 + +[C_29] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 13 +end = 20 + +[C_30] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 24 +end = 47 + +[C_31] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 24 +end = 47 + +[C_32] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 24 +end = 47 + +[max] +name = "Function max" +file = "HOME/tests/c/array_max.c" +line = 17 +begin = 4 +end = 7 + +========== jessie execution ========== +Generating Why function max +========== file tests/c/array_max.jessie/array_max.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs array_max.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs array_max.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/array_max_why.sx + +project: why/array_max.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/array_max_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/array_max_why.vo + +coq/array_max_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/array_max_why.v: why/array_max.why + @echo 'why -coq [...] why/array_max.why' && $(WHY) $(JESSIELIBFILES) why/array_max.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/array_max_ctx_why.vo + for f in why/*_po*.why; do make -f array_max.makefile coq/`basename $$f .why`_why.v ; done + +coq/array_max_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/array_max_ctx_why.v: why/array_max_ctx.why + @echo 'why -coq [...] why/array_max_ctx.why' && $(WHY) why/array_max_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export array_max_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/array_max_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/array_max_ctx_why.vo + +pvs: pvs/array_max_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/array_max_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/array_max_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/array_max_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/array_max_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/array_max_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/array_max_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/array_max_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/array_max_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/array_max_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/array_max_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/array_max_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/array_max_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/array_max_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/array_max_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: array_max.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/array_max_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/array_max_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: array_max.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include array_max.depend + +depend: coq/array_max_why.v + -$(COQDEP) -I coq coq/array_max*_why.v > array_max.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/array_max.jessie/array_max.loc ========== +[JC_40] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_41] +file = "HOME/tests/c/array_max.jessie/array_max.jc" +line = 53 +begin = 6 +end = 1155 + +[JC_42] +file = "HOME/tests/c/array_max.jessie/array_max.jc" +line = 53 +begin = 6 +end = 1155 + +[JC_1] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 13 +end = 20 + +[JC_2] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 24 +end = 47 + +[JC_3] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 24 +end = 47 + +[JC_4] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 13 +end = 47 + +[JC_5] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_6] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 13 +end = 20 + +[JC_7] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 24 +end = 47 + +[JC_8] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 24 +end = 47 + +[JC_9] +file = "HOME/tests/c/array_max.c" +line = 13 +begin = 13 +end = 47 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_11] +file = "HOME/tests/c/array_max.c" +line = 14 +begin = 12 +end = 24 + +[max_safety] +name = "Function max" +behavior = "Safety" +file = "HOME/tests/c/array_max.c" +line = 17 +begin = 4 +end = 7 + +[JC_12] +file = "HOME/tests/c/array_max.c" +line = 14 +begin = 17 +end = 30 + +[JC_13] +file = "HOME/tests/c/array_max.c" +line = 15 +begin = 6 +end = 60 + +[JC_14] +file = "HOME/tests/c/array_max.c" +line = 14 +begin = 12 +end = 94 + +[JC_15] +file = "HOME/tests/c/array_max.c" +line = 14 +begin = 12 +end = 24 + +[JC_16] +file = "HOME/tests/c/array_max.c" +line = 14 +begin = 17 +end = 30 + +[JC_17] +file = "HOME/tests/c/array_max.c" +line = 15 +begin = 6 +end = 60 + +[JC_18] +file = "HOME/tests/c/array_max.c" +line = 14 +begin = 12 +end = 94 + +[max_ensures_default] +name = "Function max" +behavior = "default behavior" +file = "HOME/tests/c/array_max.c" +line = 17 +begin = 4 +end = 7 + +[JC_19] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_21] +kind = ArithOverflow +file = "HOME/tests/c/array_max.c" +line = 19 +begin = 10 +end = 15 + +[JC_22] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 21 +end = 27 + +[JC_23] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 26 +end = 32 + +[JC_24] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 31 +end = 38 + +[JC_25] +file = "HOME/tests/c/array_max.c" +line = 21 +begin = 11 +end = 111 + +[JC_26] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 21 +end = 153 + +[JC_27] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_28] +file = "HOME/tests/c/array_max.jessie/array_max.jc" +line = 53 +begin = 6 +end = 1155 + +[JC_29] +file = "HOME/tests/c/array_max.jessie/array_max.jc" +line = 53 +begin = 6 +end = 1155 + +[JC_30] +kind = PointerDeref +file = "HOME/tests/c/array_max.c" +line = 27 +begin = 8 +end = 12 + +[JC_31] +kind = PointerDeref +file = "HOME/tests/c/array_max.c" +line = 27 +begin = 16 +end = 20 + +[JC_32] +kind = ArithOverflow +file = "HOME/tests/c/array_max.c" +line = 27 +begin = 22 +end = 25 + +[JC_33] +kind = ArithOverflow +file = "HOME/tests/c/array_max.c" +line = 28 +begin = 9 +end = 12 + +[JC_34] +file = "HOME/tests/c/array_max.c" +line = 24 +begin = 19 +end = 24 + +[JC_35] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 21 +end = 27 + +[JC_36] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 26 +end = 32 + +[JC_37] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 31 +end = 38 + +[JC_38] +file = "HOME/tests/c/array_max.c" +line = 21 +begin = 11 +end = 111 + +[JC_39] +file = "HOME/tests/c/array_max.c" +line = 20 +begin = 21 +end = 153 + +========== file tests/c/array_max.jessie/why/array_max.why ========== +type charP + +type int32 + +type int8 + +type intP + +type padding + +type voidP + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_int8: int8 -> int + +predicate eq_int8(x:int8, y:int8) = + eq_int(integer_of_int8(x), integer_of_int8(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic int8_of_integer: int -> int8 + +axiom int8_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_int8(int8_of_integer(x)), x))) + +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + +axiom int8_range : + (forall x:int8. + (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) + +logic intP_tag: -> intP tag_id + +axiom intP_int : (int_of_tag(intP_tag) = (1)) + +logic intP_of_pointer_address: unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr : + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom : parenttag(intP_tag, bottom_tag) + +axiom intP_tags : + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. + instanceof(intP_tag_table, x, intP_tag))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_intP(p:intP pointer, a:int, + intP_alloc_table:intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_intP(p:intP pointer, b:int, + intP_alloc_table:intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +exception Goto_while_0_break_exc of unit + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter intP_alloc_table : intP alloc_table ref + +parameter intP_tag_table : intP tag_table ref + +parameter alloc_struct_intP : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { } intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter alloc_struct_intP_requires : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { ge_int(n, (0))} intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_int8 : unit -> { } int8 { true } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter int8_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} int8 + { eq_int(integer_of_int8(result), x) } + +parameter max : + a:intP pointer -> + len:int32 -> + intP_a_1_alloc_table:intP alloc_table -> + intP_intM_a_1:(intP, int32) memory -> + { } int32 + { (JC_18: + ((JC_15: le_int((0), integer_of_int32(result))) + and ((JC_16: lt_int(integer_of_int32(result), integer_of_int32(len))) + and (JC_17: + (forall i_0:int. + ((le_int((0), i_0) and lt_int(i_0, integer_of_int32(len))) -> + le_int(integer_of_int32(select(intP_intM_a_1, shift(a, i_0))), + integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(result))))))))))) } + +parameter max_requires : + a:intP pointer -> + len:int32 -> + intP_a_1_alloc_table:intP alloc_table -> + intP_intM_a_1:(intP, int32) memory -> + { (JC_4: + ((JC_1: gt_int(integer_of_int32(len), (0))) + and ((JC_2: le_int(offset_min(intP_a_1_alloc_table, a), (0))) + and (JC_3: + ge_int(offset_max(intP_a_1_alloc_table, a), + sub_int(integer_of_int32(len), (1)))))))} + int32 + { (JC_18: + ((JC_15: le_int((0), integer_of_int32(result))) + and ((JC_16: lt_int(integer_of_int32(result), integer_of_int32(len))) + and (JC_17: + (forall i_0:int. + ((le_int((0), i_0) and lt_int(i_0, integer_of_int32(len))) -> + le_int(integer_of_int32(select(intP_intM_a_1, shift(a, i_0))), + integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(result))))))))))) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_int8_of_integer_ : + x:int -> { } int8 { eq_int(integer_of_int8(result), x) } + +let max_ensures_default = + fun (a : intP pointer) (len : int32) (intP_a_1_alloc_table : intP alloc_table) (intP_intM_a_1 : (intP, int32) memory) -> + { (JC_9: + ((JC_6: gt_int(integer_of_int32(len), (0))) + and ((JC_7: le_int(offset_min(intP_a_1_alloc_table, a), (0))) + and (JC_8: + ge_int(offset_max(intP_a_1_alloc_table, a), + sub_int(integer_of_int32(len), (1))))))) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let x_0 = ref (any_int32 void) in + (let y = ref (any_int32 void) in + try + (C_1: + (C_4: + begin + (let jessie_ = (x_0 := (safe_int32_of_integer_ (0))) in void); + (let jessie_ = + (y := (C_3: + (safe_int32_of_integer_ (C_2: + ((sub_int (integer_of_int32 len)) (1)))))) in + void); + (loop_2: + while true do + { invariant + (JC_39: + ((JC_35: le_int((0), integer_of_int32(x_0))) + and ((JC_36: le_int(integer_of_int32(x_0), integer_of_int32(y))) + and ((JC_37: + lt_int(integer_of_int32(y), integer_of_int32(len))) + and (JC_38: + (forall i:int. + (((le_int((0), i) + and lt_int(i, integer_of_int32(x_0))) + or (lt_int(integer_of_int32(y), i) + and lt_int(i, integer_of_int32(len)))) -> + le_int(integer_of_int32(select(intP_intM_a_1, + shift(a, i))), + int_max(integer_of_int32(select(intP_intM_a_1, + shift(a, + integer_of_int32(x_0)))), + integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y))))))))))))) + } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + begin + (if ((neq_int_ (integer_of_int32 !x_0)) (integer_of_int32 !y)) + then void else (raise (Goto_while_0_break_exc void))); + (if ((le_int_ (integer_of_int32 (C_22: + ((safe_acc_ intP_intM_a_1) + (C_21: + ((shift a) (integer_of_int32 !x_0))))))) + (integer_of_int32 (C_20: + ((safe_acc_ intP_intM_a_1) (C_19: + ((shift a) + (integer_of_int32 !y))))))) + then + (C_18: + begin + (x_0 := (C_17: + (safe_int32_of_integer_ (C_16: + ((add_int (integer_of_int32 !x_0)) (1)))))); + !x_0 end) + else + (C_15: + begin + (y := (C_14: + (safe_int32_of_integer_ (C_13: + ((sub_int (integer_of_int32 !y)) (1)))))); + !y end)) end in void); (raise (Loop_continue_exc void)) end + with Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end)) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: begin void; (return := !x_0); (raise Return) end) end)); + absurd end with Return -> !return end)) + { (JC_14: + ((JC_11: le_int((0), integer_of_int32(result))) + and ((JC_12: lt_int(integer_of_int32(result), integer_of_int32(len))) + and (JC_13: + (forall i_0:int. + ((le_int((0), i_0) and lt_int(i_0, integer_of_int32(len))) -> + le_int(integer_of_int32(select(intP_intM_a_1, shift(a, i_0))), + integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(result))))))))))) } + +let max_safety = + fun (a : intP pointer) (len : int32) (intP_a_1_alloc_table : intP alloc_table) (intP_intM_a_1 : (intP, int32) memory) -> + { (JC_9: + ((JC_6: gt_int(integer_of_int32(len), (0))) + and ((JC_7: le_int(offset_min(intP_a_1_alloc_table, a), (0))) + and (JC_8: + ge_int(offset_max(intP_a_1_alloc_table, a), + sub_int(integer_of_int32(len), (1))))))) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let x_0 = ref (any_int32 void) in + (let y = ref (any_int32 void) in + try + (C_1: + (C_4: + begin + (let jessie_ = (x_0 := (safe_int32_of_integer_ (0))) in void); + (let jessie_ = + (y := (C_3: + (JC_21: + (int32_of_integer_ (C_2: ((sub_int (integer_of_int32 len)) (1))))))) in + void); + (loop_1: + while true do + { invariant (JC_28: true) + variant (JC_34 : sub_int(integer_of_int32(y), integer_of_int32(x_0))) } + begin + [ { } unit reads x_0,y + { (JC_26: + ((JC_22: le_int((0), integer_of_int32(x_0))) + and ((JC_23: + le_int(integer_of_int32(x_0), integer_of_int32(y))) + and ((JC_24: + lt_int(integer_of_int32(y), integer_of_int32(len))) + and (JC_25: + (forall i:int. + (((le_int((0), i) + and lt_int(i, integer_of_int32(x_0))) + or (lt_int(integer_of_int32(y), i) + and lt_int(i, integer_of_int32(len)))) -> + le_int(integer_of_int32(select(intP_intM_a_1, + shift(a, i))), + int_max(integer_of_int32(select(intP_intM_a_1, + shift(a, + integer_of_int32(x_0)))), + integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y))))))))))))) } ]; + try + begin + (let jessie_ = + begin + (if ((neq_int_ (integer_of_int32 !x_0)) (integer_of_int32 !y)) + then void else (raise (Goto_while_0_break_exc void))); + (if ((le_int_ (integer_of_int32 (C_22: + (JC_30: + ((((offset_acc_ intP_a_1_alloc_table) intP_intM_a_1) a) + (integer_of_int32 !x_0)))))) + (integer_of_int32 (C_20: + (JC_31: + ((((offset_acc_ intP_a_1_alloc_table) intP_intM_a_1) a) + (integer_of_int32 !y)))))) + then + (C_18: + begin + (x_0 := (C_17: + (JC_32: + (int32_of_integer_ (C_16: + ((add_int (integer_of_int32 !x_0)) (1))))))); + !x_0 end) + else + (C_15: + begin + (y := (C_14: + (JC_33: + (int32_of_integer_ (C_13: + ((sub_int (integer_of_int32 !y)) (1))))))); + !y end)) end in void); (raise (Loop_continue_exc void)) end + with Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end)) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: begin void; (return := !x_0); (raise Return) end) end)); + absurd end with Return -> !return end)) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/array_max.why +========== file tests/c/array_max.jessie/why/array_max_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type charP + +type int32 + +type int8 + +type intP + +type padding + +type voidP + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_int8 : int8 -> int + +predicate eq_int8(x: int8, y: int8) = + (integer_of_int8(x) = integer_of_int8(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic int8_of_integer : int -> int8 + +axiom int8_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_int8(int8_of_integer(x)) = x))) + +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + +axiom int8_range: + (forall x:int8. + (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) + +logic intP_tag : intP tag_id + +axiom intP_int: (int_of_tag(intP_tag) = 1) + +logic intP_of_pointer_address : unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr: + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom: parenttag(intP_tag, bottom_tag) + +axiom intP_tags: + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. instanceof(intP_tag_table, x, + intP_tag))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_intP(p: intP pointer, a: int, + intP_alloc_table: intP alloc_table) = (offset_min(intP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_intP(p: intP pointer, b: int, + intP_alloc_table: intP alloc_table) = (offset_max(intP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal max_ensures_default_po_1: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + ("JC_39": ("JC_35": (0 <= integer_of_int32(x_0)))) + +goal max_ensures_default_po_2: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + ("JC_39": ("JC_36": (integer_of_int32(x_0) <= integer_of_int32(y)))) + +goal max_ensures_default_po_3: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + ("JC_39": ("JC_37": (integer_of_int32(y) < integer_of_int32(len)))) + +goal max_ensures_default_po_4: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall i:int. + (((0 <= i) and (i < integer_of_int32(x_0))) or + ((integer_of_int32(y) < i) and (i < integer_of_int32(len)))) -> + ("JC_39": + ("JC_38": (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0)))), integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(y)))))))) + +goal max_ensures_default_po_5: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_39": + (("JC_35": (0 <= integer_of_int32(x_0_0))) and + (("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_37": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_38": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) <= integer_of_int32(result2)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(x_0_0) + 1)) -> + forall x_0_1:int32. + (x_0_1 = result3) -> + ("JC_39": ("JC_35": (0 <= integer_of_int32(x_0_1)))) + +goal max_ensures_default_po_6: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_39": + (("JC_35": (0 <= integer_of_int32(x_0_0))) and + (("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_37": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_38": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) <= integer_of_int32(result2)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(x_0_0) + 1)) -> + forall x_0_1:int32. + (x_0_1 = result3) -> + ("JC_39": ("JC_36": (integer_of_int32(x_0_1) <= integer_of_int32(y0)))) + +goal max_ensures_default_po_7: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_39": + (("JC_35": (0 <= integer_of_int32(x_0_0))) and + (("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_37": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_38": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) <= integer_of_int32(result2)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(x_0_0) + 1)) -> + forall x_0_1:int32. + (x_0_1 = result3) -> + ("JC_39": ("JC_37": (integer_of_int32(y0) < integer_of_int32(len)))) + +goal max_ensures_default_po_8: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_39": + (("JC_35": (0 <= integer_of_int32(x_0_0))) and + (("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_37": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_38": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) <= integer_of_int32(result2)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(x_0_0) + 1)) -> + forall x_0_1:int32. + (x_0_1 = result3) -> + forall i:int. + (((0 <= i) and (i < integer_of_int32(x_0_1))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + ("JC_39": + ("JC_38": (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_1)))), integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(y0)))))))) + +goal max_ensures_default_po_9: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_39": + (("JC_35": (0 <= integer_of_int32(x_0_0))) and + (("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_37": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_38": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) > integer_of_int32(result2)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(y0) - 1)) -> + forall y1:int32. + (y1 = result3) -> + ("JC_39": ("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y1)))) + +goal max_ensures_default_po_10: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_39": + (("JC_35": (0 <= integer_of_int32(x_0_0))) and + (("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_37": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_38": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) > integer_of_int32(result2)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(y0) - 1)) -> + forall y1:int32. + (y1 = result3) -> + ("JC_39": ("JC_37": (integer_of_int32(y1) < integer_of_int32(len)))) + +goal max_ensures_default_po_11: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_39": + (("JC_35": (0 <= integer_of_int32(x_0_0))) and + (("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_37": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_38": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) > integer_of_int32(result2)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(y0) - 1)) -> + forall y1:int32. + (y1 = result3) -> + forall i:int. + (((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y1) < i) and (i < integer_of_int32(len)))) -> + ("JC_39": + ("JC_38": (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(y1)))))))) + +goal max_ensures_default_po_12: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_39": + (("JC_35": (0 <= integer_of_int32(x_0_0))) and + (("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_37": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_38": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) = integer_of_int32(y0)) -> + forall return:int32. + (return = x_0_0) -> + ("JC_14": ("JC_11": (0 <= integer_of_int32(return)))) + +goal max_ensures_default_po_13: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_39": + (("JC_35": (0 <= integer_of_int32(x_0_0))) and + (("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_37": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_38": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) = integer_of_int32(y0)) -> + forall return:int32. + (return = x_0_0) -> + ("JC_14": ("JC_12": (integer_of_int32(return) < integer_of_int32(len)))) + +goal max_ensures_default_po_14: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_39": + (("JC_35": (0 <= integer_of_int32(x_0_0))) and + (("JC_36": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_37": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_38": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) = integer_of_int32(y0)) -> + forall return:int32. + (return = x_0_0) -> + forall i_0:int. + ((0 <= i_0) and (i_0 < integer_of_int32(len))) -> + ("JC_14": + ("JC_13": (integer_of_int32(select(intP_intM_a_1, shift(a, + i_0))) <= integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(return))))))) + +goal max_safety_po_1: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + ((-2147483648) <= (integer_of_int32(len) - 1)) + +goal max_safety_po_2: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + ((integer_of_int32(len) - 1) <= 2147483647) + +goal max_safety_po_3: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + (offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) + +goal max_safety_po_4: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a)) + +goal max_safety_po_5: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) and + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + (offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(y0)) + +goal max_safety_po_6: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) and + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + (integer_of_int32(y0) <= offset_max(intP_a_1_alloc_table, a)) + +goal max_safety_po_7: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) and + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(y0)) and + (integer_of_int32(y0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) <= integer_of_int32(result2)) -> + ((-2147483648) <= (integer_of_int32(x_0_0) + 1)) + +goal max_safety_po_8: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) and + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(y0)) and + (integer_of_int32(y0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) <= integer_of_int32(result2)) -> + ((integer_of_int32(x_0_0) + 1) <= 2147483647) + +goal max_safety_po_9: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) and + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(y0)) and + (integer_of_int32(y0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) <= integer_of_int32(result2)) -> + (((-2147483648) <= (integer_of_int32(x_0_0) + 1)) and + ((integer_of_int32(x_0_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(x_0_0) + 1)) -> + forall x_0_1:int32. + (x_0_1 = result3) -> + (0 <= ("JC_34": (integer_of_int32(y0) - integer_of_int32(x_0_0)))) + +goal max_safety_po_10: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) and + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(y0)) and + (integer_of_int32(y0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) <= integer_of_int32(result2)) -> + (((-2147483648) <= (integer_of_int32(x_0_0) + 1)) and + ((integer_of_int32(x_0_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(x_0_0) + 1)) -> + forall x_0_1:int32. + (x_0_1 = result3) -> + (("JC_34": (integer_of_int32(y0) - integer_of_int32(x_0_1))) < ("JC_34": + (integer_of_int32(y0) - integer_of_int32(x_0_0)))) + +goal max_safety_po_11: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) and + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(y0)) and + (integer_of_int32(y0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) > integer_of_int32(result2)) -> + ((-2147483648) <= (integer_of_int32(y0) - 1)) + +goal max_safety_po_12: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) and + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(y0)) and + (integer_of_int32(y0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) > integer_of_int32(result2)) -> + ((integer_of_int32(y0) - 1) <= 2147483647) + +goal max_safety_po_13: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) and + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(y0)) and + (integer_of_int32(y0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) > integer_of_int32(result2)) -> + (((-2147483648) <= (integer_of_int32(y0) - 1)) and + ((integer_of_int32(y0) - 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(y0) - 1)) -> + forall y1:int32. + (y1 = result3) -> + (0 <= ("JC_34": (integer_of_int32(y0) - integer_of_int32(x_0_0)))) + +goal max_safety_po_14: + forall a:intP pointer. + forall len:int32. + forall intP_a_1_alloc_table:intP alloc_table. + forall intP_intM_a_1:(intP, + int32) memory. + ("JC_9": + (("JC_6": (integer_of_int32(len) > 0)) and + (("JC_7": (offset_min(intP_a_1_alloc_table, a) <= 0)) and + ("JC_8": (offset_max(intP_a_1_alloc_table, + a) >= (integer_of_int32(len) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall x_0:int32. + (x_0 = result) -> + (((-2147483648) <= (integer_of_int32(len) - 1)) and + ((integer_of_int32(len) - 1) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len) - 1)) -> + forall y:int32. + (y = result0) -> + forall x_0_0:int32. + forall y0:int32. + ("JC_28": true) -> + ("JC_26": + (("JC_22": (0 <= integer_of_int32(x_0_0))) and + (("JC_23": (integer_of_int32(x_0_0) <= integer_of_int32(y0))) and + (("JC_24": (integer_of_int32(y0) < integer_of_int32(len))) and + ("JC_25": + (forall i:int. + ((((0 <= i) and (i < integer_of_int32(x_0_0))) or + ((integer_of_int32(y0) < i) and (i < integer_of_int32(len)))) -> + (integer_of_int32(select(intP_intM_a_1, shift(a, + i))) <= int_max(integer_of_int32(select(intP_intM_a_1, shift(a, + integer_of_int32(x_0_0)))), integer_of_int32(select(intP_intM_a_1, + shift(a, integer_of_int32(y0))))))))))))) -> + (integer_of_int32(x_0_0) <> integer_of_int32(y0)) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(x_0_0)) and + (integer_of_int32(x_0_0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result1:int32. + (result1 = select(intP_intM_a_1, shift(a, integer_of_int32(x_0_0)))) -> + ((offset_min(intP_a_1_alloc_table, a) <= integer_of_int32(y0)) and + (integer_of_int32(y0) <= offset_max(intP_a_1_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intP_intM_a_1, shift(a, integer_of_int32(y0)))) -> + (integer_of_int32(result1) > integer_of_int32(result2)) -> + (((-2147483648) <= (integer_of_int32(y0) - 1)) and + ((integer_of_int32(y0) - 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(y0) - 1)) -> + forall y1:int32. + (y1 = result3) -> + (("JC_34": (integer_of_int32(y1) - integer_of_int32(x_0_0))) < ("JC_34": + (integer_of_int32(y0) - integer_of_int32(x_0_0)))) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/array_max_why.why : ............................ (28/0/0/0/0) +total : 28 +valid : 28 (100%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 0 ( 0%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/binary_heap.res.oracle why-2.30+dfsg/tests/c/oracle/binary_heap.res.oracle --- why-2.29+dfsg/tests/c/oracle/binary_heap.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/binary_heap.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,9 +1,38 @@ ========== file tests/c/binary_heap.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ struct heap; - heap create(uint sz); void insert(heap u, int e); @@ -13,6 +42,6 @@ ========== frama-c -jessie execution ========== [kernel] preprocessing with "gcc -C -E -I. -dD tests/c/binary_heap.c" -tests/c/binary_heap.c:6:[kernel] user error: syntax error +tests/c/binary_heap.c:35:[kernel] user error: syntax error [kernel] user error: skipping file "tests/c/binary_heap.c" that has errors. [kernel] Frama-C aborted because of invalid user input. diff -Nru why-2.29+dfsg/tests/c/oracle/binary_search.res.oracle why-2.30+dfsg/tests/c/oracle/binary_search.res.oracle --- why-2.29+dfsg/tests/c/oracle/binary_search.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/binary_search.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,7 +1,38 @@ ========== file tests/c/binary_search.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // RUNSIMPLIFY this tells regtests to run Simplify in this example -// lemma mean: \forall integer x, y; x <= y ==> x <= (x+y)/2 <= y; +//@ lemma mean: \forall integer x, y; x <= y ==> x <= (x+y)/2 <= y; /*@ predicate sorted{L}(long *t, integer a, integer b) = @ \forall integer i,j; a <= i <= j <= b ==> t[i] <= t[j]; @@ -37,7 +68,7 @@ /* Local Variables: -compile-command: "frama-c -jessie binary_search.c" +compile-command: "make binary_search.why3ml" End: */ ========== frama-c -jessie execution ========== @@ -63,30 +94,35 @@ type int8 = -128..127 -tag long_P = { - int32 long_M: 32; +tag longP = { + int32 longM: 32; } -type long_P = [long_P] +type longP = [longP] -tag char_P = { - int8 char_M: 8; +tag charP = { + int8 charM: 8; } -type char_P = [char_P] +type charP = [charP] -tag void_P = { +tag voidP = { } -type void_P = [void_P] +type voidP = [voidP] + +lemma mean : +(\forall integer x; + (\forall integer y; + ((x <= y) ==> ((x <= ((x + y) / 2)) && (((x + y) / 2) <= y))))) -predicate sorted{L}(long_P[..] t, integer a, integer b) = +predicate sorted{L}(longP[..] t, integer a, integer b) = (\forall integer i; (\forall integer j; (((a <= i) && ((i <= j) && (j <= b))) ==> - ((t + i).long_M <= (t + j).long_M)))) + ((t + i).longM <= (t + j).longM)))) -int32 binary_search(long_P[..] t, int32 n, int32 v) +int32 binary_search(longP[..] t, int32 n, int32 v) requires (C_35 : ((C_36 : (n >= 0)) && ((C_38 : (\offset_min(t) <= 0)) && (C_39 : (\offset_max(t) >= (n - 1)))))); @@ -95,13 +131,13 @@ (C_32 : (\result < \at(n,Old))))); behavior success: ensures (C_33 : ((\result >= 0) ==> - ((\at(t,Old) + \result).long_M == \at(v,Old)))); + ((\at(t,Old) + \result).longM == \at(v,Old)))); behavior failure: assumes sorted{Here}(t, 0, (n - 1)); ensures (C_34 : ((\result == (- 1)) ==> (\forall integer k_0; (((0 <= k_0) && (k_0 < \at(n,Old))) ==> - ((\at(t,Old) + k_0).long_M != \at(v,Old)))))); + ((\at(t,Old) + k_0).longM != \at(v,Old)))))); { (var int32 l); @@ -119,7 +155,7 @@ invariant (C_7 : ((C_8 : (0 <= l)) && (C_9 : (u <= (n - 1))))); behavior failure: invariant (C_6 : (\forall integer k; - ((((0 <= k) && (k < n)) && ((t + k).long_M == v)) ==> + ((((0 <= k) && (k < n)) && ((t + k).longM == v)) ==> ((l <= k) && (k <= u))))); variant (C_5 : (u - l)); while (true) @@ -136,16 +172,16 @@ () }; - { (if ((C_28 : (C_27 : (t + m)).long_M) < v) then (C_26 : (l = - (C_25 : ( - (C_24 : - (m + - 1)) :> int32)))) else - (if ((C_23 : (C_22 : (t + m)).long_M) > v) then (C_21 : (u = - (C_20 : ( - (C_19 : - (m - - 1)) :> int32)))) else + { (if ((C_28 : (C_27 : (t + m)).longM) < v) then (C_26 : (l = + (C_25 : ( + (C_24 : + (m + + 1)) :> int32)))) else + (if ((C_23 : (C_22 : (t + m)).longM) > v) then (C_21 : (u = + (C_20 : ( + (C_19 : + (m - + 1)) :> int32)))) else { (C_18 : (__retres = m)); (goto return_label) @@ -163,242 +199,249 @@ ========== file tests/c/binary_search.jessie/binary_search.cloc ========== [C_10] file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 13 end = 18 [C_11] file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 13 end = 18 [C_12] file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 12 end = 23 [C_13] file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 12 end = 23 [C_14] file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 4 end = 7 [C_15] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 15 end = 26 [C_16] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 15 end = 21 [C_17] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 20 end = 26 [C_18] file = "HOME/tests/c/binary_search.c" -line = 32 +line = 63 begin = 9 end = 18 [C_19] file = "HOME/tests/c/binary_search.c" -line = 31 +line = 62 begin = 27 end = 32 [C_1] file = "HOME/tests/c/binary_search.c" -line = 19 +line = 50 begin = 2 end = 5 [C_2] file = "HOME/tests/c/binary_search.c" -line = 19 +line = 50 begin = 17 end = 20 [C_3] file = "HOME/tests/c/binary_search.c" -line = 19 +line = 50 begin = 17 end = 20 [C_4] file = "HOME/tests/c/binary_search.c" -line = 19 +line = 50 begin = 2 end = 5 [binary_search] name = "Function binary_search" file = "HOME/tests/c/binary_search.c" -line = 18 +line = 49 begin = 4 end = 17 [C_20] file = "HOME/tests/c/binary_search.c" -line = 31 +line = 62 begin = 27 end = 32 [C_5] file = "HOME/tests/c/binary_search.c" -line = 25 +line = 56 begin = 19 end = 22 [C_21] file = "HOME/tests/c/binary_search.c" -line = 31 +line = 62 begin = 27 end = 32 [C_6] file = "HOME/tests/c/binary_search.c" -line = 24 +line = 55 begin = 8 end = 66 [C_22] file = "HOME/tests/c/binary_search.c" -line = 31 +line = 62 begin = 13 end = 14 [C_7] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 8 end = 26 [C_23] file = "HOME/tests/c/binary_search.c" -line = 31 +line = 62 begin = 13 end = 17 [C_8] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 8 end = 14 [C_24] file = "HOME/tests/c/binary_search.c" -line = 30 +line = 61 begin = 22 end = 27 [C_9] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 18 end = 26 [C_25] file = "HOME/tests/c/binary_search.c" -line = 30 +line = 61 begin = 22 end = 27 +[mean] +name = "Lemma mean" +file = "HOME/tests/c/binary_search.c" +line = 34 +begin = 4 +end = 67 + [C_26] file = "HOME/tests/c/binary_search.c" -line = 30 +line = 61 begin = 22 end = 27 [C_27] file = "HOME/tests/c/binary_search.c" -line = 30 +line = 61 begin = 8 end = 9 [C_28] file = "HOME/tests/c/binary_search.c" -line = 30 +line = 61 begin = 8 end = 12 [C_29] file = "HOME/tests/c/binary_search.c" -line = 34 +line = 65 begin = 2 end = 12 [C_30] file = "HOME/tests/c/binary_search.c" -line = 10 +line = 41 begin = 12 end = 29 [C_31] file = "HOME/tests/c/binary_search.c" -line = 10 +line = 41 begin = 12 end = 25 [C_32] file = "HOME/tests/c/binary_search.c" -line = 10 +line = 41 begin = 18 end = 29 [C_33] file = "HOME/tests/c/binary_search.c" -line = 12 +line = 43 begin = 14 end = 46 [C_34] file = "HOME/tests/c/binary_search.c" -line = 15 +line = 46 begin = 14 end = 83 [C_35] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 13 end = 44 [C_36] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 13 end = 19 [C_37] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 23 end = 44 [C_38] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 23 end = 44 [C_39] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 23 end = 44 @@ -419,10 +462,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs binary_search.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/binary_search_why.sx @@ -483,6 +527,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/binary_search_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/binary_search_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -555,6 +606,9 @@ why3ide: why/binary_search_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: binary_search.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include binary_search.depend depend: coq/binary_search_why.v @@ -568,31 +622,31 @@ name = "Function binary_search" behavior = "Safety" file = "HOME/tests/c/binary_search.c" -line = 18 +line = 49 begin = 4 end = 17 [JC_40] file = "HOME/tests/c/binary_search.c" -line = 25 +line = 56 begin = 19 end = 22 [JC_41] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 8 end = 14 [JC_42] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 18 end = 26 [JC_43] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 8 end = 26 @@ -604,56 +658,56 @@ [JC_45] file = "HOME/tests/c/binary_search.jessie/binary_search.jc" -line = 68 +line = 73 begin = 6 -end = 1807 +end = 1796 [JC_46] file = "HOME/tests/c/binary_search.jessie/binary_search.jc" -line = 68 +line = 73 begin = 6 -end = 1807 +end = 1796 [JC_1] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 13 end = 19 [JC_47] kind = DivByZero file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 12 end = 23 [JC_2] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 23 end = 44 [JC_48] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 15 end = 21 [JC_3] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 23 end = 44 [JC_49] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 20 end = 26 [JC_4] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 13 end = 44 @@ -665,57 +719,57 @@ [JC_6] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 13 end = 19 [JC_7] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 23 end = 44 [JC_8] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 23 end = 44 [JC_9] file = "HOME/tests/c/binary_search.c" -line = 9 +line = 40 begin = 13 end = 44 [JC_50] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 15 end = 26 [binary_search_ensures_failure] name = "Function binary_search" -behavior = "Normal behavior `failure'" +behavior = "Behavior `failure'" file = "HOME/tests/c/binary_search.c" -line = 18 +line = 49 begin = 4 end = 17 [JC_51] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 8 end = 14 [JC_52] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 18 end = 26 [JC_53] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 8 end = 26 @@ -727,50 +781,50 @@ [JC_55] file = "HOME/tests/c/binary_search.jessie/binary_search.jc" -line = 68 +line = 73 begin = 6 -end = 1807 +end = 1796 [JC_56] file = "HOME/tests/c/binary_search.jessie/binary_search.jc" -line = 68 +line = 73 begin = 6 -end = 1807 +end = 1796 [JC_57] kind = DivByZero file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 12 end = 23 [JC_58] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 15 end = 21 [JC_59] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 20 end = 26 [JC_60] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 15 end = 26 [JC_61] file = "HOME/tests/c/binary_search.c" -line = 24 +line = 55 begin = 8 end = 66 [JC_62] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 8 end = 14 @@ -782,25 +836,25 @@ [JC_63] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 18 end = 26 [JC_11] file = "HOME/tests/c/binary_search.c" -line = 10 +line = 41 begin = 12 end = 25 [JC_64] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 8 end = 26 [JC_12] file = "HOME/tests/c/binary_search.c" -line = 10 +line = 41 begin = 18 end = 29 @@ -812,58 +866,58 @@ [JC_13] file = "HOME/tests/c/binary_search.c" -line = 10 +line = 41 begin = 12 end = 29 [JC_66] file = "HOME/tests/c/binary_search.jessie/binary_search.jc" -line = 68 +line = 73 begin = 6 -end = 1807 +end = 1796 [binary_search_ensures_success] name = "Function binary_search" -behavior = "Normal behavior `success'" +behavior = "Behavior `success'" file = "HOME/tests/c/binary_search.c" -line = 18 +line = 49 begin = 4 end = 17 [JC_14] file = "HOME/tests/c/binary_search.c" -line = 10 +line = 41 begin = 12 end = 25 [JC_67] file = "HOME/tests/c/binary_search.jessie/binary_search.jc" -line = 68 +line = 73 begin = 6 -end = 1807 +end = 1796 [JC_15] file = "HOME/tests/c/binary_search.c" -line = 10 +line = 41 begin = 18 end = 29 [JC_68] kind = DivByZero file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 12 end = 23 [JC_16] file = "HOME/tests/c/binary_search.c" -line = 10 +line = 41 begin = 12 end = 29 [JC_69] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 15 end = 21 @@ -881,62 +935,70 @@ [JC_19] file = "HOME/tests/c/binary_search.c" -line = 12 +line = 43 begin = 14 end = 46 +[mean] +name = "Lemma mean" +behavior = "lemma" +file = "HOME/tests/c/binary_search.c" +line = 34 +begin = 4 +end = 67 + [JC_70] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 20 end = 26 [JC_71] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 15 end = 26 [JC_20] file = "HOME/tests/c/binary_search.c" -line = 12 +line = 43 begin = 14 end = 46 [JC_21] file = "HOME/tests/c/binary_search.c" -line = 15 +line = 46 begin = 14 end = 83 [JC_22] file = "HOME/tests/c/binary_search.c" -line = 15 +line = 46 begin = 14 end = 83 [JC_23] kind = ArithOverflow file = "HOME/tests/c/binary_search.c" -line = 19 +line = 50 begin = 17 end = 20 [JC_24] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 8 end = 14 [JC_25] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 18 end = 26 [JC_26] file = "HOME/tests/c/binary_search.c" -line = 21 +line = 52 begin = 8 end = 26 @@ -948,128 +1010,119 @@ [JC_28] file = "HOME/tests/c/binary_search.jessie/binary_search.jc" -line = 68 +line = 73 begin = 6 -end = 1807 +end = 1796 [JC_29] file = "HOME/tests/c/binary_search.jessie/binary_search.jc" -line = 68 +line = 73 begin = 6 -end = 1807 +end = 1796 [JC_30] kind = ArithOverflow file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 13 end = 18 [JC_31] kind = DivByZero file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 12 end = 23 [binary_search_ensures_default] name = "Function binary_search" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/binary_search.c" -line = 18 +line = 49 begin = 4 end = 17 [JC_32] kind = ArithOverflow file = "HOME/tests/c/binary_search.c" -line = 28 +line = 59 begin = 12 end = 23 [JC_33] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 15 end = 21 [JC_34] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 20 end = 26 [JC_35] file = "HOME/tests/c/binary_search.c" -line = 29 +line = 60 begin = 15 end = 26 [JC_36] kind = PointerDeref file = "HOME/tests/c/binary_search.c" -line = 30 +line = 61 begin = 8 end = 12 [JC_37] kind = ArithOverflow file = "HOME/tests/c/binary_search.c" -line = 30 +line = 61 begin = 22 end = 27 [JC_38] kind = PointerDeref file = "HOME/tests/c/binary_search.c" -line = 31 +line = 62 begin = 13 end = 17 [JC_39] kind = ArithOverflow file = "HOME/tests/c/binary_search.c" -line = 31 +line = 62 begin = 27 end = 32 ========== file tests/c/binary_search.jessie/why/binary_search.why ========== -type char_P +type charP type int32 type int8 -type long_P +type longP type padding -type void_P +type voidP -exception Goto_while_0_break_exc of unit +logic charP_tag: -> charP tag_id -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit +axiom charP_int : (int_of_tag(charP_tag) = (1)) -exception Return_label_exc of unit +logic charP_of_pointer_address: unit pointer -> charP pointer -logic char_P_tag: -> char_P tag_id +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_int : (int_of_tag(char_P_tag) = (1)) +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) -logic char_P_of_pointer_address: unit pointer -> char_P pointer - -axiom char_P_of_pointer_address_of_pointer_addr : - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) - -axiom char_P_parenttag_bottom : parenttag(char_P_tag, bottom_tag) - -axiom char_P_tags : - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. - instanceof(char_P_tag_table, x, char_P_tag))) +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) logic integer_of_int32: int32 -> int @@ -1088,6 +1141,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -1100,356 +1158,300 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_int8(int8_of_integer(x)), x))) +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + axiom int8_range : (forall x:int8. (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) -predicate left_valid_struct_char_P(p:char_P pointer, a:int, - char_P_alloc_table:char_P alloc_table) = - (offset_min(char_P_alloc_table, p) <= a) +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) -predicate left_valid_struct_long_P(p:long_P pointer, a:int, - long_P_alloc_table:long_P alloc_table) = - (offset_min(long_P_alloc_table, p) <= a) +predicate left_valid_struct_longP(p:longP pointer, a:int, + longP_alloc_table:longP alloc_table) = + (offset_min(longP_alloc_table, p) <= a) -predicate left_valid_struct_void_P(p:void_P pointer, a:int, - void_P_alloc_table:void_P alloc_table) = - (offset_min(void_P_alloc_table, p) <= a) +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) -logic long_P_tag: -> long_P tag_id +logic longP_tag: -> longP tag_id -axiom long_P_int : (int_of_tag(long_P_tag) = (1)) +axiom longP_int : (int_of_tag(longP_tag) = (1)) -logic long_P_of_pointer_address: unit pointer -> long_P pointer +logic longP_of_pointer_address: unit pointer -> longP pointer -axiom long_P_of_pointer_address_of_pointer_addr : - (forall p:long_P pointer. - (p = long_P_of_pointer_address(pointer_address(p)))) +axiom longP_of_pointer_address_of_pointer_addr : + (forall p:longP pointer. (p = longP_of_pointer_address(pointer_address(p)))) -axiom long_P_parenttag_bottom : parenttag(long_P_tag, bottom_tag) +axiom longP_parenttag_bottom : parenttag(longP_tag, bottom_tag) -axiom long_P_tags : - (forall x:long_P pointer. - (forall long_P_tag_table:long_P tag_table. - instanceof(long_P_tag_table, x, long_P_tag))) +axiom longP_tags : + (forall x:longP pointer. + (forall longP_tag_table:longP tag_table. + instanceof(longP_tag_table, x, longP_tag))) -axiom pointer_addr_of_char_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(char_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) -axiom pointer_addr_of_long_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(long_P_of_pointer_address(p)))) +axiom pointer_addr_of_longP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(longP_of_pointer_address(p)))) -logic void_P_of_pointer_address: unit pointer -> void_P pointer +logic voidP_of_pointer_address: unit pointer -> voidP pointer -axiom pointer_addr_of_void_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) -predicate right_valid_struct_char_P(p:char_P pointer, b:int, - char_P_alloc_table:char_P alloc_table) = - (offset_max(char_P_alloc_table, p) >= b) +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) -predicate right_valid_struct_long_P(p:long_P pointer, b:int, - long_P_alloc_table:long_P alloc_table) = - (offset_max(long_P_alloc_table, p) >= b) +predicate right_valid_struct_longP(p:longP pointer, b:int, + longP_alloc_table:longP alloc_table) = + (offset_max(longP_alloc_table, p) >= b) -predicate right_valid_struct_void_P(p:void_P pointer, b:int, - void_P_alloc_table:void_P alloc_table) = - (offset_max(void_P_alloc_table, p) >= b) +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) -predicate sorted(t:long_P pointer, a:int, b:int, - long_P_long_M_t_1_at_L:(long_P, int32) memory) = +predicate sorted(t:longP pointer, a:int, b:int, + longP_longM_t_1_at_L:(longP, int32) memory) = (forall i:int. (forall j:int. ((le_int(a, i) and (le_int(i, j) and le_int(j, b))) -> - le_int(integer_of_int32(select(long_P_long_M_t_1_at_L, shift(t, i))), - integer_of_int32(select(long_P_long_M_t_1_at_L, shift(t, j))))))) - -predicate strict_valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_long_P(p:long_P pointer, a:int, b:int, - long_P_alloc_table:long_P alloc_table) = - ((offset_min(long_P_alloc_table, p) = a) - and (offset_max(long_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_long_P(p:long_P pointer, a:int, b:int, - long_P_alloc_table:long_P alloc_table) = - ((offset_min(long_P_alloc_table, p) = a) - and (offset_max(long_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_long_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_long_P(p:long_P pointer, a:int, b:int, - long_P_alloc_table:long_P alloc_table) = - ((offset_min(long_P_alloc_table, p) <= a) - and (offset_max(long_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_long_P(p:long_P pointer, a:int, b:int, - long_P_alloc_table:long_P alloc_table) = - ((offset_min(long_P_alloc_table, p) <= a) - and (offset_max(long_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag: -> void_P tag_id - -axiom void_P_int : (int_of_tag(void_P_tag) = (1)) - -axiom void_P_of_pointer_address_of_pointer_addr : - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom : parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags : - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. - instanceof(void_P_tag_table, x, void_P_tag))) - -parameter alloc_bitvector_struct_char_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + le_int(integer_of_int32(select(longP_longM_t_1_at_L, shift(t, i))), + integer_of_int32(select(longP_longM_t_1_at_L, shift(t, j))))))) -parameter alloc_bitvector_struct_char_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_longP(p:longP pointer, a:int, b:int, + longP_alloc_table:longP alloc_table) = + ((offset_min(longP_alloc_table, p) = a) + and (offset_max(longP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_longP(p:longP pointer, a:int, b:int, + longP_alloc_table:longP alloc_table) = + ((offset_min(longP_alloc_table, p) = a) + and (offset_max(longP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_longP(p:longP pointer, a:int, b:int, + longP_alloc_table:longP alloc_table) = + ((offset_min(longP_alloc_table, p) <= a) + and (offset_max(longP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_longP(p:longP pointer, a:int, b:int, + longP_alloc_table:longP alloc_table) = + ((offset_min(longP_alloc_table, p) <= a) + and (offset_max(longP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +lemma mean : + (forall x_0:int. + (forall y:int. + (le_int(x_0, y) -> + (le_int(x_0, computer_div(add_int(x_0, y), (2))) + and le_int(computer_div(add_int(x_0, y), (2)), y))))) -parameter alloc_bitvector_struct_long_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_long_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Goto_while_0_break_exc of unit -parameter alloc_bitvector_struct_long_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_long_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_void_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_void_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter char_P_alloc_table : char_P alloc_table ref +parameter charP_alloc_table : charP alloc_table ref -parameter char_P_tag_table : char_P tag_table ref +parameter charP_tag_table : charP tag_table ref -parameter alloc_struct_char_P : +parameter alloc_struct_charP : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { } char_P pointer writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter alloc_struct_char_P_requires : +parameter alloc_struct_charP_requires : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { ge_int(n, (0))} char_P pointer - writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter long_P_alloc_table : long_P alloc_table ref +parameter longP_alloc_table : longP alloc_table ref -parameter long_P_tag_table : long_P tag_table ref +parameter longP_tag_table : longP tag_table ref -parameter alloc_struct_long_P : +parameter alloc_struct_longP : n:int -> - long_P_alloc_table:long_P alloc_table ref -> - long_P_tag_table:long_P tag_table ref -> - { } long_P pointer writes long_P_alloc_table,long_P_tag_table - { (strict_valid_struct_long_P(result, (0), sub_int(n, (1)), - long_P_alloc_table) - and (alloc_extends(long_P_alloc_table@, long_P_alloc_table) - and (alloc_fresh(long_P_alloc_table@, result, n) - and instanceof(long_P_tag_table, result, long_P_tag)))) } + longP_alloc_table:longP alloc_table ref -> + longP_tag_table:longP tag_table ref -> + { } longP pointer writes longP_alloc_table,longP_tag_table + { (strict_valid_struct_longP(result, (0), sub_int(n, (1)), + longP_alloc_table) + and (alloc_extends(longP_alloc_table@, longP_alloc_table) + and (alloc_fresh(longP_alloc_table@, result, n) + and instanceof(longP_tag_table, result, longP_tag)))) } -parameter alloc_struct_long_P_requires : +parameter alloc_struct_longP_requires : n:int -> - long_P_alloc_table:long_P alloc_table ref -> - long_P_tag_table:long_P tag_table ref -> - { ge_int(n, (0))} long_P pointer - writes long_P_alloc_table,long_P_tag_table - { (strict_valid_struct_long_P(result, (0), sub_int(n, (1)), - long_P_alloc_table) - and (alloc_extends(long_P_alloc_table@, long_P_alloc_table) - and (alloc_fresh(long_P_alloc_table@, result, n) - and instanceof(long_P_tag_table, result, long_P_tag)))) } + longP_alloc_table:longP alloc_table ref -> + longP_tag_table:longP tag_table ref -> + { ge_int(n, (0))} longP pointer writes longP_alloc_table,longP_tag_table + { (strict_valid_struct_longP(result, (0), sub_int(n, (1)), + longP_alloc_table) + and (alloc_extends(longP_alloc_table@, longP_alloc_table) + and (alloc_fresh(longP_alloc_table@, result, n) + and instanceof(longP_tag_table, result, longP_tag)))) } -parameter void_P_alloc_table : void_P alloc_table ref +parameter voidP_alloc_table : voidP alloc_table ref -parameter void_P_tag_table : void_P tag_table ref +parameter voidP_tag_table : voidP tag_table ref -parameter alloc_struct_void_P : +parameter alloc_struct_voidP : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { } void_P pointer writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } -parameter alloc_struct_void_P_requires : +parameter alloc_struct_voidP_requires : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { ge_int(n, (0))} void_P pointer - writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } parameter any_int32 : unit -> { } int32 { true } parameter any_int8 : unit -> { } int8 { true } parameter binary_search : - t_0:long_P pointer -> + t_0:longP pointer -> n:int32 -> v:int32 -> - long_P_t_2_alloc_table:long_P alloc_table -> - long_P_long_M_t_2:(long_P, int32) memory -> + longP_t_2_alloc_table:longP alloc_table -> + longP_longM_t_2:(longP, int32) memory -> { } int32 - { ((sorted(t_0@, (0), sub_int(integer_of_int32(n@), (1)), - long_P_long_M_t_2@) -> + { ((sorted(t_0, (0), sub_int(integer_of_int32(n), (1)), + longP_longM_t_2) -> (JC_22: - (eq_int(integer_of_int32(result), neg_int((1))) -> + ((integer_of_int32(result) = neg_int((1))) -> (forall k_0:int. - ((le_int((0), k_0) and lt_int(k_0, integer_of_int32(n@))) -> - neq_int(integer_of_int32(select(long_P_long_M_t_2, - shift(t_0@, k_0))), - integer_of_int32(v@))))))) + ((le_int((0), k_0) and lt_int(k_0, integer_of_int32(n))) -> + (integer_of_int32(select(longP_longM_t_2, shift(t_0, k_0))) <> + integer_of_int32(v))))))) and ((JC_20: (ge_int(integer_of_int32(result), (0)) -> - eq_int(integer_of_int32(select(long_P_long_M_t_2, - shift(t_0@, integer_of_int32(result)))), - integer_of_int32(v@)))) + (integer_of_int32(select(longP_longM_t_2, + shift(t_0, integer_of_int32(result)))) = + integer_of_int32(v)))) and (JC_16: ((JC_14: le_int(neg_int((1)), integer_of_int32(result))) and (JC_15: - lt_int(integer_of_int32(result), integer_of_int32(n@))))))) } + lt_int(integer_of_int32(result), integer_of_int32(n))))))) } parameter binary_search_requires : - t_0:long_P pointer -> + t_0:longP pointer -> n:int32 -> v:int32 -> - long_P_t_2_alloc_table:long_P alloc_table -> - long_P_long_M_t_2:(long_P, int32) memory -> + longP_t_2_alloc_table:longP alloc_table -> + longP_longM_t_2:(longP, int32) memory -> { (JC_4: ((JC_1: ge_int(integer_of_int32(n), (0))) - and ((JC_2: le_int(offset_min(long_P_t_2_alloc_table, t_0), (0))) + and ((JC_2: le_int(offset_min(longP_t_2_alloc_table, t_0), (0))) and (JC_3: - ge_int(offset_max(long_P_t_2_alloc_table, t_0), + ge_int(offset_max(longP_t_2_alloc_table, t_0), sub_int(integer_of_int32(n), (1)))))))} int32 - { ((sorted(t_0@, (0), sub_int(integer_of_int32(n@), (1)), - long_P_long_M_t_2@) -> + { ((sorted(t_0, (0), sub_int(integer_of_int32(n), (1)), + longP_longM_t_2) -> (JC_22: - (eq_int(integer_of_int32(result), neg_int((1))) -> + ((integer_of_int32(result) = neg_int((1))) -> (forall k_0:int. - ((le_int((0), k_0) and lt_int(k_0, integer_of_int32(n@))) -> - neq_int(integer_of_int32(select(long_P_long_M_t_2, - shift(t_0@, k_0))), - integer_of_int32(v@))))))) + ((le_int((0), k_0) and lt_int(k_0, integer_of_int32(n))) -> + (integer_of_int32(select(longP_longM_t_2, shift(t_0, k_0))) <> + integer_of_int32(v))))))) and ((JC_20: (ge_int(integer_of_int32(result), (0)) -> - eq_int(integer_of_int32(select(long_P_long_M_t_2, - shift(t_0@, integer_of_int32(result)))), - integer_of_int32(v@)))) + (integer_of_int32(select(longP_longM_t_2, + shift(t_0, integer_of_int32(result)))) = + integer_of_int32(v)))) and (JC_16: ((JC_14: le_int(neg_int((1)), integer_of_int32(result))) and (JC_15: - lt_int(integer_of_int32(result), integer_of_int32(n@))))))) } + lt_int(integer_of_int32(result), integer_of_int32(n))))))) } parameter int32_of_integer_ : x:int -> @@ -1468,12 +1470,12 @@ x:int -> { } int8 { eq_int(integer_of_int8(result), x) } let binary_search_ensures_default = - fun (t_0 : long_P pointer) (n : int32) (v : int32) (long_P_t_2_alloc_table : long_P alloc_table) (long_P_long_M_t_2 : (long_P, int32) memory) -> + fun (t_0 : longP pointer) (n : int32) (v : int32) (longP_t_2_alloc_table : longP alloc_table) (longP_longM_t_2 : (longP, int32) memory) -> { (JC_9: ((JC_6: ge_int(integer_of_int32(n), (0))) - and ((JC_7: le_int(offset_min(long_P_t_2_alloc_table, t_0), (0))) + and ((JC_7: le_int(offset_min(longP_t_2_alloc_table, t_0), (0))) and (JC_8: - ge_int(offset_max(long_P_t_2_alloc_table, t_0), + ge_int(offset_max(longP_t_2_alloc_table, t_0), sub_int(integer_of_int32(n), (1))))))) } (init: (let return = ref (any_int32 void) in @@ -1484,10 +1486,8 @@ (let m = ref (any_int32 void) in (let __retres = ref (any_int32 void) in try - (let jessie_ = begin try - (let jessie_ = (C_1: (C_4: begin @@ -1508,14 +1508,10 @@ begin [ { } unit { true } ]; try - (let jessie_ = (C_14: begin (if ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = (m := (C_13: (safe_int32_of_integer_ (C_12: @@ -1534,7 +1530,7 @@ and (JC_49: le_int(integer_of_int32(m), integer_of_int32(u))))) }; void); void; (if ((lt_int_ (integer_of_int32 (C_28: - ((safe_acc_ long_P_long_M_t_2) + ((safe_acc_ longP_longM_t_2) (C_27: ((shift t_0) (integer_of_int32 !m))))))) (integer_of_int32 v)) @@ -1547,7 +1543,7 @@ void) else (if ((gt_int_ (integer_of_int32 (C_23: - ((safe_acc_ long_P_long_M_t_2) + ((safe_acc_ longP_longM_t_2) (C_22: ((shift t_0) (integer_of_int32 !m))))))) (integer_of_int32 v)) @@ -1559,36 +1555,35 @@ ((sub_int (integer_of_int32 !m)) (1))))))) in void) else - (let jessie_ = (C_18: begin (let jessie_ = (__retres := !m) in void); - (raise (Return_label_exc void)) end) in void))); - (raise (Loop_continue_exc void)) end) in void) with + (raise (Return_label_exc void)) end))); + (raise (Loop_continue_exc void)) end) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (let jessie_ = (while_0_break: (C_29: begin void; (__retres := (safe_int32_of_integer_ (neg_int (1)))); - !__retres end)) in void) end; (raise (Return_label_exc void)) end in - void) with Return_label_exc jessie_ -> + !__retres end)) in void) end; (raise (Return_label_exc void)) end + with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end)))); absurd end with Return -> !return end)) { (JC_13: ((JC_11: le_int(neg_int((1)), integer_of_int32(result))) - and (JC_12: lt_int(integer_of_int32(result), integer_of_int32(n@))))) } + and (JC_12: lt_int(integer_of_int32(result), integer_of_int32(n))))) } let binary_search_ensures_failure = - fun (t_0 : long_P pointer) (n : int32) (v : int32) (long_P_t_2_alloc_table : long_P alloc_table) (long_P_long_M_t_2 : (long_P, int32) memory) -> - { (sorted(t_0, (0), sub_int(integer_of_int32(n), (1)), long_P_long_M_t_2) + fun (t_0 : longP pointer) (n : int32) (v : int32) (longP_t_2_alloc_table : longP alloc_table) (longP_longM_t_2 : (longP, int32) memory) -> + { (sorted(t_0, (0), sub_int(integer_of_int32(n), (1)), longP_longM_t_2) and (JC_9: ((JC_6: ge_int(integer_of_int32(n), (0))) - and ((JC_7: le_int(offset_min(long_P_t_2_alloc_table, t_0), (0))) + and ((JC_7: le_int(offset_min(longP_t_2_alloc_table, t_0), (0))) and (JC_8: - ge_int(offset_max(long_P_t_2_alloc_table, t_0), + ge_int(offset_max(longP_t_2_alloc_table, t_0), sub_int(integer_of_int32(n), (1)))))))) } (init: (let return = ref (any_int32 void) in @@ -1599,10 +1594,8 @@ (let m = ref (any_int32 void) in (let __retres = ref (any_int32 void) in try - (let jessie_ = begin try - (let jessie_ = (C_1: (C_4: begin @@ -1619,9 +1612,8 @@ (forall k:int. ((le_int((0), k) and (lt_int(k, integer_of_int32(n)) - and eq_int(integer_of_int32(select(long_P_long_M_t_2, - shift(t_0, k))), - integer_of_int32(v)))) -> + and (integer_of_int32(select(longP_longM_t_2, + shift(t_0, k))) = integer_of_int32(v)))) -> (le_int(integer_of_int32(l), k) and le_int(k, integer_of_int32(u)))))) } begin @@ -1632,14 +1624,10 @@ le_int(integer_of_int32(u), sub_int(integer_of_int32(n), (1)))))) } ]; try - (let jessie_ = (C_14: begin (if ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = (m := (C_13: (safe_int32_of_integer_ (C_12: @@ -1659,7 +1647,7 @@ le_int(integer_of_int32(m), integer_of_int32(u))))) } ]; void; (if ((lt_int_ (integer_of_int32 (C_28: - ((safe_acc_ long_P_long_M_t_2) + ((safe_acc_ longP_longM_t_2) (C_27: ((shift t_0) (integer_of_int32 !m))))))) (integer_of_int32 v)) @@ -1672,7 +1660,7 @@ void) else (if ((gt_int_ (integer_of_int32 (C_23: - ((safe_acc_ long_P_long_M_t_2) + ((safe_acc_ longP_longM_t_2) (C_22: ((shift t_0) (integer_of_int32 !m))))))) (integer_of_int32 v)) @@ -1684,38 +1672,37 @@ ((sub_int (integer_of_int32 !m)) (1))))))) in void) else - (let jessie_ = (C_18: begin (let jessie_ = (__retres := !m) in void); - (raise (Return_label_exc void)) end) in void))); - (raise (Loop_continue_exc void)) end) in void) with + (raise (Return_label_exc void)) end))); + (raise (Loop_continue_exc void)) end) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (let jessie_ = (while_0_break: (C_29: begin void; (__retres := (safe_int32_of_integer_ (neg_int (1)))); - !__retres end)) in void) end; (raise (Return_label_exc void)) end in - void) with Return_label_exc jessie_ -> + !__retres end)) in void) end; (raise (Return_label_exc void)) end + with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end)))); absurd end with Return -> !return end)) { (JC_21: - (eq_int(integer_of_int32(result), neg_int((1))) -> + ((integer_of_int32(result) = neg_int((1))) -> (forall k_0:int. - ((le_int((0), k_0) and lt_int(k_0, integer_of_int32(n@))) -> - neq_int(integer_of_int32(select(long_P_long_M_t_2, shift(t_0@, k_0))), - integer_of_int32(v@)))))) } + ((le_int((0), k_0) and lt_int(k_0, integer_of_int32(n))) -> + (integer_of_int32(select(longP_longM_t_2, shift(t_0, k_0))) <> + integer_of_int32(v)))))) } let binary_search_ensures_success = - fun (t_0 : long_P pointer) (n : int32) (v : int32) (long_P_t_2_alloc_table : long_P alloc_table) (long_P_long_M_t_2 : (long_P, int32) memory) -> + fun (t_0 : longP pointer) (n : int32) (v : int32) (longP_t_2_alloc_table : longP alloc_table) (longP_longM_t_2 : (longP, int32) memory) -> { (JC_9: ((JC_6: ge_int(integer_of_int32(n), (0))) - and ((JC_7: le_int(offset_min(long_P_t_2_alloc_table, t_0), (0))) + and ((JC_7: le_int(offset_min(longP_t_2_alloc_table, t_0), (0))) and (JC_8: - ge_int(offset_max(long_P_t_2_alloc_table, t_0), + ge_int(offset_max(longP_t_2_alloc_table, t_0), sub_int(integer_of_int32(n), (1))))))) } (init: (let return = ref (any_int32 void) in @@ -1726,10 +1713,8 @@ (let m = ref (any_int32 void) in (let __retres = ref (any_int32 void) in try - (let jessie_ = begin try - (let jessie_ = (C_1: (C_4: begin @@ -1750,14 +1735,10 @@ le_int(integer_of_int32(u), sub_int(integer_of_int32(n), (1)))))) } ]; try - (let jessie_ = (C_14: begin (if ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = (m := (C_13: (safe_int32_of_integer_ (C_12: @@ -1777,7 +1758,7 @@ le_int(integer_of_int32(m), integer_of_int32(u))))) } ]; void; (if ((lt_int_ (integer_of_int32 (C_28: - ((safe_acc_ long_P_long_M_t_2) + ((safe_acc_ longP_longM_t_2) (C_27: ((shift t_0) (integer_of_int32 !m))))))) (integer_of_int32 v)) @@ -1790,7 +1771,7 @@ void) else (if ((gt_int_ (integer_of_int32 (C_23: - ((safe_acc_ long_P_long_M_t_2) + ((safe_acc_ longP_longM_t_2) (C_22: ((shift t_0) (integer_of_int32 !m))))))) (integer_of_int32 v)) @@ -1802,37 +1783,35 @@ ((sub_int (integer_of_int32 !m)) (1))))))) in void) else - (let jessie_ = (C_18: begin (let jessie_ = (__retres := !m) in void); - (raise (Return_label_exc void)) end) in void))); - (raise (Loop_continue_exc void)) end) in void) with + (raise (Return_label_exc void)) end))); + (raise (Loop_continue_exc void)) end) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (let jessie_ = (while_0_break: (C_29: begin void; (__retres := (safe_int32_of_integer_ (neg_int (1)))); - !__retres end)) in void) end; (raise (Return_label_exc void)) end in - void) with Return_label_exc jessie_ -> + !__retres end)) in void) end; (raise (Return_label_exc void)) end + with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end)))); absurd end with Return -> !return end)) { (JC_19: (ge_int(integer_of_int32(result), (0)) -> - eq_int(integer_of_int32(select(long_P_long_M_t_2, - shift(t_0@, integer_of_int32(result)))), - integer_of_int32(v@)))) } + (integer_of_int32(select(longP_longM_t_2, + shift(t_0, integer_of_int32(result)))) = integer_of_int32(v)))) } let binary_search_safety = - fun (t_0 : long_P pointer) (n : int32) (v : int32) (long_P_t_2_alloc_table : long_P alloc_table) (long_P_long_M_t_2 : (long_P, int32) memory) -> + fun (t_0 : longP pointer) (n : int32) (v : int32) (longP_t_2_alloc_table : longP alloc_table) (longP_longM_t_2 : (longP, int32) memory) -> { (JC_9: ((JC_6: ge_int(integer_of_int32(n), (0))) - and ((JC_7: le_int(offset_min(long_P_t_2_alloc_table, t_0), (0))) + and ((JC_7: le_int(offset_min(longP_t_2_alloc_table, t_0), (0))) and (JC_8: - ge_int(offset_max(long_P_t_2_alloc_table, t_0), + ge_int(offset_max(longP_t_2_alloc_table, t_0), sub_int(integer_of_int32(n), (1))))))) } (init: (let return = ref (any_int32 void) in @@ -1843,10 +1822,8 @@ (let m = ref (any_int32 void) in (let __retres = ref (any_int32 void) in try - (let jessie_ = begin try - (let jessie_ = (C_1: (C_4: begin @@ -1870,14 +1847,10 @@ le_int(integer_of_int32(u), sub_int(integer_of_int32(n), (1)))))) } ]; try - (let jessie_ = (C_14: begin (if ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = (m := (C_13: (JC_32: @@ -1899,7 +1872,7 @@ void; (if ((lt_int_ (integer_of_int32 (C_28: (JC_36: - ((((offset_acc_ long_P_t_2_alloc_table) long_P_long_M_t_2) t_0) + ((((offset_acc_ longP_t_2_alloc_table) longP_longM_t_2) t_0) (integer_of_int32 !m)))))) (integer_of_int32 v)) then @@ -1913,7 +1886,7 @@ else (if ((gt_int_ (integer_of_int32 (C_23: (JC_38: - ((((offset_acc_ long_P_t_2_alloc_table) long_P_long_M_t_2) t_0) + ((((offset_acc_ longP_t_2_alloc_table) longP_longM_t_2) t_0) (integer_of_int32 !m)))))) (integer_of_int32 v)) then @@ -1925,22 +1898,21 @@ ((sub_int (integer_of_int32 !m)) (1)))))))) in void) else - (let jessie_ = (C_18: begin (let jessie_ = (__retres := !m) in void); - (raise (Return_label_exc void)) end) in void))); - (raise (Loop_continue_exc void)) end) in void) with + (raise (Return_label_exc void)) end))); + (raise (Loop_continue_exc void)) end) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (let jessie_ = (while_0_break: (C_29: begin void; (__retres := (safe_int32_of_integer_ (neg_int (1)))); - !__retres end)) in void) end; (raise (Return_label_exc void)) end in - void) with Return_label_exc jessie_ -> + !__retres end)) in void) end; (raise (Return_label_exc void)) end + with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end)))); absurd end with Return -> !return end)) { true } @@ -2877,34 +2849,34 @@ (frame_between(sa, m1, m2) -> (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) -type char_P +type charP type int32 type int8 -type long_P +type longP type padding -type void_P +type voidP -logic char_P_tag : char_P tag_id +logic charP_tag : charP tag_id -axiom char_P_int: (int_of_tag(char_P_tag) = 1) +axiom charP_int: (int_of_tag(charP_tag) = 1) -logic char_P_of_pointer_address : unit pointer -> char_P pointer +logic charP_of_pointer_address : unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr: - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom: parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) -axiom char_P_tags: - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. instanceof(char_P_tag_table, - x, char_P_tag))) +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) logic integer_of_int32 : int32 -> int @@ -2923,6 +2895,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -2935,171 +2912,171 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_int8(int8_of_integer(x)) = x))) +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + axiom int8_range: (forall x:int8. (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) -predicate left_valid_struct_char_P(p: char_P pointer, a: int, - char_P_alloc_table: char_P alloc_table) = (offset_min(char_P_alloc_table, +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, p) <= a) -predicate left_valid_struct_long_P(p: long_P pointer, a: int, - long_P_alloc_table: long_P alloc_table) = (offset_min(long_P_alloc_table, +predicate left_valid_struct_longP(p: longP pointer, a: int, + longP_alloc_table: longP alloc_table) = (offset_min(longP_alloc_table, p) <= a) -predicate left_valid_struct_void_P(p: void_P pointer, a: int, - void_P_alloc_table: void_P alloc_table) = (offset_min(void_P_alloc_table, +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, p) <= a) -logic long_P_tag : long_P tag_id +logic longP_tag : longP tag_id -axiom long_P_int: (int_of_tag(long_P_tag) = 1) +axiom longP_int: (int_of_tag(longP_tag) = 1) -logic long_P_of_pointer_address : unit pointer -> long_P pointer +logic longP_of_pointer_address : unit pointer -> longP pointer -axiom long_P_of_pointer_address_of_pointer_addr: - (forall p:long_P pointer. - (p = long_P_of_pointer_address(pointer_address(p)))) +axiom longP_of_pointer_address_of_pointer_addr: + (forall p:longP pointer. + (p = longP_of_pointer_address(pointer_address(p)))) -axiom long_P_parenttag_bottom: parenttag(long_P_tag, bottom_tag) +axiom longP_parenttag_bottom: parenttag(longP_tag, bottom_tag) -axiom long_P_tags: - (forall x:long_P pointer. - (forall long_P_tag_table:long_P tag_table. instanceof(long_P_tag_table, - x, long_P_tag))) +axiom longP_tags: + (forall x:longP pointer. + (forall longP_tag_table:longP tag_table. instanceof(longP_tag_table, x, + longP_tag))) -axiom pointer_addr_of_char_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(char_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) -axiom pointer_addr_of_long_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(long_P_of_pointer_address(p)))) +axiom pointer_addr_of_longP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(longP_of_pointer_address(p)))) -logic void_P_of_pointer_address : unit pointer -> void_P pointer +logic voidP_of_pointer_address : unit pointer -> voidP pointer -axiom pointer_addr_of_void_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) -predicate right_valid_struct_char_P(p: char_P pointer, b: int, - char_P_alloc_table: char_P alloc_table) = (offset_max(char_P_alloc_table, +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, p) >= b) -predicate right_valid_struct_long_P(p: long_P pointer, b: int, - long_P_alloc_table: long_P alloc_table) = (offset_max(long_P_alloc_table, +predicate right_valid_struct_longP(p: longP pointer, b: int, + longP_alloc_table: longP alloc_table) = (offset_max(longP_alloc_table, p) >= b) -predicate right_valid_struct_void_P(p: void_P pointer, b: int, - void_P_alloc_table: void_P alloc_table) = (offset_max(void_P_alloc_table, +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, p) >= b) -predicate sorted(t: long_P pointer, a: int, b: int, - long_P_long_M_t_1_at_L: (long_P, int32) memory) = +predicate sorted(t: longP pointer, a: int, b: int, + longP_longM_t_1_at_L: (longP, int32) memory) = (forall i:int. (forall j:int. (((a <= i) and ((i <= j) and (j <= b))) -> - (integer_of_int32(select(long_P_long_M_t_1_at_L, shift(t, - i))) <= integer_of_int32(select(long_P_long_M_t_1_at_L, shift(t, j))))))) + (integer_of_int32(select(longP_longM_t_1_at_L, shift(t, + i))) <= integer_of_int32(select(longP_longM_t_1_at_L, shift(t, j))))))) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_longP(p: longP pointer, a: int, b: int, + longP_alloc_table: longP alloc_table) = + ((offset_min(longP_alloc_table, p) = a) and (offset_max(longP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_longP(p: longP pointer, a: int, b: int, + longP_alloc_table: longP alloc_table) = + ((offset_min(longP_alloc_table, p) = a) and (offset_max(longP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_longP(p: longP pointer, a: int, b: int, + longP_alloc_table: longP alloc_table) = + ((offset_min(longP_alloc_table, p) <= a) and (offset_max(longP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_longP(p: longP pointer, a: int, b: int, + longP_alloc_table: longP alloc_table) = + ((offset_min(longP_alloc_table, p) <= a) and (offset_max(longP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) -predicate strict_valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_long_P(p: long_P pointer, a: int, b: int, - long_P_alloc_table: long_P alloc_table) = - ((offset_min(long_P_alloc_table, p) = a) and - (offset_max(long_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_long_P(p: long_P pointer, a: int, b: int, - long_P_alloc_table: long_P alloc_table) = - ((offset_min(long_P_alloc_table, p) = a) and - (offset_max(long_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_long_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_long_P(p: long_P pointer, a: int, b: int, - long_P_alloc_table: long_P alloc_table) = - ((offset_min(long_P_alloc_table, p) <= a) and - (offset_max(long_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_long_P(p: long_P pointer, a: int, b: int, - long_P_alloc_table: long_P alloc_table) = - ((offset_min(long_P_alloc_table, p) <= a) and - (offset_max(long_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag : void_P tag_id - -axiom void_P_int: (int_of_tag(void_P_tag) = 1) - -axiom void_P_of_pointer_address_of_pointer_addr: - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom: parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags: - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. instanceof(void_P_tag_table, - x, void_P_tag))) +goal mean: + (forall x_0:int. + (forall y:int. + ((x_0 <= y) -> + ((x_0 <= computer_div((x_0 + y), 2)) and (computer_div((x_0 + y), + 2) <= y))))) + +axiom mean_as_axiom: + (forall x_0:int. + (forall y:int. + ((x_0 <= y) -> + ((x_0 <= computer_div((x_0 + y), 2)) and (computer_div((x_0 + y), + 2) <= y))))) goal binary_search_ensures_default_po_1: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3109,16 +3086,16 @@ (integer_of_int32(result0) = (integer_of_int32(n) - 1)) -> forall u:int32. (u = result0) -> - ("JC_43": ("JC_41": ("JC_41": (0 <= integer_of_int32(l))))) + ("JC_43": ("JC_41": (0 <= integer_of_int32(l)))) goal binary_search_ensures_default_po_2: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3128,17 +3105,16 @@ (integer_of_int32(result0) = (integer_of_int32(n) - 1)) -> forall u:int32. (u = result0) -> - ("JC_43": - ("JC_42": ("JC_42": (integer_of_int32(u) <= (integer_of_int32(n) - 1))))) + ("JC_43": ("JC_42": (integer_of_int32(u) <= (integer_of_int32(n) - 1)))) goal binary_search_ensures_default_po_3: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3160,17 +3136,16 @@ (integer_of_int32(result2) = computer_div(integer_of_int32(result1), 2)) -> forall m:int32. (m = result2) -> - ("JC_50": - ("JC_48": ("JC_48": (integer_of_int32(l0) <= integer_of_int32(m))))) + ("JC_50": ("JC_48": (integer_of_int32(l0) <= integer_of_int32(m)))) goal binary_search_ensures_default_po_4: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3192,20 +3167,19 @@ (integer_of_int32(result2) = computer_div(integer_of_int32(result1), 2)) -> forall m:int32. (m = result2) -> - ("JC_50": - ("JC_49": ("JC_49": (integer_of_int32(m) <= integer_of_int32(u0))))) + ("JC_50": ("JC_49": (integer_of_int32(m) <= integer_of_int32(u0)))) goal binary_search_ensures_default_po_5: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3231,25 +3205,25 @@ (("JC_48": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_49": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result3:int32. - (result3 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result3 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result3) < integer_of_int32(v)) -> forall result4:int32. (integer_of_int32(result4) = (integer_of_int32(m) + 1)) -> forall l1:int32. (l1 = result4) -> - ("JC_43": ("JC_41": ("JC_41": (0 <= integer_of_int32(l1))))) + ("JC_43": ("JC_41": (0 <= integer_of_int32(l1)))) goal binary_search_ensures_default_po_6: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3275,29 +3249,28 @@ (("JC_48": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_49": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result3:int32. - (result3 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result3 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result3) >= integer_of_int32(v)) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) > integer_of_int32(v)) -> forall result5:int32. (integer_of_int32(result5) = (integer_of_int32(m) - 1)) -> forall u1:int32. (u1 = result5) -> - ("JC_43": - ("JC_42": ("JC_42": (integer_of_int32(u1) <= (integer_of_int32(n) - 1))))) + ("JC_43": ("JC_42": (integer_of_int32(u1) <= (integer_of_int32(n) - 1)))) goal binary_search_ensures_default_po_7: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3323,28 +3296,28 @@ (("JC_48": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_49": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result3:int32. - (result3 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result3 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result3) >= integer_of_int32(v)) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) <= integer_of_int32(v)) -> forall __retres:int32. (__retres = m) -> forall return:int32. (return = __retres) -> - ("JC_13": ("JC_11": ("JC_11": ((-1) <= integer_of_int32(return))))) + ("JC_13": ("JC_11": ((-1) <= integer_of_int32(return)))) goal binary_search_ensures_default_po_8: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3370,26 +3343,25 @@ (("JC_48": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_49": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result3:int32. - (result3 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result3 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result3) >= integer_of_int32(v)) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) <= integer_of_int32(v)) -> forall __retres:int32. (__retres = m) -> forall return:int32. (return = __retres) -> - ("JC_13": - ("JC_12": ("JC_12": (integer_of_int32(return) < integer_of_int32(n))))) + ("JC_13": ("JC_12": (integer_of_int32(return) < integer_of_int32(n)))) goal binary_search_ensures_default_po_9: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3411,16 +3383,16 @@ (__retres = result1) -> forall return:int32. (return = __retres) -> - ("JC_13": ("JC_11": ("JC_11": ((-1) <= integer_of_int32(return))))) + ("JC_13": ("JC_11": ((-1) <= integer_of_int32(return)))) goal binary_search_ensures_default_po_10: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3442,21 +3414,20 @@ (__retres = result1) -> forall return:int32. (return = __retres) -> - ("JC_13": - ("JC_12": ("JC_12": (integer_of_int32(return) < integer_of_int32(n))))) + ("JC_13": ("JC_12": (integer_of_int32(return) < integer_of_int32(n)))) goal binary_search_ensures_failure_po_1: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), long_P_long_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), longP_longM_t_2) and ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3468,22 +3439,22 @@ (u = result0) -> forall k:int. ((0 <= k) and - ((k < integer_of_int32(n)) and (integer_of_int32(select(long_P_long_M_t_2, + ((k < integer_of_int32(n)) and (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ("JC_61": (integer_of_int32(l) <= k)) goal binary_search_ensures_failure_po_2: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), long_P_long_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), longP_longM_t_2) and ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3495,22 +3466,22 @@ (u = result0) -> forall k:int. ((0 <= k) and - ((k < integer_of_int32(n)) and (integer_of_int32(select(long_P_long_M_t_2, + ((k < integer_of_int32(n)) and (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ("JC_61": (k <= integer_of_int32(u))) goal binary_search_ensures_failure_po_3: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), long_P_long_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), longP_longM_t_2) and ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3526,7 +3497,7 @@ (forall k:int. (((0 <= k) and ((k < integer_of_int32(n)) and - (integer_of_int32(select(long_P_long_M_t_2, shift(t_0, + (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ((integer_of_int32(l0) <= k) and (k <= integer_of_int32(u0)))))) -> ("JC_64": @@ -3543,7 +3514,7 @@ (("JC_69": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_70": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result3:int32. - (result3 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result3 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result3) < integer_of_int32(v)) -> forall result4:int32. (integer_of_int32(result4) = (integer_of_int32(m) + 1)) -> @@ -3551,22 +3522,22 @@ (l1 = result4) -> forall k:int. ((0 <= k) and - ((k < integer_of_int32(n)) and (integer_of_int32(select(long_P_long_M_t_2, + ((k < integer_of_int32(n)) and (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ("JC_61": (integer_of_int32(l1) <= k)) goal binary_search_ensures_failure_po_4: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), long_P_long_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), longP_longM_t_2) and ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3582,7 +3553,7 @@ (forall k:int. (((0 <= k) and ((k < integer_of_int32(n)) and - (integer_of_int32(select(long_P_long_M_t_2, shift(t_0, + (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ((integer_of_int32(l0) <= k) and (k <= integer_of_int32(u0)))))) -> ("JC_64": @@ -3599,7 +3570,7 @@ (("JC_69": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_70": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result3:int32. - (result3 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result3 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result3) < integer_of_int32(v)) -> forall result4:int32. (integer_of_int32(result4) = (integer_of_int32(m) + 1)) -> @@ -3607,22 +3578,22 @@ (l1 = result4) -> forall k:int. ((0 <= k) and - ((k < integer_of_int32(n)) and (integer_of_int32(select(long_P_long_M_t_2, + ((k < integer_of_int32(n)) and (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ("JC_61": (k <= integer_of_int32(u0))) goal binary_search_ensures_failure_po_5: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), long_P_long_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), longP_longM_t_2) and ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3638,7 +3609,7 @@ (forall k:int. (((0 <= k) and ((k < integer_of_int32(n)) and - (integer_of_int32(select(long_P_long_M_t_2, shift(t_0, + (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ((integer_of_int32(l0) <= k) and (k <= integer_of_int32(u0)))))) -> ("JC_64": @@ -3655,10 +3626,10 @@ (("JC_69": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_70": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result3:int32. - (result3 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result3 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result3) >= integer_of_int32(v)) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) > integer_of_int32(v)) -> forall result5:int32. (integer_of_int32(result5) = (integer_of_int32(m) - 1)) -> @@ -3666,22 +3637,22 @@ (u1 = result5) -> forall k:int. ((0 <= k) and - ((k < integer_of_int32(n)) and (integer_of_int32(select(long_P_long_M_t_2, + ((k < integer_of_int32(n)) and (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ("JC_61": (integer_of_int32(l0) <= k)) goal binary_search_ensures_failure_po_6: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), long_P_long_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), longP_longM_t_2) and ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3697,7 +3668,7 @@ (forall k:int. (((0 <= k) and ((k < integer_of_int32(n)) and - (integer_of_int32(select(long_P_long_M_t_2, shift(t_0, + (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ((integer_of_int32(l0) <= k) and (k <= integer_of_int32(u0)))))) -> ("JC_64": @@ -3714,10 +3685,10 @@ (("JC_69": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_70": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result3:int32. - (result3 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result3 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result3) >= integer_of_int32(v)) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) > integer_of_int32(v)) -> forall result5:int32. (integer_of_int32(result5) = (integer_of_int32(m) - 1)) -> @@ -3725,22 +3696,22 @@ (u1 = result5) -> forall k:int. ((0 <= k) and - ((k < integer_of_int32(n)) and (integer_of_int32(select(long_P_long_M_t_2, + ((k < integer_of_int32(n)) and (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ("JC_61": (k <= integer_of_int32(u1))) goal binary_search_ensures_failure_po_7: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), long_P_long_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), longP_longM_t_2) and ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3756,7 +3727,7 @@ (forall k:int. (((0 <= k) and ((k < integer_of_int32(n)) and - (integer_of_int32(select(long_P_long_M_t_2, shift(t_0, + (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ((integer_of_int32(l0) <= k) and (k <= integer_of_int32(u0)))))) -> ("JC_64": @@ -3773,10 +3744,10 @@ (("JC_69": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_70": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result3:int32. - (result3 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result3 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result3) >= integer_of_int32(v)) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) <= integer_of_int32(v)) -> forall __retres:int32. (__retres = m) -> @@ -3785,21 +3756,21 @@ (integer_of_int32(return) = (-1)) -> forall k_0:int. ((0 <= k_0) and (k_0 < integer_of_int32(n))) -> - ("JC_21": (integer_of_int32(select(long_P_long_M_t_2, shift(t_0, + ("JC_21": (integer_of_int32(select(longP_longM_t_2, shift(t_0, k_0))) <> integer_of_int32(v))) goal binary_search_ensures_failure_po_8: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), long_P_long_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), longP_longM_t_2) and ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3815,7 +3786,7 @@ (forall k:int. (((0 <= k) and ((k < integer_of_int32(n)) and - (integer_of_int32(select(long_P_long_M_t_2, shift(t_0, + (integer_of_int32(select(longP_longM_t_2, shift(t_0, k))) = integer_of_int32(v)))) -> ((integer_of_int32(l0) <= k) and (k <= integer_of_int32(u0)))))) -> ("JC_64": @@ -3831,20 +3802,20 @@ (integer_of_int32(return) = (-1)) -> forall k_0:int. ((0 <= k_0) and (k_0 < integer_of_int32(n))) -> - ("JC_21": (integer_of_int32(select(long_P_long_M_t_2, shift(t_0, + ("JC_21": (integer_of_int32(select(longP_longM_t_2, shift(t_0, k_0))) <> integer_of_int32(v))) goal binary_search_ensures_success_po_1: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3871,30 +3842,30 @@ (("JC_58": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_59": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result3:int32. - (result3 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result3 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result3) >= integer_of_int32(v)) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) <= integer_of_int32(v)) -> forall __retres:int32. (__retres = m) -> forall return:int32. (return = __retres) -> (integer_of_int32(return) >= 0) -> - ("JC_19": (integer_of_int32(select(long_P_long_M_t_2, shift(t_0, + ("JC_19": (integer_of_int32(select(longP_longM_t_2, shift(t_0, integer_of_int32(return)))) = integer_of_int32(v))) goal binary_search_ensures_success_po_2: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3918,17 +3889,17 @@ forall return:int32. (return = __retres) -> (integer_of_int32(return) >= 0) -> - ("JC_19": (integer_of_int32(select(long_P_long_M_t_2, shift(t_0, + ("JC_19": (integer_of_int32(select(longP_longM_t_2, shift(t_0, integer_of_int32(return)))) = integer_of_int32(v))) goal binary_search_safety_po_1: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3937,13 +3908,13 @@ ((-2147483648) <= (integer_of_int32(n) - 1)) goal binary_search_safety_po_2: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3952,13 +3923,13 @@ ((integer_of_int32(n) - 1) <= 2147483647) goal binary_search_safety_po_3: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -3980,13 +3951,13 @@ ((-2147483648) <= (integer_of_int32(l0) + integer_of_int32(u0))) goal binary_search_safety_po_4: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4008,13 +3979,13 @@ ((integer_of_int32(l0) + integer_of_int32(u0)) <= 2147483647) goal binary_search_safety_po_5: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4040,13 +4011,13 @@ (2 <> 0) goal binary_search_safety_po_6: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4075,13 +4046,13 @@ ((-2147483648) <= result2) goal binary_search_safety_po_7: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4110,13 +4081,13 @@ (result2 <= 2147483647) goal binary_search_safety_po_8: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4150,16 +4121,16 @@ ("JC_35": (("JC_33": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_34": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - (offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) + (offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) goal binary_search_safety_po_9: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. + forall longP_t_2_alloc_table:longP alloc_table. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4193,19 +4164,19 @@ ("JC_35": (("JC_33": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_34": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0)) + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0)) goal binary_search_safety_po_10: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4239,24 +4210,24 @@ ("JC_35": (("JC_33": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_34": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) < integer_of_int32(v)) -> ((-2147483648) <= (integer_of_int32(m) + 1)) goal binary_search_safety_po_11: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4290,24 +4261,24 @@ ("JC_35": (("JC_33": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_34": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) < integer_of_int32(v)) -> ((integer_of_int32(m) + 1) <= 2147483647) goal binary_search_safety_po_12: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4341,10 +4312,10 @@ ("JC_35": (("JC_33": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_34": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) < integer_of_int32(v)) -> (((-2147483648) <= (integer_of_int32(m) + 1)) and ((integer_of_int32(m) + 1) <= 2147483647)) -> @@ -4355,16 +4326,16 @@ (0 <= ("JC_40": (integer_of_int32(u0) - integer_of_int32(l0)))) goal binary_search_safety_po_13: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4398,10 +4369,10 @@ ("JC_35": (("JC_33": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_34": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) < integer_of_int32(v)) -> (((-2147483648) <= (integer_of_int32(m) + 1)) and ((integer_of_int32(m) + 1) <= 2147483647)) -> @@ -4413,16 +4384,16 @@ (integer_of_int32(u0) - integer_of_int32(l0)))) goal binary_search_safety_po_14: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4456,29 +4427,29 @@ ("JC_35": (("JC_33": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_34": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result5:int32. - (result5 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result5 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result5) > integer_of_int32(v)) -> ((-2147483648) <= (integer_of_int32(m) - 1)) goal binary_search_safety_po_15: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4512,29 +4483,29 @@ ("JC_35": (("JC_33": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_34": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result5:int32. - (result5 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result5 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result5) > integer_of_int32(v)) -> ((integer_of_int32(m) - 1) <= 2147483647) goal binary_search_safety_po_16: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4568,15 +4539,15 @@ ("JC_35": (("JC_33": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_34": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result5:int32. - (result5 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result5 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result5) > integer_of_int32(v)) -> (((-2147483648) <= (integer_of_int32(m) - 1)) and ((integer_of_int32(m) - 1) <= 2147483647)) -> @@ -4587,16 +4558,16 @@ (0 <= ("JC_40": (integer_of_int32(u0) - integer_of_int32(l0)))) goal binary_search_safety_po_17: - forall t_0:long_P pointer. + forall t_0:longP pointer. forall n:int32. forall v:int32. - forall long_P_t_2_alloc_table:long_P alloc_table. - forall long_P_long_M_t_2:(long_P, + forall longP_t_2_alloc_table:longP alloc_table. + forall longP_longM_t_2:(longP, int32) memory. ("JC_9": (("JC_6": (integer_of_int32(n) >= 0)) and - (("JC_7": (offset_min(long_P_t_2_alloc_table, t_0) <= 0)) and - ("JC_8": (offset_max(long_P_t_2_alloc_table, + (("JC_7": (offset_min(longP_t_2_alloc_table, t_0) <= 0)) and + ("JC_8": (offset_max(longP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1)))))) -> forall result:int32. (integer_of_int32(result) = 0) -> @@ -4630,15 +4601,15 @@ ("JC_35": (("JC_33": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_34": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result4:int32. - (result4 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result4 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> - ((offset_min(long_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(long_P_t_2_alloc_table, t_0))) -> + ((offset_min(longP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(longP_t_2_alloc_table, t_0))) -> forall result5:int32. - (result5 = select(long_P_long_M_t_2, shift(t_0, integer_of_int32(m)))) -> + (result5 = select(longP_longM_t_2, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result5) > integer_of_int32(v)) -> (((-2147483648) <= (integer_of_int32(m) - 1)) and ((integer_of_int32(m) - 1) <= 2147483647)) -> @@ -4652,12 +4623,12 @@ ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/binary_search_why.why : ..?.........#..........?............. (34/0/2/1/0) -total : 37 -valid : 34 ( 92%) +why/binary_search_why.why : ?.......................?............. (36/0/2/0/0) +total : 38 +valid : 36 ( 95%) invalid : 0 ( 0%) unknown : 2 ( 5%) -timeout : 1 ( 3%) +timeout : 0 ( 0%) failure : 0 ( 0%) // RUNSIMPLIFY this tells regtests to run Simplify in this example ========== generation of Simplify VC output ========== @@ -5478,20 +5449,20 @@ (EQ (frame_between sb m1 m2) |@true|)))))) (BG_PUSH - ;; Why axiom char_P_int - (EQ (int_of_tag char_P_tag) 1)) + ;; Why axiom charP_int + (EQ (int_of_tag charP_tag) 1)) (BG_PUSH - ;; Why axiom char_P_of_pointer_address_of_pointer_addr - (FORALL (p) (EQ p (char_P_of_pointer_address (pointer_address p))))) + ;; Why axiom charP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (charP_of_pointer_address (pointer_address p))))) (BG_PUSH - ;; Why axiom char_P_parenttag_bottom - (EQ (parenttag char_P_tag bottom_tag) |@true|)) + ;; Why axiom charP_parenttag_bottom + (EQ (parenttag charP_tag bottom_tag) |@true|)) (BG_PUSH - ;; Why axiom char_P_tags - (FORALL (x char_P_tag_table) (instanceof char_P_tag_table x char_P_tag))) + ;; Why axiom charP_tags + (FORALL (x charP_tag_table) (instanceof charP_tag_table x charP_tag))) (DEFPRED (eq_int32 x y) (EQ (integer_of_int32 x) (integer_of_int32 y))) @@ -5506,6 +5477,11 @@ (EQ (integer_of_int32 (int32_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int32_range (FORALL (x) (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) @@ -5518,145 +5494,152 @@ (EQ (integer_of_int8 (int8_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int8_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int8 x) (integer_of_int8 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int8_range (FORALL (x) (AND (<= (- 0 128) (integer_of_int8 x)) (<= (integer_of_int8 x) 127)))) -(DEFPRED (left_valid_struct_char_P p a char_P_alloc_table) - (<= (offset_min char_P_alloc_table p) a)) +(DEFPRED (left_valid_struct_charP p a charP_alloc_table) + (<= (offset_min charP_alloc_table p) a)) -(DEFPRED (left_valid_struct_long_P p a long_P_alloc_table) - (<= (offset_min long_P_alloc_table p) a)) +(DEFPRED (left_valid_struct_longP p a longP_alloc_table) + (<= (offset_min longP_alloc_table p) a)) -(DEFPRED (left_valid_struct_void_P p a void_P_alloc_table) - (<= (offset_min void_P_alloc_table p) a)) +(DEFPRED (left_valid_struct_voidP p a voidP_alloc_table) + (<= (offset_min voidP_alloc_table p) a)) (BG_PUSH - ;; Why axiom long_P_int - (EQ (int_of_tag long_P_tag) 1)) + ;; Why axiom longP_int + (EQ (int_of_tag longP_tag) 1)) (BG_PUSH - ;; Why axiom long_P_of_pointer_address_of_pointer_addr - (FORALL (p) (EQ p (long_P_of_pointer_address (pointer_address p))))) + ;; Why axiom longP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (longP_of_pointer_address (pointer_address p))))) (BG_PUSH - ;; Why axiom long_P_parenttag_bottom - (EQ (parenttag long_P_tag bottom_tag) |@true|)) + ;; Why axiom longP_parenttag_bottom + (EQ (parenttag longP_tag bottom_tag) |@true|)) (BG_PUSH - ;; Why axiom long_P_tags - (FORALL (x long_P_tag_table) (instanceof long_P_tag_table x long_P_tag))) + ;; Why axiom longP_tags + (FORALL (x longP_tag_table) (instanceof longP_tag_table x longP_tag))) (BG_PUSH - ;; Why axiom pointer_addr_of_char_P_of_pointer_address - (FORALL (p) (EQ p (pointer_address (char_P_of_pointer_address p))))) + ;; Why axiom pointer_addr_of_charP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (charP_of_pointer_address p))))) (BG_PUSH - ;; Why axiom pointer_addr_of_long_P_of_pointer_address - (FORALL (p) (EQ p (pointer_address (long_P_of_pointer_address p))))) + ;; Why axiom pointer_addr_of_longP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (longP_of_pointer_address p))))) (BG_PUSH - ;; Why axiom pointer_addr_of_void_P_of_pointer_address - (FORALL (p) (EQ p (pointer_address (void_P_of_pointer_address p))))) + ;; Why axiom pointer_addr_of_voidP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (voidP_of_pointer_address p))))) -(DEFPRED (right_valid_struct_char_P p b char_P_alloc_table) - (>= (offset_max char_P_alloc_table p) b)) +(DEFPRED (right_valid_struct_charP p b charP_alloc_table) + (>= (offset_max charP_alloc_table p) b)) -(DEFPRED (right_valid_struct_long_P p b long_P_alloc_table) - (>= (offset_max long_P_alloc_table p) b)) +(DEFPRED (right_valid_struct_longP p b longP_alloc_table) + (>= (offset_max longP_alloc_table p) b)) -(DEFPRED (right_valid_struct_void_P p b void_P_alloc_table) - (>= (offset_max void_P_alloc_table p) b)) +(DEFPRED (right_valid_struct_voidP p b voidP_alloc_table) + (>= (offset_max voidP_alloc_table p) b)) -(DEFPRED (sorted t a b long_P_long_M_t_1_at_L) +(DEFPRED (sorted t a b longP_longM_t_1_at_L) (FORALL (i j) (IMPLIES (AND (<= a i) (AND (<= i j) (<= j b))) - (<= (integer_of_int32 (select long_P_long_M_t_1_at_L (shift t i))) - (integer_of_int32 (select long_P_long_M_t_1_at_L (shift t j))))))) + (<= (integer_of_int32 (select longP_longM_t_1_at_L (shift t i))) (integer_of_int32 + (select + longP_longM_t_1_at_L + (shift + t j))))))) -(DEFPRED (strict_valid_root_char_P p a b char_P_alloc_table) - (AND (EQ (offset_min char_P_alloc_table p) a) - (EQ (offset_max char_P_alloc_table p) b))) +(DEFPRED (strict_valid_root_charP p a b charP_alloc_table) + (AND (EQ (offset_min charP_alloc_table p) a) + (EQ (offset_max charP_alloc_table p) b))) -(DEFPRED (strict_valid_root_long_P p a b long_P_alloc_table) - (AND (EQ (offset_min long_P_alloc_table p) a) - (EQ (offset_max long_P_alloc_table p) b))) +(DEFPRED (strict_valid_root_longP p a b longP_alloc_table) + (AND (EQ (offset_min longP_alloc_table p) a) + (EQ (offset_max longP_alloc_table p) b))) -(DEFPRED (strict_valid_root_void_P p a b void_P_alloc_table) - (AND (EQ (offset_min void_P_alloc_table p) a) - (EQ (offset_max void_P_alloc_table p) b))) +(DEFPRED (strict_valid_root_voidP p a b voidP_alloc_table) + (AND (EQ (offset_min voidP_alloc_table p) a) + (EQ (offset_max voidP_alloc_table p) b))) -(DEFPRED (strict_valid_struct_char_P p a b char_P_alloc_table) - (AND (EQ (offset_min char_P_alloc_table p) a) - (EQ (offset_max char_P_alloc_table p) b))) +(DEFPRED (strict_valid_struct_charP p a b charP_alloc_table) + (AND (EQ (offset_min charP_alloc_table p) a) + (EQ (offset_max charP_alloc_table p) b))) -(DEFPRED (strict_valid_struct_long_P p a b long_P_alloc_table) - (AND (EQ (offset_min long_P_alloc_table p) a) - (EQ (offset_max long_P_alloc_table p) b))) +(DEFPRED (strict_valid_struct_longP p a b longP_alloc_table) + (AND (EQ (offset_min longP_alloc_table p) a) + (EQ (offset_max longP_alloc_table p) b))) -(DEFPRED (strict_valid_struct_void_P p a b void_P_alloc_table) - (AND (EQ (offset_min void_P_alloc_table p) a) - (EQ (offset_max void_P_alloc_table p) b))) +(DEFPRED (strict_valid_struct_voidP p a b voidP_alloc_table) + (AND (EQ (offset_min voidP_alloc_table p) a) + (EQ (offset_max voidP_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_char_P p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) +(DEFPRED (valid_root_charP p a b charP_alloc_table) + (AND (<= (offset_min charP_alloc_table p) a) + (>= (offset_max charP_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_long_P p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) +(DEFPRED (valid_root_longP p a b longP_alloc_table) + (AND (<= (offset_min longP_alloc_table p) a) + (>= (offset_max longP_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_void_P p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) +(DEFPRED (valid_root_voidP p a b voidP_alloc_table) + (AND (<= (offset_min voidP_alloc_table p) a) + (>= (offset_max voidP_alloc_table p) b))) -(DEFPRED (valid_root_char_P p a b char_P_alloc_table) - (AND (<= (offset_min char_P_alloc_table p) a) - (>= (offset_max char_P_alloc_table p) b))) +(DEFPRED (valid_struct_charP p a b charP_alloc_table) + (AND (<= (offset_min charP_alloc_table p) a) + (>= (offset_max charP_alloc_table p) b))) -(DEFPRED (valid_root_long_P p a b long_P_alloc_table) - (AND (<= (offset_min long_P_alloc_table p) a) - (>= (offset_max long_P_alloc_table p) b))) +(DEFPRED (valid_struct_longP p a b longP_alloc_table) + (AND (<= (offset_min longP_alloc_table p) a) + (>= (offset_max longP_alloc_table p) b))) -(DEFPRED (valid_root_void_P p a b void_P_alloc_table) - (AND (<= (offset_min void_P_alloc_table p) a) - (>= (offset_max void_P_alloc_table p) b))) +(DEFPRED (valid_struct_voidP p a b voidP_alloc_table) + (AND (<= (offset_min voidP_alloc_table p) a) + (>= (offset_max voidP_alloc_table p) b))) -(DEFPRED (valid_struct_char_P p a b char_P_alloc_table) - (AND (<= (offset_min char_P_alloc_table p) a) - (>= (offset_max char_P_alloc_table p) b))) - -(DEFPRED (valid_struct_long_P p a b long_P_alloc_table) - (AND (<= (offset_min long_P_alloc_table p) a) - (>= (offset_max long_P_alloc_table p) b))) - -(DEFPRED (valid_struct_void_P p a b void_P_alloc_table) - (AND (<= (offset_min void_P_alloc_table p) a) - (>= (offset_max void_P_alloc_table p) b))) +(BG_PUSH + ;; Why axiom voidP_int + (EQ (int_of_tag voidP_tag) 1)) (BG_PUSH - ;; Why axiom void_P_int - (EQ (int_of_tag void_P_tag) 1)) + ;; Why axiom voidP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (voidP_of_pointer_address (pointer_address p))))) (BG_PUSH - ;; Why axiom void_P_of_pointer_address_of_pointer_addr - (FORALL (p) (EQ p (void_P_of_pointer_address (pointer_address p))))) + ;; Why axiom voidP_parenttag_bottom + (EQ (parenttag voidP_tag bottom_tag) |@true|)) (BG_PUSH - ;; Why axiom void_P_parenttag_bottom - (EQ (parenttag void_P_tag bottom_tag) |@true|)) + ;; Why axiom voidP_tags + (FORALL (x voidP_tag_table) (instanceof voidP_tag_table x voidP_tag))) + +;; mean, File "HOME/tests/c/binary_search.c", line 34, characters 4-67 +(FORALL (x_0 y) +(IMPLIES (<= x_0 y) +(AND (<= x_0 (computer_div (+ x_0 y) 2)) (<= (computer_div (+ x_0 y) 2) y)))) (BG_PUSH - ;; Why axiom void_P_tags - (FORALL (x void_P_tag_table) (instanceof void_P_tag_table x void_P_tag))) + ;; lemma mean as axiom +(FORALL (x_0 y) +(IMPLIES (<= x_0 y) +(AND (<= x_0 (computer_div (+ x_0 y) 2)) (<= (computer_div (+ x_0 y) 2) y))))) -;; binary_search_ensures_default_po_1, File "HOME/tests/c/binary_search.c", line 21, characters 8-14 +;; binary_search_ensures_default_po_1, File "HOME/tests/c/binary_search.c", line 52, characters 8-14 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5665,13 +5648,13 @@ (IMPLIES (EQ (integer_of_int32 result0) (- (integer_of_int32 n) 1)) (FORALL (u) (IMPLIES (EQ u result0) (<= 0 (integer_of_int32 l)))))))))))))) -;; binary_search_ensures_default_po_2, File "HOME/tests/c/binary_search.c", line 21, characters 18-26 +;; binary_search_ensures_default_po_2, File "HOME/tests/c/binary_search.c", line 52, characters 18-26 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5681,13 +5664,13 @@ (FORALL (u) (IMPLIES (EQ u result0) (<= (integer_of_int32 u) (- (integer_of_int32 n) 1)))))))))))))) -;; binary_search_ensures_default_po_3, File "HOME/tests/c/binary_search.c", line 29, characters 15-21 +;; binary_search_ensures_default_po_3, File "HOME/tests/c/binary_search.c", line 60, characters 15-21 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5710,13 +5693,13 @@ (FORALL (m) (IMPLIES (EQ m result2) (<= (integer_of_int32 l0) (integer_of_int32 m)))))))))))))))))))))))) -;; binary_search_ensures_default_po_4, File "HOME/tests/c/binary_search.c", line 29, characters 20-26 +;; binary_search_ensures_default_po_4, File "HOME/tests/c/binary_search.c", line 60, characters 20-26 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5739,15 +5722,15 @@ (FORALL (m) (IMPLIES (EQ m result2) (<= (integer_of_int32 m) (integer_of_int32 u0)))))))))))))))))))))))) -;; binary_search_ensures_default_po_5, File "HOME/tests/c/binary_search.c", line 21, characters 8-14 +;; binary_search_ensures_default_po_5, File "HOME/tests/c/binary_search.c", line 52, characters 8-14 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5773,21 +5756,21 @@ (<= (integer_of_int32 m) (integer_of_int32 u0))) (FORALL (result3) (IMPLIES (EQ result3 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (< (integer_of_int32 result3) (integer_of_int32 v)) (FORALL (result4) (IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 m) 1)) (FORALL (l1) (IMPLIES (EQ l1 result4) (<= 0 (integer_of_int32 l1)))))))))))))))))))))))))))))))))) -;; binary_search_ensures_default_po_6, File "HOME/tests/c/binary_search.c", line 21, characters 18-26 +;; binary_search_ensures_default_po_6, File "HOME/tests/c/binary_search.c", line 52, characters 18-26 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5813,11 +5796,11 @@ (<= (integer_of_int32 m) (integer_of_int32 u0))) (FORALL (result3) (IMPLIES (EQ result3 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result3) (integer_of_int32 v)) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (> (integer_of_int32 result4) (integer_of_int32 v)) (FORALL (result5) (IMPLIES (EQ (integer_of_int32 result5) (- (integer_of_int32 m) 1)) @@ -5825,15 +5808,15 @@ (IMPLIES (EQ u1 result5) (<= (integer_of_int32 u1) (- (integer_of_int32 n) 1))))))))))))))))))))))))))))))))))))) -;; binary_search_ensures_default_po_7, File "HOME/tests/c/binary_search.c", line 10, characters 12-25 +;; binary_search_ensures_default_po_7, File "HOME/tests/c/binary_search.c", line 41, characters 12-25 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5859,26 +5842,26 @@ (<= (integer_of_int32 m) (integer_of_int32 u0))) (FORALL (result3) (IMPLIES (EQ result3 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result3) (integer_of_int32 v)) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (<= (integer_of_int32 result4) (integer_of_int32 v)) (FORALL (|__retres|) (IMPLIES (EQ |__retres| m) (FORALL (return) (IMPLIES (EQ return |__retres|) (<= (- 0 1) (integer_of_int32 return))))))))))))))))))))))))))))))))))))) -;; binary_search_ensures_default_po_8, File "HOME/tests/c/binary_search.c", line 10, characters 18-29 +;; binary_search_ensures_default_po_8, File "HOME/tests/c/binary_search.c", line 41, characters 18-29 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5904,11 +5887,11 @@ (<= (integer_of_int32 m) (integer_of_int32 u0))) (FORALL (result3) (IMPLIES (EQ result3 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result3) (integer_of_int32 v)) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (<= (integer_of_int32 result4) (integer_of_int32 v)) (FORALL (|__retres|) (IMPLIES (EQ |__retres| m) @@ -5916,13 +5899,13 @@ (IMPLIES (EQ return |__retres|) (< (integer_of_int32 return) (integer_of_int32 n))))))))))))))))))))))))))))))))))))) -;; binary_search_ensures_default_po_9, File "HOME/tests/c/binary_search.c", line 10, characters 12-25 +;; binary_search_ensures_default_po_9, File "HOME/tests/c/binary_search.c", line 41, characters 12-25 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5943,13 +5926,13 @@ (FORALL (return) (IMPLIES (EQ return |__retres|) (<= (- 0 1) (integer_of_int32 return)))))))))))))))))))))))) -;; binary_search_ensures_default_po_10, File "HOME/tests/c/binary_search.c", line 10, characters 18-29 +;; binary_search_ensures_default_po_10, File "HOME/tests/c/binary_search.c", line 41, characters 18-29 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5971,16 +5954,16 @@ (IMPLIES (EQ return |__retres|) (< (integer_of_int32 return) (integer_of_int32 n)))))))))))))))))))))))) -;; binary_search_ensures_failure_po_1, File "HOME/tests/c/binary_search.c", line 24, characters 8-66 +;; binary_search_ensures_failure_po_1, File "HOME/tests/c/binary_search.c", line 55, characters 8-66 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) -(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) +(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) longP_longM_t_2) (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -5992,20 +5975,20 @@ (FORALL (k) (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (<= (integer_of_int32 l) k))))))))))))))))) -;; binary_search_ensures_failure_po_2, File "HOME/tests/c/binary_search.c", line 24, characters 8-66 +;; binary_search_ensures_failure_po_2, File "HOME/tests/c/binary_search.c", line 55, characters 8-66 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) -(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) +(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) longP_longM_t_2) (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6017,20 +6000,20 @@ (FORALL (k) (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (<= k (integer_of_int32 u)))))))))))))))))) -;; binary_search_ensures_failure_po_3, File "HOME/tests/c/binary_search.c", line 24, characters 8-66 +;; binary_search_ensures_failure_po_3, File "HOME/tests/c/binary_search.c", line 55, characters 8-66 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) -(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) +(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) longP_longM_t_2) (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6045,7 +6028,7 @@ (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (AND (<= (integer_of_int32 l0) k) (<= k (integer_of_int32 u0))))) (IMPLIES (AND (<= 0 (integer_of_int32 l0)) @@ -6063,7 +6046,7 @@ (<= (integer_of_int32 m) (integer_of_int32 u0))) (FORALL (result3) (IMPLIES (EQ result3 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (< (integer_of_int32 result3) (integer_of_int32 v)) (FORALL (result4) (IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 m) 1)) @@ -6072,20 +6055,20 @@ (FORALL (k) (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (<= (integer_of_int32 l1) k)))))))))))))))))))))))))))))))))))) -;; binary_search_ensures_failure_po_4, File "HOME/tests/c/binary_search.c", line 24, characters 8-66 +;; binary_search_ensures_failure_po_4, File "HOME/tests/c/binary_search.c", line 55, characters 8-66 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) -(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) +(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) longP_longM_t_2) (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6100,7 +6083,7 @@ (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (AND (<= (integer_of_int32 l0) k) (<= k (integer_of_int32 u0))))) (IMPLIES (AND (<= 0 (integer_of_int32 l0)) @@ -6118,7 +6101,7 @@ (<= (integer_of_int32 m) (integer_of_int32 u0))) (FORALL (result3) (IMPLIES (EQ result3 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (< (integer_of_int32 result3) (integer_of_int32 v)) (FORALL (result4) (IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 m) 1)) @@ -6127,20 +6110,20 @@ (FORALL (k) (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (<= k (integer_of_int32 u0))))))))))))))))))))))))))))))))))))) -;; binary_search_ensures_failure_po_5, File "HOME/tests/c/binary_search.c", line 24, characters 8-66 +;; binary_search_ensures_failure_po_5, File "HOME/tests/c/binary_search.c", line 55, characters 8-66 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) -(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) +(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) longP_longM_t_2) (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6155,7 +6138,7 @@ (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (AND (<= (integer_of_int32 l0) k) (<= k (integer_of_int32 u0))))) (IMPLIES (AND (<= 0 (integer_of_int32 l0)) @@ -6173,11 +6156,11 @@ (<= (integer_of_int32 m) (integer_of_int32 u0))) (FORALL (result3) (IMPLIES (EQ result3 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result3) (integer_of_int32 v)) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (> (integer_of_int32 result4) (integer_of_int32 v)) (FORALL (result5) (IMPLIES (EQ (integer_of_int32 result5) (- (integer_of_int32 m) 1)) @@ -6186,20 +6169,20 @@ (FORALL (k) (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (<= (integer_of_int32 l0) k))))))))))))))))))))))))))))))))))))))) -;; binary_search_ensures_failure_po_6, File "HOME/tests/c/binary_search.c", line 24, characters 8-66 +;; binary_search_ensures_failure_po_6, File "HOME/tests/c/binary_search.c", line 55, characters 8-66 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) -(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) +(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) longP_longM_t_2) (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6214,7 +6197,7 @@ (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (AND (<= (integer_of_int32 l0) k) (<= k (integer_of_int32 u0))))) (IMPLIES (AND (<= 0 (integer_of_int32 l0)) @@ -6232,11 +6215,11 @@ (<= (integer_of_int32 m) (integer_of_int32 u0))) (FORALL (result3) (IMPLIES (EQ result3 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result3) (integer_of_int32 v)) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (> (integer_of_int32 result4) (integer_of_int32 v)) (FORALL (result5) (IMPLIES (EQ (integer_of_int32 result5) (- (integer_of_int32 m) 1)) @@ -6245,20 +6228,20 @@ (FORALL (k) (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (<= k (integer_of_int32 u1)))))))))))))))))))))))))))))))))))))))) -;; binary_search_ensures_failure_po_7, File "HOME/tests/c/binary_search.c", line 15, characters 14-83 +;; binary_search_ensures_failure_po_7, File "HOME/tests/c/binary_search.c", line 46, characters 14-83 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) -(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) +(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) longP_longM_t_2) (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6273,7 +6256,7 @@ (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (AND (<= (integer_of_int32 l0) k) (<= k (integer_of_int32 u0))))) (IMPLIES (AND (<= 0 (integer_of_int32 l0)) @@ -6291,11 +6274,11 @@ (<= (integer_of_int32 m) (integer_of_int32 u0))) (FORALL (result3) (IMPLIES (EQ result3 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result3) (integer_of_int32 v)) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (<= (integer_of_int32 result4) (integer_of_int32 v)) (FORALL (|__retres|) (IMPLIES (EQ |__retres| m) @@ -6304,19 +6287,19 @@ (IMPLIES (EQ (integer_of_int32 return) (- 0 1)) (FORALL (k_0) (IMPLIES (AND (<= 0 k_0) (< k_0 (integer_of_int32 n))) -(NEQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k_0))) +(NEQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k_0))) (integer_of_int32 v))))))))))))))))))))))))))))))))))))))))) -;; binary_search_ensures_failure_po_8, File "HOME/tests/c/binary_search.c", line 15, characters 14-83 +;; binary_search_ensures_failure_po_8, File "HOME/tests/c/binary_search.c", line 46, characters 14-83 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) -(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) +(IMPLIES (AND (sorted t_0 0 (- (integer_of_int32 n) 1) longP_longM_t_2) (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1))))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6331,7 +6314,7 @@ (IMPLIES (AND (<= 0 k) (AND (< k (integer_of_int32 n)) - (EQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k))) + (EQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k))) (integer_of_int32 v)))) (AND (<= (integer_of_int32 l0) k) (<= k (integer_of_int32 u0))))) (IMPLIES (AND (<= 0 (integer_of_int32 l0)) @@ -6346,18 +6329,18 @@ (IMPLIES (EQ (integer_of_int32 return) (- 0 1)) (FORALL (k_0) (IMPLIES (AND (<= 0 k_0) (< k_0 (integer_of_int32 n))) -(NEQ (integer_of_int32 (select long_P_long_M_t_2 (shift t_0 k_0))) +(NEQ (integer_of_int32 (select longP_longM_t_2 (shift t_0 k_0))) (integer_of_int32 v)))))))))))))))))))))))))))))) -;; binary_search_ensures_success_po_1, File "HOME/tests/c/binary_search.c", line 12, characters 14-46 +;; binary_search_ensures_success_po_1, File "HOME/tests/c/binary_search.c", line 43, characters 14-46 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6384,11 +6367,11 @@ (<= (integer_of_int32 m) (integer_of_int32 u0))) (FORALL (result3) (IMPLIES (EQ result3 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result3) (integer_of_int32 v)) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (<= (integer_of_int32 result4) (integer_of_int32 v)) (FORALL (|__retres|) (IMPLIES (EQ |__retres| m) @@ -6396,18 +6379,18 @@ (IMPLIES (EQ return |__retres|) (IMPLIES (>= (integer_of_int32 return) 0) (EQ (integer_of_int32 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 return)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 return)))) (integer_of_int32 v))))))))))))))))))))))))))))))))))))))) -;; binary_search_ensures_success_po_2, File "HOME/tests/c/binary_search.c", line 12, characters 14-46 +;; binary_search_ensures_success_po_2, File "HOME/tests/c/binary_search.c", line 43, characters 14-46 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6430,42 +6413,42 @@ (IMPLIES (EQ return |__retres|) (IMPLIES (>= (integer_of_int32 return) 0) (EQ (integer_of_int32 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 return)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 return)))) (integer_of_int32 v)))))))))))))))))))))))))))) -;; binary_search_safety_po_1, File "HOME/tests/c/binary_search.c", line 19, characters 17-20 +;; binary_search_safety_po_1, File "HOME/tests/c/binary_search.c", line 50, characters 17-20 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) (IMPLIES (EQ l result) (<= (- 0 constant_too_large_2147483648) (- (integer_of_int32 n) 1)))))))))) -;; binary_search_safety_po_2, File "HOME/tests/c/binary_search.c", line 19, characters 17-20 +;; binary_search_safety_po_2, File "HOME/tests/c/binary_search.c", line 50, characters 17-20 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) (IMPLIES (EQ l result) (<= (- (integer_of_int32 n) 1) constant_too_large_2147483647))))))))) -;; binary_search_safety_po_3, File "HOME/tests/c/binary_search.c", line 28, characters 13-18 +;; binary_search_safety_po_3, File "HOME/tests/c/binary_search.c", line 59, characters 13-18 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6486,13 +6469,13 @@ (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 l0) (integer_of_int32 u0))))))))))))))))))))) -;; binary_search_safety_po_4, File "HOME/tests/c/binary_search.c", line 28, characters 13-18 +;; binary_search_safety_po_4, File "HOME/tests/c/binary_search.c", line 59, characters 13-18 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6512,13 +6495,13 @@ (IMPLIES (<= (integer_of_int32 l0) (integer_of_int32 u0)) (<= (+ (integer_of_int32 l0) (integer_of_int32 u0)) constant_too_large_2147483647))))))))))))))))))) -;; binary_search_safety_po_5, File "HOME/tests/c/binary_search.c", line 28, characters 12-23 +;; binary_search_safety_po_5, File "HOME/tests/c/binary_search.c", line 59, characters 12-23 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6545,13 +6528,13 @@ (+ (integer_of_int32 l0) (integer_of_int32 u0))) (NEQ 2 0)))))))))))))))))))))) -;; binary_search_safety_po_6, File "HOME/tests/c/binary_search.c", line 28, characters 12-23 +;; binary_search_safety_po_6, File "HOME/tests/c/binary_search.c", line 59, characters 12-23 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6581,13 +6564,13 @@ (IMPLIES (EQ result2 (computer_div (integer_of_int32 result1) 2)) (<= (- 0 constant_too_large_2147483648) result2))))))))))))))))))))))))) -;; binary_search_safety_po_7, File "HOME/tests/c/binary_search.c", line 28, characters 12-23 +;; binary_search_safety_po_7, File "HOME/tests/c/binary_search.c", line 59, characters 12-23 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6617,13 +6600,13 @@ (IMPLIES (EQ result2 (computer_div (integer_of_int32 result1) 2)) (<= result2 constant_too_large_2147483647))))))))))))))))))))))))) -;; binary_search_safety_po_8, File "HOME/tests/c/binary_search.c", line 30, characters 8-12 +;; binary_search_safety_po_8, File "HOME/tests/c/binary_search.c", line 61, characters 8-12 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6659,15 +6642,15 @@ (IMPLIES (EQ m result3) (IMPLIES (AND (<= (integer_of_int32 l0) (integer_of_int32 m)) (<= (integer_of_int32 m) (integer_of_int32 u0))) -(<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)))))))))))))))))))))))))))))))) +(<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)))))))))))))))))))))))))))))))) -;; binary_search_safety_po_9, File "HOME/tests/c/binary_search.c", line 30, characters 8-12 +;; binary_search_safety_po_9, File "HOME/tests/c/binary_search.c", line 61, characters 8-12 (FORALL (t_0) (FORALL (n) -(FORALL (long_P_t_2_alloc_table) +(FORALL (longP_t_2_alloc_table) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6703,17 +6686,17 @@ (IMPLIES (EQ m result3) (IMPLIES (AND (<= (integer_of_int32 l0) (integer_of_int32 m)) (<= (integer_of_int32 m) (integer_of_int32 u0))) -(<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0)))))))))))))))))))))))))))))))) +(<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0)))))))))))))))))))))))))))))))) -;; binary_search_safety_po_10, File "HOME/tests/c/binary_search.c", line 30, characters 22-27 +;; binary_search_safety_po_10, File "HOME/tests/c/binary_search.c", line 61, characters 22-27 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6750,23 +6733,23 @@ (IMPLIES (AND (<= (integer_of_int32 l0) (integer_of_int32 m)) (<= (integer_of_int32 m) (integer_of_int32 u0))) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (< (integer_of_int32 result4) (integer_of_int32 v)) (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 m) 1)))))))))))))))))))))))))))))))))))))) -;; binary_search_safety_po_11, File "HOME/tests/c/binary_search.c", line 30, characters 22-27 +;; binary_search_safety_po_11, File "HOME/tests/c/binary_search.c", line 61, characters 22-27 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6803,23 +6786,23 @@ (IMPLIES (AND (<= (integer_of_int32 l0) (integer_of_int32 m)) (<= (integer_of_int32 m) (integer_of_int32 u0))) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (< (integer_of_int32 result4) (integer_of_int32 v)) (<= (+ (integer_of_int32 m) 1) constant_too_large_2147483647))))))))))))))))))))))))))))))))))))) -;; binary_search_safety_po_12, File "HOME/tests/c/binary_search.c", line 25, characters 19-22 +;; binary_search_safety_po_12, File "HOME/tests/c/binary_search.c", line 56, characters 19-22 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6856,11 +6839,11 @@ (IMPLIES (AND (<= (integer_of_int32 l0) (integer_of_int32 m)) (<= (integer_of_int32 m) (integer_of_int32 u0))) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (< (integer_of_int32 result4) (integer_of_int32 v)) (IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 m) 1)) @@ -6871,15 +6854,15 @@ (IMPLIES (EQ l1 result5) (<= 0 (- (integer_of_int32 u0) (integer_of_int32 l0)))))))))))))))))))))))))))))))))))))))))))) -;; binary_search_safety_po_13, File "HOME/tests/c/binary_search.c", line 25, characters 19-22 +;; binary_search_safety_po_13, File "HOME/tests/c/binary_search.c", line 56, characters 19-22 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6916,11 +6899,11 @@ (IMPLIES (AND (<= (integer_of_int32 l0) (integer_of_int32 m)) (<= (integer_of_int32 m) (integer_of_int32 u0))) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (< (integer_of_int32 result4) (integer_of_int32 v)) (IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 m) 1)) @@ -6932,15 +6915,15 @@ (< (- (integer_of_int32 u0) (integer_of_int32 l1)) (- (integer_of_int32 u0) (integer_of_int32 l0)))))))))))))))))))))))))))))))))))))))))))) -;; binary_search_safety_po_14, File "HOME/tests/c/binary_search.c", line 31, characters 27-32 +;; binary_search_safety_po_14, File "HOME/tests/c/binary_search.c", line 62, characters 27-32 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -6977,30 +6960,30 @@ (IMPLIES (AND (<= (integer_of_int32 l0) (integer_of_int32 m)) (<= (integer_of_int32 m) (integer_of_int32 u0))) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result4) (integer_of_int32 v)) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result5) (IMPLIES (EQ result5 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (> (integer_of_int32 result5) (integer_of_int32 v)) (<= (- 0 constant_too_large_2147483648) (- (integer_of_int32 m) 1)))))))))))))))))))))))))))))))))))))))))) -;; binary_search_safety_po_15, File "HOME/tests/c/binary_search.c", line 31, characters 27-32 +;; binary_search_safety_po_15, File "HOME/tests/c/binary_search.c", line 62, characters 27-32 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -7037,30 +7020,30 @@ (IMPLIES (AND (<= (integer_of_int32 l0) (integer_of_int32 m)) (<= (integer_of_int32 m) (integer_of_int32 u0))) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result4) (integer_of_int32 v)) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result5) (IMPLIES (EQ result5 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (> (integer_of_int32 result5) (integer_of_int32 v)) (<= (- (integer_of_int32 m) 1) constant_too_large_2147483647))))))))))))))))))))))))))))))))))))))))) -;; binary_search_safety_po_16, File "HOME/tests/c/binary_search.c", line 25, characters 19-22 +;; binary_search_safety_po_16, File "HOME/tests/c/binary_search.c", line 56, characters 19-22 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -7097,18 +7080,18 @@ (IMPLIES (AND (<= (integer_of_int32 l0) (integer_of_int32 m)) (<= (integer_of_int32 m) (integer_of_int32 u0))) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result4) (integer_of_int32 v)) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result5) (IMPLIES (EQ result5 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (> (integer_of_int32 result5) (integer_of_int32 v)) (IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- (integer_of_int32 m) 1)) @@ -7119,15 +7102,15 @@ (IMPLIES (EQ u1 result6) (<= 0 (- (integer_of_int32 u0) (integer_of_int32 l0)))))))))))))))))))))))))))))))))))))))))))))))) -;; binary_search_safety_po_17, File "HOME/tests/c/binary_search.c", line 25, characters 19-22 +;; binary_search_safety_po_17, File "HOME/tests/c/binary_search.c", line 56, characters 19-22 (FORALL (t_0) (FORALL (n) (FORALL (v) -(FORALL (long_P_t_2_alloc_table) -(FORALL (long_P_long_M_t_2) +(FORALL (longP_t_2_alloc_table) +(FORALL (longP_longM_t_2) (IMPLIES (AND (>= (integer_of_int32 n) 0) - (AND (<= (offset_min long_P_t_2_alloc_table t_0) 0) - (>= (offset_max long_P_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) + (AND (<= (offset_min longP_t_2_alloc_table t_0) 0) + (>= (offset_max longP_t_2_alloc_table t_0) (- (integer_of_int32 n) 1)))) (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (l) @@ -7164,18 +7147,18 @@ (IMPLIES (AND (<= (integer_of_int32 l0) (integer_of_int32 m)) (<= (integer_of_int32 m) (integer_of_int32 u0))) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result4) (IMPLIES (EQ result4 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (>= (integer_of_int32 result4) (integer_of_int32 v)) (IMPLIES (AND - (<= (offset_min long_P_t_2_alloc_table t_0) (integer_of_int32 m)) - (<= (integer_of_int32 m) (offset_max long_P_t_2_alloc_table t_0))) + (<= (offset_min longP_t_2_alloc_table t_0) (integer_of_int32 m)) + (<= (integer_of_int32 m) (offset_max longP_t_2_alloc_table t_0))) (FORALL (result5) (IMPLIES (EQ result5 - (select long_P_long_M_t_2 (shift t_0 (integer_of_int32 m)))) + (select longP_longM_t_2 (shift t_0 (integer_of_int32 m)))) (IMPLIES (> (integer_of_int32 result5) (integer_of_int32 v)) (IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- (integer_of_int32 m) 1)) @@ -7190,9 +7173,9 @@ ========== running Simplify ========== Running Simplify on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -simplify/binary_search_why.sx : ....................?..?.........?... (34/0/3/0/0) -total : 37 -valid : 34 ( 92%) +simplify/binary_search_why.sx : .....................?..?.........?... (35/0/3/0/0) +total : 38 +valid : 35 ( 92%) invalid : 0 ( 0%) unknown : 3 ( 8%) timeout : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/clock_drift.res.oracle why-2.30+dfsg/tests/c/oracle/clock_drift.res.oracle --- why-2.29+dfsg/tests/c/oracle/clock_drift.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/clock_drift.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,35 @@ ========== file tests/c/clock_drift.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // RUNGAPPA: will ask regtests to run gappa on VCs of this program #define NMAX 1000000 @@ -54,6 +85,14 @@ return t; } + +/* +Local Variables: +compile-command: "make clock_drift.why3ml" +End: +*/ + + ========== frama-c -jessie execution ========== [kernel] preprocessing with "gcc -C -E -I. -dD tests/c/clock_drift.c" [jessie] Starting Jessie translation @@ -77,16 +116,16 @@ type int32 = -2147483648..2147483647 -tag char_P = { - int8 char_M: 8; +tag charP = { + int8 charM: 8; } -type char_P = [char_P] +type charP = [charP] -tag void_P = { +tag voidP = { } -type void_P = [void_P] +type voidP = [voidP] lemma real_of_int_inf_NMAX : (\forall integer i; @@ -154,131 +193,145 @@ ========== file tests/c/clock_drift.jessie/clock_drift.cloc ========== [C_10] file = "HOME/tests/c/clock_drift.c" -line = 49 +line = 80 begin = 22 end = 65 [C_11] file = "HOME/tests/c/clock_drift.c" -line = 50 +line = 81 begin = 8 end = 16 [C_12] file = "HOME/tests/c/clock_drift.c" -line = 50 +line = 81 begin = 8 end = 16 [C_13] file = "HOME/tests/c/clock_drift.c" -line = 51 +line = 82 begin = 15 end = 58 [C_14] file = "HOME/tests/c/clock_drift.c" -line = 47 +line = 78 begin = 14 end = 17 [C_15] file = "HOME/tests/c/clock_drift.c" -line = 47 +line = 78 begin = 14 end = 17 [C_16] file = "HOME/tests/c/clock_drift.c" -line = 47 +line = 78 begin = 14 end = 17 [C_17] file = "HOME/tests/c/clock_drift.c" -line = 36 +line = 67 begin = 12 end = 63 [C_18] file = "HOME/tests/c/clock_drift.c" -line = 35 +line = 66 begin = 13 end = 30 [C_19] file = "HOME/tests/c/clock_drift.c" -line = 35 +line = 66 begin = 13 end = 19 [C_1] file = "HOME/tests/c/clock_drift.c" -line = 40 +line = 71 begin = 2 end = 7 [C_2] file = "HOME/tests/c/clock_drift.c" -line = 47 +line = 78 begin = 8 end = 9 [C_3] file = "HOME/tests/c/clock_drift.c" -line = 45 +line = 76 begin = 19 end = 22 [C_4] file = "HOME/tests/c/clock_drift.c" -line = 44 +line = 75 begin = 21 end = 68 [C_20] file = "HOME/tests/c/clock_drift.c" -line = 35 +line = 66 begin = 18 end = 30 [C_5] file = "HOME/tests/c/clock_drift.c" -line = 43 +line = 74 begin = 21 end = 32 [C_6] file = "HOME/tests/c/clock_drift.c" -line = 43 +line = 74 begin = 21 end = 27 [C_7] file = "HOME/tests/c/clock_drift.c" -line = 43 +line = 74 begin = 26 end = 32 [C_8] file = "HOME/tests/c/clock_drift.c" -line = 49 +line = 80 begin = 15 end = 65 [C_9] file = "HOME/tests/c/clock_drift.c" -line = 49 +line = 80 begin = 15 end = 23 [f_single] name = "Function f_single" file = "HOME/tests/c/clock_drift.c" -line = 38 +line = 69 begin = 6 end = 14 +[real_of_int_succ] +name = "Lemma real_of_int_succ" +file = "HOME/tests/c/clock_drift.c" +line = 45 +begin = 4 +end = 62 + +[real_of_int_inf_NMAX] +name = "Lemma real_of_int_inf_NMAX" +file = "HOME/tests/c/clock_drift.c" +line = 38 +begin = 4 +end = 89 + ========== jessie execution ========== Generating Why function f_single ========== file tests/c/clock_drift.jessie/clock_drift.makefile ========== @@ -296,10 +349,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs clock_drift.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why $(WHYLIB)/why/floats_strict.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/clock_drift_why.sx @@ -360,6 +414,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/clock_drift_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/clock_drift_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -432,6 +493,9 @@ why3ide: why/clock_drift_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: clock_drift.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include clock_drift.depend depend: coq/clock_drift_why.v @@ -443,19 +507,19 @@ ========== file tests/c/clock_drift.jessie/clock_drift.loc ========== [JC_1] file = "HOME/tests/c/clock_drift.c" -line = 35 +line = 66 begin = 13 end = 19 [JC_2] file = "HOME/tests/c/clock_drift.c" -line = 35 +line = 66 begin = 18 end = 30 [JC_3] file = "HOME/tests/c/clock_drift.c" -line = 35 +line = 66 begin = 13 end = 30 @@ -467,19 +531,19 @@ [JC_5] file = "HOME/tests/c/clock_drift.c" -line = 35 +line = 66 begin = 13 end = 19 [JC_6] file = "HOME/tests/c/clock_drift.c" -line = 35 +line = 66 begin = 18 end = 30 [JC_7] file = "HOME/tests/c/clock_drift.c" -line = 35 +line = 66 begin = 13 end = 30 @@ -491,7 +555,7 @@ [JC_9] file = "HOME/tests/c/clock_drift.c" -line = 36 +line = 67 begin = 12 end = 63 @@ -499,21 +563,21 @@ name = "Function f_single" behavior = "Safety" file = "HOME/tests/c/clock_drift.c" -line = 38 +line = 69 begin = 6 end = 14 [f_single_ensures_default] name = "Function f_single" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/clock_drift.c" -line = 38 +line = 69 begin = 6 end = 14 [JC_10] file = "HOME/tests/c/clock_drift.c" -line = 36 +line = 67 begin = 12 end = 63 @@ -531,25 +595,25 @@ [JC_13] file = "HOME/tests/c/clock_drift.c" -line = 44 +line = 75 begin = 21 end = 68 [JC_14] file = "HOME/tests/c/clock_drift.c" -line = 43 +line = 74 begin = 21 end = 27 [JC_15] file = "HOME/tests/c/clock_drift.c" -line = 43 +line = 74 begin = 26 end = 32 [JC_16] file = "HOME/tests/c/clock_drift.c" -line = 43 +line = 74 begin = 21 end = 32 @@ -573,77 +637,77 @@ [JC_20] file = "HOME/tests/c/clock_drift.c" -line = 49 +line = 80 begin = 15 end = 23 [JC_21] file = "HOME/tests/c/clock_drift.c" -line = 49 +line = 80 begin = 22 end = 65 [JC_22] file = "HOME/tests/c/clock_drift.c" -line = 49 +line = 80 begin = 15 end = 65 [JC_23] kind = FPOverflow file = "HOME/tests/c/clock_drift.c" -line = 50 +line = 81 begin = 8 end = 16 [JC_24] file = "HOME/tests/c/clock_drift.c" -line = 51 +line = 82 begin = 15 end = 58 [JC_25] kind = ArithOverflow file = "HOME/tests/c/clock_drift.c" -line = 47 +line = 78 begin = 14 end = 17 [JC_26] file = "HOME/tests/c/clock_drift.c" -line = 45 +line = 76 begin = 19 end = 22 [JC_27] file = "HOME/tests/c/clock_drift.c" -line = 44 +line = 75 begin = 21 end = 68 [JC_28] file = "HOME/tests/c/clock_drift.c" -line = 43 +line = 74 begin = 21 end = 27 [JC_29] file = "HOME/tests/c/clock_drift.c" -line = 43 +line = 74 begin = 26 end = 32 [real_of_int_succ] -name = "real_of_int_succ" +name = "Lemma real_of_int_succ" behavior = "lemma" -file = "HOME/tests/c/clock_drift.jessie/clock_drift.jc" -line = 32 -begin = 0 -end = 70 +file = "HOME/tests/c/clock_drift.c" +line = 45 +begin = 4 +end = 62 [JC_30] file = "HOME/tests/c/clock_drift.c" -line = 43 +line = 74 begin = 21 end = 32 @@ -667,45 +731,45 @@ [JC_34] file = "HOME/tests/c/clock_drift.c" -line = 49 +line = 80 begin = 15 end = 23 [JC_35] file = "HOME/tests/c/clock_drift.c" -line = 49 +line = 80 begin = 22 end = 65 [JC_36] file = "HOME/tests/c/clock_drift.c" -line = 49 +line = 80 begin = 15 end = 65 [JC_37] kind = FPOverflow file = "HOME/tests/c/clock_drift.c" -line = 50 +line = 81 begin = 8 end = 16 [JC_38] file = "HOME/tests/c/clock_drift.c" -line = 51 +line = 82 begin = 15 end = 58 [real_of_int_inf_NMAX] -name = "real_of_int_inf_NMAX" +name = "Lemma real_of_int_inf_NMAX" behavior = "lemma" -file = "HOME/tests/c/clock_drift.jessie/clock_drift.jc" -line = 28 -begin = 0 +file = "HOME/tests/c/clock_drift.c" +line = 38 +begin = 4 end = 89 ========== file tests/c/clock_drift.jessie/why/clock_drift.why ========== -type char_P +type charP type int32 @@ -713,32 +777,23 @@ type padding -type void_P - -exception Goto_while_0_break_exc of unit +type voidP -exception Loop_continue_exc of unit +logic charP_tag: -> charP tag_id -exception Loop_exit_exc of unit +axiom charP_int : (int_of_tag(charP_tag) = (1)) -exception Return_label_exc of unit +logic charP_of_pointer_address: unit pointer -> charP pointer -logic char_P_tag: -> char_P tag_id +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_int : (int_of_tag(char_P_tag) = (1)) +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) -logic char_P_of_pointer_address: unit pointer -> char_P pointer - -axiom char_P_of_pointer_address_of_pointer_addr : - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) - -axiom char_P_parenttag_bottom : parenttag(char_P_tag, bottom_tag) - -axiom char_P_tags : - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. - instanceof(char_P_tag_table, x, char_P_tag))) +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) logic integer_of_int32: int32 -> int @@ -757,6 +812,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -769,195 +829,159 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_int8(int8_of_integer(x)), x))) +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + axiom int8_range : (forall x:int8. (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) -predicate left_valid_struct_char_P(p:char_P pointer, a:int, - char_P_alloc_table:char_P alloc_table) = - (offset_min(char_P_alloc_table, p) <= a) - -predicate left_valid_struct_void_P(p:void_P pointer, a:int, - void_P_alloc_table:void_P alloc_table) = - (offset_min(void_P_alloc_table, p) <= a) - -axiom pointer_addr_of_char_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(char_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address: unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(void_P_of_pointer_address(p)))) +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) lemma real_of_int_inf_NMAX : (forall i:int. (le_int(i, (1000000)) -> le_real(real_of_int(i), 1000000.0))) lemma real_of_int_succ : (forall n_0:int. - eq_real(real_of_int(add_int(n_0, (1))), add_real(real_of_int(n_0), 1.0))) + (real_of_int(add_int(n_0, (1))) = add_real(real_of_int(n_0), 1.0))) -predicate right_valid_struct_char_P(p:char_P pointer, b:int, - char_P_alloc_table:char_P alloc_table) = - (offset_max(char_P_alloc_table, p) >= b) - -predicate right_valid_struct_void_P(p:void_P pointer, b:int, - void_P_alloc_table:void_P alloc_table) = - (offset_max(void_P_alloc_table, p) >= b) - -predicate strict_valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag: -> void_P tag_id - -axiom void_P_int : (int_of_tag(void_P_tag) = (1)) - -axiom void_P_of_pointer_address_of_pointer_addr : - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom : parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags : - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. - instanceof(void_P_tag_table, x, void_P_tag))) - -parameter alloc_bitvector_struct_char_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Goto_while_0_break_exc of unit -parameter alloc_bitvector_struct_char_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_void_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_void_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter char_P_alloc_table : char_P alloc_table ref +parameter charP_alloc_table : charP alloc_table ref -parameter char_P_tag_table : char_P tag_table ref +parameter charP_tag_table : charP tag_table ref -parameter alloc_struct_char_P : +parameter alloc_struct_charP : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { } char_P pointer writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter alloc_struct_char_P_requires : +parameter alloc_struct_charP_requires : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { ge_int(n, (0))} char_P pointer - writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter void_P_alloc_table : void_P alloc_table ref +parameter voidP_alloc_table : voidP alloc_table ref -parameter void_P_tag_table : void_P tag_table ref +parameter voidP_tag_table : voidP tag_table ref -parameter alloc_struct_void_P : +parameter alloc_struct_voidP : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { } void_P pointer writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } -parameter alloc_struct_void_P_requires : +parameter alloc_struct_voidP_requires : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { ge_int(n, (0))} void_P pointer - writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } parameter any_int32 : unit -> { } int32 { true } @@ -968,9 +992,8 @@ { } single { (JC_10: le_real(abs_real(sub_real(single_value(result), - mul_real(real_of_int(integer_of_int32(n@)), 0.1))), - mul_real(real_of_int(integer_of_int32(n@)), - add_real(0x1p-8, 1.49012e-09)))) } + mul_real(real_of_int(integer_of_int32(n)), 0.1))), + mul_real(real_of_int(integer_of_int32(n)), add_real(0x1p-8, 1.49012e-09)))) } parameter f_single_requires : n:int32 -> @@ -980,9 +1003,8 @@ single { (JC_10: le_real(abs_real(sub_real(single_value(result), - mul_real(real_of_int(integer_of_int32(n@)), 0.1))), - mul_real(real_of_int(integer_of_int32(n@)), - add_real(0x1p-8, 1.49012e-09)))) } + mul_real(real_of_int(integer_of_int32(n)), 0.1))), + mul_real(real_of_int(integer_of_int32(n)), add_real(0x1p-8, 1.49012e-09)))) } parameter int32_of_integer_ : x:int -> @@ -1012,7 +1034,6 @@ (let t = ref (any_single void) in (let i_0 = ref (any_int32 void) in try - (let jessie_ = (C_1: (C_2: begin @@ -1035,17 +1056,13 @@ begin [ { } unit { true } ]; try - (let jessie_ = begin (let jessie_ = (L: (C_16: begin (if ((lt_int_ (integer_of_int32 !i_0)) (integer_of_int32 n)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = (C_12: begin @@ -1059,27 +1076,26 @@ void); void; (t := (C_11: (JC_37: - (((add_single_safe nearest_even) !t) (single_of_real_exact 0x0.199999Ap0))))); + (((add_single_safe nearest_even) !t) (single_of_real_exact 0x1.99999ap-4))))); !t end) in void); (assert { (JC_38: le_real(abs_real(sub_real(single_value(t), - add_real(single_value(t@L), 0x0.199999Ap0))), + add_real(single_value(t@L), 0x1.99999ap-4))), 0x1p-8)) }; void); void; (i_0 := (C_15: (safe_int32_of_integer_ (C_14: ((add_int (integer_of_int32 !i_0)) (1)))))); - !i_0 end)) in void); (raise (Loop_continue_exc void)) end in - void) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + !i_0 end)) in void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (while_0_break: begin void; (return := !t); (raise Return) end) end)); absurd end with Return -> !return end)) { (JC_9: le_real(abs_real(sub_real(single_value(result), - mul_real(real_of_int(integer_of_int32(n@)), 0.1))), - mul_real(real_of_int(integer_of_int32(n@)), - add_real(0x1p-8, 1.49012e-09)))) } + mul_real(real_of_int(integer_of_int32(n)), 0.1))), + mul_real(real_of_int(integer_of_int32(n)), add_real(0x1p-8, 1.49012e-09)))) } let f_single_safety = fun (n : int32) -> @@ -1093,7 +1109,6 @@ (let t = ref (any_single void) in (let i_0 = ref (any_int32 void) in try - (let jessie_ = (C_1: (C_2: begin @@ -1116,16 +1131,13 @@ and (JC_15: le_int(integer_of_int32(i_0), integer_of_int32(n)))))) } ]; try - (let jessie_ = begin (let jessie_ = (L: (C_16: begin (if ((lt_int_ (integer_of_int32 !i_0)) (integer_of_int32 n)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = (C_12: begin @@ -1139,20 +1151,20 @@ void; (t := (C_11: (JC_23: - (((add_single nearest_even) !t) (single_of_real_exact 0x0.199999Ap0))))); + (((add_single nearest_even) !t) (single_of_real_exact 0x1.99999ap-4))))); !t end) in void); [ { } unit reads t { (JC_24: le_real(abs_real(sub_real(single_value(t), - add_real(single_value(t@L), 0x0.199999Ap0))), + add_real(single_value(t@L), 0x1.99999ap-4))), 0x1p-8)) } ]; void; (i_0 := (C_15: (JC_25: (int32_of_integer_ (C_14: ((add_int (integer_of_int32 !i_0)) (1))))))); - !i_0 end)) in void); (raise (Loop_continue_exc void)) end in - void) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + !i_0 end)) in void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (while_0_break: begin void; (return := !t); (raise Return) end) end)); absurd end with Return -> !return end)) { true } @@ -2207,6 +2219,10 @@ ((((-9007199254740992) <= i) and (i <= 9007199254740992)) -> (round_double(m, real_of_int(i)) = real_of_int(i))))) +axiom exact_round_double_for_doubles: + (forall x:double. + (forall m:mode. (round_double(m, double_value(x)) = double_value(x)))) + axiom round_double_idempotent: (forall m1:mode. (forall m2:mode. @@ -2263,6 +2279,10 @@ ((((-16777216) <= i) and (i <= 16777216)) -> (round_single(m, real_of_int(i)) = real_of_int(i))))) +axiom exact_round_single_for_singles: + (forall x:single. + (forall m:mode. (round_single(m, single_value(x)) = single_value(x)))) + axiom round_single_idempotent: (forall m1:mode. (forall m2:mode. @@ -2279,22 +2299,21 @@ axiom round_up_single_ge: (forall x:real. (round_single(up, x) >= x)) -logic single_to_double : single -> double - -logic double_to_single : mode, double -> single +axiom single_value_is_bounded: + (forall x:single. (abs_real(single_value(x)) <= max_single)) -axiom single_to_double_val: - (forall s:single. (double_value(single_to_double(s)) = single_value(s))) - -axiom double_to_single_val: - (forall m:mode. - (forall d:double. (single_value(double_to_single(m, d)) = round_single(m, - double_value(d))))) +axiom double_value_is_bounded: + (forall x:double. (abs_real(double_value(x)) <= max_double)) predicate single_of_real_post(m: mode, x: real, res: single) = ((single_value(res) = round_single(m, x)) and ((single_exact(res) = x) and (single_model(res) = x))) +predicate single_of_double_post(m: mode, x: double, res: single) = + ((single_value(res) = round_single(m, double_value(x))) and + ((single_exact(res) = double_exact(x)) and + (single_model(res) = double_model(x)))) + predicate add_single_post(m: mode, x: single, y: single, res: single) = ((single_value(res) = round_single(m, (single_value(x) + single_value(y)))) and @@ -2338,6 +2357,11 @@ ((double_value(res) = round_double(m, x)) and ((double_exact(res) = x) and (double_model(res) = x))) +predicate double_of_single_post(x: single, res: double) = + ((double_value(res) = single_value(x)) and + ((double_exact(res) = single_exact(x)) and + (double_model(res) = single_model(x)))) + predicate add_double_post(m: mode, x: double, y: double, res: double) = ((double_value(res) = round_double(m, (double_value(x) + double_value(y)))) and @@ -2377,7 +2401,7 @@ ((double_exact(res) = abs_real(double_exact(x))) and (double_model(res) = abs_real(double_model(x))))) -type char_P +type charP type int32 @@ -2385,24 +2409,24 @@ type padding -type void_P +type voidP -logic char_P_tag : char_P tag_id +logic charP_tag : charP tag_id -axiom char_P_int: (int_of_tag(char_P_tag) = 1) +axiom charP_int: (int_of_tag(charP_tag) = 1) -logic char_P_of_pointer_address : unit pointer -> char_P pointer +logic charP_of_pointer_address : unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr: - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom: parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) -axiom char_P_tags: - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. instanceof(char_P_tag_table, - x, char_P_tag))) +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) logic integer_of_int32 : int32 -> int @@ -2421,6 +2445,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -2433,27 +2462,92 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_int8(int8_of_integer(x)) = x))) +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + axiom int8_range: (forall x:int8. (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) -predicate left_valid_struct_char_P(p: char_P pointer, a: int, - char_P_alloc_table: char_P alloc_table) = (offset_min(char_P_alloc_table, +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, p) <= a) -predicate left_valid_struct_void_P(p: void_P pointer, a: int, - void_P_alloc_table: void_P alloc_table) = (offset_min(void_P_alloc_table, +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, p) <= a) -axiom pointer_addr_of_char_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(char_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address : unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) goal real_of_int_inf_NMAX: (forall i:int. ((i <= 1000000) -> (real_of_int(i) <= 1000000.0))) @@ -2467,79 +2561,6 @@ axiom real_of_int_succ_as_axiom: (forall n_0:int. (real_of_int((n_0 + 1)) = (real_of_int(n_0) + 1.0))) -predicate right_valid_struct_char_P(p: char_P pointer, b: int, - char_P_alloc_table: char_P alloc_table) = (offset_max(char_P_alloc_table, - p) >= b) - -predicate right_valid_struct_void_P(p: void_P pointer, b: int, - void_P_alloc_table: void_P alloc_table) = (offset_max(void_P_alloc_table, - p) >= b) - -predicate strict_valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag : void_P tag_id - -axiom void_P_int: (int_of_tag(void_P_tag) = 1) - -axiom void_P_of_pointer_address_of_pointer_addr: - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom: parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags: - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. instanceof(void_P_tag_table, - x, void_P_tag))) - goal f_single_ensures_default_po_1: forall n:int32. ("JC_7": @@ -2555,8 +2576,7 @@ forall i_0:int32. (i_0 = result0) -> ("JC_27": - ("JC_27": - (abs_real((single_value(t) - (real_of_int(integer_of_int32(i_0)) * 0.1))) <= (real_of_int(integer_of_int32(i_0)) * (0x1.p-8 + 1.49012e-09))))) + (abs_real((single_value(t) - (real_of_int(integer_of_int32(i_0)) * 0.1))) <= (real_of_int(integer_of_int32(i_0)) * (0x1.p-8 + 1.49012e-09)))) goal f_single_ensures_default_po_2: forall n:int32. @@ -2572,7 +2592,7 @@ (integer_of_int32(result0) = 0) -> forall i_0:int32. (i_0 = result0) -> - ("JC_30": ("JC_28": ("JC_28": (0 <= integer_of_int32(i_0))))) + ("JC_30": ("JC_28": (0 <= integer_of_int32(i_0)))) goal f_single_ensures_default_po_3: forall n:int32. @@ -2588,8 +2608,7 @@ (integer_of_int32(result0) = 0) -> forall i_0:int32. (i_0 = result0) -> - ("JC_30": - ("JC_29": ("JC_29": (integer_of_int32(i_0) <= integer_of_int32(n))))) + ("JC_30": ("JC_29": (integer_of_int32(i_0) <= integer_of_int32(n)))) goal f_single_ensures_default_po_4: forall n:int32. @@ -2613,7 +2632,7 @@ (("JC_28": (0 <= integer_of_int32(i_0_0))) and ("JC_29": (integer_of_int32(i_0_0) <= integer_of_int32(n)))))) -> (integer_of_int32(i_0_0) < integer_of_int32(n)) -> - ("JC_36": ("JC_34": ("JC_34": (0.0 <= single_value(t0))))) + ("JC_36": ("JC_34": (0.0 <= single_value(t0)))) goal f_single_ensures_default_po_5: forall n:int32. @@ -2639,8 +2658,7 @@ (integer_of_int32(i_0_0) < integer_of_int32(n)) -> ("JC_36": ("JC_35": - ("JC_35": - (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09))))))) + (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09)))))) goal f_single_ensures_default_po_6: forall n:int32. @@ -2669,18 +2687,15 @@ ("JC_35": (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09))))))) -> forall result1:single. - ((single_value(result1) = 0x0.199999Ap0) and - ((single_exact(result1) = 0x0.199999Ap0) and - (single_model(result1) = 0x0.199999Ap0))) -> + ((single_value(result1) = 0x1.99999ap-4) and + ((single_exact(result1) = 0x1.99999ap-4) and + (single_model(result1) = 0x1.99999ap-4))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(t0) + single_value(result1))) and - add_single_post(nearest_even, t0, result1, result2)) -> + add_single_post(nearest_even, t0, result1, result2) -> forall t1:single. (t1 = result2) -> ("JC_38": - ("JC_38": - (abs_real((single_value(t1) - (single_value(t0) + 0x0.199999Ap0))) <= 0x1.p-8))) + (abs_real((single_value(t1) - (single_value(t0) + 0x1.99999ap-4))) <= 0x1.p-8)) goal f_single_ensures_default_po_7: forall n:int32. @@ -2709,24 +2724,21 @@ ("JC_35": (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09))))))) -> forall result1:single. - ((single_value(result1) = 0x0.199999Ap0) and - ((single_exact(result1) = 0x0.199999Ap0) and - (single_model(result1) = 0x0.199999Ap0))) -> + ((single_value(result1) = 0x1.99999ap-4) and + ((single_exact(result1) = 0x1.99999ap-4) and + (single_model(result1) = 0x1.99999ap-4))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(t0) + single_value(result1))) and - add_single_post(nearest_even, t0, result1, result2)) -> + add_single_post(nearest_even, t0, result1, result2) -> forall t1:single. (t1 = result2) -> ("JC_38": - (abs_real((single_value(t1) - (single_value(t0) + 0x0.199999Ap0))) <= 0x1.p-8)) -> + (abs_real((single_value(t1) - (single_value(t0) + 0x1.99999ap-4))) <= 0x1.p-8)) -> forall result3:int32. (integer_of_int32(result3) = (integer_of_int32(i_0_0) + 1)) -> forall i_0_1:int32. (i_0_1 = result3) -> ("JC_27": - ("JC_27": - (abs_real((single_value(t1) - (real_of_int(integer_of_int32(i_0_1)) * 0.1))) <= (real_of_int(integer_of_int32(i_0_1)) * (0x1.p-8 + 1.49012e-09))))) + (abs_real((single_value(t1) - (real_of_int(integer_of_int32(i_0_1)) * 0.1))) <= (real_of_int(integer_of_int32(i_0_1)) * (0x1.p-8 + 1.49012e-09)))) goal f_single_ensures_default_po_8: forall n:int32. @@ -2755,22 +2767,20 @@ ("JC_35": (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09))))))) -> forall result1:single. - ((single_value(result1) = 0x0.199999Ap0) and - ((single_exact(result1) = 0x0.199999Ap0) and - (single_model(result1) = 0x0.199999Ap0))) -> + ((single_value(result1) = 0x1.99999ap-4) and + ((single_exact(result1) = 0x1.99999ap-4) and + (single_model(result1) = 0x1.99999ap-4))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(t0) + single_value(result1))) and - add_single_post(nearest_even, t0, result1, result2)) -> + add_single_post(nearest_even, t0, result1, result2) -> forall t1:single. (t1 = result2) -> ("JC_38": - (abs_real((single_value(t1) - (single_value(t0) + 0x0.199999Ap0))) <= 0x1.p-8)) -> + (abs_real((single_value(t1) - (single_value(t0) + 0x1.99999ap-4))) <= 0x1.p-8)) -> forall result3:int32. (integer_of_int32(result3) = (integer_of_int32(i_0_0) + 1)) -> forall i_0_1:int32. (i_0_1 = result3) -> - ("JC_30": ("JC_28": ("JC_28": (0 <= integer_of_int32(i_0_1))))) + ("JC_30": ("JC_28": (0 <= integer_of_int32(i_0_1)))) goal f_single_ensures_default_po_9: forall n:int32. @@ -2799,23 +2809,20 @@ ("JC_35": (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09))))))) -> forall result1:single. - ((single_value(result1) = 0x0.199999Ap0) and - ((single_exact(result1) = 0x0.199999Ap0) and - (single_model(result1) = 0x0.199999Ap0))) -> + ((single_value(result1) = 0x1.99999ap-4) and + ((single_exact(result1) = 0x1.99999ap-4) and + (single_model(result1) = 0x1.99999ap-4))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(t0) + single_value(result1))) and - add_single_post(nearest_even, t0, result1, result2)) -> + add_single_post(nearest_even, t0, result1, result2) -> forall t1:single. (t1 = result2) -> ("JC_38": - (abs_real((single_value(t1) - (single_value(t0) + 0x0.199999Ap0))) <= 0x1.p-8)) -> + (abs_real((single_value(t1) - (single_value(t0) + 0x1.99999ap-4))) <= 0x1.p-8)) -> forall result3:int32. (integer_of_int32(result3) = (integer_of_int32(i_0_0) + 1)) -> forall i_0_1:int32. (i_0_1 = result3) -> - ("JC_30": - ("JC_29": ("JC_29": (integer_of_int32(i_0_1) <= integer_of_int32(n))))) + ("JC_30": ("JC_29": (integer_of_int32(i_0_1) <= integer_of_int32(n)))) goal f_single_ensures_default_po_10: forall n:int32. @@ -2872,9 +2879,9 @@ ("JC_21": (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09))))))) -> forall result1:single. - ((single_value(result1) = 0x0.199999Ap0) and - ((single_exact(result1) = 0x0.199999Ap0) and - (single_model(result1) = 0x0.199999Ap0))) -> + ((single_value(result1) = 0x1.99999ap-4) and + ((single_exact(result1) = 0x1.99999ap-4) and + (single_model(result1) = 0x1.99999ap-4))) -> no_overflow_single(nearest_even, (single_value(t0) + single_value(result1))) @@ -2906,9 +2913,9 @@ ("JC_21": (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09))))))) -> forall result1:single. - ((single_value(result1) = 0x0.199999Ap0) and - ((single_exact(result1) = 0x0.199999Ap0) and - (single_model(result1) = 0x0.199999Ap0))) -> + ((single_value(result1) = 0x1.99999ap-4) and + ((single_exact(result1) = 0x1.99999ap-4) and + (single_model(result1) = 0x1.99999ap-4))) -> no_overflow_single(nearest_even, (single_value(t0) + single_value(result1))) -> forall result2:single. @@ -2916,7 +2923,7 @@ forall t1:single. (t1 = result2) -> ("JC_24": - (abs_real((single_value(t1) - (single_value(t0) + 0x0.199999Ap0))) <= 0x1.p-8)) -> + (abs_real((single_value(t1) - (single_value(t0) + 0x1.99999ap-4))) <= 0x1.p-8)) -> ((-2147483648) <= (integer_of_int32(i_0_0) + 1)) goal f_single_safety_po_3: @@ -2947,9 +2954,9 @@ ("JC_21": (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09))))))) -> forall result1:single. - ((single_value(result1) = 0x0.199999Ap0) and - ((single_exact(result1) = 0x0.199999Ap0) and - (single_model(result1) = 0x0.199999Ap0))) -> + ((single_value(result1) = 0x1.99999ap-4) and + ((single_exact(result1) = 0x1.99999ap-4) and + (single_model(result1) = 0x1.99999ap-4))) -> no_overflow_single(nearest_even, (single_value(t0) + single_value(result1))) -> forall result2:single. @@ -2957,7 +2964,7 @@ forall t1:single. (t1 = result2) -> ("JC_24": - (abs_real((single_value(t1) - (single_value(t0) + 0x0.199999Ap0))) <= 0x1.p-8)) -> + (abs_real((single_value(t1) - (single_value(t0) + 0x1.99999ap-4))) <= 0x1.p-8)) -> ((integer_of_int32(i_0_0) + 1) <= 2147483647) goal f_single_safety_po_4: @@ -2988,9 +2995,9 @@ ("JC_21": (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09))))))) -> forall result1:single. - ((single_value(result1) = 0x0.199999Ap0) and - ((single_exact(result1) = 0x0.199999Ap0) and - (single_model(result1) = 0x0.199999Ap0))) -> + ((single_value(result1) = 0x1.99999ap-4) and + ((single_exact(result1) = 0x1.99999ap-4) and + (single_model(result1) = 0x1.99999ap-4))) -> no_overflow_single(nearest_even, (single_value(t0) + single_value(result1))) -> forall result2:single. @@ -2998,7 +3005,7 @@ forall t1:single. (t1 = result2) -> ("JC_24": - (abs_real((single_value(t1) - (single_value(t0) + 0x0.199999Ap0))) <= 0x1.p-8)) -> + (abs_real((single_value(t1) - (single_value(t0) + 0x1.99999ap-4))) <= 0x1.p-8)) -> (((-2147483648) <= (integer_of_int32(i_0_0) + 1)) and ((integer_of_int32(i_0_0) + 1) <= 2147483647)) -> forall result3:int32. @@ -3035,9 +3042,9 @@ ("JC_21": (single_value(t0) <= (1000000.0 * (0.1 + (0x1.p-8 + 1.49012e-09))))))) -> forall result1:single. - ((single_value(result1) = 0x0.199999Ap0) and - ((single_exact(result1) = 0x0.199999Ap0) and - (single_model(result1) = 0x0.199999Ap0))) -> + ((single_value(result1) = 0x1.99999ap-4) and + ((single_exact(result1) = 0x1.99999ap-4) and + (single_model(result1) = 0x1.99999ap-4))) -> no_overflow_single(nearest_even, (single_value(t0) + single_value(result1))) -> forall result2:single. @@ -3045,7 +3052,7 @@ forall t1:single. (t1 = result2) -> ("JC_24": - (abs_real((single_value(t1) - (single_value(t0) + 0x0.199999Ap0))) <= 0x1.p-8)) -> + (abs_real((single_value(t1) - (single_value(t0) + 0x1.99999ap-4))) <= 0x1.p-8)) -> (((-2147483648) <= (integer_of_int32(i_0_0) + 1)) and ((integer_of_int32(i_0_0) + 1) <= 2147483647)) -> forall result3:int32. @@ -3058,12 +3065,12 @@ ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/clock_drift_why.why : ?......#......... (15/0/1/1/0) +why/clock_drift_why.why : ?......##........ (14/0/1/2/0) total : 17 -valid : 15 ( 88%) +valid : 14 ( 82%) invalid : 0 ( 0%) unknown : 1 ( 6%) -timeout : 1 ( 6%) +timeout : 2 ( 12%) failure : 0 ( 0%) // RUNGAPPA: will ask regtests to run gappa on VCs of this program ========== generation of Gappa VC output ========== diff -Nru why-2.29+dfsg/tests/c/oracle/duplets.res.oracle why-2.30+dfsg/tests/c/oracle/duplets.res.oracle --- why-2.29+dfsg/tests/c/oracle/duplets.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/duplets.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,13886 @@ +========== file tests/c/duplets.c ========== +/* +COST Verification Competition. vladimir@cost-ic0701.org + +Challenge 3: Two equal elements + +Given: An integer array a of length n+2 with n>=2. It is known that at +least two values stored in the array appear twice (i.e., there are at +least two duplets). + +Implement and verify a program finding such two values. + +You may assume that the array contains values between 0 and n-1. +*/ + +#define NULL (void*)0 + +/* equality between an integer and a possibly null int* */ +/*@ predicate eq_opt{L}(integer x, int *o) = + @ o != \null && x == *o ; + @*/ + +/* A duplet in array a is a pair of indexes (i,j) in the bounds of array + a such that a[i] = a[j] */ +/*@ predicate is_duplet{L}(int *a, integer len, integer i, integer j) = + @ 0 <= i < j < len && a[i] == a[j]; + @*/ + +/* duplet(a) returns the indexes (i,j) of a duplet in a. + * moreover, if except is not null, the value of this duplet must + * be different from it. + */ +/*@ requires 2 <= len && + @ \valid_range(a,0,len-1) && \valid(pi) && \valid(pj) && + @ ( except == \null || \valid(except)) && + @ \exists integer i,j; + @ is_duplet(a,len,i,j) && ! eq_opt(a[i],except) ; + @ assigns *pi,*pj; + @ ensures + @ is_duplet(a,len,*pi,*pj) && + @ ! eq_opt(a[*pi],except); + @*/ +void duplet(int *a, int len, int *except, int *pi, int *pj) { + /*@ loop invariant 0 <= i <= len-1 && + @ \forall integer k,l; 0 <= k < i && k < l < len ==> + @ ! eq_opt(a[k],except) ==> ! is_duplet(a,len,k,l); + @ loop variant len - i; + @*/ + for(int i=0; i <= len - 2; i++) { + int v = a[i]; + if (except == NULL || *except != v) { + /*@ loop invariant i+1 <= j <= len && + @ \forall integer l; i < l < j ==> ! is_duplet(a,len,i,l); + @ loop variant len - j; + @*/ + for (int j=i+1; j < len; j++) { + if (a[j] == v) { + *pi = i; *pj = j; return; + } + } + } + } + // assert \forall integer i j; ! is_duplet(a,i,j); + //@ assert \false; +} + + + +/*@ requires 4 <= len && + @ \valid_range(a,0,len-1) && \valid(pi) && \valid(pj) && + @ \valid(pk) && \valid(pl) && + @ \exists integer i,j,k,l; + @ is_duplet(a,len,i,j) && is_duplet(a,len,k,l) && a[i] != a[k]; + @ assigns *pi,*pj,*pk,*pl; + @ ensures is_duplet(a,len,*pi,*pj) && + @ is_duplet(a,len,*pk,*pl) && + @ a[*pi] != a[*pk]; + @*/ +void duplets(int a[], int len, int *pi, int *pj, int *pk, int *pl) { + duplet(a,len,NULL,pi,pj); + duplet(a,len,&a[*pi],pk,pl); +} + + +/* +Local Variables: +compile-command: "make duplets.why3ml" +End: +*/ + +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/duplets.c" +[jessie] Starting Jessie translation +[jessie] Producing Jessie files in subdir tests/c/duplets.jessie +[jessie] File tests/c/duplets.jessie/duplets.jc written. +[jessie] File tests/c/duplets.jessie/duplets.cloc written. +========== file tests/c/duplets.jessie/duplets.jc ========== +# IntModel = bounded +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +type int32 = -2147483648..2147483647 + +type int8 = -128..127 + +tag intP = { + int32 intM: 32; +} + +type intP = [intP] + +tag charP = { + int8 charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +predicate eq_opt{L}(integer x, intP[..] o) = +((o != null) && (x == o.intM)) + +predicate is_duplet{L}(intP[..] a, integer len, integer i, integer j) = +(((0 <= i) && ((i < j) && (j < len))) && ((a + i).intM == (a + j).intM)) + +unit duplet(intP[..] a, int32 len, intP[..] except, intP[..] pi, intP[..] pj) + requires (C_39 : ((((((C_44 : (2 <= len)) && + ((C_46 : (\offset_min(a) <= 0)) && + (C_47 : (\offset_max(a) >= (len - 1))))) && + ((C_49 : (\offset_min(pi) <= 0)) && + (C_50 : (\offset_max(pi) >= 0)))) && + ((C_52 : (\offset_min(pj) <= 0)) && + (C_53 : (\offset_max(pj) >= 0)))) && + (C_54 : ((except == null) || + ((\offset_min(except) <= 0) && + (\offset_max(except) >= 0))))) && + (C_55 : (\exists integer i_0; + (\exists integer j_0; + (is_duplet{Here}(a, len, i_0, j_0) && + (! eq_opt{Here}((a + i_0).intM, except)))))))); +behavior default: + assigns pi.intM, + pj.intM; + ensures (C_36 : ((C_37 : is_duplet{Here}(\at(a,Old), \at(len,Old), + \at(pi,Old).intM, \at(pj,Old).intM)) && + (C_38 : (! eq_opt{Here}((\at(a,Old) + \at(pi,Old).intM).intM, + \at(except,Old)))))); +{ + (var int32 i); + + (var int32 v); + + (var int32 j); + + { + { (C_1 : (i = 0)); + + loop + behavior default: + invariant (C_3 : (((C_5 : (0 <= i)) && (C_6 : (i <= (len - 1)))) && + (C_7 : (\forall integer k; + (\forall integer l_0; + ((((0 <= k) && (k < i)) && + ((k < l_0) && (l_0 < len))) ==> + ((! eq_opt{Here}((a + k).intM, + except)) ==> + (! is_duplet{Here}(a, len, k, + l_0))))))))); + variant (C_2 : (len - i)); + while (true) + { + { (if (i <= (C_9 : ((C_8 : (len - 2)) :> int32))) then () else + (goto while_0_break)); + + { (C_12 : (v = (C_11 : (C_10 : (a + i)).intM))); + (if (except == null) then + (goto _LOR) else (if ((C_13 : except.intM) != v) then + (goto _LOR) else ())); + + (goto _LOR_0); + (_LOR : + { (C_16 : (j = (C_15 : ((C_14 : (i + 1)) :> int32)))); + + loop + behavior default: + invariant (C_18 : (((C_20 : ((i + 1) <= j)) && + (C_21 : (j <= len))) && + (C_22 : (\forall integer l; + (((i < l) && (l < j)) ==> + (! is_duplet{Here}( + a, len, i, l))))))); + variant (C_17 : (len - j)); + while (true) + { + { (if (j < len) then () else + (goto while_1_break)); + + { (if ((C_28 : (C_27 : (a + j)).intM) == v) then + { (C_24 : ((C_23 : pi.intM) = i)); + (C_26 : ((C_25 : pj.intM) = j)); + + (goto return_label) + } else ()) + }; + (C_31 : (j = (C_30 : ((C_29 : (j + 1)) :> int32)))) + } + }; + (while_1_break : ()) + }); + (_LOR_0 : ()) + }; + (C_34 : (i = (C_33 : ((C_32 : (i + 1)) :> int32)))) + } + }; + (while_0_break : ()) + }; + + { + (assert for default: (C_35 : false)); + () + }; + (return_label : + (return ())) + } +} + +unit duplets(intP[..] a_0, int32 len_0, intP[..] pi_0, intP[..] pj_0, + intP[..] pk, intP[..] pl) + requires (C_65 : (((((((C_71 : (4 <= len_0)) && + ((C_73 : (\offset_min(a_0) <= 0)) && + (C_74 : (\offset_max(a_0) >= (len_0 - 1))))) && + ((C_76 : (\offset_min(pi_0) <= 0)) && + (C_77 : (\offset_max(pi_0) >= 0)))) && + ((C_79 : (\offset_min(pj_0) <= 0)) && + (C_80 : (\offset_max(pj_0) >= 0)))) && + ((C_82 : (\offset_min(pk) <= 0)) && + (C_83 : (\offset_max(pk) >= 0)))) && + ((C_85 : (\offset_min(pl) <= 0)) && + (C_86 : (\offset_max(pl) >= 0)))) && + (C_87 : (\exists integer i_1; + (\exists integer j_1; + (\exists integer k_0; + (\exists integer l_1; + ((is_duplet{Here}(a_0, len_0, i_1, j_1) && + is_duplet{Here}(a_0, len_0, k_0, l_1)) && + ((a_0 + i_1).intM != (a_0 + k_0).intM))))))))); +behavior default: + assigns pi_0.intM, + pj_0.intM, + pk.intM, + pl.intM; + ensures (C_60 : (((C_62 : is_duplet{Here}(\at(a_0,Old), \at(len_0,Old), + \at(pi_0,Old).intM, + \at(pj_0,Old).intM)) && + (C_63 : is_duplet{Here}(\at(a_0,Old), \at(len_0,Old), + \at(pk,Old).intM, + \at(pl,Old).intM))) && + (C_64 : ((\at(a_0,Old) + \at(pi_0,Old).intM).intM != + (\at(a_0,Old) + \at(pk,Old).intM).intM)))); +{ + { (C_56 : duplet(a_0, len_0, null, pi_0, pj_0)); + (C_59 : duplet(a_0, len_0, (C_58 : (a_0 + (C_57 : pi_0.intM))), pk, pl)); + + (return ()) + } +} +========== file tests/c/duplets.jessie/duplets.cloc ========== +[C_50] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 33 +end = 43 + +[C_51] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 47 +end = 57 + +[duplets] +name = "Function duplets" +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[C_52] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 47 +end = 57 + +[C_53] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 47 +end = 57 + +[C_54] +file = "HOME/tests/c/duplets.c" +line = 34 +begin = 6 +end = 42 + +[C_55] +file = "HOME/tests/c/duplets.c" +line = 35 +begin = 6 +end = 80 + +[C_56] +file = "HOME/tests/c/duplets.c" +line = 79 +begin = 2 +end = 30 + +[C_57] +file = "HOME/tests/c/duplets.c" +line = 80 +begin = 18 +end = 21 + +[C_58] +file = "HOME/tests/c/duplets.c" +line = 80 +begin = 16 +end = 17 + +[C_59] +file = "HOME/tests/c/duplets.c" +line = 80 +begin = 2 +end = 29 + +[duplet] +name = "Function duplet" +file = "HOME/tests/c/duplets.c" +line = 42 +begin = 5 +end = 11 + +[C_60] +file = "HOME/tests/c/duplets.c" +line = 74 +begin = 12 +end = 96 + +[C_61] +file = "HOME/tests/c/duplets.c" +line = 74 +begin = 12 +end = 70 + +[C_62] +file = "HOME/tests/c/duplets.c" +line = 74 +begin = 12 +end = 36 + +[C_10] +file = "HOME/tests/c/duplets.c" +line = 49 +begin = 12 +end = 13 + +[C_63] +file = "HOME/tests/c/duplets.c" +line = 75 +begin = 6 +end = 30 + +[C_11] +file = "HOME/tests/c/duplets.c" +line = 49 +begin = 12 +end = 16 + +[C_64] +file = "HOME/tests/c/duplets.c" +line = 76 +begin = 6 +end = 22 + +[C_12] +file = "HOME/tests/c/duplets.c" +line = 49 +begin = 4 +end = 7 + +[C_65] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 219 + +[C_13] +file = "HOME/tests/c/duplets.c" +line = 50 +begin = 30 +end = 37 + +[C_66] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 116 + +[C_14] +file = "HOME/tests/c/duplets.c" +line = 55 +begin = 17 +end = 20 + +[C_67] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 102 + +[C_15] +file = "HOME/tests/c/duplets.c" +line = 55 +begin = 17 +end = 20 + +[C_68] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 82 + +[C_16] +file = "HOME/tests/c/duplets.c" +line = 55 +begin = 11 +end = 14 + +[C_69] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 68 + +[C_17] +file = "HOME/tests/c/duplets.c" +line = 53 +begin = 23 +end = 30 + +[C_18] +file = "HOME/tests/c/duplets.c" +line = 51 +begin = 25 +end = 111 + +[C_19] +file = "HOME/tests/c/duplets.c" +line = 51 +begin = 25 +end = 40 + +[C_1] +file = "HOME/tests/c/duplets.c" +line = 48 +begin = 6 +end = 9 + +[C_2] +file = "HOME/tests/c/duplets.c" +line = 46 +begin = 19 +end = 26 + +[C_70] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 54 + +[C_3] +file = "HOME/tests/c/duplets.c" +line = 43 +begin = 21 +end = 155 + +[C_71] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 21 + +[C_4] +file = "HOME/tests/c/duplets.c" +line = 43 +begin = 21 +end = 36 + +[C_72] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 6 +end = 29 + +[C_20] +file = "HOME/tests/c/duplets.c" +line = 51 +begin = 25 +end = 33 + +[C_5] +file = "HOME/tests/c/duplets.c" +line = 43 +begin = 21 +end = 27 + +[C_73] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 6 +end = 29 + +[C_21] +file = "HOME/tests/c/duplets.c" +line = 51 +begin = 32 +end = 40 + +[C_6] +file = "HOME/tests/c/duplets.c" +line = 43 +begin = 26 +end = 36 + +[C_74] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 6 +end = 29 + +[C_22] +file = "HOME/tests/c/duplets.c" +line = 52 +begin = 12 +end = 67 + +[C_7] +file = "HOME/tests/c/duplets.c" +line = 44 +begin = 7 +end = 115 + +[C_75] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 33 +end = 43 + +[C_23] +file = "HOME/tests/c/duplets.c" +line = 57 +begin = 16 +end = 17 + +[C_8] +file = "HOME/tests/c/duplets.c" +line = 48 +begin = 20 +end = 27 + +[C_76] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 33 +end = 43 + +[C_24] +file = "HOME/tests/c/duplets.c" +line = 57 +begin = 16 +end = 17 + +[C_9] +file = "HOME/tests/c/duplets.c" +line = 48 +begin = 20 +end = 27 + +[C_77] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 33 +end = 43 + +[C_25] +file = "HOME/tests/c/duplets.c" +line = 57 +begin = 25 +end = 26 + +[C_78] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 47 +end = 57 + +[C_26] +file = "HOME/tests/c/duplets.c" +line = 57 +begin = 25 +end = 26 + +[C_79] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 47 +end = 57 + +[C_27] +file = "HOME/tests/c/duplets.c" +line = 56 +begin = 12 +end = 13 + +[C_28] +file = "HOME/tests/c/duplets.c" +line = 56 +begin = 12 +end = 16 + +[C_29] +file = "HOME/tests/c/duplets.c" +line = 55 +begin = 31 +end = 34 + +[C_80] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 47 +end = 57 + +[C_81] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 6 +end = 16 + +[C_82] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 6 +end = 16 + +[C_30] +file = "HOME/tests/c/duplets.c" +line = 55 +begin = 31 +end = 34 + +[C_83] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 6 +end = 16 + +[C_31] +file = "HOME/tests/c/duplets.c" +line = 55 +begin = 31 +end = 34 + +[C_84] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 20 +end = 30 + +[C_32] +file = "HOME/tests/c/duplets.c" +line = 48 +begin = 29 +end = 32 + +[C_85] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 20 +end = 30 + +[C_33] +file = "HOME/tests/c/duplets.c" +line = 48 +begin = 29 +end = 32 + +[C_86] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 20 +end = 30 + +[C_34] +file = "HOME/tests/c/duplets.c" +line = 48 +begin = 29 +end = 32 + +[C_87] +file = "HOME/tests/c/duplets.c" +line = 71 +begin = 6 +end = 99 + +[C_35] +file = "HOME/tests/c/duplets.c" +line = 63 +begin = 13 +end = 19 + +[C_36] +file = "HOME/tests/c/duplets.c" +line = 39 +begin = 6 +end = 63 + +[C_37] +file = "HOME/tests/c/duplets.c" +line = 39 +begin = 6 +end = 30 + +[C_38] +file = "HOME/tests/c/duplets.c" +line = 40 +begin = 6 +end = 29 + +[C_39] +file = "HOME/tests/c/duplets.c" +line = 32 +begin = 13 +end = 212 + +[C_40] +file = "HOME/tests/c/duplets.c" +line = 32 +begin = 13 +end = 128 + +[C_41] +file = "HOME/tests/c/duplets.c" +line = 32 +begin = 13 +end = 82 + +[C_42] +file = "HOME/tests/c/duplets.c" +line = 32 +begin = 13 +end = 68 + +[C_43] +file = "HOME/tests/c/duplets.c" +line = 32 +begin = 13 +end = 54 + +[C_44] +file = "HOME/tests/c/duplets.c" +line = 32 +begin = 13 +end = 21 + +[C_45] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 6 +end = 29 + +[C_46] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 6 +end = 29 + +[C_47] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 6 +end = 29 + +[C_48] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 33 +end = 43 + +[C_49] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 33 +end = 43 + +========== jessie execution ========== +Generating Why function duplet +Generating Why function duplets +========== file tests/c/duplets.jessie/duplets.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs duplets.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs duplets.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/duplets_why.sx + +project: why/duplets.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/duplets_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/duplets_why.vo + +coq/duplets_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/duplets_why.v: why/duplets.why + @echo 'why -coq [...] why/duplets.why' && $(WHY) $(JESSIELIBFILES) why/duplets.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/duplets_ctx_why.vo + for f in why/*_po*.why; do make -f duplets.makefile coq/`basename $$f .why`_why.v ; done + +coq/duplets_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/duplets_ctx_why.v: why/duplets_ctx.why + @echo 'why -coq [...] why/duplets_ctx.why' && $(WHY) why/duplets_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export duplets_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/duplets_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/duplets_ctx_why.vo + +pvs: pvs/duplets_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/duplets_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/duplets_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/duplets_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/duplets_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/duplets_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/duplets_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/duplets_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/duplets_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/duplets_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/duplets_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/duplets_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/duplets_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/duplets_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/duplets_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: duplets.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/duplets_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/duplets_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: duplets.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include duplets.depend + +depend: coq/duplets_why.v + -$(COQDEP) -I coq coq/duplets*_why.v > duplets.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/duplets.jessie/duplets.loc ========== +[duplets_safety] +name = "Function duplets" +behavior = "Safety" +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[JC_90] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 47 +end = 57 + +[JC_91] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 6 +end = 16 + +[JC_92] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 6 +end = 16 + +[JC_40] +file = "HOME/tests/c/duplets.c" +line = 43 +begin = 26 +end = 36 + +[JC_93] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 20 +end = 30 + +[JC_41] +file = "HOME/tests/c/duplets.c" +line = 44 +begin = 7 +end = 115 + +[JC_94] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 20 +end = 30 + +[JC_42] +file = "HOME/tests/c/duplets.c" +line = 43 +begin = 21 +end = 155 + +[JC_95] +file = "HOME/tests/c/duplets.c" +line = 71 +begin = 6 +end = 99 + +[JC_43] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_96] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 219 + +[JC_44] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 72 +begin = 9 +end = 2749 + +[JC_97] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_45] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 72 +begin = 9 +end = 2749 + +[JC_98] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 21 + +[JC_46] +kind = ArithOverflow +file = "HOME/tests/c/duplets.c" +line = 48 +begin = 20 +end = 27 + +[JC_1] +file = "HOME/tests/c/duplets.c" +line = 32 +begin = 13 +end = 21 + +[duplets_ensures_default] +name = "Function duplets" +behavior = "default behavior" +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[JC_100] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 6 +end = 29 + +[JC_99] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 6 +end = 29 + +[JC_47] +kind = PointerDeref +file = "HOME/tests/c/duplets.c" +line = 49 +begin = 12 +end = 16 + +[JC_2] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 6 +end = 29 + +[JC_101] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 33 +end = 43 + +[JC_48] +kind = PointerDeref +file = "HOME/tests/c/duplets.c" +line = 50 +begin = 30 +end = 37 + +[JC_3] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 6 +end = 29 + +[JC_102] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 33 +end = 43 + +[JC_49] +kind = ArithOverflow +file = "HOME/tests/c/duplets.c" +line = 55 +begin = 17 +end = 20 + +[JC_4] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 33 +end = 43 + +[JC_103] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 47 +end = 57 + +[JC_5] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 33 +end = 43 + +[JC_104] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 47 +end = 57 + +[JC_6] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 47 +end = 57 + +[JC_105] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 6 +end = 16 + +[JC_7] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 47 +end = 57 + +[JC_106] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 6 +end = 16 + +[JC_8] +file = "HOME/tests/c/duplets.c" +line = 34 +begin = 6 +end = 42 + +[JC_107] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 20 +end = 30 + +[JC_9] +file = "HOME/tests/c/duplets.c" +line = 35 +begin = 6 +end = 80 + +[JC_108] +file = "HOME/tests/c/duplets.c" +line = 70 +begin = 20 +end = 30 + +[JC_109] +file = "HOME/tests/c/duplets.c" +line = 71 +begin = 6 +end = 99 + +[JC_50] +file = "HOME/tests/c/duplets.c" +line = 51 +begin = 25 +end = 33 + +[JC_51] +file = "HOME/tests/c/duplets.c" +line = 51 +begin = 32 +end = 40 + +[JC_52] +file = "HOME/tests/c/duplets.c" +line = 52 +begin = 12 +end = 67 + +[JC_53] +file = "HOME/tests/c/duplets.c" +line = 51 +begin = 25 +end = 111 + +[JC_54] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_55] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 98 +begin = 21 +end = 1241 + +[JC_56] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 98 +begin = 21 +end = 1241 + +[JC_110] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 219 + +[JC_57] +kind = PointerDeref +file = "HOME/tests/c/duplets.c" +line = 56 +begin = 12 +end = 16 + +[JC_111] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_58] +kind = ArithOverflow +file = "HOME/tests/c/duplets.c" +line = 55 +begin = 31 +end = 34 + +[JC_112] +file = "HOME/tests/c/duplets.c" +line = 74 +begin = 12 +end = 36 + +[JC_59] +file = "HOME/tests/c/duplets.c" +line = 53 +begin = 23 +end = 30 + +[JC_113] +file = "HOME/tests/c/duplets.c" +line = 75 +begin = 6 +end = 30 + +[JC_114] +file = "HOME/tests/c/duplets.c" +line = 76 +begin = 6 +end = 22 + +[JC_115] +file = "HOME/tests/c/duplets.c" +line = 74 +begin = 12 +end = 96 + +[JC_116] +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[JC_117] +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[duplet_safety] +name = "Function duplet" +behavior = "Safety" +file = "HOME/tests/c/duplets.c" +line = 42 +begin = 5 +end = 11 + +[JC_118] +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[JC_119] +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[JC_60] +kind = ArithOverflow +file = "HOME/tests/c/duplets.c" +line = 48 +begin = 29 +end = 32 + +[JC_61] +file = "HOME/tests/c/duplets.c" +line = 46 +begin = 19 +end = 26 + +[JC_62] +file = "HOME/tests/c/duplets.c" +line = 63 +begin = 13 +end = 19 + +[JC_10] +file = "HOME/tests/c/duplets.c" +line = 32 +begin = 13 +end = 212 + +[JC_63] +kind = PointerDeref +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 113 +begin = 42 +end = 62 + +[JC_11] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_64] +kind = PointerDeref +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 114 +begin = 42 +end = 62 + +[JC_12] +file = "HOME/tests/c/duplets.c" +line = 32 +begin = 13 +end = 21 + +[JC_65] +file = "HOME/tests/c/duplets.c" +line = 43 +begin = 21 +end = 27 + +[JC_13] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 6 +end = 29 + +[JC_66] +file = "HOME/tests/c/duplets.c" +line = 43 +begin = 26 +end = 36 + +[JC_14] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 6 +end = 29 + +[JC_120] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 162 +begin = 10 +end = 54 + +[JC_67] +file = "HOME/tests/c/duplets.c" +line = 44 +begin = 7 +end = 115 + +[JC_15] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 33 +end = 43 + +[JC_121] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 161 +begin = 9 +end = 16 + +[JC_68] +file = "HOME/tests/c/duplets.c" +line = 43 +begin = 21 +end = 155 + +[JC_16] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 33 +end = 43 + +[JC_122] +file = "HOME/tests/c/duplets.c" +line = 74 +begin = 12 +end = 36 + +[JC_69] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_17] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 47 +end = 57 + +[JC_123] +file = "HOME/tests/c/duplets.c" +line = 75 +begin = 6 +end = 30 + +[JC_18] +file = "HOME/tests/c/duplets.c" +line = 33 +begin = 47 +end = 57 + +[JC_124] +file = "HOME/tests/c/duplets.c" +line = 76 +begin = 6 +end = 22 + +[JC_19] +file = "HOME/tests/c/duplets.c" +line = 34 +begin = 6 +end = 42 + +[JC_125] +file = "HOME/tests/c/duplets.c" +line = 74 +begin = 12 +end = 96 + +[JC_126] +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[JC_127] +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[JC_128] +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[JC_129] +file = "HOME/tests/c/duplets.c" +line = 78 +begin = 5 +end = 12 + +[JC_70] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 72 +begin = 9 +end = 2749 + +[JC_71] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 72 +begin = 9 +end = 2749 + +[JC_72] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 72 +begin = 9 +end = 2749 + +[JC_20] +file = "HOME/tests/c/duplets.c" +line = 35 +begin = 6 +end = 80 + +[JC_73] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 72 +begin = 9 +end = 2749 + +[JC_21] +file = "HOME/tests/c/duplets.c" +line = 32 +begin = 13 +end = 212 + +[JC_74] +file = "HOME/tests/c/duplets.c" +line = 51 +begin = 25 +end = 33 + +[JC_22] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_75] +file = "HOME/tests/c/duplets.c" +line = 51 +begin = 32 +end = 40 + +[JC_23] +file = "HOME/tests/c/duplets.c" +line = 39 +begin = 6 +end = 30 + +[JC_76] +file = "HOME/tests/c/duplets.c" +line = 52 +begin = 12 +end = 67 + +[JC_24] +file = "HOME/tests/c/duplets.c" +line = 40 +begin = 6 +end = 29 + +[JC_130] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 162 +begin = 10 +end = 54 + +[JC_77] +file = "HOME/tests/c/duplets.c" +line = 51 +begin = 25 +end = 111 + +[JC_25] +file = "HOME/tests/c/duplets.c" +line = 39 +begin = 6 +end = 63 + +[JC_131] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 161 +begin = 9 +end = 16 + +[JC_78] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_26] +file = "HOME/tests/c/duplets.c" +line = 42 +begin = 5 +end = 11 + +[JC_132] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_79] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 98 +begin = 21 +end = 1241 + +[JC_27] +file = "HOME/tests/c/duplets.c" +line = 42 +begin = 5 +end = 11 + +[JC_133] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_28] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 56 +begin = 10 +end = 28 + +[JC_134] +kind = UserCall +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 175 +begin = 14 +end = 50 + +[JC_29] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 55 +begin = 9 +end = 16 + +[JC_135] +kind = PointerDeref +file = "HOME/tests/c/duplets.c" +line = 80 +begin = 18 +end = 21 + +[JC_136] +kind = UserCall +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 176 +begin = 14 +end = 77 + +[JC_137] +kind = UserCall +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 175 +begin = 14 +end = 50 + +[JC_138] +kind = UserCall +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 176 +begin = 14 +end = 77 + +[duplet_ensures_default] +name = "Function duplet" +behavior = "default behavior" +file = "HOME/tests/c/duplets.c" +line = 42 +begin = 5 +end = 11 + +[JC_80] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 98 +begin = 21 +end = 1241 + +[JC_81] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 98 +begin = 21 +end = 1241 + +[JC_82] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 98 +begin = 21 +end = 1241 + +[JC_30] +file = "HOME/tests/c/duplets.c" +line = 39 +begin = 6 +end = 30 + +[JC_83] +file = "HOME/tests/c/duplets.c" +line = 63 +begin = 13 +end = 19 + +[JC_31] +file = "HOME/tests/c/duplets.c" +line = 40 +begin = 6 +end = 29 + +[JC_84] +file = "HOME/tests/c/duplets.c" +line = 68 +begin = 13 +end = 21 + +[JC_32] +file = "HOME/tests/c/duplets.c" +line = 39 +begin = 6 +end = 63 + +[JC_85] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 6 +end = 29 + +[JC_33] +file = "HOME/tests/c/duplets.c" +line = 42 +begin = 5 +end = 11 + +[JC_86] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 6 +end = 29 + +[JC_34] +file = "HOME/tests/c/duplets.c" +line = 42 +begin = 5 +end = 11 + +[JC_87] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 33 +end = 43 + +[JC_35] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 56 +begin = 10 +end = 28 + +[JC_88] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 33 +end = 43 + +[JC_36] +file = "HOME/tests/c/duplets.jessie/duplets.jc" +line = 55 +begin = 9 +end = 16 + +[JC_89] +file = "HOME/tests/c/duplets.c" +line = 69 +begin = 47 +end = 57 + +[JC_37] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_38] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_39] +file = "HOME/tests/c/duplets.c" +line = 43 +begin = 21 +end = 27 + +========== file tests/c/duplets.jessie/why/duplets.why ========== +type charP + +type int32 + +type int8 + +type intP + +type padding + +type voidP + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_int8: int8 -> int + +predicate eq_int8(x:int8, y:int8) = + eq_int(integer_of_int8(x), integer_of_int8(y)) + +predicate eq_opt(x_0:int, o:intP pointer, + intP_intM_o_1_at_L:(intP, int32) memory) = + ((o <> null) and (x_0 = integer_of_int32(select(intP_intM_o_1_at_L, o)))) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic int8_of_integer: int -> int8 + +axiom int8_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_int8(int8_of_integer(x)), x))) + +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + +axiom int8_range : + (forall x:int8. + (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) + +logic intP_tag: -> intP tag_id + +axiom intP_int : (int_of_tag(intP_tag) = (1)) + +logic intP_of_pointer_address: unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr : + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom : parenttag(intP_tag, bottom_tag) + +axiom intP_tags : + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. + instanceof(intP_tag_table, x, intP_tag))) + +predicate is_duplet(a:intP pointer, len:int, i:int, j:int, + intP_intM_a_2_at_L:(intP, int32) memory) = + (le_int((0), i) + and (lt_int(i, j) + and (lt_int(j, len) + and (integer_of_int32(select(intP_intM_a_2_at_L, shift(a, i))) = + integer_of_int32(select(intP_intM_a_2_at_L, shift(a, j))))))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_intP(p:intP pointer, a:int, + intP_alloc_table:intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_intP(p:intP pointer, b:int, + intP_alloc_table:intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +exception Goto__LOR_0_exc of unit + +exception Goto__LOR_exc of unit + +exception Goto_while_0_break_exc of unit + +exception Goto_while_1_break_exc of unit + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter intP_alloc_table : intP alloc_table ref + +parameter intP_tag_table : intP tag_table ref + +parameter alloc_struct_intP : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { } intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter alloc_struct_intP_requires : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { ge_int(n, (0))} intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_int8 : unit -> { } int8 { true } + +parameter duplet : + a_0:intP pointer -> + len_0:int32 -> + except:intP pointer -> + pi:intP pointer -> + pj:intP pointer -> + intP_intM_pj_6:(intP, int32) memory ref -> + intP_intM_pi_5:(intP, int32) memory ref -> + intP_pj_6_alloc_table:intP alloc_table -> + intP_pi_5_alloc_table:intP alloc_table -> + intP_except_4_alloc_table:intP alloc_table -> + intP_a_3_alloc_table:intP alloc_table -> + intP_intM_except_4:(intP, int32) memory -> + intP_intM_a_3:(intP, int32) memory -> + { } unit reads intP_intM_pi_5,intP_intM_pj_6 + writes intP_intM_pi_5,intP_intM_pj_6 + { (JC_36: + ((JC_32: + ((JC_30: + is_duplet(a_0, integer_of_int32(len_0), + integer_of_int32(select(intP_intM_pi_5, pi)), + integer_of_int32(select(intP_intM_pj_6, pj)), + intP_intM_a_3)) + and (JC_31: + (not eq_opt(integer_of_int32(select(intP_intM_a_3, + shift(a_0, + integer_of_int32(select(intP_intM_pi_5, + pi))))), + except, intP_intM_except_4))))) + and (JC_35: + ((JC_33: + not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5@, + intP_intM_pi_5, pset_singleton(pi))) + and (JC_34: + not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6@, + intP_intM_pj_6, pset_singleton(pj))))))) } + +parameter duplet_requires : + a_0:intP pointer -> + len_0:int32 -> + except:intP pointer -> + pi:intP pointer -> + pj:intP pointer -> + intP_intM_pj_6:(intP, int32) memory ref -> + intP_intM_pi_5:(intP, int32) memory ref -> + intP_pj_6_alloc_table:intP alloc_table -> + intP_pi_5_alloc_table:intP alloc_table -> + intP_except_4_alloc_table:intP alloc_table -> + intP_a_3_alloc_table:intP alloc_table -> + intP_intM_except_4:(intP, int32) memory -> + intP_intM_a_3:(intP, int32) memory -> + { (JC_10: + ((JC_1: le_int((2), integer_of_int32(len_0))) + and ((JC_2: + le_int(offset_min(intP_a_3_alloc_table, a_0), (0))) + and ((JC_3: + ge_int(offset_max(intP_a_3_alloc_table, a_0), + sub_int(integer_of_int32(len_0), (1)))) + and ((JC_4: + le_int(offset_min(intP_pi_5_alloc_table, pi), + (0))) + and ((JC_5: + ge_int(offset_max(intP_pi_5_alloc_table, pi), + (0))) + and ((JC_6: + le_int(offset_min(intP_pj_6_alloc_table, + pj), + (0))) + and ((JC_7: + ge_int(offset_max(intP_pj_6_alloc_table, + pj), + (0))) + and ((JC_8: + ((except = null) + or (le_int(offset_min(intP_except_4_alloc_table, + except), + (0)) + and ge_int(offset_max(intP_except_4_alloc_table, + except), + (0))))) + and (JC_9: + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, + integer_of_int32(len_0), + i_0, j_0, intP_intM_a_3) + and (not eq_opt(integer_of_int32( + select(intP_intM_a_3, + shift(a_0, + i_0))), + except, + intP_intM_except_4)))))))))))))))} + unit reads intP_intM_pi_5,intP_intM_pj_6 + writes intP_intM_pi_5,intP_intM_pj_6 + { (JC_36: + ((JC_32: + ((JC_30: + is_duplet(a_0, integer_of_int32(len_0), + integer_of_int32(select(intP_intM_pi_5, pi)), + integer_of_int32(select(intP_intM_pj_6, pj)), + intP_intM_a_3)) + and (JC_31: + (not eq_opt(integer_of_int32(select(intP_intM_a_3, + shift(a_0, + integer_of_int32(select(intP_intM_pi_5, + pi))))), + except, intP_intM_except_4))))) + and (JC_35: + ((JC_33: + not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5@, + intP_intM_pi_5, pset_singleton(pi))) + and (JC_34: + not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6@, + intP_intM_pj_6, pset_singleton(pj))))))) } + +parameter duplets : + a_0_0:intP pointer -> + len_0_0:int32 -> + pi_0:intP pointer -> + pj_0:intP pointer -> + pk:intP pointer -> + pl:intP pointer -> + intP_intM_pl_11:(intP, int32) memory ref -> + intP_intM_pk_10:(intP, int32) memory ref -> + intP_intM_pj_0_9:(intP, int32) memory ref -> + intP_intM_pi_0_8:(intP, int32) memory ref -> + intP_pl_11_alloc_table:intP alloc_table -> + intP_pk_10_alloc_table:intP alloc_table -> + intP_pj_0_9_alloc_table:intP alloc_table -> + intP_pi_0_8_alloc_table:intP alloc_table -> + intP_a_0_7_alloc_table:intP alloc_table -> + intP_intM_a_0_7:(intP, int32) memory -> + { } unit + reads intP_intM_pi_0_8,intP_intM_pj_0_9,intP_intM_pk_10,intP_intM_pl_11 + writes intP_intM_pi_0_8,intP_intM_pj_0_9,intP_intM_pk_10,intP_intM_pl_11 + { (JC_131: + ((JC_125: + ((JC_122: + is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9, pj_0)), + intP_intM_a_0_7)) + and ((JC_123: + is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10, pk)), + integer_of_int32(select(intP_intM_pl_11, pl)), + intP_intM_a_0_7)) + and (JC_124: + (integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, + integer_of_int32(select(intP_intM_pi_0_8, + pi_0))))) <> + integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, + integer_of_int32(select(intP_intM_pk_10, + pk)))))))))) + and (JC_130: + ((((JC_126: + not_assigns(intP_pi_0_8_alloc_table, + intP_intM_pi_0_8@, intP_intM_pi_0_8, + pset_singleton(pi_0))) + and (JC_127: + not_assigns(intP_pj_0_9_alloc_table, + intP_intM_pj_0_9@, intP_intM_pj_0_9, + pset_singleton(pj_0)))) + and (JC_128: + not_assigns(intP_pk_10_alloc_table, + intP_intM_pk_10@, intP_intM_pk_10, + pset_singleton(pk)))) + and (JC_129: + not_assigns(intP_pl_11_alloc_table, + intP_intM_pl_11@, intP_intM_pl_11, + pset_singleton(pl))))))) } + +parameter duplets_requires : + a_0_0:intP pointer -> + len_0_0:int32 -> + pi_0:intP pointer -> + pj_0:intP pointer -> + pk:intP pointer -> + pl:intP pointer -> + intP_intM_pl_11:(intP, int32) memory ref -> + intP_intM_pk_10:(intP, int32) memory ref -> + intP_intM_pj_0_9:(intP, int32) memory ref -> + intP_intM_pi_0_8:(intP, int32) memory ref -> + intP_pl_11_alloc_table:intP alloc_table -> + intP_pk_10_alloc_table:intP alloc_table -> + intP_pj_0_9_alloc_table:intP alloc_table -> + intP_pi_0_8_alloc_table:intP alloc_table -> + intP_a_0_7_alloc_table:intP alloc_table -> + intP_intM_a_0_7:(intP, int32) memory -> + { (JC_96: + ((JC_84: le_int((4), integer_of_int32(len_0_0))) + and ((JC_85: + le_int(offset_min(intP_a_0_7_alloc_table, a_0_0), + (0))) + and ((JC_86: + ge_int(offset_max(intP_a_0_7_alloc_table, a_0_0), + sub_int(integer_of_int32(len_0_0), (1)))) + and ((JC_87: + le_int(offset_min(intP_pi_0_8_alloc_table, + pi_0), + (0))) + and ((JC_88: + ge_int(offset_max(intP_pi_0_8_alloc_table, + pi_0), + (0))) + and ((JC_89: + le_int(offset_min(intP_pj_0_9_alloc_table, + pj_0), + (0))) + and ((JC_90: + ge_int(offset_max(intP_pj_0_9_alloc_table, + pj_0), + (0))) + and ((JC_91: + le_int(offset_min(intP_pk_10_alloc_table, + pk), + (0))) + and ((JC_92: + ge_int(offset_max(intP_pk_10_alloc_table, + pk), + (0))) + and ((JC_93: + le_int(offset_min(intP_pl_11_alloc_table, + pl), + (0))) + and ((JC_94: + ge_int(offset_max(intP_pl_11_alloc_table, + pl), + (0))) + and (JC_95: + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, + integer_of_int32(len_0_0), + i_1_0, + j_1_0, + intP_intM_a_0_7) + and + (is_duplet(a_0_0, + integer_of_int32(len_0_0), + k_0, l_1, + intP_intM_a_0_7) + and + (integer_of_int32( + select(intP_intM_a_0_7, + shift(a_0_0, + i_1_0))) <> + integer_of_int32( + select(intP_intM_a_0_7, + shift(a_0_0, + k_0)))))))))))))))))))))))} + unit + reads intP_intM_pi_0_8,intP_intM_pj_0_9,intP_intM_pk_10,intP_intM_pl_11 + writes intP_intM_pi_0_8,intP_intM_pj_0_9,intP_intM_pk_10,intP_intM_pl_11 + { (JC_131: + ((JC_125: + ((JC_122: + is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9, pj_0)), + intP_intM_a_0_7)) + and ((JC_123: + is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10, pk)), + integer_of_int32(select(intP_intM_pl_11, pl)), + intP_intM_a_0_7)) + and (JC_124: + (integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, + integer_of_int32(select(intP_intM_pi_0_8, + pi_0))))) <> + integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, + integer_of_int32(select(intP_intM_pk_10, + pk)))))))))) + and (JC_130: + ((((JC_126: + not_assigns(intP_pi_0_8_alloc_table, + intP_intM_pi_0_8@, intP_intM_pi_0_8, + pset_singleton(pi_0))) + and (JC_127: + not_assigns(intP_pj_0_9_alloc_table, + intP_intM_pj_0_9@, intP_intM_pj_0_9, + pset_singleton(pj_0)))) + and (JC_128: + not_assigns(intP_pk_10_alloc_table, + intP_intM_pk_10@, intP_intM_pk_10, + pset_singleton(pk)))) + and (JC_129: + not_assigns(intP_pl_11_alloc_table, + intP_intM_pl_11@, intP_intM_pl_11, + pset_singleton(pl))))))) } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter int8_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} int8 + { eq_int(integer_of_int8(result), x) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_int8_of_integer_ : + x:int -> { } int8 { eq_int(integer_of_int8(result), x) } + +let duplet_ensures_default = + fun (a_0 : intP pointer) (len_0 : int32) (except : intP pointer) (pi : intP pointer) (pj : intP pointer) (intP_intM_pi_5 : (intP, int32) memory ref) (intP_intM_pj_6 : (intP, int32) memory ref) (intP_a_3_alloc_table : intP alloc_table) (intP_except_4_alloc_table : intP alloc_table) (intP_pi_5_alloc_table : intP alloc_table) (intP_pj_6_alloc_table : intP alloc_table) (intP_intM_a_3 : (intP, int32) memory) (intP_intM_except_4 : (intP, int32) memory) -> + { (JC_21: + ((JC_12: le_int((2), integer_of_int32(len_0))) + and ((JC_13: le_int(offset_min(intP_a_3_alloc_table, a_0), (0))) + and ((JC_14: + ge_int(offset_max(intP_a_3_alloc_table, a_0), + sub_int(integer_of_int32(len_0), (1)))) + and ((JC_15: le_int(offset_min(intP_pi_5_alloc_table, pi), (0))) + and ((JC_16: + ge_int(offset_max(intP_pi_5_alloc_table, pi), (0))) + and ((JC_17: + le_int(offset_min(intP_pj_6_alloc_table, pj), (0))) + and ((JC_18: + ge_int(offset_max(intP_pj_6_alloc_table, pj), + (0))) + and ((JC_19: + ((except = null) + or (le_int(offset_min(intP_except_4_alloc_table, + except), + (0)) + and ge_int(offset_max(intP_except_4_alloc_table, + except), + (0))))) + and (JC_20: + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, + integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) + and (not eq_opt(integer_of_int32( + select(intP_intM_a_3, + shift(a_0, i_0))), + except, intP_intM_except_4))))))))))))))) } + (init: + try + begin + (let i_1 = ref (any_int32 void) in + (let v = ref (any_int32 void) in + (let j_1 = ref (any_int32 void) in + try + begin + try + (C_1: + begin + (let jessie_ = (i_1 := (safe_int32_of_integer_ (0))) in void); + (loop_3: + while true do + { invariant + ((JC_68: + ((JC_65: le_int((0), integer_of_int32(i_1))) + and ((JC_66: + le_int(integer_of_int32(i_1), + sub_int(integer_of_int32(len_0), (1)))) + and (JC_67: + (forall k:int. + (forall l_0:int. + ((le_int((0), k) + and (lt_int(k, integer_of_int32(i_1)) + and (lt_int(k, l_0) + and lt_int(l_0, integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, + shift(a_0, k))), + except, intP_intM_except_4)) -> + (not is_duplet(a_0, integer_of_int32(len_0), k, + l_0, intP_intM_a_3)))))))))) + and (JC_72: + ((JC_70: + not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5@init, + intP_intM_pi_5, pset_singleton(pi))) + and (JC_71: + not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6@init, + intP_intM_pj_6, pset_singleton(pj)))))) } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_34: + begin + (if ((le_int_ (integer_of_int32 !i_1)) (integer_of_int32 + (C_9: + (safe_int32_of_integer_ + (C_8: + ((sub_int (integer_of_int32 len_0)) (2))))))) + then void else (raise (Goto_while_0_break_exc void))); + try + begin + try + (C_12: + begin + (let jessie_ = + (v := (C_11: + ((safe_acc_ intP_intM_a_3) (C_10: + ((shift a_0) (integer_of_int32 !i_1)))))) in + void); + (if ((safe_eq_pointer except) null) + then (raise (Goto__LOR_exc void)) + else + (if ((neq_int_ (integer_of_int32 (C_13: + ((safe_acc_ intP_intM_except_4) except)))) + (integer_of_int32 !v)) + then (raise (Goto__LOR_exc void)) else void)); + (raise (Goto__LOR_0_exc void)); + (raise (Goto__LOR_exc void)) end) with + Goto__LOR_exc jessie_ -> + (_LOR: + try + (C_16: + begin + (let jessie_ = + (j_1 := (C_15: + (safe_int32_of_integer_ (C_14: + ((add_int (integer_of_int32 !i_1)) (1)))))) in + void); + (loop_4: + while true do + { invariant + ((JC_77: + ((JC_74: + le_int(add_int(integer_of_int32(i_1), (1)), + integer_of_int32(j_1))) + and ((JC_75: + le_int(integer_of_int32(j_1), + integer_of_int32(len_0))) + and (JC_76: + (forall l:int. + ((lt_int(integer_of_int32(i_1), l) + and lt_int(l, integer_of_int32(j_1))) -> + (not is_duplet(a_0, + integer_of_int32(len_0), + integer_of_int32(i_1), l, + intP_intM_a_3)))))))) + and (JC_81: + ((JC_79: + not_assigns(intP_pi_5_alloc_table, + intP_intM_pi_5@init, intP_intM_pi_5, + pset_singleton(pi))) + and (JC_80: + not_assigns(intP_pj_6_alloc_table, + intP_intM_pj_6@init, intP_intM_pj_6, + pset_singleton(pj)))))) } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_31: + begin + (if ((lt_int_ (integer_of_int32 !j_1)) (integer_of_int32 len_0)) + then void + else (raise (Goto_while_1_break_exc void))); + (if ((eq_int_ (integer_of_int32 (C_28: + ((safe_acc_ intP_intM_a_3) + (C_27: + ((shift a_0) + (integer_of_int32 !j_1))))))) + (integer_of_int32 !v)) + then + (C_24: + (C_26: + begin + (let jessie_ = !i_1 in + (let jessie_ = pi in + (((safe_upd_ intP_intM_pi_5) jessie_) jessie_))); + (let jessie_ = !j_1 in + (let jessie_ = pj in + (((safe_upd_ intP_intM_pj_6) jessie_) jessie_))); + (raise (Return_label_exc void)) end)) + else void); + (j_1 := (C_30: + (safe_int32_of_integer_ (C_29: + ((add_int + (integer_of_int32 !j_1)) (1)))))); + !j_1 end) in void); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_1_break_exc void)) end) with + Goto_while_1_break_exc jessie_ -> + (while_1_break: void) end) end; + (raise (Goto__LOR_0_exc void)) end with + Goto__LOR_0_exc jessie_ -> (_LOR_0: void) end; + (i_1 := (C_33: + (safe_int32_of_integer_ (C_32: + ((add_int (integer_of_int32 !i_1)) (1)))))); + !i_1 end) in void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + (assert { (JC_83: (false = true)) }; void); void; + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: (raise Return)) end))); (raise Return) end with + Return -> void end) + { (JC_29: + ((JC_25: + ((JC_23: + is_duplet(a_0, integer_of_int32(len_0), + integer_of_int32(select(intP_intM_pi_5, pi)), + integer_of_int32(select(intP_intM_pj_6, pj)), intP_intM_a_3)) + and (JC_24: + (not eq_opt(integer_of_int32(select(intP_intM_a_3, + shift(a_0, + integer_of_int32(select(intP_intM_pi_5, + pi))))), + except, intP_intM_except_4))))) + and (JC_28: + ((JC_26: + not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5@, intP_intM_pi_5, + pset_singleton(pi))) + and (JC_27: + not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6@, + intP_intM_pj_6, pset_singleton(pj))))))) } + +let duplet_safety = + fun (a_0 : intP pointer) (len_0 : int32) (except : intP pointer) (pi : intP pointer) (pj : intP pointer) (intP_intM_pi_5 : (intP, int32) memory ref) (intP_intM_pj_6 : (intP, int32) memory ref) (intP_a_3_alloc_table : intP alloc_table) (intP_except_4_alloc_table : intP alloc_table) (intP_pi_5_alloc_table : intP alloc_table) (intP_pj_6_alloc_table : intP alloc_table) (intP_intM_a_3 : (intP, int32) memory) (intP_intM_except_4 : (intP, int32) memory) -> + { (JC_21: + ((JC_12: le_int((2), integer_of_int32(len_0))) + and ((JC_13: le_int(offset_min(intP_a_3_alloc_table, a_0), (0))) + and ((JC_14: + ge_int(offset_max(intP_a_3_alloc_table, a_0), + sub_int(integer_of_int32(len_0), (1)))) + and ((JC_15: le_int(offset_min(intP_pi_5_alloc_table, pi), (0))) + and ((JC_16: + ge_int(offset_max(intP_pi_5_alloc_table, pi), (0))) + and ((JC_17: + le_int(offset_min(intP_pj_6_alloc_table, pj), (0))) + and ((JC_18: + ge_int(offset_max(intP_pj_6_alloc_table, pj), + (0))) + and ((JC_19: + ((except = null) + or (le_int(offset_min(intP_except_4_alloc_table, + except), + (0)) + and ge_int(offset_max(intP_except_4_alloc_table, + except), + (0))))) + and (JC_20: + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, + integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) + and (not eq_opt(integer_of_int32( + select(intP_intM_a_3, + shift(a_0, i_0))), + except, intP_intM_except_4))))))))))))))) } + (init: + try + begin + (let i_1 = ref (any_int32 void) in + (let v = ref (any_int32 void) in + (let j_1 = ref (any_int32 void) in + try + begin + try + (C_1: + begin + (let jessie_ = (i_1 := (safe_int32_of_integer_ (0))) in void); + (loop_1: + while true do + { invariant (JC_44: true) + variant (JC_61 : sub_int(integer_of_int32(len_0), + integer_of_int32(i_1))) } + begin + [ { } unit reads i_1 + { (JC_42: + ((JC_39: le_int((0), integer_of_int32(i_1))) + and ((JC_40: + le_int(integer_of_int32(i_1), + sub_int(integer_of_int32(len_0), (1)))) + and (JC_41: + (forall k:int. + (forall l_0:int. + ((le_int((0), k) + and (lt_int(k, integer_of_int32(i_1)) + and (lt_int(k, l_0) + and lt_int(l_0, integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, + shift(a_0, k))), + except, intP_intM_except_4)) -> + (not is_duplet(a_0, integer_of_int32(len_0), k, + l_0, intP_intM_a_3)))))))))) } ]; + try + begin + (let jessie_ = + (C_34: + begin + (if ((le_int_ (integer_of_int32 !i_1)) (integer_of_int32 + (C_9: + (JC_46: + (int32_of_integer_ + (C_8: + ((sub_int (integer_of_int32 len_0)) (2)))))))) + then void else (raise (Goto_while_0_break_exc void))); + try + begin + try + (C_12: + begin + (let jessie_ = + (v := (C_11: + (JC_47: + ((((offset_acc_ intP_a_3_alloc_table) intP_intM_a_3) a_0) + (integer_of_int32 !i_1))))) in void); + (if ((eq_pointer except) null) + then (raise (Goto__LOR_exc void)) + else + (if ((neq_int_ (integer_of_int32 (C_13: + (JC_48: + (((acc_ intP_except_4_alloc_table) intP_intM_except_4) except))))) + (integer_of_int32 !v)) + then (raise (Goto__LOR_exc void)) else void)); + (raise (Goto__LOR_0_exc void)); + (raise (Goto__LOR_exc void)) end) with + Goto__LOR_exc jessie_ -> + (_LOR: + try + (C_16: + begin + (let jessie_ = + (j_1 := (C_15: + (JC_49: + (int32_of_integer_ (C_14: + ((add_int (integer_of_int32 !i_1)) (1))))))) in + void); + (loop_2: + while true do + { invariant (JC_55: true) + variant (JC_59 : sub_int(integer_of_int32(len_0), + integer_of_int32(j_1))) } + begin + [ { } unit reads i_1,j_1 + { (JC_53: + ((JC_50: + le_int(add_int(integer_of_int32(i_1), (1)), + integer_of_int32(j_1))) + and ((JC_51: + le_int(integer_of_int32(j_1), + integer_of_int32(len_0))) + and (JC_52: + (forall l:int. + ((lt_int(integer_of_int32(i_1), l) + and lt_int(l, integer_of_int32(j_1))) -> + (not is_duplet(a_0, + integer_of_int32(len_0), + integer_of_int32(i_1), l, + intP_intM_a_3)))))))) } ]; + try + begin + (let jessie_ = + (C_31: + begin + (if ((lt_int_ (integer_of_int32 !j_1)) (integer_of_int32 len_0)) + then void + else (raise (Goto_while_1_break_exc void))); + (if ((eq_int_ (integer_of_int32 (C_28: + (JC_57: + ((((offset_acc_ intP_a_3_alloc_table) intP_intM_a_3) a_0) + (integer_of_int32 !j_1)))))) + (integer_of_int32 !v)) + then + (C_24: + (C_26: + begin + (let jessie_ = !i_1 in + (let jessie_ = pi in + (JC_63: + ((((upd_ intP_pi_5_alloc_table) intP_intM_pi_5) jessie_) jessie_)))); + (let jessie_ = !j_1 in + (let jessie_ = pj in + (JC_64: + ((((upd_ intP_pj_6_alloc_table) intP_intM_pj_6) jessie_) jessie_)))); + (raise (Return_label_exc void)) end)) + else void); + (j_1 := (C_30: + (JC_58: + (int32_of_integer_ (C_29: + ((add_int (integer_of_int32 !j_1)) (1))))))); + !j_1 end) in void); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_1_break_exc void)) end) with + Goto_while_1_break_exc jessie_ -> + (while_1_break: void) end) end; + (raise (Goto__LOR_0_exc void)) end with + Goto__LOR_0_exc jessie_ -> (_LOR_0: void) end; + (i_1 := (C_33: + (JC_60: + (int32_of_integer_ (C_32: + ((add_int (integer_of_int32 !i_1)) (1))))))); + !i_1 end) in void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + [ { } unit { (JC_62: (false = true)) } ]; void; + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: (raise Return)) end))); (raise Return) end with + Return -> void end) { true } + +let duplets_ensures_default = + fun (a_0_0 : intP pointer) (len_0_0 : int32) (pi_0 : intP pointer) (pj_0 : intP pointer) (pk : intP pointer) (pl : intP pointer) (intP_intM_pi_0_8 : (intP, int32) memory ref) (intP_intM_pj_0_9 : (intP, int32) memory ref) (intP_intM_pk_10 : (intP, int32) memory ref) (intP_intM_pl_11 : (intP, int32) memory ref) (intP_a_0_7_alloc_table : intP alloc_table) (intP_pi_0_8_alloc_table : intP alloc_table) (intP_pj_0_9_alloc_table : intP alloc_table) (intP_pk_10_alloc_table : intP alloc_table) (intP_pl_11_alloc_table : intP alloc_table) (intP_intM_a_0_7 : (intP, int32) memory) -> + { (JC_110: + ((JC_98: le_int((4), integer_of_int32(len_0_0))) + and ((JC_99: le_int(offset_min(intP_a_0_7_alloc_table, a_0_0), (0))) + and ((JC_100: + ge_int(offset_max(intP_a_0_7_alloc_table, a_0_0), + sub_int(integer_of_int32(len_0_0), (1)))) + and ((JC_101: + le_int(offset_min(intP_pi_0_8_alloc_table, pi_0), (0))) + and ((JC_102: + ge_int(offset_max(intP_pi_0_8_alloc_table, pi_0), (0))) + and ((JC_103: + le_int(offset_min(intP_pj_0_9_alloc_table, pj_0), + (0))) + and ((JC_104: + ge_int(offset_max(intP_pj_0_9_alloc_table, pj_0), + (0))) + and ((JC_105: + le_int(offset_min(intP_pk_10_alloc_table, + pk), + (0))) + and ((JC_106: + ge_int(offset_max(intP_pk_10_alloc_table, + pk), + (0))) + and ((JC_107: + le_int(offset_min(intP_pl_11_alloc_table, + pl), + (0))) + and ((JC_108: + ge_int(offset_max(intP_pl_11_alloc_table, + pl), + (0))) + and (JC_109: + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, + integer_of_int32(len_0_0), + i_1_0, j_1_0, + intP_intM_a_0_7) + and (is_duplet(a_0_0, + integer_of_int32(len_0_0), + k_0, l_1, + intP_intM_a_0_7) + and (integer_of_int32( + select(intP_intM_a_0_7, + shift(a_0_0, + i_1_0))) <> + integer_of_int32( + select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) } + (init: + try + begin + (let intP_intM_null_15 = (any_memory void) in + (let intP_null_15_alloc_table = (any_alloc_table void) in + (C_56: + (C_59: + begin + (let jessie_ = a_0_0 in + (let jessie_ = len_0_0 in + (let jessie_ = null in + (let jessie_ = pi_0 in + (let jessie_ = pj_0 in + (JC_137: + (((((((((((((duplet jessie_) jessie_) jessie_) jessie_) jessie_) intP_intM_pj_0_9) intP_intM_pi_0_8) intP_pj_0_9_alloc_table) intP_pi_0_8_alloc_table) intP_null_15_alloc_table) intP_a_0_7_alloc_table) intP_intM_null_15) intP_intM_a_0_7))))))); + (let jessie_ = a_0_0 in + (let jessie_ = len_0_0 in + (let jessie_ = + (C_58: + ((shift a_0_0) (integer_of_int32 (C_57: + ((safe_acc_ !intP_intM_pi_0_8) pi_0))))) in + (let jessie_ = pk in + (let jessie_ = pl in + (JC_138: + (((((((((((((duplet jessie_) jessie_) jessie_) jessie_) jessie_) intP_intM_pl_11) intP_intM_pk_10) intP_pl_11_alloc_table) intP_pk_10_alloc_table) intP_a_0_7_alloc_table) intP_a_0_7_alloc_table) intP_intM_a_0_7) intP_intM_a_0_7))))))); + (raise Return) end)))); (raise Return) end with Return -> void end) + { (JC_121: + ((JC_115: + ((JC_112: + is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9, pj_0)), intP_intM_a_0_7)) + and ((JC_113: + is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10, pk)), + integer_of_int32(select(intP_intM_pl_11, pl)), intP_intM_a_0_7)) + and (JC_114: + (integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, + integer_of_int32(select(intP_intM_pi_0_8, + pi_0))))) <> integer_of_int32( + select(intP_intM_a_0_7, + shift(a_0_0, + integer_of_int32( + select(intP_intM_pk_10, + pk)))))))))) + and (JC_120: + ((((JC_116: + not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8@, + intP_intM_pi_0_8, pset_singleton(pi_0))) + and (JC_117: + not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9@, + intP_intM_pj_0_9, pset_singleton(pj_0)))) + and (JC_118: + not_assigns(intP_pk_10_alloc_table, intP_intM_pk_10@, + intP_intM_pk_10, pset_singleton(pk)))) + and (JC_119: + not_assigns(intP_pl_11_alloc_table, intP_intM_pl_11@, + intP_intM_pl_11, pset_singleton(pl))))))) } + +let duplets_safety = + fun (a_0_0 : intP pointer) (len_0_0 : int32) (pi_0 : intP pointer) (pj_0 : intP pointer) (pk : intP pointer) (pl : intP pointer) (intP_intM_pi_0_8 : (intP, int32) memory ref) (intP_intM_pj_0_9 : (intP, int32) memory ref) (intP_intM_pk_10 : (intP, int32) memory ref) (intP_intM_pl_11 : (intP, int32) memory ref) (intP_a_0_7_alloc_table : intP alloc_table) (intP_pi_0_8_alloc_table : intP alloc_table) (intP_pj_0_9_alloc_table : intP alloc_table) (intP_pk_10_alloc_table : intP alloc_table) (intP_pl_11_alloc_table : intP alloc_table) (intP_intM_a_0_7 : (intP, int32) memory) -> + { (JC_110: + ((JC_98: le_int((4), integer_of_int32(len_0_0))) + and ((JC_99: le_int(offset_min(intP_a_0_7_alloc_table, a_0_0), (0))) + and ((JC_100: + ge_int(offset_max(intP_a_0_7_alloc_table, a_0_0), + sub_int(integer_of_int32(len_0_0), (1)))) + and ((JC_101: + le_int(offset_min(intP_pi_0_8_alloc_table, pi_0), (0))) + and ((JC_102: + ge_int(offset_max(intP_pi_0_8_alloc_table, pi_0), (0))) + and ((JC_103: + le_int(offset_min(intP_pj_0_9_alloc_table, pj_0), + (0))) + and ((JC_104: + ge_int(offset_max(intP_pj_0_9_alloc_table, pj_0), + (0))) + and ((JC_105: + le_int(offset_min(intP_pk_10_alloc_table, + pk), + (0))) + and ((JC_106: + ge_int(offset_max(intP_pk_10_alloc_table, + pk), + (0))) + and ((JC_107: + le_int(offset_min(intP_pl_11_alloc_table, + pl), + (0))) + and ((JC_108: + ge_int(offset_max(intP_pl_11_alloc_table, + pl), + (0))) + and (JC_109: + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, + integer_of_int32(len_0_0), + i_1_0, j_1_0, + intP_intM_a_0_7) + and (is_duplet(a_0_0, + integer_of_int32(len_0_0), + k_0, l_1, + intP_intM_a_0_7) + and (integer_of_int32( + select(intP_intM_a_0_7, + shift(a_0_0, + i_1_0))) <> + integer_of_int32( + select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) } + (init: + try + begin + (let intP_intM_null_15 = (any_memory void) in + (let intP_null_15_alloc_table = (any_alloc_table void) in + (C_56: + (C_59: + begin + (let jessie_ = a_0_0 in + (let jessie_ = len_0_0 in + (let jessie_ = null in + (let jessie_ = pi_0 in + (let jessie_ = pj_0 in + (JC_134: + (((((((((((((duplet_requires jessie_) jessie_) jessie_) jessie_) jessie_) intP_intM_pj_0_9) intP_intM_pi_0_8) intP_pj_0_9_alloc_table) intP_pi_0_8_alloc_table) intP_null_15_alloc_table) intP_a_0_7_alloc_table) intP_intM_null_15) intP_intM_a_0_7))))))); + (let jessie_ = a_0_0 in + (let jessie_ = len_0_0 in + (let jessie_ = + (C_58: + ((shift a_0_0) (integer_of_int32 (C_57: + (JC_135: + (((acc_ intP_pi_0_8_alloc_table) !intP_intM_pi_0_8) pi_0)))))) in + (let jessie_ = pk in + (let jessie_ = pl in + (JC_136: + (((((((((((((duplet_requires jessie_) jessie_) jessie_) jessie_) jessie_) intP_intM_pl_11) intP_intM_pk_10) intP_pl_11_alloc_table) intP_pk_10_alloc_table) intP_a_0_7_alloc_table) intP_a_0_7_alloc_table) intP_intM_a_0_7) intP_intM_a_0_7))))))); + (raise Return) end)))); (raise Return) end with Return -> void end) + { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/duplets.why +========== file tests/c/duplets.jessie/why/duplets_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type charP + +type int32 + +type int8 + +type intP + +type padding + +type voidP + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_int8 : int8 -> int + +predicate eq_int8(x: int8, y: int8) = + (integer_of_int8(x) = integer_of_int8(y)) + +predicate eq_opt(x_0: int, o: intP pointer, intP_intM_o_1_at_L: (intP, + int32) memory) = + ((o <> null) and (x_0 = integer_of_int32(select(intP_intM_o_1_at_L, o)))) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic int8_of_integer : int -> int8 + +axiom int8_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_int8(int8_of_integer(x)) = x))) + +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + +axiom int8_range: + (forall x:int8. + (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) + +logic intP_tag : intP tag_id + +axiom intP_int: (int_of_tag(intP_tag) = 1) + +logic intP_of_pointer_address : unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr: + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom: parenttag(intP_tag, bottom_tag) + +axiom intP_tags: + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. instanceof(intP_tag_table, x, + intP_tag))) + +predicate is_duplet(a: intP pointer, len: int, i: int, j: int, + intP_intM_a_2_at_L: (intP, int32) memory) = + ((0 <= i) and + ((i < j) and + ((j < len) and (integer_of_int32(select(intP_intM_a_2_at_L, shift(a, + i))) = integer_of_int32(select(intP_intM_a_2_at_L, shift(a, j))))))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_intP(p: intP pointer, a: int, + intP_alloc_table: intP alloc_table) = (offset_min(intP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_intP(p: intP pointer, b: int, + intP_alloc_table: intP alloc_table) = (offset_max(intP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal duplet_ensures_default_po_1: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + ("JC_68": ("JC_65": (0 <= integer_of_int32(i_1)))) + +goal duplet_ensures_default_po_2: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + ("JC_68": + ("JC_66": (integer_of_int32(i_1) <= (integer_of_int32(len_0) - 1)))) + +goal duplet_ensures_default_po_3: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall k:int. + forall l_0:int. + ((0 <= k) and + ((k < integer_of_int32(i_1)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), except, + intP_intM_except_4)) -> + ("JC_68": + ("JC_67": (not is_duplet(a_0, integer_of_int32(len_0), k, l_0, + intP_intM_a_3)))) + +goal duplet_ensures_default_po_4: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + ("JC_72": + ("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5, pset_singleton(pi)))) + +goal duplet_ensures_default_po_5: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + ("JC_72": + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6, pset_singleton(pj)))) + +goal duplet_ensures_default_po_6: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + ("JC_77": + ("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1)))) + +goal duplet_ensures_default_po_7: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + ("JC_77": ("JC_75": (integer_of_int32(j_1) <= integer_of_int32(len_0)))) + +goal duplet_ensures_default_po_8: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall l:int. + ((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1))) -> + ("JC_77": + ("JC_76": (not is_duplet(a_0, integer_of_int32(len_0), + integer_of_int32(i_1_0), l, intP_intM_a_3)))) + +goal duplet_ensures_default_po_9: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + ("JC_81": + ("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi)))) + +goal duplet_ensures_default_po_10: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + ("JC_81": + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))) + +goal duplet_ensures_default_po_11: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) = integer_of_int32(v)) -> + forall intP_intM_pi_5_2:(intP, + int32) memory. + (intP_intM_pi_5_2 = store(intP_intM_pi_5_1, pi, i_1_0)) -> + forall intP_intM_pj_6_2:(intP, + int32) memory. + (intP_intM_pj_6_2 = store(intP_intM_pj_6_1, pj, j_1_0)) -> + ("JC_29": + ("JC_25": + ("JC_23": is_duplet(a_0, integer_of_int32(len_0), + integer_of_int32(select(intP_intM_pi_5_2, pi)), + integer_of_int32(select(intP_intM_pj_6_2, pj)), intP_intM_a_3)))) + +goal duplet_ensures_default_po_12: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) = integer_of_int32(v)) -> + forall intP_intM_pi_5_2:(intP, + int32) memory. + (intP_intM_pi_5_2 = store(intP_intM_pi_5_1, pi, i_1_0)) -> + forall intP_intM_pj_6_2:(intP, + int32) memory. + (intP_intM_pj_6_2 = store(intP_intM_pj_6_1, pj, j_1_0)) -> + ("JC_29": + ("JC_25": + ("JC_24": (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + integer_of_int32(select(intP_intM_pi_5_2, pi))))), except, + intP_intM_except_4))))) + +goal duplet_ensures_default_po_13: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) = integer_of_int32(v)) -> + forall intP_intM_pi_5_2:(intP, + int32) memory. + (intP_intM_pi_5_2 = store(intP_intM_pi_5_1, pi, i_1_0)) -> + forall intP_intM_pj_6_2:(intP, + int32) memory. + (intP_intM_pj_6_2 = store(intP_intM_pj_6_1, pj, j_1_0)) -> + ("JC_29": + ("JC_28": + ("JC_26": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_2, pset_singleton(pi))))) + +goal duplet_ensures_default_po_14: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) = integer_of_int32(v)) -> + forall intP_intM_pi_5_2:(intP, + int32) memory. + (intP_intM_pi_5_2 = store(intP_intM_pi_5_1, pi, i_1_0)) -> + forall intP_intM_pj_6_2:(intP, + int32) memory. + (intP_intM_pj_6_2 = store(intP_intM_pj_6_1, pj, j_1_0)) -> + ("JC_29": + ("JC_28": + ("JC_27": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_2, pset_singleton(pj))))) + +goal duplet_ensures_default_po_15: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) <> integer_of_int32(v)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result4) -> + ("JC_77": + ("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_1)))) + +goal duplet_ensures_default_po_16: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) <> integer_of_int32(v)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result4) -> + ("JC_77": ("JC_75": (integer_of_int32(j_1_1) <= integer_of_int32(len_0)))) + +goal duplet_ensures_default_po_17: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) <> integer_of_int32(v)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result4) -> + forall l:int. + ((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_1))) -> + ("JC_77": + ("JC_76": (not is_duplet(a_0, integer_of_int32(len_0), + integer_of_int32(i_1_0), l, intP_intM_a_3)))) + +goal duplet_ensures_default_po_18: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) <> integer_of_int32(v)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result4) -> + ("JC_81": + ("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi)))) + +goal duplet_ensures_default_po_19: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) <> integer_of_int32(v)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result4) -> + ("JC_81": + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))) + +goal duplet_ensures_default_po_20: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + ("JC_68": ("JC_65": (0 <= integer_of_int32(i_1_1)))) + +goal duplet_ensures_default_po_21: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + ("JC_68": + ("JC_66": (integer_of_int32(i_1_1) <= (integer_of_int32(len_0) - 1)))) + +goal duplet_ensures_default_po_22: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + forall k:int. + forall l_0:int. + ((0 <= k) and + ((k < integer_of_int32(i_1_1)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), except, + intP_intM_except_4)) -> + ("JC_68": + ("JC_67": (not is_duplet(a_0, integer_of_int32(len_0), k, l_0, + intP_intM_a_3)))) + +goal duplet_ensures_default_po_23: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + ("JC_72": + ("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi)))) + +goal duplet_ensures_default_po_24: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except = null) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + ("JC_72": + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))) + +goal duplet_ensures_default_po_25: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + ("JC_77": + ("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1)))) + +goal duplet_ensures_default_po_26: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + ("JC_77": ("JC_75": (integer_of_int32(j_1) <= integer_of_int32(len_0)))) + +goal duplet_ensures_default_po_27: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall l:int. + ((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1))) -> + ("JC_77": + ("JC_76": (not is_duplet(a_0, integer_of_int32(len_0), + integer_of_int32(i_1_0), l, intP_intM_a_3)))) + +goal duplet_ensures_default_po_28: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + ("JC_81": + ("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi)))) + +goal duplet_ensures_default_po_29: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + ("JC_81": + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))) + +goal duplet_ensures_default_po_30: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) = integer_of_int32(v)) -> + forall intP_intM_pi_5_2:(intP, + int32) memory. + (intP_intM_pi_5_2 = store(intP_intM_pi_5_1, pi, i_1_0)) -> + forall intP_intM_pj_6_2:(intP, + int32) memory. + (intP_intM_pj_6_2 = store(intP_intM_pj_6_1, pj, j_1_0)) -> + ("JC_29": + ("JC_25": + ("JC_23": is_duplet(a_0, integer_of_int32(len_0), + integer_of_int32(select(intP_intM_pi_5_2, pi)), + integer_of_int32(select(intP_intM_pj_6_2, pj)), intP_intM_a_3)))) + +goal duplet_ensures_default_po_31: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) = integer_of_int32(v)) -> + forall intP_intM_pi_5_2:(intP, + int32) memory. + (intP_intM_pi_5_2 = store(intP_intM_pi_5_1, pi, i_1_0)) -> + forall intP_intM_pj_6_2:(intP, + int32) memory. + (intP_intM_pj_6_2 = store(intP_intM_pj_6_1, pj, j_1_0)) -> + ("JC_29": + ("JC_25": + ("JC_24": (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + integer_of_int32(select(intP_intM_pi_5_2, pi))))), except, + intP_intM_except_4))))) + +goal duplet_ensures_default_po_32: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) = integer_of_int32(v)) -> + forall intP_intM_pi_5_2:(intP, + int32) memory. + (intP_intM_pi_5_2 = store(intP_intM_pi_5_1, pi, i_1_0)) -> + forall intP_intM_pj_6_2:(intP, + int32) memory. + (intP_intM_pj_6_2 = store(intP_intM_pj_6_1, pj, j_1_0)) -> + ("JC_29": + ("JC_28": + ("JC_26": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_2, pset_singleton(pi))))) + +goal duplet_ensures_default_po_33: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) = integer_of_int32(v)) -> + forall intP_intM_pi_5_2:(intP, + int32) memory. + (intP_intM_pi_5_2 = store(intP_intM_pi_5_1, pi, i_1_0)) -> + forall intP_intM_pj_6_2:(intP, + int32) memory. + (intP_intM_pj_6_2 = store(intP_intM_pj_6_1, pj, j_1_0)) -> + ("JC_29": + ("JC_28": + ("JC_27": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_2, pset_singleton(pj))))) + +goal duplet_ensures_default_po_34: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) <> integer_of_int32(v)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result5) -> + ("JC_77": + ("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_1)))) + +goal duplet_ensures_default_po_35: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) <> integer_of_int32(v)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result5) -> + ("JC_77": ("JC_75": (integer_of_int32(j_1_1) <= integer_of_int32(len_0)))) + +goal duplet_ensures_default_po_36: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) <> integer_of_int32(v)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result5) -> + forall l:int. + ((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_1))) -> + ("JC_77": + ("JC_76": (not is_duplet(a_0, integer_of_int32(len_0), + integer_of_int32(i_1_0), l, intP_intM_a_3)))) + +goal duplet_ensures_default_po_37: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) <> integer_of_int32(v)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result5) -> + ("JC_81": + ("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi)))) + +goal duplet_ensures_default_po_38: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) <> integer_of_int32(v)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result5) -> + ("JC_81": + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))) + +goal duplet_ensures_default_po_39: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result4) -> + ("JC_68": ("JC_65": (0 <= integer_of_int32(i_1_1)))) + +goal duplet_ensures_default_po_40: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result4) -> + ("JC_68": + ("JC_66": (integer_of_int32(i_1_1) <= (integer_of_int32(len_0) - 1)))) + +goal duplet_ensures_default_po_41: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result4) -> + forall k:int. + forall l_0:int. + ((0 <= k) and + ((k < integer_of_int32(i_1_1)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), except, + intP_intM_except_4)) -> + ("JC_68": + ("JC_67": (not is_duplet(a_0, integer_of_int32(len_0), k, l_0, + intP_intM_a_3)))) + +goal duplet_ensures_default_po_42: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result4) -> + ("JC_72": + ("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi)))) + +goal duplet_ensures_default_po_43: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5_1:(intP, int32) memory. + forall intP_intM_pj_6_1:(intP, + int32) memory. + forall j_1_0:int32. + (("JC_77": + (("JC_74": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_75": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_76": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) and + ("JC_81": + (("JC_79": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_1, pset_singleton(pi))) and + ("JC_80": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result4) -> + ("JC_72": + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_1, pset_singleton(pj)))) + +goal duplet_ensures_default_po_44: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) = integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + ("JC_68": ("JC_65": (0 <= integer_of_int32(i_1_1)))) + +goal duplet_ensures_default_po_45: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) = integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + ("JC_68": + ("JC_66": (integer_of_int32(i_1_1) <= (integer_of_int32(len_0) - 1)))) + +goal duplet_ensures_default_po_46: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) = integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + forall k:int. + forall l_0:int. + ((0 <= k) and + ((k < integer_of_int32(i_1_1)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), except, + intP_intM_except_4)) -> + ("JC_68": + ("JC_67": (not is_duplet(a_0, integer_of_int32(len_0), k, l_0, + intP_intM_a_3)))) + +goal duplet_ensures_default_po_47: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) = integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + ("JC_72": + ("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi)))) + +goal duplet_ensures_default_po_48: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (except <> null) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) = integer_of_int32(v)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + ("JC_72": + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))) + +goal duplet_ensures_default_po_49: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) > integer_of_int32(result0)) -> + ("JC_83": (false = true)) + +goal duplet_ensures_default_po_50: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) > integer_of_int32(result0)) -> + ("JC_83": (false = true)) -> + ("JC_29": + ("JC_25": + ("JC_23": is_duplet(a_0, integer_of_int32(len_0), + integer_of_int32(select(intP_intM_pi_5_0, pi)), + integer_of_int32(select(intP_intM_pj_6_0, pj)), intP_intM_a_3)))) + +goal duplet_ensures_default_po_51: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) > integer_of_int32(result0)) -> + ("JC_83": (false = true)) -> + ("JC_29": + ("JC_25": + ("JC_24": (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + integer_of_int32(select(intP_intM_pi_5_0, pi))))), except, + intP_intM_except_4))))) + +goal duplet_ensures_default_po_52: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) > integer_of_int32(result0)) -> + ("JC_83": (false = true)) -> + ("JC_29": + ("JC_28": + ("JC_26": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))))) + +goal duplet_ensures_default_po_53: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, int32) memory. + forall intP_intM_pi_5:(intP, int32) memory. + forall intP_intM_pj_6:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + forall intP_intM_pi_5_0:(intP, int32) memory. + forall intP_intM_pj_6_0:(intP, + int32) memory. + (("JC_68": + (("JC_65": (0 <= integer_of_int32(i_1_0))) and + (("JC_66": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_67": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + k))), except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) and + ("JC_72": + (("JC_70": not_assigns(intP_pi_5_alloc_table, intP_intM_pi_5, + intP_intM_pi_5_0, pset_singleton(pi))) and + ("JC_71": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj)))))) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) > integer_of_int32(result0)) -> + ("JC_83": (false = true)) -> + ("JC_29": + ("JC_28": + ("JC_27": not_assigns(intP_pj_6_alloc_table, intP_intM_pj_6, + intP_intM_pj_6_0, pset_singleton(pj))))) + +goal duplet_safety_po_1: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + ((-2147483648) <= (integer_of_int32(len_0) - 2)) + +goal duplet_safety_po_2: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + ((integer_of_int32(len_0) - 2) <= 2147483647) + +goal duplet_safety_po_3: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + (offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) + +goal duplet_safety_po_4: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0)) + +goal duplet_safety_po_5: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) + +goal duplet_safety_po_6: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + ((-2147483648) <= (integer_of_int32(i_1_0) + 1)) + +goal duplet_safety_po_7: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + ((integer_of_int32(i_1_0) + 1) <= 2147483647) + +goal duplet_safety_po_8: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + (offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) + +goal duplet_safety_po_9: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0)) + +goal duplet_safety_po_10: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) = integer_of_int32(v)) -> + (offset_min(intP_pi_5_alloc_table, pi) <= 0) + +goal duplet_safety_po_11: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) = integer_of_int32(v)) -> + (0 <= offset_max(intP_pi_5_alloc_table, pi)) + +goal duplet_safety_po_12: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5:(intP, + int32) memory. + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) = integer_of_int32(v)) -> + ((offset_min(intP_pi_5_alloc_table, pi) <= 0) and + (0 <= offset_max(intP_pi_5_alloc_table, pi))) -> + forall intP_intM_pi_5_0:(intP, + int32) memory. + (intP_intM_pi_5_0 = store(intP_intM_pi_5, pi, i_1_0)) -> + (offset_min(intP_pj_6_alloc_table, pj) <= 0) + +goal duplet_safety_po_13: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall intP_intM_pi_5:(intP, + int32) memory. + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) = integer_of_int32(v)) -> + ((offset_min(intP_pi_5_alloc_table, pi) <= 0) and + (0 <= offset_max(intP_pi_5_alloc_table, pi))) -> + forall intP_intM_pi_5_0:(intP, + int32) memory. + (intP_intM_pi_5_0 = store(intP_intM_pi_5, pi, i_1_0)) -> + (0 <= offset_max(intP_pj_6_alloc_table, pj)) + +goal duplet_safety_po_14: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) <> integer_of_int32(v)) -> + ((-2147483648) <= (integer_of_int32(j_1_0) + 1)) + +goal duplet_safety_po_15: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) <> integer_of_int32(v)) -> + ((integer_of_int32(j_1_0) + 1) <= 2147483647) + +goal duplet_safety_po_16: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(j_1_0) + 1)) and + ((integer_of_int32(j_1_0) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result4) -> + (0 <= ("JC_59": (integer_of_int32(len_0) - integer_of_int32(j_1_0)))) + +goal duplet_safety_po_17: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result3:int32. + (result3 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result3) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(j_1_0) + 1)) and + ((integer_of_int32(j_1_0) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result4) -> + (("JC_59": (integer_of_int32(len_0) - integer_of_int32(j_1_1))) < ("JC_59": + (integer_of_int32(len_0) - integer_of_int32(j_1_0)))) + +goal duplet_safety_po_18: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + (0 <= ("JC_61": (integer_of_int32(len_0) - integer_of_int32(i_1_0)))) + +goal duplet_safety_po_19: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except = null) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result2) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + (("JC_61": (integer_of_int32(len_0) - integer_of_int32(i_1_1))) < ("JC_61": + (integer_of_int32(len_0) - integer_of_int32(i_1_0)))) + +goal duplet_safety_po_20: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + (offset_min(intP_except_4_alloc_table, except) <= 0) + +goal duplet_safety_po_21: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + (0 <= offset_max(intP_except_4_alloc_table, except)) + +goal duplet_safety_po_22: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + ((-2147483648) <= (integer_of_int32(i_1_0) + 1)) + +goal duplet_safety_po_23: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + ((integer_of_int32(i_1_0) + 1) <= 2147483647) + +goal duplet_safety_po_24: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + (offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) + +goal duplet_safety_po_25: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0)) + +goal duplet_safety_po_26: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) = integer_of_int32(v)) -> + (offset_min(intP_pi_5_alloc_table, pi) <= 0) + +goal duplet_safety_po_27: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) = integer_of_int32(v)) -> + (0 <= offset_max(intP_pi_5_alloc_table, pi)) + +goal duplet_safety_po_28: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5:(intP, + int32) memory. + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) = integer_of_int32(v)) -> + ((offset_min(intP_pi_5_alloc_table, pi) <= 0) and + (0 <= offset_max(intP_pi_5_alloc_table, pi))) -> + forall intP_intM_pi_5_0:(intP, + int32) memory. + (intP_intM_pi_5_0 = store(intP_intM_pi_5, pi, i_1_0)) -> + (offset_min(intP_pj_6_alloc_table, pj) <= 0) + +goal duplet_safety_po_29: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall intP_intM_pi_5:(intP, + int32) memory. + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) = integer_of_int32(v)) -> + ((offset_min(intP_pi_5_alloc_table, pi) <= 0) and + (0 <= offset_max(intP_pi_5_alloc_table, pi))) -> + forall intP_intM_pi_5_0:(intP, + int32) memory. + (intP_intM_pi_5_0 = store(intP_intM_pi_5, pi, i_1_0)) -> + (0 <= offset_max(intP_pj_6_alloc_table, pj)) + +goal duplet_safety_po_30: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) <> integer_of_int32(v)) -> + ((-2147483648) <= (integer_of_int32(j_1_0) + 1)) + +goal duplet_safety_po_31: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) <> integer_of_int32(v)) -> + ((integer_of_int32(j_1_0) + 1) <= 2147483647) + +goal duplet_safety_po_32: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(j_1_0) + 1)) and + ((integer_of_int32(j_1_0) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result5) -> + (0 <= ("JC_59": (integer_of_int32(len_0) - integer_of_int32(j_1_0)))) + +goal duplet_safety_po_33: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) < integer_of_int32(len_0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(j_1_0)) and + (integer_of_int32(j_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result4:int32. + (result4 = select(intP_intM_a_3, shift(a_0, integer_of_int32(j_1_0)))) -> + (integer_of_int32(result4) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(j_1_0) + 1)) and + ((integer_of_int32(j_1_0) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(j_1_0) + 1)) -> + forall j_1_1:int32. + (j_1_1 = result5) -> + (("JC_59": (integer_of_int32(len_0) - integer_of_int32(j_1_1))) < ("JC_59": + (integer_of_int32(len_0) - integer_of_int32(j_1_0)))) + +goal duplet_safety_po_34: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result4) -> + (0 <= ("JC_61": (integer_of_int32(len_0) - integer_of_int32(i_1_0)))) + +goal duplet_safety_po_35: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) <> integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall j_1:int32. + (j_1 = result3) -> + forall j_1_0:int32. + ("JC_55": true) -> + ("JC_53": + (("JC_50": ((integer_of_int32(i_1_0) + 1) <= integer_of_int32(j_1_0))) and + (("JC_51": (integer_of_int32(j_1_0) <= integer_of_int32(len_0))) and + ("JC_52": + (forall l:int. + (((integer_of_int32(i_1_0) < l) and (l < integer_of_int32(j_1_0))) -> + (not is_duplet(a_0, integer_of_int32(len_0), integer_of_int32(i_1_0), + l, intP_intM_a_3)))))))) -> + (integer_of_int32(j_1_0) >= integer_of_int32(len_0)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result4) -> + (("JC_61": (integer_of_int32(len_0) - integer_of_int32(i_1_1))) < ("JC_61": + (integer_of_int32(len_0) - integer_of_int32(i_1_0)))) + +goal duplet_safety_po_36: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) = integer_of_int32(v)) -> + ((-2147483648) <= (integer_of_int32(i_1_0) + 1)) + +goal duplet_safety_po_37: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) = integer_of_int32(v)) -> + ((integer_of_int32(i_1_0) + 1) <= 2147483647) + +goal duplet_safety_po_38: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) = integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + (0 <= ("JC_61": (integer_of_int32(len_0) - integer_of_int32(i_1_0)))) + +goal duplet_safety_po_39: + forall a_0:intP pointer. + forall len_0:int32. + forall except:intP pointer. + forall pi:intP pointer. + forall pj:intP pointer. + forall intP_a_3_alloc_table:intP alloc_table. + forall intP_except_4_alloc_table:intP alloc_table. + forall intP_pi_5_alloc_table:intP alloc_table. + forall intP_pj_6_alloc_table:intP alloc_table. + forall intP_intM_a_3:(intP, int32) memory. + forall intP_intM_except_4:(intP, + int32) memory. + ("JC_21": + (("JC_12": (2 <= integer_of_int32(len_0))) and + (("JC_13": (offset_min(intP_a_3_alloc_table, a_0) <= 0)) and + (("JC_14": (offset_max(intP_a_3_alloc_table, + a_0) >= (integer_of_int32(len_0) - 1))) and + (("JC_15": (offset_min(intP_pi_5_alloc_table, pi) <= 0)) and + (("JC_16": (offset_max(intP_pi_5_alloc_table, pi) >= 0)) and + (("JC_17": (offset_min(intP_pj_6_alloc_table, pj) <= 0)) and + (("JC_18": (offset_max(intP_pj_6_alloc_table, pj) >= 0)) and + (("JC_19": + ((except = null) or + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (offset_max(intP_except_4_alloc_table, except) >= 0)))) and + ("JC_20": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0, integer_of_int32(len_0), i_0, j_0, + intP_intM_a_3) and + (not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, + i_0))), except, intP_intM_except_4))))))))))))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_1:int32. + (i_1 = result) -> + forall i_1_0:int32. + ("JC_44": true) -> + ("JC_42": + (("JC_39": (0 <= integer_of_int32(i_1_0))) and + (("JC_40": (integer_of_int32(i_1_0) <= (integer_of_int32(len_0) - 1))) and + ("JC_41": + (forall k:int. + (forall l_0:int. + (((0 <= k) and + ((k < integer_of_int32(i_1_0)) and + ((k < l_0) and (l_0 < integer_of_int32(len_0))))) -> + ((not eq_opt(integer_of_int32(select(intP_intM_a_3, shift(a_0, k))), + except, intP_intM_except_4)) -> (not is_duplet(a_0, + integer_of_int32(len_0), k, l_0, intP_intM_a_3)))))))))) -> + (((-2147483648) <= (integer_of_int32(len_0) - 2)) and + ((integer_of_int32(len_0) - 2) <= 2147483647)) -> + forall result0:int32. + (integer_of_int32(result0) = (integer_of_int32(len_0) - 2)) -> + (integer_of_int32(i_1_0) <= integer_of_int32(result0)) -> + ((offset_min(intP_a_3_alloc_table, a_0) <= integer_of_int32(i_1_0)) and + (integer_of_int32(i_1_0) <= offset_max(intP_a_3_alloc_table, a_0))) -> + forall result1:int32. + (result1 = select(intP_intM_a_3, shift(a_0, integer_of_int32(i_1_0)))) -> + forall v:int32. + (v = result1) -> + (same_block(except, null) or ((except = null) or (null = null))) -> + (except <> null) -> + ((offset_min(intP_except_4_alloc_table, except) <= 0) and + (0 <= offset_max(intP_except_4_alloc_table, except))) -> + forall result2:int32. + (result2 = select(intP_intM_except_4, except)) -> + (integer_of_int32(result2) = integer_of_int32(v)) -> + (((-2147483648) <= (integer_of_int32(i_1_0) + 1)) and + ((integer_of_int32(i_1_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_1_0) + 1)) -> + forall i_1_1:int32. + (i_1_1 = result3) -> + (("JC_61": (integer_of_int32(len_0) - integer_of_int32(i_1_1))) < ("JC_61": + (integer_of_int32(len_0) - integer_of_int32(i_1_0)))) + +goal duplets_ensures_default_po_1: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, int32) memory. + forall intP_intM_pk_10:(intP, int32) memory. + forall intP_intM_pl_11:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, int32) memory. + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + forall result0:int32. + (result0 = select(intP_intM_pi_0_8_0, pi_0)) -> + forall intP_intM_pk_10_0:(intP, + int32) memory. + forall intP_intM_pl_11_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10_0, pk)), + integer_of_int32(select(intP_intM_pl_11_0, pl)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pk_10_0, pk))))), + shift(a_0_0, integer_of_int32(result0)), intP_intM_a_0_7))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pk_10_alloc_table, intP_intM_pk_10, + intP_intM_pk_10_0, pset_singleton(pk))) and + ("JC_34": not_assigns(intP_pl_11_alloc_table, intP_intM_pl_11, + intP_intM_pl_11_0, pset_singleton(pl))))))) -> + ("JC_121": + ("JC_115": + ("JC_112": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)))) + +goal duplets_ensures_default_po_2: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, int32) memory. + forall intP_intM_pk_10:(intP, int32) memory. + forall intP_intM_pl_11:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, int32) memory. + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + forall result0:int32. + (result0 = select(intP_intM_pi_0_8_0, pi_0)) -> + forall intP_intM_pk_10_0:(intP, + int32) memory. + forall intP_intM_pl_11_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10_0, pk)), + integer_of_int32(select(intP_intM_pl_11_0, pl)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pk_10_0, pk))))), + shift(a_0_0, integer_of_int32(result0)), intP_intM_a_0_7))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pk_10_alloc_table, intP_intM_pk_10, + intP_intM_pk_10_0, pset_singleton(pk))) and + ("JC_34": not_assigns(intP_pl_11_alloc_table, intP_intM_pl_11, + intP_intM_pl_11_0, pset_singleton(pl))))))) -> + ("JC_121": + ("JC_115": + ("JC_113": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10_0, pk)), + integer_of_int32(select(intP_intM_pl_11_0, pl)), intP_intM_a_0_7)))) + +goal duplets_ensures_default_po_3: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, int32) memory. + forall intP_intM_pk_10:(intP, int32) memory. + forall intP_intM_pl_11:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, int32) memory. + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + forall result0:int32. + (result0 = select(intP_intM_pi_0_8_0, pi_0)) -> + forall intP_intM_pk_10_0:(intP, + int32) memory. + forall intP_intM_pl_11_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10_0, pk)), + integer_of_int32(select(intP_intM_pl_11_0, pl)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pk_10_0, pk))))), + shift(a_0_0, integer_of_int32(result0)), intP_intM_a_0_7))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pk_10_alloc_table, intP_intM_pk_10, + intP_intM_pk_10_0, pset_singleton(pk))) and + ("JC_34": not_assigns(intP_pl_11_alloc_table, intP_intM_pl_11, + intP_intM_pl_11_0, pset_singleton(pl))))))) -> + ("JC_121": + ("JC_115": + ("JC_114": (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + integer_of_int32(select(intP_intM_pi_0_8_0, + pi_0))))) <> integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + integer_of_int32(select(intP_intM_pk_10_0, pk))))))))) + +goal duplets_ensures_default_po_4: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, int32) memory. + forall intP_intM_pk_10:(intP, int32) memory. + forall intP_intM_pl_11:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, int32) memory. + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + forall result0:int32. + (result0 = select(intP_intM_pi_0_8_0, pi_0)) -> + forall intP_intM_pk_10_0:(intP, + int32) memory. + forall intP_intM_pl_11_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10_0, pk)), + integer_of_int32(select(intP_intM_pl_11_0, pl)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pk_10_0, pk))))), + shift(a_0_0, integer_of_int32(result0)), intP_intM_a_0_7))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pk_10_alloc_table, intP_intM_pk_10, + intP_intM_pk_10_0, pset_singleton(pk))) and + ("JC_34": not_assigns(intP_pl_11_alloc_table, intP_intM_pl_11, + intP_intM_pl_11_0, pset_singleton(pl))))))) -> + ("JC_121": + ("JC_120": + ("JC_116": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))))) + +goal duplets_ensures_default_po_5: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, int32) memory. + forall intP_intM_pk_10:(intP, int32) memory. + forall intP_intM_pl_11:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, int32) memory. + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + forall result0:int32. + (result0 = select(intP_intM_pi_0_8_0, pi_0)) -> + forall intP_intM_pk_10_0:(intP, + int32) memory. + forall intP_intM_pl_11_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10_0, pk)), + integer_of_int32(select(intP_intM_pl_11_0, pl)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pk_10_0, pk))))), + shift(a_0_0, integer_of_int32(result0)), intP_intM_a_0_7))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pk_10_alloc_table, intP_intM_pk_10, + intP_intM_pk_10_0, pset_singleton(pk))) and + ("JC_34": not_assigns(intP_pl_11_alloc_table, intP_intM_pl_11, + intP_intM_pl_11_0, pset_singleton(pl))))))) -> + ("JC_121": + ("JC_120": + ("JC_117": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))) + +goal duplets_ensures_default_po_6: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, int32) memory. + forall intP_intM_pk_10:(intP, int32) memory. + forall intP_intM_pl_11:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, int32) memory. + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + forall result0:int32. + (result0 = select(intP_intM_pi_0_8_0, pi_0)) -> + forall intP_intM_pk_10_0:(intP, + int32) memory. + forall intP_intM_pl_11_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10_0, pk)), + integer_of_int32(select(intP_intM_pl_11_0, pl)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pk_10_0, pk))))), + shift(a_0_0, integer_of_int32(result0)), intP_intM_a_0_7))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pk_10_alloc_table, intP_intM_pk_10, + intP_intM_pk_10_0, pset_singleton(pk))) and + ("JC_34": not_assigns(intP_pl_11_alloc_table, intP_intM_pl_11, + intP_intM_pl_11_0, pset_singleton(pl))))))) -> + ("JC_121": + ("JC_120": + ("JC_118": not_assigns(intP_pk_10_alloc_table, intP_intM_pk_10, + intP_intM_pk_10_0, pset_singleton(pk))))) + +goal duplets_ensures_default_po_7: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, int32) memory. + forall intP_intM_pk_10:(intP, int32) memory. + forall intP_intM_pl_11:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, int32) memory. + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + forall result0:int32. + (result0 = select(intP_intM_pi_0_8_0, pi_0)) -> + forall intP_intM_pk_10_0:(intP, + int32) memory. + forall intP_intM_pl_11_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pk_10_0, pk)), + integer_of_int32(select(intP_intM_pl_11_0, pl)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pk_10_0, pk))))), + shift(a_0_0, integer_of_int32(result0)), intP_intM_a_0_7))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pk_10_alloc_table, intP_intM_pk_10, + intP_intM_pk_10_0, pset_singleton(pk))) and + ("JC_34": not_assigns(intP_pl_11_alloc_table, intP_intM_pl_11, + intP_intM_pl_11_0, pset_singleton(pl))))))) -> + ("JC_121": + ("JC_120": + ("JC_119": not_assigns(intP_pl_11_alloc_table, intP_intM_pl_11, + intP_intM_pl_11_0, pset_singleton(pl))))) + +goal duplets_safety_po_1: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + ("JC_10": ("JC_1": (2 <= integer_of_int32(len_0_0)))) + +goal duplets_safety_po_2: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + ("JC_10": ("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0))) + +goal duplets_safety_po_3: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + ("JC_10": + ("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1)))) + +goal duplets_safety_po_4: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + ("JC_10": ("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0))) + +goal duplets_safety_po_5: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + ("JC_10": ("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0))) + +goal duplets_safety_po_6: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + ("JC_10": ("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0))) + +goal duplets_safety_po_7: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + ("JC_10": ("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0))) + +goal duplets_safety_po_8: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result0:intP alloc_table. + ("JC_10": + ("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, null) >= 0))))) + +goal duplets_safety_po_9: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + ("JC_10": + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_0))), null, result))))))) + +goal duplets_safety_po_10: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + forall result0:intP alloc_table. + ("JC_10": + (("JC_1": (2 <= integer_of_int32(len_0_0))) and + (("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, + null) >= 0)))) and + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, i_0))), null, result))))))))))))))) -> + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0) + +goal duplets_safety_po_11: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + forall result0:intP alloc_table. + ("JC_10": + (("JC_1": (2 <= integer_of_int32(len_0_0))) and + (("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, + null) >= 0)))) and + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, i_0))), null, result))))))))))))))) -> + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + (0 <= offset_max(intP_pi_0_8_alloc_table, pi_0)) + +goal duplets_safety_po_12: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + forall result0:intP alloc_table. + ("JC_10": + (("JC_1": (2 <= integer_of_int32(len_0_0))) and + (("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, + null) >= 0)))) and + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, i_0))), null, result))))))))))))))) -> + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + ((offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0) and + (0 <= offset_max(intP_pi_0_8_alloc_table, pi_0))) -> + forall result1:int32. + (result1 = select(intP_intM_pi_0_8_0, pi_0)) -> + ("JC_10": ("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0))) + +goal duplets_safety_po_13: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + forall result0:intP alloc_table. + ("JC_10": + (("JC_1": (2 <= integer_of_int32(len_0_0))) and + (("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, + null) >= 0)))) and + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, i_0))), null, result))))))))))))))) -> + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + ((offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0) and + (0 <= offset_max(intP_pi_0_8_alloc_table, pi_0))) -> + forall result1:int32. + (result1 = select(intP_intM_pi_0_8_0, pi_0)) -> + ("JC_10": + ("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1)))) + +goal duplets_safety_po_14: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + forall result0:intP alloc_table. + ("JC_10": + (("JC_1": (2 <= integer_of_int32(len_0_0))) and + (("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, + null) >= 0)))) and + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, i_0))), null, result))))))))))))))) -> + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + ((offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0) and + (0 <= offset_max(intP_pi_0_8_alloc_table, pi_0))) -> + forall result1:int32. + (result1 = select(intP_intM_pi_0_8_0, pi_0)) -> + ("JC_10": ("JC_4": (offset_min(intP_pk_10_alloc_table, pk) <= 0))) + +goal duplets_safety_po_15: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + forall result0:intP alloc_table. + ("JC_10": + (("JC_1": (2 <= integer_of_int32(len_0_0))) and + (("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, + null) >= 0)))) and + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, i_0))), null, result))))))))))))))) -> + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + ((offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0) and + (0 <= offset_max(intP_pi_0_8_alloc_table, pi_0))) -> + forall result1:int32. + (result1 = select(intP_intM_pi_0_8_0, pi_0)) -> + ("JC_10": ("JC_5": (offset_max(intP_pk_10_alloc_table, pk) >= 0))) + +goal duplets_safety_po_16: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + forall result0:intP alloc_table. + ("JC_10": + (("JC_1": (2 <= integer_of_int32(len_0_0))) and + (("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, + null) >= 0)))) and + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, i_0))), null, result))))))))))))))) -> + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + ((offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0) and + (0 <= offset_max(intP_pi_0_8_alloc_table, pi_0))) -> + forall result1:int32. + (result1 = select(intP_intM_pi_0_8_0, pi_0)) -> + ("JC_10": ("JC_6": (offset_min(intP_pl_11_alloc_table, pl) <= 0))) + +goal duplets_safety_po_17: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + forall result0:intP alloc_table. + ("JC_10": + (("JC_1": (2 <= integer_of_int32(len_0_0))) and + (("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, + null) >= 0)))) and + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, i_0))), null, result))))))))))))))) -> + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + ((offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0) and + (0 <= offset_max(intP_pi_0_8_alloc_table, pi_0))) -> + forall result1:int32. + (result1 = select(intP_intM_pi_0_8_0, pi_0)) -> + ("JC_10": ("JC_7": (offset_max(intP_pl_11_alloc_table, pl) >= 0))) + +goal duplets_safety_po_18: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + forall result0:intP alloc_table. + ("JC_10": + (("JC_1": (2 <= integer_of_int32(len_0_0))) and + (("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, + null) >= 0)))) and + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, i_0))), null, result))))))))))))))) -> + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + ((offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0) and + (0 <= offset_max(intP_pi_0_8_alloc_table, pi_0))) -> + forall result1:int32. + (result1 = select(intP_intM_pi_0_8_0, pi_0)) -> + ("JC_10": + ("JC_8": + ((shift(a_0_0, integer_of_int32(result1)) = null) or + ((offset_min(intP_a_0_7_alloc_table, shift(a_0_0, + integer_of_int32(result1))) <= 0) and (offset_max(intP_a_0_7_alloc_table, + shift(a_0_0, integer_of_int32(result1))) >= 0))))) + +goal duplets_safety_po_19: + forall a_0_0:intP pointer. + forall len_0_0:int32. + forall pi_0:intP pointer. + forall pj_0:intP pointer. + forall pk:intP pointer. + forall pl:intP pointer. + forall intP_a_0_7_alloc_table:intP alloc_table. + forall intP_pi_0_8_alloc_table:intP alloc_table. + forall intP_pj_0_9_alloc_table:intP alloc_table. + forall intP_pk_10_alloc_table:intP alloc_table. + forall intP_pl_11_alloc_table:intP alloc_table. + forall intP_intM_a_0_7:(intP, int32) memory. + forall intP_intM_pi_0_8:(intP, int32) memory. + forall intP_intM_pj_0_9:(intP, + int32) memory. + ("JC_110": + (("JC_98": (4 <= integer_of_int32(len_0_0))) and + (("JC_99": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_100": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_101": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_102": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_103": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_104": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_105": (offset_min(intP_pk_10_alloc_table, pk) <= 0)) and + (("JC_106": (offset_max(intP_pk_10_alloc_table, pk) >= 0)) and + (("JC_107": (offset_min(intP_pl_11_alloc_table, pl) <= 0)) and + (("JC_108": (offset_max(intP_pl_11_alloc_table, pl) >= 0)) and + ("JC_109": + (exists i_1_0:int. + (exists j_1_0:int. + (exists k_0:int. + (exists l_1:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_1_0, + j_1_0, intP_intM_a_0_7) and + (is_duplet(a_0_0, integer_of_int32(len_0_0), k_0, l_1, + intP_intM_a_0_7) and + (integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_1_0))) <> integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, k_0))))))))))))))))))))))) -> + forall result:(intP, + int32) memory. + forall result0:intP alloc_table. + ("JC_10": + (("JC_1": (2 <= integer_of_int32(len_0_0))) and + (("JC_2": (offset_min(intP_a_0_7_alloc_table, a_0_0) <= 0)) and + (("JC_3": (offset_max(intP_a_0_7_alloc_table, + a_0_0) >= (integer_of_int32(len_0_0) - 1))) and + (("JC_4": (offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0)) and + (("JC_5": (offset_max(intP_pi_0_8_alloc_table, pi_0) >= 0)) and + (("JC_6": (offset_min(intP_pj_0_9_alloc_table, pj_0) <= 0)) and + (("JC_7": (offset_max(intP_pj_0_9_alloc_table, pj_0) >= 0)) and + (("JC_8": + ((null = null) or + ((offset_min(result0, null) <= 0) and (offset_max(result0, + null) >= 0)))) and + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, i_0))), null, result))))))))))))))) -> + forall intP_intM_pi_0_8_0:(intP, + int32) memory. + forall intP_intM_pj_0_9_0:(intP, + int32) memory. + ("JC_36": + (("JC_32": + (("JC_30": is_duplet(a_0_0, integer_of_int32(len_0_0), + integer_of_int32(select(intP_intM_pi_0_8_0, pi_0)), + integer_of_int32(select(intP_intM_pj_0_9_0, pj_0)), intP_intM_a_0_7)) and + ("JC_31": (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, + shift(a_0_0, integer_of_int32(select(intP_intM_pi_0_8_0, pi_0))))), null, + result))))) and + ("JC_35": + (("JC_33": not_assigns(intP_pi_0_8_alloc_table, intP_intM_pi_0_8, + intP_intM_pi_0_8_0, pset_singleton(pi_0))) and + ("JC_34": not_assigns(intP_pj_0_9_alloc_table, intP_intM_pj_0_9, + intP_intM_pj_0_9_0, pset_singleton(pj_0))))))) -> + ((offset_min(intP_pi_0_8_alloc_table, pi_0) <= 0) and + (0 <= offset_max(intP_pi_0_8_alloc_table, pi_0))) -> + forall result1:int32. + (result1 = select(intP_intM_pi_0_8_0, pi_0)) -> + ("JC_10": + ("JC_9": + (exists i_0:int. + (exists j_0:int. + (is_duplet(a_0_0, integer_of_int32(len_0_0), i_0, j_0, + intP_intM_a_0_7) and + (not eq_opt(integer_of_int32(select(intP_intM_a_0_7, shift(a_0_0, + i_0))), shift(a_0_0, integer_of_int32(result1)), intP_intM_a_0_7))))))) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/duplets_why.why : ..........#..................#................................................................#......................# (114/0/0/4/0) +total : 118 +valid : 114 ( 97%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 4 ( 3%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/flag.res.oracle why-2.30+dfsg/tests/c/oracle/flag.res.oracle --- why-2.29+dfsg/tests/c/oracle/flag.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/flag.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,6611 @@ +========== file tests/c/flag.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +/* Dijkstra's dutch flag */ + +#pragma JessieIntegerModel(math) + +typedef char color; + +#define BLUE (color)1 +#define WHITE (color)2 +#define RED (color)3 + +/*@ predicate is_color(color c) = + @ c == BLUE || c == WHITE || c == RED ; + @*/ + +/*@ predicate is_color_array{L}(color *t, integer l) = + @ \valid_range(t,0,l-1) && + @ \forall integer i; 0 <= i < l ==> is_color(t[i]) ; + @*/ + +/*@ predicate is_monochrome{L}(color *t,integer i, integer j, color c) = + @ \forall integer k; i <= k < j ==> t[k] == c ; + @*/ + + +/*@ requires \valid_range(t,i,j); + @ behavior decides_monochromatic: + @ ensures \result <==> is_monochrome(t,i,j,c); + @*/ +int isMonochrome(color t[], int i, int j, color c) { + /*@ loop invariant i <= k && + @ \forall integer l; i <= l < k ==> t[l] == c; + @ loop variant j - k; + @*/ + for (int k = i; k < j; k++) if (t[k] != c) return 0; + return 1; +} + +/*@ requires \valid_index(t,i); + @ requires \valid_index(t,j); + @ behavior i_j_swapped: + @ assigns t[i],t[j]; + @ ensures t[i] == \old(t[j]) && t[j] == \old(t[i]); + @*/ +void swap(color t[], int i, int j) { + color z = t[i]; + t[i] = t[j]; + t[j] = z; +} + +/*@ requires l >= 0 && is_color_array(t, l); + @ behavior sorts: + @ ensures + @ (\exists integer b,r; + @ is_monochrome(t,0,b,BLUE) && + @ is_monochrome(t,b,r,WHITE) && + @ is_monochrome(t,r,l,RED)); + @*/ +void flag(color t[], int l) { + int b = 0; + int i = 0; + int r = l; + /*@ loop invariant + @ is_color_array(t,l) && + @ 0 <= b <= i <= r <= l && + @ is_monochrome(t,0,b,BLUE) && + @ is_monochrome(t,b,i,WHITE) && + @ is_monochrome(t,r,l,RED); + @ loop variant r - i; + @*/ + while (i < r) { + switch (t[i]) { + case BLUE: + swap(t,b++, i++); + break; + case WHITE: + i++; + break; + case RED: + swap(t,--r, i); + break; + } + } +} + + + +/* +Local Variables: +compile-command: "make flag.why3ml" +End: +*/ +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/flag.c" +[jessie] Starting Jessie translation +[jessie] Producing Jessie files in subdir tests/c/flag.jessie +[jessie] File tests/c/flag.jessie/flag.jc written. +[jessie] File tests/c/flag.jessie/flag.cloc written. +========== file tests/c/flag.jessie/flag.jc ========== +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +tag charP = { + integer charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +predicate is_color(integer c) = +(((c == 1) || (c == 2)) || (c == 3)) + +predicate is_color_array{L}(charP[..] t, integer l) = +(((\offset_min(t) <= 0) && (\offset_max(t) >= (l - 1))) && + (\forall integer i; + (((0 <= i) && (i < l)) ==> is_color((t + i).charM)))) + +predicate is_monochrome{L}(charP[..] t_0, integer i_0, integer j, integer c_0) = +(\forall integer k; + (((i_0 <= k) && (k < j)) ==> ((t_0 + k).charM == c_0))) + +integer isMonochrome(charP[..] t_0, integer i, integer j, integer c) + requires (C_14 : ((C_15 : (\offset_min(t_0) <= i)) && + (C_16 : (\offset_max(t_0) >= j)))); +behavior default: + ensures (C_12 : true); +behavior decides_monochromatic: + ensures (C_13 : ((\result != 0) <==> + is_monochrome{Here}(\at(t_0,Old), \at(i,Old), \at(j,Old), + \at(c,Old)))); +{ + (var integer k); + + (var integer __retres); + + { + { (C_1 : (k = i)); + + loop + behavior default: + invariant (C_3 : ((C_4 : (i <= k)) && + (C_5 : (\forall integer l_0; + (((i <= l_0) && (l_0 < k)) ==> + ((t_0 + l_0).charM == c)))))); + variant (C_2 : (j - k)); + while (true) + { + { (if (k < j) then () else + (goto while_0_break)); + (if ((C_8 : (C_7 : (t_0 + k)).charM) != c) then + { (C_6 : (__retres = 0)); + + (goto return_label) + } else ()); + (C_10 : (k = (C_9 : (k + 1)))) + } + }; + (while_0_break : ()) + }; + (C_11 : (__retres = 1)); + (return_label : + (return __retres)) + } +} + +unit swap(charP[..] t_1, integer i_0, integer j_0) + requires (C_35 : ((C_36 : (\offset_min(t_1) <= i_0)) && + (C_37 : (\offset_max(t_1) >= i_0)))); + requires (C_32 : ((C_33 : (\offset_min(t_1) <= j_0)) && + (C_34 : (\offset_max(t_1) >= j_0)))); +behavior default: + ensures (C_28 : true); +behavior i_j_swapped: + assigns (t_1 + i_0).charM, + (t_1 + j_0).charM; + ensures (C_29 : ((C_30 : ((\at(t_1,Old) + \at(i_0,Old)).charM == + \at((t_1 + j_0).charM,Old))) && + (C_31 : ((\at(t_1,Old) + \at(j_0,Old)).charM == + \at((t_1 + i_0).charM,Old))))); +{ + (var integer z); + + { (C_19 : (z = (C_18 : (C_17 : (t_1 + i_0)).charM))); + (C_24 : ((C_23 : (C_22 : (t_1 + i_0)).charM) = (C_21 : (C_20 : + (t_1 + + j_0)).charM))); + (C_27 : ((C_26 : (C_25 : (t_1 + j_0)).charM) = z)); + + (return ()) + } +} + +unit flag(charP[..] t, integer l) + requires (C_73 : ((C_74 : (l >= 0)) && (C_75 : is_color_array{Here}(t, l)))); +behavior default: + ensures (C_71 : true); +behavior sorts: + ensures (C_72 : (\exists integer b; + (\exists integer r; + ((is_monochrome{Here}(\at(t,Old), 0, b, 1) && + is_monochrome{Here}(\at(t,Old), b, r, 2)) && + is_monochrome{Here}(\at(t,Old), r, \at(l,Old), 3))))); +{ + (var integer b); + + (var integer i_1); + + (var integer r); + + (var integer tmp); + + (var integer tmp_0); + + { (C_38 : (b = 0)); + (C_39 : (i_1 = 0)); + (C_40 : (r = l)); + + loop + behavior default: + invariant (C_42 : (((((C_46 : is_color_array{Here}(t, l)) && + ((C_48 : (0 <= b)) && + ((C_50 : (b <= i_1)) && + ((C_52 : (i_1 <= r)) && (C_53 : (r <= l)))))) && + (C_54 : is_monochrome{Here}(t, 0, b, 1))) && + (C_55 : is_monochrome{Here}(t, b, i_1, 2))) && + (C_56 : is_monochrome{Here}(t, r, l, 3)))); + variant (C_41 : (r - i_1)); + while (true) + { + { (if (i_1 < r) then () else + (goto while_0_break)); + + { + switch ((C_70 : (C_69 : (t + i_1)).charM)) { + case 1: + { + { (C_57 : (tmp = i_1)); + (C_59 : (i_1 = (C_58 : (i_1 + 1)))); + (); + (C_60 : (tmp_0 = b)); + (C_62 : (b = (C_61 : (b + 1)))); + (); + (); + (C_63 : swap(t, tmp_0, tmp)) + }; + + (goto switch_1_break) + } + case 2: + { (C_65 : (i_1 = (C_64 : (i_1 + 1)))); + + (goto switch_1_break) + } + case 3: + { + { (); + (C_67 : (r = (C_66 : (r - 1)))); + (); + (C_68 : swap(t, r, i_1)) + }; + + (goto switch_1_break) + } + }; + (switch_1_break : ()) + } + } + }; + (while_0_break : ()); + + (return ()) + } +} +========== file tests/c/flag.jessie/flag.cloc ========== +[C_50] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 13 +end = 19 + +[C_51] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 18 +end = 29 + +[C_52] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 18 +end = 24 + +[C_53] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 23 +end = 29 + +[C_54] +file = "HOME/tests/c/flag.c" +line = 96 +begin = 8 +end = 37 + +[C_55] +file = "HOME/tests/c/flag.c" +line = 97 +begin = 8 +end = 37 + +[C_56] +file = "HOME/tests/c/flag.c" +line = 98 +begin = 8 +end = 37 + +[C_57] +file = "HOME/tests/c/flag.c" +line = 104 +begin = 18 +end = 21 + +[C_58] +file = "HOME/tests/c/flag.c" +line = 104 +begin = 18 +end = 21 + +[C_59] +file = "HOME/tests/c/flag.c" +line = 104 +begin = 18 +end = 21 + +[C_60] +file = "HOME/tests/c/flag.c" +line = 104 +begin = 13 +end = 16 + +[C_61] +file = "HOME/tests/c/flag.c" +line = 104 +begin = 13 +end = 16 + +[C_62] +file = "HOME/tests/c/flag.c" +line = 104 +begin = 13 +end = 16 + +[C_10] +file = "HOME/tests/c/flag.c" +line = 65 +begin = 25 +end = 28 + +[C_63] +file = "HOME/tests/c/flag.c" +line = 104 +begin = 6 +end = 22 + +[C_11] +file = "HOME/tests/c/flag.c" +line = 66 +begin = 2 +end = 11 + +[C_64] +file = "HOME/tests/c/flag.c" +line = 107 +begin = 6 +end = 9 + +[C_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[C_65] +file = "HOME/tests/c/flag.c" +line = 107 +begin = 6 +end = 9 + +[C_13] +file = "HOME/tests/c/flag.c" +line = 58 +begin = 14 +end = 49 + +[C_66] +file = "HOME/tests/c/flag.c" +line = 110 +begin = 13 +end = 16 + +[C_14] +file = "HOME/tests/c/flag.c" +line = 56 +begin = 13 +end = 32 + +[C_67] +file = "HOME/tests/c/flag.c" +line = 110 +begin = 13 +end = 16 + +[C_15] +file = "HOME/tests/c/flag.c" +line = 56 +begin = 13 +end = 32 + +[C_68] +file = "HOME/tests/c/flag.c" +line = 110 +begin = 6 +end = 20 + +[C_16] +file = "HOME/tests/c/flag.c" +line = 56 +begin = 13 +end = 32 + +[C_69] +file = "HOME/tests/c/flag.c" +line = 102 +begin = 12 +end = 13 + +[C_17] +file = "HOME/tests/c/flag.c" +line = 76 +begin = 12 +end = 13 + +[C_18] +file = "HOME/tests/c/flag.c" +line = 76 +begin = 12 +end = 16 + +[C_19] +file = "HOME/tests/c/flag.c" +line = 76 +begin = 2 +end = 7 + +[isMonochrome] +name = "Function isMonochrome" +file = "HOME/tests/c/flag.c" +line = 60 +begin = 4 +end = 16 + +[C_1] +file = "HOME/tests/c/flag.c" +line = 65 +begin = 7 +end = 10 + +[C_2] +file = "HOME/tests/c/flag.c" +line = 63 +begin = 19 +end = 24 + +[C_70] +file = "HOME/tests/c/flag.c" +line = 102 +begin = 12 +end = 16 + +[C_3] +file = "HOME/tests/c/flag.c" +line = 61 +begin = 21 +end = 82 + +[C_71] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[C_4] +file = "HOME/tests/c/flag.c" +line = 61 +begin = 21 +end = 27 + +[C_72] +file = "HOME/tests/c/flag.c" +line = 84 +begin = 8 +end = 159 + +[C_20] +file = "HOME/tests/c/flag.c" +line = 77 +begin = 9 +end = 10 + +[C_5] +file = "HOME/tests/c/flag.c" +line = 62 +begin = 8 +end = 51 + +[C_73] +file = "HOME/tests/c/flag.c" +line = 81 +begin = 13 +end = 43 + +[C_21] +file = "HOME/tests/c/flag.c" +line = 77 +begin = 9 +end = 13 + +[C_6] +file = "HOME/tests/c/flag.c" +line = 65 +begin = 45 +end = 54 + +[C_74] +file = "HOME/tests/c/flag.c" +line = 81 +begin = 13 +end = 19 + +[C_22] +file = "HOME/tests/c/flag.c" +line = 77 +begin = 2 +end = 3 + +[C_7] +file = "HOME/tests/c/flag.c" +line = 65 +begin = 34 +end = 35 + +[C_75] +file = "HOME/tests/c/flag.c" +line = 81 +begin = 23 +end = 43 + +[C_23] +file = "HOME/tests/c/flag.c" +line = 77 +begin = 9 +end = 13 + +[C_8] +file = "HOME/tests/c/flag.c" +line = 65 +begin = 34 +end = 38 + +[C_24] +file = "HOME/tests/c/flag.c" +line = 77 +begin = 9 +end = 13 + +[C_9] +file = "HOME/tests/c/flag.c" +line = 65 +begin = 25 +end = 28 + +[flag] +name = "Function flag" +file = "HOME/tests/c/flag.c" +line = 89 +begin = 5 +end = 9 + +[C_25] +file = "HOME/tests/c/flag.c" +line = 78 +begin = 2 +end = 3 + +[C_26] +file = "HOME/tests/c/flag.c" +line = 78 +begin = 9 +end = 10 + +[C_27] +file = "HOME/tests/c/flag.c" +line = 78 +begin = 9 +end = 10 + +[C_28] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[C_29] +file = "HOME/tests/c/flag.c" +line = 73 +begin = 14 +end = 54 + +[C_30] +file = "HOME/tests/c/flag.c" +line = 73 +begin = 14 +end = 32 + +[C_31] +file = "HOME/tests/c/flag.c" +line = 73 +begin = 36 +end = 54 + +[C_32] +file = "HOME/tests/c/flag.c" +line = 70 +begin = 13 +end = 30 + +[C_33] +file = "HOME/tests/c/flag.c" +line = 70 +begin = 13 +end = 30 + +[C_34] +file = "HOME/tests/c/flag.c" +line = 70 +begin = 13 +end = 30 + +[C_35] +file = "HOME/tests/c/flag.c" +line = 69 +begin = 13 +end = 30 + +[C_36] +file = "HOME/tests/c/flag.c" +line = 69 +begin = 13 +end = 30 + +[C_37] +file = "HOME/tests/c/flag.c" +line = 69 +begin = 13 +end = 30 + +[C_38] +file = "HOME/tests/c/flag.c" +line = 90 +begin = 2 +end = 5 + +[C_39] +file = "HOME/tests/c/flag.c" +line = 91 +begin = 2 +end = 5 + +[swap] +name = "Function swap" +file = "HOME/tests/c/flag.c" +line = 75 +begin = 5 +end = 9 + +[C_40] +file = "HOME/tests/c/flag.c" +line = 92 +begin = 2 +end = 5 + +[C_41] +file = "HOME/tests/c/flag.c" +line = 99 +begin = 19 +end = 24 + +[C_42] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 183 + +[C_43] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 142 + +[C_44] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 101 + +[C_45] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 60 + +[C_46] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 27 + +[C_47] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 8 +end = 29 + +[C_48] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 8 +end = 14 + +[C_49] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 13 +end = 29 + +========== jessie execution ========== +Generating Why function isMonochrome +Generating Why function swap +Generating Why function flag +========== file tests/c/flag.jessie/flag.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs flag.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs flag.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/flag_why.sx + +project: why/flag.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/flag_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/flag_why.vo + +coq/flag_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/flag_why.v: why/flag.why + @echo 'why -coq [...] why/flag.why' && $(WHY) $(JESSIELIBFILES) why/flag.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/flag_ctx_why.vo + for f in why/*_po*.why; do make -f flag.makefile coq/`basename $$f .why`_why.v ; done + +coq/flag_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/flag_ctx_why.v: why/flag_ctx.why + @echo 'why -coq [...] why/flag_ctx.why' && $(WHY) why/flag_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export flag_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/flag_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/flag_ctx_why.vo + +pvs: pvs/flag_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/flag_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/flag_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/flag_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/flag_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/flag_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/flag_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/flag_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/flag_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/flag_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/flag_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/flag_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/flag_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/flag_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/flag_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: flag.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/flag_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/flag_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: flag.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include flag.depend + +depend: coq/flag_why.v + -$(COQDEP) -I coq coq/flag*_why.v > flag.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/flag.jessie/flag.loc ========== +[JC_90] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 131 +begin = 6 +end = 1799 + +[isMonochrome_ensures_decides_monochromatic] +name = "Function isMonochrome" +behavior = "Behavior `decides_monochromatic'" +file = "HOME/tests/c/flag.c" +line = 60 +begin = 4 +end = 16 + +[JC_91] +kind = PointerDeref +file = "HOME/tests/c/flag.c" +line = 102 +begin = 12 +end = 16 + +[JC_92] +kind = UserCall +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 157 +begin = 31 +end = 50 + +[JC_40] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_93] +kind = UserCall +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 172 +begin = 31 +end = 46 + +[JC_41] +file = "HOME/tests/c/flag.c" +line = 69 +begin = 13 +end = 30 + +[JC_94] +file = "HOME/tests/c/flag.c" +line = 99 +begin = 19 +end = 24 + +[JC_42] +file = "HOME/tests/c/flag.c" +line = 69 +begin = 13 +end = 30 + +[JC_95] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 27 + +[JC_43] +file = "HOME/tests/c/flag.c" +line = 70 +begin = 13 +end = 30 + +[JC_96] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 8 +end = 14 + +[JC_44] +file = "HOME/tests/c/flag.c" +line = 70 +begin = 13 +end = 30 + +[JC_97] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 13 +end = 19 + +[JC_45] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_98] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 18 +end = 24 + +[JC_46] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1] +file = "HOME/tests/c/flag.c" +line = 56 +begin = 13 +end = 32 + +[JC_100] +file = "HOME/tests/c/flag.c" +line = 96 +begin = 8 +end = 37 + +[JC_99] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 23 +end = 29 + +[JC_47] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_2] +file = "HOME/tests/c/flag.c" +line = 56 +begin = 13 +end = 32 + +[JC_101] +file = "HOME/tests/c/flag.c" +line = 97 +begin = 8 +end = 37 + +[JC_48] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_3] +file = "HOME/tests/c/flag.c" +line = 56 +begin = 13 +end = 32 + +[JC_102] +file = "HOME/tests/c/flag.c" +line = 98 +begin = 8 +end = 37 + +[JC_49] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_103] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 183 + +[JC_5] +file = "HOME/tests/c/flag.c" +line = 56 +begin = 13 +end = 32 + +[JC_104] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_6] +file = "HOME/tests/c/flag.c" +line = 56 +begin = 13 +end = 32 + +[JC_105] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 131 +begin = 6 +end = 1799 + +[JC_7] +file = "HOME/tests/c/flag.c" +line = 56 +begin = 13 +end = 32 + +[flag_ensures_sorts] +name = "Function flag" +behavior = "Behavior `sorts'" +file = "HOME/tests/c/flag.c" +line = 89 +begin = 5 +end = 9 + +[JC_106] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 131 +begin = 6 +end = 1799 + +[swap_ensures_i_j_swapped] +name = "Function swap" +behavior = "Behavior `i_j_swapped'" +file = "HOME/tests/c/flag.c" +line = 75 +begin = 5 +end = 9 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_107] +kind = UserCall +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 157 +begin = 31 +end = 50 + +[JC_9] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_108] +kind = UserCall +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 172 +begin = 31 +end = 46 + +[JC_109] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 27 + +[flag_ensures_default] +name = "Function flag" +behavior = "default behavior" +file = "HOME/tests/c/flag.c" +line = 89 +begin = 5 +end = 9 + +[JC_50] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_51] +file = "HOME/tests/c/flag.c" +line = 73 +begin = 14 +end = 32 + +[JC_52] +file = "HOME/tests/c/flag.c" +line = 73 +begin = 36 +end = 54 + +[JC_53] +file = "HOME/tests/c/flag.c" +line = 73 +begin = 14 +end = 54 + +[JC_54] +file = "HOME/tests/c/flag.c" +line = 75 +begin = 5 +end = 9 + +[JC_55] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 86 +begin = 9 +end = 20 + +[JC_56] +file = "HOME/tests/c/flag.c" +line = 73 +begin = 14 +end = 32 + +[JC_110] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 8 +end = 14 + +[JC_57] +file = "HOME/tests/c/flag.c" +line = 73 +begin = 36 +end = 54 + +[JC_111] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 13 +end = 19 + +[JC_58] +file = "HOME/tests/c/flag.c" +line = 73 +begin = 14 +end = 54 + +[JC_112] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 18 +end = 24 + +[JC_59] +file = "HOME/tests/c/flag.c" +line = 75 +begin = 5 +end = 9 + +[JC_113] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 23 +end = 29 + +[JC_114] +file = "HOME/tests/c/flag.c" +line = 96 +begin = 8 +end = 37 + +[JC_115] +file = "HOME/tests/c/flag.c" +line = 97 +begin = 8 +end = 37 + +[JC_116] +file = "HOME/tests/c/flag.c" +line = 98 +begin = 8 +end = 37 + +[JC_117] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 183 + +[JC_118] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_119] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 131 +begin = 6 +end = 1799 + +[swap_safety] +name = "Function swap" +behavior = "Safety" +file = "HOME/tests/c/flag.c" +line = 75 +begin = 5 +end = 9 + +[JC_60] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 86 +begin = 9 +end = 20 + +[JC_61] +kind = PointerDeref +file = "HOME/tests/c/flag.c" +line = 76 +begin = 12 +end = 16 + +[JC_62] +kind = PointerDeref +file = "HOME/tests/c/flag.c" +line = 77 +begin = 9 +end = 13 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_63] +kind = PointerDeref +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 97 +begin = 15 +end = 213 + +[JC_11] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_64] +kind = PointerDeref +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 100 +begin = 15 +end = 54 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_65] +file = "HOME/tests/c/flag.c" +line = 81 +begin = 13 +end = 19 + +[JC_13] +file = "HOME/tests/c/flag.c" +line = 58 +begin = 14 +end = 49 + +[JC_66] +file = "HOME/tests/c/flag.c" +line = 81 +begin = 23 +end = 43 + +[isMonochrome_ensures_default] +name = "Function isMonochrome" +behavior = "default behavior" +file = "HOME/tests/c/flag.c" +line = 60 +begin = 4 +end = 16 + +[JC_14] +file = "HOME/tests/c/flag.c" +line = 58 +begin = 14 +end = 49 + +[JC_120] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 131 +begin = 6 +end = 1799 + +[JC_67] +file = "HOME/tests/c/flag.c" +line = 81 +begin = 13 +end = 43 + +[JC_15] +file = "HOME/tests/c/flag.c" +line = 61 +begin = 21 +end = 27 + +[JC_121] +kind = UserCall +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 157 +begin = 31 +end = 50 + +[JC_68] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_16] +file = "HOME/tests/c/flag.c" +line = 62 +begin = 8 +end = 51 + +[JC_122] +kind = UserCall +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 172 +begin = 31 +end = 46 + +[JC_69] +file = "HOME/tests/c/flag.c" +line = 81 +begin = 13 +end = 19 + +[JC_17] +file = "HOME/tests/c/flag.c" +line = 61 +begin = 21 +end = 82 + +[JC_18] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_19] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 52 +begin = 9 +end = 700 + +[JC_70] +file = "HOME/tests/c/flag.c" +line = 81 +begin = 23 +end = 43 + +[JC_71] +file = "HOME/tests/c/flag.c" +line = 81 +begin = 13 +end = 43 + +[JC_72] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_20] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 52 +begin = 9 +end = 700 + +[JC_73] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_21] +kind = PointerDeref +file = "HOME/tests/c/flag.c" +line = 65 +begin = 34 +end = 38 + +[JC_74] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_22] +file = "HOME/tests/c/flag.c" +line = 63 +begin = 19 +end = 24 + +[JC_75] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_23] +file = "HOME/tests/c/flag.c" +line = 61 +begin = 21 +end = 27 + +[JC_76] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[swap_ensures_default] +name = "Function swap" +behavior = "default behavior" +file = "HOME/tests/c/flag.c" +line = 75 +begin = 5 +end = 9 + +[JC_24] +file = "HOME/tests/c/flag.c" +line = 62 +begin = 8 +end = 51 + +[flag_safety] +name = "Function flag" +behavior = "Safety" +file = "HOME/tests/c/flag.c" +line = 89 +begin = 5 +end = 9 + +[JC_77] +file = "HOME/tests/c/flag.c" +line = 84 +begin = 8 +end = 159 + +[JC_25] +file = "HOME/tests/c/flag.c" +line = 61 +begin = 21 +end = 82 + +[JC_78] +file = "HOME/tests/c/flag.c" +line = 84 +begin = 8 +end = 159 + +[JC_26] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_79] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 27 + +[JC_27] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 52 +begin = 9 +end = 700 + +[JC_28] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 52 +begin = 9 +end = 700 + +[JC_29] +file = "HOME/tests/c/flag.c" +line = 61 +begin = 21 +end = 27 + +[isMonochrome_safety] +name = "Function isMonochrome" +behavior = "Safety" +file = "HOME/tests/c/flag.c" +line = 60 +begin = 4 +end = 16 + +[JC_80] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 8 +end = 14 + +[JC_81] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 13 +end = 19 + +[JC_82] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 18 +end = 24 + +[JC_30] +file = "HOME/tests/c/flag.c" +line = 62 +begin = 8 +end = 51 + +[JC_83] +file = "HOME/tests/c/flag.c" +line = 95 +begin = 23 +end = 29 + +[JC_31] +file = "HOME/tests/c/flag.c" +line = 61 +begin = 21 +end = 82 + +[JC_84] +file = "HOME/tests/c/flag.c" +line = 96 +begin = 8 +end = 37 + +[JC_32] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_85] +file = "HOME/tests/c/flag.c" +line = 97 +begin = 8 +end = 37 + +[JC_33] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 52 +begin = 9 +end = 700 + +[JC_86] +file = "HOME/tests/c/flag.c" +line = 98 +begin = 8 +end = 37 + +[JC_34] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 52 +begin = 9 +end = 700 + +[JC_87] +file = "HOME/tests/c/flag.c" +line = 94 +begin = 8 +end = 183 + +[JC_35] +file = "HOME/tests/c/flag.c" +line = 69 +begin = 13 +end = 30 + +[JC_88] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_36] +file = "HOME/tests/c/flag.c" +line = 69 +begin = 13 +end = 30 + +[JC_89] +file = "HOME/tests/c/flag.jessie/flag.jc" +line = 131 +begin = 6 +end = 1799 + +[JC_37] +file = "HOME/tests/c/flag.c" +line = 70 +begin = 13 +end = 30 + +[JC_38] +file = "HOME/tests/c/flag.c" +line = 70 +begin = 13 +end = 30 + +[JC_39] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +========== file tests/c/flag.jessie/why/flag.why ========== +type charP + +type padding + +type voidP + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +predicate is_color(c:int) = ((c = (1)) or ((c = (2)) or (c = (3)))) + +predicate is_color_array(t:charP pointer, l:int, + charP_t_1_alloc_table_at_L:charP alloc_table, + charP_charM_t_1_at_L:(charP, int) memory) = + (le_int(offset_min(charP_t_1_alloc_table_at_L, t), (0)) + and (ge_int(offset_max(charP_t_1_alloc_table_at_L, t), sub_int(l, (1))) + and (forall i_1:int. + ((le_int((0), i_1) and lt_int(i_1, l)) -> + is_color(select(charP_charM_t_1_at_L, shift(t, i_1))))))) + +predicate is_monochrome(t_0:charP pointer, i_0:int, j:int, c_0:int, + charP_charM_t_0_2_at_L:(charP, int) memory) = + (forall k:int. + ((le_int(i_0, k) and lt_int(k, j)) -> + (select(charP_charM_t_0_2_at_L, shift(t_0, k)) = c_0))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +exception Goto_switch_1_break_exc of unit + +exception Goto_while_0_break_exc of unit + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter flag : + t_2:charP pointer -> + l_0:int -> + charP_charM_t_5:(charP, int) memory ref -> + charP_t_5_alloc_table:charP alloc_table -> + { } unit reads charP_charM_t_5 writes charP_charM_t_5 + { (JC_78: + (exists b:int. + (exists r:int. + (is_monochrome(t_2, (0), b, (1), charP_charM_t_5) + and (is_monochrome(t_2, b, r, (2), charP_charM_t_5) + and is_monochrome(t_2, r, l_0, (3), charP_charM_t_5)))))) } + +parameter flag_requires : + t_2:charP pointer -> + l_0:int -> + charP_charM_t_5:(charP, int) memory ref -> + charP_t_5_alloc_table:charP alloc_table -> + { (JC_67: + ((JC_65: ge_int(l_0, (0))) + and (JC_66: + is_color_array(t_2, l_0, charP_t_5_alloc_table, charP_charM_t_5))))} + unit reads charP_charM_t_5 writes charP_charM_t_5 + { (JC_78: + (exists b:int. + (exists r:int. + (is_monochrome(t_2, (0), b, (1), charP_charM_t_5) + and (is_monochrome(t_2, b, r, (2), charP_charM_t_5) + and is_monochrome(t_2, r, l_0, (3), charP_charM_t_5)))))) } + +parameter isMonochrome : + t_0_0:charP pointer -> + i:int -> + j_0:int -> + c_1:int -> + charP_t_0_3_alloc_table:charP alloc_table -> + charP_charM_t_0_3:(charP, int) memory -> + { } int + { (JC_14: + ((result <> (0)) + <-> is_monochrome(t_0_0, i, j_0, c_1, charP_charM_t_0_3))) } + +parameter isMonochrome_requires : + t_0_0:charP pointer -> + i:int -> + j_0:int -> + c_1:int -> + charP_t_0_3_alloc_table:charP alloc_table -> + charP_charM_t_0_3:(charP, int) memory -> + { (JC_3: + ((JC_1: le_int(offset_min(charP_t_0_3_alloc_table, t_0_0), i)) + and (JC_2: ge_int(offset_max(charP_t_0_3_alloc_table, t_0_0), j_0))))} + int + { (JC_14: + ((result <> (0)) + <-> is_monochrome(t_0_0, i, j_0, c_1, charP_charM_t_0_3))) } + +parameter swap : + t_1:charP pointer -> + i_0_0:int -> + j_0_0:int -> + charP_charM_t_1_4:(charP, int) memory ref -> + charP_t_1_4_alloc_table:charP alloc_table -> + { } unit reads charP_charM_t_1_4 writes charP_charM_t_1_4 + { (JC_60: + ((JC_58: + ((JC_56: + (select(charP_charM_t_1_4, shift(t_1, i_0_0)) = select(charP_charM_t_1_4@, + shift(t_1, j_0_0)))) + and (JC_57: + (select(charP_charM_t_1_4, shift(t_1, j_0_0)) = select(charP_charM_t_1_4@, + shift(t_1, + i_0_0)))))) + and (JC_59: + not_assigns(charP_t_1_4_alloc_table, charP_charM_t_1_4@, + charP_charM_t_1_4, + pset_union(pset_range(pset_singleton(t_1), j_0_0, j_0_0), + pset_range(pset_singleton(t_1), i_0_0, i_0_0)))))) } + +parameter swap_requires : + t_1:charP pointer -> + i_0_0:int -> + j_0_0:int -> + charP_charM_t_1_4:(charP, int) memory ref -> + charP_t_1_4_alloc_table:charP alloc_table -> + { (JC_39: + ((JC_35: le_int(offset_min(charP_t_1_4_alloc_table, t_1), i_0_0)) + and ((JC_36: ge_int(offset_max(charP_t_1_4_alloc_table, t_1), i_0_0)) + and ((JC_37: + le_int(offset_min(charP_t_1_4_alloc_table, t_1), j_0_0)) + and (JC_38: + ge_int(offset_max(charP_t_1_4_alloc_table, t_1), j_0_0))))))} + unit reads charP_charM_t_1_4 writes charP_charM_t_1_4 + { (JC_60: + ((JC_58: + ((JC_56: + (select(charP_charM_t_1_4, shift(t_1, i_0_0)) = select(charP_charM_t_1_4@, + shift(t_1, j_0_0)))) + and (JC_57: + (select(charP_charM_t_1_4, shift(t_1, j_0_0)) = select(charP_charM_t_1_4@, + shift(t_1, + i_0_0)))))) + and (JC_59: + not_assigns(charP_t_1_4_alloc_table, charP_charM_t_1_4@, + charP_charM_t_1_4, + pset_union(pset_range(pset_singleton(t_1), j_0_0, j_0_0), + pset_range(pset_singleton(t_1), i_0_0, i_0_0)))))) } + +let flag_ensures_default = + fun (t_2 : charP pointer) (l_0 : int) (charP_charM_t_5 : (charP, int) memory ref) (charP_t_5_alloc_table : charP alloc_table) -> + { (JC_71: + ((JC_69: ge_int(l_0, (0))) + and (JC_70: + is_color_array(t_2, l_0, charP_t_5_alloc_table, charP_charM_t_5)))) } + (init: + try + begin + (let b_0 = ref (any_int void) in + (let i_1_0 = ref (any_int void) in + (let r_0 = ref (any_int void) in + (let tmp = ref (any_int void) in + (let tmp_0 = ref (any_int void) in + try + (C_38: + (C_39: + (C_40: + begin + (let jessie_ = (b_0 := (0)) in void); + (let jessie_ = (i_1_0 := (0)) in void); + (let jessie_ = (r_0 := l_0) in void); + (loop_5: + while true do + { invariant + (JC_103: + ((JC_95: + is_color_array(t_2, l_0, charP_t_5_alloc_table, charP_charM_t_5)) + and ((JC_96: le_int((0), b_0)) + and ((JC_97: le_int(b_0, i_1_0)) + and ((JC_98: le_int(i_1_0, r_0)) + and ((JC_99: le_int(r_0, l_0)) + and ((JC_100: + is_monochrome(t_2, (0), b_0, (1), + charP_charM_t_5)) + and ((JC_101: + is_monochrome(t_2, b_0, i_1_0, (2), + charP_charM_t_5)) + and (JC_102: + is_monochrome(t_2, r_0, l_0, (3), + charP_charM_t_5)))))))))) } + begin + [ { } unit { true } ]; + try + begin + (if ((lt_int_ !i_1_0) !r_0) then void + else (raise (Goto_while_0_break_exc void))); + try + begin + (let jessie_ = + (C_70: + ((safe_acc_ !charP_charM_t_5) (C_69: ((shift t_2) !i_1_0)))) in + (if ((eq_int_ jessie_) (1)) + then + (C_57: + (C_59: + (C_60: + (C_62: + begin + (let jessie_ = (tmp := !i_1_0) in void); + (let jessie_ = + (i_1_0 := (C_58: ((add_int !i_1_0) (1)))) in void); void; + (let jessie_ = (tmp_0 := !b_0) in void); + (let jessie_ = (b_0 := (C_61: ((add_int !b_0) (1)))) in + void); void; void; + (C_63: + (let jessie_ = t_2 in + (let jessie_ = !tmp_0 in + (let jessie_ = !tmp in + (JC_107: + (((((swap jessie_) jessie_) jessie_) charP_charM_t_5) charP_t_5_alloc_table)))))); + (raise (Goto_switch_1_break_exc void)) end)))) + else + begin + (if ((eq_int_ jessie_) (2)) + then + (C_65: + begin + (let jessie_ = + (i_1_0 := (C_64: ((add_int !i_1_0) (1)))) in void); + (raise (Goto_switch_1_break_exc void)) end) else void); + (if (((eq_int_ jessie_) (3)) || ((eq_int_ jessie_) (2))) + then + (C_67: + begin + void; + (let jessie_ = (r_0 := (C_66: ((sub_int !r_0) (1)))) in + void); void; + (C_68: + (let jessie_ = t_2 in + (let jessie_ = !r_0 in + (let jessie_ = !i_1_0 in + (JC_108: + (((((swap jessie_) jessie_) jessie_) charP_charM_t_5) charP_t_5_alloc_table)))))); + (raise (Goto_switch_1_break_exc void)) end) else void) end)); + (raise (Goto_switch_1_break_exc void)) end with + Goto_switch_1_break_exc jessie_ -> (switch_1_break: void) end; + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end))) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: begin void; (raise Return) end) end))))); + (raise Return) end with Return -> void end) { (JC_73: true) } + +let flag_ensures_sorts = + fun (t_2 : charP pointer) (l_0 : int) (charP_charM_t_5 : (charP, int) memory ref) (charP_t_5_alloc_table : charP alloc_table) -> + { (JC_71: + ((JC_69: ge_int(l_0, (0))) + and (JC_70: + is_color_array(t_2, l_0, charP_t_5_alloc_table, charP_charM_t_5)))) } + (init: + try + begin + (let b_0 = ref (any_int void) in + (let i_1_0 = ref (any_int void) in + (let r_0 = ref (any_int void) in + (let tmp = ref (any_int void) in + (let tmp_0 = ref (any_int void) in + try + (C_38: + (C_39: + (C_40: + begin + (let jessie_ = (b_0 := (0)) in void); + (let jessie_ = (i_1_0 := (0)) in void); + (let jessie_ = (r_0 := l_0) in void); + (loop_6: + while true do + { invariant (JC_119: true) } + begin + [ { } unit reads b_0,charP_charM_t_5,i_1_0,r_0 + { (JC_117: + ((JC_109: + is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)) + and ((JC_110: le_int((0), b_0)) + and ((JC_111: le_int(b_0, i_1_0)) + and ((JC_112: le_int(i_1_0, r_0)) + and ((JC_113: le_int(r_0, l_0)) + and ((JC_114: + is_monochrome(t_2, (0), b_0, (1), + charP_charM_t_5)) + and ((JC_115: + is_monochrome(t_2, b_0, i_1_0, (2), + charP_charM_t_5)) + and (JC_116: + is_monochrome(t_2, r_0, l_0, (3), + charP_charM_t_5)))))))))) } ]; + try + begin + (if ((lt_int_ !i_1_0) !r_0) then void + else (raise (Goto_while_0_break_exc void))); + try + begin + (let jessie_ = + (C_70: + ((safe_acc_ !charP_charM_t_5) (C_69: ((shift t_2) !i_1_0)))) in + (if ((eq_int_ jessie_) (1)) + then + (C_57: + (C_59: + (C_60: + (C_62: + begin + (let jessie_ = (tmp := !i_1_0) in void); + (let jessie_ = + (i_1_0 := (C_58: ((add_int !i_1_0) (1)))) in void); void; + (let jessie_ = (tmp_0 := !b_0) in void); + (let jessie_ = (b_0 := (C_61: ((add_int !b_0) (1)))) in + void); void; void; + (C_63: + (let jessie_ = t_2 in + (let jessie_ = !tmp_0 in + (let jessie_ = !tmp in + (JC_121: + (((((swap jessie_) jessie_) jessie_) charP_charM_t_5) charP_t_5_alloc_table)))))); + (raise (Goto_switch_1_break_exc void)) end)))) + else + begin + (if ((eq_int_ jessie_) (2)) + then + (C_65: + begin + (let jessie_ = + (i_1_0 := (C_64: ((add_int !i_1_0) (1)))) in void); + (raise (Goto_switch_1_break_exc void)) end) else void); + (if (((eq_int_ jessie_) (3)) || ((eq_int_ jessie_) (2))) + then + (C_67: + begin + void; + (let jessie_ = (r_0 := (C_66: ((sub_int !r_0) (1)))) in + void); void; + (C_68: + (let jessie_ = t_2 in + (let jessie_ = !r_0 in + (let jessie_ = !i_1_0 in + (JC_122: + (((((swap jessie_) jessie_) jessie_) charP_charM_t_5) charP_t_5_alloc_table)))))); + (raise (Goto_switch_1_break_exc void)) end) else void) end)); + (raise (Goto_switch_1_break_exc void)) end with + Goto_switch_1_break_exc jessie_ -> (switch_1_break: void) end; + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end))) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: begin void; (raise Return) end) end))))); + (raise Return) end with Return -> void end) + { (JC_77: + (exists b:int. + (exists r:int. + (is_monochrome(t_2, (0), b, (1), charP_charM_t_5) + and (is_monochrome(t_2, b, r, (2), charP_charM_t_5) + and is_monochrome(t_2, r, l_0, (3), charP_charM_t_5)))))) } + +let flag_safety = + fun (t_2 : charP pointer) (l_0 : int) (charP_charM_t_5 : (charP, int) memory ref) (charP_t_5_alloc_table : charP alloc_table) -> + { (JC_71: + ((JC_69: ge_int(l_0, (0))) + and (JC_70: + is_color_array(t_2, l_0, charP_t_5_alloc_table, charP_charM_t_5)))) } + (init: + try + begin + (let b_0 = ref (any_int void) in + (let i_1_0 = ref (any_int void) in + (let r_0 = ref (any_int void) in + (let tmp = ref (any_int void) in + (let tmp_0 = ref (any_int void) in + try + (C_38: + (C_39: + (C_40: + begin + (let jessie_ = (b_0 := (0)) in void); + (let jessie_ = (i_1_0 := (0)) in void); + (let jessie_ = (r_0 := l_0) in void); + (loop_4: + while true do + { invariant (JC_89: true) variant (JC_94 : sub_int(r_0, i_1_0)) } + begin + [ { } unit reads b_0,charP_charM_t_5,i_1_0,r_0 + { (JC_87: + ((JC_79: + is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)) + and ((JC_80: le_int((0), b_0)) + and ((JC_81: le_int(b_0, i_1_0)) + and ((JC_82: le_int(i_1_0, r_0)) + and ((JC_83: le_int(r_0, l_0)) + and ((JC_84: + is_monochrome(t_2, (0), b_0, (1), + charP_charM_t_5)) + and ((JC_85: + is_monochrome(t_2, b_0, i_1_0, (2), + charP_charM_t_5)) + and (JC_86: + is_monochrome(t_2, r_0, l_0, (3), + charP_charM_t_5)))))))))) } ]; + try + begin + (if ((lt_int_ !i_1_0) !r_0) then void + else (raise (Goto_while_0_break_exc void))); + try + begin + (let jessie_ = + (C_70: + (JC_91: + ((((offset_acc_ charP_t_5_alloc_table) !charP_charM_t_5) t_2) !i_1_0))) in + (if ((eq_int_ jessie_) (1)) + then + (C_57: + (C_59: + (C_60: + (C_62: + begin + (let jessie_ = (tmp := !i_1_0) in void); + (let jessie_ = (i_1_0 := (C_58: ((add_int !i_1_0) (1)))) in + void); void; (let jessie_ = (tmp_0 := !b_0) in void); + (let jessie_ = (b_0 := (C_61: ((add_int !b_0) (1)))) in + void); void; void; + (C_63: + (let jessie_ = t_2 in + (let jessie_ = !tmp_0 in + (let jessie_ = !tmp in + (JC_92: + (((((swap_requires jessie_) jessie_) jessie_) charP_charM_t_5) charP_t_5_alloc_table)))))); + (raise (Goto_switch_1_break_exc void)) end)))) + else + begin + (if ((eq_int_ jessie_) (2)) + then + (C_65: + begin + (let jessie_ = + (i_1_0 := (C_64: ((add_int !i_1_0) (1)))) in void); + (raise (Goto_switch_1_break_exc void)) end) else void); + (if (((eq_int_ jessie_) (3)) || ((eq_int_ jessie_) (2))) + then + (C_67: + begin + void; + (let jessie_ = (r_0 := (C_66: ((sub_int !r_0) (1)))) in + void); void; + (C_68: + (let jessie_ = t_2 in + (let jessie_ = !r_0 in + (let jessie_ = !i_1_0 in + (JC_93: + (((((swap_requires jessie_) jessie_) jessie_) charP_charM_t_5) charP_t_5_alloc_table)))))); + (raise (Goto_switch_1_break_exc void)) end) else void) end)); + (raise (Goto_switch_1_break_exc void)) end with + Goto_switch_1_break_exc jessie_ -> (switch_1_break: void) end; + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end))) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: begin void; (raise Return) end) end))))); + (raise Return) end with Return -> void end) { true } + +let isMonochrome_ensures_decides_monochromatic = + fun (t_0_0 : charP pointer) (i : int) (j_0 : int) (c_1 : int) (charP_t_0_3_alloc_table : charP alloc_table) (charP_charM_t_0_3 : (charP, int) memory) -> + { (JC_7: + ((JC_5: le_int(offset_min(charP_t_0_3_alloc_table, t_0_0), i)) + and (JC_6: ge_int(offset_max(charP_t_0_3_alloc_table, t_0_0), j_0)))) } + (init: + (let return = ref (any_int void) in + try + begin + (let k_0 = ref (any_int void) in + (let __retres = ref (any_int void) in + try + (C_11: + begin + try + (C_1: + begin + (let jessie_ = (k_0 := i) in void); + (loop_3: + while true do + { invariant (JC_33: true) } + begin + [ { } unit reads k_0 + { (JC_31: + ((JC_29: le_int(i, k_0)) + and (JC_30: + (forall l_0_0:int. + ((le_int(i, l_0_0) and lt_int(l_0_0, k_0)) -> + (select(charP_charM_t_0_3, shift(t_0_0, l_0_0)) = c_1)))))) } ]; + try + begin + (let jessie_ = + (C_10: + begin + (if ((lt_int_ !k_0) j_0) then void + else (raise (Goto_while_0_break_exc void))); + (if ((neq_int_ (C_8: + ((safe_acc_ charP_charM_t_0_3) (C_7: + ((shift t_0_0) !k_0))))) c_1) + then + (C_6: + begin + (let jessie_ = (__retres := (0)) in void); + (raise (Return_label_exc void)) end) else void); + (k_0 := (C_9: ((add_int !k_0) (1)))); !k_0 end) in void); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + (let jessie_ = (__retres := (1)) in void); + (raise (Return_label_exc void)) end) with Return_label_exc jessie_ -> + (return_label: begin (return := !__retres); (raise Return) end) end)); + absurd end with Return -> !return end)) + { (JC_13: + ((result <> (0)) + <-> is_monochrome(t_0_0, i, j_0, c_1, charP_charM_t_0_3))) } + +let isMonochrome_ensures_default = + fun (t_0_0 : charP pointer) (i : int) (j_0 : int) (c_1 : int) (charP_t_0_3_alloc_table : charP alloc_table) (charP_charM_t_0_3 : (charP, int) memory) -> + { (JC_7: + ((JC_5: le_int(offset_min(charP_t_0_3_alloc_table, t_0_0), i)) + and (JC_6: ge_int(offset_max(charP_t_0_3_alloc_table, t_0_0), j_0)))) } + (init: + (let return = ref (any_int void) in + try + begin + (let k_0 = ref (any_int void) in + (let __retres = ref (any_int void) in + try + (C_11: + begin + try + (C_1: + begin + (let jessie_ = (k_0 := i) in void); + (loop_2: + while true do + { invariant + (JC_25: + ((JC_23: le_int(i, k_0)) + and (JC_24: + (forall l_0_0:int. + ((le_int(i, l_0_0) and lt_int(l_0_0, k_0)) -> + (select(charP_charM_t_0_3, shift(t_0_0, l_0_0)) = c_1)))))) + } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_10: + begin + (if ((lt_int_ !k_0) j_0) then void + else (raise (Goto_while_0_break_exc void))); + (if ((neq_int_ (C_8: + ((safe_acc_ charP_charM_t_0_3) (C_7: + ((shift t_0_0) !k_0))))) c_1) + then + (C_6: + begin + (let jessie_ = (__retres := (0)) in void); + (raise (Return_label_exc void)) end) else void); + (k_0 := (C_9: ((add_int !k_0) (1)))); !k_0 end) in void); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + (let jessie_ = (__retres := (1)) in void); + (raise (Return_label_exc void)) end) with Return_label_exc jessie_ -> + (return_label: begin (return := !__retres); (raise Return) end) end)); + absurd end with Return -> !return end)) { (JC_9: true) } + +let isMonochrome_safety = + fun (t_0_0 : charP pointer) (i : int) (j_0 : int) (c_1 : int) (charP_t_0_3_alloc_table : charP alloc_table) (charP_charM_t_0_3 : (charP, int) memory) -> + { (JC_7: + ((JC_5: le_int(offset_min(charP_t_0_3_alloc_table, t_0_0), i)) + and (JC_6: ge_int(offset_max(charP_t_0_3_alloc_table, t_0_0), j_0)))) } + (init: + (let return = ref (any_int void) in + try + begin + (let k_0 = ref (any_int void) in + (let __retres = ref (any_int void) in + try + (C_11: + begin + try + (C_1: + begin + (let jessie_ = (k_0 := i) in void); + (loop_1: + while true do + { invariant (JC_19: true) variant (JC_22 : sub_int(j_0, k_0)) } + begin + [ { } unit reads k_0 + { (JC_17: + ((JC_15: le_int(i, k_0)) + and (JC_16: + (forall l_0_0:int. + ((le_int(i, l_0_0) and lt_int(l_0_0, k_0)) -> + (select(charP_charM_t_0_3, shift(t_0_0, l_0_0)) = c_1)))))) } ]; + try + begin + (let jessie_ = + (C_10: + begin + (if ((lt_int_ !k_0) j_0) then void + else (raise (Goto_while_0_break_exc void))); + (if ((neq_int_ (C_8: + (JC_21: + ((((offset_acc_ charP_t_0_3_alloc_table) charP_charM_t_0_3) t_0_0) !k_0)))) c_1) + then + (C_6: + begin + (let jessie_ = (__retres := (0)) in void); + (raise (Return_label_exc void)) end) else void); + (k_0 := (C_9: ((add_int !k_0) (1)))); !k_0 end) in void); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + (let jessie_ = (__retres := (1)) in void); + (raise (Return_label_exc void)) end) with Return_label_exc jessie_ -> + (return_label: begin (return := !__retres); (raise Return) end) end)); + absurd end with Return -> !return end)) { true } + +let swap_ensures_default = + fun (t_1 : charP pointer) (i_0_0 : int) (j_0_0 : int) (charP_charM_t_1_4 : (charP, int) memory ref) (charP_t_1_4_alloc_table : charP alloc_table) -> + { (JC_45: + ((JC_41: le_int(offset_min(charP_t_1_4_alloc_table, t_1), i_0_0)) + and ((JC_42: ge_int(offset_max(charP_t_1_4_alloc_table, t_1), i_0_0)) + and ((JC_43: le_int(offset_min(charP_t_1_4_alloc_table, t_1), j_0_0)) + and (JC_44: + ge_int(offset_max(charP_t_1_4_alloc_table, t_1), j_0_0)))))) } + (init: + try + begin + (let z = ref (any_int void) in + (C_19: + (C_24: + (C_27: + begin + (let jessie_ = + (z := (C_18: + ((safe_acc_ !charP_charM_t_1_4) (C_17: ((shift t_1) i_0_0))))) in + void); + (let jessie_ = + (let jessie_ = + (C_21: ((safe_acc_ !charP_charM_t_1_4) (C_20: ((shift t_1) j_0_0)))) in + (let jessie_ = t_1 in + (let jessie_ = i_0_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (((safe_upd_ charP_charM_t_1_4) jessie_) jessie_))))) in void); + (let jessie_ = + (let jessie_ = !z in + (let jessie_ = t_1 in + (let jessie_ = j_0_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (((safe_upd_ charP_charM_t_1_4) jessie_) jessie_))))) in void); + (raise Return) end)))); (raise Return) end with Return -> void end) + { (JC_47: true) } + +let swap_ensures_i_j_swapped = + fun (t_1 : charP pointer) (i_0_0 : int) (j_0_0 : int) (charP_charM_t_1_4 : (charP, int) memory ref) (charP_t_1_4_alloc_table : charP alloc_table) -> + { (JC_45: + ((JC_41: le_int(offset_min(charP_t_1_4_alloc_table, t_1), i_0_0)) + and ((JC_42: ge_int(offset_max(charP_t_1_4_alloc_table, t_1), i_0_0)) + and ((JC_43: le_int(offset_min(charP_t_1_4_alloc_table, t_1), j_0_0)) + and (JC_44: + ge_int(offset_max(charP_t_1_4_alloc_table, t_1), j_0_0)))))) } + (init: + try + begin + (let z = ref (any_int void) in + (C_19: + (C_24: + (C_27: + begin + (let jessie_ = + (z := (C_18: + ((safe_acc_ !charP_charM_t_1_4) (C_17: ((shift t_1) i_0_0))))) in + void); + (let jessie_ = + (let jessie_ = + (C_21: ((safe_acc_ !charP_charM_t_1_4) (C_20: ((shift t_1) j_0_0)))) in + (let jessie_ = t_1 in + (let jessie_ = i_0_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (((safe_upd_ charP_charM_t_1_4) jessie_) jessie_))))) in void); + (let jessie_ = + (let jessie_ = !z in + (let jessie_ = t_1 in + (let jessie_ = j_0_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (((safe_upd_ charP_charM_t_1_4) jessie_) jessie_))))) in void); + (raise Return) end)))); (raise Return) end with Return -> void end) + { (JC_55: + ((JC_53: + ((JC_51: + (select(charP_charM_t_1_4, shift(t_1, i_0_0)) = select(charP_charM_t_1_4@, + shift(t_1, j_0_0)))) + and (JC_52: + (select(charP_charM_t_1_4, shift(t_1, j_0_0)) = select(charP_charM_t_1_4@, + shift(t_1, i_0_0)))))) + and (JC_54: + not_assigns(charP_t_1_4_alloc_table, charP_charM_t_1_4@, + charP_charM_t_1_4, + pset_union(pset_range(pset_singleton(t_1), j_0_0, j_0_0), + pset_range(pset_singleton(t_1), i_0_0, i_0_0)))))) } + +let swap_safety = + fun (t_1 : charP pointer) (i_0_0 : int) (j_0_0 : int) (charP_charM_t_1_4 : (charP, int) memory ref) (charP_t_1_4_alloc_table : charP alloc_table) -> + { (JC_45: + ((JC_41: le_int(offset_min(charP_t_1_4_alloc_table, t_1), i_0_0)) + and ((JC_42: ge_int(offset_max(charP_t_1_4_alloc_table, t_1), i_0_0)) + and ((JC_43: le_int(offset_min(charP_t_1_4_alloc_table, t_1), j_0_0)) + and (JC_44: + ge_int(offset_max(charP_t_1_4_alloc_table, t_1), j_0_0)))))) } + (init: + try + begin + (let z = ref (any_int void) in + (C_19: + (C_24: + (C_27: + begin + (let jessie_ = + (z := (C_18: + (JC_61: + ((((offset_acc_ charP_t_1_4_alloc_table) !charP_charM_t_1_4) t_1) i_0_0)))) in + void); + (let jessie_ = + (let jessie_ = + (C_21: + (JC_62: + ((((offset_acc_ charP_t_1_4_alloc_table) !charP_charM_t_1_4) t_1) j_0_0))) in + (let jessie_ = t_1 in + (let jessie_ = i_0_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (JC_63: + (((((offset_upd_ charP_t_1_4_alloc_table) charP_charM_t_1_4) jessie_) jessie_) jessie_)))))) in + void); + (let jessie_ = + (let jessie_ = !z in + (let jessie_ = t_1 in + (let jessie_ = j_0_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (JC_64: + (((((offset_upd_ charP_t_1_4_alloc_table) charP_charM_t_1_4) jessie_) jessie_) jessie_)))))) in + void); (raise Return) end)))); (raise Return) end with Return -> + void end) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/flag.why +========== file tests/c/flag.jessie/why/flag_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type charP + +type padding + +type voidP + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +predicate is_color(c: int) = ((c = 1) or ((c = 2) or (c = 3))) + +predicate is_color_array(t: charP pointer, l: int, + charP_t_1_alloc_table_at_L: charP alloc_table, + charP_charM_t_1_at_L: (charP, int) memory) = + ((offset_min(charP_t_1_alloc_table_at_L, t) <= 0) and + ((offset_max(charP_t_1_alloc_table_at_L, t) >= (l - 1)) and + (forall i_1:int. + (((0 <= i_1) and (i_1 < l)) -> is_color(select(charP_charM_t_1_at_L, + shift(t, i_1))))))) + +predicate is_monochrome(t_0: charP pointer, i_0: int, j: int, c_0: int, + charP_charM_t_0_2_at_L: (charP, int) memory) = + (forall k:int. + (((i_0 <= k) and (k < j)) -> (select(charP_charM_t_0_2_at_L, shift(t_0, + k)) = c_0))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal flag_ensures_default_po_1: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + ("JC_103": ("JC_96": (0 <= b_0))) + +goal flag_ensures_default_po_2: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + ("JC_103": ("JC_97": (b_0 <= i_1_0))) + +goal flag_ensures_default_po_3: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + ("JC_103": ("JC_98": (i_1_0 <= r_0))) + +goal flag_ensures_default_po_4: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + ("JC_103": ("JC_99": (r_0 <= l_0))) + +goal flag_ensures_default_po_5: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + ("JC_103": ("JC_100": is_monochrome(t_2, 0, b_0, 1, charP_charM_t_5))) + +goal flag_ensures_default_po_6: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + ("JC_103": ("JC_101": is_monochrome(t_2, b_0, i_1_0, 2, charP_charM_t_5))) + +goal flag_ensures_default_po_7: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + ("JC_103": ("JC_102": is_monochrome(t_2, r_0, l_0, 3, charP_charM_t_5))) + +goal flag_ensures_default_po_8: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + tmp_0)) = select(charP_charM_t_5_0, shift(t_2, tmp)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + tmp)) = select(charP_charM_t_5_0, shift(t_2, tmp_0)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), tmp, tmp), + pset_range(pset_singleton(t_2), tmp_0, tmp_0)))))) -> + ("JC_103": + ("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_1))) + +goal flag_ensures_default_po_9: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + tmp_0)) = select(charP_charM_t_5_0, shift(t_2, tmp)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + tmp)) = select(charP_charM_t_5_0, shift(t_2, tmp_0)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), tmp, tmp), + pset_range(pset_singleton(t_2), tmp_0, tmp_0)))))) -> + ("JC_103": ("JC_96": (0 <= b_0_1))) + +goal flag_ensures_default_po_10: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + tmp_0)) = select(charP_charM_t_5_0, shift(t_2, tmp)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + tmp)) = select(charP_charM_t_5_0, shift(t_2, tmp_0)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), tmp, tmp), + pset_range(pset_singleton(t_2), tmp_0, tmp_0)))))) -> + ("JC_103": ("JC_97": (b_0_1 <= i_1_0_1))) + +goal flag_ensures_default_po_11: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + tmp_0)) = select(charP_charM_t_5_0, shift(t_2, tmp)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + tmp)) = select(charP_charM_t_5_0, shift(t_2, tmp_0)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), tmp, tmp), + pset_range(pset_singleton(t_2), tmp_0, tmp_0)))))) -> + ("JC_103": ("JC_98": (i_1_0_1 <= r_0_0))) + +goal flag_ensures_default_po_12: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + tmp_0)) = select(charP_charM_t_5_0, shift(t_2, tmp)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + tmp)) = select(charP_charM_t_5_0, shift(t_2, tmp_0)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), tmp, tmp), + pset_range(pset_singleton(t_2), tmp_0, tmp_0)))))) -> + ("JC_103": ("JC_99": (r_0_0 <= l_0))) + +goal flag_ensures_default_po_13: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + tmp_0)) = select(charP_charM_t_5_0, shift(t_2, tmp)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + tmp)) = select(charP_charM_t_5_0, shift(t_2, tmp_0)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), tmp, tmp), + pset_range(pset_singleton(t_2), tmp_0, tmp_0)))))) -> + ("JC_103": ("JC_100": is_monochrome(t_2, 0, b_0_1, 1, charP_charM_t_5_1))) + +goal flag_ensures_default_po_14: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + tmp_0)) = select(charP_charM_t_5_0, shift(t_2, tmp)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + tmp)) = select(charP_charM_t_5_0, shift(t_2, tmp_0)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), tmp, tmp), + pset_range(pset_singleton(t_2), tmp_0, tmp_0)))))) -> + ("JC_103": + ("JC_101": is_monochrome(t_2, b_0_1, i_1_0_1, 2, charP_charM_t_5_1))) + +goal flag_ensures_default_po_15: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + tmp_0)) = select(charP_charM_t_5_0, shift(t_2, tmp)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + tmp)) = select(charP_charM_t_5_0, shift(t_2, tmp_0)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), tmp, tmp), + pset_range(pset_singleton(t_2), tmp_0, tmp_0)))))) -> + ("JC_103": + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_1))) + +goal flag_ensures_default_po_16: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result = 2) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + ("JC_103": ("JC_96": (0 <= b_0_0))) + +goal flag_ensures_default_po_17: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result = 2) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + ("JC_103": ("JC_97": (b_0_0 <= i_1_0_1))) + +goal flag_ensures_default_po_18: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result = 2) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + ("JC_103": ("JC_98": (i_1_0_1 <= r_0_0))) + +goal flag_ensures_default_po_19: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result = 2) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + ("JC_103": ("JC_99": (r_0_0 <= l_0))) + +goal flag_ensures_default_po_20: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result = 2) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + ("JC_103": ("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0))) + +goal flag_ensures_default_po_21: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result = 2) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + ("JC_103": + ("JC_101": is_monochrome(t_2, b_0_0, i_1_0_1, 2, charP_charM_t_5_0))) + +goal flag_ensures_default_po_22: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result = 2) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + ("JC_103": + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0))) + +goal flag_ensures_default_po_23: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + r_0_1)) = select(charP_charM_t_5_0, shift(t_2, i_1_0_0)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + i_1_0_0)) = select(charP_charM_t_5_0, shift(t_2, r_0_1)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), i_1_0_0, + i_1_0_0), pset_range(pset_singleton(t_2), r_0_1, r_0_1)))))) -> + ("JC_103": + ("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_1))) + +goal flag_ensures_default_po_24: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + r_0_1)) = select(charP_charM_t_5_0, shift(t_2, i_1_0_0)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + i_1_0_0)) = select(charP_charM_t_5_0, shift(t_2, r_0_1)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), i_1_0_0, + i_1_0_0), pset_range(pset_singleton(t_2), r_0_1, r_0_1)))))) -> + ("JC_103": ("JC_96": (0 <= b_0_0))) + +goal flag_ensures_default_po_25: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + r_0_1)) = select(charP_charM_t_5_0, shift(t_2, i_1_0_0)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + i_1_0_0)) = select(charP_charM_t_5_0, shift(t_2, r_0_1)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), i_1_0_0, + i_1_0_0), pset_range(pset_singleton(t_2), r_0_1, r_0_1)))))) -> + ("JC_103": ("JC_97": (b_0_0 <= i_1_0_0))) + +goal flag_ensures_default_po_26: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + r_0_1)) = select(charP_charM_t_5_0, shift(t_2, i_1_0_0)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + i_1_0_0)) = select(charP_charM_t_5_0, shift(t_2, r_0_1)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), i_1_0_0, + i_1_0_0), pset_range(pset_singleton(t_2), r_0_1, r_0_1)))))) -> + ("JC_103": ("JC_98": (i_1_0_0 <= r_0_1))) + +goal flag_ensures_default_po_27: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + r_0_1)) = select(charP_charM_t_5_0, shift(t_2, i_1_0_0)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + i_1_0_0)) = select(charP_charM_t_5_0, shift(t_2, r_0_1)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), i_1_0_0, + i_1_0_0), pset_range(pset_singleton(t_2), r_0_1, r_0_1)))))) -> + ("JC_103": ("JC_99": (r_0_1 <= l_0))) + +goal flag_ensures_default_po_28: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + r_0_1)) = select(charP_charM_t_5_0, shift(t_2, i_1_0_0)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + i_1_0_0)) = select(charP_charM_t_5_0, shift(t_2, r_0_1)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), i_1_0_0, + i_1_0_0), pset_range(pset_singleton(t_2), r_0_1, r_0_1)))))) -> + ("JC_103": ("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_1))) + +goal flag_ensures_default_po_29: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + r_0_1)) = select(charP_charM_t_5_0, shift(t_2, i_1_0_0)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + i_1_0_0)) = select(charP_charM_t_5_0, shift(t_2, r_0_1)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), i_1_0_0, + i_1_0_0), pset_range(pset_singleton(t_2), r_0_1, r_0_1)))))) -> + ("JC_103": + ("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_1))) + +goal flag_ensures_default_po_30: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + r_0_1)) = select(charP_charM_t_5_0, shift(t_2, i_1_0_0)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + i_1_0_0)) = select(charP_charM_t_5_0, shift(t_2, r_0_1)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), i_1_0_0, + i_1_0_0), pset_range(pset_singleton(t_2), r_0_1, r_0_1)))))) -> + ("JC_103": + ("JC_102": is_monochrome(t_2, r_0_1, l_0, 3, charP_charM_t_5_1))) + +goal flag_ensures_default_po_31: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result <> 3) and (result <> 2)) -> + ("JC_103": ("JC_96": (0 <= b_0_0))) + +goal flag_ensures_default_po_32: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result <> 3) and (result <> 2)) -> + ("JC_103": ("JC_97": (b_0_0 <= i_1_0_0))) + +goal flag_ensures_default_po_33: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result <> 3) and (result <> 2)) -> + ("JC_103": ("JC_98": (i_1_0_0 <= r_0_0))) + +goal flag_ensures_default_po_34: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result <> 3) and (result <> 2)) -> + ("JC_103": ("JC_99": (r_0_0 <= l_0))) + +goal flag_ensures_default_po_35: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result <> 3) and (result <> 2)) -> + ("JC_103": ("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0))) + +goal flag_ensures_default_po_36: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result <> 3) and (result <> 2)) -> + ("JC_103": + ("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0))) + +goal flag_ensures_default_po_37: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_103": + (("JC_95": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_96": (0 <= b_0_0)) and + (("JC_97": (b_0_0 <= i_1_0_0)) and + (("JC_98": (i_1_0_0 <= r_0_0)) and + (("JC_99": (r_0_0 <= l_0)) and + (("JC_100": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_101": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result <> 3) and (result <> 2)) -> + ("JC_103": + ("JC_102": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0))) + +goal flag_ensures_sorts_po_1: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_119": true) -> + ("JC_117": + (("JC_109": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_110": (0 <= b_0_0)) and + (("JC_111": (b_0_0 <= i_1_0_0)) and + (("JC_112": (i_1_0_0 <= r_0_0)) and + (("JC_113": (r_0_0 <= l_0)) and + (("JC_114": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_115": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_116": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 >= r_0_0) -> + ("JC_77": + (exists b:int. + (exists r:int. + (is_monochrome(t_2, 0, b, 1, charP_charM_t_5_0) and + (is_monochrome(t_2, b, r, 2, charP_charM_t_5_0) and is_monochrome(t_2, + r, l_0, 3, charP_charM_t_5_0)))))) + +goal flag_safety_po_1: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + (offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) + +goal flag_safety_po_2: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2)) + +goal flag_safety_po_3: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + ("JC_39": ("JC_35": (offset_min(charP_t_5_alloc_table, t_2) <= tmp_0))) + +goal flag_safety_po_4: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + ("JC_39": ("JC_36": (offset_max(charP_t_5_alloc_table, t_2) >= tmp_0))) + +goal flag_safety_po_5: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + ("JC_39": ("JC_37": (offset_min(charP_t_5_alloc_table, t_2) <= tmp))) + +goal flag_safety_po_6: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + ("JC_39": ("JC_38": (offset_max(charP_t_5_alloc_table, t_2) >= tmp))) + +goal flag_safety_po_7: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + ("JC_39": + (("JC_35": (offset_min(charP_t_5_alloc_table, t_2) <= tmp_0)) and + (("JC_36": (offset_max(charP_t_5_alloc_table, t_2) >= tmp_0)) and + (("JC_37": (offset_min(charP_t_5_alloc_table, t_2) <= tmp)) and + ("JC_38": (offset_max(charP_t_5_alloc_table, t_2) >= tmp)))))) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + tmp_0)) = select(charP_charM_t_5_0, shift(t_2, tmp)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + tmp)) = select(charP_charM_t_5_0, shift(t_2, tmp_0)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), tmp, tmp), + pset_range(pset_singleton(t_2), tmp_0, tmp_0)))))) -> + (0 <= ("JC_94": (r_0_0 - i_1_0_0))) + +goal flag_safety_po_8: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result = 1) -> + forall tmp:int. + (tmp = i_1_0_0) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + forall tmp_0:int. + (tmp_0 = b_0_0) -> + forall b_0_1:int. + (b_0_1 = (b_0_0 + 1)) -> + ("JC_39": + (("JC_35": (offset_min(charP_t_5_alloc_table, t_2) <= tmp_0)) and + (("JC_36": (offset_max(charP_t_5_alloc_table, t_2) >= tmp_0)) and + (("JC_37": (offset_min(charP_t_5_alloc_table, t_2) <= tmp)) and + ("JC_38": (offset_max(charP_t_5_alloc_table, t_2) >= tmp)))))) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + tmp_0)) = select(charP_charM_t_5_0, shift(t_2, tmp)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + tmp)) = select(charP_charM_t_5_0, shift(t_2, tmp_0)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), tmp, tmp), + pset_range(pset_singleton(t_2), tmp_0, tmp_0)))))) -> + (("JC_94": (r_0_0 - i_1_0_1)) < ("JC_94": (r_0_0 - i_1_0_0))) + +goal flag_safety_po_9: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result = 2) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + (0 <= ("JC_94": (r_0_0 - i_1_0_0))) + +goal flag_safety_po_10: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result = 2) -> + forall i_1_0_1:int. + (i_1_0_1 = (i_1_0_0 + 1)) -> + (("JC_94": (r_0_0 - i_1_0_1)) < ("JC_94": (r_0_0 - i_1_0_0))) + +goal flag_safety_po_11: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + ("JC_39": ("JC_35": (offset_min(charP_t_5_alloc_table, t_2) <= r_0_1))) + +goal flag_safety_po_12: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + ("JC_39": ("JC_36": (offset_max(charP_t_5_alloc_table, t_2) >= r_0_1))) + +goal flag_safety_po_13: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + ("JC_39": ("JC_38": (offset_max(charP_t_5_alloc_table, t_2) >= i_1_0_0))) + +goal flag_safety_po_14: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + ("JC_39": + (("JC_35": (offset_min(charP_t_5_alloc_table, t_2) <= r_0_1)) and + (("JC_36": (offset_max(charP_t_5_alloc_table, t_2) >= r_0_1)) and + (("JC_37": (offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0)) and + ("JC_38": (offset_max(charP_t_5_alloc_table, t_2) >= i_1_0_0)))))) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + r_0_1)) = select(charP_charM_t_5_0, shift(t_2, i_1_0_0)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + i_1_0_0)) = select(charP_charM_t_5_0, shift(t_2, r_0_1)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), i_1_0_0, + i_1_0_0), pset_range(pset_singleton(t_2), r_0_1, r_0_1)))))) -> + (0 <= ("JC_94": (r_0_0 - i_1_0_0))) + +goal flag_safety_po_15: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result = 3) or ((result <> 3) and (result = 2))) -> + forall r_0_1:int. + (r_0_1 = (r_0_0 - 1)) -> + ("JC_39": + (("JC_35": (offset_min(charP_t_5_alloc_table, t_2) <= r_0_1)) and + (("JC_36": (offset_max(charP_t_5_alloc_table, t_2) >= r_0_1)) and + (("JC_37": (offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0)) and + ("JC_38": (offset_max(charP_t_5_alloc_table, t_2) >= i_1_0_0)))))) -> + forall charP_charM_t_5_1:(charP, + int) memory. + ("JC_60": + (("JC_58": + (("JC_56": (select(charP_charM_t_5_1, shift(t_2, + r_0_1)) = select(charP_charM_t_5_0, shift(t_2, i_1_0_0)))) and + ("JC_57": (select(charP_charM_t_5_1, shift(t_2, + i_1_0_0)) = select(charP_charM_t_5_0, shift(t_2, r_0_1)))))) and + ("JC_59": not_assigns(charP_t_5_alloc_table, charP_charM_t_5_0, + charP_charM_t_5_1, pset_union(pset_range(pset_singleton(t_2), i_1_0_0, + i_1_0_0), pset_range(pset_singleton(t_2), r_0_1, r_0_1)))))) -> + (("JC_94": (r_0_1 - i_1_0_0)) < ("JC_94": (r_0_0 - i_1_0_0))) + +goal flag_safety_po_16: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result <> 3) and (result <> 2)) -> + (0 <= ("JC_94": (r_0_0 - i_1_0_0))) + +goal flag_safety_po_17: + forall t_2:charP pointer. + forall l_0:int. + forall charP_t_5_alloc_table:charP alloc_table. + forall charP_charM_t_5:(charP, + int) memory. + ("JC_71": + (("JC_69": (l_0 >= 0)) and + ("JC_70": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5)))) -> + forall b_0:int. + (b_0 = 0) -> + forall i_1_0:int. + (i_1_0 = 0) -> + forall r_0:int. + (r_0 = l_0) -> + forall b_0_0:int. + forall charP_charM_t_5_0:(charP, + int) memory. + forall i_1_0_0:int. + forall r_0_0:int. + ("JC_89": true) -> + ("JC_87": + (("JC_79": is_color_array(t_2, l_0, charP_t_5_alloc_table, + charP_charM_t_5_0)) and + (("JC_80": (0 <= b_0_0)) and + (("JC_81": (b_0_0 <= i_1_0_0)) and + (("JC_82": (i_1_0_0 <= r_0_0)) and + (("JC_83": (r_0_0 <= l_0)) and + (("JC_84": is_monochrome(t_2, 0, b_0_0, 1, charP_charM_t_5_0)) and + (("JC_85": is_monochrome(t_2, b_0_0, i_1_0_0, 2, charP_charM_t_5_0)) and + ("JC_86": is_monochrome(t_2, r_0_0, l_0, 3, charP_charM_t_5_0)))))))))) -> + (i_1_0_0 < r_0_0) -> + ((offset_min(charP_t_5_alloc_table, t_2) <= i_1_0_0) and + (i_1_0_0 <= offset_max(charP_t_5_alloc_table, t_2))) -> + forall result:int. + (result = select(charP_charM_t_5_0, shift(t_2, i_1_0_0))) -> + (result <> 1) -> + (result <> 2) -> + ((result <> 3) and (result <> 2)) -> + (("JC_94": (r_0_0 - i_1_0_0)) < ("JC_94": (r_0_0 - i_1_0_0))) + +goal isMonochrome_ensures_decides_monochromatic_po_1: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall k_0_0:int. + ("JC_33": true) -> + ("JC_31": + (("JC_29": (i <= k_0_0)) and + ("JC_30": + (forall l_0_0:int. + (((i <= l_0_0) and (l_0_0 < k_0_0)) -> (select(charP_charM_t_0_3, + shift(t_0_0, l_0_0)) = c_1)))))) -> + (k_0_0 < j_0) -> + forall result:int. + (result = select(charP_charM_t_0_3, shift(t_0_0, k_0_0))) -> + (result <> c_1) -> + forall __retres:int. + (__retres = 0) -> + forall return:int. + (return = __retres) -> + (return <> 0) -> + ("JC_13": is_monochrome(t_0_0, i, j_0, c_1, charP_charM_t_0_3)) + +goal isMonochrome_ensures_decides_monochromatic_po_2: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall k_0_0:int. + ("JC_33": true) -> + ("JC_31": + (("JC_29": (i <= k_0_0)) and + ("JC_30": + (forall l_0_0:int. + (((i <= l_0_0) and (l_0_0 < k_0_0)) -> (select(charP_charM_t_0_3, + shift(t_0_0, l_0_0)) = c_1)))))) -> + (k_0_0 < j_0) -> + forall result:int. + (result = select(charP_charM_t_0_3, shift(t_0_0, k_0_0))) -> + (result <> c_1) -> + forall __retres:int. + (__retres = 0) -> + forall return:int. + (return = __retres) -> + is_monochrome(t_0_0, i, j_0, c_1, charP_charM_t_0_3) -> + ("JC_13": (return <> 0)) + +goal isMonochrome_ensures_decides_monochromatic_po_3: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall k_0_0:int. + ("JC_33": true) -> + ("JC_31": + (("JC_29": (i <= k_0_0)) and + ("JC_30": + (forall l_0_0:int. + (((i <= l_0_0) and (l_0_0 < k_0_0)) -> (select(charP_charM_t_0_3, + shift(t_0_0, l_0_0)) = c_1)))))) -> + (k_0_0 >= j_0) -> + forall __retres:int. + (__retres = 1) -> + forall return:int. + (return = __retres) -> + (return <> 0) -> + ("JC_13": is_monochrome(t_0_0, i, j_0, c_1, charP_charM_t_0_3)) + +goal isMonochrome_ensures_decides_monochromatic_po_4: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall k_0_0:int. + ("JC_33": true) -> + ("JC_31": + (("JC_29": (i <= k_0_0)) and + ("JC_30": + (forall l_0_0:int. + (((i <= l_0_0) and (l_0_0 < k_0_0)) -> (select(charP_charM_t_0_3, + shift(t_0_0, l_0_0)) = c_1)))))) -> + (k_0_0 >= j_0) -> + forall __retres:int. + (__retres = 1) -> + forall return:int. + (return = __retres) -> + is_monochrome(t_0_0, i, j_0, c_1, charP_charM_t_0_3) -> + ("JC_13": (return <> 0)) + +goal isMonochrome_ensures_default_po_1: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + ("JC_25": ("JC_23": (i <= k_0))) + +goal isMonochrome_ensures_default_po_2: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall l_0_0:int. + ((i <= l_0_0) and (l_0_0 < k_0)) -> + ("JC_25": + ("JC_24": (select(charP_charM_t_0_3, shift(t_0_0, l_0_0)) = c_1))) + +goal isMonochrome_ensures_default_po_3: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall k_0_0:int. + ("JC_25": + (("JC_23": (i <= k_0_0)) and + ("JC_24": + (forall l_0_0:int. + (((i <= l_0_0) and (l_0_0 < k_0_0)) -> (select(charP_charM_t_0_3, + shift(t_0_0, l_0_0)) = c_1)))))) -> + (k_0_0 < j_0) -> + forall result:int. + (result = select(charP_charM_t_0_3, shift(t_0_0, k_0_0))) -> + (result = c_1) -> + forall k_0_1:int. + (k_0_1 = (k_0_0 + 1)) -> + ("JC_25": ("JC_23": (i <= k_0_1))) + +goal isMonochrome_ensures_default_po_4: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall k_0_0:int. + ("JC_25": + (("JC_23": (i <= k_0_0)) and + ("JC_24": + (forall l_0_0:int. + (((i <= l_0_0) and (l_0_0 < k_0_0)) -> (select(charP_charM_t_0_3, + shift(t_0_0, l_0_0)) = c_1)))))) -> + (k_0_0 < j_0) -> + forall result:int. + (result = select(charP_charM_t_0_3, shift(t_0_0, k_0_0))) -> + (result = c_1) -> + forall k_0_1:int. + (k_0_1 = (k_0_0 + 1)) -> + forall l_0_0:int. + ((i <= l_0_0) and (l_0_0 < k_0_1)) -> + ("JC_25": + ("JC_24": (select(charP_charM_t_0_3, shift(t_0_0, l_0_0)) = c_1))) + +goal isMonochrome_safety_po_1: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall k_0_0:int. + ("JC_19": true) -> + ("JC_17": + (("JC_15": (i <= k_0_0)) and + ("JC_16": + (forall l_0_0:int. + (((i <= l_0_0) and (l_0_0 < k_0_0)) -> (select(charP_charM_t_0_3, + shift(t_0_0, l_0_0)) = c_1)))))) -> + (k_0_0 < j_0) -> + (offset_min(charP_t_0_3_alloc_table, t_0_0) <= k_0_0) + +goal isMonochrome_safety_po_2: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall k_0_0:int. + ("JC_19": true) -> + ("JC_17": + (("JC_15": (i <= k_0_0)) and + ("JC_16": + (forall l_0_0:int. + (((i <= l_0_0) and (l_0_0 < k_0_0)) -> (select(charP_charM_t_0_3, + shift(t_0_0, l_0_0)) = c_1)))))) -> + (k_0_0 < j_0) -> + (k_0_0 <= offset_max(charP_t_0_3_alloc_table, t_0_0)) + +goal isMonochrome_safety_po_3: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall k_0_0:int. + ("JC_19": true) -> + ("JC_17": + (("JC_15": (i <= k_0_0)) and + ("JC_16": + (forall l_0_0:int. + (((i <= l_0_0) and (l_0_0 < k_0_0)) -> (select(charP_charM_t_0_3, + shift(t_0_0, l_0_0)) = c_1)))))) -> + (k_0_0 < j_0) -> + ((offset_min(charP_t_0_3_alloc_table, t_0_0) <= k_0_0) and + (k_0_0 <= offset_max(charP_t_0_3_alloc_table, t_0_0))) -> + forall result:int. + (result = select(charP_charM_t_0_3, shift(t_0_0, k_0_0))) -> + (result = c_1) -> + forall k_0_1:int. + (k_0_1 = (k_0_0 + 1)) -> + (0 <= ("JC_22": (j_0 - k_0_0))) + +goal isMonochrome_safety_po_4: + forall t_0_0:charP pointer. + forall i:int. + forall j_0:int. + forall c_1:int. + forall charP_t_0_3_alloc_table:charP alloc_table. + forall charP_charM_t_0_3:(charP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(charP_t_0_3_alloc_table, t_0_0) <= i)) and + ("JC_6": (offset_max(charP_t_0_3_alloc_table, t_0_0) >= j_0)))) -> + forall k_0:int. + (k_0 = i) -> + forall k_0_0:int. + ("JC_19": true) -> + ("JC_17": + (("JC_15": (i <= k_0_0)) and + ("JC_16": + (forall l_0_0:int. + (((i <= l_0_0) and (l_0_0 < k_0_0)) -> (select(charP_charM_t_0_3, + shift(t_0_0, l_0_0)) = c_1)))))) -> + (k_0_0 < j_0) -> + ((offset_min(charP_t_0_3_alloc_table, t_0_0) <= k_0_0) and + (k_0_0 <= offset_max(charP_t_0_3_alloc_table, t_0_0))) -> + forall result:int. + (result = select(charP_charM_t_0_3, shift(t_0_0, k_0_0))) -> + (result = c_1) -> + forall k_0_1:int. + (k_0_1 = (k_0_0 + 1)) -> + (("JC_22": (j_0 - k_0_1)) < ("JC_22": (j_0 - k_0_0))) + +goal swap_ensures_i_j_swapped_po_1: + forall t_1:charP pointer. + forall i_0_0:int. + forall j_0_0:int. + forall charP_t_1_4_alloc_table:charP alloc_table. + forall charP_charM_t_1_4:(charP, + int) memory. + ("JC_45": + (("JC_41": (offset_min(charP_t_1_4_alloc_table, t_1) <= i_0_0)) and + (("JC_42": (offset_max(charP_t_1_4_alloc_table, t_1) >= i_0_0)) and + (("JC_43": (offset_min(charP_t_1_4_alloc_table, t_1) <= j_0_0)) and + ("JC_44": (offset_max(charP_t_1_4_alloc_table, t_1) >= j_0_0)))))) -> + forall result:int. + (result = select(charP_charM_t_1_4, shift(t_1, i_0_0))) -> + forall z:int. + (z = result) -> + forall result0:int. + (result0 = select(charP_charM_t_1_4, shift(t_1, j_0_0))) -> + forall charP_charM_t_1_4_0:(charP, + int) memory. + (charP_charM_t_1_4_0 = store(charP_charM_t_1_4, shift(t_1, i_0_0), + result0)) -> + forall charP_charM_t_1_4_1:(charP, + int) memory. + (charP_charM_t_1_4_1 = store(charP_charM_t_1_4_0, shift(t_1, j_0_0), z)) -> + ("JC_55": + ("JC_53": + ("JC_51": (select(charP_charM_t_1_4_1, shift(t_1, + i_0_0)) = select(charP_charM_t_1_4, shift(t_1, j_0_0)))))) + +goal swap_ensures_i_j_swapped_po_2: + forall t_1:charP pointer. + forall i_0_0:int. + forall j_0_0:int. + forall charP_t_1_4_alloc_table:charP alloc_table. + forall charP_charM_t_1_4:(charP, + int) memory. + ("JC_45": + (("JC_41": (offset_min(charP_t_1_4_alloc_table, t_1) <= i_0_0)) and + (("JC_42": (offset_max(charP_t_1_4_alloc_table, t_1) >= i_0_0)) and + (("JC_43": (offset_min(charP_t_1_4_alloc_table, t_1) <= j_0_0)) and + ("JC_44": (offset_max(charP_t_1_4_alloc_table, t_1) >= j_0_0)))))) -> + forall result:int. + (result = select(charP_charM_t_1_4, shift(t_1, i_0_0))) -> + forall z:int. + (z = result) -> + forall result0:int. + (result0 = select(charP_charM_t_1_4, shift(t_1, j_0_0))) -> + forall charP_charM_t_1_4_0:(charP, + int) memory. + (charP_charM_t_1_4_0 = store(charP_charM_t_1_4, shift(t_1, i_0_0), + result0)) -> + forall charP_charM_t_1_4_1:(charP, + int) memory. + (charP_charM_t_1_4_1 = store(charP_charM_t_1_4_0, shift(t_1, j_0_0), z)) -> + ("JC_55": + ("JC_53": + ("JC_52": (select(charP_charM_t_1_4_1, shift(t_1, + j_0_0)) = select(charP_charM_t_1_4, shift(t_1, i_0_0)))))) + +goal swap_ensures_i_j_swapped_po_3: + forall t_1:charP pointer. + forall i_0_0:int. + forall j_0_0:int. + forall charP_t_1_4_alloc_table:charP alloc_table. + forall charP_charM_t_1_4:(charP, + int) memory. + ("JC_45": + (("JC_41": (offset_min(charP_t_1_4_alloc_table, t_1) <= i_0_0)) and + (("JC_42": (offset_max(charP_t_1_4_alloc_table, t_1) >= i_0_0)) and + (("JC_43": (offset_min(charP_t_1_4_alloc_table, t_1) <= j_0_0)) and + ("JC_44": (offset_max(charP_t_1_4_alloc_table, t_1) >= j_0_0)))))) -> + forall result:int. + (result = select(charP_charM_t_1_4, shift(t_1, i_0_0))) -> + forall z:int. + (z = result) -> + forall result0:int. + (result0 = select(charP_charM_t_1_4, shift(t_1, j_0_0))) -> + forall charP_charM_t_1_4_0:(charP, + int) memory. + (charP_charM_t_1_4_0 = store(charP_charM_t_1_4, shift(t_1, i_0_0), + result0)) -> + forall charP_charM_t_1_4_1:(charP, + int) memory. + (charP_charM_t_1_4_1 = store(charP_charM_t_1_4_0, shift(t_1, j_0_0), z)) -> + ("JC_55": + ("JC_54": not_assigns(charP_t_1_4_alloc_table, charP_charM_t_1_4, + charP_charM_t_1_4_1, pset_union(pset_range(pset_singleton(t_1), j_0_0, + j_0_0), pset_range(pset_singleton(t_1), i_0_0, i_0_0))))) + +goal swap_safety_po_1: + forall t_1:charP pointer. + forall i_0_0:int. + forall j_0_0:int. + forall charP_t_1_4_alloc_table:charP alloc_table. + ("JC_45": + (("JC_41": (offset_min(charP_t_1_4_alloc_table, t_1) <= i_0_0)) and + (("JC_42": (offset_max(charP_t_1_4_alloc_table, t_1) >= i_0_0)) and + (("JC_43": (offset_min(charP_t_1_4_alloc_table, t_1) <= j_0_0)) and + ("JC_44": (offset_max(charP_t_1_4_alloc_table, t_1) >= j_0_0)))))) -> + (i_0_0 <= offset_max(charP_t_1_4_alloc_table, t_1)) + +goal swap_safety_po_2: + forall t_1:charP pointer. + forall i_0_0:int. + forall j_0_0:int. + forall charP_t_1_4_alloc_table:charP alloc_table. + forall charP_charM_t_1_4:(charP, + int) memory. + ("JC_45": + (("JC_41": (offset_min(charP_t_1_4_alloc_table, t_1) <= i_0_0)) and + (("JC_42": (offset_max(charP_t_1_4_alloc_table, t_1) >= i_0_0)) and + (("JC_43": (offset_min(charP_t_1_4_alloc_table, t_1) <= j_0_0)) and + ("JC_44": (offset_max(charP_t_1_4_alloc_table, t_1) >= j_0_0)))))) -> + ((offset_min(charP_t_1_4_alloc_table, t_1) <= i_0_0) and + (i_0_0 <= offset_max(charP_t_1_4_alloc_table, t_1))) -> + forall result:int. + (result = select(charP_charM_t_1_4, shift(t_1, i_0_0))) -> + forall z:int. + (z = result) -> + (offset_min(charP_t_1_4_alloc_table, t_1) <= j_0_0) + +goal swap_safety_po_3: + forall t_1:charP pointer. + forall i_0_0:int. + forall j_0_0:int. + forall charP_t_1_4_alloc_table:charP alloc_table. + forall charP_charM_t_1_4:(charP, + int) memory. + ("JC_45": + (("JC_41": (offset_min(charP_t_1_4_alloc_table, t_1) <= i_0_0)) and + (("JC_42": (offset_max(charP_t_1_4_alloc_table, t_1) >= i_0_0)) and + (("JC_43": (offset_min(charP_t_1_4_alloc_table, t_1) <= j_0_0)) and + ("JC_44": (offset_max(charP_t_1_4_alloc_table, t_1) >= j_0_0)))))) -> + ((offset_min(charP_t_1_4_alloc_table, t_1) <= i_0_0) and + (i_0_0 <= offset_max(charP_t_1_4_alloc_table, t_1))) -> + forall result:int. + (result = select(charP_charM_t_1_4, shift(t_1, i_0_0))) -> + forall z:int. + (z = result) -> + (j_0_0 <= offset_max(charP_t_1_4_alloc_table, t_1)) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/flag_why.why : .......#....###.......#....###.......................................#... (64/0/0/9/0) +total : 73 +valid : 64 ( 88%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 9 ( 12%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/floats_bsearch.res.oracle why-2.30+dfsg/tests/c/oracle/floats_bsearch.res.oracle --- why-2.29+dfsg/tests/c/oracle/floats_bsearch.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/floats_bsearch.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,35 @@ ========== file tests/c/floats_bsearch.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + #pragma JessieFloatModel(full) /*@ predicate sorted{L}(double *t, integer a, integer b) = @@ -35,16 +66,14 @@ if (t[m] < v) l = m + 1; else if (t[m] > v) u = m - 1; else - //@ assert 0; return m; } - //@ assert 0; return -1; } /* Local Variables: -compile-command: "PPCHOME=../.. LC_ALL=C make floats_bsearch" +compile-command: "make floats_bsearch.why3ml" End: */ ========== frama-c -jessie execution ========== @@ -71,49 +100,49 @@ type int32 = -2147483648..2147483647 -tag double_P = { - double double_M: 64; +tag doubleP = { + double doubleM: 64; } -type double_P = [double_P] +type doubleP = [doubleP] -tag char_P = { - int8 char_M: 8; +tag charP = { + int8 charM: 8; } -type char_P = [char_P] +type charP = [charP] -tag void_P = { +tag voidP = { } -type void_P = [void_P] +type voidP = [voidP] -predicate sorted{L}(double_P[..] t, integer a, integer b) = +predicate sorted{L}(doubleP[..] t, integer a, integer b) = (\forall integer i; (\forall integer j; (((a <= i) && ((i <= j) && (j <= b))) ==> - \le_double((t + i).double_M, (t + j).double_M)))) + \le_double((t + i).doubleM, (t + j).doubleM)))) -int32 binary_search(double_P[..] t, int32 n, double v) - requires (C_42 : ((C_43 : (n >= 0)) && - ((C_45 : (\offset_min(t) <= 0)) && - (C_46 : (\offset_max(t) >= (n - 1)))))); - requires (C_41 : (! \double_is_NaN(v))); - requires (C_40 : (\forall integer i_0; +int32 binary_search(doubleP[..] t, int32 n, double v) + requires (C_40 : ((C_41 : (n >= 0)) && + ((C_43 : (\offset_min(t) <= 0)) && + (C_44 : (\offset_max(t) >= (n - 1)))))); + requires (C_39 : (! \double_is_NaN(v))); + requires (C_38 : (\forall integer i_0; (((0 <= i_0) && (i_0 <= (n - 1))) ==> - (! \double_is_NaN((t + i_0).double_M))))); + (! \double_is_NaN((t + i_0).doubleM))))); behavior default: - ensures (C_35 : ((C_36 : ((- 1) <= \result)) && - (C_37 : (\result < \at(n,Old))))); + ensures (C_33 : ((C_34 : ((- 1) <= \result)) && + (C_35 : (\result < \at(n,Old))))); behavior success: - ensures (C_38 : ((\result >= 0) ==> - \eq_double((\at(t,Old) + \result).double_M, \at(v,Old)))); + ensures (C_36 : ((\result >= 0) ==> + \eq_double((\at(t,Old) + \result).doubleM, \at(v,Old)))); behavior failure: assumes sorted{Here}(t, 0, (n - 1)); - ensures (C_39 : ((\result == (- 1)) ==> + ensures (C_37 : ((\result == (- 1)) ==> (\forall integer k_1; (((0 <= k_1) && (k_1 < \at(n,Old))) ==> - \ne_double((\at(t,Old) + k_1).double_M, \at(v,Old)))))); + \ne_double((\at(t,Old) + k_1).doubleM, \at(v,Old)))))); { (var int32 l); @@ -132,11 +161,11 @@ behavior failure: invariant (C_7 : (\forall integer k; (((0 <= k) && (k < l)) ==> - \lt_double((t + k).double_M, v)))); + \lt_double((t + k).doubleM, v)))); behavior failure: invariant (C_6 : (\forall integer k_0; (((u < k_0) && (k_0 <= (n - 1))) ==> - \lt_double(v, (t + k_0).double_M)))); + \lt_double(v, (t + k_0).doubleM)))); variant (C_5 : (u - l)); while (true) { @@ -156,22 +185,17 @@ () }; - { (if ((C_32 : (C_31 : (t + m)).double_M) < v) then (C_30 : (l = - (C_29 : ( - (C_28 : - (m + + { (if ((C_31 : (C_30 : (t + m)).doubleM) < v) then (C_29 : (l = + (C_28 : ( + (C_27 : + (m + 1)) :> int32)))) else - (if ((C_27 : (C_26 : (t + m)).double_M) > v) then (C_25 : (u = - (C_24 : ( - (C_23 : - (m - + (if ((C_26 : (C_25 : (t + m)).doubleM) > v) then (C_24 : (u = + (C_23 : ( + (C_22 : + (m - 1)) :> int32)))) else - { - { - (assert for default: (C_21 : (0 != 0))); - () - }; - (C_22 : (__retres = m)); + { (C_21 : (__retres = m)); (goto return_label) })) @@ -180,12 +204,7 @@ } }; (while_0_break : ()); - - { - (assert for default: (C_33 : (0 != 0))); - () - }; - (C_34 : (__retres = -1)); + (C_32 : (__retres = -1)); (return_label : (return __retres)) } @@ -193,284 +212,272 @@ ========== file tests/c/floats_bsearch.jessie/floats_bsearch.cloc ========== [C_10] file = "HOME/tests/c/floats_bsearch.c" -line = 21 +line = 52 begin = 18 end = 26 [C_11] file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 17 end = 22 [C_12] file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 17 end = 22 [C_13] file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 16 end = 27 [C_14] file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 16 end = 27 [C_15] file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 12 end = 27 [C_16] file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 12 end = 27 [C_17] file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 4 end = 7 [C_18] file = "HOME/tests/c/floats_bsearch.c" -line = 33 +line = 64 begin = 15 end = 26 [C_19] file = "HOME/tests/c/floats_bsearch.c" -line = 33 +line = 64 begin = 15 end = 21 [C_1] file = "HOME/tests/c/floats_bsearch.c" -line = 19 +line = 50 begin = 2 end = 5 [C_2] file = "HOME/tests/c/floats_bsearch.c" -line = 19 +line = 50 begin = 17 end = 20 [C_3] file = "HOME/tests/c/floats_bsearch.c" -line = 19 +line = 50 begin = 17 end = 20 [C_4] file = "HOME/tests/c/floats_bsearch.c" -line = 19 +line = 50 begin = 2 end = 5 [binary_search] name = "Function binary_search" file = "HOME/tests/c/floats_bsearch.c" -line = 18 +line = 49 begin = 4 end = 17 [C_20] file = "HOME/tests/c/floats_bsearch.c" -line = 33 +line = 64 begin = 20 end = 26 [C_5] file = "HOME/tests/c/floats_bsearch.c" -line = 29 +line = 60 begin = 19 end = 22 [C_21] file = "HOME/tests/c/floats_bsearch.c" -line = 37 -begin = 17 -end = 18 +line = 68 +begin = 6 +end = 15 [C_6] file = "HOME/tests/c/floats_bsearch.c" -line = 27 +line = 58 begin = 10 end = 74 [C_22] file = "HOME/tests/c/floats_bsearch.c" -line = 38 -begin = 6 -end = 15 +line = 66 +begin = 27 +end = 32 [C_7] file = "HOME/tests/c/floats_bsearch.c" -line = 24 +line = 55 begin = 10 end = 72 [C_23] file = "HOME/tests/c/floats_bsearch.c" -line = 35 +line = 66 begin = 27 end = 32 [C_8] file = "HOME/tests/c/floats_bsearch.c" -line = 21 +line = 52 begin = 8 end = 26 [C_24] file = "HOME/tests/c/floats_bsearch.c" -line = 35 +line = 66 begin = 27 end = 32 [C_9] file = "HOME/tests/c/floats_bsearch.c" -line = 21 +line = 52 begin = 8 end = 14 [C_25] file = "HOME/tests/c/floats_bsearch.c" -line = 35 -begin = 27 -end = 32 - -[C_26] -file = "HOME/tests/c/floats_bsearch.c" -line = 35 +line = 66 begin = 13 end = 14 -[C_27] +[C_26] file = "HOME/tests/c/floats_bsearch.c" -line = 35 +line = 66 begin = 13 end = 17 -[C_28] +[C_27] file = "HOME/tests/c/floats_bsearch.c" -line = 34 +line = 65 begin = 22 end = 27 -[C_29] +[C_28] file = "HOME/tests/c/floats_bsearch.c" -line = 34 +line = 65 begin = 22 end = 27 -[C_30] +[C_29] file = "HOME/tests/c/floats_bsearch.c" -line = 34 +line = 65 begin = 22 end = 27 -[C_31] +[C_30] file = "HOME/tests/c/floats_bsearch.c" -line = 34 +line = 65 begin = 8 end = 9 -[C_32] +[C_31] file = "HOME/tests/c/floats_bsearch.c" -line = 34 +line = 65 begin = 8 end = 12 -[C_33] -file = "HOME/tests/c/floats_bsearch.c" -line = 40 -begin = 13 -end = 14 - -[C_34] +[C_32] file = "HOME/tests/c/floats_bsearch.c" -line = 41 +line = 70 begin = 2 end = 12 -[C_35] +[C_33] file = "HOME/tests/c/floats_bsearch.c" -line = 10 +line = 41 begin = 12 end = 29 -[C_36] +[C_34] file = "HOME/tests/c/floats_bsearch.c" -line = 10 +line = 41 begin = 12 end = 25 -[C_37] +[C_35] file = "HOME/tests/c/floats_bsearch.c" -line = 10 +line = 41 begin = 18 end = 29 -[C_38] +[C_36] file = "HOME/tests/c/floats_bsearch.c" -line = 12 +line = 43 begin = 14 end = 54 -[C_39] +[C_37] file = "HOME/tests/c/floats_bsearch.c" -line = 15 +line = 46 begin = 14 end = 91 -[C_40] +[C_38] file = "HOME/tests/c/floats_bsearch.c" -line = 9 +line = 40 begin = 13 end = 65 -[C_41] +[C_39] file = "HOME/tests/c/floats_bsearch.c" -line = 8 +line = 39 begin = 13 end = 25 -[C_42] +[C_40] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 13 end = 44 -[C_43] +[C_41] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 13 end = 19 -[C_44] +[C_42] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 23 end = 44 -[C_45] +[C_43] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 23 end = 44 -[C_46] +[C_44] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 23 end = 44 @@ -491,10 +498,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs floats_bsearch.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why $(WHYLIB)/why/floats_full.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/floats_bsearch_why.sx @@ -555,6 +563,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/floats_bsearch_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/floats_bsearch_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -627,6 +642,9 @@ why3ide: why/floats_bsearch_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: floats_bsearch.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include floats_bsearch.depend depend: coq/floats_bsearch_why.v @@ -640,101 +658,101 @@ name = "Function binary_search" behavior = "Safety" file = "HOME/tests/c/floats_bsearch.c" -line = 18 +line = 49 begin = 4 end = 17 [JC_40] file = "HOME/tests/c/floats_bsearch.c" -line = 33 +line = 64 begin = 15 end = 26 [JC_41] kind = PointerDeref file = "HOME/tests/c/floats_bsearch.c" -line = 34 +line = 65 begin = 8 end = 12 [JC_42] kind = ArithOverflow file = "HOME/tests/c/floats_bsearch.c" -line = 34 +line = 65 begin = 22 end = 27 [JC_43] kind = PointerDeref file = "HOME/tests/c/floats_bsearch.c" -line = 35 +line = 66 begin = 13 end = 17 [JC_44] kind = ArithOverflow file = "HOME/tests/c/floats_bsearch.c" -line = 35 +line = 66 begin = 27 end = 32 [JC_45] file = "HOME/tests/c/floats_bsearch.c" -line = 37 -begin = 17 -end = 18 +line = 60 +begin = 19 +end = 22 [JC_46] file = "HOME/tests/c/floats_bsearch.c" -line = 29 -begin = 19 -end = 22 +line = 52 +begin = 8 +end = 14 [JC_1] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 13 end = 19 [JC_47] file = "HOME/tests/c/floats_bsearch.c" -line = 40 -begin = 13 -end = 14 +line = 52 +begin = 18 +end = 26 [JC_2] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 23 end = 44 [JC_48] file = "HOME/tests/c/floats_bsearch.c" -line = 21 +line = 52 begin = 8 -end = 14 +end = 26 [JC_3] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 23 end = 44 [JC_49] -file = "HOME/tests/c/floats_bsearch.c" -line = 21 -begin = 18 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_4] file = "HOME/tests/c/floats_bsearch.c" -line = 8 +line = 39 begin = 13 end = 25 [JC_5] file = "HOME/tests/c/floats_bsearch.c" -line = 9 +line = 40 begin = 13 end = 65 @@ -752,138 +770,139 @@ [JC_8] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 13 end = 19 [JC_9] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 23 end = 44 [JC_50] -file = "HOME/tests/c/floats_bsearch.c" -line = 21 -begin = 8 -end = 26 +file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" +line = 73 +begin = 6 +end = 2298 [binary_search_ensures_failure] name = "Function binary_search" -behavior = "Normal behavior `failure'" +behavior = "Behavior `failure'" file = "HOME/tests/c/floats_bsearch.c" -line = 18 +line = 49 begin = 4 end = 17 [JC_51] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_52] -file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" -line = 73 -begin = 6 -end = 2471 - -[JC_53] file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" line = 73 begin = 6 -end = 2471 +end = 2298 -[JC_54] +[JC_52] kind = DivByZero file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 16 end = 27 -[JC_55] +[JC_53] file = "HOME/tests/c/floats_bsearch.c" -line = 33 +line = 64 begin = 15 end = 21 -[JC_56] +[JC_54] file = "HOME/tests/c/floats_bsearch.c" -line = 33 +line = 64 begin = 20 end = 26 -[JC_57] +[JC_55] file = "HOME/tests/c/floats_bsearch.c" -line = 33 +line = 64 begin = 15 end = 26 -[JC_58] -file = "HOME/tests/c/floats_bsearch.c" -line = 37 -begin = 17 -end = 18 - -[JC_59] -file = "HOME/tests/c/floats_bsearch.c" -line = 40 -begin = 13 -end = 14 - -[JC_60] +[JC_56] file = "HOME/tests/c/floats_bsearch.c" -line = 21 +line = 52 begin = 8 end = 14 -[JC_61] +[JC_57] file = "HOME/tests/c/floats_bsearch.c" -line = 21 +line = 52 begin = 18 end = 26 -[JC_62] +[JC_58] file = "HOME/tests/c/floats_bsearch.c" -line = 21 +line = 52 begin = 8 end = 26 +[JC_59] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_60] +file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" +line = 73 +begin = 6 +end = 2298 + +[JC_61] +file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" +line = 73 +begin = 6 +end = 2298 + +[JC_62] +kind = DivByZero +file = "HOME/tests/c/floats_bsearch.c" +line = 63 +begin = 16 +end = 27 + [JC_10] file = "HOME/tests/c/floats_bsearch.c" -line = 7 +line = 38 begin = 23 end = 44 [JC_63] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/c/floats_bsearch.c" +line = 64 +begin = 15 +end = 21 [JC_11] file = "HOME/tests/c/floats_bsearch.c" -line = 8 +line = 39 begin = 13 end = 25 [JC_64] -file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" -line = 73 -begin = 6 -end = 2471 +file = "HOME/tests/c/floats_bsearch.c" +line = 64 +begin = 20 +end = 26 [JC_12] file = "HOME/tests/c/floats_bsearch.c" -line = 9 +line = 40 begin = 13 end = 65 [JC_65] -file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" -line = 73 -begin = 6 -end = 2471 +file = "HOME/tests/c/floats_bsearch.c" +line = 64 +begin = 15 +end = 26 [JC_13] file = "HOME/" @@ -891,21 +910,20 @@ begin = -1 end = -1 +[JC_66] +file = "HOME/tests/c/floats_bsearch.c" +line = 58 +begin = 10 +end = 74 + [binary_search_ensures_success] name = "Function binary_search" -behavior = "Normal behavior `success'" +behavior = "Behavior `success'" file = "HOME/tests/c/floats_bsearch.c" -line = 18 +line = 49 begin = 4 end = 17 -[JC_66] -kind = DivByZero -file = "HOME/tests/c/floats_bsearch.c" -line = 32 -begin = 16 -end = 27 - [JC_14] file = "HOME/" line = 0 @@ -914,81 +932,81 @@ [JC_67] file = "HOME/tests/c/floats_bsearch.c" -line = 33 -begin = 15 -end = 21 +line = 55 +begin = 10 +end = 72 [JC_15] file = "HOME/tests/c/floats_bsearch.c" -line = 10 +line = 41 begin = 12 end = 25 [JC_68] file = "HOME/tests/c/floats_bsearch.c" -line = 33 -begin = 20 -end = 26 +line = 52 +begin = 8 +end = 14 [JC_16] file = "HOME/tests/c/floats_bsearch.c" -line = 10 +line = 41 begin = 18 end = 29 [JC_69] file = "HOME/tests/c/floats_bsearch.c" -line = 33 -begin = 15 +line = 52 +begin = 18 end = 26 [JC_17] file = "HOME/tests/c/floats_bsearch.c" -line = 10 +line = 41 begin = 12 end = 29 [JC_18] file = "HOME/tests/c/floats_bsearch.c" -line = 10 +line = 41 begin = 12 end = 25 [JC_19] file = "HOME/tests/c/floats_bsearch.c" -line = 10 +line = 41 begin = 18 end = 29 [JC_70] file = "HOME/tests/c/floats_bsearch.c" -line = 37 -begin = 17 -end = 18 +line = 52 +begin = 8 +end = 26 [JC_71] -file = "HOME/tests/c/floats_bsearch.c" -line = 40 -begin = 13 -end = 14 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_72] -file = "HOME/tests/c/floats_bsearch.c" -line = 27 -begin = 10 -end = 74 +file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" +line = 73 +begin = 6 +end = 2298 [JC_20] file = "HOME/tests/c/floats_bsearch.c" -line = 10 +line = 41 begin = 12 end = 29 [JC_73] -file = "HOME/tests/c/floats_bsearch.c" -line = 24 -begin = 10 -end = 72 +file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" +line = 73 +begin = 6 +end = 2298 [JC_21] file = "HOME/" @@ -997,10 +1015,11 @@ end = -1 [JC_74] +kind = DivByZero file = "HOME/tests/c/floats_bsearch.c" -line = 21 -begin = 8 -end = 14 +line = 63 +begin = 16 +end = 27 [JC_22] file = "HOME/" @@ -1010,125 +1029,82 @@ [JC_75] file = "HOME/tests/c/floats_bsearch.c" -line = 21 -begin = 18 -end = 26 +line = 64 +begin = 15 +end = 21 [JC_23] file = "HOME/tests/c/floats_bsearch.c" -line = 12 +line = 43 begin = 14 end = 54 [JC_76] file = "HOME/tests/c/floats_bsearch.c" -line = 21 -begin = 8 +line = 64 +begin = 20 end = 26 [JC_24] file = "HOME/tests/c/floats_bsearch.c" -line = 12 +line = 43 begin = 14 end = 54 [JC_77] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/c/floats_bsearch.c" +line = 64 +begin = 15 +end = 26 [JC_25] file = "HOME/tests/c/floats_bsearch.c" -line = 15 +line = 46 begin = 14 end = 91 -[JC_78] -file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" -line = 73 -begin = 6 -end = 2471 - [JC_26] file = "HOME/tests/c/floats_bsearch.c" -line = 15 +line = 46 begin = 14 end = 91 -[JC_79] -file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" -line = 73 -begin = 6 -end = 2471 - [JC_27] kind = ArithOverflow file = "HOME/tests/c/floats_bsearch.c" -line = 19 +line = 50 begin = 17 end = 20 [JC_28] file = "HOME/tests/c/floats_bsearch.c" -line = 21 +line = 52 begin = 8 end = 14 [JC_29] file = "HOME/tests/c/floats_bsearch.c" -line = 21 +line = 52 begin = 18 end = 26 -[JC_80] -kind = DivByZero -file = "HOME/tests/c/floats_bsearch.c" -line = 32 -begin = 16 -end = 27 - -[JC_81] -file = "HOME/tests/c/floats_bsearch.c" -line = 33 -begin = 15 -end = 21 - -[JC_82] -file = "HOME/tests/c/floats_bsearch.c" -line = 33 -begin = 20 -end = 26 - [JC_30] file = "HOME/tests/c/floats_bsearch.c" -line = 21 +line = 52 begin = 8 end = 26 -[JC_83] -file = "HOME/tests/c/floats_bsearch.c" -line = 33 -begin = 15 -end = 26 - [JC_31] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_84] -file = "HOME/tests/c/floats_bsearch.c" -line = 37 -begin = 17 -end = 18 - [binary_search_ensures_default] name = "Function binary_search" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/floats_bsearch.c" -line = 18 +line = 49 begin = 4 end = 17 @@ -1136,64 +1112,58 @@ file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" line = 73 begin = 6 -end = 2471 - -[JC_85] -file = "HOME/tests/c/floats_bsearch.c" -line = 40 -begin = 13 -end = 14 +end = 2298 [JC_33] file = "HOME/tests/c/floats_bsearch.jessie/floats_bsearch.jc" line = 73 begin = 6 -end = 2471 +end = 2298 [JC_34] kind = ArithOverflow file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 17 end = 22 [JC_35] kind = DivByZero file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 16 end = 27 [JC_36] kind = ArithOverflow file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 16 end = 27 [JC_37] kind = ArithOverflow file = "HOME/tests/c/floats_bsearch.c" -line = 32 +line = 63 begin = 12 end = 27 [JC_38] file = "HOME/tests/c/floats_bsearch.c" -line = 33 +line = 64 begin = 15 end = 21 [JC_39] file = "HOME/tests/c/floats_bsearch.c" -line = 33 +line = 64 begin = 20 end = 26 ========== file tests/c/floats_bsearch.jessie/why/floats_bsearch.why ========== -type char_P +type charP -type double_P +type doubleP type int32 @@ -1201,49 +1171,40 @@ type padding -type void_P +type voidP -exception Goto_while_0_break_exc of unit +logic charP_tag: -> charP tag_id -exception Loop_continue_exc of unit +axiom charP_int : (int_of_tag(charP_tag) = (1)) -exception Loop_exit_exc of unit - -exception Return_label_exc of unit +logic charP_of_pointer_address: unit pointer -> charP pointer -logic char_P_tag: -> char_P tag_id +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_int : (int_of_tag(char_P_tag) = (1)) +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) -logic char_P_of_pointer_address: unit pointer -> char_P pointer +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) -axiom char_P_of_pointer_address_of_pointer_addr : - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +logic doubleP_tag: -> doubleP tag_id -axiom char_P_parenttag_bottom : parenttag(char_P_tag, bottom_tag) +axiom doubleP_int : (int_of_tag(doubleP_tag) = (1)) -axiom char_P_tags : - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. - instanceof(char_P_tag_table, x, char_P_tag))) +logic doubleP_of_pointer_address: unit pointer -> doubleP pointer -logic double_P_tag: -> double_P tag_id +axiom doubleP_of_pointer_address_of_pointer_addr : + (forall p:doubleP pointer. + (p = doubleP_of_pointer_address(pointer_address(p)))) -axiom double_P_int : (int_of_tag(double_P_tag) = (1)) +axiom doubleP_parenttag_bottom : parenttag(doubleP_tag, bottom_tag) -logic double_P_of_pointer_address: unit pointer -> double_P pointer - -axiom double_P_of_pointer_address_of_pointer_addr : - (forall p:double_P pointer. - (p = double_P_of_pointer_address(pointer_address(p)))) - -axiom double_P_parenttag_bottom : parenttag(double_P_tag, bottom_tag) - -axiom double_P_tags : - (forall x:double_P pointer. - (forall double_P_tag_table:double_P tag_table. - instanceof(double_P_tag_table, x, double_P_tag))) +axiom doubleP_tags : + (forall x:doubleP pointer. + (forall doubleP_tag_table:doubleP tag_table. + instanceof(doubleP_tag_table, x, doubleP_tag))) logic integer_of_int32: int32 -> int @@ -1262,6 +1223,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -1274,343 +1240,284 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_int8(int8_of_integer(x)), x))) +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + axiom int8_range : (forall x:int8. (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) -predicate left_valid_struct_char_P(p:char_P pointer, a:int, - char_P_alloc_table:char_P alloc_table) = - (offset_min(char_P_alloc_table, p) <= a) - -predicate left_valid_struct_double_P(p:double_P pointer, a:int, - double_P_alloc_table:double_P alloc_table) = - (offset_min(double_P_alloc_table, p) <= a) - -predicate left_valid_struct_void_P(p:void_P pointer, a:int, - void_P_alloc_table:void_P alloc_table) = - (offset_min(void_P_alloc_table, p) <= a) +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_doubleP(p:doubleP pointer, a:int, + doubleP_alloc_table:doubleP alloc_table) = + (offset_min(doubleP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) -axiom pointer_addr_of_char_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(char_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) -axiom pointer_addr_of_double_P_of_pointer_address : +axiom pointer_addr_of_doubleP_of_pointer_address : (forall p:unit pointer. - (p = pointer_address(double_P_of_pointer_address(p)))) + (p = pointer_address(doubleP_of_pointer_address(p)))) -logic void_P_of_pointer_address: unit pointer -> void_P pointer +logic voidP_of_pointer_address: unit pointer -> voidP pointer -axiom pointer_addr_of_void_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) -predicate right_valid_struct_char_P(p:char_P pointer, b:int, - char_P_alloc_table:char_P alloc_table) = - (offset_max(char_P_alloc_table, p) >= b) +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) -predicate right_valid_struct_double_P(p:double_P pointer, b:int, - double_P_alloc_table:double_P alloc_table) = - (offset_max(double_P_alloc_table, p) >= b) +predicate right_valid_struct_doubleP(p:doubleP pointer, b:int, + doubleP_alloc_table:doubleP alloc_table) = + (offset_max(doubleP_alloc_table, p) >= b) -predicate right_valid_struct_void_P(p:void_P pointer, b:int, - void_P_alloc_table:void_P alloc_table) = - (offset_max(void_P_alloc_table, p) >= b) +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) -predicate sorted(t:double_P pointer, a:int, b:int, - double_P_double_M_t_1_at_L:(double_P, double) memory) = +predicate sorted(t:doubleP pointer, a:int, b:int, + doubleP_doubleM_t_1_at_L:(doubleP, double) memory) = (forall i:int. (forall j:int. ((le_int(a, i) and (le_int(i, j) and le_int(j, b))) -> - le_double(select(double_P_double_M_t_1_at_L, shift(t, i)), - select(double_P_double_M_t_1_at_L, shift(t, j)))))) - -predicate strict_valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_double_P(p:double_P pointer, a:int, b:int, - double_P_alloc_table:double_P alloc_table) = - ((offset_min(double_P_alloc_table, p) = a) - and (offset_max(double_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_double_P(p:double_P pointer, a:int, b:int, - double_P_alloc_table:double_P alloc_table) = - ((offset_min(double_P_alloc_table, p) = a) - and (offset_max(double_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_double_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_double_P(p:double_P pointer, a:int, b:int, - double_P_alloc_table:double_P alloc_table) = - ((offset_min(double_P_alloc_table, p) <= a) - and (offset_max(double_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_double_P(p:double_P pointer, a:int, b:int, - double_P_alloc_table:double_P alloc_table) = - ((offset_min(double_P_alloc_table, p) <= a) - and (offset_max(double_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag: -> void_P tag_id - -axiom void_P_int : (int_of_tag(void_P_tag) = (1)) - -axiom void_P_of_pointer_address_of_pointer_addr : - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom : parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags : - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. - instanceof(void_P_tag_table, x, void_P_tag))) - -parameter alloc_bitvector_struct_char_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + le_double_full(select(doubleP_doubleM_t_1_at_L, shift(t, i)), + select(doubleP_doubleM_t_1_at_L, shift(t, j)))))) -parameter alloc_bitvector_struct_char_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_doubleP(p:doubleP pointer, a:int, b:int, + doubleP_alloc_table:doubleP alloc_table) = + ((offset_min(doubleP_alloc_table, p) = a) + and (offset_max(doubleP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_doubleP(p:doubleP pointer, a:int, b:int, + doubleP_alloc_table:doubleP alloc_table) = + ((offset_min(doubleP_alloc_table, p) = a) + and (offset_max(doubleP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_doubleP(p:doubleP pointer, a:int, b:int, + doubleP_alloc_table:doubleP alloc_table) = + ((offset_min(doubleP_alloc_table, p) <= a) + and (offset_max(doubleP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_doubleP(p:doubleP pointer, a:int, b:int, + doubleP_alloc_table:doubleP alloc_table) = + ((offset_min(doubleP_alloc_table, p) <= a) + and (offset_max(doubleP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) -parameter alloc_bitvector_struct_double_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_double_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Goto_while_0_break_exc of unit -parameter alloc_bitvector_struct_double_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_double_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_void_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_void_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter char_P_alloc_table : char_P alloc_table ref +parameter charP_alloc_table : charP alloc_table ref -parameter char_P_tag_table : char_P tag_table ref +parameter charP_tag_table : charP tag_table ref -parameter alloc_struct_char_P : +parameter alloc_struct_charP : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { } char_P pointer writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter alloc_struct_char_P_requires : +parameter alloc_struct_charP_requires : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { ge_int(n, (0))} char_P pointer - writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter double_P_alloc_table : double_P alloc_table ref +parameter doubleP_alloc_table : doubleP alloc_table ref -parameter double_P_tag_table : double_P tag_table ref +parameter doubleP_tag_table : doubleP tag_table ref -parameter alloc_struct_double_P : +parameter alloc_struct_doubleP : n:int -> - double_P_alloc_table:double_P alloc_table ref -> - double_P_tag_table:double_P tag_table ref -> - { } double_P pointer writes double_P_alloc_table,double_P_tag_table - { (strict_valid_struct_double_P(result, (0), sub_int(n, (1)), - double_P_alloc_table) - and (alloc_extends(double_P_alloc_table@, double_P_alloc_table) - and (alloc_fresh(double_P_alloc_table@, result, n) - and instanceof(double_P_tag_table, result, double_P_tag)))) } + doubleP_alloc_table:doubleP alloc_table ref -> + doubleP_tag_table:doubleP tag_table ref -> + { } doubleP pointer writes doubleP_alloc_table,doubleP_tag_table + { (strict_valid_struct_doubleP(result, (0), sub_int(n, (1)), + doubleP_alloc_table) + and (alloc_extends(doubleP_alloc_table@, doubleP_alloc_table) + and (alloc_fresh(doubleP_alloc_table@, result, n) + and instanceof(doubleP_tag_table, result, doubleP_tag)))) } -parameter alloc_struct_double_P_requires : +parameter alloc_struct_doubleP_requires : n:int -> - double_P_alloc_table:double_P alloc_table ref -> - double_P_tag_table:double_P tag_table ref -> - { ge_int(n, (0))} double_P pointer - writes double_P_alloc_table,double_P_tag_table - { (strict_valid_struct_double_P(result, (0), sub_int(n, (1)), - double_P_alloc_table) - and (alloc_extends(double_P_alloc_table@, double_P_alloc_table) - and (alloc_fresh(double_P_alloc_table@, result, n) - and instanceof(double_P_tag_table, result, double_P_tag)))) } + doubleP_alloc_table:doubleP alloc_table ref -> + doubleP_tag_table:doubleP tag_table ref -> + { ge_int(n, (0))} doubleP pointer + writes doubleP_alloc_table,doubleP_tag_table + { (strict_valid_struct_doubleP(result, (0), sub_int(n, (1)), + doubleP_alloc_table) + and (alloc_extends(doubleP_alloc_table@, doubleP_alloc_table) + and (alloc_fresh(doubleP_alloc_table@, result, n) + and instanceof(doubleP_tag_table, result, doubleP_tag)))) } -parameter void_P_alloc_table : void_P alloc_table ref +parameter voidP_alloc_table : voidP alloc_table ref -parameter void_P_tag_table : void_P tag_table ref +parameter voidP_tag_table : voidP tag_table ref -parameter alloc_struct_void_P : +parameter alloc_struct_voidP : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { } void_P pointer writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } -parameter alloc_struct_void_P_requires : +parameter alloc_struct_voidP_requires : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { ge_int(n, (0))} void_P pointer - writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } parameter any_int32 : unit -> { } int32 { true } parameter any_int8 : unit -> { } int8 { true } parameter binary_search : - t_0:double_P pointer -> + t_0:doubleP pointer -> n:int32 -> v:double -> - double_P_t_2_alloc_table:double_P alloc_table -> - double_P_double_M_t_2:(double_P, double) memory -> + doubleP_t_2_alloc_table:doubleP alloc_table -> + doubleP_doubleM_t_2:(doubleP, double) memory -> { } int32 - { ((sorted(t_0@, (0), sub_int(integer_of_int32(n@), (1)), - double_P_double_M_t_2@) -> + { ((sorted(t_0, (0), sub_int(integer_of_int32(n), (1)), + doubleP_doubleM_t_2) -> (JC_26: - (eq_int(integer_of_int32(result), neg_int((1))) -> + ((integer_of_int32(result) = neg_int((1))) -> (forall k_1:int. - ((le_int((0), k_1) and lt_int(k_1, integer_of_int32(n@))) -> - ne_double(select(double_P_double_M_t_2, shift(t_0@, k_1)), v@)))))) + ((le_int((0), k_1) and lt_int(k_1, integer_of_int32(n))) -> + ne_double_full(select(doubleP_doubleM_t_2, shift(t_0, k_1)), v)))))) and ((JC_24: (ge_int(integer_of_int32(result), (0)) -> - eq_double(select(double_P_double_M_t_2, - shift(t_0@, integer_of_int32(result))), - v@))) + eq_double_full(select(doubleP_doubleM_t_2, + shift(t_0, integer_of_int32(result))), + v))) and (JC_20: ((JC_18: le_int(neg_int((1)), integer_of_int32(result))) and (JC_19: - lt_int(integer_of_int32(result), integer_of_int32(n@))))))) } + lt_int(integer_of_int32(result), integer_of_int32(n))))))) } parameter binary_search_requires : - t_0:double_P pointer -> + t_0:doubleP pointer -> n:int32 -> v:double -> - double_P_t_2_alloc_table:double_P alloc_table -> - double_P_double_M_t_2:(double_P, double) memory -> + doubleP_t_2_alloc_table:doubleP alloc_table -> + doubleP_doubleM_t_2:(doubleP, double) memory -> { (JC_6: ((JC_1: ge_int(integer_of_int32(n), (0))) - and ((JC_2: le_int(offset_min(double_P_t_2_alloc_table, t_0), (0))) + and ((JC_2: le_int(offset_min(doubleP_t_2_alloc_table, t_0), (0))) and ((JC_3: - ge_int(offset_max(double_P_t_2_alloc_table, t_0), + ge_int(offset_max(doubleP_t_2_alloc_table, t_0), sub_int(integer_of_int32(n), (1)))) and ((JC_4: (not double_is_NaN(v))) and (JC_5: (forall i_0:int. ((le_int((0), i_0) and le_int(i_0, sub_int(integer_of_int32(n), (1)))) -> - (not double_is_NaN(select(double_P_double_M_t_2, + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0))))))))))))} int32 - { ((sorted(t_0@, (0), sub_int(integer_of_int32(n@), (1)), - double_P_double_M_t_2@) -> + { ((sorted(t_0, (0), sub_int(integer_of_int32(n), (1)), + doubleP_doubleM_t_2) -> (JC_26: - (eq_int(integer_of_int32(result), neg_int((1))) -> + ((integer_of_int32(result) = neg_int((1))) -> (forall k_1:int. - ((le_int((0), k_1) and lt_int(k_1, integer_of_int32(n@))) -> - ne_double(select(double_P_double_M_t_2, shift(t_0@, k_1)), v@)))))) + ((le_int((0), k_1) and lt_int(k_1, integer_of_int32(n))) -> + ne_double_full(select(doubleP_doubleM_t_2, shift(t_0, k_1)), v)))))) and ((JC_24: (ge_int(integer_of_int32(result), (0)) -> - eq_double(select(double_P_double_M_t_2, - shift(t_0@, integer_of_int32(result))), - v@))) + eq_double_full(select(doubleP_doubleM_t_2, + shift(t_0, integer_of_int32(result))), + v))) and (JC_20: ((JC_18: le_int(neg_int((1)), integer_of_int32(result))) and (JC_19: - lt_int(integer_of_int32(result), integer_of_int32(n@))))))) } + lt_int(integer_of_int32(result), integer_of_int32(n))))))) } parameter int32_of_integer_ : x:int -> @@ -1629,19 +1536,19 @@ x:int -> { } int8 { eq_int(integer_of_int8(result), x) } let binary_search_ensures_default = - fun (t_0 : double_P pointer) (n : int32) (v : double) (double_P_t_2_alloc_table : double_P alloc_table) (double_P_double_M_t_2 : (double_P, double) memory) -> + fun (t_0 : doubleP pointer) (n : int32) (v : double) (doubleP_t_2_alloc_table : doubleP alloc_table) (doubleP_doubleM_t_2 : (doubleP, double) memory) -> { (JC_13: ((JC_8: ge_int(integer_of_int32(n), (0))) - and ((JC_9: le_int(offset_min(double_P_t_2_alloc_table, t_0), (0))) + and ((JC_9: le_int(offset_min(doubleP_t_2_alloc_table, t_0), (0))) and ((JC_10: - ge_int(offset_max(double_P_t_2_alloc_table, t_0), + ge_int(offset_max(doubleP_t_2_alloc_table, t_0), sub_int(integer_of_int32(n), (1)))) and ((JC_11: (not double_is_NaN(v))) and (JC_12: (forall i_0:int. ((le_int((0), i_0) and le_int(i_0, sub_int(integer_of_int32(n), (1)))) -> - (not double_is_NaN(select(double_P_double_M_t_2, + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) } (init: (let return = ref (any_int32 void) in @@ -1652,10 +1559,8 @@ (let m = ref (any_int32 void) in (let __retres = ref (any_int32 void) in try - (let jessie_ = begin try - (let jessie_ = (C_1: (C_4: begin @@ -1668,22 +1573,18 @@ (loop_2: while true do { invariant - (JC_50: - ((JC_48: le_int((0), integer_of_int32(l))) - and (JC_49: + (JC_48: + ((JC_46: le_int((0), integer_of_int32(l))) + and (JC_47: le_int(integer_of_int32(u), sub_int(integer_of_int32(n), (1)))))) } begin [ { } unit { true } ]; try - (let jessie_ = (C_17: begin (if ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = (m := (C_16: (safe_int32_of_integer_ (C_15: @@ -1691,7 +1592,7 @@ (integer_of_int32 (C_14: (safe_int32_of_integer_ (C_13: - (JC_54: + (JC_52: ((computer_div (integer_of_int32 (C_12: @@ -1702,74 +1603,70 @@ (integer_of_int32 !l))))))) (2)))))))))))) in void); (assert - { (JC_57: - ((JC_55: le_int(integer_of_int32(l), integer_of_int32(m))) - and (JC_56: le_int(integer_of_int32(m), integer_of_int32(u))))) }; + { (JC_55: + ((JC_53: le_int(integer_of_int32(l), integer_of_int32(m))) + and (JC_54: le_int(integer_of_int32(m), integer_of_int32(u))))) }; void); void; - (if ((lt_double (C_32: - ((safe_acc_ double_P_double_M_t_2) (C_31: - ((shift t_0) - (integer_of_int32 !m)))))) v) + (if ((lt_double_ (C_31: + ((safe_acc_ doubleP_doubleM_t_2) (C_30: + ((shift t_0) + (integer_of_int32 !m)))))) v) then (let jessie_ = - (C_30: - (l := (C_29: - (safe_int32_of_integer_ (C_28: + (C_29: + (l := (C_28: + (safe_int32_of_integer_ (C_27: ((add_int (integer_of_int32 !m)) (1))))))) in void) else - (if ((gt_double (C_27: - ((safe_acc_ double_P_double_M_t_2) (C_26: - ((shift t_0) - (integer_of_int32 !m)))))) v) + (if ((gt_double_ (C_26: + ((safe_acc_ doubleP_doubleM_t_2) (C_25: + ((shift t_0) + (integer_of_int32 !m)))))) v) then (let jessie_ = - (C_25: - (u := (C_24: - (safe_int32_of_integer_ (C_23: + (C_24: + (u := (C_23: + (safe_int32_of_integer_ (C_22: ((sub_int (integer_of_int32 !m)) (1))))))) in void) else - (let jessie_ = - (C_22: + (C_21: begin - (assert { (JC_58: neq_int((0), (0))) }; void); void; - (let jessie_ = (__retres := !m) in void); - (raise (Return_label_exc void)) end) in void))); - (raise (Loop_continue_exc void)) end) in void) with + (let jessie_ = (__retres := !m) in void); + (raise (Return_label_exc void)) end))); + (raise (Loop_continue_exc void)) end) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (let jessie_ = (while_0_break: - (C_34: + (C_32: begin - void; (assert { (JC_59: neq_int((0), (0))) }; void); void; - (__retres := (safe_int32_of_integer_ (neg_int (1)))); !__retres end)) in - void) end; (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> + void; (__retres := (safe_int32_of_integer_ (neg_int (1)))); + !__retres end)) in void) end; (raise (Return_label_exc void)) end + with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end)))); absurd end with Return -> !return end)) { (JC_17: ((JC_15: le_int(neg_int((1)), integer_of_int32(result))) - and (JC_16: lt_int(integer_of_int32(result), integer_of_int32(n@))))) } + and (JC_16: lt_int(integer_of_int32(result), integer_of_int32(n))))) } let binary_search_ensures_failure = - fun (t_0 : double_P pointer) (n : int32) (v : double) (double_P_t_2_alloc_table : double_P alloc_table) (double_P_double_M_t_2 : (double_P, double) memory) -> - { (sorted(t_0, (0), sub_int(integer_of_int32(n), (1)), - double_P_double_M_t_2) + fun (t_0 : doubleP pointer) (n : int32) (v : double) (doubleP_t_2_alloc_table : doubleP alloc_table) (doubleP_doubleM_t_2 : (doubleP, double) memory) -> + { (sorted(t_0, (0), sub_int(integer_of_int32(n), (1)), doubleP_doubleM_t_2) and (JC_13: ((JC_8: ge_int(integer_of_int32(n), (0))) - and ((JC_9: le_int(offset_min(double_P_t_2_alloc_table, t_0), (0))) + and ((JC_9: le_int(offset_min(doubleP_t_2_alloc_table, t_0), (0))) and ((JC_10: - ge_int(offset_max(double_P_t_2_alloc_table, t_0), + ge_int(offset_max(doubleP_t_2_alloc_table, t_0), sub_int(integer_of_int32(n), (1)))) and ((JC_11: (not double_is_NaN(v))) and (JC_12: (forall i_0:int. ((le_int((0), i_0) and le_int(i_0, sub_int(integer_of_int32(n), (1)))) -> - (not double_is_NaN(select(double_P_double_M_t_2, + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0))))))))))))) } (init: (let return = ref (any_int32 void) in @@ -1780,10 +1677,8 @@ (let m = ref (any_int32 void) in (let __retres = ref (any_int32 void) in try - (let jessie_ = begin try - (let jessie_ = (C_1: (C_4: begin @@ -1796,32 +1691,29 @@ (loop_4: while true do { invariant - ((JC_72: + ((JC_66: (forall k_0:int. ((lt_int(integer_of_int32(u), k_0) and le_int(k_0, sub_int(integer_of_int32(n), (1)))) -> - lt_double(v, select(double_P_double_M_t_2, shift(t_0, k_0)))))) - and (JC_73: + lt_double_full(v, + select(doubleP_doubleM_t_2, shift(t_0, k_0)))))) + and (JC_67: (forall k:int. ((le_int((0), k) and lt_int(k, integer_of_int32(l))) -> - lt_double(select(double_P_double_M_t_2, shift(t_0, k)), + lt_double_full(select(doubleP_doubleM_t_2, shift(t_0, k)), v))))) } begin [ { } unit reads l,u - { (JC_76: - ((JC_74: le_int((0), integer_of_int32(l))) - and (JC_75: + { (JC_70: + ((JC_68: le_int((0), integer_of_int32(l))) + and (JC_69: le_int(integer_of_int32(u), sub_int(integer_of_int32(n), (1)))))) } ]; try - (let jessie_ = (C_17: begin (if ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = (m := (C_16: (safe_int32_of_integer_ (C_15: @@ -1829,7 +1721,7 @@ (integer_of_int32 (C_14: (safe_int32_of_integer_ (C_13: - (JC_80: + (JC_74: ((computer_div (integer_of_int32 (C_12: @@ -1840,75 +1732,72 @@ (integer_of_int32 !l))))))) (2)))))))))))) in void); [ { } unit reads l,m,u - { (JC_83: - ((JC_81: le_int(integer_of_int32(l), integer_of_int32(m))) - and (JC_82: + { (JC_77: + ((JC_75: le_int(integer_of_int32(l), integer_of_int32(m))) + and (JC_76: le_int(integer_of_int32(m), integer_of_int32(u))))) } ]; void; - (if ((lt_double (C_32: - ((safe_acc_ double_P_double_M_t_2) (C_31: - ((shift t_0) - (integer_of_int32 !m)))))) v) + (if ((lt_double_ (C_31: + ((safe_acc_ doubleP_doubleM_t_2) (C_30: + ((shift t_0) + (integer_of_int32 !m)))))) v) then (let jessie_ = - (C_30: - (l := (C_29: - (safe_int32_of_integer_ (C_28: + (C_29: + (l := (C_28: + (safe_int32_of_integer_ (C_27: ((add_int (integer_of_int32 !m)) (1))))))) in void) else - (if ((gt_double (C_27: - ((safe_acc_ double_P_double_M_t_2) (C_26: - ((shift t_0) - (integer_of_int32 !m)))))) v) + (if ((gt_double_ (C_26: + ((safe_acc_ doubleP_doubleM_t_2) (C_25: + ((shift t_0) + (integer_of_int32 !m)))))) v) then (let jessie_ = - (C_25: - (u := (C_24: - (safe_int32_of_integer_ (C_23: + (C_24: + (u := (C_23: + (safe_int32_of_integer_ (C_22: ((sub_int (integer_of_int32 !m)) (1))))))) in void) else - (let jessie_ = - (C_22: + (C_21: begin - [ { } unit { (JC_84: neq_int((0), (0))) } ]; void; - (let jessie_ = (__retres := !m) in void); - (raise (Return_label_exc void)) end) in void))); - (raise (Loop_continue_exc void)) end) in void) with + (let jessie_ = (__retres := !m) in void); + (raise (Return_label_exc void)) end))); + (raise (Loop_continue_exc void)) end) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (let jessie_ = (while_0_break: - (C_34: + (C_32: begin - void; [ { } unit { (JC_85: neq_int((0), (0))) } ]; void; - (__retres := (safe_int32_of_integer_ (neg_int (1)))); !__retres end)) in - void) end; (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> + void; (__retres := (safe_int32_of_integer_ (neg_int (1)))); + !__retres end)) in void) end; (raise (Return_label_exc void)) end + with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end)))); absurd end with Return -> !return end)) { (JC_25: - (eq_int(integer_of_int32(result), neg_int((1))) -> + ((integer_of_int32(result) = neg_int((1))) -> (forall k_1:int. - ((le_int((0), k_1) and lt_int(k_1, integer_of_int32(n@))) -> - ne_double(select(double_P_double_M_t_2, shift(t_0@, k_1)), v@))))) } + ((le_int((0), k_1) and lt_int(k_1, integer_of_int32(n))) -> + ne_double_full(select(doubleP_doubleM_t_2, shift(t_0, k_1)), v))))) } let binary_search_ensures_success = - fun (t_0 : double_P pointer) (n : int32) (v : double) (double_P_t_2_alloc_table : double_P alloc_table) (double_P_double_M_t_2 : (double_P, double) memory) -> + fun (t_0 : doubleP pointer) (n : int32) (v : double) (doubleP_t_2_alloc_table : doubleP alloc_table) (doubleP_doubleM_t_2 : (doubleP, double) memory) -> { (JC_13: ((JC_8: ge_int(integer_of_int32(n), (0))) - and ((JC_9: le_int(offset_min(double_P_t_2_alloc_table, t_0), (0))) + and ((JC_9: le_int(offset_min(doubleP_t_2_alloc_table, t_0), (0))) and ((JC_10: - ge_int(offset_max(double_P_t_2_alloc_table, t_0), + ge_int(offset_max(doubleP_t_2_alloc_table, t_0), sub_int(integer_of_int32(n), (1)))) and ((JC_11: (not double_is_NaN(v))) and (JC_12: (forall i_0:int. ((le_int((0), i_0) and le_int(i_0, sub_int(integer_of_int32(n), (1)))) -> - (not double_is_NaN(select(double_P_double_M_t_2, + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) } (init: (let return = ref (any_int32 void) in @@ -1919,10 +1808,8 @@ (let m = ref (any_int32 void) in (let __retres = ref (any_int32 void) in try - (let jessie_ = begin try - (let jessie_ = (C_1: (C_4: begin @@ -1934,23 +1821,19 @@ void); (loop_3: while true do - { invariant (JC_64: true) } + { invariant (JC_60: true) } begin [ { } unit reads l,u - { (JC_62: - ((JC_60: le_int((0), integer_of_int32(l))) - and (JC_61: + { (JC_58: + ((JC_56: le_int((0), integer_of_int32(l))) + and (JC_57: le_int(integer_of_int32(u), sub_int(integer_of_int32(n), (1)))))) } ]; try - (let jessie_ = (C_17: begin (if ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = (m := (C_16: (safe_int32_of_integer_ (C_15: @@ -1958,7 +1841,7 @@ (integer_of_int32 (C_14: (safe_int32_of_integer_ (C_13: - (JC_66: + (JC_62: ((computer_div (integer_of_int32 (C_12: @@ -1969,75 +1852,72 @@ (integer_of_int32 !l))))))) (2)))))))))))) in void); [ { } unit reads l,m,u - { (JC_69: - ((JC_67: le_int(integer_of_int32(l), integer_of_int32(m))) - and (JC_68: + { (JC_65: + ((JC_63: le_int(integer_of_int32(l), integer_of_int32(m))) + and (JC_64: le_int(integer_of_int32(m), integer_of_int32(u))))) } ]; void; - (if ((lt_double (C_32: - ((safe_acc_ double_P_double_M_t_2) (C_31: - ((shift t_0) - (integer_of_int32 !m)))))) v) + (if ((lt_double_ (C_31: + ((safe_acc_ doubleP_doubleM_t_2) (C_30: + ((shift t_0) + (integer_of_int32 !m)))))) v) then (let jessie_ = - (C_30: - (l := (C_29: - (safe_int32_of_integer_ (C_28: + (C_29: + (l := (C_28: + (safe_int32_of_integer_ (C_27: ((add_int (integer_of_int32 !m)) (1))))))) in void) else - (if ((gt_double (C_27: - ((safe_acc_ double_P_double_M_t_2) (C_26: - ((shift t_0) - (integer_of_int32 !m)))))) v) + (if ((gt_double_ (C_26: + ((safe_acc_ doubleP_doubleM_t_2) (C_25: + ((shift t_0) + (integer_of_int32 !m)))))) v) then (let jessie_ = - (C_25: - (u := (C_24: - (safe_int32_of_integer_ (C_23: + (C_24: + (u := (C_23: + (safe_int32_of_integer_ (C_22: ((sub_int (integer_of_int32 !m)) (1))))))) in void) else - (let jessie_ = - (C_22: + (C_21: begin - [ { } unit { (JC_70: neq_int((0), (0))) } ]; void; - (let jessie_ = (__retres := !m) in void); - (raise (Return_label_exc void)) end) in void))); - (raise (Loop_continue_exc void)) end) in void) with + (let jessie_ = (__retres := !m) in void); + (raise (Return_label_exc void)) end))); + (raise (Loop_continue_exc void)) end) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (let jessie_ = (while_0_break: - (C_34: + (C_32: begin - void; [ { } unit { (JC_71: neq_int((0), (0))) } ]; void; - (__retres := (safe_int32_of_integer_ (neg_int (1)))); !__retres end)) in - void) end; (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> + void; (__retres := (safe_int32_of_integer_ (neg_int (1)))); + !__retres end)) in void) end; (raise (Return_label_exc void)) end + with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end)))); absurd end with Return -> !return end)) { (JC_23: (ge_int(integer_of_int32(result), (0)) -> - eq_double(select(double_P_double_M_t_2, - shift(t_0@, integer_of_int32(result))), - v@))) } + eq_double_full(select(doubleP_doubleM_t_2, + shift(t_0, integer_of_int32(result))), + v))) } let binary_search_safety = - fun (t_0 : double_P pointer) (n : int32) (v : double) (double_P_t_2_alloc_table : double_P alloc_table) (double_P_double_M_t_2 : (double_P, double) memory) -> + fun (t_0 : doubleP pointer) (n : int32) (v : double) (doubleP_t_2_alloc_table : doubleP alloc_table) (doubleP_doubleM_t_2 : (doubleP, double) memory) -> { (JC_13: ((JC_8: ge_int(integer_of_int32(n), (0))) - and ((JC_9: le_int(offset_min(double_P_t_2_alloc_table, t_0), (0))) + and ((JC_9: le_int(offset_min(doubleP_t_2_alloc_table, t_0), (0))) and ((JC_10: - ge_int(offset_max(double_P_t_2_alloc_table, t_0), + ge_int(offset_max(doubleP_t_2_alloc_table, t_0), sub_int(integer_of_int32(n), (1)))) and ((JC_11: (not double_is_NaN(v))) and (JC_12: (forall i_0:int. ((le_int((0), i_0) and le_int(i_0, sub_int(integer_of_int32(n), (1)))) -> - (not double_is_NaN(select(double_P_double_M_t_2, + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) } (init: (let return = ref (any_int32 void) in @@ -2048,10 +1928,8 @@ (let m = ref (any_int32 void) in (let __retres = ref (any_int32 void) in try - (let jessie_ = begin try - (let jessie_ = (C_1: (C_4: begin @@ -2065,7 +1943,7 @@ (loop_1: while true do { invariant (JC_32: true) - variant (JC_46 : sub_int(integer_of_int32(u), + variant (JC_45 : sub_int(integer_of_int32(u), integer_of_int32(l))) } begin [ { } unit reads l,u @@ -2075,14 +1953,10 @@ le_int(integer_of_int32(u), sub_int(integer_of_int32(n), (1)))))) } ]; try - (let jessie_ = (C_17: begin (if ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = (m := (C_16: (JC_37: @@ -2109,50 +1983,47 @@ and (JC_39: le_int(integer_of_int32(m), integer_of_int32(u))))) } ]; void; - (if ((lt_double (C_32: - (JC_41: - ((((offset_acc_ double_P_t_2_alloc_table) double_P_double_M_t_2) t_0) - (integer_of_int32 !m))))) v) + (if ((lt_double_ (C_31: + (JC_41: + ((((offset_acc_ doubleP_t_2_alloc_table) doubleP_doubleM_t_2) t_0) + (integer_of_int32 !m))))) v) then (let jessie_ = - (C_30: - (l := (C_29: + (C_29: + (l := (C_28: (JC_42: - (int32_of_integer_ (C_28: + (int32_of_integer_ (C_27: ((add_int (integer_of_int32 !m)) (1)))))))) in void) else - (if ((gt_double (C_27: - (JC_43: - ((((offset_acc_ double_P_t_2_alloc_table) double_P_double_M_t_2) t_0) - (integer_of_int32 !m))))) v) + (if ((gt_double_ (C_26: + (JC_43: + ((((offset_acc_ doubleP_t_2_alloc_table) doubleP_doubleM_t_2) t_0) + (integer_of_int32 !m))))) v) then (let jessie_ = - (C_25: - (u := (C_24: + (C_24: + (u := (C_23: (JC_44: - (int32_of_integer_ (C_23: + (int32_of_integer_ (C_22: ((sub_int (integer_of_int32 !m)) (1)))))))) in void) else - (let jessie_ = - (C_22: + (C_21: begin - [ { } unit { (JC_45: neq_int((0), (0))) } ]; void; - (let jessie_ = (__retres := !m) in void); - (raise (Return_label_exc void)) end) in void))); - (raise (Loop_continue_exc void)) end) in void) with + (let jessie_ = (__retres := !m) in void); + (raise (Return_label_exc void)) end))); + (raise (Loop_continue_exc void)) end) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (let jessie_ = (while_0_break: - (C_34: + (C_32: begin - void; [ { } unit { (JC_47: neq_int((0), (0))) } ]; void; - (__retres := (safe_int32_of_integer_ (neg_int (1)))); !__retres end)) in - void) end; (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> + void; (__retres := (safe_int32_of_integer_ (neg_int (1)))); + !__retres end)) in void) end; (raise (Return_label_exc void)) end + with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end)))); absurd end with Return -> !return end)) { true } @@ -3206,6 +3077,10 @@ ((((-9007199254740992) <= i) and (i <= 9007199254740992)) -> (round_double(m, real_of_int(i)) = real_of_int(i))))) +axiom exact_round_double_for_doubles: + (forall x:double. + (forall m:mode. (round_double(m, double_value(x)) = double_value(x)))) + axiom round_double_idempotent: (forall m1:mode. (forall m2:mode. @@ -3262,6 +3137,10 @@ ((((-16777216) <= i) and (i <= 16777216)) -> (round_single(m, real_of_int(i)) = real_of_int(i))))) +axiom exact_round_single_for_singles: + (forall x:single. + (forall m:mode. (round_single(m, single_value(x)) = single_value(x)))) + axiom round_single_idempotent: (forall m1:mode. (forall m2:mode. @@ -3278,18 +3157,6 @@ axiom round_up_single_ge: (forall x:real. (round_single(up, x) >= x)) -logic single_to_double : single -> double - -logic double_to_single : mode, double -> single - -axiom single_to_double_val: - (forall s:single. (double_value(single_to_double(s)) = single_value(s))) - -axiom double_to_single_val: - (forall m:mode. - (forall d:double. (single_value(double_to_single(m, d)) = round_single(m, - double_value(d))))) - function min_single() : real = 0x1.p-149 function min_double() : real = 0x1.p-1074 @@ -3657,13 +3524,13 @@ (((m = down) -> (double_sign(x) = Negative)) and ((m <> down) -> (double_sign(x) = Positive)))) -predicate le_single(x: single, y: single) = +predicate le_single_full(x: single, y: single) = ((single_is_finite(x) and (single_is_finite(y) and (single_value(x) <= single_value(y)))) or ((single_is_minus_infinity(x) and single_is_not_NaN(y)) or (single_is_not_NaN(x) and single_is_plus_infinity(y)))) -predicate lt_single(x: single, y: single) = +predicate lt_single_full(x: single, y: single) = ((single_is_finite(x) and (single_is_finite(y) and (single_value(x) < single_value(y)))) or ((single_is_minus_infinity(x) and @@ -3671,11 +3538,11 @@ (single_is_not_NaN(x) and ((not single_is_plus_infinity(x)) and single_is_plus_infinity(y))))) -predicate ge_single(x: single, y: single) = le_single(y, x) +predicate ge_single_full(x: single, y: single) = le_single_full(y, x) -predicate gt_single(x: single, y: single) = lt_single(y, x) +predicate gt_single_full(x: single, y: single) = lt_single_full(y, x) -predicate eq_single(x: single, y: single) = +predicate eq_single_full(x: single, y: single) = (single_is_not_NaN(x) and (single_is_not_NaN(y) and ((single_is_finite(x) and @@ -3683,15 +3550,15 @@ (single_is_infinite(x) and (single_is_infinite(y) and single_same_sign(x, y)))))) -predicate ne_single(x: single, y: single) = (not eq_single(x, y)) +predicate ne_single_full(x: single, y: single) = (not eq_single_full(x, y)) -predicate le_double(x: double, y: double) = +predicate le_double_full(x: double, y: double) = ((double_is_finite(x) and (double_is_finite(y) and (double_value(x) <= double_value(y)))) or ((double_is_minus_infinity(x) and double_is_not_NaN(y)) or (double_is_not_NaN(x) and double_is_plus_infinity(y)))) -predicate lt_double(x: double, y: double) = +predicate lt_double_full(x: double, y: double) = ((double_is_finite(x) and (double_is_finite(y) and (double_value(x) < double_value(y)))) or ((double_is_minus_infinity(x) and @@ -3699,11 +3566,11 @@ (double_is_not_NaN(x) and ((not double_is_plus_infinity(x)) and double_is_plus_infinity(y))))) -predicate ge_double(x: double, y: double) = le_double(y, x) +predicate ge_double_full(x: double, y: double) = le_double_full(y, x) -predicate gt_double(x: double, y: double) = lt_double(y, x) +predicate gt_double_full(x: double, y: double) = lt_double_full(y, x) -predicate eq_double(x: double, y: double) = +predicate eq_double_full(x: double, y: double) = (double_is_not_NaN(x) and (double_is_not_NaN(y) and ((double_is_finite(x) and @@ -3711,19 +3578,21 @@ (double_is_infinite(x) and (double_is_infinite(y) and double_same_sign(x, y)))))) -predicate ne_double(x: double, y: double) = (not eq_double(x, y)) +predicate ne_double_full(x: double, y: double) = (not eq_double_full(x, y)) axiom le_lt_double_trans: (forall x:double. (forall y:double. (forall z:double. - ((le_double(x, y) and lt_double(y, z)) -> lt_double(x, z))))) + ((le_double_full(x, y) and lt_double_full(y, z)) -> lt_double_full(x, + z))))) axiom lt_le_double_trans: (forall x:double. (forall y:double. (forall z:double. - ((lt_double(x, y) and le_double(y, z)) -> lt_double(x, z))))) + ((lt_double_full(x, y) and le_double_full(y, z)) -> lt_double_full(x, + z))))) axiom round_single1: (forall m:mode. @@ -3861,9 +3730,9 @@ ((not double_is_gen_zero(x)) and (double_value(x) = double_value(y)))) -> (not double_is_gen_zero(y))))) -type char_P +type charP -type double_P +type doubleP type int32 @@ -3871,41 +3740,41 @@ type padding -type void_P +type voidP -logic char_P_tag : char_P tag_id +logic charP_tag : charP tag_id -axiom char_P_int: (int_of_tag(char_P_tag) = 1) +axiom charP_int: (int_of_tag(charP_tag) = 1) -logic char_P_of_pointer_address : unit pointer -> char_P pointer +logic charP_of_pointer_address : unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr: - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom: parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) -axiom char_P_tags: - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. instanceof(char_P_tag_table, - x, char_P_tag))) +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) -logic double_P_tag : double_P tag_id +logic doubleP_tag : doubleP tag_id -axiom double_P_int: (int_of_tag(double_P_tag) = 1) +axiom doubleP_int: (int_of_tag(doubleP_tag) = 1) -logic double_P_of_pointer_address : unit pointer -> double_P pointer +logic doubleP_of_pointer_address : unit pointer -> doubleP pointer -axiom double_P_of_pointer_address_of_pointer_addr: - (forall p:double_P pointer. - (p = double_P_of_pointer_address(pointer_address(p)))) +axiom doubleP_of_pointer_address_of_pointer_addr: + (forall p:doubleP pointer. + (p = doubleP_of_pointer_address(pointer_address(p)))) -axiom double_P_parenttag_bottom: parenttag(double_P_tag, bottom_tag) +axiom doubleP_parenttag_bottom: parenttag(doubleP_tag, bottom_tag) -axiom double_P_tags: - (forall x:double_P pointer. - (forall double_P_tag_table:double_P tag_table. - instanceof(double_P_tag_table, x, double_P_tag))) +axiom doubleP_tags: + (forall x:doubleP pointer. + (forall doubleP_tag_table:doubleP tag_table. + instanceof(doubleP_tag_table, x, doubleP_tag))) logic integer_of_int32 : int32 -> int @@ -3924,6 +3793,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -3936,163 +3810,150 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_int8(int8_of_integer(x)) = x))) +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + axiom int8_range: (forall x:int8. (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) -predicate left_valid_struct_char_P(p: char_P pointer, a: int, - char_P_alloc_table: char_P alloc_table) = (offset_min(char_P_alloc_table, +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, p) <= a) -predicate left_valid_struct_double_P(p: double_P pointer, a: int, - double_P_alloc_table: double_P alloc_table) = - (offset_min(double_P_alloc_table, p) <= a) +predicate left_valid_struct_doubleP(p: doubleP pointer, a: int, + doubleP_alloc_table: doubleP alloc_table) = + (offset_min(doubleP_alloc_table, p) <= a) -predicate left_valid_struct_void_P(p: void_P pointer, a: int, - void_P_alloc_table: void_P alloc_table) = (offset_min(void_P_alloc_table, +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, p) <= a) -axiom pointer_addr_of_char_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(char_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) -axiom pointer_addr_of_double_P_of_pointer_address: +axiom pointer_addr_of_doubleP_of_pointer_address: (forall p:unit pointer. - (p = pointer_address(double_P_of_pointer_address(p)))) + (p = pointer_address(doubleP_of_pointer_address(p)))) -logic void_P_of_pointer_address : unit pointer -> void_P pointer +logic voidP_of_pointer_address : unit pointer -> voidP pointer -axiom pointer_addr_of_void_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) -predicate right_valid_struct_char_P(p: char_P pointer, b: int, - char_P_alloc_table: char_P alloc_table) = (offset_max(char_P_alloc_table, +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, p) >= b) -predicate right_valid_struct_double_P(p: double_P pointer, b: int, - double_P_alloc_table: double_P alloc_table) = - (offset_max(double_P_alloc_table, p) >= b) +predicate right_valid_struct_doubleP(p: doubleP pointer, b: int, + doubleP_alloc_table: doubleP alloc_table) = + (offset_max(doubleP_alloc_table, p) >= b) -predicate right_valid_struct_void_P(p: void_P pointer, b: int, - void_P_alloc_table: void_P alloc_table) = (offset_max(void_P_alloc_table, +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, p) >= b) -predicate sorted(t: double_P pointer, a: int, b: int, - double_P_double_M_t_1_at_L: (double_P, double) memory) = +predicate sorted(t: doubleP pointer, a: int, b: int, + doubleP_doubleM_t_1_at_L: (doubleP, double) memory) = (forall i:int. (forall j:int. (((a <= i) and ((i <= j) and (j <= b))) -> - le_double(select(double_P_double_M_t_1_at_L, shift(t, i)), - select(double_P_double_M_t_1_at_L, shift(t, j)))))) + le_double_full(select(doubleP_doubleM_t_1_at_L, shift(t, i)), + select(doubleP_doubleM_t_1_at_L, shift(t, j)))))) -predicate strict_valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_double_P(p: double_P pointer, a: int, b: int, - double_P_alloc_table: double_P alloc_table) = - ((offset_min(double_P_alloc_table, p) = a) and - (offset_max(double_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_double_P(p: double_P pointer, a: int, b: int, - double_P_alloc_table: double_P alloc_table) = - ((offset_min(double_P_alloc_table, p) = a) and - (offset_max(double_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_double_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_double_P(p: double_P pointer, a: int, b: int, - double_P_alloc_table: double_P alloc_table) = - ((offset_min(double_P_alloc_table, p) <= a) and - (offset_max(double_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_double_P(p: double_P pointer, a: int, b: int, - double_P_alloc_table: double_P alloc_table) = - ((offset_min(double_P_alloc_table, p) <= a) and - (offset_max(double_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag : void_P tag_id - -axiom void_P_int: (int_of_tag(void_P_tag) = 1) - -axiom void_P_of_pointer_address_of_pointer_addr: - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom: parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags: - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. instanceof(void_P_tag_table, - x, void_P_tag))) +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_doubleP(p: doubleP pointer, a: int, b: int, + doubleP_alloc_table: doubleP alloc_table) = + ((offset_min(doubleP_alloc_table, p) = a) and + (offset_max(doubleP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_doubleP(p: doubleP pointer, a: int, b: int, + doubleP_alloc_table: doubleP alloc_table) = + ((offset_min(doubleP_alloc_table, p) = a) and + (offset_max(doubleP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_doubleP(p: doubleP pointer, a: int, b: int, + doubleP_alloc_table: doubleP alloc_table) = + ((offset_min(doubleP_alloc_table, p) <= a) and + (offset_max(doubleP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_doubleP(p: doubleP pointer, a: int, b: int, + doubleP_alloc_table: doubleP alloc_table) = + ((offset_min(doubleP_alloc_table, p) <= a) and + (offset_max(doubleP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) goal binary_search_ensures_default_po_1: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4101,25 +3962,25 @@ (integer_of_int32(result0) = (integer_of_int32(n) - 1)) -> forall u:int32. (u = result0) -> - ("JC_50": ("JC_48": ("JC_48": (0 <= integer_of_int32(l))))) + ("JC_48": ("JC_46": (0 <= integer_of_int32(l)))) goal binary_search_ensures_default_po_2: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4128,26 +3989,25 @@ (integer_of_int32(result0) = (integer_of_int32(n) - 1)) -> forall u:int32. (u = result0) -> - ("JC_50": - ("JC_49": ("JC_49": (integer_of_int32(u) <= (integer_of_int32(n) - 1))))) + ("JC_48": ("JC_47": (integer_of_int32(u) <= (integer_of_int32(n) - 1)))) goal binary_search_ensures_default_po_3: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4158,9 +4018,9 @@ (u = result0) -> forall l0:int32. forall u0:int32. - ("JC_50": - (("JC_48": (0 <= integer_of_int32(l0))) and - ("JC_49": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + ("JC_48": + (("JC_46": (0 <= integer_of_int32(l0))) and + ("JC_47": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4170,26 +4030,25 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_57": - ("JC_55": ("JC_55": (integer_of_int32(l0) <= integer_of_int32(m))))) + ("JC_55": ("JC_53": (integer_of_int32(l0) <= integer_of_int32(m)))) goal binary_search_ensures_default_po_4: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4200,9 +4059,9 @@ (u = result0) -> forall l0:int32. forall u0:int32. - ("JC_50": - (("JC_48": (0 <= integer_of_int32(l0))) and - ("JC_49": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + ("JC_48": + (("JC_46": (0 <= integer_of_int32(l0))) and + ("JC_47": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4212,26 +4071,25 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_57": - ("JC_56": ("JC_56": (integer_of_int32(m) <= integer_of_int32(u0))))) + ("JC_55": ("JC_54": (integer_of_int32(m) <= integer_of_int32(u0)))) goal binary_search_ensures_default_po_5: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4242,9 +4100,9 @@ (u = result0) -> forall l0:int32. forall u0:int32. - ("JC_50": - (("JC_48": (0 <= integer_of_int32(l0))) and - ("JC_49": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + ("JC_48": + (("JC_46": (0 <= integer_of_int32(l0))) and + ("JC_47": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4254,36 +4112,35 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_57": - (("JC_55": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_56": (integer_of_int32(m) <= integer_of_int32(u0))))) -> + ("JC_55": + (("JC_53": (integer_of_int32(l0) <= integer_of_int32(m))) and + ("JC_54": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - lt_double(result4, v) -> + (result4 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + lt_double_full(result4, v) -> forall result5:int32. (integer_of_int32(result5) = (integer_of_int32(m) + 1)) -> forall l1:int32. (l1 = result5) -> - ("JC_50": ("JC_48": ("JC_48": (0 <= integer_of_int32(l1))))) + ("JC_48": ("JC_46": (0 <= integer_of_int32(l1)))) goal binary_search_ensures_default_po_6: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4294,9 +4151,9 @@ (u = result0) -> forall l0:int32. forall u0:int32. - ("JC_50": - (("JC_48": (0 <= integer_of_int32(l0))) and - ("JC_49": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + ("JC_48": + (("JC_46": (0 <= integer_of_int32(l0))) and + ("JC_47": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4306,93 +4163,38 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_57": - (("JC_55": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_56": (integer_of_int32(m) <= integer_of_int32(u0))))) -> + ("JC_55": + (("JC_53": (integer_of_int32(l0) <= integer_of_int32(m))) and + ("JC_54": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result4, v)) -> + (result4 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result4, v)) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - gt_double(result5, v) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + gt_double_full(result5, v) -> forall result6:int32. (integer_of_int32(result6) = (integer_of_int32(m) - 1)) -> forall u1:int32. (u1 = result6) -> - ("JC_50": - ("JC_49": ("JC_49": (integer_of_int32(u1) <= (integer_of_int32(n) - 1))))) + ("JC_48": ("JC_47": (integer_of_int32(u1) <= (integer_of_int32(n) - 1)))) goal binary_search_ensures_default_po_7: - forall t_0:double_P pointer. - forall n:int32. - forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, - double) memory. - ("JC_13": - (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, - t_0) >= (integer_of_int32(n) - 1))) and - (("JC_11": (not double_is_NaN(v))) and - ("JC_12": - (forall i_0:int. - (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> - forall result:int32. - (integer_of_int32(result) = 0) -> - forall l:int32. - (l = result) -> - forall result0:int32. - (integer_of_int32(result0) = (integer_of_int32(n) - 1)) -> - forall u:int32. - (u = result0) -> - forall l0:int32. - forall u0:int32. - ("JC_50": - (("JC_48": (0 <= integer_of_int32(l0))) and - ("JC_49": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> - (integer_of_int32(l0) <= integer_of_int32(u0)) -> - forall result1:int32. - (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> - forall result2:int32. - (integer_of_int32(result2) = computer_div(integer_of_int32(result1), 2)) -> - forall result3:int32. - (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> - forall m:int32. - (m = result3) -> - ("JC_57": - (("JC_55": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_56": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result4, v)) -> - forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not gt_double(result5, v)) -> - ("JC_58": ("JC_58": (0 <> 0))) - -goal binary_search_ensures_default_po_8: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4403,9 +4205,9 @@ (u = result0) -> forall l0:int32. forall u0:int32. - ("JC_50": - (("JC_48": (0 <= integer_of_int32(l0))) and - ("JC_49": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + ("JC_48": + (("JC_46": (0 <= integer_of_int32(l0))) and + ("JC_47": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4415,41 +4217,38 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_57": - (("JC_55": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_56": (integer_of_int32(m) <= integer_of_int32(u0))))) -> + ("JC_55": + (("JC_53": (integer_of_int32(l0) <= integer_of_int32(m))) and + ("JC_54": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result4, v)) -> + (result4 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result4, v)) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not gt_double(result5, v)) -> - ("JC_58": (0 <> 0)) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not gt_double_full(result5, v)) -> forall __retres:int32. (__retres = m) -> forall return:int32. (return = __retres) -> - ("JC_17": ("JC_15": ("JC_15": ((-1) <= integer_of_int32(return))))) + ("JC_17": ("JC_15": ((-1) <= integer_of_int32(return)))) -goal binary_search_ensures_default_po_9: - forall t_0:double_P pointer. +goal binary_search_ensures_default_po_8: + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4460,9 +4259,9 @@ (u = result0) -> forall l0:int32. forall u0:int32. - ("JC_50": - (("JC_48": (0 <= integer_of_int32(l0))) and - ("JC_49": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + ("JC_48": + (("JC_46": (0 <= integer_of_int32(l0))) and + ("JC_47": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4472,75 +4271,38 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_57": - (("JC_55": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_56": (integer_of_int32(m) <= integer_of_int32(u0))))) -> + ("JC_55": + (("JC_53": (integer_of_int32(l0) <= integer_of_int32(m))) and + ("JC_54": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result4, v)) -> + (result4 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result4, v)) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not gt_double(result5, v)) -> - ("JC_58": (0 <> 0)) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not gt_double_full(result5, v)) -> forall __retres:int32. (__retres = m) -> forall return:int32. (return = __retres) -> - ("JC_17": - ("JC_16": ("JC_16": (integer_of_int32(return) < integer_of_int32(n))))) + ("JC_17": ("JC_16": (integer_of_int32(return) < integer_of_int32(n)))) -goal binary_search_ensures_default_po_10: - forall t_0:double_P pointer. - forall n:int32. - forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, - double) memory. - ("JC_13": - (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, - t_0) >= (integer_of_int32(n) - 1))) and - (("JC_11": (not double_is_NaN(v))) and - ("JC_12": - (forall i_0:int. - (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> - forall result:int32. - (integer_of_int32(result) = 0) -> - forall l:int32. - (l = result) -> - forall result0:int32. - (integer_of_int32(result0) = (integer_of_int32(n) - 1)) -> - forall u:int32. - (u = result0) -> - forall l0:int32. - forall u0:int32. - ("JC_50": - (("JC_48": (0 <= integer_of_int32(l0))) and - ("JC_49": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> - (integer_of_int32(l0) > integer_of_int32(u0)) -> - ("JC_59": ("JC_59": (0 <> 0))) - -goal binary_search_ensures_default_po_11: - forall t_0:double_P pointer. +goal binary_search_ensures_default_po_9: + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4551,36 +4313,35 @@ (u = result0) -> forall l0:int32. forall u0:int32. - ("JC_50": - (("JC_48": (0 <= integer_of_int32(l0))) and - ("JC_49": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + ("JC_48": + (("JC_46": (0 <= integer_of_int32(l0))) and + ("JC_47": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) > integer_of_int32(u0)) -> - ("JC_59": (0 <> 0)) -> forall result1:int32. (integer_of_int32(result1) = (-1)) -> forall __retres:int32. (__retres = result1) -> forall return:int32. (return = __retres) -> - ("JC_17": ("JC_15": ("JC_15": ((-1) <= integer_of_int32(return))))) + ("JC_17": ("JC_15": ((-1) <= integer_of_int32(return)))) -goal binary_search_ensures_default_po_12: - forall t_0:double_P pointer. +goal binary_search_ensures_default_po_10: + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4591,38 +4352,36 @@ (u = result0) -> forall l0:int32. forall u0:int32. - ("JC_50": - (("JC_48": (0 <= integer_of_int32(l0))) and - ("JC_49": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + ("JC_48": + (("JC_46": (0 <= integer_of_int32(l0))) and + ("JC_47": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) > integer_of_int32(u0)) -> - ("JC_59": (0 <> 0)) -> forall result1:int32. (integer_of_int32(result1) = (-1)) -> forall __retres:int32. (__retres = result1) -> forall return:int32. (return = __retres) -> - ("JC_17": - ("JC_16": ("JC_16": (integer_of_int32(return) < integer_of_int32(n))))) + ("JC_17": ("JC_16": (integer_of_int32(return) < integer_of_int32(n)))) goal binary_search_ensures_failure_po_1: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), double_P_double_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), doubleP_doubleM_t_2) and ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0))))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0))))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4631,30 +4390,28 @@ (integer_of_int32(result0) = (integer_of_int32(n) - 1)) -> forall u:int32. (u = result0) -> - ("JC_72": - ("JC_72": - (forall k_0:int. - (((integer_of_int32(u) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> - lt_double(v, select(double_P_double_M_t_2, shift(t_0, k_0))))))) + forall k_0:int. + ((integer_of_int32(u) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> + ("JC_66": lt_double_full(v, select(doubleP_doubleM_t_2, shift(t_0, k_0)))) goal binary_search_ensures_failure_po_2: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), double_P_double_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), doubleP_doubleM_t_2) and ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0))))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0))))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4663,30 +4420,28 @@ (integer_of_int32(result0) = (integer_of_int32(n) - 1)) -> forall u:int32. (u = result0) -> - ("JC_73": - ("JC_73": - (forall k:int. - (((0 <= k) and (k < integer_of_int32(l))) -> - lt_double(select(double_P_double_M_t_2, shift(t_0, k)), v))))) + forall k:int. + ((0 <= k) and (k < integer_of_int32(l))) -> + ("JC_67": lt_double_full(select(doubleP_doubleM_t_2, shift(t_0, k)), v)) goal binary_search_ensures_failure_po_3: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), double_P_double_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), doubleP_doubleM_t_2) and ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0))))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0))))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4697,17 +4452,17 @@ (u = result0) -> forall l0:int32. forall u0:int32. - (("JC_72": + (("JC_66": (forall k_0:int. (((integer_of_int32(u0) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> - lt_double(v, select(double_P_double_M_t_2, shift(t_0, k_0)))))) and - ("JC_73": + lt_double_full(v, select(doubleP_doubleM_t_2, shift(t_0, k_0)))))) and + ("JC_67": (forall k:int. (((0 <= k) and (k < integer_of_int32(l0))) -> - lt_double(select(double_P_double_M_t_2, shift(t_0, k)), v))))) -> - ("JC_76": - (("JC_74": (0 <= integer_of_int32(l0))) and - ("JC_75": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + lt_double_full(select(doubleP_doubleM_t_2, shift(t_0, k)), v))))) -> + ("JC_70": + (("JC_68": (0 <= integer_of_int32(l0))) and + ("JC_69": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4717,41 +4472,38 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_83": - (("JC_81": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_82": (integer_of_int32(m) <= integer_of_int32(u0))))) -> + ("JC_77": + (("JC_75": (integer_of_int32(l0) <= integer_of_int32(m))) and + ("JC_76": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - lt_double(result4, v) -> + (result4 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + lt_double_full(result4, v) -> forall result5:int32. (integer_of_int32(result5) = (integer_of_int32(m) + 1)) -> forall l1:int32. (l1 = result5) -> - ("JC_72": - ("JC_72": - (forall k_0:int. - (((integer_of_int32(u0) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> - lt_double(v, select(double_P_double_M_t_2, shift(t_0, k_0))))))) + forall k_0:int. + ((integer_of_int32(u0) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> + ("JC_66": lt_double_full(v, select(doubleP_doubleM_t_2, shift(t_0, k_0)))) goal binary_search_ensures_failure_po_4: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), double_P_double_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), doubleP_doubleM_t_2) and ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0))))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0))))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4762,17 +4514,17 @@ (u = result0) -> forall l0:int32. forall u0:int32. - (("JC_72": + (("JC_66": (forall k_0:int. (((integer_of_int32(u0) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> - lt_double(v, select(double_P_double_M_t_2, shift(t_0, k_0)))))) and - ("JC_73": + lt_double_full(v, select(doubleP_doubleM_t_2, shift(t_0, k_0)))))) and + ("JC_67": (forall k:int. (((0 <= k) and (k < integer_of_int32(l0))) -> - lt_double(select(double_P_double_M_t_2, shift(t_0, k)), v))))) -> - ("JC_76": - (("JC_74": (0 <= integer_of_int32(l0))) and - ("JC_75": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + lt_double_full(select(doubleP_doubleM_t_2, shift(t_0, k)), v))))) -> + ("JC_70": + (("JC_68": (0 <= integer_of_int32(l0))) and + ("JC_69": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4782,41 +4534,38 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_83": - (("JC_81": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_82": (integer_of_int32(m) <= integer_of_int32(u0))))) -> + ("JC_77": + (("JC_75": (integer_of_int32(l0) <= integer_of_int32(m))) and + ("JC_76": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - lt_double(result4, v) -> + (result4 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + lt_double_full(result4, v) -> forall result5:int32. (integer_of_int32(result5) = (integer_of_int32(m) + 1)) -> forall l1:int32. (l1 = result5) -> - ("JC_73": - ("JC_73": - (forall k:int. - (((0 <= k) and (k < integer_of_int32(l1))) -> - lt_double(select(double_P_double_M_t_2, shift(t_0, k)), v))))) + forall k:int. + ((0 <= k) and (k < integer_of_int32(l1))) -> + ("JC_67": lt_double_full(select(doubleP_doubleM_t_2, shift(t_0, k)), v)) goal binary_search_ensures_failure_po_5: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), double_P_double_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), doubleP_doubleM_t_2) and ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0))))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0))))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4827,17 +4576,17 @@ (u = result0) -> forall l0:int32. forall u0:int32. - (("JC_72": + (("JC_66": (forall k_0:int. (((integer_of_int32(u0) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> - lt_double(v, select(double_P_double_M_t_2, shift(t_0, k_0)))))) and - ("JC_73": + lt_double_full(v, select(doubleP_doubleM_t_2, shift(t_0, k_0)))))) and + ("JC_67": (forall k:int. (((0 <= k) and (k < integer_of_int32(l0))) -> - lt_double(select(double_P_double_M_t_2, shift(t_0, k)), v))))) -> - ("JC_76": - (("JC_74": (0 <= integer_of_int32(l0))) and - ("JC_75": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + lt_double_full(select(doubleP_doubleM_t_2, shift(t_0, k)), v))))) -> + ("JC_70": + (("JC_68": (0 <= integer_of_int32(l0))) and + ("JC_69": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4847,45 +4596,41 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_83": - (("JC_81": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_82": (integer_of_int32(m) <= integer_of_int32(u0))))) -> + ("JC_77": + (("JC_75": (integer_of_int32(l0) <= integer_of_int32(m))) and + ("JC_76": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result4, v)) -> + (result4 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result4, v)) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - gt_double(result5, v) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + gt_double_full(result5, v) -> forall result6:int32. (integer_of_int32(result6) = (integer_of_int32(m) - 1)) -> forall u1:int32. (u1 = result6) -> - ("JC_72": - ("JC_72": - (forall k_0:int. - (((integer_of_int32(u1) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> - lt_double(v, select(double_P_double_M_t_2, shift(t_0, k_0))))))) + forall k_0:int. + ((integer_of_int32(u1) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> + ("JC_66": lt_double_full(v, select(doubleP_doubleM_t_2, shift(t_0, k_0)))) goal binary_search_ensures_failure_po_6: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), double_P_double_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), doubleP_doubleM_t_2) and ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0))))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0))))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4896,17 +4641,17 @@ (u = result0) -> forall l0:int32. forall u0:int32. - (("JC_72": + (("JC_66": (forall k_0:int. (((integer_of_int32(u0) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> - lt_double(v, select(double_P_double_M_t_2, shift(t_0, k_0)))))) and - ("JC_73": + lt_double_full(v, select(doubleP_doubleM_t_2, shift(t_0, k_0)))))) and + ("JC_67": (forall k:int. (((0 <= k) and (k < integer_of_int32(l0))) -> - lt_double(select(double_P_double_M_t_2, shift(t_0, k)), v))))) -> - ("JC_76": - (("JC_74": (0 <= integer_of_int32(l0))) and - ("JC_75": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + lt_double_full(select(doubleP_doubleM_t_2, shift(t_0, k)), v))))) -> + ("JC_70": + (("JC_68": (0 <= integer_of_int32(l0))) and + ("JC_69": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4916,45 +4661,41 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_83": - (("JC_81": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_82": (integer_of_int32(m) <= integer_of_int32(u0))))) -> + ("JC_77": + (("JC_75": (integer_of_int32(l0) <= integer_of_int32(m))) and + ("JC_76": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result4, v)) -> + (result4 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result4, v)) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - gt_double(result5, v) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + gt_double_full(result5, v) -> forall result6:int32. (integer_of_int32(result6) = (integer_of_int32(m) - 1)) -> forall u1:int32. (u1 = result6) -> - ("JC_73": - ("JC_73": - (forall k:int. - (((0 <= k) and (k < integer_of_int32(l0))) -> - lt_double(select(double_P_double_M_t_2, shift(t_0, k)), v))))) + forall k:int. + ((0 <= k) and (k < integer_of_int32(l0))) -> + ("JC_67": lt_double_full(select(doubleP_doubleM_t_2, shift(t_0, k)), v)) goal binary_search_ensures_failure_po_7: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), double_P_double_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), doubleP_doubleM_t_2) and ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0))))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0))))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -4965,17 +4706,17 @@ (u = result0) -> forall l0:int32. forall u0:int32. - (("JC_72": + (("JC_66": (forall k_0:int. (((integer_of_int32(u0) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> - lt_double(v, select(double_P_double_M_t_2, shift(t_0, k_0)))))) and - ("JC_73": + lt_double_full(v, select(doubleP_doubleM_t_2, shift(t_0, k_0)))))) and + ("JC_67": (forall k:int. (((0 <= k) and (k < integer_of_int32(l0))) -> - lt_double(select(double_P_double_M_t_2, shift(t_0, k)), v))))) -> - ("JC_76": - (("JC_74": (0 <= integer_of_int32(l0))) and - ("JC_75": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + lt_double_full(select(doubleP_doubleM_t_2, shift(t_0, k)), v))))) -> + ("JC_70": + (("JC_68": (0 <= integer_of_int32(l0))) and + ("JC_69": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -4985,18 +4726,15 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_83": - (("JC_81": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_82": (integer_of_int32(m) <= integer_of_int32(u0))))) -> + ("JC_77": + (("JC_75": (integer_of_int32(l0) <= integer_of_int32(m))) and + ("JC_76": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result4, v)) -> + (result4 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result4, v)) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not gt_double(result5, v)) -> - ("JC_84": (0 <> 0)) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not gt_double_full(result5, v)) -> forall __retres:int32. (__retres = m) -> forall return:int32. @@ -5004,26 +4742,26 @@ (integer_of_int32(return) = (-1)) -> forall k_1:int. ((0 <= k_1) and (k_1 < integer_of_int32(n))) -> - ("JC_25": ne_double(select(double_P_double_M_t_2, shift(t_0, k_1)), v)) + ("JC_25": ne_double_full(select(doubleP_doubleM_t_2, shift(t_0, k_1)), v)) goal binary_search_ensures_failure_po_8: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. - (sorted(t_0, 0, (integer_of_int32(n) - 1), double_P_double_M_t_2) and + (sorted(t_0, 0, (integer_of_int32(n) - 1), doubleP_doubleM_t_2) and ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0))))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0))))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5034,19 +4772,18 @@ (u = result0) -> forall l0:int32. forall u0:int32. - (("JC_72": + (("JC_66": (forall k_0:int. (((integer_of_int32(u0) < k_0) and (k_0 <= (integer_of_int32(n) - 1))) -> - lt_double(v, select(double_P_double_M_t_2, shift(t_0, k_0)))))) and - ("JC_73": + lt_double_full(v, select(doubleP_doubleM_t_2, shift(t_0, k_0)))))) and + ("JC_67": (forall k:int. (((0 <= k) and (k < integer_of_int32(l0))) -> - lt_double(select(double_P_double_M_t_2, shift(t_0, k)), v))))) -> - ("JC_76": - (("JC_74": (0 <= integer_of_int32(l0))) and - ("JC_75": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + lt_double_full(select(doubleP_doubleM_t_2, shift(t_0, k)), v))))) -> + ("JC_70": + (("JC_68": (0 <= integer_of_int32(l0))) and + ("JC_69": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) > integer_of_int32(u0)) -> - ("JC_85": (0 <> 0)) -> forall result1:int32. (integer_of_int32(result1) = (-1)) -> forall __retres:int32. @@ -5056,25 +4793,25 @@ (integer_of_int32(return) = (-1)) -> forall k_1:int. ((0 <= k_1) and (k_1 < integer_of_int32(n))) -> - ("JC_25": ne_double(select(double_P_double_M_t_2, shift(t_0, k_1)), v)) + ("JC_25": ne_double_full(select(doubleP_doubleM_t_2, shift(t_0, k_1)), v)) goal binary_search_ensures_success_po_1: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5085,10 +4822,10 @@ (u = result0) -> forall l0:int32. forall u0:int32. - ("JC_64": true) -> - ("JC_62": - (("JC_60": (0 <= integer_of_int32(l0))) and - ("JC_61": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + ("JC_60": true) -> + ("JC_58": + (("JC_56": (0 <= integer_of_int32(l0))) and + ("JC_57": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) <= integer_of_int32(u0)) -> forall result1:int32. (integer_of_int32(result1) = (integer_of_int32(u0) - integer_of_int32(l0))) -> @@ -5098,43 +4835,40 @@ (integer_of_int32(result3) = (integer_of_int32(l0) + integer_of_int32(result2))) -> forall m:int32. (m = result3) -> - ("JC_69": - (("JC_67": (integer_of_int32(l0) <= integer_of_int32(m))) and - ("JC_68": (integer_of_int32(m) <= integer_of_int32(u0))))) -> + ("JC_65": + (("JC_63": (integer_of_int32(l0) <= integer_of_int32(m))) and + ("JC_64": (integer_of_int32(m) <= integer_of_int32(u0))))) -> forall result4:double. - (result4 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result4, v)) -> + (result4 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result4, v)) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not gt_double(result5, v)) -> - ("JC_70": (0 <> 0)) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not gt_double_full(result5, v)) -> forall __retres:int32. (__retres = m) -> forall return:int32. (return = __retres) -> (integer_of_int32(return) >= 0) -> - ("JC_23": eq_double(select(double_P_double_M_t_2, shift(t_0, + ("JC_23": eq_double_full(select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(return))), v)) goal binary_search_ensures_success_po_2: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5145,12 +4879,11 @@ (u = result0) -> forall l0:int32. forall u0:int32. - ("JC_64": true) -> - ("JC_62": - (("JC_60": (0 <= integer_of_int32(l0))) and - ("JC_61": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> + ("JC_60": true) -> + ("JC_58": + (("JC_56": (0 <= integer_of_int32(l0))) and + ("JC_57": (integer_of_int32(u0) <= (integer_of_int32(n) - 1))))) -> (integer_of_int32(l0) > integer_of_int32(u0)) -> - ("JC_71": (0 <> 0)) -> forall result1:int32. (integer_of_int32(result1) = (-1)) -> forall __retres:int32. @@ -5158,26 +4891,26 @@ forall return:int32. (return = __retres) -> (integer_of_int32(return) >= 0) -> - ("JC_23": eq_double(select(double_P_double_M_t_2, shift(t_0, + ("JC_23": eq_double_full(select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(return))), v)) goal binary_search_safety_po_1: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5185,22 +4918,22 @@ ((-2147483648) <= (integer_of_int32(n) - 1)) goal binary_search_safety_po_2: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5208,22 +4941,22 @@ ((integer_of_int32(n) - 1) <= 2147483647) goal binary_search_safety_po_3: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5244,22 +4977,22 @@ ((-2147483648) <= (integer_of_int32(u0) - integer_of_int32(l0))) goal binary_search_safety_po_4: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5280,22 +5013,22 @@ ((integer_of_int32(u0) - integer_of_int32(l0)) <= 2147483647) goal binary_search_safety_po_5: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5320,22 +5053,22 @@ (2 <> 0) goal binary_search_safety_po_6: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5363,22 +5096,22 @@ ((-2147483648) <= result2) goal binary_search_safety_po_7: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5406,22 +5139,22 @@ (result2 <= 2147483647) goal binary_search_safety_po_8: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5452,22 +5185,22 @@ ((-2147483648) <= (integer_of_int32(l0) + integer_of_int32(result3))) goal binary_search_safety_po_9: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5498,22 +5231,22 @@ ((integer_of_int32(l0) + integer_of_int32(result3)) <= 2147483647) goal binary_search_safety_po_10: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5550,25 +5283,25 @@ ("JC_40": (("JC_38": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_39": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - (offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) + (offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) goal binary_search_safety_po_11: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5605,25 +5338,25 @@ ("JC_40": (("JC_38": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_39": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0)) + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0)) goal binary_search_safety_po_12: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5660,31 +5393,30 @@ ("JC_40": (("JC_38": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_39": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - lt_double(result5, v) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + lt_double_full(result5, v) -> ((-2147483648) <= (integer_of_int32(m) + 1)) goal binary_search_safety_po_13: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5721,31 +5453,30 @@ ("JC_40": (("JC_38": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_39": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - lt_double(result5, v) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + lt_double_full(result5, v) -> ((integer_of_int32(m) + 1) <= 2147483647) goal binary_search_safety_po_14: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5782,37 +5513,36 @@ ("JC_40": (("JC_38": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_39": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - lt_double(result5, v) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + lt_double_full(result5, v) -> (((-2147483648) <= (integer_of_int32(m) + 1)) and ((integer_of_int32(m) + 1) <= 2147483647)) -> forall result6:int32. (integer_of_int32(result6) = (integer_of_int32(m) + 1)) -> forall l1:int32. (l1 = result6) -> - (0 <= ("JC_46": (integer_of_int32(u0) - integer_of_int32(l0)))) + (0 <= ("JC_45": (integer_of_int32(u0) - integer_of_int32(l0)))) goal binary_search_safety_po_15: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5849,38 +5579,37 @@ ("JC_40": (("JC_38": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_39": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - lt_double(result5, v) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + lt_double_full(result5, v) -> (((-2147483648) <= (integer_of_int32(m) + 1)) and ((integer_of_int32(m) + 1) <= 2147483647)) -> forall result6:int32. (integer_of_int32(result6) = (integer_of_int32(m) + 1)) -> forall l1:int32. (l1 = result6) -> - (("JC_46": (integer_of_int32(u0) - integer_of_int32(l1))) < ("JC_46": + (("JC_45": (integer_of_int32(u0) - integer_of_int32(l1))) < ("JC_45": (integer_of_int32(u0) - integer_of_int32(l0)))) goal binary_search_safety_po_16: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5917,37 +5646,35 @@ ("JC_40": (("JC_38": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_39": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result5, v)) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result5, v)) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result6:double. - (result6 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - gt_double(result6, v) -> + (result6 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + gt_double_full(result6, v) -> ((-2147483648) <= (integer_of_int32(m) - 1)) goal binary_search_safety_po_17: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -5984,37 +5711,35 @@ ("JC_40": (("JC_38": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_39": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result5, v)) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result5, v)) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result6:double. - (result6 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - gt_double(result6, v) -> + (result6 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + gt_double_full(result6, v) -> ((integer_of_int32(m) - 1) <= 2147483647) goal binary_search_safety_po_18: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -6051,43 +5776,41 @@ ("JC_40": (("JC_38": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_39": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result5, v)) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result5, v)) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result6:double. - (result6 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - gt_double(result6, v) -> + (result6 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + gt_double_full(result6, v) -> (((-2147483648) <= (integer_of_int32(m) - 1)) and ((integer_of_int32(m) - 1) <= 2147483647)) -> forall result7:int32. (integer_of_int32(result7) = (integer_of_int32(m) - 1)) -> forall u1:int32. (u1 = result7) -> - (0 <= ("JC_46": (integer_of_int32(u0) - integer_of_int32(l0)))) + (0 <= ("JC_45": (integer_of_int32(u0) - integer_of_int32(l0)))) goal binary_search_safety_po_19: - forall t_0:double_P pointer. + forall t_0:doubleP pointer. forall n:int32. forall v:double. - forall double_P_t_2_alloc_table:double_P alloc_table. - forall double_P_double_M_t_2:(double_P, + forall doubleP_t_2_alloc_table:doubleP alloc_table. + forall doubleP_doubleM_t_2:(doubleP, double) memory. ("JC_13": (("JC_8": (integer_of_int32(n) >= 0)) and - (("JC_9": (offset_min(double_P_t_2_alloc_table, t_0) <= 0)) and - (("JC_10": (offset_max(double_P_t_2_alloc_table, + (("JC_9": (offset_min(doubleP_t_2_alloc_table, t_0) <= 0)) and + (("JC_10": (offset_max(doubleP_t_2_alloc_table, t_0) >= (integer_of_int32(n) - 1))) and (("JC_11": (not double_is_NaN(v))) and ("JC_12": (forall i_0:int. (((0 <= i_0) and (i_0 <= (integer_of_int32(n) - 1))) -> - (not double_is_NaN(select(double_P_double_M_t_2, shift(t_0, i_0)))))))))))) -> + (not double_is_NaN(select(doubleP_doubleM_t_2, shift(t_0, i_0)))))))))))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall l:int32. @@ -6124,34 +5847,32 @@ ("JC_40": (("JC_38": (integer_of_int32(l0) <= integer_of_int32(m))) and ("JC_39": (integer_of_int32(m) <= integer_of_int32(u0))))) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result5:double. - (result5 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - (not lt_double(result5, v)) -> - ((offset_min(double_P_t_2_alloc_table, t_0) <= integer_of_int32(m)) and - (integer_of_int32(m) <= offset_max(double_P_t_2_alloc_table, t_0))) -> + (result5 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + (not lt_double_full(result5, v)) -> + ((offset_min(doubleP_t_2_alloc_table, t_0) <= integer_of_int32(m)) and + (integer_of_int32(m) <= offset_max(doubleP_t_2_alloc_table, t_0))) -> forall result6:double. - (result6 = select(double_P_double_M_t_2, shift(t_0, - integer_of_int32(m)))) -> - gt_double(result6, v) -> + (result6 = select(doubleP_doubleM_t_2, shift(t_0, integer_of_int32(m)))) -> + gt_double_full(result6, v) -> (((-2147483648) <= (integer_of_int32(m) - 1)) and ((integer_of_int32(m) - 1) <= 2147483647)) -> forall result7:int32. (integer_of_int32(result7) = (integer_of_int32(m) - 1)) -> forall u1:int32. (u1 = result7) -> - (("JC_46": (integer_of_int32(u1) - integer_of_int32(l0))) < ("JC_46": + (("JC_45": (integer_of_int32(u1) - integer_of_int32(l0))) < ("JC_45": (integer_of_int32(u0) - integer_of_int32(l0)))) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/floats_bsearch_why.why : ......#..?.....##........................ (37/0/1/3/0) -total : 41 -valid : 37 ( 90%) +why/floats_bsearch_why.why : .................##.................... (37/0/0/2/0) +total : 39 +valid : 37 ( 95%) invalid : 0 ( 0%) -unknown : 1 ( 2%) -timeout : 3 ( 7%) +unknown : 0 ( 0%) +timeout : 2 ( 5%) failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/float_sqrt.res.oracle why-2.30+dfsg/tests/c/oracle/float_sqrt.res.oracle --- why-2.29+dfsg/tests/c/oracle/float_sqrt.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/float_sqrt.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,11 +1,77 @@ ========== file tests/c/float_sqrt.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ /* contribution by Guillaume Melquiond */ // RUN GAPPA (does not work) -#pragma JessieFloatModel(strict) +#pragma JessieFloatModel(defensive) + +/* + With some help, the Gappa tool is able to prove the postcondition of the + sqrt function. + + First, it needs to know that Newton's iteration converges quadratically. + This formula on relative errors is denoted by the newton_rel predicate. + The newton states its general expression and it is proved by a short Coq + script performing algebraic manipulations. The newton lemma is then + instantiated by Alt-Ergo at each iteration of the loop to solve the + three assertions about the predicate. + + In order to prove the postcondition, Gappa also needs to be told that + the value computed after an iteration is close to both sqrt(x) and the + value that would have been computed with an infinite precision. This is + done by putting distance expressions into the context through three + other assertions about the closeness predicate. They are much weaker + than what Gappa will end up proving; they are only here to guide its + heuristics. + + Finally, Gappa also needs to know about the inverse square root trick. + That is what the assertion is for, and it is proved in Coq. +*/ + +/*@ + predicate newton_rel(real t, real x) = + (0.5 * t * (3 - t * t * x) - 1/\sqrt(x)) / (1/\sqrt(x)) == + - (1.5 + 0.5 * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))) * + (((t - 1/\sqrt(x)) / (1/\sqrt(x))) * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))); + + lemma newton: \forall real t, x; x > 0. ==> newton_rel(t, x); + + predicate closeness(real u, real t, real x) = + \abs(u - 0.5 * t * (3 - t * t * x)) <= 1 && + \abs(u - 1/\sqrt(x)) <= 1; +*/ /*@ requires 0.5 <= x <= 2; @@ -23,37 +89,37 @@ t = sqrt_init(x); u = 0.5 * t * (3 - t * t * x); - //@ assert \abs(u - 0.5 * t * (3 - t * t * x)) <= 1; - /*@ assert (0.5 * t * (3 - t * t * x) - 1/\sqrt(x)) / (1/\sqrt(x)) == - - (1.5 + 0.5 * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))) * - (((t - 1/\sqrt(x)) / (1/\sqrt(x))) * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))); */ - //@ assert \abs(u - 1/\sqrt(x)) <= 0x1p-10 * \abs(1/\sqrt(x)); + //@ assert newton_rel(t, x); + //@ assert closeness(u, t, x); t = u; u = 0.5 * t * (3 - t * t * x); - //@ assert \abs(u - 0.5 * t * (3 - t * t * x)) <= 1; - /*@ assert (0.5 * t * (3 - t * t * x) - 1/\sqrt(x)) / (1/\sqrt(x)) == - - (1.5 + 0.5 * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))) * - (((t - 1/\sqrt(x)) / (1/\sqrt(x))) * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))); */ - //@ assert \abs(u - 1/\sqrt(x)) <= 0x1p-10 * \abs(1/\sqrt(x)); + //@ assert newton_rel(t, x); + //@ assert closeness(u, t, x); t = u; u = 0.5 * t * (3 - t * t * x); - //@ assert \abs(u - 0.5 * t * (3 - t * t * x)) <= 1; - /*@ assert (0.5 * t * (3 - t * t * x) - 1/\sqrt(x)) / (1/\sqrt(x)) == - - (1.5 + 0.5 * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))) * - (((t - 1/\sqrt(x)) / (1/\sqrt(x))) * ((t - 1/\sqrt(x)) / (1/\sqrt(x)))); */ - //@ assert \abs(u - 1/\sqrt(x)) <= 0x1p-10 * \abs(1/\sqrt(x)); + //@ assert newton_rel(t, x); + //@ assert closeness(u, t, x); t = u; //@ assert x * (1/\sqrt(x)) == \sqrt(x); return x * t; } + + + +/* +Local Variables: +compile-command: "make float_sqrt.why3ml" +End: +*/ + + ========== frama-c -jessie execution ========== [kernel] preprocessing with "gcc -C -E -I. -dD tests/c/float_sqrt.c" [jessie] Starting Jessie translation -[kernel] No code for function sqrt_init, default assigns generated -tests/c/float_sqrt.c:19:[jessie] warning: pragma JessieFloatModel: identifier strict is not a valid value (ignored). +[kernel] warning: No code for function sqrt_init, default assigns generated for default behavior [jessie] Producing Jessie files in subdir tests/c/float_sqrt.jessie [jessie] File tests/c/float_sqrt.jessie/float_sqrt.jc written. [jessie] File tests/c/float_sqrt.jessie/float_sqrt.cloc written. @@ -63,6 +129,7 @@ # SeparationPolicy = Regions # AnnotationPolicy = None # AbstractDomain = Pol +# FloatModel = defensive axiomatic Padding { @@ -72,16 +139,32 @@ type int8 = -128..127 -tag char_P = { - int8 char_M: 8; +tag charP = { + int8 charM: 8; } -type char_P = [char_P] +type charP = [charP] -tag void_P = { +tag voidP = { } -type void_P = [void_P] +type voidP = [voidP] + +predicate newton_rel(real t, real x) = +(((((0.5 * t) * (3 - ((t * t) * x))) - (1 / \real_sqrt(x))) / + (1 / \real_sqrt(x))) == + ((- (1.5 + (0.5 * ((t - (1 / \real_sqrt(x))) / (1 / \real_sqrt(x)))))) * + (((t - (1 / \real_sqrt(x))) / (1 / \real_sqrt(x))) * + ((t - (1 / \real_sqrt(x))) / (1 / \real_sqrt(x)))))) + +lemma newton : +(\forall real t_0; + (\forall real x_0; + ((x_0 > 0.) ==> newton_rel(t_0, x_0)))) + +predicate closeness(real u, real t_1, real x_1) = +((\real_abs((u - ((0.5 * t_1) * (3 - ((t_1 * t_1) * x_1))))) <= 1) && + (\real_abs((u - (1 / \real_sqrt(x_1)))) <= 1)) double sqrt_init(double x_0) requires (C_2 : ((C_3 : (0.5 <= (x_0 :> real))) && @@ -95,10 +178,10 @@ ; double sqrt(double x) - requires (C_44 : ((C_45 : (0.5 <= (x :> real))) && - (C_46 : ((x :> real) <= 2)))); + requires (C_41 : ((C_42 : (0.5 <= (x :> real))) && + (C_43 : ((x :> real) <= 2)))); behavior default: - ensures (C_43 : (\real_abs(((\result :> real) - + ensures (C_40 : (\real_abs(((\result :> real) - \real_sqrt((\at(x,Old) :> real)))) <= (0x1p-43 * \real_abs(\real_sqrt((\at(x,Old) :> real)))))); { @@ -114,153 +197,54 @@ (C_8 : ((C_7 : (t * t)) * x)))))))); { - (assert for default: (C_14 : (\real_abs(((u :> real) - - ((0.5 * (t :> real)) * - (3 - - (((t :> real) * - (t :> real)) * - (x :> real)))))) <= - 1))); - () - }; - - { - (assert for default: (C_15 : (((((0.5 * (t :> real)) * - (3 - - (((t :> real) * (t :> real)) * - (x :> real)))) - - (1 / \real_sqrt((x :> real)))) / - (1 / \real_sqrt((x :> real)))) == - ((- (1.5 + - (0.5 * - (((t :> real) - - (1 / - \real_sqrt((x :> real)))) / - (1 / - \real_sqrt((x :> real))))))) * - ((((t :> real) - - (1 / \real_sqrt((x :> real)))) / - (1 / \real_sqrt((x :> real)))) * - (((t :> real) - - (1 / \real_sqrt((x :> real)))) / - (1 / \real_sqrt((x :> real))))))))); + (assert for default: (C_14 : newton_rel((t :> real), (x :> real)))); () }; { - (assert for default: (C_16 : (\real_abs(((u :> real) - - (1 / - \real_sqrt((x :> real))))) <= - (0x1p-10 * - \real_abs((1 / - \real_sqrt((x :> real)))))))); + (assert for default: (C_15 : closeness((u :> real), (t :> real), + (x :> real)))); () }; - (C_17 : (t = u)); - (C_24 : (u = (C_23 : ((C_22 : ((0.5 :> double) * t)) * - (C_21 : ((C_20 : (3 :> double)) - - (C_19 : ((C_18 : (t * t)) * x)))))))); + (C_16 : (t = u)); + (C_23 : (u = (C_22 : ((C_21 : ((0.5 :> double) * t)) * + (C_20 : ((C_19 : (3 :> double)) - + (C_18 : ((C_17 : (t * t)) * x)))))))); { - (assert for default: (C_25 : (\real_abs(((u :> real) - - ((0.5 * (t :> real)) * - (3 - - (((t :> real) * - (t :> real)) * - (x :> real)))))) <= - 1))); + (assert for default: (C_24 : newton_rel((t :> real), (x :> real)))); () }; { - (assert for default: (C_26 : (((((0.5 * (t :> real)) * - (3 - - (((t :> real) * (t :> real)) * - (x :> real)))) - - (1 / \real_sqrt((x :> real)))) / - (1 / \real_sqrt((x :> real)))) == - ((- (1.5 + - (0.5 * - (((t :> real) - - (1 / - \real_sqrt((x :> real)))) / - (1 / - \real_sqrt((x :> real))))))) * - ((((t :> real) - - (1 / \real_sqrt((x :> real)))) / - (1 / \real_sqrt((x :> real)))) * - (((t :> real) - - (1 / \real_sqrt((x :> real)))) / - (1 / \real_sqrt((x :> real))))))))); + (assert for default: (C_25 : closeness((u :> real), (t :> real), + (x :> real)))); () }; + (C_26 : (t = u)); + (C_33 : (u = (C_32 : ((C_31 : ((0.5 :> double) * t)) * + (C_30 : ((C_29 : (3 :> double)) - + (C_28 : ((C_27 : (t * t)) * x)))))))); { - (assert for default: (C_27 : (\real_abs(((u :> real) - - (1 / - \real_sqrt((x :> real))))) <= - (0x1p-10 * - \real_abs((1 / - \real_sqrt((x :> real)))))))); + (assert for default: (C_34 : newton_rel((t :> real), (x :> real)))); () }; - (C_28 : (t = u)); - (C_35 : (u = (C_34 : ((C_33 : ((0.5 :> double) * t)) * - (C_32 : ((C_31 : (3 :> double)) - - (C_30 : ((C_29 : (t * t)) * x)))))))); { - (assert for default: (C_36 : (\real_abs(((u :> real) - - ((0.5 * (t :> real)) * - (3 - - (((t :> real) * - (t :> real)) * - (x :> real)))))) <= - 1))); + (assert for default: (C_35 : closeness((u :> real), (t :> real), + (x :> real)))); () }; + (C_36 : (t = u)); { - (assert for default: (C_37 : (((((0.5 * (t :> real)) * - (3 - - (((t :> real) * (t :> real)) * - (x :> real)))) - - (1 / \real_sqrt((x :> real)))) / - (1 / \real_sqrt((x :> real)))) == - ((- (1.5 + - (0.5 * - (((t :> real) - - (1 / - \real_sqrt((x :> real)))) / - (1 / - \real_sqrt((x :> real))))))) * - ((((t :> real) - - (1 / \real_sqrt((x :> real)))) / - (1 / \real_sqrt((x :> real)))) * - (((t :> real) - - (1 / \real_sqrt((x :> real)))) / - (1 / \real_sqrt((x :> real))))))))); - () - }; - - { - (assert for default: (C_38 : (\real_abs(((u :> real) - - (1 / - \real_sqrt((x :> real))))) <= - (0x1p-10 * - \real_abs((1 / - \real_sqrt((x :> real)))))))); - () - }; - (C_39 : (t = u)); - - { - (assert for default: (C_40 : (((x :> real) * + (assert for default: (C_37 : (((x :> real) * (1 / \real_sqrt((x :> real)))) == \real_sqrt((x :> real))))); () }; - (C_42 : (__retres = (C_41 : (x * t)))); + (C_39 : (__retres = (C_38 : (x * t)))); (return __retres) } @@ -268,284 +252,273 @@ ========== file tests/c/float_sqrt.jessie/float_sqrt.cloc ========== [C_10] file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 17 end = 30 [C_11] file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 6 end = 13 [C_12] file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 6 end = 31 [C_13] file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 6 end = 31 [C_14] file = "HOME/tests/c/float_sqrt.c" -line = 25 +line = 91 begin = 13 -end = 53 +end = 29 [C_15] file = "HOME/tests/c/float_sqrt.c" -line = 26 +line = 92 begin = 13 -end = 211 +end = 31 [C_16] file = "HOME/tests/c/float_sqrt.c" -line = 29 -begin = 13 -end = 63 - -[C_17] -file = "HOME/tests/c/float_sqrt.c" -line = 30 +line = 93 begin = 6 end = 7 -[C_18] +[C_17] file = "HOME/tests/c/float_sqrt.c" -line = 32 +line = 95 begin = 21 end = 26 -[C_19] +[C_18] file = "HOME/tests/c/float_sqrt.c" -line = 32 +line = 95 begin = 21 end = 30 +[C_19] +file = "HOME/tests/c/float_sqrt.c" +line = 95 +begin = 17 +end = 18 + [C_1] file = "HOME/tests/c/float_sqrt.c" -line = 11 +line = 77 begin = 9 end = 64 [C_2] file = "HOME/tests/c/float_sqrt.c" -line = 10 +line = 76 begin = 10 end = 23 [C_3] file = "HOME/tests/c/float_sqrt.c" -line = 10 +line = 76 begin = 10 end = 18 [C_4] file = "HOME/tests/c/float_sqrt.c" -line = 10 +line = 76 begin = 17 end = 23 [C_20] file = "HOME/tests/c/float_sqrt.c" -line = 32 +line = 95 begin = 17 -end = 18 +end = 30 [C_5] file = "HOME/tests/c/float_sqrt.c" -line = 22 +line = 88 begin = 6 end = 18 [C_21] file = "HOME/tests/c/float_sqrt.c" -line = 32 -begin = 17 -end = 30 +line = 95 +begin = 6 +end = 13 [C_6] file = "HOME/tests/c/float_sqrt.c" -line = 22 +line = 88 begin = 6 end = 18 [C_22] file = "HOME/tests/c/float_sqrt.c" -line = 32 +line = 95 begin = 6 -end = 13 +end = 31 [C_7] file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 21 end = 26 [C_23] file = "HOME/tests/c/float_sqrt.c" -line = 32 +line = 95 begin = 6 end = 31 [C_8] file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 21 end = 30 [C_24] file = "HOME/tests/c/float_sqrt.c" -line = 32 -begin = 6 -end = 31 +line = 96 +begin = 13 +end = 29 [C_9] file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 17 end = 18 [C_25] file = "HOME/tests/c/float_sqrt.c" -line = 33 +line = 97 begin = 13 -end = 53 +end = 31 [C_26] file = "HOME/tests/c/float_sqrt.c" -line = 34 -begin = 13 -end = 211 - -[C_27] -file = "HOME/tests/c/float_sqrt.c" -line = 37 -begin = 13 -end = 63 - -[C_28] -file = "HOME/tests/c/float_sqrt.c" -line = 38 +line = 98 begin = 6 end = 7 -[C_29] +[C_27] file = "HOME/tests/c/float_sqrt.c" -line = 40 +line = 100 begin = 21 end = 26 -[C_30] +[C_28] file = "HOME/tests/c/float_sqrt.c" -line = 40 +line = 100 begin = 21 end = 30 -[C_31] +[C_29] file = "HOME/tests/c/float_sqrt.c" -line = 40 +line = 100 begin = 17 end = 18 -[C_32] +[newton] +name = "Lemma newton" +file = "HOME/tests/c/float_sqrt.c" +line = 68 +begin = 1 +end = 187 + +[C_30] file = "HOME/tests/c/float_sqrt.c" -line = 40 +line = 100 begin = 17 end = 30 -[C_33] +[C_31] file = "HOME/tests/c/float_sqrt.c" -line = 40 +line = 100 begin = 6 end = 13 -[C_34] +[C_32] file = "HOME/tests/c/float_sqrt.c" -line = 40 +line = 100 begin = 6 end = 31 -[C_35] +[C_33] file = "HOME/tests/c/float_sqrt.c" -line = 40 +line = 100 begin = 6 end = 31 -[C_36] -file = "HOME/tests/c/float_sqrt.c" -line = 41 -begin = 13 -end = 53 - -[C_37] +[C_34] file = "HOME/tests/c/float_sqrt.c" -line = 42 +line = 101 begin = 13 -end = 211 +end = 29 -[C_38] +[C_35] file = "HOME/tests/c/float_sqrt.c" -line = 45 +line = 102 begin = 13 -end = 63 +end = 31 -[C_39] +[C_36] file = "HOME/tests/c/float_sqrt.c" -line = 46 +line = 103 begin = 6 end = 7 -[sqrt] -name = "Function sqrt" -file = "HOME/tests/c/float_sqrt.c" -line = 19 -begin = 7 -end = 11 - -[C_40] +[C_37] file = "HOME/tests/c/float_sqrt.c" -line = 48 +line = 105 begin = 13 end = 41 -[C_41] +[C_38] file = "HOME/tests/c/float_sqrt.c" -line = 49 +line = 106 begin = 9 end = 14 -[C_42] +[C_39] file = "HOME/tests/c/float_sqrt.c" -line = 49 +line = 106 begin = 2 end = 15 -[C_43] +[sqrt] +name = "Function sqrt" +file = "HOME/tests/c/float_sqrt.c" +line = 85 +begin = 7 +end = 11 + +[C_40] file = "HOME/tests/c/float_sqrt.c" -line = 17 +line = 83 begin = 9 end = 61 -[C_44] +[C_41] file = "HOME/tests/c/float_sqrt.c" -line = 16 +line = 82 begin = 10 end = 23 -[C_45] +[C_42] file = "HOME/tests/c/float_sqrt.c" -line = 16 +line = 82 begin = 10 end = 18 -[C_46] +[C_43] file = "HOME/tests/c/float_sqrt.c" -line = 16 +line = 82 begin = 17 end = 23 @@ -566,10 +539,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs float_sqrt.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why $(WHYLIB)/why/floats_strict.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/float_sqrt_why.sx @@ -630,6 +604,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/float_sqrt_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/float_sqrt_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -702,6 +683,9 @@ why3ide: why/float_sqrt_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: float_sqrt.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include float_sqrt.depend depend: coq/float_sqrt_why.v @@ -712,88 +696,87 @@ ========== file tests/c/float_sqrt.jessie/float_sqrt.loc ========== [JC_40] -kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 32 -begin = 6 -end = 31 +line = 96 +begin = 13 +end = 29 [JC_41] file = "HOME/tests/c/float_sqrt.c" -line = 33 +line = 97 begin = 13 -end = 53 +end = 31 [JC_42] +kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 34 -begin = 13 -end = 211 +line = 100 +begin = 6 +end = 13 [JC_43] +kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 37 -begin = 13 -end = 63 +line = 100 +begin = 21 +end = 26 [JC_44] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 40 -begin = 6 -end = 13 +line = 100 +begin = 21 +end = 30 [JC_45] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 40 -begin = 21 -end = 26 +line = 100 +begin = 17 +end = 30 [JC_46] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 40 -begin = 21 -end = 30 +line = 100 +begin = 6 +end = 31 [JC_1] file = "HOME/tests/c/float_sqrt.c" -line = 10 +line = 76 begin = 10 end = 18 [JC_47] -kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 40 -begin = 17 -end = 30 +line = 101 +begin = 13 +end = 29 [JC_2] file = "HOME/tests/c/float_sqrt.c" -line = 10 +line = 76 begin = 17 end = 23 [JC_48] -kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 40 -begin = 6 +line = 102 +begin = 13 end = 31 [JC_3] file = "HOME/tests/c/float_sqrt.c" -line = 10 +line = 76 begin = 10 end = 23 [JC_49] file = "HOME/tests/c/float_sqrt.c" -line = 41 +line = 105 begin = 13 -end = 53 +end = 41 [JC_4] file = "HOME/" @@ -803,19 +786,19 @@ [JC_5] file = "HOME/tests/c/float_sqrt.c" -line = 10 +line = 76 begin = 10 end = 18 [JC_6] file = "HOME/tests/c/float_sqrt.c" -line = 10 +line = 76 begin = 17 end = 23 [JC_7] file = "HOME/tests/c/float_sqrt.c" -line = 10 +line = 76 begin = 10 end = 23 @@ -827,133 +810,135 @@ [JC_9] file = "HOME/tests/c/float_sqrt.c" -line = 11 +line = 77 begin = 9 end = 64 [JC_50] -file = "HOME/tests/c/float_sqrt.c" -line = 42 -begin = 13 -end = 211 - -[JC_51] -file = "HOME/tests/c/float_sqrt.c" -line = 45 -begin = 13 -end = 63 - -[JC_52] -file = "HOME/tests/c/float_sqrt.c" -line = 48 -begin = 13 -end = 41 - -[JC_53] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 49 +line = 106 begin = 9 end = 14 -[JC_54] +[JC_51] kind = UserCall file = "HOME/tests/c/float_sqrt.c" -line = 22 +line = 88 begin = 6 end = 18 -[JC_55] +[JC_52] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 6 end = 13 -[JC_56] +[JC_53] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 21 end = 26 -[JC_57] +[JC_54] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 21 end = 30 -[JC_58] +[JC_55] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 17 end = 30 -[JC_59] +[JC_56] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 6 end = 31 -[JC_60] +[JC_57] file = "HOME/tests/c/float_sqrt.c" -line = 25 +line = 91 begin = 13 -end = 53 +end = 29 -[JC_61] +[JC_58] file = "HOME/tests/c/float_sqrt.c" -line = 26 +line = 92 begin = 13 -end = 211 +end = 31 + +[JC_59] +kind = FPOverflow +file = "HOME/tests/c/float_sqrt.c" +line = 95 +begin = 6 +end = 13 + +[JC_60] +kind = FPOverflow +file = "HOME/tests/c/float_sqrt.c" +line = 95 +begin = 21 +end = 26 + +[JC_61] +kind = FPOverflow +file = "HOME/tests/c/float_sqrt.c" +line = 95 +begin = 21 +end = 30 [JC_62] +kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 29 -begin = 13 -end = 63 +line = 95 +begin = 17 +end = 30 [JC_10] file = "HOME/tests/c/float_sqrt.jessie/float_sqrt.jc" -line = 30 +line = 47 begin = 10 end = 18 [JC_63] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 32 +line = 95 begin = 6 -end = 13 +end = 31 [JC_11] file = "HOME/tests/c/float_sqrt.c" -line = 11 +line = 77 begin = 9 end = 64 [JC_64] -kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 32 -begin = 21 -end = 26 +line = 96 +begin = 13 +end = 29 [JC_12] file = "HOME/tests/c/float_sqrt.jessie/float_sqrt.jc" -line = 30 +line = 47 begin = 10 end = 18 [JC_65] -kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 32 -begin = 21 -end = 30 +line = 97 +begin = 13 +end = 31 [JC_13] file = "HOME/" @@ -964,9 +949,9 @@ [JC_66] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 32 -begin = 17 -end = 30 +line = 100 +begin = 6 +end = 13 [JC_14] file = "HOME/" @@ -977,45 +962,47 @@ [JC_67] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 32 -begin = 6 -end = 31 +line = 100 +begin = 21 +end = 26 [JC_15] file = "HOME/tests/c/float_sqrt.c" -line = 16 +line = 82 begin = 10 end = 18 [JC_68] +kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 33 -begin = 13 -end = 53 +line = 100 +begin = 21 +end = 30 [JC_16] file = "HOME/tests/c/float_sqrt.c" -line = 16 +line = 82 begin = 17 end = 23 [JC_69] +kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 34 -begin = 13 -end = 211 +line = 100 +begin = 17 +end = 30 [sqrt_safety] name = "Function sqrt" behavior = "Safety" file = "HOME/tests/c/float_sqrt.c" -line = 19 +line = 85 begin = 7 end = 11 [JC_17] file = "HOME/tests/c/float_sqrt.c" -line = 16 +line = 82 begin = 10 end = 23 @@ -1027,55 +1014,61 @@ [JC_19] file = "HOME/tests/c/float_sqrt.c" -line = 16 +line = 82 begin = 10 end = 18 +[newton] +name = "Lemma newton" +behavior = "lemma" +file = "HOME/tests/c/float_sqrt.c" +line = 68 +begin = 1 +end = 187 + [JC_70] +kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 37 -begin = 13 -end = 63 +line = 100 +begin = 6 +end = 31 [JC_71] -kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 40 -begin = 6 -end = 13 +line = 101 +begin = 13 +end = 29 [JC_72] -kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 40 -begin = 21 -end = 26 +line = 102 +begin = 13 +end = 31 [JC_20] file = "HOME/tests/c/float_sqrt.c" -line = 16 +line = 82 begin = 17 end = 23 [JC_73] -kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 40 -begin = 21 -end = 30 +line = 105 +begin = 13 +end = 41 [JC_21] file = "HOME/tests/c/float_sqrt.c" -line = 16 +line = 82 begin = 10 end = 23 [JC_74] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 40 -begin = 17 -end = 30 +line = 106 +begin = 9 +end = 14 [JC_22] file = "HOME/" @@ -1083,195 +1076,158 @@ begin = -1 end = -1 -[JC_75] -kind = FPOverflow -file = "HOME/tests/c/float_sqrt.c" -line = 40 -begin = 6 -end = 31 - [JC_23] file = "HOME/tests/c/float_sqrt.c" -line = 17 +line = 83 begin = 9 end = 61 -[JC_76] -file = "HOME/tests/c/float_sqrt.c" -line = 41 -begin = 13 -end = 53 - [JC_24] file = "HOME/tests/c/float_sqrt.c" -line = 17 +line = 83 begin = 9 end = 61 -[JC_77] -file = "HOME/tests/c/float_sqrt.c" -line = 42 -begin = 13 -end = 211 - [JC_25] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_78] -file = "HOME/tests/c/float_sqrt.c" -line = 45 -begin = 13 -end = 63 - [JC_26] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_79] -file = "HOME/tests/c/float_sqrt.c" -line = 48 -begin = 13 -end = 41 - [JC_27] kind = UserCall file = "HOME/tests/c/float_sqrt.c" -line = 22 +line = 88 begin = 6 end = 18 [JC_28] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 6 end = 13 [JC_29] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 21 end = 26 -[JC_80] -kind = FPOverflow -file = "HOME/tests/c/float_sqrt.c" -line = 49 -begin = 9 -end = 14 - [sqrt_ensures_default] name = "Function sqrt" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/float_sqrt.c" -line = 19 +line = 85 begin = 7 end = 11 [JC_30] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 21 end = 30 [JC_31] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 17 end = 30 [JC_32] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 24 +line = 90 begin = 6 end = 31 [JC_33] file = "HOME/tests/c/float_sqrt.c" -line = 25 +line = 91 begin = 13 -end = 53 +end = 29 [JC_34] file = "HOME/tests/c/float_sqrt.c" -line = 26 +line = 92 begin = 13 -end = 211 +end = 31 [JC_35] -file = "HOME/tests/c/float_sqrt.c" -line = 29 -begin = 13 -end = 63 - -[JC_36] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 32 +line = 95 begin = 6 end = 13 -[JC_37] +[JC_36] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 32 +line = 95 begin = 21 end = 26 -[JC_38] +[JC_37] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 32 +line = 95 begin = 21 end = 30 -[JC_39] +[JC_38] kind = FPOverflow file = "HOME/tests/c/float_sqrt.c" -line = 32 +line = 95 begin = 17 end = 30 +[JC_39] +kind = FPOverflow +file = "HOME/tests/c/float_sqrt.c" +line = 95 +begin = 6 +end = 31 + ========== file tests/c/float_sqrt.jessie/why/float_sqrt.why ========== -type char_P +type charP type int8 type padding -type void_P +type voidP -exception Loop_continue_exc of unit +logic charP_tag: -> charP tag_id -exception Loop_exit_exc of unit +axiom charP_int : (int_of_tag(charP_tag) = (1)) -exception Return_label_exc of unit +logic charP_of_pointer_address: unit pointer -> charP pointer -logic char_P_tag: -> char_P tag_id +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_int : (int_of_tag(char_P_tag) = (1)) +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) -logic char_P_of_pointer_address: unit pointer -> char_P pointer +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) -axiom char_P_of_pointer_address_of_pointer_addr : - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) - -axiom char_P_parenttag_bottom : parenttag(char_P_tag, bottom_tag) - -axiom char_P_tags : - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. - instanceof(char_P_tag_table, x, char_P_tag))) +predicate closeness(u:real, t_1:real, x_1:real) = + (le_real(abs_real(sub_real(u, + mul_real(mul_real(0.5, t_1), + sub_real(3.0, mul_real(mul_real(t_1, t_1), x_1))))), + 1.0) + and le_real(abs_real(sub_real(u, div_real(1.0, sqrt_real(x_1)))), 1.0)) logic integer_of_int8: int8 -> int @@ -1285,188 +1241,173 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_int8(int8_of_integer(x)), x))) +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + axiom int8_range : (forall x:int8. (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) -predicate left_valid_struct_char_P(p:char_P pointer, a:int, - char_P_alloc_table:char_P alloc_table) = - (offset_min(char_P_alloc_table, p) <= a) - -predicate left_valid_struct_void_P(p:void_P pointer, a:int, - void_P_alloc_table:void_P alloc_table) = - (offset_min(void_P_alloc_table, p) <= a) - -axiom pointer_addr_of_char_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(char_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address: unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(void_P_of_pointer_address(p)))) - -predicate right_valid_struct_char_P(p:char_P pointer, b:int, - char_P_alloc_table:char_P alloc_table) = - (offset_max(char_P_alloc_table, p) >= b) - -predicate right_valid_struct_void_P(p:void_P pointer, b:int, - void_P_alloc_table:void_P alloc_table) = - (offset_max(void_P_alloc_table, p) >= b) - -predicate strict_valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag: -> void_P tag_id - -axiom void_P_int : (int_of_tag(void_P_tag) = (1)) - -axiom void_P_of_pointer_address_of_pointer_addr : - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom : parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags : - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. - instanceof(void_P_tag_table, x, void_P_tag))) +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +predicate newton_rel(t:real, x_0:real) = + (div_real(sub_real(mul_real(mul_real(0.5, t), + sub_real(3.0, mul_real(mul_real(t, t), x_0))), + div_real(1.0, sqrt_real(x_0))), + div_real(1.0, sqrt_real(x_0))) = mul_real(neg_real(add_real(1.5, + mul_real(0.5, + div_real(sub_real(t, + div_real(1.0, + sqrt_real(x_0))), + div_real(1.0, + sqrt_real(x_0)))))), + mul_real(div_real(sub_real(t, + div_real(1.0, + sqrt_real(x_0))), + div_real(1.0, sqrt_real(x_0))), + div_real(sub_real(t, + div_real(1.0, sqrt_real(x_0))), + div_real(1.0, sqrt_real(x_0)))))) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +lemma newton : + (forall t_0:real. + (forall x_0_1:real. (gt_real(x_0_1, 0.) -> newton_rel(t_0, x_0_1)))) -parameter alloc_bitvector_struct_char_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_char_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_void_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_void_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter char_P_alloc_table : char_P alloc_table ref +parameter charP_alloc_table : charP alloc_table ref -parameter char_P_tag_table : char_P tag_table ref +parameter charP_tag_table : charP tag_table ref -parameter alloc_struct_char_P : +parameter alloc_struct_charP : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { } char_P pointer writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter alloc_struct_char_P_requires : +parameter alloc_struct_charP_requires : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { ge_int(n, (0))} char_P pointer - writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter void_P_alloc_table : void_P alloc_table ref +parameter voidP_alloc_table : voidP alloc_table ref -parameter void_P_tag_table : void_P tag_table ref +parameter voidP_tag_table : voidP tag_table ref -parameter alloc_struct_void_P : +parameter alloc_struct_voidP : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { } void_P pointer writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } -parameter alloc_struct_void_P_requires : +parameter alloc_struct_voidP_requires : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { ge_int(n, (0))} void_P pointer - writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } parameter any_int8 : unit -> { } int8 { true } @@ -1479,428 +1420,252 @@ x:int -> { } int8 { eq_int(integer_of_int8(result), x) } parameter sqrt : - x_1:double -> + x_2:double -> { } double { (JC_24: le_real(abs_real(sub_real(double_value(result), - sqrt_real(double_value(x_1@)))), - mul_real(0x1p-43, abs_real(sqrt_real(double_value(x_1@)))))) } + sqrt_real(double_value(x_2)))), + mul_real(0x1p-43, abs_real(sqrt_real(double_value(x_2)))))) } parameter sqrt_init : - x_0:double -> + x_0_0:double -> { } double { (JC_11: le_real(abs_real(sub_real(double_value(result), - div_real(1.0, sqrt_real(double_value(x_0@))))), - mul_real(0x1p-6, abs_real(div_real(1.0, sqrt_real(double_value(x_0@))))))) } + div_real(1.0, sqrt_real(double_value(x_0_0))))), + mul_real(0x1p-6, abs_real(div_real(1.0, sqrt_real(double_value(x_0_0))))))) } parameter sqrt_init_requires : - x_0:double -> + x_0_0:double -> { (JC_3: - ((JC_1: le_real(0.5, double_value(x_0))) - and (JC_2: le_real(double_value(x_0), 2.0))))} + ((JC_1: le_real(0.5, double_value(x_0_0))) + and (JC_2: le_real(double_value(x_0_0), 2.0))))} double { (JC_11: le_real(abs_real(sub_real(double_value(result), - div_real(1.0, sqrt_real(double_value(x_0@))))), - mul_real(0x1p-6, abs_real(div_real(1.0, sqrt_real(double_value(x_0@))))))) } + div_real(1.0, sqrt_real(double_value(x_0_0))))), + mul_real(0x1p-6, abs_real(div_real(1.0, sqrt_real(double_value(x_0_0))))))) } parameter sqrt_requires : - x_1:double -> + x_2:double -> { (JC_17: - ((JC_15: le_real(0.5, double_value(x_1))) - and (JC_16: le_real(double_value(x_1), 2.0))))} + ((JC_15: le_real(0.5, double_value(x_2))) + and (JC_16: le_real(double_value(x_2), 2.0))))} double { (JC_24: le_real(abs_real(sub_real(double_value(result), - sqrt_real(double_value(x_1@)))), - mul_real(0x1p-43, abs_real(sqrt_real(double_value(x_1@)))))) } + sqrt_real(double_value(x_2)))), + mul_real(0x1p-43, abs_real(sqrt_real(double_value(x_2)))))) } let sqrt_ensures_default = - fun (x_1 : double) -> + fun (x_2 : double) -> { (JC_21: - ((JC_19: le_real(0.5, double_value(x_1))) - and (JC_20: le_real(double_value(x_1), 2.0)))) } + ((JC_19: le_real(0.5, double_value(x_2))) + and (JC_20: le_real(double_value(x_2), 2.0)))) } (init: (let return = ref (any_double void) in try begin - (let t = ref (any_double void) in - (let u = ref (any_double void) in + (let t_2 = ref (any_double void) in + (let u_0 = ref (any_double void) in (let __retres = ref (any_double void) in (C_6: (C_13: - (C_17: - (C_24: - (C_28: - (C_35: + (C_16: + (C_23: + (C_26: + (C_33: + (C_36: (C_39: - (C_42: begin (let jessie_ = - (t := (C_5: (let jessie_ = x_1 in (JC_54: (sqrt_init jessie_))))) in + (t_2 := (C_5: (let jessie_ = x_2 in (JC_51: (sqrt_init jessie_))))) in void); (let jessie_ = - (u := (C_12: - (JC_59: - (((mul_double_safe nearest_even) (C_11: - (JC_55: - (((mul_double_safe nearest_even) - (double_of_real_exact 0.5)) !t)))) - (C_10: - (JC_58: - (((sub_double_safe nearest_even) (C_9: - (double_of_real_exact 3.0))) - (C_8: - (JC_57: - (((mul_double_safe nearest_even) (C_7: - (JC_56: - (((mul_double_safe nearest_even) !t) !t)))) x_1)))))))))) in + (u_0 := (C_12: + (JC_56: + (((mul_double_safe nearest_even) (C_11: + (JC_52: + (((mul_double_safe nearest_even) + (double_of_real_exact 0.5)) !t_2)))) + (C_10: + (JC_55: + (((sub_double_safe nearest_even) (C_9: + (double_of_real_exact 3.0))) + (C_8: + (JC_54: + (((mul_double_safe nearest_even) (C_7: + (JC_53: + (((mul_double_safe nearest_even) !t_2) !t_2)))) x_2)))))))))) in void); + (assert { (JC_57: newton_rel(double_value(t_2), double_value(x_2))) }; + void); void; (assert - { (JC_60: - le_real(abs_real(sub_real(double_value(u), - mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), double_value(t)), - double_value(x_1)))))), - 1.0)) }; void); void; - (assert - { (JC_61: - eq_real(div_real(sub_real(mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), - double_value(t)), - double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - mul_real(neg_real(add_real(1.5, - mul_real(0.5, - div_real(sub_real(double_value(t), - div_real(1.0, - sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1))))))), - mul_real(div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))))))) }; void); void; - (assert - { (JC_62: - le_real(abs_real(sub_real(double_value(u), - div_real(1.0, sqrt_real(double_value(x_1))))), - mul_real(0x1p-10, - abs_real(div_real(1.0, sqrt_real(double_value(x_1))))))) }; void); - void; (let jessie_ = (t := !u) in void); + { (JC_58: + closeness(double_value(u_0), double_value(t_2), double_value(x_2))) }; + void); void; (let jessie_ = (t_2 := !u_0) in void); (let jessie_ = - (u := (C_23: - (JC_67: - (((mul_double_safe nearest_even) (C_22: - (JC_63: - (((mul_double_safe nearest_even) - (double_of_real_exact 0.5)) !t)))) - (C_21: - (JC_66: - (((sub_double_safe nearest_even) (C_20: - (double_of_real_exact 3.0))) - (C_19: - (JC_65: - (((mul_double_safe nearest_even) (C_18: - (JC_64: - (((mul_double_safe nearest_even) !t) !t)))) x_1)))))))))) in + (u_0 := (C_22: + (JC_63: + (((mul_double_safe nearest_even) (C_21: + (JC_59: + (((mul_double_safe nearest_even) + (double_of_real_exact 0.5)) !t_2)))) + (C_20: + (JC_62: + (((sub_double_safe nearest_even) (C_19: + (double_of_real_exact 3.0))) + (C_18: + (JC_61: + (((mul_double_safe nearest_even) (C_17: + (JC_60: + (((mul_double_safe nearest_even) !t_2) !t_2)))) x_2)))))))))) in void); + (assert { (JC_64: newton_rel(double_value(t_2), double_value(x_2))) }; + void); void; (assert - { (JC_68: - le_real(abs_real(sub_real(double_value(u), - mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), double_value(t)), - double_value(x_1)))))), - 1.0)) }; void); void; - (assert - { (JC_69: - eq_real(div_real(sub_real(mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), - double_value(t)), - double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - mul_real(neg_real(add_real(1.5, - mul_real(0.5, - div_real(sub_real(double_value(t), - div_real(1.0, - sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1))))))), - mul_real(div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))))))) }; void); void; - (assert - { (JC_70: - le_real(abs_real(sub_real(double_value(u), - div_real(1.0, sqrt_real(double_value(x_1))))), - mul_real(0x1p-10, - abs_real(div_real(1.0, sqrt_real(double_value(x_1))))))) }; void); - void; (let jessie_ = (t := !u) in void); + { (JC_65: + closeness(double_value(u_0), double_value(t_2), double_value(x_2))) }; + void); void; (let jessie_ = (t_2 := !u_0) in void); (let jessie_ = - (u := (C_34: - (JC_75: - (((mul_double_safe nearest_even) (C_33: - (JC_71: - (((mul_double_safe nearest_even) - (double_of_real_exact 0.5)) !t)))) - (C_32: - (JC_74: - (((sub_double_safe nearest_even) (C_31: - (double_of_real_exact 3.0))) - (C_30: - (JC_73: - (((mul_double_safe nearest_even) (C_29: - (JC_72: - (((mul_double_safe nearest_even) !t) !t)))) x_1)))))))))) in + (u_0 := (C_32: + (JC_70: + (((mul_double_safe nearest_even) (C_31: + (JC_66: + (((mul_double_safe nearest_even) + (double_of_real_exact 0.5)) !t_2)))) + (C_30: + (JC_69: + (((sub_double_safe nearest_even) (C_29: + (double_of_real_exact 3.0))) + (C_28: + (JC_68: + (((mul_double_safe nearest_even) (C_27: + (JC_67: + (((mul_double_safe nearest_even) !t_2) !t_2)))) x_2)))))))))) in void); + (assert { (JC_71: newton_rel(double_value(t_2), double_value(x_2))) }; + void); void; (assert - { (JC_76: - le_real(abs_real(sub_real(double_value(u), - mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), double_value(t)), - double_value(x_1)))))), - 1.0)) }; void); void; - (assert - { (JC_77: - eq_real(div_real(sub_real(mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), - double_value(t)), - double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - mul_real(neg_real(add_real(1.5, - mul_real(0.5, - div_real(sub_real(double_value(t), - div_real(1.0, - sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1))))))), - mul_real(div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))))))) }; void); void; + { (JC_72: + closeness(double_value(u_0), double_value(t_2), double_value(x_2))) }; + void); void; (let jessie_ = (t_2 := !u_0) in void); (assert - { (JC_78: - le_real(abs_real(sub_real(double_value(u), - div_real(1.0, sqrt_real(double_value(x_1))))), - mul_real(0x1p-10, - abs_real(div_real(1.0, sqrt_real(double_value(x_1))))))) }; void); - void; (let jessie_ = (t := !u) in void); - (assert - { (JC_79: - eq_real(mul_real(double_value(x_1), - div_real(1.0, sqrt_real(double_value(x_1)))), - sqrt_real(double_value(x_1)))) }; void); void; + { (JC_73: + (mul_real(double_value(x_2), + div_real(1.0, sqrt_real(double_value(x_2)))) = sqrt_real(double_value(x_2)))) }; + void); void; (let jessie_ = - (__retres := (C_41: (JC_80: (((mul_double_safe nearest_even) x_1) !t)))) in + (__retres := (C_38: + (JC_74: (((mul_double_safe nearest_even) x_2) !t_2)))) in void); (return := !__retres); (raise Return) end))))))))))); absurd end with Return -> !return end)) { (JC_23: le_real(abs_real(sub_real(double_value(result), - sqrt_real(double_value(x_1@)))), - mul_real(0x1p-43, abs_real(sqrt_real(double_value(x_1@)))))) } + sqrt_real(double_value(x_2)))), + mul_real(0x1p-43, abs_real(sqrt_real(double_value(x_2)))))) } let sqrt_safety = - fun (x_1 : double) -> + fun (x_2 : double) -> { (JC_21: - ((JC_19: le_real(0.5, double_value(x_1))) - and (JC_20: le_real(double_value(x_1), 2.0)))) } + ((JC_19: le_real(0.5, double_value(x_2))) + and (JC_20: le_real(double_value(x_2), 2.0)))) } (init: (let return = ref (any_double void) in try begin - (let t = ref (any_double void) in - (let u = ref (any_double void) in + (let t_2 = ref (any_double void) in + (let u_0 = ref (any_double void) in (let __retres = ref (any_double void) in (C_6: (C_13: - (C_17: - (C_24: - (C_28: - (C_35: + (C_16: + (C_23: + (C_26: + (C_33: + (C_36: (C_39: - (C_42: begin (let jessie_ = - (t := (C_5: - (let jessie_ = x_1 in (JC_27: (sqrt_init_requires jessie_))))) in + (t_2 := (C_5: + (let jessie_ = x_2 in (JC_27: (sqrt_init_requires jessie_))))) in void); (let jessie_ = - (u := (C_12: - (JC_32: - (((mul_double nearest_even) (C_11: - (JC_28: - (((mul_double nearest_even) (double_of_real_exact 0.5)) !t)))) - (C_10: - (JC_31: - (((sub_double nearest_even) (C_9: (double_of_real_exact 3.0))) - (C_8: - (JC_30: - (((mul_double nearest_even) (C_7: - (JC_29: - (((mul_double nearest_even) !t) !t)))) x_1)))))))))) in + (u_0 := (C_12: + (JC_32: + (((mul_double nearest_even) (C_11: + (JC_28: + (((mul_double nearest_even) + (double_of_real_exact 0.5)) !t_2)))) + (C_10: + (JC_31: + (((sub_double nearest_even) (C_9: (double_of_real_exact 3.0))) + (C_8: + (JC_30: + (((mul_double nearest_even) (C_7: + (JC_29: + (((mul_double nearest_even) !t_2) !t_2)))) x_2)))))))))) in void); - [ { } unit reads t,u - { (JC_33: - le_real(abs_real(sub_real(double_value(u), - mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), - double_value(t)), - double_value(x_1)))))), - 1.0)) } ]; void; - [ { } unit reads t + [ { } unit reads t_2 + { (JC_33: newton_rel(double_value(t_2), double_value(x_2))) } ]; + void; + [ { } unit reads t_2,u_0 { (JC_34: - eq_real(div_real(sub_real(mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), - double_value(t)), - double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - mul_real(neg_real(add_real(1.5, - mul_real(0.5, - div_real(sub_real(double_value(t), - div_real(1.0, - sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1))))))), - mul_real(div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))))))) } ]; void; - [ { } unit reads u - { (JC_35: - le_real(abs_real(sub_real(double_value(u), - div_real(1.0, sqrt_real(double_value(x_1))))), - mul_real(0x1p-10, - abs_real(div_real(1.0, sqrt_real(double_value(x_1))))))) } ]; void; - (let jessie_ = (t := !u) in void); + closeness(double_value(u_0), double_value(t_2), double_value(x_2))) } ]; + void; (let jessie_ = (t_2 := !u_0) in void); (let jessie_ = - (u := (C_23: - (JC_40: - (((mul_double nearest_even) (C_22: - (JC_36: - (((mul_double nearest_even) (double_of_real_exact 0.5)) !t)))) - (C_21: - (JC_39: - (((sub_double nearest_even) (C_20: (double_of_real_exact 3.0))) - (C_19: - (JC_38: - (((mul_double nearest_even) (C_18: - (JC_37: - (((mul_double nearest_even) !t) !t)))) x_1)))))))))) in + (u_0 := (C_22: + (JC_39: + (((mul_double nearest_even) (C_21: + (JC_35: + (((mul_double nearest_even) + (double_of_real_exact 0.5)) !t_2)))) + (C_20: + (JC_38: + (((sub_double nearest_even) (C_19: (double_of_real_exact 3.0))) + (C_18: + (JC_37: + (((mul_double nearest_even) (C_17: + (JC_36: + (((mul_double nearest_even) !t_2) !t_2)))) x_2)))))))))) in void); - [ { } unit reads t,u + [ { } unit reads t_2 + { (JC_40: newton_rel(double_value(t_2), double_value(x_2))) } ]; + void; + [ { } unit reads t_2,u_0 { (JC_41: - le_real(abs_real(sub_real(double_value(u), - mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), - double_value(t)), - double_value(x_1)))))), - 1.0)) } ]; void; - [ { } unit reads t - { (JC_42: - eq_real(div_real(sub_real(mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), - double_value(t)), - double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - mul_real(neg_real(add_real(1.5, - mul_real(0.5, - div_real(sub_real(double_value(t), - div_real(1.0, - sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1))))))), - mul_real(div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))))))) } ]; void; - [ { } unit reads u - { (JC_43: - le_real(abs_real(sub_real(double_value(u), - div_real(1.0, sqrt_real(double_value(x_1))))), - mul_real(0x1p-10, - abs_real(div_real(1.0, sqrt_real(double_value(x_1))))))) } ]; void; - (let jessie_ = (t := !u) in void); + closeness(double_value(u_0), double_value(t_2), double_value(x_2))) } ]; + void; (let jessie_ = (t_2 := !u_0) in void); (let jessie_ = - (u := (C_34: - (JC_48: - (((mul_double nearest_even) (C_33: - (JC_44: - (((mul_double nearest_even) (double_of_real_exact 0.5)) !t)))) - (C_32: - (JC_47: - (((sub_double nearest_even) (C_31: (double_of_real_exact 3.0))) - (C_30: + (u_0 := (C_32: (JC_46: - (((mul_double nearest_even) (C_29: - (JC_45: - (((mul_double nearest_even) !t) !t)))) x_1)))))))))) in + (((mul_double nearest_even) (C_31: + (JC_42: + (((mul_double nearest_even) + (double_of_real_exact 0.5)) !t_2)))) + (C_30: + (JC_45: + (((sub_double nearest_even) (C_29: (double_of_real_exact 3.0))) + (C_28: + (JC_44: + (((mul_double nearest_even) (C_27: + (JC_43: + (((mul_double nearest_even) !t_2) !t_2)))) x_2)))))))))) in void); - [ { } unit reads t,u - { (JC_49: - le_real(abs_real(sub_real(double_value(u), - mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), - double_value(t)), - double_value(x_1)))))), - 1.0)) } ]; void; - [ { } unit reads t - { (JC_50: - eq_real(div_real(sub_real(mul_real(mul_real(0.5, double_value(t)), - sub_real(3.0, - mul_real(mul_real(double_value(t), - double_value(t)), - double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - mul_real(neg_real(add_real(1.5, - mul_real(0.5, - div_real(sub_real(double_value(t), - div_real(1.0, - sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1))))))), - mul_real(div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(sub_real(double_value(t), - div_real(1.0, sqrt_real(double_value(x_1)))), - div_real(1.0, sqrt_real(double_value(x_1)))))))) } ]; void; - [ { } unit reads u - { (JC_51: - le_real(abs_real(sub_real(double_value(u), - div_real(1.0, sqrt_real(double_value(x_1))))), - mul_real(0x1p-10, - abs_real(div_real(1.0, sqrt_real(double_value(x_1))))))) } ]; void; - (let jessie_ = (t := !u) in void); + [ { } unit reads t_2 + { (JC_47: newton_rel(double_value(t_2), double_value(x_2))) } ]; + void; + [ { } unit reads t_2,u_0 + { (JC_48: + closeness(double_value(u_0), double_value(t_2), double_value(x_2))) } ]; + void; (let jessie_ = (t_2 := !u_0) in void); [ { } unit - { (JC_52: - eq_real(mul_real(double_value(x_1), - div_real(1.0, sqrt_real(double_value(x_1)))), - sqrt_real(double_value(x_1)))) } ]; void; + { (JC_49: + (mul_real(double_value(x_2), + div_real(1.0, sqrt_real(double_value(x_2)))) = sqrt_real(double_value(x_2)))) } ]; + void; (let jessie_ = - (__retres := (C_41: (JC_53: (((mul_double nearest_even) x_1) !t)))) in + (__retres := (C_38: (JC_50: (((mul_double nearest_even) x_2) !t_2)))) in void); (return := !__retres); (raise Return) end))))))))))); absurd end with Return -> !return end)) { true } @@ -2954,6 +2719,10 @@ ((((-9007199254740992) <= i) and (i <= 9007199254740992)) -> (round_double(m, real_of_int(i)) = real_of_int(i))))) +axiom exact_round_double_for_doubles: + (forall x:double. + (forall m:mode. (round_double(m, double_value(x)) = double_value(x)))) + axiom round_double_idempotent: (forall m1:mode. (forall m2:mode. @@ -3010,6 +2779,10 @@ ((((-16777216) <= i) and (i <= 16777216)) -> (round_single(m, real_of_int(i)) = real_of_int(i))))) +axiom exact_round_single_for_singles: + (forall x:single. + (forall m:mode. (round_single(m, single_value(x)) = single_value(x)))) + axiom round_single_idempotent: (forall m1:mode. (forall m2:mode. @@ -3026,22 +2799,21 @@ axiom round_up_single_ge: (forall x:real. (round_single(up, x) >= x)) -logic single_to_double : single -> double +axiom single_value_is_bounded: + (forall x:single. (abs_real(single_value(x)) <= max_single)) -logic double_to_single : mode, double -> single - -axiom single_to_double_val: - (forall s:single. (double_value(single_to_double(s)) = single_value(s))) - -axiom double_to_single_val: - (forall m:mode. - (forall d:double. (single_value(double_to_single(m, d)) = round_single(m, - double_value(d))))) +axiom double_value_is_bounded: + (forall x:double. (abs_real(double_value(x)) <= max_double)) predicate single_of_real_post(m: mode, x: real, res: single) = ((single_value(res) = round_single(m, x)) and ((single_exact(res) = x) and (single_model(res) = x))) +predicate single_of_double_post(m: mode, x: double, res: single) = + ((single_value(res) = round_single(m, double_value(x))) and + ((single_exact(res) = double_exact(x)) and + (single_model(res) = double_model(x)))) + predicate add_single_post(m: mode, x: single, y: single, res: single) = ((single_value(res) = round_single(m, (single_value(x) + single_value(y)))) and @@ -3085,6 +2857,11 @@ ((double_value(res) = round_double(m, x)) and ((double_exact(res) = x) and (double_model(res) = x))) +predicate double_of_single_post(x: single, res: double) = + ((double_value(res) = single_value(x)) and + ((double_exact(res) = single_exact(x)) and + (double_model(res) = single_model(x)))) + predicate add_double_post(m: mode, x: double, y: double, res: double) = ((double_value(res) = round_double(m, (double_value(x) + double_value(y)))) and @@ -3124,30 +2901,34 @@ ((double_exact(res) = abs_real(double_exact(x))) and (double_model(res) = abs_real(double_model(x))))) -type char_P +type charP type int8 type padding -type void_P +type voidP + +logic charP_tag : charP tag_id -logic char_P_tag : char_P tag_id +axiom charP_int: (int_of_tag(charP_tag) = 1) -axiom char_P_int: (int_of_tag(char_P_tag) = 1) +logic charP_of_pointer_address : unit pointer -> charP pointer -logic char_P_of_pointer_address : unit pointer -> char_P pointer +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_of_pointer_address_of_pointer_addr: - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) -axiom char_P_parenttag_bottom: parenttag(char_P_tag, bottom_tag) +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) -axiom char_P_tags: - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. instanceof(char_P_tag_table, - x, char_P_tag))) +predicate closeness(u: real, t_1: real, x_1: real) = + ((abs_real((u - ((0.5 * t_1) * (3.0 - ((t_1 * t_1) * x_1))))) <= 1.0) and + (abs_real((u - div_real(1.0, sqrt_real(x_1)))) <= 1.0)) logic integer_of_int8 : int8 -> int @@ -3161,1400 +2942,758 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_int8(int8_of_integer(x)) = x))) +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + axiom int8_range: (forall x:int8. (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) -predicate left_valid_struct_char_P(p: char_P pointer, a: int, - char_P_alloc_table: char_P alloc_table) = (offset_min(char_P_alloc_table, +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, p) <= a) -predicate left_valid_struct_void_P(p: void_P pointer, a: int, - void_P_alloc_table: void_P alloc_table) = (offset_min(void_P_alloc_table, +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, p) <= a) -axiom pointer_addr_of_char_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(char_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address : unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(void_P_of_pointer_address(p)))) +predicate newton_rel(t: real, x_0: real) = + (div_real((((0.5 * t) * (3.0 - ((t * t) * x_0))) - div_real(1.0, + sqrt_real(x_0))), div_real(1.0, + sqrt_real(x_0))) = ((-(1.5 + (0.5 * div_real((t - div_real(1.0, + sqrt_real(x_0))), div_real(1.0, + sqrt_real(x_0)))))) * (div_real((t - div_real(1.0, sqrt_real(x_0))), + div_real(1.0, sqrt_real(x_0))) * div_real((t - div_real(1.0, + sqrt_real(x_0))), div_real(1.0, sqrt_real(x_0)))))) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) -predicate right_valid_struct_char_P(p: char_P pointer, b: int, - char_P_alloc_table: char_P alloc_table) = (offset_max(char_P_alloc_table, +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, p) >= b) -predicate right_valid_struct_void_P(p: void_P pointer, b: int, - void_P_alloc_table: void_P alloc_table) = (offset_max(void_P_alloc_table, +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, p) >= b) -predicate strict_valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag : void_P tag_id - -axiom void_P_int: (int_of_tag(void_P_tag) = 1) - -axiom void_P_of_pointer_address_of_pointer_addr: - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom: parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags: - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. instanceof(void_P_tag_table, - x, void_P_tag))) +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal newton: + (forall t_0:real. + (forall x_0_1:real. ((x_0_1 > 0.) -> newton_rel(t_0, x_0_1)))) + +axiom newton_as_axiom: + (forall t_0:real. + (forall x_0_1:real. ((x_0_1 > 0.) -> newton_rel(t_0, x_0_1)))) goal sqrt_ensures_default_po_1: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> + mul_double_post(nearest_even, result3, x_2, result4) -> forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> + sub_double_post(nearest_even, result2, result4, result5) -> forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0))) + mul_double_post(nearest_even, result1, result5, result6) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_57": newton_rel(double_value(t_2), double_value(x_2))) goal sqrt_ensures_default_po_2: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> + mul_double_post(nearest_even, result3, x_2, result4) -> forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> + sub_double_post(nearest_even, result2, result4, result5) -> forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_61": - ("JC_61": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))))) + mul_double_post(nearest_even, result1, result5, result6) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_57": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_58": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) goal sqrt_ensures_default_po_3: - forall x_1:double. - ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> - forall result:double. - ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> - forall result0:double. - ((double_value(result0) = 0.5) and - ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> - forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> - forall result2:double. - ((double_value(result2) = 3.0) and - ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> - forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> - forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> - forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_61": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_62": - ("JC_62": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1)))))))) - -goal sqrt_ensures_default_po_4: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> + mul_double_post(nearest_even, result3, x_2, result4) -> forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> - forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_61": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_62": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> - forall result7:double. - ((double_value(result7) = 0.5) and - ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> - forall result8:double. - (no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) and - mul_double_post(nearest_even, result7, t0, result8)) -> - forall result9:double. - ((double_value(result9) = 3.0) and - ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - forall result10:double. - (no_overflow_double(nearest_even, - (double_value(t0) * double_value(t0))) and mul_double_post(nearest_even, - t0, t0, result10)) -> - forall result11:double. - (no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) and - mul_double_post(nearest_even, result10, x_1, result11)) -> - forall result12:double. - (no_overflow_double(nearest_even, - (double_value(result9) - double_value(result11))) and - sub_double_post(nearest_even, result9, result11, result12)) -> - forall result13:double. - (no_overflow_double(nearest_even, - (double_value(result8) * double_value(result12))) and - mul_double_post(nearest_even, result8, result12, result13)) -> - forall u0:double. - (u0 = result13) -> - ("JC_68": - ("JC_68": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0))) - -goal sqrt_ensures_default_po_5: - forall x_1:double. - ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> - forall result:double. - ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> - forall result0:double. - ((double_value(result0) = 0.5) and - ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> - forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> - forall result2:double. - ((double_value(result2) = 3.0) and - ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> - forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> - forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> - forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_61": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_62": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> - forall result7:double. - ((double_value(result7) = 0.5) and - ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> - forall result8:double. - (no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) and - mul_double_post(nearest_even, result7, t0, result8)) -> - forall result9:double. - ((double_value(result9) = 3.0) and - ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - forall result10:double. - (no_overflow_double(nearest_even, - (double_value(t0) * double_value(t0))) and mul_double_post(nearest_even, - t0, t0, result10)) -> - forall result11:double. - (no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) and - mul_double_post(nearest_even, result10, x_1, result11)) -> - forall result12:double. - (no_overflow_double(nearest_even, - (double_value(result9) - double_value(result11))) and - sub_double_post(nearest_even, result9, result11, result12)) -> - forall result13:double. - (no_overflow_double(nearest_even, - (double_value(result8) * double_value(result12))) and - mul_double_post(nearest_even, result8, result12, result13)) -> - forall u0:double. - (u0 = result13) -> - ("JC_68": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_69": - ("JC_69": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))))) - -goal sqrt_ensures_default_po_6: - forall x_1:double. - ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> - forall result:double. - ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> - forall result0:double. - ((double_value(result0) = 0.5) and - ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> - forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> - forall result2:double. - ((double_value(result2) = 3.0) and - ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> - forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> - forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> + sub_double_post(nearest_even, result2, result4, result5) -> forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_61": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_62": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + mul_double_post(nearest_even, result1, result5, result6) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_57": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_58": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> forall result8:double. - (no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) and - mul_double_post(nearest_even, result7, t0, result8)) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> forall result10:double. - (no_overflow_double(nearest_even, - (double_value(t0) * double_value(t0))) and mul_double_post(nearest_even, - t0, t0, result10)) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> forall result11:double. - (no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) and - mul_double_post(nearest_even, result10, x_1, result11)) -> + mul_double_post(nearest_even, result10, x_2, result11) -> forall result12:double. - (no_overflow_double(nearest_even, - (double_value(result9) - double_value(result11))) and - sub_double_post(nearest_even, result9, result11, result12)) -> + sub_double_post(nearest_even, result9, result11, result12) -> forall result13:double. - (no_overflow_double(nearest_even, - (double_value(result8) * double_value(result12))) and - mul_double_post(nearest_even, result8, result12, result13)) -> - forall u0:double. - (u0 = result13) -> - ("JC_68": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_69": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_70": - ("JC_70": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1)))))))) + mul_double_post(nearest_even, result8, result12, result13) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_64": newton_rel(double_value(t_2_0), double_value(x_2))) -goal sqrt_ensures_default_po_7: - forall x_1:double. +goal sqrt_ensures_default_po_4: + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> + mul_double_post(nearest_even, result3, x_2, result4) -> forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> + sub_double_post(nearest_even, result2, result4, result5) -> forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_61": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_62": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + mul_double_post(nearest_even, result1, result5, result6) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_57": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_58": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> forall result8:double. - (no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) and - mul_double_post(nearest_even, result7, t0, result8)) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> forall result10:double. - (no_overflow_double(nearest_even, - (double_value(t0) * double_value(t0))) and mul_double_post(nearest_even, - t0, t0, result10)) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> forall result11:double. - (no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) and - mul_double_post(nearest_even, result10, x_1, result11)) -> + mul_double_post(nearest_even, result10, x_2, result11) -> forall result12:double. - (no_overflow_double(nearest_even, - (double_value(result9) - double_value(result11))) and - sub_double_post(nearest_even, result9, result11, result12)) -> + sub_double_post(nearest_even, result9, result11, result12) -> forall result13:double. - (no_overflow_double(nearest_even, - (double_value(result8) * double_value(result12))) and - mul_double_post(nearest_even, result8, result12, result13)) -> - forall u0:double. - (u0 = result13) -> - ("JC_68": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_69": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_70": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> - forall result14:double. - ((double_value(result14) = 0.5) and - ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> - forall result15:double. - (no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) and - mul_double_post(nearest_even, result14, t1, result15)) -> - forall result16:double. - ((double_value(result16) = 3.0) and - ((double_exact(result16) = 3.0) and (double_model(result16) = 3.0))) -> - forall result17:double. - (no_overflow_double(nearest_even, - (double_value(t1) * double_value(t1))) and mul_double_post(nearest_even, - t1, t1, result17)) -> - forall result18:double. - (no_overflow_double(nearest_even, - (double_value(result17) * double_value(x_1))) and - mul_double_post(nearest_even, result17, x_1, result18)) -> - forall result19:double. - (no_overflow_double(nearest_even, - (double_value(result16) - double_value(result18))) and - sub_double_post(nearest_even, result16, result18, result19)) -> - forall result20:double. - (no_overflow_double(nearest_even, - (double_value(result15) * double_value(result19))) and - mul_double_post(nearest_even, result15, result19, result20)) -> - forall u1:double. - (u1 = result20) -> - ("JC_76": - ("JC_76": - (abs_real((double_value(u1) - ((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))))) <= 1.0))) + mul_double_post(nearest_even, result8, result12, result13) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_64": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_65": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -goal sqrt_ensures_default_po_8: - forall x_1:double. +goal sqrt_ensures_default_po_5: + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> + mul_double_post(nearest_even, result3, x_2, result4) -> forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> + sub_double_post(nearest_even, result2, result4, result5) -> forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_61": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_62": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + mul_double_post(nearest_even, result1, result5, result6) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_57": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_58": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> forall result8:double. - (no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) and - mul_double_post(nearest_even, result7, t0, result8)) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> forall result10:double. - (no_overflow_double(nearest_even, - (double_value(t0) * double_value(t0))) and mul_double_post(nearest_even, - t0, t0, result10)) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> forall result11:double. - (no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) and - mul_double_post(nearest_even, result10, x_1, result11)) -> + mul_double_post(nearest_even, result10, x_2, result11) -> forall result12:double. - (no_overflow_double(nearest_even, - (double_value(result9) - double_value(result11))) and - sub_double_post(nearest_even, result9, result11, result12)) -> + sub_double_post(nearest_even, result9, result11, result12) -> forall result13:double. - (no_overflow_double(nearest_even, - (double_value(result8) * double_value(result12))) and - mul_double_post(nearest_even, result8, result12, result13)) -> - forall u0:double. - (u0 = result13) -> - ("JC_68": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_69": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_70": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> + mul_double_post(nearest_even, result8, result12, result13) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_64": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_65": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -> + forall t_2_1:double. + (t_2_1 = u_0_0) -> forall result14:double. ((double_value(result14) = 0.5) and ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> forall result15:double. - (no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) and - mul_double_post(nearest_even, result14, t1, result15)) -> + mul_double_post(nearest_even, result14, t_2_1, result15) -> forall result16:double. ((double_value(result16) = 3.0) and ((double_exact(result16) = 3.0) and (double_model(result16) = 3.0))) -> forall result17:double. - (no_overflow_double(nearest_even, - (double_value(t1) * double_value(t1))) and mul_double_post(nearest_even, - t1, t1, result17)) -> + mul_double_post(nearest_even, t_2_1, t_2_1, result17) -> forall result18:double. - (no_overflow_double(nearest_even, - (double_value(result17) * double_value(x_1))) and - mul_double_post(nearest_even, result17, x_1, result18)) -> + mul_double_post(nearest_even, result17, x_2, result18) -> forall result19:double. - (no_overflow_double(nearest_even, - (double_value(result16) - double_value(result18))) and - sub_double_post(nearest_even, result16, result18, result19)) -> + sub_double_post(nearest_even, result16, result18, result19) -> forall result20:double. - (no_overflow_double(nearest_even, - (double_value(result15) * double_value(result19))) and - mul_double_post(nearest_even, result15, result19, result20)) -> - forall u1:double. - (u1 = result20) -> - ("JC_76": - (abs_real((double_value(u1) - ((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_77": - ("JC_77": - (div_real((((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))))) + mul_double_post(nearest_even, result15, result19, result20) -> + forall u_0_1:double. + (u_0_1 = result20) -> + ("JC_71": newton_rel(double_value(t_2_1), double_value(x_2))) -goal sqrt_ensures_default_po_9: - forall x_1:double. +goal sqrt_ensures_default_po_6: + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> + mul_double_post(nearest_even, result3, x_2, result4) -> forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> + sub_double_post(nearest_even, result2, result4, result5) -> forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_61": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_62": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + mul_double_post(nearest_even, result1, result5, result6) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_57": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_58": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> forall result8:double. - (no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) and - mul_double_post(nearest_even, result7, t0, result8)) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> forall result10:double. - (no_overflow_double(nearest_even, - (double_value(t0) * double_value(t0))) and mul_double_post(nearest_even, - t0, t0, result10)) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> forall result11:double. - (no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) and - mul_double_post(nearest_even, result10, x_1, result11)) -> + mul_double_post(nearest_even, result10, x_2, result11) -> forall result12:double. - (no_overflow_double(nearest_even, - (double_value(result9) - double_value(result11))) and - sub_double_post(nearest_even, result9, result11, result12)) -> + sub_double_post(nearest_even, result9, result11, result12) -> forall result13:double. - (no_overflow_double(nearest_even, - (double_value(result8) * double_value(result12))) and - mul_double_post(nearest_even, result8, result12, result13)) -> - forall u0:double. - (u0 = result13) -> - ("JC_68": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_69": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_70": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> + mul_double_post(nearest_even, result8, result12, result13) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_64": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_65": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -> + forall t_2_1:double. + (t_2_1 = u_0_0) -> forall result14:double. ((double_value(result14) = 0.5) and ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> forall result15:double. - (no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) and - mul_double_post(nearest_even, result14, t1, result15)) -> + mul_double_post(nearest_even, result14, t_2_1, result15) -> forall result16:double. ((double_value(result16) = 3.0) and ((double_exact(result16) = 3.0) and (double_model(result16) = 3.0))) -> forall result17:double. - (no_overflow_double(nearest_even, - (double_value(t1) * double_value(t1))) and mul_double_post(nearest_even, - t1, t1, result17)) -> + mul_double_post(nearest_even, t_2_1, t_2_1, result17) -> forall result18:double. - (no_overflow_double(nearest_even, - (double_value(result17) * double_value(x_1))) and - mul_double_post(nearest_even, result17, x_1, result18)) -> + mul_double_post(nearest_even, result17, x_2, result18) -> forall result19:double. - (no_overflow_double(nearest_even, - (double_value(result16) - double_value(result18))) and - sub_double_post(nearest_even, result16, result18, result19)) -> + sub_double_post(nearest_even, result16, result18, result19) -> forall result20:double. - (no_overflow_double(nearest_even, - (double_value(result15) * double_value(result19))) and - mul_double_post(nearest_even, result15, result19, result20)) -> - forall u1:double. - (u1 = result20) -> - ("JC_76": - (abs_real((double_value(u1) - ((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_77": - (div_real((((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_78": - ("JC_78": (abs_real((double_value(u1) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1)))))))) + mul_double_post(nearest_even, result15, result19, result20) -> + forall u_0_1:double. + (u_0_1 = result20) -> + ("JC_71": newton_rel(double_value(t_2_1), double_value(x_2))) -> + ("JC_72": closeness(double_value(u_0_1), double_value(t_2_1), + double_value(x_2))) -goal sqrt_ensures_default_po_10: - forall x_1:double. +goal sqrt_ensures_default_po_7: + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> + mul_double_post(nearest_even, result3, x_2, result4) -> forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> + sub_double_post(nearest_even, result2, result4, result5) -> forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_61": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_62": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + mul_double_post(nearest_even, result1, result5, result6) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_57": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_58": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> forall result8:double. - (no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) and - mul_double_post(nearest_even, result7, t0, result8)) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> forall result10:double. - (no_overflow_double(nearest_even, - (double_value(t0) * double_value(t0))) and mul_double_post(nearest_even, - t0, t0, result10)) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> forall result11:double. - (no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) and - mul_double_post(nearest_even, result10, x_1, result11)) -> + mul_double_post(nearest_even, result10, x_2, result11) -> forall result12:double. - (no_overflow_double(nearest_even, - (double_value(result9) - double_value(result11))) and - sub_double_post(nearest_even, result9, result11, result12)) -> + sub_double_post(nearest_even, result9, result11, result12) -> forall result13:double. - (no_overflow_double(nearest_even, - (double_value(result8) * double_value(result12))) and - mul_double_post(nearest_even, result8, result12, result13)) -> - forall u0:double. - (u0 = result13) -> - ("JC_68": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_69": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_70": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> + mul_double_post(nearest_even, result8, result12, result13) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_64": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_65": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -> + forall t_2_1:double. + (t_2_1 = u_0_0) -> forall result14:double. ((double_value(result14) = 0.5) and ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> forall result15:double. - (no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) and - mul_double_post(nearest_even, result14, t1, result15)) -> + mul_double_post(nearest_even, result14, t_2_1, result15) -> forall result16:double. ((double_value(result16) = 3.0) and ((double_exact(result16) = 3.0) and (double_model(result16) = 3.0))) -> forall result17:double. - (no_overflow_double(nearest_even, - (double_value(t1) * double_value(t1))) and mul_double_post(nearest_even, - t1, t1, result17)) -> + mul_double_post(nearest_even, t_2_1, t_2_1, result17) -> forall result18:double. - (no_overflow_double(nearest_even, - (double_value(result17) * double_value(x_1))) and - mul_double_post(nearest_even, result17, x_1, result18)) -> + mul_double_post(nearest_even, result17, x_2, result18) -> forall result19:double. - (no_overflow_double(nearest_even, - (double_value(result16) - double_value(result18))) and - sub_double_post(nearest_even, result16, result18, result19)) -> + sub_double_post(nearest_even, result16, result18, result19) -> forall result20:double. - (no_overflow_double(nearest_even, - (double_value(result15) * double_value(result19))) and - mul_double_post(nearest_even, result15, result19, result20)) -> - forall u1:double. - (u1 = result20) -> - ("JC_76": - (abs_real((double_value(u1) - ((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_77": - (div_real((((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_78": (abs_real((double_value(u1) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t2:double. - (t2 = u1) -> - ("JC_79": - ("JC_79": ((double_value(x_1) * div_real(1.0, - sqrt_real(double_value(x_1)))) = sqrt_real(double_value(x_1))))) + mul_double_post(nearest_even, result15, result19, result20) -> + forall u_0_1:double. + (u_0_1 = result20) -> + ("JC_71": newton_rel(double_value(t_2_1), double_value(x_2))) -> + ("JC_72": closeness(double_value(u_0_1), double_value(t_2_1), + double_value(x_2))) -> + forall t_2_2:double. + (t_2_2 = u_0_1) -> + ("JC_73": ((double_value(x_2) * div_real(1.0, + sqrt_real(double_value(x_2)))) = sqrt_real(double_value(x_2)))) -goal sqrt_ensures_default_po_11: - forall x_1:double. +goal sqrt_ensures_default_po_8: + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> forall result1:double. - (no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) and - mul_double_post(nearest_even, result0, t, result1)) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> forall result3:double. - (no_overflow_double(nearest_even, (double_value(t) * double_value(t))) and - mul_double_post(nearest_even, t, t, result3)) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> forall result4:double. - (no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) and - mul_double_post(nearest_even, result3, x_1, result4)) -> + mul_double_post(nearest_even, result3, x_2, result4) -> forall result5:double. - (no_overflow_double(nearest_even, - (double_value(result2) - double_value(result4))) and - sub_double_post(nearest_even, result2, result4, result5)) -> + sub_double_post(nearest_even, result2, result4, result5) -> forall result6:double. - (no_overflow_double(nearest_even, - (double_value(result1) * double_value(result5))) and - mul_double_post(nearest_even, result1, result5, result6)) -> - forall u:double. - (u = result6) -> - ("JC_60": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_61": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_62": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + mul_double_post(nearest_even, result1, result5, result6) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_57": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_58": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> forall result8:double. - (no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) and - mul_double_post(nearest_even, result7, t0, result8)) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> forall result10:double. - (no_overflow_double(nearest_even, - (double_value(t0) * double_value(t0))) and mul_double_post(nearest_even, - t0, t0, result10)) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> forall result11:double. - (no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) and - mul_double_post(nearest_even, result10, x_1, result11)) -> + mul_double_post(nearest_even, result10, x_2, result11) -> forall result12:double. - (no_overflow_double(nearest_even, - (double_value(result9) - double_value(result11))) and - sub_double_post(nearest_even, result9, result11, result12)) -> + sub_double_post(nearest_even, result9, result11, result12) -> forall result13:double. - (no_overflow_double(nearest_even, - (double_value(result8) * double_value(result12))) and - mul_double_post(nearest_even, result8, result12, result13)) -> - forall u0:double. - (u0 = result13) -> - ("JC_68": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_69": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_70": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> + mul_double_post(nearest_even, result8, result12, result13) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_64": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_65": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -> + forall t_2_1:double. + (t_2_1 = u_0_0) -> forall result14:double. ((double_value(result14) = 0.5) and ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> forall result15:double. - (no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) and - mul_double_post(nearest_even, result14, t1, result15)) -> + mul_double_post(nearest_even, result14, t_2_1, result15) -> forall result16:double. ((double_value(result16) = 3.0) and ((double_exact(result16) = 3.0) and (double_model(result16) = 3.0))) -> forall result17:double. - (no_overflow_double(nearest_even, - (double_value(t1) * double_value(t1))) and mul_double_post(nearest_even, - t1, t1, result17)) -> + mul_double_post(nearest_even, t_2_1, t_2_1, result17) -> forall result18:double. - (no_overflow_double(nearest_even, - (double_value(result17) * double_value(x_1))) and - mul_double_post(nearest_even, result17, x_1, result18)) -> + mul_double_post(nearest_even, result17, x_2, result18) -> forall result19:double. - (no_overflow_double(nearest_even, - (double_value(result16) - double_value(result18))) and - sub_double_post(nearest_even, result16, result18, result19)) -> + sub_double_post(nearest_even, result16, result18, result19) -> forall result20:double. - (no_overflow_double(nearest_even, - (double_value(result15) * double_value(result19))) and - mul_double_post(nearest_even, result15, result19, result20)) -> - forall u1:double. - (u1 = result20) -> - ("JC_76": - (abs_real((double_value(u1) - ((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_77": - (div_real((((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_78": (abs_real((double_value(u1) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t2:double. - (t2 = u1) -> - ("JC_79": ((double_value(x_1) * div_real(1.0, - sqrt_real(double_value(x_1)))) = sqrt_real(double_value(x_1)))) -> + mul_double_post(nearest_even, result15, result19, result20) -> + forall u_0_1:double. + (u_0_1 = result20) -> + ("JC_71": newton_rel(double_value(t_2_1), double_value(x_2))) -> + ("JC_72": closeness(double_value(u_0_1), double_value(t_2_1), + double_value(x_2))) -> + forall t_2_2:double. + (t_2_2 = u_0_1) -> + ("JC_73": ((double_value(x_2) * div_real(1.0, + sqrt_real(double_value(x_2)))) = sqrt_real(double_value(x_2)))) -> forall result21:double. - (no_overflow_double(nearest_even, - (double_value(x_1) * double_value(t2))) and mul_double_post(nearest_even, - x_1, t2, result21)) -> + mul_double_post(nearest_even, x_2, t_2_2, result21) -> forall __retres:double. (__retres = result21) -> forall return:double. (return = __retres) -> ("JC_23": - (abs_real((double_value(return) - sqrt_real(double_value(x_1)))) <= (0x1.p-43 * abs_real(sqrt_real(double_value(x_1)))))) + (abs_real((double_value(return) - sqrt_real(double_value(x_2)))) <= (0x1.p-43 * abs_real(sqrt_real(double_value(x_2)))))) goal sqrt_safety_po_1: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> - no_overflow_double(nearest_even, (double_value(result0) * double_value(t))) + no_overflow_double(nearest_even, + (double_value(result0) * double_value(t_2))) goal sqrt_safety_po_2: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) + no_overflow_double(nearest_even, (double_value(t_2) * double_value(t_2))) goal sqrt_safety_po_3: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) + (double_value(result3) * double_value(x_2))) goal sqrt_safety_po_4: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) goal sqrt_safety_po_5: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -4563,36 +3702,37 @@ (double_value(result1) * double_value(result5))) goal sqrt_safety_po_6: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -4601,62 +3741,51 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) + (double_value(result7) * double_value(t_2_0))) goal sqrt_safety_po_7: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -4665,68 +3794,58 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) -> + (double_value(result7) * double_value(t_2_0))) -> forall result8:double. - mul_double_post(nearest_even, result7, t0, result8) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t0) * double_value(t0))) + no_overflow_double(nearest_even, + (double_value(t_2_0) * double_value(t_2_0))) goal sqrt_safety_po_8: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -4735,72 +3854,62 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) -> + (double_value(result7) * double_value(t_2_0))) -> forall result8:double. - mul_double_post(nearest_even, result7, t0, result8) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t0) * double_value(t0))) -> + no_overflow_double(nearest_even, + (double_value(t_2_0) * double_value(t_2_0))) -> forall result10:double. - mul_double_post(nearest_even, t0, t0, result10) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) + (double_value(result10) * double_value(x_2))) goal sqrt_safety_po_9: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -4809,76 +3918,66 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) -> + (double_value(result7) * double_value(t_2_0))) -> forall result8:double. - mul_double_post(nearest_even, result7, t0, result8) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t0) * double_value(t0))) -> + no_overflow_double(nearest_even, + (double_value(t_2_0) * double_value(t_2_0))) -> forall result10:double. - mul_double_post(nearest_even, t0, t0, result10) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) -> + (double_value(result10) * double_value(x_2))) -> forall result11:double. - mul_double_post(nearest_even, result10, x_1, result11) -> + mul_double_post(nearest_even, result10, x_2, result11) -> no_overflow_double(nearest_even, (double_value(result9) - double_value(result11))) goal sqrt_safety_po_10: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -4887,42 +3986,31 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) -> + (double_value(result7) * double_value(t_2_0))) -> forall result8:double. - mul_double_post(nearest_even, result7, t0, result8) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t0) * double_value(t0))) -> + no_overflow_double(nearest_even, + (double_value(t_2_0) * double_value(t_2_0))) -> forall result10:double. - mul_double_post(nearest_even, t0, t0, result10) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) -> + (double_value(result10) * double_value(x_2))) -> forall result11:double. - mul_double_post(nearest_even, result10, x_1, result11) -> + mul_double_post(nearest_even, result10, x_2, result11) -> no_overflow_double(nearest_even, (double_value(result9) - double_value(result11))) -> forall result12:double. @@ -4931,36 +4019,37 @@ (double_value(result8) * double_value(result12))) goal sqrt_safety_po_11: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -4969,42 +4058,31 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) -> + (double_value(result7) * double_value(t_2_0))) -> forall result8:double. - mul_double_post(nearest_even, result7, t0, result8) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t0) * double_value(t0))) -> + no_overflow_double(nearest_even, + (double_value(t_2_0) * double_value(t_2_0))) -> forall result10:double. - mul_double_post(nearest_even, t0, t0, result10) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) -> + (double_value(result10) * double_value(x_2))) -> forall result11:double. - mul_double_post(nearest_even, result10, x_1, result11) -> + mul_double_post(nearest_even, result10, x_2, result11) -> no_overflow_double(nearest_even, (double_value(result9) - double_value(result11))) -> forall result12:double. @@ -5013,62 +4091,51 @@ (double_value(result8) * double_value(result12))) -> forall result13:double. mul_double_post(nearest_even, result8, result12, result13) -> - forall u0:double. - (u0 = result13) -> - ("JC_41": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_42": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_43": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_40": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_41": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -> + forall t_2_1:double. + (t_2_1 = u_0_0) -> forall result14:double. ((double_value(result14) = 0.5) and ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) + (double_value(result14) * double_value(t_2_1))) goal sqrt_safety_po_12: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -5077,42 +4144,31 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) -> + (double_value(result7) * double_value(t_2_0))) -> forall result8:double. - mul_double_post(nearest_even, result7, t0, result8) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t0) * double_value(t0))) -> + no_overflow_double(nearest_even, + (double_value(t_2_0) * double_value(t_2_0))) -> forall result10:double. - mul_double_post(nearest_even, t0, t0, result10) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) -> + (double_value(result10) * double_value(x_2))) -> forall result11:double. - mul_double_post(nearest_even, result10, x_1, result11) -> + mul_double_post(nearest_even, result10, x_2, result11) -> no_overflow_double(nearest_even, (double_value(result9) - double_value(result11))) -> forall result12:double. @@ -5121,68 +4177,58 @@ (double_value(result8) * double_value(result12))) -> forall result13:double. mul_double_post(nearest_even, result8, result12, result13) -> - forall u0:double. - (u0 = result13) -> - ("JC_41": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_42": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_43": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_40": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_41": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -> + forall t_2_1:double. + (t_2_1 = u_0_0) -> forall result14:double. ((double_value(result14) = 0.5) and ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) -> + (double_value(result14) * double_value(t_2_1))) -> forall result15:double. - mul_double_post(nearest_even, result14, t1, result15) -> + mul_double_post(nearest_even, result14, t_2_1, result15) -> forall result16:double. ((double_value(result16) = 3.0) and ((double_exact(result16) = 3.0) and (double_model(result16) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t1) * double_value(t1))) + no_overflow_double(nearest_even, + (double_value(t_2_1) * double_value(t_2_1))) goal sqrt_safety_po_13: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -5191,42 +4237,31 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) -> + (double_value(result7) * double_value(t_2_0))) -> forall result8:double. - mul_double_post(nearest_even, result7, t0, result8) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t0) * double_value(t0))) -> + no_overflow_double(nearest_even, + (double_value(t_2_0) * double_value(t_2_0))) -> forall result10:double. - mul_double_post(nearest_even, t0, t0, result10) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) -> + (double_value(result10) * double_value(x_2))) -> forall result11:double. - mul_double_post(nearest_even, result10, x_1, result11) -> + mul_double_post(nearest_even, result10, x_2, result11) -> no_overflow_double(nearest_even, (double_value(result9) - double_value(result11))) -> forall result12:double. @@ -5235,72 +4270,62 @@ (double_value(result8) * double_value(result12))) -> forall result13:double. mul_double_post(nearest_even, result8, result12, result13) -> - forall u0:double. - (u0 = result13) -> - ("JC_41": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_42": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_43": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_40": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_41": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -> + forall t_2_1:double. + (t_2_1 = u_0_0) -> forall result14:double. ((double_value(result14) = 0.5) and ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) -> + (double_value(result14) * double_value(t_2_1))) -> forall result15:double. - mul_double_post(nearest_even, result14, t1, result15) -> + mul_double_post(nearest_even, result14, t_2_1, result15) -> forall result16:double. ((double_value(result16) = 3.0) and ((double_exact(result16) = 3.0) and (double_model(result16) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t1) * double_value(t1))) -> + no_overflow_double(nearest_even, + (double_value(t_2_1) * double_value(t_2_1))) -> forall result17:double. - mul_double_post(nearest_even, t1, t1, result17) -> + mul_double_post(nearest_even, t_2_1, t_2_1, result17) -> no_overflow_double(nearest_even, - (double_value(result17) * double_value(x_1))) + (double_value(result17) * double_value(x_2))) goal sqrt_safety_po_14: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -5309,42 +4334,31 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) -> + (double_value(result7) * double_value(t_2_0))) -> forall result8:double. - mul_double_post(nearest_even, result7, t0, result8) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t0) * double_value(t0))) -> + no_overflow_double(nearest_even, + (double_value(t_2_0) * double_value(t_2_0))) -> forall result10:double. - mul_double_post(nearest_even, t0, t0, result10) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) -> + (double_value(result10) * double_value(x_2))) -> forall result11:double. - mul_double_post(nearest_even, result10, x_1, result11) -> + mul_double_post(nearest_even, result10, x_2, result11) -> no_overflow_double(nearest_even, (double_value(result9) - double_value(result11))) -> forall result12:double. @@ -5353,76 +4367,66 @@ (double_value(result8) * double_value(result12))) -> forall result13:double. mul_double_post(nearest_even, result8, result12, result13) -> - forall u0:double. - (u0 = result13) -> - ("JC_41": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_42": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_43": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_40": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_41": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -> + forall t_2_1:double. + (t_2_1 = u_0_0) -> forall result14:double. ((double_value(result14) = 0.5) and ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) -> + (double_value(result14) * double_value(t_2_1))) -> forall result15:double. - mul_double_post(nearest_even, result14, t1, result15) -> + mul_double_post(nearest_even, result14, t_2_1, result15) -> forall result16:double. ((double_value(result16) = 3.0) and ((double_exact(result16) = 3.0) and (double_model(result16) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t1) * double_value(t1))) -> + no_overflow_double(nearest_even, + (double_value(t_2_1) * double_value(t_2_1))) -> forall result17:double. - mul_double_post(nearest_even, t1, t1, result17) -> + mul_double_post(nearest_even, t_2_1, t_2_1, result17) -> no_overflow_double(nearest_even, - (double_value(result17) * double_value(x_1))) -> + (double_value(result17) * double_value(x_2))) -> forall result18:double. - mul_double_post(nearest_even, result17, x_1, result18) -> + mul_double_post(nearest_even, result17, x_2, result18) -> no_overflow_double(nearest_even, (double_value(result16) - double_value(result18))) goal sqrt_safety_po_15: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -5431,42 +4435,31 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) -> + (double_value(result7) * double_value(t_2_0))) -> forall result8:double. - mul_double_post(nearest_even, result7, t0, result8) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t0) * double_value(t0))) -> + no_overflow_double(nearest_even, + (double_value(t_2_0) * double_value(t_2_0))) -> forall result10:double. - mul_double_post(nearest_even, t0, t0, result10) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) -> + (double_value(result10) * double_value(x_2))) -> forall result11:double. - mul_double_post(nearest_even, result10, x_1, result11) -> + mul_double_post(nearest_even, result10, x_2, result11) -> no_overflow_double(nearest_even, (double_value(result9) - double_value(result11))) -> forall result12:double. @@ -5475,42 +4468,31 @@ (double_value(result8) * double_value(result12))) -> forall result13:double. mul_double_post(nearest_even, result8, result12, result13) -> - forall u0:double. - (u0 = result13) -> - ("JC_41": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_42": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_43": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_40": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_41": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -> + forall t_2_1:double. + (t_2_1 = u_0_0) -> forall result14:double. ((double_value(result14) = 0.5) and ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) -> + (double_value(result14) * double_value(t_2_1))) -> forall result15:double. - mul_double_post(nearest_even, result14, t1, result15) -> + mul_double_post(nearest_even, result14, t_2_1, result15) -> forall result16:double. ((double_value(result16) = 3.0) and ((double_exact(result16) = 3.0) and (double_model(result16) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t1) * double_value(t1))) -> + no_overflow_double(nearest_even, + (double_value(t_2_1) * double_value(t_2_1))) -> forall result17:double. - mul_double_post(nearest_even, t1, t1, result17) -> + mul_double_post(nearest_even, t_2_1, t_2_1, result17) -> no_overflow_double(nearest_even, - (double_value(result17) * double_value(x_1))) -> + (double_value(result17) * double_value(x_2))) -> forall result18:double. - mul_double_post(nearest_even, result17, x_1, result18) -> + mul_double_post(nearest_even, result17, x_2, result18) -> no_overflow_double(nearest_even, (double_value(result16) - double_value(result18))) -> forall result19:double. @@ -5519,36 +4501,37 @@ (double_value(result15) * double_value(result19))) goal sqrt_safety_po_16: - forall x_1:double. + forall x_2:double. ("JC_21": - (("JC_19": (0.5 <= double_value(x_1))) and - ("JC_20": (double_value(x_1) <= 2.0)))) -> + (("JC_19": (0.5 <= double_value(x_2))) and + ("JC_20": (double_value(x_2) <= 2.0)))) -> ("JC_3": - (("JC_1": (0.5 <= double_value(x_1))) and - ("JC_2": (double_value(x_1) <= 2.0)))) -> + (("JC_1": (0.5 <= double_value(x_2))) and + ("JC_2": (double_value(x_2) <= 2.0)))) -> forall result:double. ("JC_11": (abs_real((double_value(result) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-6 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t:double. - (t = result) -> + sqrt_real(double_value(x_2))))) <= (0x1.p-6 * abs_real(div_real(1.0, + sqrt_real(double_value(x_2))))))) -> + forall t_2:double. + (t_2 = result) -> forall result0:double. ((double_value(result0) = 0.5) and ((double_exact(result0) = 0.5) and (double_model(result0) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result0) * double_value(t))) -> + (double_value(result0) * double_value(t_2))) -> forall result1:double. - mul_double_post(nearest_even, result0, t, result1) -> + mul_double_post(nearest_even, result0, t_2, result1) -> forall result2:double. ((double_value(result2) = 3.0) and ((double_exact(result2) = 3.0) and (double_model(result2) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t) * double_value(t))) -> + no_overflow_double(nearest_even, + (double_value(t_2) * double_value(t_2))) -> forall result3:double. - mul_double_post(nearest_even, t, t, result3) -> + mul_double_post(nearest_even, t_2, t_2, result3) -> no_overflow_double(nearest_even, - (double_value(result3) * double_value(x_1))) -> + (double_value(result3) * double_value(x_2))) -> forall result4:double. - mul_double_post(nearest_even, result3, x_1, result4) -> + mul_double_post(nearest_even, result3, x_2, result4) -> no_overflow_double(nearest_even, (double_value(result2) - double_value(result4))) -> forall result5:double. @@ -5557,42 +4540,31 @@ (double_value(result1) * double_value(result5))) -> forall result6:double. mul_double_post(nearest_even, result1, result5, result6) -> - forall u:double. - (u = result6) -> - ("JC_33": - (abs_real((double_value(u) - ((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_34": - (div_real((((0.5 * double_value(t)) * (3.0 - ((double_value(t) * double_value(t)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_35": (abs_real((double_value(u) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t0:double. - (t0 = u) -> + forall u_0:double. + (u_0 = result6) -> + ("JC_33": newton_rel(double_value(t_2), double_value(x_2))) -> + ("JC_34": closeness(double_value(u_0), double_value(t_2), + double_value(x_2))) -> + forall t_2_0:double. + (t_2_0 = u_0) -> forall result7:double. ((double_value(result7) = 0.5) and ((double_exact(result7) = 0.5) and (double_model(result7) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result7) * double_value(t0))) -> + (double_value(result7) * double_value(t_2_0))) -> forall result8:double. - mul_double_post(nearest_even, result7, t0, result8) -> + mul_double_post(nearest_even, result7, t_2_0, result8) -> forall result9:double. ((double_value(result9) = 3.0) and ((double_exact(result9) = 3.0) and (double_model(result9) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t0) * double_value(t0))) -> + no_overflow_double(nearest_even, + (double_value(t_2_0) * double_value(t_2_0))) -> forall result10:double. - mul_double_post(nearest_even, t0, t0, result10) -> + mul_double_post(nearest_even, t_2_0, t_2_0, result10) -> no_overflow_double(nearest_even, - (double_value(result10) * double_value(x_1))) -> + (double_value(result10) * double_value(x_2))) -> forall result11:double. - mul_double_post(nearest_even, result10, x_1, result11) -> + mul_double_post(nearest_even, result10, x_2, result11) -> no_overflow_double(nearest_even, (double_value(result9) - double_value(result11))) -> forall result12:double. @@ -5601,42 +4573,31 @@ (double_value(result8) * double_value(result12))) -> forall result13:double. mul_double_post(nearest_even, result8, result12, result13) -> - forall u0:double. - (u0 = result13) -> - ("JC_41": - (abs_real((double_value(u0) - ((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_42": - (div_real((((0.5 * double_value(t0)) * (3.0 - ((double_value(t0) * double_value(t0)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t0) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_43": (abs_real((double_value(u0) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t1:double. - (t1 = u0) -> + forall u_0_0:double. + (u_0_0 = result13) -> + ("JC_40": newton_rel(double_value(t_2_0), double_value(x_2))) -> + ("JC_41": closeness(double_value(u_0_0), double_value(t_2_0), + double_value(x_2))) -> + forall t_2_1:double. + (t_2_1 = u_0_0) -> forall result14:double. ((double_value(result14) = 0.5) and ((double_exact(result14) = 0.5) and (double_model(result14) = 0.5))) -> no_overflow_double(nearest_even, - (double_value(result14) * double_value(t1))) -> + (double_value(result14) * double_value(t_2_1))) -> forall result15:double. - mul_double_post(nearest_even, result14, t1, result15) -> + mul_double_post(nearest_even, result14, t_2_1, result15) -> forall result16:double. ((double_value(result16) = 3.0) and ((double_exact(result16) = 3.0) and (double_model(result16) = 3.0))) -> - no_overflow_double(nearest_even, (double_value(t1) * double_value(t1))) -> + no_overflow_double(nearest_even, + (double_value(t_2_1) * double_value(t_2_1))) -> forall result17:double. - mul_double_post(nearest_even, t1, t1, result17) -> + mul_double_post(nearest_even, t_2_1, t_2_1, result17) -> no_overflow_double(nearest_even, - (double_value(result17) * double_value(x_1))) -> + (double_value(result17) * double_value(x_2))) -> forall result18:double. - mul_double_post(nearest_even, result17, x_1, result18) -> + mul_double_post(nearest_even, result17, x_2, result18) -> no_overflow_double(nearest_even, (double_value(result16) - double_value(result18))) -> forall result19:double. @@ -5645,36 +4606,24 @@ (double_value(result15) * double_value(result19))) -> forall result20:double. mul_double_post(nearest_even, result15, result19, result20) -> - forall u1:double. - (u1 = result20) -> - ("JC_49": - (abs_real((double_value(u1) - ((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))))) <= 1.0)) -> - ("JC_50": - (div_real((((0.5 * double_value(t1)) * (3.0 - ((double_value(t1) * double_value(t1)) * double_value(x_1)))) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) = ((-(1.5 + (0.5 * div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1))))))) * (div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))) * div_real((double_value(t1) - div_real(1.0, - sqrt_real(double_value(x_1)))), div_real(1.0, - sqrt_real(double_value(x_1)))))))) -> - ("JC_51": (abs_real((double_value(u1) - div_real(1.0, - sqrt_real(double_value(x_1))))) <= (0x1.p-10 * abs_real(div_real(1.0, - sqrt_real(double_value(x_1))))))) -> - forall t2:double. - (t2 = u1) -> - ("JC_52": ((double_value(x_1) * div_real(1.0, - sqrt_real(double_value(x_1)))) = sqrt_real(double_value(x_1)))) -> - no_overflow_double(nearest_even, (double_value(x_1) * double_value(t2))) + forall u_0_1:double. + (u_0_1 = result20) -> + ("JC_47": newton_rel(double_value(t_2_1), double_value(x_2))) -> + ("JC_48": closeness(double_value(u_0_1), double_value(t_2_1), + double_value(x_2))) -> + forall t_2_2:double. + (t_2_2 = u_0_1) -> + ("JC_49": ((double_value(x_2) * div_real(1.0, + sqrt_real(double_value(x_2)))) = sqrt_real(double_value(x_2)))) -> + no_overflow_double(nearest_even, (double_value(x_2) * double_value(t_2_2))) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/float_sqrt_why.why : ###########???############# (0/0/3/24/0) -total : 27 -valid : 0 ( 0%) +why/float_sqrt_why.why : ?.#.#.###.############### (4/0/1/20/0) +total : 25 +valid : 4 ( 16%) invalid : 0 ( 0%) -unknown : 3 ( 11%) -timeout : 24 ( 89%) +unknown : 1 ( 4%) +timeout : 20 ( 80%) failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/heap_sort.res.oracle why-2.30+dfsg/tests/c/oracle/heap_sort.res.oracle --- why-2.29+dfsg/tests/c/oracle/heap_sort.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/heap_sort.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/c/heap_sort.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ #include "binary_heap.h" @@ -29,7 +59,7 @@ //@ assert arr[0] <= arr[1] && arr[1] <= arr[2]; //@ assert arr[0] == 13 && arr[1] == 42 && arr[2] == 42; } - + ========== frama-c -jessie execution ========== [kernel] preprocessing with "gcc -C -E -I. -dD tests/c/heap_sort.c" [jessie] Starting Jessie translation @@ -55,22 +85,22 @@ type int8 = -128..127 -tag int_P = { - int32 int_M: 32; +tag intP = { + int32 intM: 32; } -type int_P = [int_P] +type intP = [intP] -tag char_P = { - int8 char_M: 8; +tag charP = { + int8 charM: 8; } -type char_P = [char_P] +type charP = [charP] -tag void_P = { +tag voidP = { } -type void_P = [void_P] +type voidP = [voidP] tag Heap = { int32 x: 32; @@ -96,7 +126,7 @@ ensures (C_3 : true); ; -unit heap_sort(int_P[..] arr, uint32 len) +unit heap_sort(intP[..] arr, uint32 len) requires (C_33 : (len >= 0)); requires (C_30 : ((C_31 : (\offset_min(arr) <= 0)) && (C_32 : (\offset_max(arr) >= (len - 1))))); @@ -104,8 +134,7 @@ ensures (C_29 : (\forall integer i; (\forall integer j; (((0 <= i) && ((i <= j) && (j < \at(len,Old)))) ==> - ((\at(arr,Old) + i).int_M <= - (\at(arr,Old) + j).int_M))))); + ((\at(arr,Old) + i).intM <= (\at(arr,Old) + j).intM))))); { (var uint32 i); @@ -122,7 +151,7 @@ { { (if (i < len) then () else (goto while_0_break)); - (C_13 : insert(h, (C_12 : (C_11 : (arr + i)).int_M))); + (C_13 : insert(h, (C_12 : (C_11 : (arr + i)).intM))); (C_16 : (i = (C_15 : ((C_14 : (i + 1)) :> uint32)))) } }; @@ -137,8 +166,8 @@ { { (if (i < len) then () else (goto while_1_break)); - (C_25 : ((C_24 : (C_23 : (arr + i)).int_M) = (C_22 : extract_min( - h)))); + (C_25 : ((C_24 : (C_23 : (arr + i)).intM) = (C_22 : extract_min( + h)))); (C_28 : (i = (C_27 : ((C_26 : (i + 1)) :> uint32)))) } }; @@ -152,26 +181,26 @@ behavior default: ensures (C_52 : true); { - (var int_P[0..2] arr_0); + (var intP[0..2] arr_0); - { (C_35 : (arr_0 = (C_34 : (new int_P[3])))); - (C_37 : ((C_36 : (arr_0 + 0).int_M) = 42)); - (C_39 : ((C_38 : (arr_0 + 1).int_M) = 13)); - (C_41 : ((C_40 : (arr_0 + 2).int_M) = 42)); + { (C_35 : (arr_0 = (C_34 : (new intP[3])))); + (C_37 : ((C_36 : (arr_0 + 0).intM) = 42)); + (C_39 : ((C_38 : (arr_0 + 1).intM) = 13)); + (C_41 : ((C_40 : (arr_0 + 2).intM) = 42)); (C_42 : heap_sort(arr_0, 3)); { - (assert for default: (C_43 : ((C_44 : ((arr_0 + 0).int_M <= - (arr_0 + 1).int_M)) && - (C_45 : ((arr_0 + 1).int_M <= - (arr_0 + 2).int_M))))); + (assert for default: (C_43 : ((C_44 : ((arr_0 + 0).intM <= + (arr_0 + 1).intM)) && + (C_45 : ((arr_0 + 1).intM <= + (arr_0 + 2).intM))))); () }; { - (assert for default: (C_46 : (((C_48 : ((arr_0 + 0).int_M == 13)) && - (C_49 : ((arr_0 + 1).int_M == 42))) && - (C_50 : ((arr_0 + 2).int_M == 42))))); + (assert for default: (C_46 : (((C_48 : ((arr_0 + 0).intM == 13)) && + (C_49 : ((arr_0 + 1).intM == 42))) && + (C_50 : ((arr_0 + 2).intM == 42))))); () }; @@ -184,13 +213,13 @@ ========== file tests/c/heap_sort.jessie/heap_sort.cloc ========== [C_50] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 45 end = 57 [C_51] file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 6 end = 9 @@ -203,74 +232,74 @@ [main] name = "Function main" file = "HOME/tests/c/heap_sort.c" -line = 25 +line = 55 begin = 5 end = 9 [C_10] file = "HOME/tests/c/heap_sort.c" -line = 13 +line = 43 begin = 26 end = 34 [C_11] file = "HOME/tests/c/heap_sort.c" -line = 16 +line = 46 begin = 37 end = 40 [C_12] file = "HOME/tests/c/heap_sort.c" -line = 16 +line = 46 begin = 37 end = 43 [C_13] file = "HOME/tests/c/heap_sort.c" -line = 16 +line = 46 begin = 28 end = 44 [C_14] file = "HOME/tests/c/heap_sort.c" -line = 16 +line = 46 begin = 23 end = 26 [C_15] file = "HOME/tests/c/heap_sort.c" -line = 16 +line = 46 begin = 23 end = 26 [C_16] file = "HOME/tests/c/heap_sort.c" -line = 16 +line = 46 begin = 23 end = 26 [C_17] file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 11 end = 12 [C_18] file = "HOME/tests/c/heap_sort.c" -line = 18 +line = 48 begin = 19 end = 26 [C_19] file = "HOME/tests/c/heap_sort.c" -line = 17 +line = 47 begin = 21 end = 34 [heap_sort] name = "Function heap_sort" file = "HOME/tests/c/heap_sort.c" -line = 10 +line = 40 begin = 5 end = 14 @@ -294,217 +323,217 @@ [C_4] file = "HOME/tests/c/heap_sort.c" -line = 12 +line = 42 begin = 11 end = 22 [C_20] file = "HOME/tests/c/heap_sort.c" -line = 17 +line = 47 begin = 21 end = 27 [C_5] file = "HOME/tests/c/heap_sort.c" -line = 12 +line = 42 begin = 11 end = 22 [C_21] file = "HOME/tests/c/heap_sort.c" -line = 17 +line = 47 begin = 26 end = 34 [C_6] file = "HOME/tests/c/heap_sort.c" -line = 16 +line = 46 begin = 11 end = 12 [C_22] file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 37 end = 51 [C_7] file = "HOME/tests/c/heap_sort.c" -line = 14 +line = 44 begin = 19 end = 26 [C_23] file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 28 end = 31 [C_8] file = "HOME/tests/c/heap_sort.c" -line = 13 +line = 43 begin = 21 end = 34 [C_24] file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 37 end = 51 [C_9] file = "HOME/tests/c/heap_sort.c" -line = 13 +line = 43 begin = 21 end = 27 [C_25] file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 37 end = 51 [C_26] file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 23 end = 26 [C_27] file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 23 end = 26 [C_28] file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 23 end = 26 [C_29] file = "HOME/tests/c/heap_sort.c" -line = 8 +line = 38 begin = 12 end = 71 [C_30] file = "HOME/tests/c/heap_sort.c" -line = 6 +line = 36 begin = 13 end = 38 [C_31] file = "HOME/tests/c/heap_sort.c" -line = 6 +line = 36 begin = 13 end = 38 [C_32] file = "HOME/tests/c/heap_sort.c" -line = 6 +line = 36 begin = 13 end = 38 [C_33] file = "HOME/tests/c/heap_sort.c" -line = 5 +line = 35 begin = 13 end = 21 [C_34] file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 6 end = 9 [C_35] file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 6 end = 9 [C_36] file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 2 end = 5 [C_37] file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 2 end = 5 [C_38] file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 2 end = 5 [C_39] file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 2 end = 5 [C_40] file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 2 end = 5 [C_41] file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 2 end = 5 [C_42] file = "HOME/tests/c/heap_sort.c" -line = 27 +line = 57 begin = 2 end = 18 [C_43] file = "HOME/tests/c/heap_sort.c" -line = 28 +line = 58 begin = 13 end = 49 [C_44] file = "HOME/tests/c/heap_sort.c" -line = 28 +line = 58 begin = 13 end = 29 [C_45] file = "HOME/tests/c/heap_sort.c" -line = 28 +line = 58 begin = 33 end = 49 [C_46] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 13 end = 57 [C_47] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 13 end = 41 [C_48] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 13 end = 25 [C_49] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 29 end = 41 @@ -526,10 +555,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs heap_sort.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/heap_sort_why.sx @@ -590,6 +620,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/heap_sort_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/heap_sort_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -662,6 +699,9 @@ why3ide: why/heap_sort_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: heap_sort.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include heap_sort.depend depend: coq/heap_sort_why.v @@ -674,28 +714,28 @@ [JC_90] kind = IndexBounds file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 118 +line = 117 begin = 15 -end = 46 +end = 45 [main_ensures_default] name = "Function main" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/heap_sort.c" -line = 25 +line = 55 begin = 5 end = 9 [JC_91] kind = UserCall file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 122 +line = 121 begin = 14 end = 33 [JC_92] file = "HOME/tests/c/heap_sort.c" -line = 28 +line = 58 begin = 13 end = 29 @@ -707,31 +747,31 @@ [JC_93] file = "HOME/tests/c/heap_sort.c" -line = 28 +line = 58 begin = 33 end = 49 [JC_41] file = "HOME/tests/c/heap_sort.c" -line = 8 +line = 38 begin = 12 end = 71 [JC_94] file = "HOME/tests/c/heap_sort.c" -line = 28 +line = 58 begin = 13 end = 49 [JC_42] file = "HOME/tests/c/heap_sort.c" -line = 8 +line = 38 begin = 12 end = 71 [JC_95] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 13 end = 25 @@ -743,7 +783,7 @@ [JC_96] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 29 end = 41 @@ -755,26 +795,26 @@ [JC_97] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 45 end = 57 [JC_45] kind = UserCall file = "HOME/tests/c/heap_sort.c" -line = 12 +line = 42 begin = 11 end = 22 [JC_98] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 13 end = 57 [JC_46] file = "HOME/tests/c/heap_sort.c" -line = 13 +line = 43 begin = 21 end = 27 @@ -787,20 +827,20 @@ [JC_100] kind = UserCall file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 122 +line = 121 begin = 14 end = 33 [JC_99] kind = AllocSize file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 6 end = 9 [JC_47] file = "HOME/tests/c/heap_sort.c" -line = 13 +line = 43 begin = 26 end = 34 @@ -812,13 +852,13 @@ [JC_101] file = "HOME/tests/c/heap_sort.c" -line = 28 +line = 58 begin = 13 end = 29 [JC_48] file = "HOME/tests/c/heap_sort.c" -line = 13 +line = 43 begin = 21 end = 34 @@ -830,7 +870,7 @@ [JC_102] file = "HOME/tests/c/heap_sort.c" -line = 28 +line = 58 begin = 33 end = 49 @@ -848,7 +888,7 @@ [JC_103] file = "HOME/tests/c/heap_sort.c" -line = 28 +line = 58 begin = 13 end = 49 @@ -860,7 +900,7 @@ [JC_104] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 13 end = 25 @@ -872,15 +912,15 @@ [JC_105] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 29 end = 41 [heap_sort_ensures_default] name = "Function heap_sort" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/heap_sort.c" -line = 10 +line = 40 begin = 5 end = 14 @@ -892,7 +932,7 @@ [JC_106] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 45 end = 57 @@ -904,7 +944,7 @@ [JC_107] file = "HOME/tests/c/heap_sort.c" -line = 29 +line = 59 begin = 13 end = 57 @@ -918,64 +958,64 @@ name = "Function heap_sort" behavior = "Safety" file = "HOME/tests/c/heap_sort.c" -line = 10 +line = 40 begin = 5 end = 14 [JC_50] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 78 +line = 77 begin = 6 -end = 392 +end = 391 [JC_51] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 78 +line = 77 begin = 6 -end = 392 +end = 391 [JC_52] kind = PointerDeref file = "HOME/tests/c/heap_sort.c" -line = 16 +line = 46 begin = 37 end = 43 [JC_53] kind = UserCall file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 86 +line = 85 begin = 20 -end = 64 +end = 63 [JC_54] kind = ArithOverflow file = "HOME/tests/c/heap_sort.c" -line = 16 +line = 46 begin = 23 end = 26 [JC_55] file = "HOME/tests/c/heap_sort.c" -line = 14 +line = 44 begin = 19 end = 26 [JC_56] file = "HOME/tests/c/heap_sort.c" -line = 17 +line = 47 begin = 21 end = 27 [JC_57] file = "HOME/tests/c/heap_sort.c" -line = 17 +line = 47 begin = 26 end = 34 [JC_58] file = "HOME/tests/c/heap_sort.c" -line = 17 +line = 47 begin = 21 end = 34 @@ -987,20 +1027,20 @@ [JC_60] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 93 +line = 92 begin = 6 -end = 470 +end = 468 [JC_61] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 93 +line = 92 begin = 6 -end = 470 +end = 468 [JC_62] kind = UserCall file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 37 end = 51 @@ -1013,9 +1053,9 @@ [JC_63] kind = PointerDeref file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 101 +line = 100 begin = 21 -end = 138 +end = 136 [JC_11] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" @@ -1026,7 +1066,7 @@ [JC_64] kind = ArithOverflow file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 23 end = 26 @@ -1038,7 +1078,7 @@ [JC_65] file = "HOME/tests/c/heap_sort.c" -line = 18 +line = 48 begin = 19 end = 26 @@ -1051,7 +1091,7 @@ [JC_66] kind = UserCall file = "HOME/tests/c/heap_sort.c" -line = 12 +line = 42 begin = 11 end = 22 @@ -1063,7 +1103,7 @@ [JC_67] file = "HOME/tests/c/heap_sort.c" -line = 13 +line = 43 begin = 21 end = 27 @@ -1075,7 +1115,7 @@ [JC_68] file = "HOME/tests/c/heap_sort.c" -line = 13 +line = 43 begin = 26 end = 34 @@ -1087,7 +1127,7 @@ [JC_69] file = "HOME/tests/c/heap_sort.c" -line = 13 +line = 43 begin = 21 end = 34 @@ -1117,15 +1157,15 @@ [JC_71] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 78 +line = 77 begin = 6 -end = 392 +end = 391 [JC_72] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 78 +line = 77 begin = 6 -end = 392 +end = 391 [JC_20] file = "HOME/" @@ -1136,9 +1176,9 @@ [JC_73] kind = UserCall file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 86 +line = 85 begin = 20 -end = 64 +end = 63 [JC_21] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" @@ -1148,7 +1188,7 @@ [JC_74] file = "HOME/tests/c/heap_sort.c" -line = 17 +line = 47 begin = 21 end = 27 @@ -1160,7 +1200,7 @@ [JC_75] file = "HOME/tests/c/heap_sort.c" -line = 17 +line = 47 begin = 26 end = 34 @@ -1172,7 +1212,7 @@ [JC_76] file = "HOME/tests/c/heap_sort.c" -line = 17 +line = 47 begin = 21 end = 34 @@ -1196,9 +1236,9 @@ [JC_78] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 93 +line = 92 begin = 6 -end = 470 +end = 468 [JC_26] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" @@ -1208,9 +1248,9 @@ [JC_79] file = "HOME/tests/c/heap_sort.jessie/heap_sort.jc" -line = 93 +line = 92 begin = 6 -end = 470 +end = 468 [JC_27] file = "HOME/" @@ -1233,13 +1273,13 @@ [JC_80] kind = UserCall file = "HOME/tests/c/heap_sort.c" -line = 20 +line = 50 begin = 37 end = 51 [JC_81] file = "HOME/tests/c/heap_sort.c" -line = 25 +line = 55 begin = 5 end = 9 @@ -1257,13 +1297,13 @@ [JC_83] file = "HOME/tests/c/heap_sort.c" -line = 25 +line = 55 begin = 5 end = 9 [JC_31] file = "HOME/tests/c/heap_sort.c" -line = 5 +line = 35 begin = 13 end = 21 @@ -1275,7 +1315,7 @@ [JC_32] file = "HOME/tests/c/heap_sort.c" -line = 6 +line = 36 begin = 13 end = 38 @@ -1287,7 +1327,7 @@ [JC_33] file = "HOME/tests/c/heap_sort.c" -line = 6 +line = 36 begin = 13 end = 38 @@ -1307,7 +1347,7 @@ name = "Function main" behavior = "Safety" file = "HOME/tests/c/heap_sort.c" -line = 25 +line = 55 begin = 5 end = 9 @@ -1331,26 +1371,26 @@ [JC_36] file = "HOME/tests/c/heap_sort.c" -line = 5 +line = 35 begin = 13 end = 21 [JC_89] kind = AllocSize file = "HOME/tests/c/heap_sort.c" -line = 26 +line = 56 begin = 6 end = 9 [JC_37] file = "HOME/tests/c/heap_sort.c" -line = 6 +line = 36 begin = 13 end = 38 [JC_38] file = "HOME/tests/c/heap_sort.c" -line = 6 +line = 36 begin = 13 end = 38 @@ -1363,23 +1403,19 @@ ========== file tests/c/heap_sort.jessie/why/heap_sort.why ========== type Heap -type char_P +type charP type int32 type int8 -type int_P +type intP type padding type uint32 -type void_P - -exception Goto_while_0_break_exc of unit - -exception Goto_while_1_break_exc of unit +type voidP logic Heap_tag: -> Heap tag_id @@ -1397,28 +1433,21 @@ (forall Heap_tag_table:Heap tag_table. instanceof(Heap_tag_table, x, Heap_tag))) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - -exception Return_label_exc of unit - -logic char_P_tag: -> char_P tag_id +logic charP_tag: -> charP tag_id -axiom char_P_int : (int_of_tag(char_P_tag) = (1)) +axiom charP_int : (int_of_tag(charP_tag) = (1)) -logic char_P_of_pointer_address: unit pointer -> char_P pointer +logic charP_of_pointer_address: unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr : - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom : parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) -axiom char_P_tags : - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. - instanceof(char_P_tag_table, x, char_P_tag))) +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) logic integer_of_int32: int32 -> int @@ -1442,6 +1471,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -1454,109 +1488,112 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_int8(int8_of_integer(x)), x))) +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + axiom int8_range : (forall x:int8. (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) -logic int_P_tag: -> int_P tag_id +logic intP_tag: -> intP tag_id -axiom int_P_int : (int_of_tag(int_P_tag) = (1)) +axiom intP_int : (int_of_tag(intP_tag) = (1)) -logic int_P_of_pointer_address: unit pointer -> int_P pointer +logic intP_of_pointer_address: unit pointer -> intP pointer -axiom int_P_of_pointer_address_of_pointer_addr : - (forall p:int_P pointer. (p = int_P_of_pointer_address(pointer_address(p)))) +axiom intP_of_pointer_address_of_pointer_addr : + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) -axiom int_P_parenttag_bottom : parenttag(int_P_tag, bottom_tag) +axiom intP_parenttag_bottom : parenttag(intP_tag, bottom_tag) -axiom int_P_tags : - (forall x:int_P pointer. - (forall int_P_tag_table:int_P tag_table. - instanceof(int_P_tag_table, x, int_P_tag))) +axiom intP_tags : + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. + instanceof(intP_tag_table, x, intP_tag))) predicate left_valid_struct_Heap(p:Heap pointer, a:int, Heap_alloc_table:Heap alloc_table) = (offset_min(Heap_alloc_table, p) <= a) -predicate left_valid_struct_char_P(p:char_P pointer, a:int, - char_P_alloc_table:char_P alloc_table) = - (offset_min(char_P_alloc_table, p) <= a) - -predicate left_valid_struct_int_P(p:int_P pointer, a:int, - int_P_alloc_table:int_P alloc_table) = - (offset_min(int_P_alloc_table, p) <= a) - -predicate left_valid_struct_void_P(p:void_P pointer, a:int, - void_P_alloc_table:void_P alloc_table) = - (offset_min(void_P_alloc_table, p) <= a) +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_intP(p:intP pointer, a:int, + intP_alloc_table:intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) axiom pointer_addr_of_Heap_of_pointer_address : (forall p:unit pointer. (p = pointer_address(Heap_of_pointer_address(p)))) -axiom pointer_addr_of_char_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(char_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) -axiom pointer_addr_of_int_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(int_P_of_pointer_address(p)))) +axiom pointer_addr_of_intP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) -logic void_P_of_pointer_address: unit pointer -> void_P pointer +logic voidP_of_pointer_address: unit pointer -> voidP pointer -axiom pointer_addr_of_void_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) predicate right_valid_struct_Heap(p:Heap pointer, b:int, Heap_alloc_table:Heap alloc_table) = (offset_max(Heap_alloc_table, p) >= b) -predicate right_valid_struct_char_P(p:char_P pointer, b:int, - char_P_alloc_table:char_P alloc_table) = - (offset_max(char_P_alloc_table, p) >= b) - -predicate right_valid_struct_int_P(p:int_P pointer, b:int, - int_P_alloc_table:int_P alloc_table) = - (offset_max(int_P_alloc_table, p) >= b) - -predicate right_valid_struct_void_P(p:void_P pointer, b:int, - void_P_alloc_table:void_P alloc_table) = - (offset_max(void_P_alloc_table, p) >= b) +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_intP(p:intP pointer, b:int, + intP_alloc_table:intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) predicate strict_valid_root_Heap(p:Heap pointer, a:int, b:int, Heap_alloc_table:Heap alloc_table) = ((offset_min(Heap_alloc_table, p) = a) and (offset_max(Heap_alloc_table, p) = b)) -predicate strict_valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) - and (offset_max(int_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) predicate strict_valid_struct_Heap(p:Heap pointer, a:int, b:int, Heap_alloc_table:Heap alloc_table) = ((offset_min(Heap_alloc_table, p) = a) and (offset_max(Heap_alloc_table, p) = b)) -predicate strict_valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) - and (offset_max(int_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) logic uint32_of_integer: int -> uint32 @@ -1565,161 +1602,83 @@ ((le_int((0), x) and le_int(x, (4294967295))) -> eq_int(integer_of_uint32(uint32_of_integer(x)), x))) +axiom uint32_extensionality : + (forall x:uint32. + (forall y:uint32. + (eq_int(integer_of_uint32(x), integer_of_uint32(y)) -> (x = y)))) + axiom uint32_range : (forall x:uint32. (le_int((0), integer_of_uint32(x)) and le_int(integer_of_uint32(x), (4294967295)))) -predicate valid_bitvector_struct_Heap(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_int_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Heap(p:Heap pointer, a:int, b:int, Heap_alloc_table:Heap alloc_table) = ((offset_min(Heap_alloc_table, p) <= a) and (offset_max(Heap_alloc_table, p) >= b)) -predicate valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) - and (offset_max(int_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) predicate valid_struct_Heap(p:Heap pointer, a:int, b:int, Heap_alloc_table:Heap alloc_table) = ((offset_min(Heap_alloc_table, p) <= a) and (offset_max(Heap_alloc_table, p) >= b)) -predicate valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) - and (offset_max(int_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag: -> void_P tag_id - -axiom void_P_int : (int_of_tag(void_P_tag) = (1)) - -axiom void_P_of_pointer_address_of_pointer_addr : - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom : parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags : - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. - instanceof(void_P_tag_table, x, void_P_tag))) +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) -parameter Heap_alloc_table : Heap alloc_table ref - -parameter Heap_tag_table : Heap tag_table ref - -parameter alloc_bitvector_struct_Heap : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Heap(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Heap_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Heap(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Goto_while_0_break_exc of unit -parameter alloc_bitvector_struct_char_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Goto_while_1_break_exc of unit -parameter alloc_bitvector_struct_char_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Heap_alloc_table : Heap alloc_table ref -parameter alloc_bitvector_struct_int_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Heap_tag_table : Heap tag_table ref -parameter alloc_bitvector_struct_int_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_void_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_void_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit parameter alloc_struct_Heap : n:int -> @@ -1743,85 +1702,83 @@ and (alloc_fresh(Heap_alloc_table@, result, n) and instanceof(Heap_tag_table, result, Heap_tag)))) } -parameter char_P_alloc_table : char_P alloc_table ref +parameter charP_alloc_table : charP alloc_table ref -parameter char_P_tag_table : char_P tag_table ref +parameter charP_tag_table : charP tag_table ref -parameter alloc_struct_char_P : +parameter alloc_struct_charP : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { } char_P pointer writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter alloc_struct_char_P_requires : +parameter alloc_struct_charP_requires : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { ge_int(n, (0))} char_P pointer - writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter int_P_alloc_table : int_P alloc_table ref +parameter intP_alloc_table : intP alloc_table ref -parameter int_P_tag_table : int_P tag_table ref +parameter intP_tag_table : intP tag_table ref -parameter alloc_struct_int_P : +parameter alloc_struct_intP : n:int -> - int_P_alloc_table:int_P alloc_table ref -> - int_P_tag_table:int_P tag_table ref -> - { } int_P pointer writes int_P_alloc_table,int_P_tag_table - { (strict_valid_struct_int_P(result, (0), sub_int(n, (1)), - int_P_alloc_table) - and (alloc_extends(int_P_alloc_table@, int_P_alloc_table) - and (alloc_fresh(int_P_alloc_table@, result, n) - and instanceof(int_P_tag_table, result, int_P_tag)))) } + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { } intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } -parameter alloc_struct_int_P_requires : +parameter alloc_struct_intP_requires : n:int -> - int_P_alloc_table:int_P alloc_table ref -> - int_P_tag_table:int_P tag_table ref -> - { ge_int(n, (0))} int_P pointer writes int_P_alloc_table,int_P_tag_table - { (strict_valid_struct_int_P(result, (0), sub_int(n, (1)), - int_P_alloc_table) - and (alloc_extends(int_P_alloc_table@, int_P_alloc_table) - and (alloc_fresh(int_P_alloc_table@, result, n) - and instanceof(int_P_tag_table, result, int_P_tag)))) } + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { ge_int(n, (0))} intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } -parameter void_P_alloc_table : void_P alloc_table ref +parameter voidP_alloc_table : voidP alloc_table ref -parameter void_P_tag_table : void_P tag_table ref +parameter voidP_tag_table : voidP tag_table ref -parameter alloc_struct_void_P : +parameter alloc_struct_voidP : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { } void_P pointer writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } -parameter alloc_struct_void_P_requires : +parameter alloc_struct_voidP_requires : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { ge_int(n, (0))} void_P pointer - writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } parameter any_int32 : unit -> { } int32 { true } @@ -1838,38 +1795,38 @@ parameter extract_min_requires : u:Heap pointer -> { } int32 { true } parameter heap_sort : - arr:int_P pointer -> + arr:intP pointer -> len:uint32 -> - int_P_int_M_arr_5:(int_P, int32) memory ref -> - int_P_arr_5_alloc_table:int_P alloc_table -> - { } unit reads int_P_int_M_arr_5 writes int_P_int_M_arr_5 + intP_intM_arr_5:(intP, int32) memory ref -> + intP_arr_5_alloc_table:intP alloc_table -> + { } unit reads intP_intM_arr_5 writes intP_intM_arr_5 { (JC_42: (forall i:int. (forall j:int. ((le_int((0), i) - and (le_int(i, j) and lt_int(j, integer_of_uint32(len@)))) -> - le_int(integer_of_int32(select(int_P_int_M_arr_5, shift(arr@, i))), - integer_of_int32(select(int_P_int_M_arr_5, shift(arr@, j)))))))) } + and (le_int(i, j) and lt_int(j, integer_of_uint32(len)))) -> + le_int(integer_of_int32(select(intP_intM_arr_5, shift(arr, i))), + integer_of_int32(select(intP_intM_arr_5, shift(arr, j)))))))) } parameter heap_sort_requires : - arr:int_P pointer -> + arr:intP pointer -> len:uint32 -> - int_P_int_M_arr_5:(int_P, int32) memory ref -> - int_P_arr_5_alloc_table:int_P alloc_table -> + intP_intM_arr_5:(intP, int32) memory ref -> + intP_arr_5_alloc_table:intP alloc_table -> { (JC_34: ((JC_31: ge_int(integer_of_uint32(len), (0))) - and ((JC_32: le_int(offset_min(int_P_arr_5_alloc_table, arr), (0))) + and ((JC_32: le_int(offset_min(intP_arr_5_alloc_table, arr), (0))) and (JC_33: - ge_int(offset_max(int_P_arr_5_alloc_table, arr), + ge_int(offset_max(intP_arr_5_alloc_table, arr), sub_int(integer_of_uint32(len), (1)))))))} - unit reads int_P_int_M_arr_5 writes int_P_int_M_arr_5 + unit reads intP_intM_arr_5 writes intP_intM_arr_5 { (JC_42: (forall i:int. (forall j:int. ((le_int((0), i) - and (le_int(i, j) and lt_int(j, integer_of_uint32(len@)))) -> - le_int(integer_of_int32(select(int_P_int_M_arr_5, shift(arr@, i))), - integer_of_int32(select(int_P_int_M_arr_5, shift(arr@, j)))))))) } + and (le_int(i, j) and lt_int(j, integer_of_uint32(len)))) -> + le_int(integer_of_int32(select(intP_intM_arr_5, shift(arr, i))), + integer_of_int32(select(intP_intM_arr_5, shift(arr, j)))))))) } parameter insert : u_0:Heap pointer -> @@ -1878,8 +1835,8 @@ Heap_u_0_3_alloc_table:Heap alloc_table -> { } unit writes Heap_x_u_0_3 { (JC_18: - not_assigns(Heap_u_0_3_alloc_table@, Heap_x_u_0_3@, Heap_x_u_0_3, - pset_singleton(u_0@))) } + not_assigns(Heap_u_0_3_alloc_table, Heap_x_u_0_3@, Heap_x_u_0_3, + pset_singleton(u_0))) } parameter insert_requires : u_0:Heap pointer -> @@ -1888,8 +1845,8 @@ Heap_u_0_3_alloc_table:Heap alloc_table -> { } unit writes Heap_x_u_0_3 { (JC_18: - not_assigns(Heap_u_0_3_alloc_table@, Heap_x_u_0_3@, Heap_x_u_0_3, - pset_singleton(u_0@))) } + not_assigns(Heap_u_0_3_alloc_table, Heap_x_u_0_3@, Heap_x_u_0_3, + pset_singleton(u_0))) } parameter int32_of_integer_ : x:int -> @@ -1920,12 +1877,12 @@ { eq_int(integer_of_uint32(result), x) } let heap_sort_ensures_default = - fun (arr : int_P pointer) (len : uint32) (int_P_int_M_arr_5 : (int_P, int32) memory ref) (int_P_arr_5_alloc_table : int_P alloc_table) -> + fun (arr : intP pointer) (len : uint32) (intP_intM_arr_5 : (intP, int32) memory ref) (intP_arr_5_alloc_table : intP alloc_table) -> { (JC_39: ((JC_36: ge_int(integer_of_uint32(len), (0))) - and ((JC_37: le_int(offset_min(int_P_arr_5_alloc_table, arr), (0))) + and ((JC_37: le_int(offset_min(intP_arr_5_alloc_table, arr), (0))) and (JC_38: - ge_int(offset_max(int_P_arr_5_alloc_table, arr), + ge_int(offset_max(intP_arr_5_alloc_table, arr), sub_int(integer_of_uint32(len), (1))))))) } (init: try @@ -1935,10 +1892,8 @@ (let i_0 = ref (any_uint32 void) in (let h = ref (any_pointer void) in try - (let jessie_ = begin try - (let jessie_ = (C_5: (C_6: begin @@ -1957,30 +1912,26 @@ begin [ { } unit { true } ]; try - (let jessie_ = begin (let jessie_ = (C_13: (C_16: begin (if ((lt_int_ (integer_of_uint32 !i_0)) (integer_of_uint32 len)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = !h in (let jessie_ = (C_12: - ((safe_acc_ !int_P_int_M_arr_5) (C_11: - ((shift arr) (integer_of_uint32 !i_0))))) in + ((safe_acc_ !intP_intM_arr_5) (C_11: + ((shift arr) (integer_of_uint32 !i_0))))) in (JC_73: ((((insert jessie_) jessie_) Heap_x_h_6) Heap_h_6_alloc_table)))); (i_0 := (C_15: (safe_uint32_of_integer_ (C_14: ((add_int (integer_of_uint32 !i_0)) (1)))))); - !i_0 end)) in void); (raise (Loop_continue_exc void)) end in - void) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + !i_0 end)) in void); (raise (Loop_continue_exc void)) end + with Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (while_0_break: (C_17: @@ -1998,17 +1949,13 @@ begin [ { } unit { true } ]; try - (let jessie_ = begin (let jessie_ = (C_25: (C_28: begin (if ((lt_int_ (integer_of_uint32 !i_0)) (integer_of_uint32 len)) - then void - else - (let jessie_ = (raise (Goto_while_1_break_exc void)) in - void)); + then void else (raise (Goto_while_1_break_exc void))); (let jessie_ = (let jessie_ = (C_22: @@ -2016,14 +1963,14 @@ (let jessie_ = arr in (let jessie_ = (integer_of_uint32 !i_0) in (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ int_P_int_M_arr_5) jessie_) jessie_))))) in + (((safe_upd_ intP_intM_arr_5) jessie_) jessie_))))) in void); (i_0 := (C_27: (safe_uint32_of_integer_ (C_26: ((add_int (integer_of_uint32 !i_0)) (1)))))); - !i_0 end)) in void); (raise (Loop_continue_exc void)) end in - void) with Loop_continue_exc jessie_ -> void end end done) end)) end; - (raise (Goto_while_1_break_exc void)) end in void) with + !i_0 end)) in void); (raise (Loop_continue_exc void)) end + with Loop_continue_exc jessie_ -> void end end done) end)) end; + (raise (Goto_while_1_break_exc void)) end with Goto_while_1_break_exc jessie_ -> (while_1_break: begin void; (raise Return) end) end)))); (raise Return) end with Return -> void end) @@ -2031,17 +1978,17 @@ (forall i:int. (forall j:int. ((le_int((0), i) - and (le_int(i, j) and lt_int(j, integer_of_uint32(len@)))) -> - le_int(integer_of_int32(select(int_P_int_M_arr_5, shift(arr@, i))), - integer_of_int32(select(int_P_int_M_arr_5, shift(arr@, j)))))))) } + and (le_int(i, j) and lt_int(j, integer_of_uint32(len)))) -> + le_int(integer_of_int32(select(intP_intM_arr_5, shift(arr, i))), + integer_of_int32(select(intP_intM_arr_5, shift(arr, j)))))))) } let heap_sort_safety = - fun (arr : int_P pointer) (len : uint32) (int_P_int_M_arr_5 : (int_P, int32) memory ref) (int_P_arr_5_alloc_table : int_P alloc_table) -> + fun (arr : intP pointer) (len : uint32) (intP_intM_arr_5 : (intP, int32) memory ref) (intP_arr_5_alloc_table : intP alloc_table) -> { (JC_39: ((JC_36: ge_int(integer_of_uint32(len), (0))) - and ((JC_37: le_int(offset_min(int_P_arr_5_alloc_table, arr), (0))) + and ((JC_37: le_int(offset_min(intP_arr_5_alloc_table, arr), (0))) and (JC_38: - ge_int(offset_max(int_P_arr_5_alloc_table, arr), + ge_int(offset_max(intP_arr_5_alloc_table, arr), sub_int(integer_of_uint32(len), (1))))))) } (init: try @@ -2051,10 +1998,8 @@ (let i_0 = ref (any_uint32 void) in (let h = ref (any_pointer void) in try - (let jessie_ = begin try - (let jessie_ = (C_5: (C_6: begin @@ -2075,22 +2020,18 @@ and (JC_47: le_int(integer_of_uint32(i_0), integer_of_uint32(len))))) } ]; try - (let jessie_ = begin (let jessie_ = (C_13: (C_16: begin (if ((lt_int_ (integer_of_uint32 !i_0)) (integer_of_uint32 len)) - then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); + then void else (raise (Goto_while_0_break_exc void))); (let jessie_ = !h in (let jessie_ = (C_12: (JC_52: - ((((offset_acc_ int_P_arr_5_alloc_table) !int_P_int_M_arr_5) arr) + ((((offset_acc_ intP_arr_5_alloc_table) !intP_intM_arr_5) arr) (integer_of_uint32 !i_0)))) in (JC_53: ((((insert_requires jessie_) jessie_) Heap_x_h_6) Heap_h_6_alloc_table)))); @@ -2098,9 +2039,9 @@ (JC_54: (uint32_of_integer_ (C_14: ((add_int (integer_of_uint32 !i_0)) (1))))))); - !i_0 end)) in void); (raise (Loop_continue_exc void)) end in - void) with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end)) in void) with + !i_0 end)) in void); (raise (Loop_continue_exc void)) end + with Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end)) with Goto_while_0_break_exc jessie_ -> (while_0_break: (C_17: @@ -2119,17 +2060,13 @@ and (JC_57: le_int(integer_of_uint32(i_0), integer_of_uint32(len))))) } ]; try - (let jessie_ = begin (let jessie_ = (C_25: (C_28: begin (if ((lt_int_ (integer_of_uint32 !i_0)) (integer_of_uint32 len)) - then void - else - (let jessie_ = (raise (Goto_while_1_break_exc void)) in - void)); + then void else (raise (Goto_while_1_break_exc void))); (let jessie_ = (let jessie_ = (C_22: @@ -2139,15 +2076,15 @@ (let jessie_ = (integer_of_uint32 !i_0) in (let jessie_ = ((shift jessie_) jessie_) in (JC_63: - (((((offset_upd_ int_P_arr_5_alloc_table) int_P_int_M_arr_5) jessie_) jessie_) jessie_)))))) in + (((((offset_upd_ intP_arr_5_alloc_table) intP_intM_arr_5) jessie_) jessie_) jessie_)))))) in void); (i_0 := (C_27: (JC_64: (uint32_of_integer_ (C_26: ((add_int (integer_of_uint32 !i_0)) (1))))))); - !i_0 end)) in void); (raise (Loop_continue_exc void)) end in - void) with Loop_continue_exc jessie_ -> void end end done) end)) end; - (raise (Goto_while_1_break_exc void)) end in void) with + !i_0 end)) in void); (raise (Loop_continue_exc void)) end + with Loop_continue_exc jessie_ -> void end end done) end)) end; + (raise (Goto_while_1_break_exc void)) end with Goto_while_1_break_exc jessie_ -> (while_1_break: begin void; (raise Return) end) end)))); (raise Return) end with Return -> void end) { true } @@ -2158,9 +2095,9 @@ (init: try begin - (let int_P_int_M_arr_0_8 = ref (any_memory void) in - (let int_P_arr_0_8_tag_table = ref (any_tag_table void) in - (let int_P_arr_0_8_alloc_table = ref (any_alloc_table void) in + (let intP_intM_arr_0_8 = ref (any_memory void) in + (let intP_arr_0_8_tag_table = ref (any_tag_table void) in + (let intP_arr_0_8_alloc_table = ref (any_alloc_table void) in (let arr_0 = ref (any_pointer void) in (C_35: (C_37: @@ -2172,7 +2109,7 @@ (let jessie_ = (arr_0 := (C_34: (JC_99: - (((alloc_struct_int_P (3)) int_P_arr_0_8_alloc_table) int_P_arr_0_8_tag_table)))) in + (((alloc_struct_intP (3)) intP_arr_0_8_alloc_table) intP_arr_0_8_tag_table)))) in void); (let jessie_ = (safe_int32_of_integer_ (42)) in (let jessie_ = !arr_0 in @@ -2184,44 +2121,38 @@ (let jessie_ = !arr_0 in (let jessie_ = (2) in (let jessie_ = ((shift jessie_) jessie_) in - [ { } unit reads int_P_arr_0_8_alloc_table,int_P_int_M_arr_0_8 - writes int_P_int_M_arr_0_8 - { (not_assigns(int_P_arr_0_8_alloc_table, int_P_int_M_arr_0_8@, - int_P_int_M_arr_0_8, + [ { } unit reads intP_arr_0_8_alloc_table,intP_intM_arr_0_8 + writes intP_intM_arr_0_8 + { (not_assigns(intP_arr_0_8_alloc_table, intP_intM_arr_0_8@, + intP_intM_arr_0_8, pset_range(pset_singleton(jessie_), (0), (2))) - and ((select(int_P_int_M_arr_0_8, shift(jessie_, (0))) = jessie_) - and ((select(int_P_int_M_arr_0_8, shift(jessie_, (1))) = jessie_) - and (select(int_P_int_M_arr_0_8, shift(jessie_, (2))) = jessie_)))) } ])))))))))); + and ((select(intP_intM_arr_0_8, shift(jessie_, (0))) = jessie_) + and ((select(intP_intM_arr_0_8, shift(jessie_, (1))) = jessie_) + and (select(intP_intM_arr_0_8, shift(jessie_, (2))) = jessie_)))) } ])))))))))); (let jessie_ = !arr_0 in (let jessie_ = (safe_uint32_of_integer_ (3)) in (JC_100: - ((((heap_sort jessie_) jessie_) int_P_int_M_arr_0_8) !int_P_arr_0_8_alloc_table)))); + ((((heap_sort jessie_) jessie_) intP_intM_arr_0_8) !intP_arr_0_8_alloc_table)))); (assert { (JC_103: ((JC_101: - le_int(integer_of_int32(select(int_P_int_M_arr_0_8, - shift(arr_0, (0)))), - integer_of_int32(select(int_P_int_M_arr_0_8, shift(arr_0, (1)))))) + le_int(integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (0)))), + integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (1)))))) and (JC_102: - le_int(integer_of_int32(select(int_P_int_M_arr_0_8, + le_int(integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (1)))), - integer_of_int32(select(int_P_int_M_arr_0_8, shift(arr_0, (2)))))))) }; + integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (2)))))))) }; void); void; (assert { (JC_107: ((JC_104: - eq_int(integer_of_int32(select(int_P_int_M_arr_0_8, - shift(arr_0, (0)))), - (13))) + (integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (0)))) = (13))) and ((JC_105: - eq_int(integer_of_int32(select(int_P_int_M_arr_0_8, - shift(arr_0, (1)))), - (42))) + (integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (1)))) = (42))) and (JC_106: - eq_int(integer_of_int32(select(int_P_int_M_arr_0_8, - shift(arr_0, (2)))), - (42)))))) }; void); void; - ((safe_free_parameter int_P_arr_0_8_alloc_table) !arr_0); + (integer_of_int32(select(intP_intM_arr_0_8, + shift(arr_0, (2)))) = (42)))))) }; void); + void; ((safe_free_parameter intP_arr_0_8_alloc_table) !arr_0); (raise Return) end)))))))))); (raise Return) end with Return -> void end) { (JC_85: true) } @@ -2231,9 +2162,9 @@ (init: try begin - (let int_P_int_M_arr_0_8 = ref (any_memory void) in - (let int_P_arr_0_8_tag_table = ref (any_tag_table void) in - (let int_P_arr_0_8_alloc_table = ref (any_alloc_table void) in + (let intP_intM_arr_0_8 = ref (any_memory void) in + (let intP_arr_0_8_tag_table = ref (any_tag_table void) in + (let intP_arr_0_8_alloc_table = ref (any_alloc_table void) in (let arr_0 = ref (any_pointer void) in (C_35: (C_37: @@ -2246,10 +2177,10 @@ (arr_0 := (let jessie_ = (C_34: (JC_89: - (((alloc_struct_int_P_requires (3)) int_P_arr_0_8_alloc_table) int_P_arr_0_8_tag_table))) in + (((alloc_struct_intP_requires (3)) intP_arr_0_8_alloc_table) intP_arr_0_8_tag_table))) in (JC_90: (assert - { ge_int(offset_max(int_P_arr_0_8_alloc_table, jessie_), + { ge_int(offset_max(intP_arr_0_8_alloc_table, jessie_), (2)) }; jessie_)))) in void); (let jessie_ = (safe_int32_of_integer_ (42)) in (let jessie_ = !arr_0 in @@ -2261,45 +2192,41 @@ (let jessie_ = !arr_0 in (let jessie_ = (2) in (let jessie_ = ((shift jessie_) jessie_) in - [ { } unit reads int_P_arr_0_8_alloc_table,int_P_int_M_arr_0_8 - writes int_P_int_M_arr_0_8 - { (not_assigns(int_P_arr_0_8_alloc_table, int_P_int_M_arr_0_8@, - int_P_int_M_arr_0_8, + [ { } unit reads intP_arr_0_8_alloc_table,intP_intM_arr_0_8 + writes intP_intM_arr_0_8 + { (not_assigns(intP_arr_0_8_alloc_table, intP_intM_arr_0_8@, + intP_intM_arr_0_8, pset_range(pset_singleton(jessie_), (0), (2))) - and ((select(int_P_int_M_arr_0_8, shift(jessie_, (0))) = jessie_) - and ((select(int_P_int_M_arr_0_8, shift(jessie_, (1))) = jessie_) - and (select(int_P_int_M_arr_0_8, shift(jessie_, (2))) = jessie_)))) } ])))))))))); + and ((select(intP_intM_arr_0_8, shift(jessie_, (0))) = jessie_) + and ((select(intP_intM_arr_0_8, shift(jessie_, (1))) = jessie_) + and (select(intP_intM_arr_0_8, shift(jessie_, (2))) = jessie_)))) } ])))))))))); (let jessie_ = !arr_0 in (let jessie_ = (safe_uint32_of_integer_ (3)) in (JC_91: - ((((heap_sort_requires jessie_) jessie_) int_P_int_M_arr_0_8) !int_P_arr_0_8_alloc_table)))); - [ { } unit reads arr_0,int_P_int_M_arr_0_8 + ((((heap_sort_requires jessie_) jessie_) intP_intM_arr_0_8) !intP_arr_0_8_alloc_table)))); + [ { } unit reads arr_0,intP_intM_arr_0_8 { (JC_94: ((JC_92: - le_int(integer_of_int32(select(int_P_int_M_arr_0_8, + le_int(integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (0)))), - integer_of_int32(select(int_P_int_M_arr_0_8, shift(arr_0, (1)))))) + integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (1)))))) and (JC_93: - le_int(integer_of_int32(select(int_P_int_M_arr_0_8, + le_int(integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (1)))), - integer_of_int32(select(int_P_int_M_arr_0_8, shift(arr_0, (2)))))))) } ]; + integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (2)))))))) } ]; void; - [ { } unit reads arr_0,int_P_int_M_arr_0_8 + [ { } unit reads arr_0,intP_intM_arr_0_8 { (JC_98: ((JC_95: - eq_int(integer_of_int32(select(int_P_int_M_arr_0_8, - shift(arr_0, (0)))), - (13))) + (integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (0)))) = (13))) and ((JC_96: - eq_int(integer_of_int32(select(int_P_int_M_arr_0_8, - shift(arr_0, (1)))), - (42))) + (integer_of_int32(select(intP_intM_arr_0_8, shift(arr_0, (1)))) = (42))) and (JC_97: - eq_int(integer_of_int32(select(int_P_int_M_arr_0_8, - shift(arr_0, (2)))), - (42)))))) } ]; void; - ((free_parameter int_P_arr_0_8_alloc_table) !arr_0); (raise Return) end)))))))))); - (raise Return) end with Return -> void end) { true } + (integer_of_int32(select(intP_intM_arr_0_8, + shift(arr_0, (2)))) = (42)))))) } ]; + void; ((free_parameter intP_arr_0_8_alloc_table) !arr_0); + (raise Return) end)))))))))); (raise Return) end with Return -> + void end) { true } ========== generation of alt-ergo VC output ========== @@ -3236,19 +3163,19 @@ type Heap -type char_P +type charP type int32 type int8 -type int_P +type intP type padding type uint32 -type void_P +type voidP logic Heap_tag : Heap tag_id @@ -3266,22 +3193,22 @@ (forall Heap_tag_table:Heap tag_table. instanceof(Heap_tag_table, x, Heap_tag))) -logic char_P_tag : char_P tag_id +logic charP_tag : charP tag_id -axiom char_P_int: (int_of_tag(char_P_tag) = 1) +axiom charP_int: (int_of_tag(charP_tag) = 1) -logic char_P_of_pointer_address : unit pointer -> char_P pointer +logic charP_of_pointer_address : unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr: - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom: parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) -axiom char_P_tags: - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. instanceof(char_P_tag_table, - x, char_P_tag))) +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) logic integer_of_int32 : int32 -> int @@ -3305,6 +3232,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -3317,73 +3249,74 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_int8(int8_of_integer(x)) = x))) +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + axiom int8_range: (forall x:int8. (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) -logic int_P_tag : int_P tag_id +logic intP_tag : intP tag_id -axiom int_P_int: (int_of_tag(int_P_tag) = 1) +axiom intP_int: (int_of_tag(intP_tag) = 1) -logic int_P_of_pointer_address : unit pointer -> int_P pointer +logic intP_of_pointer_address : unit pointer -> intP pointer -axiom int_P_of_pointer_address_of_pointer_addr: - (forall p:int_P pointer. - (p = int_P_of_pointer_address(pointer_address(p)))) +axiom intP_of_pointer_address_of_pointer_addr: + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) -axiom int_P_parenttag_bottom: parenttag(int_P_tag, bottom_tag) +axiom intP_parenttag_bottom: parenttag(intP_tag, bottom_tag) -axiom int_P_tags: - (forall x:int_P pointer. - (forall int_P_tag_table:int_P tag_table. instanceof(int_P_tag_table, x, - int_P_tag))) +axiom intP_tags: + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. instanceof(intP_tag_table, x, + intP_tag))) predicate left_valid_struct_Heap(p: Heap pointer, a: int, Heap_alloc_table: Heap alloc_table) = (offset_min(Heap_alloc_table, p) <= a) -predicate left_valid_struct_char_P(p: char_P pointer, a: int, - char_P_alloc_table: char_P alloc_table) = (offset_min(char_P_alloc_table, +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, p) <= a) -predicate left_valid_struct_int_P(p: int_P pointer, a: int, - int_P_alloc_table: int_P alloc_table) = (offset_min(int_P_alloc_table, +predicate left_valid_struct_intP(p: intP pointer, a: int, + intP_alloc_table: intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) -predicate left_valid_struct_void_P(p: void_P pointer, a: int, - void_P_alloc_table: void_P alloc_table) = (offset_min(void_P_alloc_table, +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, p) <= a) axiom pointer_addr_of_Heap_of_pointer_address: (forall p:unit pointer. (p = pointer_address(Heap_of_pointer_address(p)))) -axiom pointer_addr_of_char_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(char_P_of_pointer_address(p)))) - -axiom pointer_addr_of_int_P_of_pointer_address: - (forall p:unit pointer. (p = pointer_address(int_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address : unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) predicate right_valid_struct_Heap(p: Heap pointer, b: int, Heap_alloc_table: Heap alloc_table) = (offset_max(Heap_alloc_table, p) >= b) -predicate right_valid_struct_char_P(p: char_P pointer, b: int, - char_P_alloc_table: char_P alloc_table) = (offset_max(char_P_alloc_table, +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, p) >= b) -predicate right_valid_struct_int_P(p: int_P pointer, b: int, - int_P_alloc_table: int_P alloc_table) = (offset_max(int_P_alloc_table, +predicate right_valid_struct_intP(p: intP pointer, b: int, + intP_alloc_table: intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) -predicate right_valid_struct_void_P(p: void_P pointer, b: int, - void_P_alloc_table: void_P alloc_table) = (offset_max(void_P_alloc_table, +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, p) >= b) predicate strict_valid_root_Heap(p: Heap pointer, a: int, b: int, @@ -3391,40 +3324,40 @@ ((offset_min(Heap_alloc_table, p) = a) and (offset_max(Heap_alloc_table, p) = b)) -predicate strict_valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) and (offset_max(int_P_alloc_table, +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, p) = b)) -predicate strict_valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) predicate strict_valid_struct_Heap(p: Heap pointer, a: int, b: int, Heap_alloc_table: Heap alloc_table) = ((offset_min(Heap_alloc_table, p) = a) and (offset_max(Heap_alloc_table, p) = b)) -predicate strict_valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) and (offset_max(int_P_alloc_table, +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, p) = b)) -predicate strict_valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) +predicate strict_valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) logic uint32_of_integer : int -> uint32 @@ -3433,93 +3366,78 @@ (((0 <= x) and (x <= 4294967295)) -> (integer_of_uint32(uint32_of_integer(x)) = x))) +axiom uint32_extensionality: + (forall x:uint32. + (forall y:uint32. + ((integer_of_uint32(x) = integer_of_uint32(y)) -> (x = y)))) + axiom uint32_range: (forall x:uint32. ((0 <= integer_of_uint32(x)) and (integer_of_uint32(x) <= 4294967295))) -predicate valid_bitvector_struct_Heap(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_int_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Heap(p: Heap pointer, a: int, b: int, Heap_alloc_table: Heap alloc_table) = ((offset_min(Heap_alloc_table, p) <= a) and (offset_max(Heap_alloc_table, p) >= b)) -predicate valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) and (offset_max(int_P_alloc_table, +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, p) >= b)) -predicate valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) +predicate valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) predicate valid_struct_Heap(p: Heap pointer, a: int, b: int, Heap_alloc_table: Heap alloc_table) = ((offset_min(Heap_alloc_table, p) <= a) and (offset_max(Heap_alloc_table, p) >= b)) -predicate valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) and (offset_max(int_P_alloc_table, +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, p) >= b)) -predicate valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) +predicate valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) -logic void_P_tag : void_P tag_id +logic voidP_tag : voidP tag_id -axiom void_P_int: (int_of_tag(void_P_tag) = 1) +axiom voidP_int: (int_of_tag(voidP_tag) = 1) -axiom void_P_of_pointer_address_of_pointer_addr: - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) -axiom void_P_parenttag_bottom: parenttag(void_P_tag, bottom_tag) +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) -axiom void_P_tags: - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. instanceof(void_P_tag_table, - x, void_P_tag))) +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) goal heap_sort_ensures_default_po_1: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -3528,16 +3446,16 @@ (integer_of_uint32(result1) = 0) -> forall i_0:uint32. (i_0 = result1) -> - ("JC_69": ("JC_67": ("JC_67": (0 <= integer_of_uint32(i_0))))) + ("JC_69": ("JC_67": (0 <= integer_of_uint32(i_0)))) goal heap_sort_ensures_default_po_2: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -3546,19 +3464,18 @@ (integer_of_uint32(result1) = 0) -> forall i_0:uint32. (i_0 = result1) -> - ("JC_69": - ("JC_68": ("JC_68": (integer_of_uint32(i_0) <= integer_of_uint32(len))))) + ("JC_69": ("JC_68": (integer_of_uint32(i_0) <= integer_of_uint32(len)))) goal heap_sort_ensures_default_po_3: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. - forall int_P_int_M_arr_5:(int_P, + forall intP_arr_5_alloc_table:intP alloc_table. + forall intP_intM_arr_5:(intP, int32) memory. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result:Heap alloc_table. forall result0:Heap pointer. @@ -3576,7 +3493,7 @@ ("JC_68": (integer_of_uint32(i_0_0) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_0) < integer_of_uint32(len)) -> forall result2:int32. - (result2 = select(int_P_int_M_arr_5, shift(arr, + (result2 = select(intP_intM_arr_5, shift(arr, integer_of_uint32(i_0_0)))) -> forall Heap_x_h_6_0:(Heap, int32) memory. @@ -3585,18 +3502,18 @@ (integer_of_uint32(result3) = (integer_of_uint32(i_0_0) + 1)) -> forall i_0_1:uint32. (i_0_1 = result3) -> - ("JC_69": ("JC_67": ("JC_67": (0 <= integer_of_uint32(i_0_1))))) + ("JC_69": ("JC_67": (0 <= integer_of_uint32(i_0_1)))) goal heap_sort_ensures_default_po_4: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. - forall int_P_int_M_arr_5:(int_P, + forall intP_arr_5_alloc_table:intP alloc_table. + forall intP_intM_arr_5:(intP, int32) memory. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result:Heap alloc_table. forall result0:Heap pointer. @@ -3614,7 +3531,7 @@ ("JC_68": (integer_of_uint32(i_0_0) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_0) < integer_of_uint32(len)) -> forall result2:int32. - (result2 = select(int_P_int_M_arr_5, shift(arr, + (result2 = select(intP_intM_arr_5, shift(arr, integer_of_uint32(i_0_0)))) -> forall Heap_x_h_6_0:(Heap, int32) memory. @@ -3623,17 +3540,16 @@ (integer_of_uint32(result3) = (integer_of_uint32(i_0_0) + 1)) -> forall i_0_1:uint32. (i_0_1 = result3) -> - ("JC_69": - ("JC_68": ("JC_68": (integer_of_uint32(i_0_1) <= integer_of_uint32(len))))) + ("JC_69": ("JC_68": (integer_of_uint32(i_0_1) <= integer_of_uint32(len)))) goal heap_sort_ensures_default_po_5: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -3651,16 +3567,16 @@ (integer_of_uint32(result2) = 0) -> forall i_0_1:uint32. (i_0_1 = result2) -> - ("JC_76": ("JC_74": ("JC_74": (0 <= integer_of_uint32(i_0_1))))) + ("JC_76": ("JC_74": (0 <= integer_of_uint32(i_0_1)))) goal heap_sort_ensures_default_po_6: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -3678,17 +3594,16 @@ (integer_of_uint32(result2) = 0) -> forall i_0_1:uint32. (i_0_1 = result2) -> - ("JC_76": - ("JC_75": ("JC_75": (integer_of_uint32(i_0_1) <= integer_of_uint32(len))))) + ("JC_76": ("JC_75": (integer_of_uint32(i_0_1) <= integer_of_uint32(len)))) goal heap_sort_ensures_default_po_7: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -3707,31 +3622,31 @@ forall i_0_1:uint32. (i_0_1 = result2) -> forall i_0_2:uint32. - forall int_P_int_M_arr_5_0:(int_P, + forall intP_intM_arr_5_0:(intP, int32) memory. ("JC_76": (("JC_74": (0 <= integer_of_uint32(i_0_2))) and ("JC_75": (integer_of_uint32(i_0_2) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_2) < integer_of_uint32(len)) -> forall result3:int32. - forall int_P_int_M_arr_5_1:(int_P, + forall intP_intM_arr_5_1:(intP, int32) memory. - (int_P_int_M_arr_5_1 = store(int_P_int_M_arr_5_0, shift(arr, + (intP_intM_arr_5_1 = store(intP_intM_arr_5_0, shift(arr, integer_of_uint32(i_0_2)), result3)) -> forall result4:uint32. (integer_of_uint32(result4) = (integer_of_uint32(i_0_2) + 1)) -> forall i_0_3:uint32. (i_0_3 = result4) -> - ("JC_76": ("JC_74": ("JC_74": (0 <= integer_of_uint32(i_0_3))))) + ("JC_76": ("JC_74": (0 <= integer_of_uint32(i_0_3)))) goal heap_sort_ensures_default_po_8: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -3750,32 +3665,31 @@ forall i_0_1:uint32. (i_0_1 = result2) -> forall i_0_2:uint32. - forall int_P_int_M_arr_5_0:(int_P, + forall intP_intM_arr_5_0:(intP, int32) memory. ("JC_76": (("JC_74": (0 <= integer_of_uint32(i_0_2))) and ("JC_75": (integer_of_uint32(i_0_2) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_2) < integer_of_uint32(len)) -> forall result3:int32. - forall int_P_int_M_arr_5_1:(int_P, + forall intP_intM_arr_5_1:(intP, int32) memory. - (int_P_int_M_arr_5_1 = store(int_P_int_M_arr_5_0, shift(arr, + (intP_intM_arr_5_1 = store(intP_intM_arr_5_0, shift(arr, integer_of_uint32(i_0_2)), result3)) -> forall result4:uint32. (integer_of_uint32(result4) = (integer_of_uint32(i_0_2) + 1)) -> forall i_0_3:uint32. (i_0_3 = result4) -> - ("JC_76": - ("JC_75": ("JC_75": (integer_of_uint32(i_0_3) <= integer_of_uint32(len))))) + ("JC_76": ("JC_75": (integer_of_uint32(i_0_3) <= integer_of_uint32(len)))) goal heap_sort_ensures_default_po_9: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -3794,7 +3708,7 @@ forall i_0_1:uint32. (i_0_1 = result2) -> forall i_0_2:uint32. - forall int_P_int_M_arr_5_0:(int_P, + forall intP_intM_arr_5_0:(intP, int32) memory. ("JC_76": (("JC_74": (0 <= integer_of_uint32(i_0_2))) and @@ -3803,17 +3717,17 @@ forall i:int. forall j:int. ((0 <= i) and ((i <= j) and (j < integer_of_uint32(len)))) -> - ("JC_41": (integer_of_int32(select(int_P_int_M_arr_5_0, shift(arr, - i))) <= integer_of_int32(select(int_P_int_M_arr_5_0, shift(arr, j))))) + ("JC_41": (integer_of_int32(select(intP_intM_arr_5_0, shift(arr, + i))) <= integer_of_int32(select(intP_intM_arr_5_0, shift(arr, j))))) goal heap_sort_safety_po_1: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -3828,16 +3742,16 @@ (("JC_46": (0 <= integer_of_uint32(i_0_0))) and ("JC_47": (integer_of_uint32(i_0_0) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_0) < integer_of_uint32(len)) -> - (offset_min(int_P_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_0)) + (offset_min(intP_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_0)) goal heap_sort_safety_po_2: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -3852,18 +3766,18 @@ (("JC_46": (0 <= integer_of_uint32(i_0_0))) and ("JC_47": (integer_of_uint32(i_0_0) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_0) < integer_of_uint32(len)) -> - (integer_of_uint32(i_0_0) <= offset_max(int_P_arr_5_alloc_table, arr)) + (integer_of_uint32(i_0_0) <= offset_max(intP_arr_5_alloc_table, arr)) goal heap_sort_safety_po_3: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. - forall int_P_int_M_arr_5:(int_P, + forall intP_arr_5_alloc_table:intP alloc_table. + forall intP_intM_arr_5:(intP, int32) memory. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result:Heap alloc_table. forall result0:Heap pointer. @@ -3881,10 +3795,10 @@ (("JC_46": (0 <= integer_of_uint32(i_0_0))) and ("JC_47": (integer_of_uint32(i_0_0) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_0) < integer_of_uint32(len)) -> - ((offset_min(int_P_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_arr_5_alloc_table, arr))) -> + ((offset_min(intP_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_0)) and + (integer_of_uint32(i_0_0) <= offset_max(intP_arr_5_alloc_table, arr))) -> forall result2:int32. - (result2 = select(int_P_int_M_arr_5, shift(arr, + (result2 = select(intP_intM_arr_5, shift(arr, integer_of_uint32(i_0_0)))) -> forall Heap_x_h_6_0:(Heap, int32) memory. @@ -3892,15 +3806,15 @@ (0 <= (integer_of_uint32(i_0_0) + 1)) goal heap_sort_safety_po_4: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. - forall int_P_int_M_arr_5:(int_P, + forall intP_arr_5_alloc_table:intP alloc_table. + forall intP_intM_arr_5:(intP, int32) memory. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result:Heap alloc_table. forall result0:Heap pointer. @@ -3918,10 +3832,10 @@ (("JC_46": (0 <= integer_of_uint32(i_0_0))) and ("JC_47": (integer_of_uint32(i_0_0) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_0) < integer_of_uint32(len)) -> - ((offset_min(int_P_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_arr_5_alloc_table, arr))) -> + ((offset_min(intP_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_0)) and + (integer_of_uint32(i_0_0) <= offset_max(intP_arr_5_alloc_table, arr))) -> forall result2:int32. - (result2 = select(int_P_int_M_arr_5, shift(arr, + (result2 = select(intP_intM_arr_5, shift(arr, integer_of_uint32(i_0_0)))) -> forall Heap_x_h_6_0:(Heap, int32) memory. @@ -3929,15 +3843,15 @@ ((integer_of_uint32(i_0_0) + 1) <= 4294967295) goal heap_sort_safety_po_5: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. - forall int_P_int_M_arr_5:(int_P, + forall intP_arr_5_alloc_table:intP alloc_table. + forall intP_intM_arr_5:(intP, int32) memory. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result:Heap alloc_table. forall result0:Heap pointer. @@ -3955,10 +3869,10 @@ (("JC_46": (0 <= integer_of_uint32(i_0_0))) and ("JC_47": (integer_of_uint32(i_0_0) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_0) < integer_of_uint32(len)) -> - ((offset_min(int_P_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_arr_5_alloc_table, arr))) -> + ((offset_min(intP_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_0)) and + (integer_of_uint32(i_0_0) <= offset_max(intP_arr_5_alloc_table, arr))) -> forall result2:int32. - (result2 = select(int_P_int_M_arr_5, shift(arr, + (result2 = select(intP_intM_arr_5, shift(arr, integer_of_uint32(i_0_0)))) -> forall Heap_x_h_6_0:(Heap, int32) memory. @@ -3972,15 +3886,15 @@ (0 <= ("JC_55": (integer_of_uint32(len) - integer_of_uint32(i_0_0)))) goal heap_sort_safety_po_6: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. - forall int_P_int_M_arr_5:(int_P, + forall intP_arr_5_alloc_table:intP alloc_table. + forall intP_intM_arr_5:(intP, int32) memory. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result:Heap alloc_table. forall result0:Heap pointer. @@ -3998,10 +3912,10 @@ (("JC_46": (0 <= integer_of_uint32(i_0_0))) and ("JC_47": (integer_of_uint32(i_0_0) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_0) < integer_of_uint32(len)) -> - ((offset_min(int_P_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_arr_5_alloc_table, arr))) -> + ((offset_min(intP_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_0)) and + (integer_of_uint32(i_0_0) <= offset_max(intP_arr_5_alloc_table, arr))) -> forall result2:int32. - (result2 = select(int_P_int_M_arr_5, shift(arr, + (result2 = select(intP_intM_arr_5, shift(arr, integer_of_uint32(i_0_0)))) -> forall Heap_x_h_6_0:(Heap, int32) memory. @@ -4016,13 +3930,13 @@ (integer_of_uint32(len) - integer_of_uint32(i_0_0)))) goal heap_sort_safety_po_7: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -4047,16 +3961,16 @@ (("JC_56": (0 <= integer_of_uint32(i_0_2))) and ("JC_57": (integer_of_uint32(i_0_2) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_2) < integer_of_uint32(len)) -> - (offset_min(int_P_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_2)) + (offset_min(intP_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_2)) goal heap_sort_safety_po_8: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -4081,16 +3995,16 @@ (("JC_56": (0 <= integer_of_uint32(i_0_2))) and ("JC_57": (integer_of_uint32(i_0_2) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_2) < integer_of_uint32(len)) -> - (integer_of_uint32(i_0_2) <= offset_max(int_P_arr_5_alloc_table, arr)) + (integer_of_uint32(i_0_2) <= offset_max(intP_arr_5_alloc_table, arr)) goal heap_sort_safety_po_9: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -4110,7 +4024,7 @@ forall i_0_1:uint32. (i_0_1 = result2) -> forall i_0_2:uint32. - forall int_P_int_M_arr_5_0:(int_P, + forall intP_intM_arr_5_0:(intP, int32) memory. ("JC_60": true) -> ("JC_58": @@ -4118,22 +4032,22 @@ ("JC_57": (integer_of_uint32(i_0_2) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_2) < integer_of_uint32(len)) -> forall result3:int32. - ((offset_min(int_P_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_2)) and - (integer_of_uint32(i_0_2) <= offset_max(int_P_arr_5_alloc_table, arr))) -> - forall int_P_int_M_arr_5_1:(int_P, + ((offset_min(intP_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_2)) and + (integer_of_uint32(i_0_2) <= offset_max(intP_arr_5_alloc_table, arr))) -> + forall intP_intM_arr_5_1:(intP, int32) memory. - (int_P_int_M_arr_5_1 = store(int_P_int_M_arr_5_0, shift(arr, + (intP_intM_arr_5_1 = store(intP_intM_arr_5_0, shift(arr, integer_of_uint32(i_0_2)), result3)) -> (0 <= (integer_of_uint32(i_0_2) + 1)) goal heap_sort_safety_po_10: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -4153,7 +4067,7 @@ forall i_0_1:uint32. (i_0_1 = result2) -> forall i_0_2:uint32. - forall int_P_int_M_arr_5_0:(int_P, + forall intP_intM_arr_5_0:(intP, int32) memory. ("JC_60": true) -> ("JC_58": @@ -4161,22 +4075,22 @@ ("JC_57": (integer_of_uint32(i_0_2) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_2) < integer_of_uint32(len)) -> forall result3:int32. - ((offset_min(int_P_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_2)) and - (integer_of_uint32(i_0_2) <= offset_max(int_P_arr_5_alloc_table, arr))) -> - forall int_P_int_M_arr_5_1:(int_P, + ((offset_min(intP_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_2)) and + (integer_of_uint32(i_0_2) <= offset_max(intP_arr_5_alloc_table, arr))) -> + forall intP_intM_arr_5_1:(intP, int32) memory. - (int_P_int_M_arr_5_1 = store(int_P_int_M_arr_5_0, shift(arr, + (intP_intM_arr_5_1 = store(intP_intM_arr_5_0, shift(arr, integer_of_uint32(i_0_2)), result3)) -> ((integer_of_uint32(i_0_2) + 1) <= 4294967295) goal heap_sort_safety_po_11: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -4196,7 +4110,7 @@ forall i_0_1:uint32. (i_0_1 = result2) -> forall i_0_2:uint32. - forall int_P_int_M_arr_5_0:(int_P, + forall intP_intM_arr_5_0:(intP, int32) memory. ("JC_60": true) -> ("JC_58": @@ -4204,11 +4118,11 @@ ("JC_57": (integer_of_uint32(i_0_2) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_2) < integer_of_uint32(len)) -> forall result3:int32. - ((offset_min(int_P_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_2)) and - (integer_of_uint32(i_0_2) <= offset_max(int_P_arr_5_alloc_table, arr))) -> - forall int_P_int_M_arr_5_1:(int_P, + ((offset_min(intP_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_2)) and + (integer_of_uint32(i_0_2) <= offset_max(intP_arr_5_alloc_table, arr))) -> + forall intP_intM_arr_5_1:(intP, int32) memory. - (int_P_int_M_arr_5_1 = store(int_P_int_M_arr_5_0, shift(arr, + (intP_intM_arr_5_1 = store(intP_intM_arr_5_0, shift(arr, integer_of_uint32(i_0_2)), result3)) -> ((0 <= (integer_of_uint32(i_0_2) + 1)) and ((integer_of_uint32(i_0_2) + 1) <= 4294967295)) -> @@ -4219,13 +4133,13 @@ (0 <= ("JC_65": (integer_of_uint32(len) - integer_of_uint32(i_0_2)))) goal heap_sort_safety_po_12: - forall arr:int_P pointer. + forall arr:intP pointer. forall len:uint32. - forall int_P_arr_5_alloc_table:int_P alloc_table. + forall intP_arr_5_alloc_table:intP alloc_table. ("JC_39": (("JC_36": (integer_of_uint32(len) >= 0)) and - (("JC_37": (offset_min(int_P_arr_5_alloc_table, arr) <= 0)) and - ("JC_38": (offset_max(int_P_arr_5_alloc_table, + (("JC_37": (offset_min(intP_arr_5_alloc_table, arr) <= 0)) and + ("JC_38": (offset_max(intP_arr_5_alloc_table, arr) >= (integer_of_uint32(len) - 1)))))) -> forall result0:Heap pointer. forall h:Heap pointer. @@ -4245,7 +4159,7 @@ forall i_0_1:uint32. (i_0_1 = result2) -> forall i_0_2:uint32. - forall int_P_int_M_arr_5_0:(int_P, + forall intP_intM_arr_5_0:(intP, int32) memory. ("JC_60": true) -> ("JC_58": @@ -4253,11 +4167,11 @@ ("JC_57": (integer_of_uint32(i_0_2) <= integer_of_uint32(len))))) -> (integer_of_uint32(i_0_2) < integer_of_uint32(len)) -> forall result3:int32. - ((offset_min(int_P_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_2)) and - (integer_of_uint32(i_0_2) <= offset_max(int_P_arr_5_alloc_table, arr))) -> - forall int_P_int_M_arr_5_1:(int_P, + ((offset_min(intP_arr_5_alloc_table, arr) <= integer_of_uint32(i_0_2)) and + (integer_of_uint32(i_0_2) <= offset_max(intP_arr_5_alloc_table, arr))) -> + forall intP_intM_arr_5_1:(intP, int32) memory. - (int_P_int_M_arr_5_1 = store(int_P_int_M_arr_5_0, shift(arr, + (intP_intM_arr_5_1 = store(intP_intM_arr_5_0, shift(arr, integer_of_uint32(i_0_2)), result3)) -> ((0 <= (integer_of_uint32(i_0_2) + 1)) and ((integer_of_uint32(i_0_2) + 1) <= 4294967295)) -> @@ -4270,18 +4184,18 @@ goal main_ensures_default_po_1: ("JC_84": true) -> - forall result:(int_P, + forall result:(intP, int32) memory. - forall result0:int_P alloc_table. - forall result1:int_P pointer. - forall int_P_arr_0_8_alloc_table:int_P alloc_table. - forall int_P_arr_0_8_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result1, 0, (3 - 1), - int_P_arr_0_8_alloc_table) and - (alloc_extends(result0, int_P_arr_0_8_alloc_table) and - (alloc_fresh(result0, result1, 3) and instanceof(int_P_arr_0_8_tag_table, - result1, int_P_tag)))) -> - forall arr_0:int_P pointer. + forall result0:intP alloc_table. + forall result1:intP pointer. + forall intP_arr_0_8_alloc_table:intP alloc_table. + forall intP_arr_0_8_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (3 - 1), + intP_arr_0_8_alloc_table) and + (alloc_extends(result0, intP_arr_0_8_alloc_table) and + (alloc_fresh(result0, result1, 3) and instanceof(intP_arr_0_8_tag_table, + result1, intP_tag)))) -> + forall arr_0:intP pointer. (arr_0 = result1) -> forall result2:int32. (integer_of_int32(result2) = 42) -> @@ -4289,43 +4203,42 @@ (integer_of_int32(result3) = 13) -> forall result4:int32. (integer_of_int32(result4) = 42) -> - forall int_P_int_M_arr_0_8:(int_P, + forall intP_intM_arr_0_8:(intP, int32) memory. - (not_assigns(int_P_arr_0_8_alloc_table, result, int_P_int_M_arr_0_8, + (not_assigns(intP_arr_0_8_alloc_table, result, intP_intM_arr_0_8, pset_range(pset_singleton(arr_0), 0, 2)) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 0)) = result2) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 1)) = result3) and - (select(int_P_int_M_arr_0_8, shift(arr_0, 2)) = result4)))) -> + ((select(intP_intM_arr_0_8, shift(arr_0, 0)) = result2) and + ((select(intP_intM_arr_0_8, shift(arr_0, 1)) = result3) and + (select(intP_intM_arr_0_8, shift(arr_0, 2)) = result4)))) -> forall result5:uint32. (integer_of_uint32(result5) = 3) -> - forall int_P_int_M_arr_0_8_0:(int_P, + forall intP_intM_arr_0_8_0:(intP, int32) memory. ("JC_42": (forall i:int. (forall j:int. (((0 <= i) and ((i <= j) and (j < integer_of_uint32(result5)))) -> - (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - i))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, + (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + i))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, j)))))))) -> ("JC_103": - ("JC_101": - ("JC_101": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 0))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, 1))))))) + ("JC_101": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 0))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 1)))))) goal main_ensures_default_po_2: ("JC_84": true) -> - forall result:(int_P, + forall result:(intP, int32) memory. - forall result0:int_P alloc_table. - forall result1:int_P pointer. - forall int_P_arr_0_8_alloc_table:int_P alloc_table. - forall int_P_arr_0_8_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result1, 0, (3 - 1), - int_P_arr_0_8_alloc_table) and - (alloc_extends(result0, int_P_arr_0_8_alloc_table) and - (alloc_fresh(result0, result1, 3) and instanceof(int_P_arr_0_8_tag_table, - result1, int_P_tag)))) -> - forall arr_0:int_P pointer. + forall result0:intP alloc_table. + forall result1:intP pointer. + forall intP_arr_0_8_alloc_table:intP alloc_table. + forall intP_arr_0_8_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (3 - 1), + intP_arr_0_8_alloc_table) and + (alloc_extends(result0, intP_arr_0_8_alloc_table) and + (alloc_fresh(result0, result1, 3) and instanceof(intP_arr_0_8_tag_table, + result1, intP_tag)))) -> + forall arr_0:intP pointer. (arr_0 = result1) -> forall result2:int32. (integer_of_int32(result2) = 42) -> @@ -4333,43 +4246,42 @@ (integer_of_int32(result3) = 13) -> forall result4:int32. (integer_of_int32(result4) = 42) -> - forall int_P_int_M_arr_0_8:(int_P, + forall intP_intM_arr_0_8:(intP, int32) memory. - (not_assigns(int_P_arr_0_8_alloc_table, result, int_P_int_M_arr_0_8, + (not_assigns(intP_arr_0_8_alloc_table, result, intP_intM_arr_0_8, pset_range(pset_singleton(arr_0), 0, 2)) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 0)) = result2) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 1)) = result3) and - (select(int_P_int_M_arr_0_8, shift(arr_0, 2)) = result4)))) -> + ((select(intP_intM_arr_0_8, shift(arr_0, 0)) = result2) and + ((select(intP_intM_arr_0_8, shift(arr_0, 1)) = result3) and + (select(intP_intM_arr_0_8, shift(arr_0, 2)) = result4)))) -> forall result5:uint32. (integer_of_uint32(result5) = 3) -> - forall int_P_int_M_arr_0_8_0:(int_P, + forall intP_intM_arr_0_8_0:(intP, int32) memory. ("JC_42": (forall i:int. (forall j:int. (((0 <= i) and ((i <= j) and (j < integer_of_uint32(result5)))) -> - (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - i))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, + (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + i))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, j)))))))) -> ("JC_103": - ("JC_102": - ("JC_102": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 1))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, 2))))))) + ("JC_102": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 1))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 2)))))) goal main_ensures_default_po_3: ("JC_84": true) -> - forall result:(int_P, + forall result:(intP, int32) memory. - forall result0:int_P alloc_table. - forall result1:int_P pointer. - forall int_P_arr_0_8_alloc_table:int_P alloc_table. - forall int_P_arr_0_8_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result1, 0, (3 - 1), - int_P_arr_0_8_alloc_table) and - (alloc_extends(result0, int_P_arr_0_8_alloc_table) and - (alloc_fresh(result0, result1, 3) and instanceof(int_P_arr_0_8_tag_table, - result1, int_P_tag)))) -> - forall arr_0:int_P pointer. + forall result0:intP alloc_table. + forall result1:intP pointer. + forall intP_arr_0_8_alloc_table:intP alloc_table. + forall intP_arr_0_8_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (3 - 1), + intP_arr_0_8_alloc_table) and + (alloc_extends(result0, intP_arr_0_8_alloc_table) and + (alloc_fresh(result0, result1, 3) and instanceof(intP_arr_0_8_tag_table, + result1, intP_tag)))) -> + forall arr_0:intP pointer. (arr_0 = result1) -> forall result2:int32. (integer_of_int32(result2) = 42) -> @@ -4377,48 +4289,47 @@ (integer_of_int32(result3) = 13) -> forall result4:int32. (integer_of_int32(result4) = 42) -> - forall int_P_int_M_arr_0_8:(int_P, + forall intP_intM_arr_0_8:(intP, int32) memory. - (not_assigns(int_P_arr_0_8_alloc_table, result, int_P_int_M_arr_0_8, + (not_assigns(intP_arr_0_8_alloc_table, result, intP_intM_arr_0_8, pset_range(pset_singleton(arr_0), 0, 2)) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 0)) = result2) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 1)) = result3) and - (select(int_P_int_M_arr_0_8, shift(arr_0, 2)) = result4)))) -> + ((select(intP_intM_arr_0_8, shift(arr_0, 0)) = result2) and + ((select(intP_intM_arr_0_8, shift(arr_0, 1)) = result3) and + (select(intP_intM_arr_0_8, shift(arr_0, 2)) = result4)))) -> forall result5:uint32. (integer_of_uint32(result5) = 3) -> - forall int_P_int_M_arr_0_8_0:(int_P, + forall intP_intM_arr_0_8_0:(intP, int32) memory. ("JC_42": (forall i:int. (forall j:int. (((0 <= i) and ((i <= j) and (j < integer_of_uint32(result5)))) -> - (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - i))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, + (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + i))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, j)))))))) -> ("JC_103": - (("JC_101": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 0))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, 1))))) and - ("JC_102": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 1))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, 2))))))) -> + (("JC_101": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 0))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 1))))) and + ("JC_102": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 1))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 2))))))) -> ("JC_107": - ("JC_104": - ("JC_104": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 0))) = 13)))) + ("JC_104": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 0))) = 13))) goal main_ensures_default_po_4: ("JC_84": true) -> - forall result:(int_P, + forall result:(intP, int32) memory. - forall result0:int_P alloc_table. - forall result1:int_P pointer. - forall int_P_arr_0_8_alloc_table:int_P alloc_table. - forall int_P_arr_0_8_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result1, 0, (3 - 1), - int_P_arr_0_8_alloc_table) and - (alloc_extends(result0, int_P_arr_0_8_alloc_table) and - (alloc_fresh(result0, result1, 3) and instanceof(int_P_arr_0_8_tag_table, - result1, int_P_tag)))) -> - forall arr_0:int_P pointer. + forall result0:intP alloc_table. + forall result1:intP pointer. + forall intP_arr_0_8_alloc_table:intP alloc_table. + forall intP_arr_0_8_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (3 - 1), + intP_arr_0_8_alloc_table) and + (alloc_extends(result0, intP_arr_0_8_alloc_table) and + (alloc_fresh(result0, result1, 3) and instanceof(intP_arr_0_8_tag_table, + result1, intP_tag)))) -> + forall arr_0:intP pointer. (arr_0 = result1) -> forall result2:int32. (integer_of_int32(result2) = 42) -> @@ -4426,48 +4337,47 @@ (integer_of_int32(result3) = 13) -> forall result4:int32. (integer_of_int32(result4) = 42) -> - forall int_P_int_M_arr_0_8:(int_P, + forall intP_intM_arr_0_8:(intP, int32) memory. - (not_assigns(int_P_arr_0_8_alloc_table, result, int_P_int_M_arr_0_8, + (not_assigns(intP_arr_0_8_alloc_table, result, intP_intM_arr_0_8, pset_range(pset_singleton(arr_0), 0, 2)) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 0)) = result2) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 1)) = result3) and - (select(int_P_int_M_arr_0_8, shift(arr_0, 2)) = result4)))) -> + ((select(intP_intM_arr_0_8, shift(arr_0, 0)) = result2) and + ((select(intP_intM_arr_0_8, shift(arr_0, 1)) = result3) and + (select(intP_intM_arr_0_8, shift(arr_0, 2)) = result4)))) -> forall result5:uint32. (integer_of_uint32(result5) = 3) -> - forall int_P_int_M_arr_0_8_0:(int_P, + forall intP_intM_arr_0_8_0:(intP, int32) memory. ("JC_42": (forall i:int. (forall j:int. (((0 <= i) and ((i <= j) and (j < integer_of_uint32(result5)))) -> - (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - i))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, + (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + i))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, j)))))))) -> ("JC_103": - (("JC_101": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 0))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, 1))))) and - ("JC_102": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 1))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, 2))))))) -> + (("JC_101": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 0))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 1))))) and + ("JC_102": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 1))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 2))))))) -> ("JC_107": - ("JC_105": - ("JC_105": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 1))) = 42)))) + ("JC_105": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 1))) = 42))) goal main_ensures_default_po_5: ("JC_84": true) -> - forall result:(int_P, + forall result:(intP, int32) memory. - forall result0:int_P alloc_table. - forall result1:int_P pointer. - forall int_P_arr_0_8_alloc_table:int_P alloc_table. - forall int_P_arr_0_8_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result1, 0, (3 - 1), - int_P_arr_0_8_alloc_table) and - (alloc_extends(result0, int_P_arr_0_8_alloc_table) and - (alloc_fresh(result0, result1, 3) and instanceof(int_P_arr_0_8_tag_table, - result1, int_P_tag)))) -> - forall arr_0:int_P pointer. + forall result0:intP alloc_table. + forall result1:intP pointer. + forall intP_arr_0_8_alloc_table:intP alloc_table. + forall intP_arr_0_8_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (3 - 1), + intP_arr_0_8_alloc_table) and + (alloc_extends(result0, intP_arr_0_8_alloc_table) and + (alloc_fresh(result0, result1, 3) and instanceof(intP_arr_0_8_tag_table, + result1, intP_tag)))) -> + forall arr_0:intP pointer. (arr_0 = result1) -> forall result2:int32. (integer_of_int32(result2) = 42) -> @@ -4475,33 +4385,32 @@ (integer_of_int32(result3) = 13) -> forall result4:int32. (integer_of_int32(result4) = 42) -> - forall int_P_int_M_arr_0_8:(int_P, + forall intP_intM_arr_0_8:(intP, int32) memory. - (not_assigns(int_P_arr_0_8_alloc_table, result, int_P_int_M_arr_0_8, + (not_assigns(intP_arr_0_8_alloc_table, result, intP_intM_arr_0_8, pset_range(pset_singleton(arr_0), 0, 2)) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 0)) = result2) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 1)) = result3) and - (select(int_P_int_M_arr_0_8, shift(arr_0, 2)) = result4)))) -> + ((select(intP_intM_arr_0_8, shift(arr_0, 0)) = result2) and + ((select(intP_intM_arr_0_8, shift(arr_0, 1)) = result3) and + (select(intP_intM_arr_0_8, shift(arr_0, 2)) = result4)))) -> forall result5:uint32. (integer_of_uint32(result5) = 3) -> - forall int_P_int_M_arr_0_8_0:(int_P, + forall intP_intM_arr_0_8_0:(intP, int32) memory. ("JC_42": (forall i:int. (forall j:int. (((0 <= i) and ((i <= j) and (j < integer_of_uint32(result5)))) -> - (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - i))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, + (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + i))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, j)))))))) -> ("JC_103": - (("JC_101": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 0))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, 1))))) and - ("JC_102": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 1))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, 2))))))) -> + (("JC_101": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 0))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 1))))) and + ("JC_102": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 1))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 2))))))) -> ("JC_107": - ("JC_106": - ("JC_106": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 2))) = 42)))) + ("JC_106": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 2))) = 42))) goal main_safety_po_1: ("JC_84": true) -> @@ -4509,34 +4418,34 @@ goal main_safety_po_2: ("JC_84": true) -> - forall result0:int_P alloc_table. + forall result0:intP alloc_table. (3 >= 0) -> - forall result1:int_P pointer. - forall int_P_arr_0_8_alloc_table:int_P alloc_table. - forall int_P_arr_0_8_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result1, 0, (3 - 1), - int_P_arr_0_8_alloc_table) and - (alloc_extends(result0, int_P_arr_0_8_alloc_table) and - (alloc_fresh(result0, result1, 3) and instanceof(int_P_arr_0_8_tag_table, - result1, int_P_tag)))) -> - (offset_max(int_P_arr_0_8_alloc_table, result1) >= 2) + forall result1:intP pointer. + forall intP_arr_0_8_alloc_table:intP alloc_table. + forall intP_arr_0_8_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (3 - 1), + intP_arr_0_8_alloc_table) and + (alloc_extends(result0, intP_arr_0_8_alloc_table) and + (alloc_fresh(result0, result1, 3) and instanceof(intP_arr_0_8_tag_table, + result1, intP_tag)))) -> + (offset_max(intP_arr_0_8_alloc_table, result1) >= 2) goal main_safety_po_3: ("JC_84": true) -> - forall result:(int_P, + forall result:(intP, int32) memory. - forall result0:int_P alloc_table. + forall result0:intP alloc_table. (3 >= 0) -> - forall result1:int_P pointer. - forall int_P_arr_0_8_alloc_table:int_P alloc_table. - forall int_P_arr_0_8_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result1, 0, (3 - 1), - int_P_arr_0_8_alloc_table) and - (alloc_extends(result0, int_P_arr_0_8_alloc_table) and - (alloc_fresh(result0, result1, 3) and instanceof(int_P_arr_0_8_tag_table, - result1, int_P_tag)))) -> - (offset_max(int_P_arr_0_8_alloc_table, result1) >= 2) -> - forall arr_0:int_P pointer. + forall result1:intP pointer. + forall intP_arr_0_8_alloc_table:intP alloc_table. + forall intP_arr_0_8_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (3 - 1), + intP_arr_0_8_alloc_table) and + (alloc_extends(result0, intP_arr_0_8_alloc_table) and + (alloc_fresh(result0, result1, 3) and instanceof(intP_arr_0_8_tag_table, + result1, intP_tag)))) -> + (offset_max(intP_arr_0_8_alloc_table, result1) >= 2) -> + forall arr_0:intP pointer. (arr_0 = result1) -> forall result2:int32. (integer_of_int32(result2) = 42) -> @@ -4544,33 +4453,33 @@ (integer_of_int32(result3) = 13) -> forall result4:int32. (integer_of_int32(result4) = 42) -> - forall int_P_int_M_arr_0_8:(int_P, + forall intP_intM_arr_0_8:(intP, int32) memory. - (not_assigns(int_P_arr_0_8_alloc_table, result, int_P_int_M_arr_0_8, + (not_assigns(intP_arr_0_8_alloc_table, result, intP_intM_arr_0_8, pset_range(pset_singleton(arr_0), 0, 2)) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 0)) = result2) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 1)) = result3) and - (select(int_P_int_M_arr_0_8, shift(arr_0, 2)) = result4)))) -> + ((select(intP_intM_arr_0_8, shift(arr_0, 0)) = result2) and + ((select(intP_intM_arr_0_8, shift(arr_0, 1)) = result3) and + (select(intP_intM_arr_0_8, shift(arr_0, 2)) = result4)))) -> forall result5:uint32. (integer_of_uint32(result5) = 3) -> - ("JC_34": ("JC_31": ("JC_31": (integer_of_uint32(result5) >= 0)))) + ("JC_34": ("JC_31": (integer_of_uint32(result5) >= 0))) goal main_safety_po_4: ("JC_84": true) -> - forall result:(int_P, + forall result:(intP, int32) memory. - forall result0:int_P alloc_table. + forall result0:intP alloc_table. (3 >= 0) -> - forall result1:int_P pointer. - forall int_P_arr_0_8_alloc_table:int_P alloc_table. - forall int_P_arr_0_8_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result1, 0, (3 - 1), - int_P_arr_0_8_alloc_table) and - (alloc_extends(result0, int_P_arr_0_8_alloc_table) and - (alloc_fresh(result0, result1, 3) and instanceof(int_P_arr_0_8_tag_table, - result1, int_P_tag)))) -> - (offset_max(int_P_arr_0_8_alloc_table, result1) >= 2) -> - forall arr_0:int_P pointer. + forall result1:intP pointer. + forall intP_arr_0_8_alloc_table:intP alloc_table. + forall intP_arr_0_8_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (3 - 1), + intP_arr_0_8_alloc_table) and + (alloc_extends(result0, intP_arr_0_8_alloc_table) and + (alloc_fresh(result0, result1, 3) and instanceof(intP_arr_0_8_tag_table, + result1, intP_tag)))) -> + (offset_max(intP_arr_0_8_alloc_table, result1) >= 2) -> + forall arr_0:intP pointer. (arr_0 = result1) -> forall result2:int32. (integer_of_int32(result2) = 42) -> @@ -4578,34 +4487,33 @@ (integer_of_int32(result3) = 13) -> forall result4:int32. (integer_of_int32(result4) = 42) -> - forall int_P_int_M_arr_0_8:(int_P, + forall intP_intM_arr_0_8:(intP, int32) memory. - (not_assigns(int_P_arr_0_8_alloc_table, result, int_P_int_M_arr_0_8, + (not_assigns(intP_arr_0_8_alloc_table, result, intP_intM_arr_0_8, pset_range(pset_singleton(arr_0), 0, 2)) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 0)) = result2) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 1)) = result3) and - (select(int_P_int_M_arr_0_8, shift(arr_0, 2)) = result4)))) -> + ((select(intP_intM_arr_0_8, shift(arr_0, 0)) = result2) and + ((select(intP_intM_arr_0_8, shift(arr_0, 1)) = result3) and + (select(intP_intM_arr_0_8, shift(arr_0, 2)) = result4)))) -> forall result5:uint32. (integer_of_uint32(result5) = 3) -> - ("JC_34": - ("JC_32": ("JC_32": (offset_min(int_P_arr_0_8_alloc_table, arr_0) <= 0)))) + ("JC_34": ("JC_32": (offset_min(intP_arr_0_8_alloc_table, arr_0) <= 0))) goal main_safety_po_5: ("JC_84": true) -> - forall result:(int_P, + forall result:(intP, int32) memory. - forall result0:int_P alloc_table. + forall result0:intP alloc_table. (3 >= 0) -> - forall result1:int_P pointer. - forall int_P_arr_0_8_alloc_table:int_P alloc_table. - forall int_P_arr_0_8_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result1, 0, (3 - 1), - int_P_arr_0_8_alloc_table) and - (alloc_extends(result0, int_P_arr_0_8_alloc_table) and - (alloc_fresh(result0, result1, 3) and instanceof(int_P_arr_0_8_tag_table, - result1, int_P_tag)))) -> - (offset_max(int_P_arr_0_8_alloc_table, result1) >= 2) -> - forall arr_0:int_P pointer. + forall result1:intP pointer. + forall intP_arr_0_8_alloc_table:intP alloc_table. + forall intP_arr_0_8_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (3 - 1), + intP_arr_0_8_alloc_table) and + (alloc_extends(result0, intP_arr_0_8_alloc_table) and + (alloc_fresh(result0, result1, 3) and instanceof(intP_arr_0_8_tag_table, + result1, intP_tag)))) -> + (offset_max(intP_arr_0_8_alloc_table, result1) >= 2) -> + forall arr_0:intP pointer. (arr_0 = result1) -> forall result2:int32. (integer_of_int32(result2) = 42) -> @@ -4613,36 +4521,35 @@ (integer_of_int32(result3) = 13) -> forall result4:int32. (integer_of_int32(result4) = 42) -> - forall int_P_int_M_arr_0_8:(int_P, + forall intP_intM_arr_0_8:(intP, int32) memory. - (not_assigns(int_P_arr_0_8_alloc_table, result, int_P_int_M_arr_0_8, + (not_assigns(intP_arr_0_8_alloc_table, result, intP_intM_arr_0_8, pset_range(pset_singleton(arr_0), 0, 2)) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 0)) = result2) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 1)) = result3) and - (select(int_P_int_M_arr_0_8, shift(arr_0, 2)) = result4)))) -> + ((select(intP_intM_arr_0_8, shift(arr_0, 0)) = result2) and + ((select(intP_intM_arr_0_8, shift(arr_0, 1)) = result3) and + (select(intP_intM_arr_0_8, shift(arr_0, 2)) = result4)))) -> forall result5:uint32. (integer_of_uint32(result5) = 3) -> ("JC_34": - ("JC_33": - ("JC_33": (offset_max(int_P_arr_0_8_alloc_table, - arr_0) >= (integer_of_uint32(result5) - 1))))) + ("JC_33": (offset_max(intP_arr_0_8_alloc_table, + arr_0) >= (integer_of_uint32(result5) - 1)))) goal main_safety_po_6: ("JC_84": true) -> - forall result:(int_P, + forall result:(intP, int32) memory. - forall result0:int_P alloc_table. + forall result0:intP alloc_table. (3 >= 0) -> - forall result1:int_P pointer. - forall int_P_arr_0_8_alloc_table:int_P alloc_table. - forall int_P_arr_0_8_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result1, 0, (3 - 1), - int_P_arr_0_8_alloc_table) and - (alloc_extends(result0, int_P_arr_0_8_alloc_table) and - (alloc_fresh(result0, result1, 3) and instanceof(int_P_arr_0_8_tag_table, - result1, int_P_tag)))) -> - (offset_max(int_P_arr_0_8_alloc_table, result1) >= 2) -> - forall arr_0:int_P pointer. + forall result1:intP pointer. + forall intP_arr_0_8_alloc_table:intP alloc_table. + forall intP_arr_0_8_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (3 - 1), + intP_arr_0_8_alloc_table) and + (alloc_extends(result0, intP_arr_0_8_alloc_table) and + (alloc_fresh(result0, result1, 3) and instanceof(intP_arr_0_8_tag_table, + result1, intP_tag)))) -> + (offset_max(intP_arr_0_8_alloc_table, result1) >= 2) -> + forall arr_0:intP pointer. (arr_0 = result1) -> forall result2:int32. (integer_of_int32(result2) = 42) -> @@ -4650,42 +4557,42 @@ (integer_of_int32(result3) = 13) -> forall result4:int32. (integer_of_int32(result4) = 42) -> - forall int_P_int_M_arr_0_8:(int_P, + forall intP_intM_arr_0_8:(intP, int32) memory. - (not_assigns(int_P_arr_0_8_alloc_table, result, int_P_int_M_arr_0_8, + (not_assigns(intP_arr_0_8_alloc_table, result, intP_intM_arr_0_8, pset_range(pset_singleton(arr_0), 0, 2)) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 0)) = result2) and - ((select(int_P_int_M_arr_0_8, shift(arr_0, 1)) = result3) and - (select(int_P_int_M_arr_0_8, shift(arr_0, 2)) = result4)))) -> + ((select(intP_intM_arr_0_8, shift(arr_0, 0)) = result2) and + ((select(intP_intM_arr_0_8, shift(arr_0, 1)) = result3) and + (select(intP_intM_arr_0_8, shift(arr_0, 2)) = result4)))) -> forall result5:uint32. (integer_of_uint32(result5) = 3) -> ("JC_34": (("JC_31": (integer_of_uint32(result5) >= 0)) and - (("JC_32": (offset_min(int_P_arr_0_8_alloc_table, arr_0) <= 0)) and - ("JC_33": (offset_max(int_P_arr_0_8_alloc_table, + (("JC_32": (offset_min(intP_arr_0_8_alloc_table, arr_0) <= 0)) and + ("JC_33": (offset_max(intP_arr_0_8_alloc_table, arr_0) >= (integer_of_uint32(result5) - 1)))))) -> - forall int_P_int_M_arr_0_8_0:(int_P, + forall intP_intM_arr_0_8_0:(intP, int32) memory. ("JC_42": (forall i:int. (forall j:int. (((0 <= i) and ((i <= j) and (j < integer_of_uint32(result5)))) -> - (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - i))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, + (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + i))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, j)))))))) -> ("JC_94": - (("JC_92": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 0))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, 1))))) and - ("JC_93": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, - 1))) <= integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, 2))))))) -> + (("JC_92": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 0))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 1))))) and + ("JC_93": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, + 1))) <= integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 2))))))) -> ("JC_98": - (("JC_95": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, + (("JC_95": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 0))) = 13)) and - (("JC_96": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, + (("JC_96": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 1))) = 42)) and - ("JC_97": (integer_of_int32(select(int_P_int_M_arr_0_8_0, shift(arr_0, + ("JC_97": (integer_of_int32(select(intP_intM_arr_0_8_0, shift(arr_0, 2))) = 42))))) -> - ((arr_0 = null) or (offset_max(int_P_arr_0_8_alloc_table, arr_0) >= 0)) + ((arr_0 = null) or (offset_max(intP_arr_0_8_alloc_table, arr_0) >= 0)) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations diff -Nru why-2.29+dfsg/tests/c/oracle/insertion_sort.err.oracle why-2.30+dfsg/tests/c/oracle/insertion_sort.err.oracle --- why-2.29+dfsg/tests/c/oracle/insertion_sort.err.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/insertion_sort.err.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,7 @@ +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file diff -Nru why-2.29+dfsg/tests/c/oracle/insertion_sort.res.oracle why-2.30+dfsg/tests/c/oracle/insertion_sort.res.oracle --- why-2.29+dfsg/tests/c/oracle/insertion_sort.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/insertion_sort.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,6367 @@ +========== file tests/c/insertion_sort.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +// RUNSIMPLIFY: will ask regtests to run Simplify on this program + +#pragma JessieIntegerModel(math) + +#include "sorting.h" + +/*@ requires \valid_range(t,0,n-1); + @ ensures Sorted(t,0,n-1); + @*/ +void insert_sort(int t[], int n) { + int i,j; + int mv; + if (n <= 1) return; + /*@ loop invariant 0 <= i <= n; + @ loop invariant Sorted(t,0,i); + @ loop variant n-i; + @*/ + for (i=1; i Sorted(t,0,i); + @ loop invariant j < i ==> Sorted(t,0,i+1); + @ loop invariant \forall integer k; j <= k < i ==> t[k] > mv; + @ loop variant j; + @*/ + // look for the right index j to put t[i] + for (j=i; j > 0; j--) { + if (t[j-1] <= mv) break; + t[j] = t[j-1]; + } + t[j] = mv; + } +} + + +/* +Local Variables: +compile-command: "make insertion_sort.why3ml" +End: +*/ +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/insertion_sort.c" +[jessie] Starting Jessie translation +[jessie] Producing Jessie files in subdir tests/c/insertion_sort.jessie +[jessie] File tests/c/insertion_sort.jessie/insertion_sort.jc written. +[jessie] File tests/c/insertion_sort.jessie/insertion_sort.cloc written. +========== file tests/c/insertion_sort.jessie/insertion_sort.jc ========== +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +tag intP = { + integer intM: 32; +} + +type intP = [intP] + +tag charP = { + integer charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +predicate Swap{L1, L2}(intP[..] a, integer i, integer j) = +(((\at((a + i).intM,L1) == \at((a + j).intM,L2)) && + (\at((a + j).intM,L1) == \at((a + i).intM,L2))) && + (\forall integer k; + (((k != i) && (k != j)) ==> + (\at((a + k).intM,L1) == \at((a + k).intM,L2))))) + +predicate Permut{L1, L2}(intP[..] a_0, integer l, integer h) { +case Permut_refl{L}: (\forall intP[..] a_1; + (\forall integer l_0; + (\forall integer h_0; + Permut{L, L}(a_1, l_0, h_0)))); + + case Permut_sym{L1, L2}: (\forall intP[..] a_2; + (\forall integer l_1; + (\forall integer h_1; + (Permut{L1, + L2}(a_2, l_1, h_1) ==> + Permut{L2, + L1}(a_2, l_1, h_1))))); + + case Permut_trans{L1, L2, L3}: (\forall intP[..] a_3; + (\forall integer l_2; + (\forall integer h_2; + ((Permut{L1, + L2}(a_3, l_2, h_2) && + Permut{L2, + L3}(a_3, l_2, h_2)) ==> + Permut{L1, + L3}(a_3, l_2, h_2))))); + + case Permut_swap{L1, L2}: (\forall intP[..] a_4; + (\forall integer l_3; + (\forall integer h_3; + (\forall integer i_0; + (\forall integer j_0; + (((((l_3 <= i_0) && (i_0 <= h_3)) && + ((l_3 <= j_0) && (j_0 <= h_3))) && + Swap{L1, + L2}(a_4, i_0, j_0)) ==> + Permut{L1, + L2}(a_4, l_3, h_3))))))); + +} + +predicate Sorted{L}(intP[..] a_5, integer l_4, integer h_4) = +(\forall integer i_1; + (\forall integer j_1; + (((l_4 <= i_1) && ((i_1 <= j_1) && (j_1 < h_4))) ==> + ((a_5 + i_1).intM <= (a_5 + j_1).intM)))) + +unit insert_sort(intP[..] t, integer n) + requires (C_35 : ((C_36 : (\offset_min(t) <= 0)) && + (C_37 : (\offset_max(t) >= (n - 1))))); +behavior default: + ensures (C_34 : Sorted{Here}(\at(t,Old), 0, (\at(n,Old) - 1))); +{ + (var integer i); + + (var integer j); + + (var integer mv); + + { (if (n <= 1) then + (goto return_label) else ()); + (C_1 : (i = 1)); + + loop + behavior default: + invariant (C_4 : ((C_5 : (0 <= i)) && (C_6 : (i <= n)))); + behavior default: + invariant (C_3 : Sorted{Here}(t, 0, i)); + variant (C_2 : (n - i)); + while (true) + { + { (if (i < n) then () else + (goto while_0_break)); + + { (C_9 : (mv = (C_8 : (C_7 : (t + i)).intM))); + (C_10 : (j = i)); + + loop + behavior default: + invariant (C_15 : ((C_16 : (0 <= j)) && (C_17 : (j <= i)))); + behavior default: + invariant (C_14 : ((j == i) ==> Sorted{Here}(t, 0, i))); + behavior default: + invariant (C_13 : ((j < i) ==> Sorted{Here}(t, 0, (i + 1)))); + behavior default: + invariant (C_12 : (\forall integer k_0; + (((j <= k_0) && (k_0 < i)) ==> + ((t + k_0).intM > mv)))); + variant (C_11 : j); + while (true) + { + { (if (j > 0) then () else + (goto while_1_break)); + + { (if ((C_20 : (C_19 : (t + (C_18 : (j - 1)))).intM) <= + mv) then + (goto while_1_break) else ()); + (C_26 : ((C_25 : (C_24 : (t + j)).intM) = (C_23 : + (C_22 : + (t + + (C_21 : + (j - + 1)))).intM))) + }; + (C_28 : (j = (C_27 : (j - 1)))) + } + }; + (while_1_break : ()); + (C_31 : ((C_30 : (C_29 : (t + j)).intM) = mv)) + }; + (C_33 : (i = (C_32 : (i + 1)))) + } + }; + (while_0_break : ()); + (return_label : + (return ())) + } +} +========== file tests/c/insertion_sort.jessie/insertion_sort.cloc ========== +[C_10] +file = "HOME/tests/c/insertion_sort.c" +line = 59 +begin = 11 +end = 12 + +[C_11] +file = "HOME/tests/c/insertion_sort.c" +line = 56 +begin = 21 +end = 22 + +[C_12] +file = "HOME/tests/c/insertion_sort.c" +line = 55 +begin = 23 +end = 66 + +[C_13] +file = "HOME/tests/c/insertion_sort.c" +line = 54 +begin = 23 +end = 48 + +[C_14] +file = "HOME/tests/c/insertion_sort.c" +line = 53 +begin = 23 +end = 47 + +[C_15] +file = "HOME/tests/c/insertion_sort.c" +line = 52 +begin = 23 +end = 34 + +[C_16] +file = "HOME/tests/c/insertion_sort.c" +line = 52 +begin = 23 +end = 29 + +[C_17] +file = "HOME/tests/c/insertion_sort.c" +line = 52 +begin = 28 +end = 34 + +[C_18] +file = "HOME/tests/c/insertion_sort.c" +line = 60 +begin = 12 +end = 15 + +[C_19] +file = "HOME/tests/c/insertion_sort.c" +line = 60 +begin = 10 +end = 11 + +[C_1] +file = "HOME/tests/c/insertion_sort.c" +line = 49 +begin = 9 +end = 10 + +[C_2] +file = "HOME/tests/c/insertion_sort.c" +line = 47 +begin = 19 +end = 22 + +[C_3] +file = "HOME/tests/c/insertion_sort.c" +line = 46 +begin = 21 +end = 34 + +[C_4] +file = "HOME/tests/c/insertion_sort.c" +line = 45 +begin = 21 +end = 32 + +[C_20] +file = "HOME/tests/c/insertion_sort.c" +line = 60 +begin = 10 +end = 16 + +[C_5] +file = "HOME/tests/c/insertion_sort.c" +line = 45 +begin = 21 +end = 27 + +[C_21] +file = "HOME/tests/c/insertion_sort.c" +line = 61 +begin = 15 +end = 18 + +[C_6] +file = "HOME/tests/c/insertion_sort.c" +line = 45 +begin = 26 +end = 32 + +[C_22] +file = "HOME/tests/c/insertion_sort.c" +line = 61 +begin = 13 +end = 14 + +[C_7] +file = "HOME/tests/c/insertion_sort.c" +line = 51 +begin = 9 +end = 10 + +[C_23] +file = "HOME/tests/c/insertion_sort.c" +line = 61 +begin = 13 +end = 19 + +[C_8] +file = "HOME/tests/c/insertion_sort.c" +line = 51 +begin = 9 +end = 13 + +[C_24] +file = "HOME/tests/c/insertion_sort.c" +line = 61 +begin = 6 +end = 7 + +[C_9] +file = "HOME/tests/c/insertion_sort.c" +line = 51 +begin = 9 +end = 13 + +[C_25] +file = "HOME/tests/c/insertion_sort.c" +line = 61 +begin = 13 +end = 19 + +[C_26] +file = "HOME/tests/c/insertion_sort.c" +line = 61 +begin = 13 +end = 19 + +[C_27] +file = "HOME/tests/c/insertion_sort.c" +line = 59 +begin = 21 +end = 24 + +[C_28] +file = "HOME/tests/c/insertion_sort.c" +line = 59 +begin = 21 +end = 24 + +[C_29] +file = "HOME/tests/c/insertion_sort.c" +line = 63 +begin = 4 +end = 5 + +[C_30] +file = "HOME/tests/c/insertion_sort.c" +line = 63 +begin = 11 +end = 13 + +[C_31] +file = "HOME/tests/c/insertion_sort.c" +line = 63 +begin = 11 +end = 13 + +[C_32] +file = "HOME/tests/c/insertion_sort.c" +line = 49 +begin = 17 +end = 20 + +[C_33] +file = "HOME/tests/c/insertion_sort.c" +line = 49 +begin = 17 +end = 20 + +[C_34] +file = "HOME/tests/c/insertion_sort.c" +line = 39 +begin = 12 +end = 27 + +[C_35] +file = "HOME/tests/c/insertion_sort.c" +line = 38 +begin = 13 +end = 34 + +[C_36] +file = "HOME/tests/c/insertion_sort.c" +line = 38 +begin = 13 +end = 34 + +[insert_sort] +name = "Function insert_sort" +file = "HOME/tests/c/insertion_sort.c" +line = 41 +begin = 5 +end = 16 + +[C_37] +file = "HOME/tests/c/insertion_sort.c" +line = 38 +begin = 13 +end = 34 + +========== jessie execution ========== +Generating Why function insert_sort +========== file tests/c/insertion_sort.jessie/insertion_sort.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs insertion_sort.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs insertion_sort.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/insertion_sort_why.sx + +project: why/insertion_sort.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/insertion_sort_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/insertion_sort_why.vo + +coq/insertion_sort_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/insertion_sort_why.v: why/insertion_sort.why + @echo 'why -coq [...] why/insertion_sort.why' && $(WHY) $(JESSIELIBFILES) why/insertion_sort.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/insertion_sort_ctx_why.vo + for f in why/*_po*.why; do make -f insertion_sort.makefile coq/`basename $$f .why`_why.v ; done + +coq/insertion_sort_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/insertion_sort_ctx_why.v: why/insertion_sort_ctx.why + @echo 'why -coq [...] why/insertion_sort_ctx.why' && $(WHY) why/insertion_sort_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export insertion_sort_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/insertion_sort_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/insertion_sort_ctx_why.vo + +pvs: pvs/insertion_sort_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/insertion_sort_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/insertion_sort_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/insertion_sort_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/insertion_sort_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/insertion_sort_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/insertion_sort_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/insertion_sort_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/insertion_sort_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/insertion_sort_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/insertion_sort_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/insertion_sort_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/insertion_sort_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/insertion_sort_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/insertion_sort_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: insertion_sort.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/insertion_sort_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/insertion_sort_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: insertion_sort.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include insertion_sort.depend + +depend: coq/insertion_sort_why.v + -$(COQDEP) -I coq coq/insertion_sort*_why.v > insertion_sort.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/insertion_sort.jessie/insertion_sort.loc ========== +[JC_40] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_41] +file = "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc" +line = 96 +begin = 6 +end = 2116 + +[JC_42] +file = "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc" +line = 96 +begin = 6 +end = 2116 + +[JC_43] +file = "HOME/tests/c/insertion_sort.c" +line = 55 +begin = 23 +end = 66 + +[JC_44] +file = "HOME/tests/c/insertion_sort.c" +line = 54 +begin = 23 +end = 48 + +[JC_45] +file = "HOME/tests/c/insertion_sort.c" +line = 53 +begin = 23 +end = 47 + +[JC_46] +file = "HOME/tests/c/insertion_sort.c" +line = 52 +begin = 23 +end = 29 + +[JC_1] +file = "HOME/tests/c/insertion_sort.c" +line = 38 +begin = 13 +end = 34 + +[JC_47] +file = "HOME/tests/c/insertion_sort.c" +line = 52 +begin = 28 +end = 34 + +[JC_2] +file = "HOME/tests/c/insertion_sort.c" +line = 38 +begin = 13 +end = 34 + +[JC_48] +file = "HOME/tests/c/insertion_sort.c" +line = 52 +begin = 23 +end = 34 + +[JC_3] +file = "HOME/tests/c/insertion_sort.c" +line = 38 +begin = 13 +end = 34 + +[JC_49] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/tests/c/insertion_sort.c" +line = 38 +begin = 13 +end = 34 + +[JC_6] +file = "HOME/tests/c/insertion_sort.c" +line = 38 +begin = 13 +end = 34 + +[JC_7] +file = "HOME/tests/c/insertion_sort.c" +line = 38 +begin = 13 +end = 34 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_9] +file = "HOME/tests/c/insertion_sort.c" +line = 39 +begin = 12 +end = 27 + +[JC_50] +file = "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc" +line = 110 +begin = 15 +end = 1508 + +[insert_sort_ensures_default] +name = "Function insert_sort" +behavior = "default behavior" +file = "HOME/tests/c/insertion_sort.c" +line = 41 +begin = 5 +end = 16 + +[JC_51] +file = "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc" +line = 110 +begin = 15 +end = 1508 + +[JC_10] +file = "HOME/tests/c/insertion_sort.c" +line = 39 +begin = 12 +end = 27 + +[JC_11] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_13] +file = "HOME/tests/c/insertion_sort.c" +line = 46 +begin = 21 +end = 34 + +[JC_14] +file = "HOME/tests/c/insertion_sort.c" +line = 45 +begin = 21 +end = 27 + +[JC_15] +file = "HOME/tests/c/insertion_sort.c" +line = 45 +begin = 26 +end = 32 + +[JC_16] +file = "HOME/tests/c/insertion_sort.c" +line = 45 +begin = 21 +end = 32 + +[JC_17] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_18] +file = "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc" +line = 96 +begin = 6 +end = 2116 + +[JC_19] +file = "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc" +line = 96 +begin = 6 +end = 2116 + +[JC_20] +kind = PointerDeref +file = "HOME/tests/c/insertion_sort.c" +line = 51 +begin = 9 +end = 13 + +[JC_21] +file = "HOME/tests/c/insertion_sort.c" +line = 55 +begin = 23 +end = 66 + +[JC_22] +file = "HOME/tests/c/insertion_sort.c" +line = 54 +begin = 23 +end = 48 + +[JC_23] +file = "HOME/tests/c/insertion_sort.c" +line = 53 +begin = 23 +end = 47 + +[JC_24] +file = "HOME/tests/c/insertion_sort.c" +line = 52 +begin = 23 +end = 29 + +[JC_25] +file = "HOME/tests/c/insertion_sort.c" +line = 52 +begin = 28 +end = 34 + +[JC_26] +file = "HOME/tests/c/insertion_sort.c" +line = 52 +begin = 23 +end = 34 + +[JC_27] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_28] +file = "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc" +line = 110 +begin = 15 +end = 1508 + +[JC_29] +file = "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc" +line = 110 +begin = 15 +end = 1508 + +[insert_sort_safety] +name = "Function insert_sort" +behavior = "Safety" +file = "HOME/tests/c/insertion_sort.c" +line = 41 +begin = 5 +end = 16 + +[JC_30] +kind = PointerDeref +file = "HOME/tests/c/insertion_sort.c" +line = 60 +begin = 10 +end = 16 + +[JC_31] +kind = PointerDeref +file = "HOME/tests/c/insertion_sort.c" +line = 61 +begin = 13 +end = 19 + +[JC_32] +kind = PointerDeref +file = "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc" +line = 130 +begin = 33 +end = 450 + +[JC_33] +file = "HOME/tests/c/insertion_sort.c" +line = 56 +begin = 21 +end = 22 + +[JC_34] +kind = PointerDeref +file = "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc" +line = 141 +begin = 24 +end = 59 + +[JC_35] +file = "HOME/tests/c/insertion_sort.c" +line = 47 +begin = 19 +end = 22 + +[JC_36] +file = "HOME/tests/c/insertion_sort.c" +line = 46 +begin = 21 +end = 34 + +[JC_37] +file = "HOME/tests/c/insertion_sort.c" +line = 45 +begin = 21 +end = 27 + +[JC_38] +file = "HOME/tests/c/insertion_sort.c" +line = 45 +begin = 26 +end = 32 + +[JC_39] +file = "HOME/tests/c/insertion_sort.c" +line = 45 +begin = 21 +end = 32 + +========== file tests/c/insertion_sort.jessie/why/insertion_sort.why ========== +type charP + +type intP + +type padding + +type voidP + +predicate Swap(a:intP pointer, i:int, j:int, + intP_intM_a_1_at_L2:(intP, int) memory, + intP_intM_a_1_at_L1:(intP, int) memory) = + ((select(intP_intM_a_1_at_L1, shift(a, i)) = select(intP_intM_a_1_at_L2, + shift(a, j))) + and ((select(intP_intM_a_1_at_L1, shift(a, j)) = select(intP_intM_a_1_at_L2, + shift(a, i))) + and (forall k:int. + (((k <> i) and (k <> j)) -> + (select(intP_intM_a_1_at_L1, shift(a, k)) = select(intP_intM_a_1_at_L2, + shift(a, k))))))) + +inductive Permut: intP pointer, int, int, (intP, int) memory, + (intP, int) memory -> prop = + | Permut_refl: (forall intP_intM_a_0_2_at_L:(intP, int) memory. + (forall a_1:intP pointer. + (forall l_0:int. + (forall h_0:int. + Permut(a_1, l_0, h_0, intP_intM_a_0_2_at_L, + intP_intM_a_0_2_at_L))))) + | Permut_sym: (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_2:intP pointer. + (forall l_1:int. + (forall h_1:int. + (Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) -> + Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L1, + intP_intM_a_0_2_at_L2))))))) + | Permut_trans: (forall intP_intM_a_0_2_at_L3:(intP, int) memory. + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_3:intP pointer. + (forall l_2:int. + (forall h_2:int. + ((Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) + and Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L2)) -> + Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L1)))))))) + | Permut_swap: (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_4:intP pointer. + (forall l_3:int. + (forall h_3:int. + (forall i_0:int. + (forall j_0:int. + ((le_int(l_3, i_0) + and (le_int(i_0, h_3) + and (le_int(l_3, j_0) + and (le_int(j_0, h_3) + and Swap(a_4, i_0, j_0, + intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))) -> + Permut(a_4, l_3, h_3, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))))))) + +predicate Sorted(a_5:intP pointer, l_4:int, h_4:int, + intP_intM_a_5_3_at_L:(intP, int) memory) = + (forall i_1:int. + (forall j_1:int. + ((le_int(l_4, i_1) and (le_int(i_1, j_1) and lt_int(j_1, h_4))) -> + le_int(select(intP_intM_a_5_3_at_L, shift(a_5, i_1)), + select(intP_intM_a_5_3_at_L, shift(a_5, j_1)))))) + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +logic intP_tag: -> intP tag_id + +axiom intP_int : (int_of_tag(intP_tag) = (1)) + +logic intP_of_pointer_address: unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr : + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom : parenttag(intP_tag, bottom_tag) + +axiom intP_tags : + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. + instanceof(intP_tag_table, x, intP_tag))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_intP(p:intP pointer, a:int, + intP_alloc_table:intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_intP(p:intP pointer, b:int, + intP_alloc_table:intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +exception Goto_while_0_break_exc of unit + +exception Goto_while_1_break_exc of unit + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter intP_alloc_table : intP alloc_table ref + +parameter intP_tag_table : intP tag_table ref + +parameter alloc_struct_intP : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { } intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter alloc_struct_intP_requires : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { ge_int(n, (0))} intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter insert_sort : + t:intP pointer -> + n:int -> + intP_intM_t_4:(intP, int) memory ref -> + intP_t_4_alloc_table:intP alloc_table -> + { } unit reads intP_intM_t_4 writes intP_intM_t_4 + { (JC_10: Sorted(t, (0), sub_int(n, (1)), intP_intM_t_4)) } + +parameter insert_sort_requires : + t:intP pointer -> + n:int -> + intP_intM_t_4:(intP, int) memory ref -> + intP_t_4_alloc_table:intP alloc_table -> + { (JC_3: + ((JC_1: le_int(offset_min(intP_t_4_alloc_table, t), (0))) + and (JC_2: + ge_int(offset_max(intP_t_4_alloc_table, t), sub_int(n, (1))))))} + unit reads intP_intM_t_4 writes intP_intM_t_4 + { (JC_10: Sorted(t, (0), sub_int(n, (1)), intP_intM_t_4)) } + +let insert_sort_ensures_default = + fun (t : intP pointer) (n : int) (intP_intM_t_4 : (intP, int) memory ref) (intP_t_4_alloc_table : intP alloc_table) -> + { (JC_7: + ((JC_5: le_int(offset_min(intP_t_4_alloc_table, t), (0))) + and (JC_6: ge_int(offset_max(intP_t_4_alloc_table, t), sub_int(n, (1)))))) } + (init: + try + begin + (let i_2 = ref (any_int void) in + (let j_2 = ref (any_int void) in + (let mv = ref (any_int void) in + try + begin + try + (C_1: + begin + (if ((le_int_ n) (1)) then (raise (Return_label_exc void)) + else void); (let jessie_ = (i_2 := (1)) in void); + (loop_3: + while true do + { invariant + ((JC_36: Sorted(t, (0), i_2, intP_intM_t_4)) + and (JC_39: + ((JC_37: le_int((0), i_2)) and (JC_38: le_int(i_2, n))))) + } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_33: + begin + (if ((lt_int_ !i_2) n) then void + else (raise (Goto_while_0_break_exc void))); + try + (C_9: + (C_10: + begin + (let jessie_ = + (mv := (C_8: + ((safe_acc_ !intP_intM_t_4) (C_7: ((shift t) !i_2))))) in + void); (let jessie_ = (j_2 := !i_2) in void); + (loop_4: + while true do + { invariant + ((JC_43: + (forall k_0:int. + ((le_int(j_2, k_0) and lt_int(k_0, i_2)) -> + gt_int(select(intP_intM_t_4, shift(t, k_0)), mv)))) + and ((JC_44: + (lt_int(j_2, i_2) -> + Sorted(t, (0), add_int(i_2, (1)), intP_intM_t_4))) + and ((JC_45: + ((j_2 = i_2) -> + Sorted(t, (0), i_2, intP_intM_t_4))) + and (JC_48: + ((JC_46: le_int((0), j_2)) + and (JC_47: le_int(j_2, i_2))))))) + } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_28: + begin + (if ((gt_int_ !j_2) (0)) then void + else (raise (Goto_while_1_break_exc void))); + (let jessie_ = + begin + (if ((le_int_ (C_20: + ((safe_acc_ !intP_intM_t_4) (C_19: + ((shift t) + (C_18: + ((sub_int !j_2) (1)))))))) !mv) + then (raise (Goto_while_1_break_exc void)) + else void); + (C_26: + (let jessie_ = + (C_23: + ((safe_acc_ !intP_intM_t_4) (C_22: + ((shift t) (C_21: + ((sub_int !j_2) (1))))))) in + (let jessie_ = t in + (let jessie_ = !j_2 in + (let jessie_ = ((shift jessie_) jessie_) in + begin + (((safe_upd_ intP_intM_t_4) jessie_) jessie_); + jessie_ end))))) end in void); + (j_2 := (C_27: ((sub_int !j_2) (1)))); !j_2 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_1_break_exc void)) end)) with + Goto_while_1_break_exc jessie_ -> + (let jessie_ = + (while_1_break: + begin + void; + (C_31: + (let jessie_ = !mv in + (let jessie_ = t in + (let jessie_ = !j_2 in + (let jessie_ = ((shift jessie_) jessie_) in + begin + (((safe_upd_ intP_intM_t_4) jessie_) jessie_); + jessie_ end))))) end) in void) end; + (i_2 := (C_32: ((add_int !i_2) (1)))); !i_2 end) in void); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: (raise Return)) end))); (raise Return) end with + Return -> void end) + { (JC_9: Sorted(t, (0), sub_int(n, (1)), intP_intM_t_4)) } + +let insert_sort_safety = + fun (t : intP pointer) (n : int) (intP_intM_t_4 : (intP, int) memory ref) (intP_t_4_alloc_table : intP alloc_table) -> + { (JC_7: + ((JC_5: le_int(offset_min(intP_t_4_alloc_table, t), (0))) + and (JC_6: ge_int(offset_max(intP_t_4_alloc_table, t), sub_int(n, (1)))))) } + (init: + try + begin + (let i_2 = ref (any_int void) in + (let j_2 = ref (any_int void) in + (let mv = ref (any_int void) in + try + begin + try + (C_1: + begin + (if ((le_int_ n) (1)) then (raise (Return_label_exc void)) + else void); (let jessie_ = (i_2 := (1)) in void); + (loop_1: + while true do + { invariant (JC_18: true) variant (JC_35 : sub_int(n, i_2)) } + begin + [ { } unit reads i_2,intP_intM_t_4 + { ((JC_13: Sorted(t, (0), i_2, intP_intM_t_4)) + and (JC_16: + ((JC_14: le_int((0), i_2)) and (JC_15: le_int(i_2, n))))) } ]; + try + begin + (let jessie_ = + (C_33: + begin + (if ((lt_int_ !i_2) n) then void + else (raise (Goto_while_0_break_exc void))); + try + (C_9: + (C_10: + begin + (let jessie_ = + (mv := (C_8: + (JC_20: + ((((offset_acc_ intP_t_4_alloc_table) !intP_intM_t_4) t) !i_2)))) in + void); (let jessie_ = (j_2 := !i_2) in void); + (loop_2: + while true do + { invariant (JC_28: true) variant (JC_33 : j_2) } + begin + [ { } unit reads i_2,intP_intM_t_4,j_2,mv + { ((JC_21: + (forall k_0:int. + ((le_int(j_2, k_0) and lt_int(k_0, i_2)) -> + gt_int(select(intP_intM_t_4, shift(t, k_0)), mv)))) + and ((JC_22: + (lt_int(j_2, i_2) -> + Sorted(t, (0), add_int(i_2, (1)), + intP_intM_t_4))) + and ((JC_23: + ((j_2 = i_2) -> + Sorted(t, (0), i_2, intP_intM_t_4))) + and (JC_26: + ((JC_24: le_int((0), j_2)) + and (JC_25: le_int(j_2, i_2))))))) } ]; + try + begin + (let jessie_ = + (C_28: + begin + (if ((gt_int_ !j_2) (0)) then void + else (raise (Goto_while_1_break_exc void))); + (let jessie_ = + begin + (if ((le_int_ (C_20: + (JC_30: + ((((offset_acc_ intP_t_4_alloc_table) !intP_intM_t_4) t) + (C_18: ((sub_int !j_2) (1))))))) !mv) + then (raise (Goto_while_1_break_exc void)) + else void); + (C_26: + (let jessie_ = + (C_23: + (JC_31: + ((((offset_acc_ intP_t_4_alloc_table) !intP_intM_t_4) t) + (C_21: ((sub_int !j_2) (1)))))) in + (let jessie_ = t in + (let jessie_ = !j_2 in + (let jessie_ = ((shift jessie_) jessie_) in + begin + (JC_32: + (((((offset_upd_ intP_t_4_alloc_table) intP_intM_t_4) jessie_) jessie_) jessie_)); + jessie_ end))))) end in void); + (j_2 := (C_27: ((sub_int !j_2) (1)))); !j_2 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_1_break_exc void)) end)) with + Goto_while_1_break_exc jessie_ -> + (let jessie_ = + (while_1_break: + begin + void; + (C_31: + (let jessie_ = !mv in + (let jessie_ = t in + (let jessie_ = !j_2 in + (let jessie_ = ((shift jessie_) jessie_) in + begin + (JC_34: + (((((offset_upd_ intP_t_4_alloc_table) intP_intM_t_4) jessie_) jessie_) jessie_)); + jessie_ end))))) end) in void) end; + (i_2 := (C_32: ((add_int !i_2) (1)))); !i_2 end) in void); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: (raise Return)) end))); (raise Return) end with + Return -> void end) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/insertion_sort.why +========== file tests/c/insertion_sort.jessie/why/insertion_sort_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type charP + +type intP + +type padding + +type voidP + +predicate Swap(a: intP pointer, i: int, j: int, intP_intM_a_1_at_L2: (intP, + int) memory, intP_intM_a_1_at_L1: (intP, int) memory) = + ((select(intP_intM_a_1_at_L1, shift(a, i)) = select(intP_intM_a_1_at_L2, + shift(a, j))) and + ((select(intP_intM_a_1_at_L1, shift(a, j)) = select(intP_intM_a_1_at_L2, + shift(a, i))) and + (forall k:int. + (((k <> i) and (k <> j)) -> (select(intP_intM_a_1_at_L1, shift(a, + k)) = select(intP_intM_a_1_at_L2, shift(a, k))))))) + +logic Permut : intP pointer, int, int, (intP, int) memory, (intP, +int) memory -> prop + +axiom Permut_inversion: + (forall aux_1:intP pointer. + (forall aux_2:int. + (forall aux_3:int. + (forall aux_4:(intP, int) memory. + (forall aux_5:(intP, int) memory [Permut(aux_1, aux_2, aux_3, + aux_4, aux_5)]. + (Permut(aux_1, aux_2, aux_3, aux_4, aux_5) -> + ((exists intP_intM_a_0_2_at_L:(intP, int) memory. + (exists a_1:intP pointer. + (exists l_0:int. + (exists h_0:int. + ((aux_1 = a_1) and + ((aux_2 = l_0) and + ((aux_3 = h_0) and + ((aux_4 = intP_intM_a_0_2_at_L) and + (aux_5 = intP_intM_a_0_2_at_L))))))))) or + ((exists intP_intM_a_0_2_at_L2:(intP, int) memory. + (exists intP_intM_a_0_2_at_L1:(intP, int) memory. + (exists a_2:intP pointer. + (exists l_1:int. + (exists h_1:int. + (Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) and + ((aux_1 = a_2) and + ((aux_2 = l_1) and + ((aux_3 = h_1) and + ((aux_4 = intP_intM_a_0_2_at_L1) and + (aux_5 = intP_intM_a_0_2_at_L2))))))))))) or + ((exists intP_intM_a_0_2_at_L3:(intP, int) memory. + (exists intP_intM_a_0_2_at_L2:(intP, int) memory. + (exists intP_intM_a_0_2_at_L1:(intP, int) memory. + (exists a_3:intP pointer. + (exists l_2:int. + (exists h_2:int. + ((Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) and Permut(a_3, l_2, + h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L2)) and + ((aux_1 = a_3) and + ((aux_2 = l_2) and + ((aux_3 = h_2) and + ((aux_4 = intP_intM_a_0_2_at_L3) and + (aux_5 = intP_intM_a_0_2_at_L1)))))))))))) or + (exists intP_intM_a_0_2_at_L2:(intP, int) memory. + (exists intP_intM_a_0_2_at_L1:(intP, int) memory. + (exists a_4:intP pointer. + (exists l_3:int. + (exists h_3:int. + (exists i_0:int. + (exists j_0:int. + (((l_3 <= i_0) and + ((i_0 <= h_3) and + ((l_3 <= j_0) and + ((j_0 <= h_3) and Swap(a_4, i_0, j_0, + intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))) and + ((aux_1 = a_4) and + ((aux_2 = l_3) and + ((aux_3 = h_3) and + ((aux_4 = intP_intM_a_0_2_at_L2) and + (aux_5 = intP_intM_a_0_2_at_L1)))))))))))))))))))))) + +axiom Permut_refl: + (forall intP_intM_a_0_2_at_L:(intP, int) memory. + (forall a_1:intP pointer. + (forall l_0:int. + (forall h_0:int. Permut(a_1, l_0, h_0, intP_intM_a_0_2_at_L, + intP_intM_a_0_2_at_L))))) + +axiom Permut_sym: + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_2:intP pointer. + (forall l_1:int. + (forall h_1:int. + (Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) -> Permut(a_2, l_1, h_1, + intP_intM_a_0_2_at_L1, intP_intM_a_0_2_at_L2))))))) + +axiom Permut_trans: + (forall intP_intM_a_0_2_at_L3:(intP, int) memory. + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_3:intP pointer. + (forall l_2:int. + (forall h_2:int. + ((Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) and Permut(a_3, l_2, h_2, + intP_intM_a_0_2_at_L3, intP_intM_a_0_2_at_L2)) -> + Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L1)))))))) + +axiom Permut_swap: + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_4:intP pointer. + (forall l_3:int. + (forall h_3:int. + (forall i_0:int. + (forall j_0:int. + (((l_3 <= i_0) and + ((i_0 <= h_3) and + ((l_3 <= j_0) and + ((j_0 <= h_3) and Swap(a_4, i_0, j_0, + intP_intM_a_0_2_at_L2, intP_intM_a_0_2_at_L1))))) -> + Permut(a_4, l_3, h_3, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))))))) + +predicate Sorted(a_5: intP pointer, l_4: int, h_4: int, + intP_intM_a_5_3_at_L: (intP, int) memory) = + (forall i_1:int. + (forall j_1:int. + (((l_4 <= i_1) and ((i_1 <= j_1) and (j_1 < h_4))) -> + (select(intP_intM_a_5_3_at_L, shift(a_5, + i_1)) <= select(intP_intM_a_5_3_at_L, shift(a_5, j_1)))))) + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +logic intP_tag : intP tag_id + +axiom intP_int: (int_of_tag(intP_tag) = 1) + +logic intP_of_pointer_address : unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr: + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom: parenttag(intP_tag, bottom_tag) + +axiom intP_tags: + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. instanceof(intP_tag_table, x, + intP_tag))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_intP(p: intP pointer, a: int, + intP_alloc_table: intP alloc_table) = (offset_min(intP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_intP(p: intP pointer, b: int, + intP_alloc_table: intP alloc_table) = (offset_max(intP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal insert_sort_ensures_default_po_1: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n <= 1) -> + ("JC_9": Sorted(t, 0, (n - 1), intP_intM_t_4)) + +goal insert_sort_ensures_default_po_2: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + ("JC_36": Sorted(t, 0, i_2, intP_intM_t_4)) + +goal insert_sort_ensures_default_po_3: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + ("JC_39": ("JC_37": (0 <= i_2))) + +goal insert_sort_ensures_default_po_4: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + ("JC_39": ("JC_38": (i_2 <= n))) + +goal insert_sort_ensures_default_po_5: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall k_0:int. + ((j_2 <= k_0) and (k_0 < i_2_0)) -> + ("JC_43": (select(intP_intM_t_4_0, shift(t, k_0)) > mv)) + +goal insert_sort_ensures_default_po_6: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + (j_2 < i_2_0) -> + ("JC_44": Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0)) + +goal insert_sort_ensures_default_po_7: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + ("JC_48": ("JC_46": (0 <= j_2))) + +goal insert_sort_ensures_default_po_8: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + ("JC_48": ("JC_47": (j_2 <= i_2_0))) + +goal insert_sort_ensures_default_po_9: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + forall result0:int. + (result0 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + (result0 <= mv) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), mv)) -> + forall i_2_1:int. + (i_2_1 = (i_2_0 + 1)) -> + ("JC_36": Sorted(t, 0, i_2_1, intP_intM_t_4_2)) + +goal insert_sort_ensures_default_po_10: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + forall result0:int. + (result0 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + (result0 <= mv) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), mv)) -> + forall i_2_1:int. + (i_2_1 = (i_2_0 + 1)) -> + ("JC_39": ("JC_37": (0 <= i_2_1))) + +goal insert_sort_ensures_default_po_11: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + forall result0:int. + (result0 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + (result0 <= mv) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), mv)) -> + forall i_2_1:int. + (i_2_1 = (i_2_0 + 1)) -> + ("JC_39": ("JC_38": (i_2_1 <= n))) + +goal insert_sort_ensures_default_po_12: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + forall result0:int. + (result0 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + (result0 > mv) -> + forall result1:int. + (result1 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), result1)) -> + forall j_2_1:int. + (j_2_1 = (j_2_0 - 1)) -> + forall k_0:int. + ((j_2_1 <= k_0) and (k_0 < i_2_0)) -> + ("JC_43": (select(intP_intM_t_4_2, shift(t, k_0)) > mv)) + +goal insert_sort_ensures_default_po_13: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + forall result0:int. + (result0 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + (result0 > mv) -> + forall result1:int. + (result1 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), result1)) -> + forall j_2_1:int. + (j_2_1 = (j_2_0 - 1)) -> + (j_2_1 < i_2_0) -> + ("JC_44": Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_2)) + +goal insert_sort_ensures_default_po_14: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + forall result0:int. + (result0 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + (result0 > mv) -> + forall result1:int. + (result1 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), result1)) -> + forall j_2_1:int. + (j_2_1 = (j_2_0 - 1)) -> + (j_2_1 = i_2_0) -> + ("JC_45": Sorted(t, 0, i_2_0, intP_intM_t_4_2)) + +goal insert_sort_ensures_default_po_15: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + forall result0:int. + (result0 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + (result0 > mv) -> + forall result1:int. + (result1 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), result1)) -> + forall j_2_1:int. + (j_2_1 = (j_2_0 - 1)) -> + ("JC_48": ("JC_46": (0 <= j_2_1))) + +goal insert_sort_ensures_default_po_16: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + forall result0:int. + (result0 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + (result0 > mv) -> + forall result1:int. + (result1 = select(intP_intM_t_4_1, shift(t, (j_2_0 - 1)))) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), result1)) -> + forall j_2_1:int. + (j_2_1 = (j_2_0 - 1)) -> + ("JC_48": ("JC_47": (j_2_1 <= i_2_0))) + +goal insert_sort_ensures_default_po_17: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 <= 0) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), mv)) -> + forall i_2_1:int. + (i_2_1 = (i_2_0 + 1)) -> + ("JC_36": Sorted(t, 0, i_2_1, intP_intM_t_4_2)) + +goal insert_sort_ensures_default_po_18: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 <= 0) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), mv)) -> + forall i_2_1:int. + (i_2_1 = (i_2_0 + 1)) -> + ("JC_39": ("JC_37": (0 <= i_2_1))) + +goal insert_sort_ensures_default_po_19: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + forall result:int. + (result = select(intP_intM_t_4_0, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_1:(intP, + int) memory. + forall j_2_0:int. + (("JC_43": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_1, shift(t, + k_0)) > mv)))) and + (("JC_44": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_1))) and + (("JC_45": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_1))) and + ("JC_48": (("JC_46": (0 <= j_2_0)) and ("JC_47": (j_2_0 <= i_2_0))))))) -> + (j_2_0 <= 0) -> + forall intP_intM_t_4_2:(intP, + int) memory. + (intP_intM_t_4_2 = store(intP_intM_t_4_1, shift(t, j_2_0), mv)) -> + forall i_2_1:int. + (i_2_1 = (i_2_0 + 1)) -> + ("JC_39": ("JC_38": (i_2_1 <= n))) + +goal insert_sort_ensures_default_po_20: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4_0:(intP, + int) memory. + (("JC_36": Sorted(t, 0, i_2_0, intP_intM_t_4_0)) and + ("JC_39": (("JC_37": (0 <= i_2_0)) and ("JC_38": (i_2_0 <= n))))) -> + (i_2_0 >= n) -> + ("JC_9": Sorted(t, 0, (n - 1), intP_intM_t_4_0)) + +goal insert_sort_safety_po_1: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + (offset_min(intP_t_4_alloc_table, t) <= i_2_0) + +goal insert_sort_safety_po_2: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + (i_2_0 <= offset_max(intP_t_4_alloc_table, t)) + +goal insert_sort_safety_po_3: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + (offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) + +goal insert_sort_safety_po_4: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t)) + +goal insert_sort_safety_po_5: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + (result0 <= mv) -> + (offset_min(intP_t_4_alloc_table, t) <= j_2_0) + +goal insert_sort_safety_po_6: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + (result0 <= mv) -> + (j_2_0 <= offset_max(intP_t_4_alloc_table, t)) + +goal insert_sort_safety_po_7: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + (result0 <= mv) -> + ((offset_min(intP_t_4_alloc_table, t) <= j_2_0) and + (j_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall intP_intM_t_4_1:(intP, + int) memory. + (intP_intM_t_4_1 = store(intP_intM_t_4_0, shift(t, j_2_0), mv)) -> + forall i_2_1:int. + (i_2_1 = (i_2_0 + 1)) -> + (0 <= ("JC_35": (n - i_2_0))) + +goal insert_sort_safety_po_8: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + (result0 <= mv) -> + ((offset_min(intP_t_4_alloc_table, t) <= j_2_0) and + (j_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall intP_intM_t_4_1:(intP, + int) memory. + (intP_intM_t_4_1 = store(intP_intM_t_4_0, shift(t, j_2_0), mv)) -> + forall i_2_1:int. + (i_2_1 = (i_2_0 + 1)) -> + (("JC_35": (n - i_2_1)) < ("JC_35": (n - i_2_0))) + +goal insert_sort_safety_po_9: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + (result0 > mv) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result1:int. + (result1 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + (offset_min(intP_t_4_alloc_table, t) <= j_2_0) + +goal insert_sort_safety_po_10: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + (result0 > mv) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result1:int. + (result1 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + (j_2_0 <= offset_max(intP_t_4_alloc_table, t)) + +goal insert_sort_safety_po_11: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + (result0 > mv) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result1:int. + (result1 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + ((offset_min(intP_t_4_alloc_table, t) <= j_2_0) and + (j_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall intP_intM_t_4_1:(intP, + int) memory. + (intP_intM_t_4_1 = store(intP_intM_t_4_0, shift(t, j_2_0), result1)) -> + forall j_2_1:int. + (j_2_1 = (j_2_0 - 1)) -> + (0 <= ("JC_33": j_2_0)) + +goal insert_sort_safety_po_12: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 > 0) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + (result0 > mv) -> + ((offset_min(intP_t_4_alloc_table, t) <= (j_2_0 - 1)) and + ((j_2_0 - 1) <= offset_max(intP_t_4_alloc_table, t))) -> + forall result1:int. + (result1 = select(intP_intM_t_4_0, shift(t, (j_2_0 - 1)))) -> + ((offset_min(intP_t_4_alloc_table, t) <= j_2_0) and + (j_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall intP_intM_t_4_1:(intP, + int) memory. + (intP_intM_t_4_1 = store(intP_intM_t_4_0, shift(t, j_2_0), result1)) -> + forall j_2_1:int. + (j_2_1 = (j_2_0 - 1)) -> + (("JC_33": j_2_1) < ("JC_33": j_2_0)) + +goal insert_sort_safety_po_13: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 <= 0) -> + (offset_min(intP_t_4_alloc_table, t) <= j_2_0) + +goal insert_sort_safety_po_14: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 <= 0) -> + (j_2_0 <= offset_max(intP_t_4_alloc_table, t)) + +goal insert_sort_safety_po_15: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 <= 0) -> + ((offset_min(intP_t_4_alloc_table, t) <= j_2_0) and + (j_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall intP_intM_t_4_1:(intP, + int) memory. + (intP_intM_t_4_1 = store(intP_intM_t_4_0, shift(t, j_2_0), mv)) -> + forall i_2_1:int. + (i_2_1 = (i_2_0 + 1)) -> + (0 <= ("JC_35": (n - i_2_0))) + +goal insert_sort_safety_po_16: + forall t:intP pointer. + forall n:int. + forall intP_t_4_alloc_table:intP alloc_table. + ("JC_7": + (("JC_5": (offset_min(intP_t_4_alloc_table, t) <= 0)) and + ("JC_6": (offset_max(intP_t_4_alloc_table, t) >= (n - 1))))) -> + (n > 1) -> + forall i_2:int. + (i_2 = 1) -> + forall i_2_0:int. + forall intP_intM_t_4:(intP, + int) memory. + ("JC_18": true) -> + (("JC_13": Sorted(t, 0, i_2_0, intP_intM_t_4)) and + ("JC_16": (("JC_14": (0 <= i_2_0)) and ("JC_15": (i_2_0 <= n))))) -> + (i_2_0 < n) -> + ((offset_min(intP_t_4_alloc_table, t) <= i_2_0) and + (i_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_4, shift(t, i_2_0))) -> + forall mv:int. + (mv = result) -> + forall j_2:int. + (j_2 = i_2_0) -> + forall intP_intM_t_4_0:(intP, + int) memory. + forall j_2_0:int. + ("JC_28": true) -> + (("JC_21": + (forall k_0:int. + (((j_2_0 <= k_0) and (k_0 < i_2_0)) -> (select(intP_intM_t_4_0, shift(t, + k_0)) > mv)))) and + (("JC_22": + ((j_2_0 < i_2_0) -> Sorted(t, 0, (i_2_0 + 1), intP_intM_t_4_0))) and + (("JC_23": ((j_2_0 = i_2_0) -> Sorted(t, 0, i_2_0, intP_intM_t_4_0))) and + ("JC_26": (("JC_24": (0 <= j_2_0)) and ("JC_25": (j_2_0 <= i_2_0))))))) -> + (j_2_0 <= 0) -> + ((offset_min(intP_t_4_alloc_table, t) <= j_2_0) and + (j_2_0 <= offset_max(intP_t_4_alloc_table, t))) -> + forall intP_intM_t_4_1:(intP, + int) memory. + (intP_intM_t_4_1 = store(intP_intM_t_4_0, shift(t, j_2_0), mv)) -> + forall i_2_1:int. + (i_2_1 = (i_2_0 + 1)) -> + (("JC_35": (n - i_2_1)) < ("JC_35": (n - i_2_0))) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/insertion_sort_why.why : .................................... (36/0/0/0/0) +total : 36 +valid : 36 (100%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 0 ( 0%) +failure : 0 ( 0%) +// RUNSIMPLIFY: will ask regtests to run Simplify on this program +========== generation of Simplify VC output ========== +why -simplify [...] why/insertion_sort.why +========== file tests/c/insertion_sort.jessie/simplify/insertion_sort_why.sx ========== + +;; DO NOT EDIT BELOW THIS LINE + +(BG_PUSH (NEQ |@true| |@false|)) + +(DEFPRED (zwf_zero a b) (AND (<= 0 b) (< a b))) + +(BG_PUSH + ;; Why axiom bool_and_def + (FORALL (a b) + (IFF (EQ (bool_and a b) |@true|) (AND (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_or_def + (FORALL (a b) + (IFF (EQ (bool_or a b) |@true|) (OR (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_xor_def + (FORALL (a b) (IFF (EQ (bool_xor a b) |@true|) (NEQ a b)))) + +(BG_PUSH + ;; Why axiom bool_not_def + (FORALL (a) (IFF (EQ (bool_not a) |@true|) (EQ a |@false|)))) + +(BG_PUSH + ;; Why axiom ite_true + (FORALL (x y) (EQ (ite |@true| x y) x))) + +(BG_PUSH + ;; Why axiom ite_false + (FORALL (x y) (EQ (ite |@false| x y) y))) + +(BG_PUSH + ;; Why axiom lt_int_bool_axiom + (FORALL (x y) (IFF (EQ (lt_int_bool x y) |@true|) (< x y)))) + +(BG_PUSH + ;; Why axiom le_int_bool_axiom + (FORALL (x y) (IFF (EQ (le_int_bool x y) |@true|) (<= x y)))) + +(BG_PUSH + ;; Why axiom gt_int_bool_axiom + (FORALL (x y) (IFF (EQ (gt_int_bool x y) |@true|) (> x y)))) + +(BG_PUSH + ;; Why axiom ge_int_bool_axiom + (FORALL (x y) (IFF (EQ (ge_int_bool x y) |@true|) (>= x y)))) + +(BG_PUSH + ;; Why axiom eq_int_bool_axiom + (FORALL (x y) (IFF (EQ (eq_int_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_int_bool_axiom + (FORALL (x y) (IFF (EQ (neq_int_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom abs_int_pos + (FORALL (x) (IMPLIES (>= x 0) (EQ (abs_int x) x)))) + +(BG_PUSH + ;; Why axiom abs_int_neg + (FORALL (x) (IMPLIES (<= x 0) (EQ (abs_int x) (- 0 x))))) + +(BG_PUSH + ;; Why axiom int_max_is_ge + (FORALL (x y) (AND (>= (int_max x y) x) (>= (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_max_is_some + (FORALL (x y) (OR (EQ (int_max x y) x) (EQ (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_le + (FORALL (x y) (AND (<= (int_min x y) x) (<= (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_some + (FORALL (x y) (OR (EQ (int_min x y) x) (EQ (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom real_of_int_zero + (EQ (real_of_int 0) real_constant_0_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_one + (EQ (real_of_int 1) real_constant_1_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_add + (FORALL (x y) + (EQ (real_of_int (+ x y)) (real_add (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom real_of_int_sub + (FORALL (x y) + (EQ (real_of_int (- x y)) (real_sub (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom truncate_down_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (AND (EQ (le_real (real_of_int (truncate_real_to_int x)) x) |@true|) + (EQ (lt_real x (real_of_int (+ (truncate_real_to_int x) 1))) |@true|))))) + +(BG_PUSH + ;; Why axiom truncate_up_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (AND (EQ (lt_real (real_of_int (- (truncate_real_to_int x) 1)) x) |@true|) + (EQ (le_real x (real_of_int (truncate_real_to_int x))) |@true|))))) + +(BG_PUSH + ;; Why axiom lt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (lt_real_bool x y) |@true|) (EQ (lt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom le_real_bool_axiom + (FORALL (x y) + (IFF (EQ (le_real_bool x y) |@true|) (EQ (le_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom gt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (gt_real_bool x y) |@true|) (EQ (gt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom ge_real_bool_axiom + (FORALL (x y) + (IFF (EQ (ge_real_bool x y) |@true|) (EQ (ge_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom eq_real_bool_axiom + (FORALL (x y) (IFF (EQ (eq_real_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_real_bool_axiom + (FORALL (x y) (IFF (EQ (neq_real_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom real_max_is_ge + (FORALL (x y) + (AND (EQ (ge_real (real_max x y) x) |@true|) + (EQ (ge_real (real_max x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_max_is_some + (FORALL (x y) (OR (EQ (real_max x y) x) (EQ (real_max x y) y)))) + +(BG_PUSH + ;; Why axiom real_min_is_le + (FORALL (x y) + (AND (EQ (le_real (real_min x y) x) |@true|) + (EQ (le_real (real_min x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_min_is_some + (FORALL (x y) (OR (EQ (real_min x y) x) (EQ (real_min x y) y)))) + +(BG_PUSH + ;; Why axiom sqr_real_def + (FORALL (x) (EQ (sqr_real x) (real_mul x x)))) + +(BG_PUSH + ;; Why axiom sqrt_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (ge_real (real_sqrt x) real_constant_0_0e) |@true|)))) + +(BG_PUSH + ;; Why axiom sqrt_sqr + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (sqr_real (real_sqrt x)) x)))) + +(BG_PUSH + ;; Why axiom sqr_sqrt + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (real_sqrt (real_mul x x)) x)))) + +(BG_PUSH + ;; Why axiom abs_real_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) (EQ (real_abs x) x)))) + +(BG_PUSH + ;; Why axiom abs_real_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (EQ (real_abs x) (real_neg x))))) + +(BG_PUSH + ;; Why axiom log_exp + (FORALL (x) (EQ (log (exp x)) x))) + +(BG_PUSH + ;; Why axiom exp_log + (FORALL (x) + (IMPLIES (EQ (gt_real x real_constant_0_0e) |@true|) (EQ (exp (log x)) x)))) + +(BG_PUSH + ;; Why axiom prod_pos + (FORALL (x y) + (AND + (IMPLIES + (AND (EQ (gt_real x real_constant_0_0e) |@true|) + (EQ (gt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|)) + (IMPLIES + (AND (EQ (lt_real x real_constant_0_0e) |@true|) + (EQ (lt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|))))) + +(BG_PUSH + ;; Why axiom abs_minus + (FORALL (x) (EQ (real_abs (real_neg x)) (real_abs x)))) + +(BG_PUSH + ;; Why axiom math_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (math_div x y)) (math_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (math_div x y)) (math_mod x y))))))) + +(BG_PUSH + ;; Why axiom math_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) + (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))))) + +(BG_PUSH + ;; Why axiom computer_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))))) + +(BG_PUSH + ;; Why axiom computer_div_bound + (FORALL (x y) + (IMPLIES (AND (>= x 0) (> y 0)) + (AND (<= 0 (computer_div x y)) (<= (computer_div x y) x))))) + +(BG_PUSH + ;; Why axiom computer_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) (< (abs_int (computer_mod x y)) (abs_int y)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (< (abs_int (computer_mod x y)) (abs_int y)))))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_pos + (FORALL (x y) (IMPLIES (AND (>= x 0) (NEQ y 0)) (>= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_neg + (FORALL (x y) (IMPLIES (AND (<= x 0) (NEQ y 0)) (<= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_rounds_toward_zero + (FORALL (x y) + (IMPLIES (NEQ y 0) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))))) + +(DEFPRED (valid a p) (AND (<= (offset_min a p) 0) (>= (offset_max a p) 0))) + +(DEFPRED (same_block p q) (EQ (base_block p) (base_block q))) + +(BG_PUSH + ;; Why axiom address_injective + (FORALL (p q) (IFF (EQ p q) (EQ (address p) (address q))))) + +(BG_PUSH + ;; Why axiom address_null + (EQ (address null) 0)) + +(BG_PUSH + ;; Why axiom address_shift_lt + (FORALL (p i j) + (IFF (< (address (shift p i)) (address (shift p j))) (< i j)))) + +(BG_PUSH + ;; Why axiom address_shift_le + (FORALL (p i j) + (IFF (<= (address (shift p i)) (address (shift p j))) (<= i j)))) + +(BG_PUSH + ;; Why axiom shift_zero + (FORALL (p) (EQ (shift p 0) p))) + +(BG_PUSH + ;; Why axiom shift_shift + (FORALL (p i j) (EQ (shift (shift p i) j) (shift p (+ i j))))) + +(BG_PUSH + ;; Why axiom offset_max_shift + (FORALL (a p i) (EQ (offset_max a (shift p i)) (- (offset_max a p) i)))) + +(BG_PUSH + ;; Why axiom offset_min_shift + (FORALL (a p i) (EQ (offset_min a (shift p i)) (- (offset_min a p) i)))) + +(BG_PUSH + ;; Why axiom neq_shift + (FORALL (p i j) (IMPLIES (NEQ i j) (NEQ (shift p i) (shift p j)))) + + (FORALL (i j) + (IMPLIES (NEQ i j) (FORALL (p) (NEQ (shift p i) (shift p j)))))) + +(BG_PUSH + ;; Why axiom null_not_valid + (FORALL (a) (NOT (valid a null)))) + +(BG_PUSH + ;; Why axiom null_pointer + (FORALL (a) + (AND (>= (offset_min a null) 0) (<= (offset_max a null) (- 0 2))))) + +(BG_PUSH + ;; Why axiom eq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (eq_pointer_bool p1 p2) |@true|) (EQ p1 p2)))) + +(BG_PUSH + ;; Why axiom neq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (neq_pointer_bool p1 p2) |@true|) (NEQ p1 p2)))) + +(BG_PUSH + ;; Why axiom same_block_shift_right + (FORALL (p q i) (IMPLIES (same_block p q) (same_block p (shift q i)))) + + (FORALL (p q) + (IMPLIES (same_block p q) (FORALL (i) (same_block p (shift q i)))))) + +(BG_PUSH + ;; Why axiom same_block_shift_left + (FORALL (p q i) (IMPLIES (same_block q p) (same_block (shift q i) p))) + + (FORALL (p q) + (IMPLIES (same_block q p) (FORALL (i) (same_block (shift q i) p))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift + (FORALL (p q) (IMPLIES (same_block p q) (EQ p (shift q (sub_pointer p q)))))) + +(BG_PUSH + ;; Why axiom sub_pointer_self + (FORALL (p) (EQ (sub_pointer p p) 0))) + +(BG_PUSH + ;; Why axiom sub_pointer_zero + (FORALL (p q) + (IMPLIES (same_block p q) (IMPLIES (EQ (sub_pointer p q) 0) (EQ p q))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_left + (FORALL (p q i) (EQ (sub_pointer (shift p i) q) (+ (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_right + (FORALL (p q i) (EQ (sub_pointer p (shift q i)) (- (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom select_store_eq + (FORALL (m p1 p2 a) + (IMPLIES (EQ p1 p2) (EQ (select (|why__store| m p1 a) p2) a))) + + (FORALL (p1 p2) + (IMPLIES (EQ p1 p2) (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) a))))) + +(BG_PUSH + ;; Why axiom select_store_neq + (FORALL (m p1 p2 a) + (IMPLIES (NEQ p1 p2) (EQ (select (|why__store| m p1 a) p2) (select m p2)))) + + (FORALL (p1 p2) + (IMPLIES (NEQ p1 p2) + (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) (select m p2)))))) + +(DEFPRED (pset_disjoint ps1 ps2) + (FORALL (p) + (NOT (AND (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|))))) + +(DEFPRED (pset_included ps1 ps2) + (FORALL (p) + (IMPLIES (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|)))) + +(BG_PUSH + ;; Why axiom pset_included_self + (FORALL (ps) (pset_included ps ps))) + +(BG_PUSH + ;; Why axiom pset_included_range + (FORALL (ps a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (pset_included (pset_range ps a b) (pset_range ps c d)))) + + (FORALL (a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (FORALL (ps) (pset_included (pset_range ps a b) (pset_range ps c d)))))) + +(BG_PUSH + ;; Why axiom pset_included_range_all + (FORALL (ps a b c d) (pset_included (pset_range ps a b) (pset_all ps)))) + +(BG_PUSH + ;; Why axiom in_pset_empty + (FORALL (p) (NOT (EQ (in_pset p pset_empty) |@true|)))) + +(BG_PUSH + ;; Why axiom in_pset_singleton + (FORALL (p q) (IFF (EQ (in_pset p (pset_singleton q)) |@true|) (EQ p q)))) + +(BG_PUSH + ;; Why axiom in_pset_deref + (FORALL (p m q) + (IFF (EQ (in_pset p (pset_deref m q)) |@true|) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))))))) + +(BG_PUSH + ;; Why axiom in_pset_all + (FORALL (p q) + (IFF (EQ (in_pset p (pset_all q)) |@true|) + (EXISTS (i) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))) + +(BG_PUSH + ;; Why axiom in_pset_range + (FORALL (p q a b) + (IFF (EQ (in_pset p (pset_range q a b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_left + (FORALL (p q b) + (IFF (EQ (in_pset p (pset_range_left q b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_right + (FORALL (p q a) + (IFF (EQ (in_pset p (pset_range_right q a)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_union + (FORALL (p s1 s2) + (IFF (EQ (in_pset p (pset_union s1 s2)) |@true|) + (OR (EQ (in_pset p s1) |@true|) (EQ (in_pset p s2) |@true|))))) + +(BG_PUSH + ;; Why axiom valid_pset_empty + (FORALL (a) (EQ (valid_pset a pset_empty) |@true|))) + +(BG_PUSH + ;; Why axiom valid_pset_singleton + (FORALL (a p) + (IFF (EQ (valid_pset a (pset_singleton p)) |@true|) (valid a p)))) + +(BG_PUSH + ;; Why axiom valid_pset_deref + (FORALL (a m q) + (IFF (EQ (valid_pset a (pset_deref m q)) |@true|) + (FORALL (r p) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))) (valid a p)))))) + +(BG_PUSH + ;; Why axiom valid_pset_range + (FORALL (a q c d) + (IFF (EQ (valid_pset a (pset_range q c d)) |@true|) + (FORALL (i r) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (AND (<= c i) (<= i d))) + (valid a (shift r i))))))) + +(BG_PUSH + ;; Why axiom valid_pset_union + (FORALL (a s1 s2) + (IFF (EQ (valid_pset a (pset_union s1 s2)) |@true|) + (AND (EQ (valid_pset a s1) |@true|) (EQ (valid_pset a s2) |@true|))))) + +(DEFPRED (not_assigns a m1 m2 l) + (FORALL (p) + (IMPLIES (AND (valid a p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (select m2 p) (select m1 p))))) + +(BG_PUSH + ;; Why axiom not_assigns_refl + (FORALL (a m l) (not_assigns a m m l))) + +(BG_PUSH + ;; Why axiom not_assigns_trans + (FORALL (a m1 m2 m3 l) + (IMPLIES (not_assigns a m1 m2 l) + (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))) + + (FORALL (a m1 m2 l) + (IMPLIES (not_assigns a m1 m2 l) + (FORALL (m3) (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))))) + +(BG_PUSH + ;; Why axiom full_separated_shift1 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift2 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift3 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift4 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom subtag_bool_def + (FORALL (t1 t2) + (IFF (EQ (subtag_bool t1 t2) |@true|) (EQ (subtag t1 t2) |@true|)))) + +(BG_PUSH + ;; Why axiom subtag_refl + (FORALL (t) (EQ (subtag t t) |@true|))) + +(BG_PUSH + ;; Why axiom subtag_parent + (FORALL (t1 t2 t3) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))) + + (FORALL (t1 t2) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (FORALL (t3) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))))) + +(DEFPRED (instanceof a p t) (EQ (subtag (typeof a p) t) |@true|)) + +(BG_PUSH + ;; Why axiom downcast_instanceof + (FORALL (a p s) (IMPLIES (instanceof a p s) (EQ (downcast a p s) p)))) + +(BG_PUSH + ;; Why axiom bottom_tag_axiom + (FORALL (t) (EQ (subtag t bottom_tag) |@true|))) + +(DEFPRED (root_tag t) (EQ (parenttag t bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom root_subtag + (FORALL (a b c) + (IMPLIES (root_tag a) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|))))))) + + (FORALL (a) + (IMPLIES (root_tag a) + (FORALL (b) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (FORALL (c) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|)))))))))) + +(DEFPRED (fully_packed tag_table mutable this) + (EQ (select mutable this) (typeof tag_table this))) + +(BG_PUSH + ;; Why axiom bw_and_not_null + (FORALL (a b) (IMPLIES (NEQ (bw_and a b) 0) (AND (NEQ a 0) (NEQ b 0))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsl a b))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_monotone + (FORALL (a1 a2 b) + (IMPLIES (AND (<= 0 a1) (AND (<= a1 a2) (<= 0 b))) + (<= (lsl a1 b) (lsl a2 b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_decreases + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_positive_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (asr a b))))) + +(BG_PUSH + ;; Why axiom asr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (asr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_lsr_same_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (asr a b) (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsl_of_lsr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsl (lsr a b) b) a)))) + +(BG_PUSH + ;; Why axiom lsr_of_lsl_identity_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (lsr (lsl a b) b) a)))) + +(DEFPRED (alloc_fresh a p n) + (FORALL (i) (IMPLIES (AND (<= 0 i) (< i n)) (NOT (valid a (shift p i)))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_min + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_max + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_not_assigns_empty + (FORALL (a1 a2 m1 m2 l p n) + (IMPLIES + (AND (EQ (alloc_extends a1 a2) |@true|) + (AND (alloc_fresh a1 p n) + (AND (not_assigns a2 m1 m2 l) + (pset_included l (pset_all (pset_singleton p)))))) + (not_assigns a1 m1 m2 pset_empty)))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_min + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_max + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom disj_sym + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) (EQ (disj_mybag s2 s1) |@true|)))) + +(BG_PUSH + ;; Why axiom sub_refl + (FORALL (sa) (EQ (sub_mybag sa sa) |@true|))) + +(BG_PUSH + ;; Why axiom sub_disj + (FORALL (s1 s2 s3) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))) + + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (FORALL (s3) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))))) + +(BG_PUSH + ;; Why axiom sub_in + (FORALL (s1 s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))) + + (FORALL (s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (FORALL (s1) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_refl + (FORALL (sa m) (EQ (frame_between sa m m) |@true|))) + +(BG_PUSH + ;; Why axiom frame_between_gen + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (FORALL (v) (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen2 + (FORALL (sa m1 m2 m3) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub1 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 s13) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (FORALL (m2 m1) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s23 m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub2 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 m1 m2) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s13 s23) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_pointer + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (EQ (select m1 p) (select m2 p))))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (FORALL (v) (EQ (select m1 p) (select m2 p)))))))) + +(BG_PUSH + ;; Why axiom frame_between_sub + (FORALL (sa sb m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (sb) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))))) + +(DEFPRED (Swap a i j intP_intM_a_1_at_L2 intP_intM_a_1_at_L1) + (AND + (EQ (select intP_intM_a_1_at_L1 (shift a i)) + (select intP_intM_a_1_at_L2 (shift a j))) + (AND + (EQ (select intP_intM_a_1_at_L1 (shift a j)) + (select intP_intM_a_1_at_L2 (shift a i))) + (FORALL (k) + (IMPLIES (AND (NEQ k i) (NEQ k j)) + (EQ (select intP_intM_a_1_at_L1 (shift a k)) + (select intP_intM_a_1_at_L2 (shift a k)))))))) + +(BG_PUSH + ;; Why axiom Permut_inversion + (FORALL (aux_1 aux_2 aux_3 aux_4 aux_5) + (IMPLIES (EQ (Permut aux_1 aux_2 aux_3 aux_4 aux_5) |@true|) + (OR + (EXISTS (intP_intM_a_0_2_at_L) + (EXISTS (a_1) + (EXISTS (l_0) + (EXISTS (h_0) + (AND (EQ aux_1 a_1) + (AND (EQ aux_2 l_0) + (AND (EQ aux_3 h_0) + (AND (EQ aux_4 intP_intM_a_0_2_at_L) (EQ aux_5 intP_intM_a_0_2_at_L))))))))) + (OR + (EXISTS (intP_intM_a_0_2_at_L2) + (EXISTS (intP_intM_a_0_2_at_L1) + (EXISTS (a_2) + (EXISTS (l_1) + (EXISTS (h_1) + (AND + (EQ (Permut + a_2 l_1 h_1 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (AND (EQ aux_1 a_2) + (AND (EQ aux_2 l_1) + (AND (EQ aux_3 h_1) + (AND (EQ aux_4 intP_intM_a_0_2_at_L1) (EQ aux_5 intP_intM_a_0_2_at_L2))))))))))) + (OR + (EXISTS (intP_intM_a_0_2_at_L3) + (EXISTS (intP_intM_a_0_2_at_L2) + (EXISTS (intP_intM_a_0_2_at_L1) + (EXISTS (a_3) + (EXISTS (l_2) + (EXISTS (h_2) + (AND + (AND + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L2) |@true|)) + (AND (EQ aux_1 a_3) + (AND (EQ aux_2 l_2) + (AND (EQ aux_3 h_2) + (AND (EQ aux_4 intP_intM_a_0_2_at_L3) (EQ aux_5 intP_intM_a_0_2_at_L1)))))))))))) + (EXISTS (intP_intM_a_0_2_at_L2) + (EXISTS (intP_intM_a_0_2_at_L1) + (EXISTS (a_4) + (EXISTS (l_3) + (EXISTS (h_3) + (EXISTS (i_0) + (EXISTS (j_0) + (AND + (AND (<= l_3 i_0) + (AND (<= i_0 h_3) + (AND (<= l_3 j_0) + (AND (<= j_0 h_3) + (Swap a_4 i_0 j_0 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1))))) + (AND (EQ aux_1 a_4) + (AND (EQ aux_2 l_3) + (AND (EQ aux_3 h_3) + (AND (EQ aux_4 intP_intM_a_0_2_at_L2) (EQ aux_5 intP_intM_a_0_2_at_L1))))))))))))))))))) + +(BG_PUSH + ;; Why axiom Permut_refl + (FORALL (intP_intM_a_0_2_at_L a_1 l_0 h_0) + (EQ (Permut a_1 l_0 h_0 intP_intM_a_0_2_at_L intP_intM_a_0_2_at_L) |@true|))) + +(BG_PUSH + ;; Why axiom Permut_sym + (FORALL (intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1 a_2 l_1 h_1) + (IMPLIES + (EQ (Permut + a_2 l_1 h_1 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (EQ (Permut + a_2 l_1 h_1 intP_intM_a_0_2_at_L1 intP_intM_a_0_2_at_L2) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_trans + (FORALL (intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1 a_3 l_2 h_2) + (IMPLIES + (AND + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L2) |@true|)) + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L1) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_swap + (FORALL (intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1 a_4 l_3 h_3 i_0 j_0) + (IMPLIES + (AND (<= l_3 i_0) + (AND (<= i_0 h_3) + (AND (<= l_3 j_0) + (AND (<= j_0 h_3) + (Swap a_4 i_0 j_0 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1))))) + (EQ (Permut + a_4 l_3 h_3 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|)))) + +(DEFPRED (Sorted a_5 l_4 h_4 intP_intM_a_5_3_at_L) + (FORALL (i_1 j_1) + (IMPLIES (AND (<= l_4 i_1) (AND (<= i_1 j_1) (< j_1 h_4))) + (<= (select intP_intM_a_5_3_at_L (shift a_5 i_1)) (select + intP_intM_a_5_3_at_L + (shift a_5 j_1)))))) + +(BG_PUSH + ;; Why axiom charP_int + (EQ (int_of_tag charP_tag) 1)) + +(BG_PUSH + ;; Why axiom charP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (charP_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom charP_parenttag_bottom + (EQ (parenttag charP_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom charP_tags + (FORALL (x charP_tag_table) (instanceof charP_tag_table x charP_tag))) + +(BG_PUSH + ;; Why axiom intP_int + (EQ (int_of_tag intP_tag) 1)) + +(BG_PUSH + ;; Why axiom intP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (intP_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom intP_parenttag_bottom + (EQ (parenttag intP_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom intP_tags + (FORALL (x intP_tag_table) (instanceof intP_tag_table x intP_tag))) + +(DEFPRED (left_valid_struct_charP p a charP_alloc_table) + (<= (offset_min charP_alloc_table p) a)) + +(DEFPRED (left_valid_struct_intP p a intP_alloc_table) + (<= (offset_min intP_alloc_table p) a)) + +(DEFPRED (left_valid_struct_voidP p a voidP_alloc_table) + (<= (offset_min voidP_alloc_table p) a)) + +(BG_PUSH + ;; Why axiom pointer_addr_of_charP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (charP_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_intP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (intP_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_voidP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (voidP_of_pointer_address p))))) + +(DEFPRED (right_valid_struct_charP p b charP_alloc_table) + (>= (offset_max charP_alloc_table p) b)) + +(DEFPRED (right_valid_struct_intP p b intP_alloc_table) + (>= (offset_max intP_alloc_table p) b)) + +(DEFPRED (right_valid_struct_voidP p b voidP_alloc_table) + (>= (offset_max voidP_alloc_table p) b)) + +(DEFPRED (strict_valid_root_charP p a b charP_alloc_table) + (AND (EQ (offset_min charP_alloc_table p) a) + (EQ (offset_max charP_alloc_table p) b))) + +(DEFPRED (strict_valid_root_intP p a b intP_alloc_table) + (AND (EQ (offset_min intP_alloc_table p) a) + (EQ (offset_max intP_alloc_table p) b))) + +(DEFPRED (strict_valid_root_voidP p a b voidP_alloc_table) + (AND (EQ (offset_min voidP_alloc_table p) a) + (EQ (offset_max voidP_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_charP p a b charP_alloc_table) + (AND (EQ (offset_min charP_alloc_table p) a) + (EQ (offset_max charP_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_intP p a b intP_alloc_table) + (AND (EQ (offset_min intP_alloc_table p) a) + (EQ (offset_max intP_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_voidP p a b voidP_alloc_table) + (AND (EQ (offset_min voidP_alloc_table p) a) + (EQ (offset_max voidP_alloc_table p) b))) + +(DEFPRED (valid_root_charP p a b charP_alloc_table) + (AND (<= (offset_min charP_alloc_table p) a) + (>= (offset_max charP_alloc_table p) b))) + +(DEFPRED (valid_root_intP p a b intP_alloc_table) + (AND (<= (offset_min intP_alloc_table p) a) + (>= (offset_max intP_alloc_table p) b))) + +(DEFPRED (valid_root_voidP p a b voidP_alloc_table) + (AND (<= (offset_min voidP_alloc_table p) a) + (>= (offset_max voidP_alloc_table p) b))) + +(DEFPRED (valid_struct_charP p a b charP_alloc_table) + (AND (<= (offset_min charP_alloc_table p) a) + (>= (offset_max charP_alloc_table p) b))) + +(DEFPRED (valid_struct_intP p a b intP_alloc_table) + (AND (<= (offset_min intP_alloc_table p) a) + (>= (offset_max intP_alloc_table p) b))) + +(DEFPRED (valid_struct_voidP p a b voidP_alloc_table) + (AND (<= (offset_min voidP_alloc_table p) a) + (>= (offset_max voidP_alloc_table p) b))) + +(BG_PUSH + ;; Why axiom voidP_int + (EQ (int_of_tag voidP_tag) 1)) + +(BG_PUSH + ;; Why axiom voidP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (voidP_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom voidP_parenttag_bottom + (EQ (parenttag voidP_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom voidP_tags + (FORALL (x voidP_tag_table) (instanceof voidP_tag_table x voidP_tag))) + +;; insert_sort_ensures_default_po_1, File "HOME/tests/c/insertion_sort.c", line 39, characters 12-27 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(FORALL (intP_intM_t_4) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (<= n 1) (Sorted t 0 (- n 1) intP_intM_t_4))))))) + +;; insert_sort_ensures_default_po_2, File "HOME/tests/c/insertion_sort.c", line 46, characters 21-34 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(FORALL (intP_intM_t_4) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) (IMPLIES (EQ i_2 1) (Sorted t 0 i_2 intP_intM_t_4))))))))) + +;; insert_sort_ensures_default_po_3, File "HOME/tests/c/insertion_sort.c", line 45, characters 21-27 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) (FORALL (i_2) (IMPLIES (EQ i_2 1) (<= 0 i_2)))))))) + +;; insert_sort_ensures_default_po_4, File "HOME/tests/c/insertion_sort.c", line 45, characters 26-32 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) (FORALL (i_2) (IMPLIES (EQ i_2 1) (<= i_2 n)))))))) + +;; insert_sort_ensures_default_po_5, File "HOME/tests/c/insertion_sort.c", line 55, characters 23-66 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (k_0) +(IMPLIES (AND (<= j_2 k_0) (< k_0 i_2_0)) +(> (select intP_intM_t_4_0 (shift t k_0)) mv)))))))))))))))))))) + +;; insert_sort_ensures_default_po_6, File "HOME/tests/c/insertion_sort.c", line 54, characters 23-48 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(IMPLIES (< j_2 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0))))))))))))))))))) + +;; insert_sort_ensures_default_po_7, File "HOME/tests/c/insertion_sort.c", line 52, characters 23-29 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) (FORALL (j_2) (IMPLIES (EQ j_2 i_2_0) (<= 0 j_2)))))))))))))))))) + +;; insert_sort_ensures_default_po_8, File "HOME/tests/c/insertion_sort.c", line 52, characters 28-34 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) (IMPLIES (EQ j_2 i_2_0) (<= j_2 i_2_0)))))))))))))))))) + +;; insert_sort_ensures_default_po_9, File "HOME/tests/c/insertion_sort.c", line 46, characters 21-34 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(IMPLIES (<= result0 mv) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) mv)) +(FORALL (i_2_1) +(IMPLIES (EQ i_2_1 (+ i_2_0 1)) (Sorted t 0 i_2_1 intP_intM_t_4_2))))))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_10, File "HOME/tests/c/insertion_sort.c", line 45, characters 21-27 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(IMPLIES (<= result0 mv) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) mv)) +(FORALL (i_2_1) (IMPLIES (EQ i_2_1 (+ i_2_0 1)) (<= 0 i_2_1))))))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_11, File "HOME/tests/c/insertion_sort.c", line 45, characters 26-32 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(IMPLIES (<= result0 mv) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) mv)) +(FORALL (i_2_1) (IMPLIES (EQ i_2_1 (+ i_2_0 1)) (<= i_2_1 n))))))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_12, File "HOME/tests/c/insertion_sort.c", line 55, characters 23-66 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(IMPLIES (> result0 mv) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) result1)) +(FORALL (j_2_1) +(IMPLIES (EQ j_2_1 (- j_2_0 1)) +(FORALL (k_0) +(IMPLIES (AND (<= j_2_1 k_0) (< k_0 i_2_0)) +(> (select intP_intM_t_4_2 (shift t k_0)) mv))))))))))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_13, File "HOME/tests/c/insertion_sort.c", line 54, characters 23-48 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(IMPLIES (> result0 mv) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) result1)) +(FORALL (j_2_1) +(IMPLIES (EQ j_2_1 (- j_2_0 1)) +(IMPLIES (< j_2_1 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_2)))))))))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_14, File "HOME/tests/c/insertion_sort.c", line 53, characters 23-47 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(IMPLIES (> result0 mv) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) result1)) +(FORALL (j_2_1) +(IMPLIES (EQ j_2_1 (- j_2_0 1)) +(IMPLIES (EQ j_2_1 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_2)))))))))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_15, File "HOME/tests/c/insertion_sort.c", line 52, characters 23-29 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(IMPLIES (> result0 mv) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) result1)) +(FORALL (j_2_1) (IMPLIES (EQ j_2_1 (- j_2_0 1)) (<= 0 j_2_1))))))))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_16, File "HOME/tests/c/insertion_sort.c", line 52, characters 28-34 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(IMPLIES (> result0 mv) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_4_1 (shift t (- j_2_0 1)))) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) result1)) +(FORALL (j_2_1) (IMPLIES (EQ j_2_1 (- j_2_0 1)) (<= j_2_1 i_2_0))))))))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_17, File "HOME/tests/c/insertion_sort.c", line 46, characters 21-34 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (<= j_2_0 0) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) mv)) +(FORALL (i_2_1) +(IMPLIES (EQ i_2_1 (+ i_2_0 1)) (Sorted t 0 i_2_1 intP_intM_t_4_2)))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_18, File "HOME/tests/c/insertion_sort.c", line 45, characters 21-27 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (<= j_2_0 0) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) mv)) +(FORALL (i_2_1) (IMPLIES (EQ i_2_1 (+ i_2_0 1)) (<= 0 i_2_1)))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_19, File "HOME/tests/c/insertion_sort.c", line 45, characters 26-32 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4_0 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_1) +(FORALL (j_2_0) +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_1 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_1)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_1)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (<= j_2_0 0) +(FORALL (intP_intM_t_4_2) +(IMPLIES (EQ intP_intM_t_4_2 + (|why__store| intP_intM_t_4_1 (shift t j_2_0) mv)) +(FORALL (i_2_1) (IMPLIES (EQ i_2_1 (+ i_2_0 1)) (<= i_2_1 n)))))))))))))))))))))))))) + +;; insert_sort_ensures_default_po_20, File "HOME/tests/c/insertion_sort.c", line 39, characters 12-27 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4_0) +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4_0) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (>= i_2_0 n) (Sorted t 0 (- n 1) intP_intM_t_4_0)))))))))))) + +;; insert_sort_safety_po_1, File "HOME/tests/c/insertion_sort.c", line 51, characters 9-13 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) (<= (offset_min intP_t_4_alloc_table t) i_2_0))))))))))))) + +;; insert_sort_safety_po_2, File "HOME/tests/c/insertion_sort.c", line 51, characters 9-13 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) (<= i_2_0 (offset_max intP_t_4_alloc_table t)))))))))))))) + +;; insert_sort_safety_po_3, File "HOME/tests/c/insertion_sort.c", line 60, characters 10-16 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)))))))))))))))))))))))))) + +;; insert_sort_safety_po_4, File "HOME/tests/c/insertion_sort.c", line 60, characters 10-16 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t)))))))))))))))))))))))))) + +;; insert_sort_safety_po_5, File "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc", line 141, characters 24-59 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(IMPLIES (<= result0 mv) (<= (offset_min intP_t_4_alloc_table t) j_2_0))))))))))))))))))))))))))))) + +;; insert_sort_safety_po_6, File "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc", line 141, characters 24-59 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(IMPLIES (<= result0 mv) (<= j_2_0 (offset_max intP_t_4_alloc_table t)))))))))))))))))))))))))))))) + +;; insert_sort_safety_po_7, File "HOME/tests/c/insertion_sort.c", line 47, characters 19-22 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(IMPLIES (<= result0 mv) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) j_2_0) + (<= j_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (intP_intM_t_4_1) +(IMPLIES (EQ intP_intM_t_4_1 + (|why__store| intP_intM_t_4_0 (shift t j_2_0) mv)) +(FORALL (i_2_1) (IMPLIES (EQ i_2_1 (+ i_2_0 1)) (<= 0 (- n i_2_0))))))))))))))))))))))))))))))))))) + +;; insert_sort_safety_po_8, File "HOME/tests/c/insertion_sort.c", line 47, characters 19-22 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(IMPLIES (<= result0 mv) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) j_2_0) + (<= j_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (intP_intM_t_4_1) +(IMPLIES (EQ intP_intM_t_4_1 + (|why__store| intP_intM_t_4_0 (shift t j_2_0) mv)) +(FORALL (i_2_1) (IMPLIES (EQ i_2_1 (+ i_2_0 1)) (< (- n i_2_1) (- n i_2_0))))))))))))))))))))))))))))))))))) + +;; insert_sort_safety_po_9, File "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc", line 130, characters 33-450 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(IMPLIES (> result0 mv) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(<= (offset_min intP_t_4_alloc_table t) j_2_0)))))))))))))))))))))))))))))))) + +;; insert_sort_safety_po_10, File "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc", line 130, characters 33-450 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(IMPLIES (> result0 mv) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(<= j_2_0 (offset_max intP_t_4_alloc_table t))))))))))))))))))))))))))))))))) + +;; insert_sort_safety_po_11, File "HOME/tests/c/insertion_sort.c", line 56, characters 21-22 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(IMPLIES (> result0 mv) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) j_2_0) + (<= j_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (intP_intM_t_4_1) +(IMPLIES (EQ intP_intM_t_4_1 + (|why__store| intP_intM_t_4_0 (shift t j_2_0) result1)) +(FORALL (j_2_1) (IMPLIES (EQ j_2_1 (- j_2_0 1)) (<= 0 j_2_0))))))))))))))))))))))))))))))))))))) + +;; insert_sort_safety_po_12, File "HOME/tests/c/insertion_sort.c", line 56, characters 21-22 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (> j_2_0 0) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(IMPLIES (> result0 mv) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) (- j_2_0 1)) + (<= (- j_2_0 1) (offset_max intP_t_4_alloc_table t))) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_4_0 (shift t (- j_2_0 1)))) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) j_2_0) + (<= j_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (intP_intM_t_4_1) +(IMPLIES (EQ intP_intM_t_4_1 + (|why__store| intP_intM_t_4_0 (shift t j_2_0) result1)) +(FORALL (j_2_1) (IMPLIES (EQ j_2_1 (- j_2_0 1)) (< j_2_1 j_2_0))))))))))))))))))))))))))))))))))))) + +;; insert_sort_safety_po_13, File "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc", line 141, characters 24-59 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (<= j_2_0 0) (<= (offset_min intP_t_4_alloc_table t) j_2_0))))))))))))))))))))))))) + +;; insert_sort_safety_po_14, File "HOME/tests/c/insertion_sort.jessie/insertion_sort.jc", line 141, characters 24-59 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (<= j_2_0 0) (<= j_2_0 (offset_max intP_t_4_alloc_table t)))))))))))))))))))))))))) + +;; insert_sort_safety_po_15, File "HOME/tests/c/insertion_sort.c", line 47, characters 19-22 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (<= j_2_0 0) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) j_2_0) + (<= j_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (intP_intM_t_4_1) +(IMPLIES (EQ intP_intM_t_4_1 + (|why__store| intP_intM_t_4_0 (shift t j_2_0) mv)) +(FORALL (i_2_1) (IMPLIES (EQ i_2_1 (+ i_2_0 1)) (<= 0 (- n i_2_0))))))))))))))))))))))))))))))) + +;; insert_sort_safety_po_16, File "HOME/tests/c/insertion_sort.c", line 47, characters 19-22 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) 0) + (>= (offset_max intP_t_4_alloc_table t) (- n 1))) +(IMPLIES (> n 1) +(FORALL (i_2) +(IMPLIES (EQ i_2 1) +(FORALL (i_2_0) +(FORALL (intP_intM_t_4) +(IMPLIES TRUE +(IMPLIES (AND (Sorted t 0 i_2_0 intP_intM_t_4) + (AND (<= 0 i_2_0) (<= i_2_0 n))) +(IMPLIES (< i_2_0 n) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) i_2_0) + (<= i_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_4 (shift t i_2_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (j_2) +(IMPLIES (EQ j_2 i_2_0) +(FORALL (intP_intM_t_4_0) +(FORALL (j_2_0) +(IMPLIES TRUE +(IMPLIES (AND + (FORALL (k_0) + (IMPLIES (AND (<= j_2_0 k_0) (< k_0 i_2_0)) + (> (select intP_intM_t_4_0 (shift t k_0)) mv))) + (AND + (IMPLIES (< j_2_0 i_2_0) (Sorted t 0 (+ i_2_0 1) intP_intM_t_4_0)) + (AND (IMPLIES (EQ j_2_0 i_2_0) (Sorted t 0 i_2_0 intP_intM_t_4_0)) + (AND (<= 0 j_2_0) (<= j_2_0 i_2_0))))) +(IMPLIES (<= j_2_0 0) +(IMPLIES (AND (<= (offset_min intP_t_4_alloc_table t) j_2_0) + (<= j_2_0 (offset_max intP_t_4_alloc_table t))) +(FORALL (intP_intM_t_4_1) +(IMPLIES (EQ intP_intM_t_4_1 + (|why__store| intP_intM_t_4_0 (shift t j_2_0) mv)) +(FORALL (i_2_1) (IMPLIES (EQ i_2_1 (+ i_2_0 1)) (< (- n i_2_1) (- n i_2_0))))))))))))))))))))))))))))))) + +========== running Simplify ========== +Running Simplify on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +simplify/insertion_sort_why.sx: .................................... (36/0/0/0/0) +total : 36 +valid : 36 (100%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 0 ( 0%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/isqrt.res.oracle why-2.30+dfsg/tests/c/oracle/isqrt.res.oracle --- why-2.29+dfsg/tests/c/oracle/isqrt.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/isqrt.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,2360 @@ +========== file tests/c/isqrt.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + + +#pragma JessieIntegerModel(math) + +//@ logic integer sqr(integer x) = x * x; + +/*@ requires x >= 0; + @ ensures \result >= 0 && sqr(\result) <= x && x < sqr(\result + 1); + @*/ +int isqrt(int x) { + int count = 0, sum = 1; + /*@ loop invariant count >= 0 && x >= sqr(count) && sum == sqr(count+1); + @ loop variant x - count; + @*/ + while (sum <= x) sum += 2 * ++count + 1; + return count; +} + +//@ ensures \result == 4; +int main () { + int r; + r = isqrt(17); + //@ assert r < 4 ==> \false; + //@ assert r > 4 ==> \false; + return r; +} + +/* +Local Variables: +compile-command: "make isqrt.why3ml" +End: +*/ + + +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/isqrt.c" +[jessie] Starting Jessie translation +[jessie] Producing Jessie files in subdir tests/c/isqrt.jessie +[jessie] File tests/c/isqrt.jessie/isqrt.jc written. +[jessie] File tests/c/isqrt.jessie/isqrt.cloc written. +========== file tests/c/isqrt.jessie/isqrt.jc ========== +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +tag charP = { + integer charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +logic integer sqr(integer x) = +(x * x) + +integer isqrt(integer x) + requires (C_20 : (x >= 0)); +behavior default: + ensures (C_15 : (((C_17 : (\result >= 0)) && + (C_18 : (sqr(\result) <= \at(x,Old)))) && + (C_19 : (\at(x,Old) < sqr((\result + 1)))))); +{ + (var integer count); + + (var integer sum); + + { (C_1 : (count = 0)); + (C_2 : (sum = 1)); + + loop + behavior default: + invariant (C_4 : (((C_6 : (count >= 0)) && (C_7 : (x >= sqr(count)))) && + (C_8 : (sum == sqr((count + 1)))))); + variant (C_3 : (x - count)); + while (true) + { + { (if (sum <= x) then () else + (goto while_0_break)); + + { (C_10 : (count = (C_9 : (count + 1)))); + (C_14 : (sum = (C_13 : (sum + + (C_12 : ((C_11 : (2 * count)) + 1)))))) + } + } + }; + (while_0_break : ()); + + (return count) + } +} + +integer main() +behavior default: + ensures (C_25 : (\result == 4)); +{ + (var integer r); + + { (C_22 : (r = (C_21 : isqrt(17)))); + + { + (assert for default: (C_23 : ((r < 4) ==> false))); + () + }; + + { + (assert for default: (C_24 : ((r > 4) ==> false))); + () + }; + + (return r) + } +} +========== file tests/c/isqrt.jessie/isqrt.cloc ========== +[isqrt] +name = "Function isqrt" +file = "HOME/tests/c/isqrt.c" +line = 40 +begin = 4 +end = 9 + +[main] +name = "Function main" +file = "HOME/tests/c/isqrt.c" +line = 50 +begin = 4 +end = 8 + +[C_10] +file = "HOME/tests/c/isqrt.c" +line = 45 +begin = 30 +end = 37 + +[C_11] +file = "HOME/tests/c/isqrt.c" +line = 45 +begin = 26 +end = 37 + +[C_12] +file = "HOME/tests/c/isqrt.c" +line = 45 +begin = 26 +end = 41 + +[C_13] +file = "HOME/tests/c/isqrt.c" +line = 45 +begin = 19 +end = 41 + +[C_14] +file = "HOME/tests/c/isqrt.c" +line = 45 +begin = 19 +end = 41 + +[C_15] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 12 +end = 69 + +[C_16] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 12 +end = 45 + +[C_17] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 12 +end = 24 + +[C_18] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 28 +end = 45 + +[C_19] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 49 +end = 69 + +[C_1] +file = "HOME/tests/c/isqrt.c" +line = 41 +begin = 2 +end = 5 + +[C_2] +file = "HOME/tests/c/isqrt.c" +line = 41 +begin = 2 +end = 5 + +[C_3] +file = "HOME/tests/c/isqrt.c" +line = 43 +begin = 19 +end = 28 + +[C_4] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 21 +end = 73 + +[C_20] +file = "HOME/tests/c/isqrt.c" +line = 37 +begin = 13 +end = 19 + +[C_5] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 21 +end = 50 + +[C_21] +file = "HOME/tests/c/isqrt.c" +line = 52 +begin = 6 +end = 15 + +[C_6] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 21 +end = 31 + +[C_22] +file = "HOME/tests/c/isqrt.c" +line = 52 +begin = 6 +end = 15 + +[C_7] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 35 +end = 50 + +[C_23] +file = "HOME/tests/c/isqrt.c" +line = 53 +begin = 13 +end = 29 + +[C_8] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 54 +end = 73 + +[C_24] +file = "HOME/tests/c/isqrt.c" +line = 54 +begin = 13 +end = 29 + +[C_9] +file = "HOME/tests/c/isqrt.c" +line = 45 +begin = 30 +end = 37 + +[C_25] +file = "HOME/tests/c/isqrt.c" +line = 49 +begin = 12 +end = 24 + +========== jessie execution ========== +Generating Why function isqrt +Generating Why function main +========== file tests/c/isqrt.jessie/isqrt.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs isqrt.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs isqrt.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/isqrt_why.sx + +project: why/isqrt.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/isqrt_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/isqrt_why.vo + +coq/isqrt_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/isqrt_why.v: why/isqrt.why + @echo 'why -coq [...] why/isqrt.why' && $(WHY) $(JESSIELIBFILES) why/isqrt.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/isqrt_ctx_why.vo + for f in why/*_po*.why; do make -f isqrt.makefile coq/`basename $$f .why`_why.v ; done + +coq/isqrt_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/isqrt_ctx_why.v: why/isqrt_ctx.why + @echo 'why -coq [...] why/isqrt_ctx.why' && $(WHY) why/isqrt_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export isqrt_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/isqrt_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/isqrt_ctx_why.vo + +pvs: pvs/isqrt_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/isqrt_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/isqrt_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/isqrt_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/isqrt_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/isqrt_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/isqrt_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/isqrt_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/isqrt_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/isqrt_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/isqrt_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/isqrt_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/isqrt_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/isqrt_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/isqrt_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: isqrt.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/isqrt_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/isqrt_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: isqrt.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include isqrt.depend + +depend: coq/isqrt_why.v + -$(COQDEP) -I coq coq/isqrt*_why.v > isqrt.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/isqrt.jessie/isqrt.loc ========== +[main_ensures_default] +name = "Function main" +behavior = "default behavior" +file = "HOME/tests/c/isqrt.c" +line = 50 +begin = 4 +end = 8 + +[JC_40] +file = "HOME/tests/c/isqrt.c" +line = 54 +begin = 13 +end = 29 + +[JC_41] +kind = UserCall +file = "HOME/tests/c/isqrt.c" +line = 52 +begin = 6 +end = 15 + +[JC_42] +file = "HOME/tests/c/isqrt.c" +line = 53 +begin = 13 +end = 29 + +[JC_43] +file = "HOME/tests/c/isqrt.c" +line = 54 +begin = 13 +end = 29 + +[JC_1] +file = "HOME/tests/c/isqrt.c" +line = 37 +begin = 13 +end = 19 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_3] +file = "HOME/tests/c/isqrt.c" +line = 37 +begin = 13 +end = 19 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 12 +end = 24 + +[JC_6] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 28 +end = 45 + +[JC_7] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 49 +end = 69 + +[JC_8] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 12 +end = 69 + +[JC_9] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 12 +end = 24 + +[isqrt_safety] +name = "Function isqrt" +behavior = "Safety" +file = "HOME/tests/c/isqrt.c" +line = 40 +begin = 4 +end = 9 + +[JC_10] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 28 +end = 45 + +[JC_11] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 49 +end = 69 + +[JC_12] +file = "HOME/tests/c/isqrt.c" +line = 38 +begin = 12 +end = 69 + +[JC_13] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_14] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_15] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 21 +end = 31 + +[JC_16] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 35 +end = 50 + +[JC_17] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 54 +end = 73 + +[JC_18] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 21 +end = 73 + +[JC_19] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_20] +file = "HOME/tests/c/isqrt.jessie/isqrt.jc" +line = 40 +begin = 6 +end = 546 + +[JC_21] +file = "HOME/tests/c/isqrt.jessie/isqrt.jc" +line = 40 +begin = 6 +end = 546 + +[JC_22] +file = "HOME/tests/c/isqrt.c" +line = 43 +begin = 19 +end = 28 + +[JC_23] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 21 +end = 31 + +[JC_24] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 35 +end = 50 + +[JC_25] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 54 +end = 73 + +[JC_26] +file = "HOME/tests/c/isqrt.c" +line = 42 +begin = 21 +end = 73 + +[JC_27] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_28] +file = "HOME/tests/c/isqrt.jessie/isqrt.jc" +line = 40 +begin = 6 +end = 546 + +[JC_29] +file = "HOME/tests/c/isqrt.jessie/isqrt.jc" +line = 40 +begin = 6 +end = 546 + +[isqrt_ensures_default] +name = "Function isqrt" +behavior = "default behavior" +file = "HOME/tests/c/isqrt.c" +line = 40 +begin = 4 +end = 9 + +[JC_30] +file = "HOME/tests/c/isqrt.c" +line = 50 +begin = 4 +end = 8 + +[JC_31] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_32] +file = "HOME/tests/c/isqrt.c" +line = 50 +begin = 4 +end = 8 + +[JC_33] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_34] +file = "HOME/tests/c/isqrt.c" +line = 49 +begin = 12 +end = 24 + +[main_safety] +name = "Function main" +behavior = "Safety" +file = "HOME/tests/c/isqrt.c" +line = 50 +begin = 4 +end = 8 + +[JC_35] +file = "HOME/tests/c/isqrt.c" +line = 49 +begin = 12 +end = 24 + +[JC_36] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_37] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_38] +kind = UserCall +file = "HOME/tests/c/isqrt.c" +line = 52 +begin = 6 +end = 15 + +[JC_39] +file = "HOME/tests/c/isqrt.c" +line = 53 +begin = 13 +end = 29 + +========== file tests/c/isqrt.jessie/why/isqrt.why ========== +type charP + +type padding + +type voidP + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +function sqr(x_0:int) : int = mul_int(x_0, x_0) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +exception Goto_while_0_break_exc of unit + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter isqrt : + x_1:int -> + { } int + { (JC_12: + ((JC_9: ge_int(result, (0))) + and ((JC_10: le_int(sqr(result), x_1)) + and (JC_11: lt_int(x_1, sqr(add_int(result, (1)))))))) } + +parameter isqrt_requires : + x_1:int -> + { (JC_1: ge_int(x_1, (0)))} int + { (JC_12: + ((JC_9: ge_int(result, (0))) + and ((JC_10: le_int(sqr(result), x_1)) + and (JC_11: lt_int(x_1, sqr(add_int(result, (1)))))))) } + +parameter main : tt:unit -> { } int { (JC_35: (result = (4))) } + +parameter main_requires : tt:unit -> { } int { (JC_35: (result = (4))) } + +let isqrt_ensures_default = + fun (x_1 : int) -> + { (JC_3: ge_int(x_1, (0))) } + (init: + (let return = ref (any_int void) in + try + begin + (let count = ref (any_int void) in + (let sum = ref (any_int void) in + try + (C_1: + (C_2: + begin + (let jessie_ = (count := (0)) in void); + (let jessie_ = (sum := (1)) in void); + (loop_2: + while true do + { invariant + (JC_26: + ((JC_23: ge_int(count, (0))) + and ((JC_24: ge_int(x_1, sqr(count))) + and (JC_25: (sum = sqr(add_int(count, (1)))))))) } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_10: + (C_14: + begin + (if ((le_int_ !sum) x_1) then void + else (raise (Goto_while_0_break_exc void))); + (let jessie_ = (count := (C_9: ((add_int !count) (1)))) in + void); + (sum := (C_13: + ((add_int !sum) (C_12: + ((add_int (C_11: ((mul_int (2)) !count))) (1)))))); + !sum end)) in void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end)) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: begin void; (return := !count); (raise Return) end) end)); + absurd end with Return -> !return end)) + { (JC_8: + ((JC_5: ge_int(result, (0))) + and ((JC_6: le_int(sqr(result), x_1)) + and (JC_7: lt_int(x_1, sqr(add_int(result, (1)))))))) } + +let isqrt_safety = + fun (x_1 : int) -> + { (JC_3: ge_int(x_1, (0))) } + (init: + (let return = ref (any_int void) in + try + begin + (let count = ref (any_int void) in + (let sum = ref (any_int void) in + try + (C_1: + (C_2: + begin + (let jessie_ = (count := (0)) in void); + (let jessie_ = (sum := (1)) in void); + (loop_1: + while true do + { invariant (JC_20: true) variant (JC_22 : sub_int(x_1, count)) } + begin + [ { } unit reads count,sum + { (JC_18: + ((JC_15: ge_int(count, (0))) + and ((JC_16: ge_int(x_1, sqr(count))) + and (JC_17: (sum = sqr(add_int(count, (1)))))))) } ]; + try + begin + (let jessie_ = + (C_10: + (C_14: + begin + (if ((le_int_ !sum) x_1) then void + else (raise (Goto_while_0_break_exc void))); + (let jessie_ = (count := (C_9: ((add_int !count) (1)))) in + void); + (sum := (C_13: + ((add_int !sum) (C_12: + ((add_int (C_11: ((mul_int (2)) !count))) (1)))))); + !sum end)) in void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end)) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: begin void; (return := !count); (raise Return) end) end)); + absurd end with Return -> !return end)) { true } + +let main_ensures_default = + fun (tt : unit) -> + { (JC_33: true) } + (init: + (let return = ref (any_int void) in + try + begin + (let r = ref (any_int void) in + (C_22: + begin + (let jessie_ = + (r := (C_21: (let jessie_ = (17) in (JC_41: (isqrt jessie_))))) in + void); (assert { (JC_42: (lt_int(r, (4)) -> (false = true))) }; void); + void; (assert { (JC_43: (gt_int(r, (4)) -> (false = true))) }; void); + void; (return := !r); (raise Return) end)); absurd end with Return -> + !return end)) { (JC_34: (result = (4))) } + +let main_safety = + fun (tt : unit) -> + { (JC_33: true) } + (init: + (let return = ref (any_int void) in + try + begin + (let r = ref (any_int void) in + (C_22: + begin + (let jessie_ = + (r := (C_21: + (let jessie_ = (17) in (JC_38: (isqrt_requires jessie_))))) in + void); + [ { } unit reads r { (JC_39: (lt_int(r, (4)) -> (false = true))) } ]; + void; + [ { } unit reads r { (JC_40: (gt_int(r, (4)) -> (false = true))) } ]; + void; (return := !r); (raise Return) end)); absurd end with Return -> + !return end)) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/isqrt.why +========== file tests/c/isqrt.jessie/why/isqrt_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type charP + +type padding + +type voidP + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +function sqr(x_0: int) : int = (x_0 * x_0) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal isqrt_ensures_default_po_1: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + ("JC_26": ("JC_23": (count >= 0))) + +goal isqrt_ensures_default_po_2: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + ("JC_26": ("JC_24": (x_1 >= sqr(count)))) + +goal isqrt_ensures_default_po_3: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + ("JC_26": ("JC_25": (sum = sqr((count + 1))))) + +goal isqrt_ensures_default_po_4: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + forall count0:int. + forall sum0:int. + ("JC_26": + (("JC_23": (count0 >= 0)) and + (("JC_24": (x_1 >= sqr(count0))) and ("JC_25": (sum0 = sqr((count0 + 1))))))) -> + (sum0 <= x_1) -> + forall count1:int. + (count1 = (count0 + 1)) -> + forall sum1:int. + (sum1 = (sum0 + ((2 * count1) + 1))) -> + ("JC_26": ("JC_23": (count1 >= 0))) + +goal isqrt_ensures_default_po_5: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + forall count0:int. + forall sum0:int. + ("JC_26": + (("JC_23": (count0 >= 0)) and + (("JC_24": (x_1 >= sqr(count0))) and ("JC_25": (sum0 = sqr((count0 + 1))))))) -> + (sum0 <= x_1) -> + forall count1:int. + (count1 = (count0 + 1)) -> + forall sum1:int. + (sum1 = (sum0 + ((2 * count1) + 1))) -> + ("JC_26": ("JC_24": (x_1 >= sqr(count1)))) + +goal isqrt_ensures_default_po_6: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + forall count0:int. + forall sum0:int. + ("JC_26": + (("JC_23": (count0 >= 0)) and + (("JC_24": (x_1 >= sqr(count0))) and ("JC_25": (sum0 = sqr((count0 + 1))))))) -> + (sum0 <= x_1) -> + forall count1:int. + (count1 = (count0 + 1)) -> + forall sum1:int. + (sum1 = (sum0 + ((2 * count1) + 1))) -> + ("JC_26": ("JC_25": (sum1 = sqr((count1 + 1))))) + +goal isqrt_ensures_default_po_7: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + forall count0:int. + forall sum0:int. + ("JC_26": + (("JC_23": (count0 >= 0)) and + (("JC_24": (x_1 >= sqr(count0))) and ("JC_25": (sum0 = sqr((count0 + 1))))))) -> + (sum0 > x_1) -> + forall return:int. + (return = count0) -> + ("JC_8": ("JC_5": (return >= 0))) + +goal isqrt_ensures_default_po_8: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + forall count0:int. + forall sum0:int. + ("JC_26": + (("JC_23": (count0 >= 0)) and + (("JC_24": (x_1 >= sqr(count0))) and ("JC_25": (sum0 = sqr((count0 + 1))))))) -> + (sum0 > x_1) -> + forall return:int. + (return = count0) -> + ("JC_8": ("JC_6": (sqr(return) <= x_1))) + +goal isqrt_ensures_default_po_9: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + forall count0:int. + forall sum0:int. + ("JC_26": + (("JC_23": (count0 >= 0)) and + (("JC_24": (x_1 >= sqr(count0))) and ("JC_25": (sum0 = sqr((count0 + 1))))))) -> + (sum0 > x_1) -> + forall return:int. + (return = count0) -> + ("JC_8": ("JC_7": (x_1 < sqr((return + 1))))) + +goal isqrt_safety_po_1: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + forall count0:int. + forall sum0:int. + ("JC_20": true) -> + ("JC_18": + (("JC_15": (count0 >= 0)) and + (("JC_16": (x_1 >= sqr(count0))) and ("JC_17": (sum0 = sqr((count0 + 1))))))) -> + (sum0 <= x_1) -> + forall count1:int. + (count1 = (count0 + 1)) -> + forall sum1:int. + (sum1 = (sum0 + ((2 * count1) + 1))) -> + (0 <= ("JC_22": (x_1 - count0))) + +goal isqrt_safety_po_2: + forall x_1:int. + ("JC_3": (x_1 >= 0)) -> + forall count:int. + (count = 0) -> + forall sum:int. + (sum = 1) -> + forall count0:int. + forall sum0:int. + ("JC_20": true) -> + ("JC_18": + (("JC_15": (count0 >= 0)) and + (("JC_16": (x_1 >= sqr(count0))) and ("JC_17": (sum0 = sqr((count0 + 1))))))) -> + (sum0 <= x_1) -> + forall count1:int. + (count1 = (count0 + 1)) -> + forall sum1:int. + (sum1 = (sum0 + ((2 * count1) + 1))) -> + (("JC_22": (x_1 - count1)) < ("JC_22": (x_1 - count0))) + +goal main_ensures_default_po_1: + ("JC_33": true) -> + forall result:int. + ("JC_12": + (("JC_9": (result >= 0)) and + (("JC_10": (sqr(result) <= 17)) and ("JC_11": (17 < sqr((result + 1))))))) -> + forall r:int. + (r = result) -> + (r < 4) -> + ("JC_42": (false = true)) + +goal main_ensures_default_po_2: + ("JC_33": true) -> + forall result:int. + ("JC_12": + (("JC_9": (result >= 0)) and + (("JC_10": (sqr(result) <= 17)) and ("JC_11": (17 < sqr((result + 1))))))) -> + forall r:int. + (r = result) -> + ("JC_42": ((r < 4) -> (false = true))) -> + (r > 4) -> + ("JC_43": (false = true)) + +goal main_ensures_default_po_3: + ("JC_33": true) -> + forall result:int. + ("JC_12": + (("JC_9": (result >= 0)) and + (("JC_10": (sqr(result) <= 17)) and ("JC_11": (17 < sqr((result + 1))))))) -> + forall r:int. + (r = result) -> + ("JC_42": ((r < 4) -> (false = true))) -> + ("JC_43": ((r > 4) -> (false = true))) -> + forall return:int. + (return = r) -> + ("JC_34": (return = 4)) + +goal main_safety_po_1: + ("JC_33": true) -> + ("JC_1": (17 >= 0)) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/isqrt_why.why : .....?...?..?.. (12/0/3/0/0) +total : 15 +valid : 12 ( 80%) +invalid : 0 ( 0%) +unknown : 3 ( 20%) +timeout : 0 ( 0%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/maze.res.oracle why-2.30+dfsg/tests/c/oracle/maze.res.oracle --- why-2.29+dfsg/tests/c/oracle/maze.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/maze.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/c/maze.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ void buildMaze(uint n) { @@ -35,6 +65,6 @@ ========== frama-c -jessie execution ========== [kernel] preprocessing with "gcc -C -E -I. -dD tests/c/maze.c" -tests/c/maze.c:3:[kernel] user error: syntax error +tests/c/maze.c:33:[kernel] user error: syntax error [kernel] user error: skipping file "tests/c/maze.c" that has errors. [kernel] Frama-C aborted because of invalid user input. diff -Nru why-2.29+dfsg/tests/c/oracle/minimum_sort.err.oracle why-2.30+dfsg/tests/c/oracle/minimum_sort.err.oracle --- why-2.29+dfsg/tests/c/oracle/minimum_sort.err.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/minimum_sort.err.oracle 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -Warning: recursive definition of Permut in generated file -Warning: recursive definition of Permut in generated file -Warning: recursive definition of Permut in generated file -Warning: recursive definition of Permut in generated file -Warning: recursive definition of Permut in generated file -Warning: recursive definition of Permut in generated file -Warning: recursive definition of Permut in generated file diff -Nru why-2.29+dfsg/tests/c/oracle/minimum_sort.res.oracle why-2.30+dfsg/tests/c/oracle/minimum_sort.res.oracle --- why-2.29+dfsg/tests/c/oracle/minimum_sort.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/minimum_sort.res.oracle 1970-01-01 00:00:00.000000000 +0000 @@ -1,7685 +0,0 @@ -========== file tests/c/minimum_sort.c ========== -// RUNSIMPLIFY: will ask regtests to run Simplify on this program - -#pragma JessieIntegerModel(math) - -#include "sorting.h" - -/*@ requires \valid(t+i) && \valid(t+j); - @ assigns t[i],t[j]; - @ ensures Swap{Old,Here}(t,i,j); - @*/ -void swap(int t[], int i, int j) { - int tmp = t[i]; - t[i] = t[j]; - t[j] = tmp; -} - -/*@ requires \valid_range(t,0,n-1); - @ behavior sorted: - @ ensures Sorted(t,0,n-1); - @ behavior permutation: - @ ensures Permut{Old,Here}(t,0,n-1); - @*/ -void min_sort(int t[], int n) { - int i,j; - int mi,mv; - if (n <= 0) return; - /*@ loop invariant 0 <= i < n; - @ for sorted: - @ loop invariant - @ Sorted(t,0,i) && - @ (\forall integer k1, k2 ; - @ 0 <= k1 < i <= k2 < n ==> t[k1] <= t[k2]) ; - @ for permutation: - @ loop invariant Permut{Pre,Here}(t,0,n-1); - @ loop variant n-i; - @*/ - for (i=0; i t[k] >= mv); - @ for permutation: - @ loop invariant - @ Permut{Pre,Here}(t,0,n-1); - @ loop variant n-j; - @*/ - for (j=i+1; j < n; j++) { - if (t[j] < mv) { - mi = j ; mv = t[j]; - } - } - swap(t,i,mi); - } -} - - -/* -Local Variables: -compile-command: "frama-c -jessie minimum_sort.c" -End: -*/ -========== frama-c -jessie execution ========== -[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/minimum_sort.c" -[jessie] Starting Jessie translation -[jessie] Producing Jessie files in subdir tests/c/minimum_sort.jessie -[jessie] File tests/c/minimum_sort.jessie/minimum_sort.jc written. -[jessie] File tests/c/minimum_sort.jessie/minimum_sort.cloc written. -========== file tests/c/minimum_sort.jessie/minimum_sort.jc ========== -# InvariantPolicy = Arguments -# SeparationPolicy = Regions -# AnnotationPolicy = None -# AbstractDomain = Pol - -axiomatic Padding { - - logic type padding - -} - -tag int_P = { - integer int_M: 32; -} - -type int_P = [int_P] - -tag char_P = { - integer char_M: 8; -} - -type char_P = [char_P] - -tag void_P = { -} - -type void_P = [void_P] - -predicate Swap{L1, L2}(int_P[..] a, integer i, integer j) = -(((\at((a + i).int_M,L1) == \at((a + j).int_M,L2)) && - (\at((a + j).int_M,L1) == \at((a + i).int_M,L2))) && - (\forall integer k; - (((k != i) && (k != j)) ==> - (\at((a + k).int_M,L1) == \at((a + k).int_M,L2))))) - -predicate Permut{L1, L2}(int_P[..] a_0, integer l, integer h) { -case Permut_refl{L}: (\forall int_P[..] a_1; - (\forall integer l_0; - (\forall integer h_0; - Permut{L, L}(a_1, l_0, h_0)))); - - case Permut_sym{L1, L2}: (\forall int_P[..] a_2; - (\forall integer l_1; - (\forall integer h_1; - (Permut{L1, - L2}(a_2, l_1, h_1) ==> - Permut{L2, - L1}(a_2, l_1, h_1))))); - - case Permut_trans{L1, L2, L3}: (\forall int_P[..] a_3; - (\forall integer l_2; - (\forall integer h_2; - ((Permut{L1, - L2}(a_3, l_2, h_2) && - Permut{L2, - L3}(a_3, l_2, h_2)) ==> - Permut{L1, - L3}(a_3, l_2, h_2))))); - - case Permut_swap{L1, L2}: (\forall int_P[..] a_4; - (\forall integer l_3; - (\forall integer h_3; - (\forall integer i_0; - (\forall integer j_0; - (((((l_3 <= i_0) && (i_0 <= h_3)) && - ((l_3 <= j_0) && (j_0 <= h_3))) && - Swap{L1, - L2}(a_4, i_0, j_0)) ==> - Permut{L1, - L2}(a_4, l_3, h_3))))))); - -} - -predicate Sorted{L}(int_P[..] a_5, integer l_4, integer h_4) = -(\forall integer i_1; - (((l_4 <= i_1) && (i_1 < h_4)) ==> - ((a_5 + i_1).int_M <= (a_5 + (i_1 + 1)).int_M))) - -unit swap(int_P[..] t_0, integer i, integer j) - requires (C_13 : (((C_15 : (\offset_min(t_0) <= i)) && - (C_16 : (\offset_max(t_0) >= i))) && - ((C_18 : (\offset_min(t_0) <= j)) && - (C_19 : (\offset_max(t_0) >= j))))); -behavior default: - assigns (t_0 + i).int_M, - (t_0 + j).int_M; - ensures (C_12 : Swap{Old, Here}(\at(t_0,Old), \at(i,Old), \at(j,Old))); -{ - (var integer tmp); - - { (C_3 : (tmp = (C_2 : (C_1 : (t_0 + i)).int_M))); - (C_8 : ((C_7 : (C_6 : (t_0 + i)).int_M) = (C_5 : (C_4 : (t_0 + j)).int_M))); - (C_11 : ((C_10 : (C_9 : (t_0 + j)).int_M) = tmp)); - - (return ()) - } -} - -unit min_sort(int_P[..] t, integer n) - requires (C_60 : ((C_61 : (\offset_min(t) <= 0)) && - (C_62 : (\offset_max(t) >= (n - 1))))); -behavior default: - ensures (C_57 : true); -behavior sorted: - ensures (C_58 : Sorted{Here}(\at(t,Old), 0, (\at(n,Old) - 1))); -behavior permutation: - ensures (C_59 : Permut{Old, Here}(\at(t,Old), 0, (\at(n,Old) - 1))); -{ - (var integer i_0); - - (var integer j_0); - - (var integer mi); - - (var integer mv); - - { (if (n <= 0) then - (goto return_label) else ()); - (C_20 : (i_0 = 0)); - - loop - behavior default: - invariant (C_26 : ((C_27 : (0 <= i_0)) && (C_28 : (i_0 < n)))); - behavior sorted: - invariant (C_23 : ((C_24 : Sorted{Here}(t, 0, i_0)) && - (C_25 : (\forall integer k1; - (\forall integer k2; - (((0 <= k1) && - ((k1 < i_0) && - ((i_0 <= k2) && (k2 < n)))) ==> - ((t + k1).int_M <= (t + k2).int_M))))))); - behavior permutation: - invariant (C_22 : Permut{Pre, Here}(t, 0, (n - 1))); - variant (C_21 : (n - i_0)); - while (true) - { - { (if (i_0 < (C_29 : (n - 1))) then () else - (goto while_0_break)); - - { (C_32 : (mv = (C_31 : (C_30 : (t + i_0)).int_M))); - (C_33 : (mi = i_0)); - (C_35 : (j_0 = (C_34 : (i_0 + 1)))); - - loop - behavior default: - invariant (C_41 : ((C_42 : (i_0 < j_0)) && - ((C_44 : (i_0 <= mi)) && - (C_45 : (mi < n))))); - behavior sorted: - invariant (C_38 : ((C_39 : (mv == (t + mi).int_M)) && - (C_40 : (\forall integer k_0; - (((i_0 <= k_0) && (k_0 < j_0)) ==> - ((t + k_0).int_M >= mv)))))); - behavior permutation: - invariant (C_37 : Permut{Pre, Here}(t, 0, (n - 1))); - variant (C_36 : (n - j_0)); - while (true) - { - { (if (j_0 < n) then () else - (goto while_1_break)); - - { (if ((C_51 : (C_50 : (t + j_0)).int_M) < mv) then - { (C_46 : (mi = j_0)); - (C_49 : (mv = (C_48 : (C_47 : (t + j_0)).int_M))) - } else ()) - }; - (C_53 : (j_0 = (C_52 : (j_0 + 1)))) - } - }; - (while_1_break : ()); - (C_54 : swap(t, i_0, mi)) - }; - (C_56 : (i_0 = (C_55 : (i_0 + 1)))) - } - }; - (while_0_break : ()); - (return_label : - (return ())) - } -} -========== file tests/c/minimum_sort.jessie/minimum_sort.cloc ========== -[C_50] -file = "HOME/tests/c/minimum_sort.c" -line = 51 -begin = 10 -end = 11 - -[C_51] -file = "HOME/tests/c/minimum_sort.c" -line = 51 -begin = 10 -end = 14 - -[C_52] -file = "HOME/tests/c/minimum_sort.c" -line = 50 -begin = 23 -end = 26 - -[C_53] -file = "HOME/tests/c/minimum_sort.c" -line = 50 -begin = 23 -end = 26 - -[C_54] -file = "HOME/tests/c/minimum_sort.c" -line = 55 -begin = 4 -end = 16 - -[C_55] -file = "HOME/tests/c/minimum_sort.c" -line = 37 -begin = 19 -end = 22 - -[C_56] -file = "HOME/tests/c/minimum_sort.c" -line = 37 -begin = 19 -end = 22 - -[C_57] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[C_58] -file = "HOME/tests/c/minimum_sort.c" -line = 19 -begin = 14 -end = 29 - -[C_59] -file = "HOME/tests/c/minimum_sort.c" -line = 21 -begin = 14 -end = 39 - -[C_60] -file = "HOME/tests/c/minimum_sort.c" -line = 17 -begin = 13 -end = 34 - -[C_61] -file = "HOME/tests/c/minimum_sort.c" -line = 17 -begin = 13 -end = 34 - -[C_62] -file = "HOME/tests/c/minimum_sort.c" -line = 17 -begin = 13 -end = 34 - -[C_10] -file = "HOME/tests/c/minimum_sort.c" -line = 14 -begin = 9 -end = 12 - -[C_11] -file = "HOME/tests/c/minimum_sort.c" -line = 14 -begin = 9 -end = 12 - -[C_12] -file = "HOME/tests/c/minimum_sort.c" -line = 9 -begin = 12 -end = 33 - -[C_13] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 13 -end = 39 - -[C_14] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 13 -end = 24 - -[C_15] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 13 -end = 24 - -[C_16] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 13 -end = 24 - -[C_17] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 28 -end = 39 - -[C_18] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 28 -end = 39 - -[C_19] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 28 -end = 39 - -[C_1] -file = "HOME/tests/c/minimum_sort.c" -line = 12 -begin = 12 -end = 13 - -[C_2] -file = "HOME/tests/c/minimum_sort.c" -line = 12 -begin = 12 -end = 16 - -[C_3] -file = "HOME/tests/c/minimum_sort.c" -line = 12 -begin = 2 -end = 5 - -[C_4] -file = "HOME/tests/c/minimum_sort.c" -line = 13 -begin = 9 -end = 10 - -[C_20] -file = "HOME/tests/c/minimum_sort.c" -line = 37 -begin = 9 -end = 10 - -[C_5] -file = "HOME/tests/c/minimum_sort.c" -line = 13 -begin = 9 -end = 13 - -[C_21] -file = "HOME/tests/c/minimum_sort.c" -line = 35 -begin = 19 -end = 22 - -[C_6] -file = "HOME/tests/c/minimum_sort.c" -line = 13 -begin = 2 -end = 3 - -[C_22] -file = "HOME/tests/c/minimum_sort.c" -line = 34 -begin = 22 -end = 47 - -[C_7] -file = "HOME/tests/c/minimum_sort.c" -line = 13 -begin = 9 -end = 13 - -[C_23] -file = "HOME/tests/c/minimum_sort.c" -line = 30 -begin = 8 -end = 111 - -[C_8] -file = "HOME/tests/c/minimum_sort.c" -line = 13 -begin = 9 -end = 13 - -[C_24] -file = "HOME/tests/c/minimum_sort.c" -line = 30 -begin = 8 -end = 21 - -[C_9] -file = "HOME/tests/c/minimum_sort.c" -line = 14 -begin = 2 -end = 3 - -[C_25] -file = "HOME/tests/c/minimum_sort.c" -line = 31 -begin = 8 -end = 86 - -[C_26] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 21 -end = 31 - -[C_27] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 21 -end = 27 - -[C_28] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 26 -end = 31 - -[C_29] -file = "HOME/tests/c/minimum_sort.c" -line = 37 -begin = 14 -end = 17 - -[C_30] -file = "HOME/tests/c/minimum_sort.c" -line = 39 -begin = 9 -end = 10 - -[C_31] -file = "HOME/tests/c/minimum_sort.c" -line = 39 -begin = 9 -end = 13 - -[C_32] -file = "HOME/tests/c/minimum_sort.c" -line = 39 -begin = 9 -end = 13 - -[C_33] -file = "HOME/tests/c/minimum_sort.c" -line = 39 -begin = 20 -end = 21 - -[C_34] -file = "HOME/tests/c/minimum_sort.c" -line = 50 -begin = 11 -end = 14 - -[C_35] -file = "HOME/tests/c/minimum_sort.c" -line = 50 -begin = 11 -end = 14 - -[C_36] -file = "HOME/tests/c/minimum_sort.c" -line = 48 -begin = 21 -end = 24 - -[C_37] -file = "HOME/tests/c/minimum_sort.c" -line = 47 -begin = 10 -end = 35 - -[C_38] -file = "HOME/tests/c/minimum_sort.c" -line = 43 -begin = 11 -end = 83 - -[C_39] -file = "HOME/tests/c/minimum_sort.c" -line = 43 -begin = 11 -end = 22 - -[swap] -name = "Function swap" -file = "HOME/tests/c/minimum_sort.c" -line = 11 -begin = 5 -end = 9 - -[min_sort] -name = "Function min_sort" -file = "HOME/tests/c/minimum_sort.c" -line = 23 -begin = 5 -end = 13 - -[C_40] -file = "HOME/tests/c/minimum_sort.c" -line = 44 -begin = 11 -end = 57 - -[C_41] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 23 -end = 43 - -[C_42] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 23 -end = 28 - -[C_43] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 32 -end = 43 - -[C_44] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 32 -end = 39 - -[C_45] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 37 -end = 43 - -[C_46] -file = "HOME/tests/c/minimum_sort.c" -line = 52 -begin = 6 -end = 7 - -[C_47] -file = "HOME/tests/c/minimum_sort.c" -line = 52 -begin = 15 -end = 16 - -[C_48] -file = "HOME/tests/c/minimum_sort.c" -line = 52 -begin = 15 -end = 19 - -[C_49] -file = "HOME/tests/c/minimum_sort.c" -line = 52 -begin = 15 -end = 19 - -========== jessie execution ========== -Generating Why function swap -Generating Why function min_sort -========== file tests/c/minimum_sort.jessie/minimum_sort.makefile ========== -# this makefile was automatically generated; do not edit - -TIMEOUT ?= 10 - -DP ?= why-dp -timeout $(TIMEOUT) -WHYEXEC ?= why -GWHYEXEC ?= gwhy-bin -WHYLIB ?= HOME/lib - -WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs minimum_sort.loc - -GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs minimum_sort.loc - -JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why - -COQDEP = coqdep - -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon - -all: simplify/minimum_sort_why.sx - -project: why/minimum_sort.wpr - -why/%.wpr: WHYOPT=--project -dir why -why/%.wpr: why/%.why - @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why - -goals: why/minimum_sort_ctx.why - -why/%_ctx.why: WHYOPT=--multi-why -dir why -why/%_ctx.why: why/%.why - @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why - -coq: coq/minimum_sort_why.vo - -coq/minimum_sort_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" -coq/minimum_sort_why.v: why/minimum_sort.why - @echo 'why -coq [...] why/minimum_sort.why' && $(WHY) $(JESSIELIBFILES) why/minimum_sort.why && rm -f coq/jessie_why.v - -coq-goals: goals coq/minimum_sort_ctx_why.vo - for f in why/*_po*.why; do make -f minimum_sort.makefile coq/`basename $$f .why`_why.v ; done - -coq/minimum_sort_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" -coq/minimum_sort_ctx_why.v: why/minimum_sort_ctx.why - @echo 'why -coq [...] why/minimum_sort_ctx.why' && $(WHY) why/minimum_sort_ctx.why - -coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export minimum_sort_ctx_why." -coq-tactic "intuition" -coq/%_why.v: why/%.why - @echo 'why -coq [...] why/$*.why' && $(WHY) why/minimum_sort_ctx.why why/$*.why - -coq/%.vo: coq/%.v - coqc -I coq $< -coq/%_po_why.vo: coq/minimum_sort_ctx_why.vo - -pvs: pvs/minimum_sort_why.pvs - -pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" -pvs/%_why.pvs: why/%.why - $(WHY) $(JESSIELIBFILES) why/$*.why - -pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" -pvs/jessie_why.pvs: - $(WHY) $(JESSIELIBFILES) - -isabelle: isabelle/minimum_sort_why.thy - -isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why -isabelle/%_why.thy: why/%.why - $(WHY) $(JESSIELIBFILES) why/$*.why - cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ - -simplify: simplify/minimum_sort_why.sx - @echo 'Running Simplify on proof obligations' && ($(DP) $^) - -simplify/%_why.sx: WHYOPT=-simplify -dir simplify -simplify/%_why.sx: why/%.why - @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why - -alt-ergo ergo: why/minimum_sort_why.why - @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) - -why/%_why.why: WHYOPT=-alt-ergo -dir why -why/%_why.why: why/%.why - @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why - -gappa: gappa/minimum_sort_why.gappa - @echo 'Running Gappa on proof obligations' && ($(DP) $^) - -gappa/%_why.gappa: WHYOPT=-gappa -dir gappa -gappa/%_why.gappa: why/%.why - @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why - -cvcl: cvcl/minimum_sort_why.cvc - - @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) - -cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl -cvcl/%_why.cvc: why/%.why - @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why - -harvey: harvey/minimum_sort_why.rv - @echo 'Running haRVey on proof obligations' && ($(DP) $^) - -harvey/%_why.rv: WHYOPT=-harvey -dir harvey -harvey/%_why.rv: why/%.why - @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why - -zenon: zenon/minimum_sort_why.znn - @echo 'Running Zenon on proof obligations' && ($(DP) $^) - -zenon/%_why.znn: WHYOPT=-zenon -dir zenon -zenon/%_why.znn: why/%.why - @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why - -smtlib: smtlib/minimum_sort_why.smt - @echo 'Running Z3 on proof obligations' && ($(DP) $^) - -smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib -smtlib/%_why.smt: why/%.why - @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why - -z3: smtlib/minimum_sort_why.smt - @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) - -yices: smtlib/minimum_sort_why.smt - @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) - -cvc3: smtlib/minimum_sort_why.smt - @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) - -smtlib-v1: smtlib-v1/minimum_sort_why.smt -smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 -smtlib-v1/%_why.smt: why/%.why - @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why - -verit: smtlib-v1/minimum_sort_why.smt - @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) - -gui stat: minimum_sort.stat - -%.stat: why/%.why - @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why - -why3: why/minimum_sort_why3.why -why/%_why3.why: WHYOPT=-why3 -why/%_why3.why: why/%.why - @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why -why3ide: why/minimum_sort_why3.why - @echo 'why3ide [...] $<' && why3ide $< - --include minimum_sort.depend - -depend: coq/minimum_sort_why.v - -$(COQDEP) -I coq coq/minimum_sort*_why.v > minimum_sort.depend - -clean: - rm -f coq/*.vo - -========== file tests/c/minimum_sort.jessie/minimum_sort.loc ========== -[JC_90] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_91] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 144 -begin = 15 -end = 1232 - -[JC_92] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 144 -begin = 15 -end = 1232 - -[JC_40] -file = "HOME/tests/c/minimum_sort.c" -line = 21 -begin = 14 -end = 39 - -[JC_93] -kind = UserCall -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 171 -begin = 23 -end = 39 - -[JC_41] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 21 -end = 27 - -[JC_94] -file = "HOME/tests/c/minimum_sort.c" -line = 34 -begin = 22 -end = 47 - -[JC_42] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 26 -end = 31 - -[JC_95] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 21 -end = 27 - -[JC_43] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 21 -end = 31 - -[JC_96] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 26 -end = 31 - -[JC_44] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_97] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 21 -end = 31 - -[JC_45] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 121 -begin = 6 -end = 2402 - -[JC_98] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_46] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 121 -begin = 6 -end = 2402 - -[JC_1] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 13 -end = 24 - -[JC_100] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 121 -begin = 6 -end = 2402 - -[JC_99] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 121 -begin = 6 -end = 2402 - -[JC_47] -kind = PointerDeref -file = "HOME/tests/c/minimum_sort.c" -line = 39 -begin = 9 -end = 13 - -[JC_2] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 13 -end = 24 - -[JC_101] -file = "HOME/tests/c/minimum_sort.c" -line = 47 -begin = 10 -end = 35 - -[JC_48] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 23 -end = 28 - -[JC_3] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 28 -end = 39 - -[JC_102] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 23 -end = 28 - -[JC_49] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 32 -end = 39 - -[JC_4] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 28 -end = 39 - -[JC_103] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 32 -end = 39 - -[JC_5] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 13 -end = 39 - -[JC_104] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 37 -end = 43 - -[JC_6] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_105] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 23 -end = 43 - -[JC_7] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 13 -end = 24 - -[JC_106] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_8] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 13 -end = 24 - -[JC_107] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 144 -begin = 15 -end = 1232 - -[JC_9] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 28 -end = 39 - -[JC_108] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 144 -begin = 15 -end = 1232 - -[JC_109] -kind = UserCall -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 171 -begin = 23 -end = 39 - -[JC_50] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 37 -end = 43 - -[JC_51] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 23 -end = 43 - -[JC_52] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_53] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 144 -begin = 15 -end = 1232 - -[JC_54] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 144 -begin = 15 -end = 1232 - -[JC_55] -kind = PointerDeref -file = "HOME/tests/c/minimum_sort.c" -line = 51 -begin = 10 -end = 14 - -[JC_56] -kind = PointerDeref -file = "HOME/tests/c/minimum_sort.c" -line = 52 -begin = 15 -end = 19 - -[JC_57] -file = "HOME/tests/c/minimum_sort.c" -line = 48 -begin = 21 -end = 24 - -[JC_58] -kind = UserCall -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 171 -begin = 23 -end = 39 - -[JC_59] -file = "HOME/tests/c/minimum_sort.c" -line = 35 -begin = 19 -end = 22 - -[swap_safety] -name = "Function swap" -behavior = "Safety" -file = "HOME/tests/c/minimum_sort.c" -line = 11 -begin = 5 -end = 9 - -[JC_60] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 21 -end = 27 - -[JC_61] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 26 -end = 31 - -[JC_62] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 21 -end = 31 - -[JC_10] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 28 -end = 39 - -[min_sort_ensures_sorted] -name = "Function min_sort" -behavior = "Normal behavior `sorted'" -file = "HOME/tests/c/minimum_sort.c" -line = 23 -begin = 5 -end = 13 - -[JC_63] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_11] -file = "HOME/tests/c/minimum_sort.c" -line = 7 -begin = 13 -end = 39 - -[JC_64] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 121 -begin = 6 -end = 2402 - -[JC_12] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_65] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 121 -begin = 6 -end = 2402 - -[JC_13] -file = "HOME/tests/c/minimum_sort.c" -line = 9 -begin = 12 -end = 33 - -[JC_66] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 23 -end = 28 - -[JC_14] -file = "HOME/tests/c/minimum_sort.c" -line = 11 -begin = 5 -end = 9 - -[JC_67] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 32 -end = 39 - -[JC_15] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 84 -begin = 9 -end = 16 - -[JC_68] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 37 -end = 43 - -[JC_16] -file = "HOME/tests/c/minimum_sort.c" -line = 9 -begin = 12 -end = 33 - -[JC_69] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 23 -end = 43 - -[JC_17] -file = "HOME/tests/c/minimum_sort.c" -line = 11 -begin = 5 -end = 9 - -[JC_18] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 84 -begin = 9 -end = 16 - -[JC_19] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_70] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_71] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 144 -begin = 15 -end = 1232 - -[JC_72] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 144 -begin = 15 -end = 1232 - -[JC_20] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_73] -kind = UserCall -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 171 -begin = 23 -end = 39 - -[JC_21] -kind = PointerDeref -file = "HOME/tests/c/minimum_sort.c" -line = 12 -begin = 12 -end = 16 - -[JC_74] -file = "HOME/tests/c/minimum_sort.c" -line = 30 -begin = 8 -end = 21 - -[JC_22] -kind = PointerDeref -file = "HOME/tests/c/minimum_sort.c" -line = 13 -begin = 9 -end = 13 - -[JC_75] -file = "HOME/tests/c/minimum_sort.c" -line = 31 -begin = 8 -end = 86 - -[JC_23] -kind = PointerDeref -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 92 -begin = 14 -end = 79 - -[JC_76] -file = "HOME/tests/c/minimum_sort.c" -line = 30 -begin = 8 -end = 111 - -[swap_ensures_default] -name = "Function swap" -behavior = "Default behavior" -file = "HOME/tests/c/minimum_sort.c" -line = 11 -begin = 5 -end = 9 - -[JC_24] -kind = PointerDeref -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 93 -begin = 15 -end = 53 - -[JC_77] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 21 -end = 27 - -[JC_25] -file = "HOME/tests/c/minimum_sort.c" -line = 17 -begin = 13 -end = 34 - -[JC_78] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 26 -end = 31 - -[JC_26] -file = "HOME/tests/c/minimum_sort.c" -line = 17 -begin = 13 -end = 34 - -[min_sort_ensures_permutation] -name = "Function min_sort" -behavior = "Normal behavior `permutation'" -file = "HOME/tests/c/minimum_sort.c" -line = 23 -begin = 5 -end = 13 - -[JC_79] -file = "HOME/tests/c/minimum_sort.c" -line = 27 -begin = 21 -end = 31 - -[JC_27] -file = "HOME/tests/c/minimum_sort.c" -line = 17 -begin = 13 -end = 34 - -[JC_28] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_29] -file = "HOME/tests/c/minimum_sort.c" -line = 17 -begin = 13 -end = 34 - -[min_sort_safety] -name = "Function min_sort" -behavior = "Safety" -file = "HOME/tests/c/minimum_sort.c" -line = 23 -begin = 5 -end = 13 - -[min_sort_ensures_default] -name = "Function min_sort" -behavior = "Default behavior" -file = "HOME/tests/c/minimum_sort.c" -line = 23 -begin = 5 -end = 13 - -[JC_80] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_81] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 121 -begin = 6 -end = 2402 - -[JC_82] -file = "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc" -line = 121 -begin = 6 -end = 2402 - -[JC_30] -file = "HOME/tests/c/minimum_sort.c" -line = 17 -begin = 13 -end = 34 - -[JC_83] -file = "HOME/tests/c/minimum_sort.c" -line = 43 -begin = 11 -end = 22 - -[JC_31] -file = "HOME/tests/c/minimum_sort.c" -line = 17 -begin = 13 -end = 34 - -[JC_84] -file = "HOME/tests/c/minimum_sort.c" -line = 44 -begin = 11 -end = 57 - -[JC_32] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_85] -file = "HOME/tests/c/minimum_sort.c" -line = 43 -begin = 11 -end = 83 - -[JC_33] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_86] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 23 -end = 28 - -[JC_34] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_87] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 32 -end = 39 - -[JC_35] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_88] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 37 -end = 43 - -[JC_36] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_89] -file = "HOME/tests/c/minimum_sort.c" -line = 40 -begin = 23 -end = 43 - -[JC_37] -file = "HOME/tests/c/minimum_sort.c" -line = 19 -begin = 14 -end = 29 - -[JC_38] -file = "HOME/tests/c/minimum_sort.c" -line = 19 -begin = 14 -end = 29 - -[JC_39] -file = "HOME/tests/c/minimum_sort.c" -line = 21 -begin = 14 -end = 39 - -========== file tests/c/minimum_sort.jessie/why/minimum_sort.why ========== -type char_P - -type int_P - -type padding - -type void_P - -exception Goto_while_0_break_exc of unit - -exception Goto_while_1_break_exc of unit - -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - -predicate Swap(a:int_P pointer, i:int, j:int, - int_P_int_M_a_1_at_L2:(int_P, int) memory, - int_P_int_M_a_1_at_L1:(int_P, int) memory) = - (eq_int(select(int_P_int_M_a_1_at_L1, shift(a, i)), - select(int_P_int_M_a_1_at_L2, shift(a, j))) - and (eq_int(select(int_P_int_M_a_1_at_L1, shift(a, j)), - select(int_P_int_M_a_1_at_L2, shift(a, i))) - and (forall k:int. - ((neq_int(k, i) and neq_int(k, j)) -> - eq_int(select(int_P_int_M_a_1_at_L1, shift(a, k)), - select(int_P_int_M_a_1_at_L2, shift(a, k))))))) - -inductive Permut: int_P pointer, int, int, (int_P, int) memory, - (int_P, int) memory -> prop = - | Permut_refl: (forall int_P_int_M_a_0_2_at_L:(int_P, int) memory. - (forall a_1:int_P pointer. - (forall l_0:int. - (forall h_0:int. - Permut(a_1, l_0, h_0, int_P_int_M_a_0_2_at_L, - int_P_int_M_a_0_2_at_L))))) - | Permut_sym: (forall int_P_int_M_a_0_2_at_L2:(int_P, int) memory. - (forall int_P_int_M_a_0_2_at_L1:(int_P, int) memory. - (forall a_2:int_P pointer. - (forall l_1:int. - (forall h_1:int. - (Permut(a_2, l_1, h_1, int_P_int_M_a_0_2_at_L2, - int_P_int_M_a_0_2_at_L1) -> - Permut(a_2, l_1, h_1, int_P_int_M_a_0_2_at_L1, - int_P_int_M_a_0_2_at_L2))))))) - | Permut_trans: (forall int_P_int_M_a_0_2_at_L3:(int_P, int) memory. - (forall int_P_int_M_a_0_2_at_L2:(int_P, int) memory. - (forall int_P_int_M_a_0_2_at_L1:(int_P, int) memory. - (forall a_3:int_P pointer. - (forall l_2:int. - (forall h_2:int. - ((Permut(a_3, l_2, h_2, int_P_int_M_a_0_2_at_L2, - int_P_int_M_a_0_2_at_L1) - and Permut(a_3, l_2, h_2, int_P_int_M_a_0_2_at_L3, - int_P_int_M_a_0_2_at_L2)) -> - Permut(a_3, l_2, h_2, int_P_int_M_a_0_2_at_L3, - int_P_int_M_a_0_2_at_L1)))))))) - | Permut_swap: (forall int_P_int_M_a_0_2_at_L2:(int_P, int) memory. - (forall int_P_int_M_a_0_2_at_L1:(int_P, int) memory. - (forall a_4:int_P pointer. - (forall l_3:int. - (forall h_3:int. - (forall i_0_0:int. - (forall j_0_0:int. - ((le_int(l_3, i_0_0) - and (le_int(i_0_0, h_3) - and (le_int(l_3, j_0_0) - and (le_int(j_0_0, h_3) - and Swap(a_4, i_0_0, j_0_0, - int_P_int_M_a_0_2_at_L2, - int_P_int_M_a_0_2_at_L1))))) -> - Permut(a_4, l_3, h_3, int_P_int_M_a_0_2_at_L2, - int_P_int_M_a_0_2_at_L1))))))))) - -exception Return_label_exc of unit - -predicate Sorted(a_5:int_P pointer, l_4:int, h_4:int, - int_P_int_M_a_5_3_at_L:(int_P, int) memory) = - (forall i_1:int. - ((le_int(l_4, i_1) and lt_int(i_1, h_4)) -> - le_int(select(int_P_int_M_a_5_3_at_L, shift(a_5, i_1)), - select(int_P_int_M_a_5_3_at_L, shift(a_5, add_int(i_1, (1))))))) - -logic char_P_tag: -> char_P tag_id - -axiom char_P_int : (int_of_tag(char_P_tag) = (1)) - -logic char_P_of_pointer_address: unit pointer -> char_P pointer - -axiom char_P_of_pointer_address_of_pointer_addr : - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) - -axiom char_P_parenttag_bottom : parenttag(char_P_tag, bottom_tag) - -axiom char_P_tags : - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. - instanceof(char_P_tag_table, x, char_P_tag))) - -logic int_P_tag: -> int_P tag_id - -axiom int_P_int : (int_of_tag(int_P_tag) = (1)) - -logic int_P_of_pointer_address: unit pointer -> int_P pointer - -axiom int_P_of_pointer_address_of_pointer_addr : - (forall p:int_P pointer. (p = int_P_of_pointer_address(pointer_address(p)))) - -axiom int_P_parenttag_bottom : parenttag(int_P_tag, bottom_tag) - -axiom int_P_tags : - (forall x:int_P pointer. - (forall int_P_tag_table:int_P tag_table. - instanceof(int_P_tag_table, x, int_P_tag))) - -predicate left_valid_struct_char_P(p:char_P pointer, a:int, - char_P_alloc_table:char_P alloc_table) = - (offset_min(char_P_alloc_table, p) <= a) - -predicate left_valid_struct_int_P(p:int_P pointer, a:int, - int_P_alloc_table:int_P alloc_table) = - (offset_min(int_P_alloc_table, p) <= a) - -predicate left_valid_struct_void_P(p:void_P pointer, a:int, - void_P_alloc_table:void_P alloc_table) = - (offset_min(void_P_alloc_table, p) <= a) - -axiom pointer_addr_of_char_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(char_P_of_pointer_address(p)))) - -axiom pointer_addr_of_int_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(int_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address: unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(void_P_of_pointer_address(p)))) - -predicate right_valid_struct_char_P(p:char_P pointer, b:int, - char_P_alloc_table:char_P alloc_table) = - (offset_max(char_P_alloc_table, p) >= b) - -predicate right_valid_struct_int_P(p:int_P pointer, b:int, - int_P_alloc_table:int_P alloc_table) = - (offset_max(int_P_alloc_table, p) >= b) - -predicate right_valid_struct_void_P(p:void_P pointer, b:int, - void_P_alloc_table:void_P alloc_table) = - (offset_max(void_P_alloc_table, p) >= b) - -predicate strict_valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) - and (offset_max(int_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) - and (offset_max(int_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_int_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) - and (offset_max(int_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) - and (offset_max(int_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag: -> void_P tag_id - -axiom void_P_int : (int_of_tag(void_P_tag) = (1)) - -axiom void_P_of_pointer_address_of_pointer_addr : - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom : parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags : - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. - instanceof(void_P_tag_table, x, void_P_tag))) - -parameter alloc_bitvector_struct_char_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_char_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_int_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_int_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_void_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_void_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter char_P_alloc_table : char_P alloc_table ref - -parameter char_P_tag_table : char_P tag_table ref - -parameter alloc_struct_char_P : - n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { } char_P pointer writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } - -parameter alloc_struct_char_P_requires : - n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { ge_int(n, (0))} char_P pointer - writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } - -parameter int_P_alloc_table : int_P alloc_table ref - -parameter int_P_tag_table : int_P tag_table ref - -parameter alloc_struct_int_P : - n:int -> - int_P_alloc_table:int_P alloc_table ref -> - int_P_tag_table:int_P tag_table ref -> - { } int_P pointer writes int_P_alloc_table,int_P_tag_table - { (strict_valid_struct_int_P(result, (0), sub_int(n, (1)), - int_P_alloc_table) - and (alloc_extends(int_P_alloc_table@, int_P_alloc_table) - and (alloc_fresh(int_P_alloc_table@, result, n) - and instanceof(int_P_tag_table, result, int_P_tag)))) } - -parameter alloc_struct_int_P_requires : - n:int -> - int_P_alloc_table:int_P alloc_table ref -> - int_P_tag_table:int_P tag_table ref -> - { ge_int(n, (0))} int_P pointer writes int_P_alloc_table,int_P_tag_table - { (strict_valid_struct_int_P(result, (0), sub_int(n, (1)), - int_P_alloc_table) - and (alloc_extends(int_P_alloc_table@, int_P_alloc_table) - and (alloc_fresh(int_P_alloc_table@, result, n) - and instanceof(int_P_tag_table, result, int_P_tag)))) } - -parameter void_P_alloc_table : void_P alloc_table ref - -parameter void_P_tag_table : void_P tag_table ref - -parameter alloc_struct_void_P : - n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { } void_P pointer writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } - -parameter alloc_struct_void_P_requires : - n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { ge_int(n, (0))} void_P pointer - writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } - -parameter min_sort : - t:int_P pointer -> - n:int -> - int_P_int_M_t_5:(int_P, int) memory ref -> - int_P_t_5_alloc_table:int_P alloc_table -> - { } unit reads int_P_int_M_t_5 writes int_P_int_M_t_5 - { ((JC_40: - Permut(t@, (0), sub_int(n@, (1)), int_P_int_M_t_5, int_P_int_M_t_5@)) - and (JC_38: Sorted(t@, (0), sub_int(n@, (1)), int_P_int_M_t_5))) } - -parameter min_sort_requires : - t:int_P pointer -> - n:int -> - int_P_int_M_t_5:(int_P, int) memory ref -> - int_P_t_5_alloc_table:int_P alloc_table -> - { (JC_27: - ((JC_25: le_int(offset_min(int_P_t_5_alloc_table, t), (0))) - and (JC_26: - ge_int(offset_max(int_P_t_5_alloc_table, t), sub_int(n, (1))))))} - unit reads int_P_int_M_t_5 writes int_P_int_M_t_5 - { ((JC_40: - Permut(t@, (0), sub_int(n@, (1)), int_P_int_M_t_5, int_P_int_M_t_5@)) - and (JC_38: Sorted(t@, (0), sub_int(n@, (1)), int_P_int_M_t_5))) } - -parameter swap : - t_0:int_P pointer -> - i_0:int -> - j_0:int -> - int_P_int_M_t_0_4:(int_P, int) memory ref -> - int_P_t_0_4_alloc_table:int_P alloc_table -> - { } unit reads int_P_int_M_t_0_4 writes int_P_int_M_t_0_4 - { (JC_18: - ((JC_16: - Swap(t_0@, i_0@, j_0@, int_P_int_M_t_0_4, int_P_int_M_t_0_4@)) - and (JC_17: - not_assigns(int_P_t_0_4_alloc_table@, int_P_int_M_t_0_4@, - int_P_int_M_t_0_4, - pset_union(pset_range(pset_singleton(t_0@), j_0@, j_0@), - pset_range(pset_singleton(t_0@), i_0@, i_0@)))))) } - -parameter swap_requires : - t_0:int_P pointer -> - i_0:int -> - j_0:int -> - int_P_int_M_t_0_4:(int_P, int) memory ref -> - int_P_t_0_4_alloc_table:int_P alloc_table -> - { (JC_5: - ((JC_1: le_int(offset_min(int_P_t_0_4_alloc_table, t_0), i_0)) - and ((JC_2: ge_int(offset_max(int_P_t_0_4_alloc_table, t_0), i_0)) - and ((JC_3: - le_int(offset_min(int_P_t_0_4_alloc_table, t_0), j_0)) - and (JC_4: - ge_int(offset_max(int_P_t_0_4_alloc_table, t_0), j_0))))))} - unit reads int_P_int_M_t_0_4 writes int_P_int_M_t_0_4 - { (JC_18: - ((JC_16: - Swap(t_0@, i_0@, j_0@, int_P_int_M_t_0_4, int_P_int_M_t_0_4@)) - and (JC_17: - not_assigns(int_P_t_0_4_alloc_table@, int_P_int_M_t_0_4@, - int_P_int_M_t_0_4, - pset_union(pset_range(pset_singleton(t_0@), j_0@, j_0@), - pset_range(pset_singleton(t_0@), i_0@, i_0@)))))) } - -let min_sort_ensures_default = - fun (t : int_P pointer) (n : int) (int_P_int_M_t_5 : (int_P, int) memory ref) (int_P_t_5_alloc_table : int_P alloc_table) -> - { (JC_31: - ((JC_29: le_int(offset_min(int_P_t_5_alloc_table, t), (0))) - and (JC_30: - ge_int(offset_max(int_P_t_5_alloc_table, t), sub_int(n, (1)))))) } - (init: - try - begin - (let i_0_1 = ref (any_int void) in - (let j_0_1 = ref (any_int void) in - (let mi = ref (any_int void) in - (let mv = ref (any_int void) in - try - (let jessie_ = - begin - try - (let jessie_ = - (C_20: - begin - (if ((le_int_ n) (0)) - then (let jessie_ = (raise (Return_label_exc void)) in void) - else void); (let jessie_ = (i_0_1 := (0)) in void); - (loop_3: - while true do - { invariant - (JC_62: - ((JC_60: le_int((0), i_0_1)) and (JC_61: lt_int(i_0_1, n)))) - } - begin - [ { } unit { true } ]; - try - (let jessie_ = - begin - (let jessie_ = - (C_56: - begin - (if ((lt_int_ !i_0_1) (C_29: ((sub_int n) (1)))) then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); - try - (let jessie_ = - (C_32: - (C_33: - (C_35: - begin - (let jessie_ = - (mv := (C_31: - ((safe_acc_ !int_P_int_M_t_5) (C_30: - ((shift t) !i_0_1))))) in - void); (let jessie_ = (mi := !i_0_1) in void); - (let jessie_ = - (j_0_1 := (C_34: ((add_int !i_0_1) (1)))) in void); - (loop_4: - while true do - { invariant - (JC_69: - ((JC_66: lt_int(i_0_1, j_0_1)) - and ((JC_67: le_int(i_0_1, mi)) - and (JC_68: lt_int(mi, n))))) } - begin - [ { } unit { true } ]; - try - (let jessie_ = - begin - (let jessie_ = - (C_53: - begin - (if ((lt_int_ !j_0_1) n) then void - else - (let jessie_ = - (raise (Goto_while_1_break_exc void)) in void)); - (if ((lt_int_ (C_51: - ((safe_acc_ !int_P_int_M_t_5) (C_50: - ((shift t) !j_0_1))))) !mv) - then - (let jessie_ = - (C_46: - (C_49: - begin - (let jessie_ = (mi := !j_0_1) in void); - (mv := (C_48: - ((safe_acc_ !int_P_int_M_t_5) (C_47: - ((shift t) !j_0_1))))); - !mv end)) in void) else void); - (j_0_1 := (C_52: ((add_int !j_0_1) (1)))); !j_0_1 end) in - void); (raise (Loop_continue_exc void)) end in void) - with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_1_break_exc void)) end))) in void) with - Goto_while_1_break_exc jessie_ -> - (while_1_break: - begin - void; - (C_54: - (let jessie_ = t in - (let jessie_ = !i_0_1 in - (let jessie_ = !mi in - (JC_73: - (((((swap jessie_) jessie_) jessie_) int_P_int_M_t_5) int_P_t_5_alloc_table)))))) - end) end; (i_0_1 := (C_55: ((add_int !i_0_1) (1)))); !i_0_1 - end) in void); (raise (Loop_continue_exc void)) end in void) - with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end) in void) with - Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; - (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> (return_label: (raise Return)) end)))); - (raise Return) end with Return -> void end) { (JC_33: true) } - -let min_sort_ensures_permutation = - fun (t : int_P pointer) (n : int) (int_P_int_M_t_5 : (int_P, int) memory ref) (int_P_t_5_alloc_table : int_P alloc_table) -> - { (JC_31: - ((JC_29: le_int(offset_min(int_P_t_5_alloc_table, t), (0))) - and (JC_30: - ge_int(offset_max(int_P_t_5_alloc_table, t), sub_int(n, (1)))))) } - (init: - try - begin - (let i_0_1 = ref (any_int void) in - (let j_0_1 = ref (any_int void) in - (let mi = ref (any_int void) in - (let mv = ref (any_int void) in - try - (let jessie_ = - begin - try - (let jessie_ = - (C_20: - begin - (if ((le_int_ n) (0)) - then (let jessie_ = (raise (Return_label_exc void)) in void) - else void); (let jessie_ = (i_0_1 := (0)) in void); - (loop_7: - while true do - { invariant - (JC_94: - Permut(t, (0), sub_int(n, (1)), int_P_int_M_t_5, - int_P_int_M_t_5@init)) } - begin - [ { } unit reads i_0_1 - { (JC_97: - ((JC_95: le_int((0), i_0_1)) and (JC_96: lt_int(i_0_1, n)))) } ]; - try - (let jessie_ = - begin - (let jessie_ = - (C_56: - begin - (if ((lt_int_ !i_0_1) (C_29: ((sub_int n) (1)))) then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); - try - (let jessie_ = - (C_32: - (C_33: - (C_35: - begin - (let jessie_ = - (mv := (C_31: - ((safe_acc_ !int_P_int_M_t_5) (C_30: - ((shift t) !i_0_1))))) in - void); (let jessie_ = (mi := !i_0_1) in void); - (let jessie_ = - (j_0_1 := (C_34: ((add_int !i_0_1) (1)))) in void); - (loop_8: - while true do - { invariant - (JC_101: - Permut(t, (0), sub_int(n, (1)), int_P_int_M_t_5, - int_P_int_M_t_5@init)) } - begin - [ { } unit reads i_0_1,j_0_1,mi - { (JC_105: - ((JC_102: lt_int(i_0_1, j_0_1)) - and ((JC_103: le_int(i_0_1, mi)) - and (JC_104: lt_int(mi, n))))) } ]; - try - (let jessie_ = - begin - (let jessie_ = - (C_53: - begin - (if ((lt_int_ !j_0_1) n) then void - else - (let jessie_ = - (raise (Goto_while_1_break_exc void)) in void)); - (if ((lt_int_ (C_51: - ((safe_acc_ !int_P_int_M_t_5) (C_50: - ((shift t) !j_0_1))))) !mv) - then - (let jessie_ = - (C_46: - (C_49: - begin - (let jessie_ = (mi := !j_0_1) in void); - (mv := (C_48: - ((safe_acc_ !int_P_int_M_t_5) (C_47: - ((shift t) !j_0_1))))); - !mv end)) in void) else void); - (j_0_1 := (C_52: ((add_int !j_0_1) (1)))); !j_0_1 end) in - void); (raise (Loop_continue_exc void)) end in void) - with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_1_break_exc void)) end))) in void) with - Goto_while_1_break_exc jessie_ -> - (while_1_break: - begin - void; - (C_54: - (let jessie_ = t in - (let jessie_ = !i_0_1 in - (let jessie_ = !mi in - (JC_109: - (((((swap jessie_) jessie_) jessie_) int_P_int_M_t_5) int_P_t_5_alloc_table)))))) - end) end; (i_0_1 := (C_55: ((add_int !i_0_1) (1)))); !i_0_1 - end) in void); (raise (Loop_continue_exc void)) end in void) - with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end) in void) with - Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; - (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> (return_label: (raise Return)) end)))); - (raise Return) end with Return -> void end) - { (JC_39: - Permut(t@, (0), sub_int(n@, (1)), int_P_int_M_t_5, int_P_int_M_t_5@)) } - -let min_sort_ensures_sorted = - fun (t : int_P pointer) (n : int) (int_P_int_M_t_5 : (int_P, int) memory ref) (int_P_t_5_alloc_table : int_P alloc_table) -> - { (JC_31: - ((JC_29: le_int(offset_min(int_P_t_5_alloc_table, t), (0))) - and (JC_30: - ge_int(offset_max(int_P_t_5_alloc_table, t), sub_int(n, (1)))))) } - (init: - try - begin - (let i_0_1 = ref (any_int void) in - (let j_0_1 = ref (any_int void) in - (let mi = ref (any_int void) in - (let mv = ref (any_int void) in - try - (let jessie_ = - begin - try - (let jessie_ = - (C_20: - begin - (if ((le_int_ n) (0)) - then (let jessie_ = (raise (Return_label_exc void)) in void) - else void); (let jessie_ = (i_0_1 := (0)) in void); - (loop_5: - while true do - { invariant - (JC_76: - ((JC_74: Sorted(t, (0), i_0_1, int_P_int_M_t_5)) - and (JC_75: - (forall k1:int. - (forall k2:int. - ((le_int((0), k1) - and (lt_int(k1, i_0_1) - and (le_int(i_0_1, k2) and lt_int(k2, n)))) -> - le_int(select(int_P_int_M_t_5, shift(t, k1)), - select(int_P_int_M_t_5, shift(t, k2))))))))) } - begin - [ { } unit reads i_0_1 - { (JC_79: - ((JC_77: le_int((0), i_0_1)) and (JC_78: lt_int(i_0_1, n)))) } ]; - try - (let jessie_ = - begin - (let jessie_ = - (C_56: - begin - (if ((lt_int_ !i_0_1) (C_29: ((sub_int n) (1)))) then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); - try - (let jessie_ = - (C_32: - (C_33: - (C_35: - begin - (let jessie_ = - (mv := (C_31: - ((safe_acc_ !int_P_int_M_t_5) (C_30: - ((shift t) !i_0_1))))) in - void); (let jessie_ = (mi := !i_0_1) in void); - (let jessie_ = - (j_0_1 := (C_34: ((add_int !i_0_1) (1)))) in void); - (loop_6: - while true do - { invariant - (JC_85: - ((JC_83: - eq_int(mv, select(int_P_int_M_t_5, shift(t, mi)))) - and (JC_84: - (forall k_0:int. - ((le_int(i_0_1, k_0) and lt_int(k_0, j_0_1)) -> - ge_int(select(int_P_int_M_t_5, shift(t, k_0)), - mv)))))) } - begin - [ { } unit reads i_0_1,j_0_1,mi - { (JC_89: - ((JC_86: lt_int(i_0_1, j_0_1)) - and ((JC_87: le_int(i_0_1, mi)) - and (JC_88: lt_int(mi, n))))) } ]; - try - (let jessie_ = - begin - (let jessie_ = - (C_53: - begin - (if ((lt_int_ !j_0_1) n) then void - else - (let jessie_ = - (raise (Goto_while_1_break_exc void)) in void)); - (if ((lt_int_ (C_51: - ((safe_acc_ !int_P_int_M_t_5) (C_50: - ((shift t) !j_0_1))))) !mv) - then - (let jessie_ = - (C_46: - (C_49: - begin - (let jessie_ = (mi := !j_0_1) in void); - (mv := (C_48: - ((safe_acc_ !int_P_int_M_t_5) (C_47: - ((shift t) !j_0_1))))); - !mv end)) in void) else void); - (j_0_1 := (C_52: ((add_int !j_0_1) (1)))); !j_0_1 end) in - void); (raise (Loop_continue_exc void)) end in void) - with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_1_break_exc void)) end))) in void) with - Goto_while_1_break_exc jessie_ -> - (while_1_break: - begin - void; - (C_54: - (let jessie_ = t in - (let jessie_ = !i_0_1 in - (let jessie_ = !mi in - (JC_93: - (((((swap jessie_) jessie_) jessie_) int_P_int_M_t_5) int_P_t_5_alloc_table)))))) - end) end; (i_0_1 := (C_55: ((add_int !i_0_1) (1)))); !i_0_1 - end) in void); (raise (Loop_continue_exc void)) end in void) - with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end) in void) with - Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; - (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> (return_label: (raise Return)) end)))); - (raise Return) end with Return -> void end) - { (JC_37: Sorted(t@, (0), sub_int(n@, (1)), int_P_int_M_t_5)) } - -let min_sort_safety = - fun (t : int_P pointer) (n : int) (int_P_int_M_t_5 : (int_P, int) memory ref) (int_P_t_5_alloc_table : int_P alloc_table) -> - { (JC_31: - ((JC_29: le_int(offset_min(int_P_t_5_alloc_table, t), (0))) - and (JC_30: - ge_int(offset_max(int_P_t_5_alloc_table, t), sub_int(n, (1)))))) } - (init: - try - begin - (let i_0_1 = ref (any_int void) in - (let j_0_1 = ref (any_int void) in - (let mi = ref (any_int void) in - (let mv = ref (any_int void) in - try - (let jessie_ = - begin - try - (let jessie_ = - (C_20: - begin - (if ((le_int_ n) (0)) - then (let jessie_ = (raise (Return_label_exc void)) in void) - else void); (let jessie_ = (i_0_1 := (0)) in void); - (loop_1: - while true do - { invariant (JC_45: true) variant (JC_59 : sub_int(n, i_0_1)) } - begin - [ { } unit reads i_0_1 - { (JC_43: - ((JC_41: le_int((0), i_0_1)) and (JC_42: lt_int(i_0_1, n)))) } ]; - try - (let jessie_ = - begin - (let jessie_ = - (C_56: - begin - (if ((lt_int_ !i_0_1) (C_29: ((sub_int n) (1)))) then void - else - (let jessie_ = (raise (Goto_while_0_break_exc void)) in - void)); - try - (let jessie_ = - (C_32: - (C_33: - (C_35: - begin - (let jessie_ = - (mv := (C_31: - (JC_47: - ((((offset_acc_ int_P_t_5_alloc_table) !int_P_int_M_t_5) t) !i_0_1)))) in - void); (let jessie_ = (mi := !i_0_1) in void); - (let jessie_ = - (j_0_1 := (C_34: ((add_int !i_0_1) (1)))) in void); - (loop_2: - while true do - { invariant (JC_53: true) - variant (JC_57 : sub_int(n, j_0_1)) } - begin - [ { } unit reads i_0_1,j_0_1,mi - { (JC_51: - ((JC_48: lt_int(i_0_1, j_0_1)) - and ((JC_49: le_int(i_0_1, mi)) - and (JC_50: lt_int(mi, n))))) } ]; - try - (let jessie_ = - begin - (let jessie_ = - (C_53: - begin - (if ((lt_int_ !j_0_1) n) then void - else - (let jessie_ = - (raise (Goto_while_1_break_exc void)) in void)); - (if ((lt_int_ (C_51: - (JC_55: - ((((offset_acc_ int_P_t_5_alloc_table) !int_P_int_M_t_5) t) !j_0_1)))) !mv) - then - (let jessie_ = - (C_46: - (C_49: - begin - (let jessie_ = (mi := !j_0_1) in void); - (mv := (C_48: - (JC_56: - ((((offset_acc_ int_P_t_5_alloc_table) !int_P_int_M_t_5) t) !j_0_1)))); - !mv end)) in void) else void); - (j_0_1 := (C_52: ((add_int !j_0_1) (1)))); !j_0_1 end) in - void); (raise (Loop_continue_exc void)) end in void) - with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_1_break_exc void)) end))) in void) with - Goto_while_1_break_exc jessie_ -> - (while_1_break: - begin - void; - (C_54: - (let jessie_ = t in - (let jessie_ = !i_0_1 in - (let jessie_ = !mi in - (JC_58: - (((((swap_requires jessie_) jessie_) jessie_) int_P_int_M_t_5) int_P_t_5_alloc_table)))))) - end) end; (i_0_1 := (C_55: ((add_int !i_0_1) (1)))); !i_0_1 - end) in void); (raise (Loop_continue_exc void)) end in void) - with Loop_continue_exc jessie_ -> void end end done); - (raise (Goto_while_0_break_exc void)) end) in void) with - Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; - (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> (return_label: (raise Return)) end)))); - (raise Return) end with Return -> void end) { true } - -let swap_ensures_default = - fun (t_0 : int_P pointer) (i_0 : int) (j_0 : int) (int_P_int_M_t_0_4 : (int_P, int) memory ref) (int_P_t_0_4_alloc_table : int_P alloc_table) -> - { (JC_11: - ((JC_7: le_int(offset_min(int_P_t_0_4_alloc_table, t_0), i_0)) - and ((JC_8: ge_int(offset_max(int_P_t_0_4_alloc_table, t_0), i_0)) - and ((JC_9: le_int(offset_min(int_P_t_0_4_alloc_table, t_0), j_0)) - and (JC_10: - ge_int(offset_max(int_P_t_0_4_alloc_table, t_0), j_0)))))) } - (init: - try - begin - (let tmp = ref (any_int void) in - (C_3: - (C_8: - (C_11: - begin - (let jessie_ = - (tmp := (C_2: - ((safe_acc_ !int_P_int_M_t_0_4) (C_1: ((shift t_0) i_0))))) in - void); - (let jessie_ = - (let jessie_ = - (C_5: ((safe_acc_ !int_P_int_M_t_0_4) (C_4: ((shift t_0) j_0)))) in - (let jessie_ = t_0 in - (let jessie_ = i_0 in - (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ int_P_int_M_t_0_4) jessie_) jessie_))))) in void); - (let jessie_ = - (let jessie_ = !tmp in - (let jessie_ = t_0 in - (let jessie_ = j_0 in - (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ int_P_int_M_t_0_4) jessie_) jessie_))))) in void); - (raise Return) end)))); (raise Return) end with Return -> void end) - { (JC_15: - ((JC_13: Swap(t_0@, i_0@, j_0@, int_P_int_M_t_0_4, int_P_int_M_t_0_4@)) - and (JC_14: - not_assigns(int_P_t_0_4_alloc_table@, int_P_int_M_t_0_4@, - int_P_int_M_t_0_4, - pset_union(pset_range(pset_singleton(t_0@), j_0@, j_0@), - pset_range(pset_singleton(t_0@), i_0@, i_0@)))))) } - -let swap_safety = - fun (t_0 : int_P pointer) (i_0 : int) (j_0 : int) (int_P_int_M_t_0_4 : (int_P, int) memory ref) (int_P_t_0_4_alloc_table : int_P alloc_table) -> - { (JC_11: - ((JC_7: le_int(offset_min(int_P_t_0_4_alloc_table, t_0), i_0)) - and ((JC_8: ge_int(offset_max(int_P_t_0_4_alloc_table, t_0), i_0)) - and ((JC_9: le_int(offset_min(int_P_t_0_4_alloc_table, t_0), j_0)) - and (JC_10: - ge_int(offset_max(int_P_t_0_4_alloc_table, t_0), j_0)))))) } - (init: - try - begin - (let tmp = ref (any_int void) in - (C_3: - (C_8: - (C_11: - begin - (let jessie_ = - (tmp := (C_2: - (JC_21: - ((((offset_acc_ int_P_t_0_4_alloc_table) !int_P_int_M_t_0_4) t_0) i_0)))) in - void); - (let jessie_ = - (let jessie_ = - (C_5: - (JC_22: - ((((offset_acc_ int_P_t_0_4_alloc_table) !int_P_int_M_t_0_4) t_0) j_0))) in - (let jessie_ = t_0 in - (let jessie_ = i_0 in - (let jessie_ = ((shift jessie_) jessie_) in - (JC_23: - (((((offset_upd_ int_P_t_0_4_alloc_table) int_P_int_M_t_0_4) jessie_) jessie_) jessie_)))))) in - void); - (let jessie_ = - (let jessie_ = !tmp in - (let jessie_ = t_0 in - (let jessie_ = j_0 in - (let jessie_ = ((shift jessie_) jessie_) in - (JC_24: - (((((offset_upd_ int_P_t_0_4_alloc_table) int_P_int_M_t_0_4) jessie_) jessie_) jessie_)))))) in - void); (raise Return) end)))); (raise Return) end with Return -> - void end) { true } - - -========== generation of alt-ergo VC output ========== -why -alt-ergo [...] why/minimum_sort.why -========== file tests/c/minimum_sort.jessie/why/minimum_sort_why.why ========== -logic eq_unit : unit, unit -> prop - -logic neq_unit : unit, unit -> prop - -logic eq_bool : bool, bool -> prop - -logic neq_bool : bool, bool -> prop - -logic lt_int : int, int -> prop - -logic le_int : int, int -> prop - -logic gt_int : int, int -> prop - -logic ge_int : int, int -> prop - -logic eq_int : int, int -> prop - -logic neq_int : int, int -> prop - -logic add_int : int, int -> int - -logic sub_int : int, int -> int - -logic mul_int : int, int -> int - -logic neg_int : int -> int - -predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) - -logic bool_and : bool, bool -> bool - -logic bool_or : bool, bool -> bool - -logic bool_xor : bool, bool -> bool - -logic bool_not : bool -> bool - -axiom bool_and_def: - (forall a:bool. - (forall b:bool. - ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) - -axiom bool_or_def: - (forall a:bool. - (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) - -axiom bool_xor_def: - (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) - -axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) - -logic ite : bool, 'a1, 'a1 -> 'a1 - -axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) - -axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) - -logic lt_int_bool : int, int -> bool - -logic le_int_bool : int, int -> bool - -logic gt_int_bool : int, int -> bool - -logic ge_int_bool : int, int -> bool - -logic eq_int_bool : int, int -> bool - -logic neq_int_bool : int, int -> bool - -axiom lt_int_bool_axiom: - (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) - -axiom le_int_bool_axiom: - (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) - -axiom gt_int_bool_axiom: - (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) - -axiom ge_int_bool_axiom: - (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) - -axiom eq_int_bool_axiom: - (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) - -axiom neq_int_bool_axiom: - (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) - -logic abs_int : int -> int - -axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) - -axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) - -logic int_max : int, int -> int - -logic int_min : int, int -> int - -axiom int_max_is_ge: - (forall x:int. - (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) - -axiom int_max_is_some: - (forall x:int. - (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) - -axiom int_min_is_le: - (forall x:int. - (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) - -axiom int_min_is_some: - (forall x:int. - (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) - -logic lt_real : real, real -> prop - -logic le_real : real, real -> prop - -logic gt_real : real, real -> prop - -logic ge_real : real, real -> prop - -logic eq_real : real, real -> prop - -logic neq_real : real, real -> prop - -logic add_real : real, real -> real - -logic sub_real : real, real -> real - -logic mul_real : real, real -> real - -logic div_real : real, real -> real - -logic neg_real : real -> real - -logic real_of_int : int -> real - -axiom real_of_int_zero: (real_of_int(0) = 0.0) - -axiom real_of_int_one: (real_of_int(1) = 1.0) - -axiom real_of_int_add: - (forall x:int. - (forall y:int. - (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) - -axiom real_of_int_sub: - (forall x:int. - (forall y:int. - (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) - -logic truncate_real_to_int : real -> int - -axiom truncate_down_pos: - (forall x:real. - ((x >= 0.0) -> - ((real_of_int(truncate_real_to_int(x)) <= x) and - (x < real_of_int((truncate_real_to_int(x) + 1)))))) - -axiom truncate_up_neg: - (forall x:real. - ((x <= 0.0) -> - ((real_of_int((truncate_real_to_int(x) - 1)) < x) and - (x <= real_of_int(truncate_real_to_int(x)))))) - -logic floor_real_to_int : real -> int - -logic ceil_real_to_int : real -> int - -logic lt_real_bool : real, real -> bool - -logic le_real_bool : real, real -> bool - -logic gt_real_bool : real, real -> bool - -logic ge_real_bool : real, real -> bool - -logic eq_real_bool : real, real -> bool - -logic neq_real_bool : real, real -> bool - -axiom lt_real_bool_axiom: - (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) - -axiom le_real_bool_axiom: - (forall x:real. - (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) - -axiom gt_real_bool_axiom: - (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) - -axiom ge_real_bool_axiom: - (forall x:real. - (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) - -axiom eq_real_bool_axiom: - (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) - -axiom neq_real_bool_axiom: - (forall x:real. - (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) - -logic real_max : real, real -> real - -logic real_min : real, real -> real - -axiom real_max_is_ge: - (forall x:real. - (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) - -axiom real_max_is_some: - (forall x:real. - (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) - -axiom real_min_is_le: - (forall x:real. - (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) - -axiom real_min_is_some: - (forall x:real. - (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) - -function sqr_real(x: real) : real = (x * x) - -logic sqrt_real : real -> real - -axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) - -axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) - -axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) - -logic pow_real : real, real -> real - -logic abs_real : real -> real - -axiom abs_real_pos: - (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) - -axiom abs_real_neg: - (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) - -logic exp : real -> real - -logic log : real -> real - -logic log10 : real -> real - -axiom log_exp: (forall x:real. (log(exp(x)) = x)) - -axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) - -logic cos : real -> real - -logic sin : real -> real - -logic tan : real -> real - -logic pi : real - -logic cosh : real -> real - -logic sinh : real -> real - -logic tanh : real -> real - -logic acos : real -> real - -logic asin : real -> real - -logic atan : real -> real - -logic atan2 : real, real -> real - -logic hypot : real, real -> real - -axiom prod_pos: - (forall x:real. - (forall y:real. - ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and - (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) - -axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) - -logic computer_div : int, int -> int - -logic computer_mod : int, int -> int - -logic math_div : int, int -> int - -logic math_mod : int, int -> int - -axiom math_div_mod: - (forall x:int. - (forall y:int. - ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) - -axiom math_mod_bound: - (forall x:int. - (forall y:int. - ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) - -axiom computer_div_mod: - (forall x:int. - (forall y:int [computer_div(x, y), computer_mod(x, y)]. - ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) - -axiom computer_div_bound: - (forall x:int. - (forall y:int. - (((x >= 0) and (y > 0)) -> - ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) - -axiom computer_mod_bound: - (forall x:int. - (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) - -axiom computer_mod_sign_pos: - (forall x:int. - (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) - -axiom computer_mod_sign_neg: - (forall x:int. - (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) - -axiom computer_rounds_toward_zero: - (forall x:int. - (forall y:int. - ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) - -type 't alloc_table - -type 't pointer - -type 't block - -logic base_block : 'a1 pointer -> 'a1 block - -logic offset_max : 'a1 alloc_table, 'a1 pointer -> int - -logic offset_min : 'a1 alloc_table, 'a1 pointer -> int - -predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = - ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) - -predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = - (base_block(p) = base_block(q)) - -logic sub_pointer : 'a1 pointer, 'a1 pointer -> int - -logic shift : 'a1 pointer, int -> 'a1 pointer - -logic null : 'a1 pointer - -logic pointer_address : 'a1 pointer -> unit pointer - -logic absolute_address : int -> unit pointer - -logic address : 'a1 pointer -> int - -axiom address_injective: - (forall p:'a1 pointer. - (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) - -axiom address_null: (address(null) = 0) - -axiom address_shift_lt: - (forall p:'a1 pointer. - (forall i:int. - (forall j:int [address(shift(p, i)), address(shift(p, j))]. - ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) - -axiom address_shift_le: - (forall p:'a1 pointer. - (forall i:int. - (forall j:int [address(shift(p, i)), address(shift(p, j))]. - ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) - -axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) - -axiom shift_shift: - (forall p:'a1 pointer. - (forall i:int. - (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), - j) = shift(p, (i + j)))))) - -axiom offset_max_shift: - (forall a:'a1 alloc_table. - (forall p:'a1 pointer. - (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) - -axiom offset_min_shift: - (forall a:'a1 alloc_table. - (forall p:'a1 pointer. - (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) - -axiom neq_shift: - (forall p:'a1 pointer. - (forall i:int. - (forall j:int [shift(p, i), shift(p, j)]. - ((i <> j) -> (shift(p, i) <> shift(p, j)))))) - -axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) - -axiom null_pointer: - (forall a:'a1 alloc_table. - ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) - -logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool - -logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool - -axiom eq_pointer_bool_def: - (forall p1:'a1 pointer. - (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) - -axiom neq_pointer_bool_def: - (forall p1:'a1 pointer. - (forall p2:'a1 pointer. - ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) - -axiom same_block_shift_right: - (forall p:'a1 pointer. - (forall q:'a1 pointer. - (forall i:int [same_block(p, shift(q, i))]. - (same_block(p, q) -> same_block(p, shift(q, i)))))) - -axiom same_block_shift_left: - (forall p:'a1 pointer. - (forall q:'a1 pointer. - (forall i:int [same_block(shift(q, i), p)]. - (same_block(q, p) -> same_block(shift(q, i), p))))) - -axiom sub_pointer_shift: - (forall p:'a1 pointer. - (forall q:'a1 pointer [sub_pointer(p, q)]. - (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) - -axiom sub_pointer_self: - (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) - -axiom sub_pointer_zero: - (forall p:'a1 pointer. - (forall q:'a1 pointer [sub_pointer(p, q)]. - (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) - -axiom sub_pointer_shift_left: - (forall p:'a1 pointer. - (forall q:'a1 pointer. - (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), - q) = (sub_pointer(p, q) + i))))) - -axiom sub_pointer_shift_right: - (forall p:'a1 pointer. - (forall q:'a1 pointer. - (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, - i)) = (sub_pointer(p, q) - i))))) - -type ('t, 'v) memory - -logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 - -logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory - -axiom select_store_eq: - (forall m:('a1, 'a2) memory. - (forall p1:'a1 pointer. - (forall p2:'a1 pointer. - (forall a:'a2 [store(m, p1, a), p2]. - ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) - -axiom select_store_neq: - (forall m:('a1, 'a2) memory. - (forall p1:'a1 pointer. - (forall p2:'a1 pointer. - (forall a:'a2 [store(m, p1, a), p2]. - ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) - -type 't pset - -logic pset_empty : 'a1 pset - -logic pset_singleton : 'a1 pointer -> 'a1 pset - -logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset - -logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset - -logic pset_all : 'a1 pset -> 'a1 pset - -logic pset_range : 'a1 pset, int, int -> 'a1 pset - -logic pset_range_left : 'a1 pset, int -> 'a1 pset - -logic pset_range_right : 'a1 pset, int -> 'a1 pset - -logic in_pset : 'a1 pointer, 'a1 pset -> prop - -logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop - -predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = - (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) - -predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = - (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) - -axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) - -axiom pset_included_range: - (forall ps:'a1 pset. - (forall a:int. - (forall b:int. - (forall c:int. - (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, - c, d))]. - (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), - pset_range(ps, c, d)))))))) - -axiom pset_included_range_all: - (forall ps:'a1 pset. - (forall a:int. - (forall b:int. - (forall c:int. - (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, - c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) - -axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) - -axiom in_pset_singleton: - (forall p:'a1 pointer. - (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) - -axiom in_pset_deref: - (forall p:'a1 pointer. - (forall m:('a2, 'a1 pointer) memory. - (forall q:'a2 pset. - (in_pset(p, pset_deref(m, q)) <-> - (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) - -axiom in_pset_all: - (forall p:'a1 pointer. - (forall q:'a1 pset. - (in_pset(p, pset_all(q)) <-> - (exists i:int. - (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) - -axiom in_pset_range: - (forall p:'a1 pointer. - (forall q:'a1 pset. - (forall a:int. - (forall b:int. - (in_pset(p, pset_range(q, a, b)) <-> - (exists i:int. - (exists r:'a1 pointer. - ((a <= i) and - ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) - -axiom in_pset_range_left: - (forall p:'a1 pointer. - (forall q:'a1 pset. - (forall b:int. - (in_pset(p, pset_range_left(q, b)) <-> - (exists i:int. - (exists r:'a1 pointer. - ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) - -axiom in_pset_range_right: - (forall p:'a1 pointer. - (forall q:'a1 pset. - (forall a:int. - (in_pset(p, pset_range_right(q, a)) <-> - (exists i:int. - (exists r:'a1 pointer. - ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) - -axiom in_pset_union: - (forall p:'a1 pointer. - (forall s1:'a1 pset. - (forall s2:'a1 pset. - (in_pset(p, pset_union(s1, s2)) <-> - (in_pset(p, s1) or in_pset(p, s2)))))) - -axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) - -axiom valid_pset_singleton: - (forall a:'a1 alloc_table. - (forall p:'a1 pointer. - (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) - -axiom valid_pset_deref: - (forall a:'a1 alloc_table. - (forall m:('a2, 'a1 pointer) memory. - (forall q:'a2 pset. - (valid_pset(a, pset_deref(m, q)) <-> - (forall r:'a2 pointer. - (forall p:'a1 pointer. - ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) - -axiom valid_pset_range: - (forall a:'a1 alloc_table. - (forall q:'a1 pset. - (forall c:int. - (forall d:int. - (valid_pset(a, pset_range(q, c, d)) <-> - (forall i:int. - (forall r:'a1 pointer. - ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, - shift(r, i)))))))))) - -axiom valid_pset_union: - (forall a:'a1 alloc_table. - (forall s1:'a1 pset. - (forall s2:'a1 pset. - (valid_pset(a, pset_union(s1, s2)) <-> - (valid_pset(a, s1) and valid_pset(a, s2)))))) - -predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, - 'a2) memory, l: 'a1 pset) = - (forall p:'a1 pointer. - ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) - -axiom not_assigns_refl: - (forall a:'a1 alloc_table. - (forall m:('a1, 'a2) memory. - (forall l:'a1 pset. not_assigns(a, m, m, l)))) - -axiom not_assigns_trans: - (forall a:'a1 alloc_table. - (forall m1:('a1, 'a2) memory. - (forall m2:('a1, 'a2) memory. - (forall m3:('a1, 'a2) memory. - (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, - m3, l)]. - (not_assigns(a, m1, m2, l) -> - (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) - -logic full_separated : 'a1 pointer, 'a2 pointer -> prop - -axiom full_separated_shift1: - (forall p:'a1 pointer. - (forall q:'a1 pointer. - (forall i:int [full_separated(p, q), shift(q, i)]. - (full_separated(p, q) -> full_separated(p, shift(q, i)))))) - -axiom full_separated_shift2: - (forall p:'a1 pointer. - (forall q:'a1 pointer. - (forall i:int [full_separated(p, q), shift(q, i)]. - (full_separated(p, q) -> full_separated(shift(q, i), p))))) - -axiom full_separated_shift3: - (forall p:'a1 pointer. - (forall q:'a1 pointer. - (forall i:int [full_separated(q, p), shift(q, i)]. - (full_separated(q, p) -> full_separated(shift(q, i), p))))) - -axiom full_separated_shift4: - (forall p:'a1 pointer. - (forall q:'a1 pointer. - (forall i:int [full_separated(q, p), shift(q, i)]. - (full_separated(q, p) -> full_separated(p, shift(q, i)))))) - -type 't tag_table - -type 't tag_id - -logic int_of_tag : 'a1 tag_id -> int - -logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id - -logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop - -logic subtag : 'a1 tag_id, 'a1 tag_id -> prop - -logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool - -axiom subtag_bool_def: - (forall t1:'a1 tag_id. - (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) - -axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) - -axiom subtag_parent: - (forall t1:'a1 tag_id. - (forall t2:'a1 tag_id. - (forall t3:'a1 tag_id. - (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) - -predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = - subtag(typeof(a, p), t) - -logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer - -axiom downcast_instanceof: - (forall a:'a1 tag_table. - (forall p:'a1 pointer. - (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) - -logic bottom_tag : 'a1 tag_id - -axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) - -predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) - -axiom root_subtag: - (forall a:'a1 tag_id. - (forall b:'a1 tag_id. - (forall c:'a1 tag_id. - (root_tag(a) -> - (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) - -predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, - 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, - this) = typeof(tag_table, this)) - -logic bw_compl : int -> int - -logic bw_and : int, int -> int - -axiom bw_and_not_null: - (forall a:int. - (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) - -logic bw_xor : int, int -> int - -logic bw_or : int, int -> int - -logic lsl : int, int -> int - -axiom lsl_left_positive_returns_positive: - (forall a:int. - (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) - -axiom lsl_left_positive_monotone: - (forall a1:int. - (forall a2:int. - (forall b:int. - (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, - b)))))) - -logic lsr : int, int -> int - -axiom lsr_left_positive_returns_positive: - (forall a:int. - (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) - -axiom lsr_left_positive_decreases: - (forall a:int. - (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) - -logic asr : int, int -> int - -axiom asr_positive_on_positive: - (forall a:int. - (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) - -axiom asr_decreases_on_positive: - (forall a:int. - (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) - -axiom asr_lsr_same_on_positive: - (forall a:int. - (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) - -axiom lsl_of_lsr_decreases_on_positive: - (forall a:int. - (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) - -axiom lsr_of_lsl_identity_on_positive: - (forall a:int. - (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) - -logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop - -predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = - (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) - -axiom alloc_extends_offset_min: - (forall a1:'a1 alloc_table. - (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. - (alloc_extends(a1, a2) -> - (forall p:'a1 pointer. - (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) - -axiom alloc_extends_offset_max: - (forall a1:'a1 alloc_table. - (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. - (alloc_extends(a1, a2) -> - (forall p:'a1 pointer. - (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) - -axiom alloc_extends_not_assigns_empty: - (forall a1:'a1 alloc_table. - (forall a2:'a1 alloc_table. - (forall m1:('a1, 'a2) memory. - (forall m2:('a1, 'a2) memory. - (forall l:'a1 pset. - (forall p:'a1 pointer. - (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), - not_assigns(a2, m1, m2, l)]. - ((alloc_extends(a1, a2) and - (alloc_fresh(a1, p, n) and - (not_assigns(a2, m1, m2, l) and pset_included(l, - pset_all(pset_singleton(p)))))) -> - not_assigns(a1, m1, m2, pset_empty))))))))) - -logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, -'a1 pset -> prop - -axiom alloc_extends_except_offset_min: - (forall a1:'a1 alloc_table. - (forall a2:'a1 alloc_table. - (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. - (alloc_extends_except(a1, a2, l) -> - (forall p:'a1 pointer. - ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, - p) = offset_min(a2, p)))))))) - -axiom alloc_extends_except_offset_max: - (forall a1:'a1 alloc_table. - (forall a2:'a1 alloc_table. - (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. - (alloc_extends_except(a1, a2, l) -> - (forall p:'a1 pointer. - ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, - p) = offset_max(a2, p)))))))) - -type 'a mybag - -logic in_mybag : 'a1, 'a1 mybag -> prop - -logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop - -axiom disj_sym: - (forall s1:'a1 mybag. - (forall s2:'a1 mybag [disj_mybag(s1, s2)]. - (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) - -logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop - -axiom sub_refl: - (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) - -axiom sub_disj: - (forall s1:'a1 mybag. - (forall s2:'a1 mybag. - (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| - disj_mybag(s1, s3), sub_mybag(s2, s3)]. - (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) - -axiom sub_in: - (forall s1:'a1 mybag. - (forall s2:'a1 mybag. - (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), - sub_mybag(s1, s2)]. - ((not in_mybag(p, s2)) -> - (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) - -logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, -'a2) memory -> prop - -axiom frame_between_refl: - (forall sa:'a1 pointer mybag. - (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, - m, m))) - -axiom frame_between_gen: - (forall sa:'a1 pointer mybag. - (forall m1:('a1, 'a2) memory. - (forall m2:('a1, 'a2) memory. - (forall p:'a1 pointer. - (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. - (frame_between(sa, m1, m2) -> - (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) - -axiom frame_between_gen2: - (forall sa:'a1 pointer mybag. - (forall m1:('a1, 'a2) memory. - (forall m2:('a1, 'a2) memory. - (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), - frame_between(sa, m1, m3)| frame_between(sa, m2, m3), - frame_between(sa, m1, m3)]. - (frame_between(sa, m1, m2) -> - (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) - -axiom frame_between_gen_sub1: - (forall s12:'a1 pointer mybag. - (forall s23:'a1 pointer mybag. - (forall s13:'a1 pointer mybag. - (forall m1:('a1, 'a2) memory. - (forall m2:('a1, 'a2) memory. - (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), - frame_between(s13, m1, m3)]. - (sub_mybag(s12, s13) -> - (frame_between(s12, m1, m2) -> - (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) - -axiom frame_between_gen_sub2: - (forall s12:'a1 pointer mybag. - (forall s23:'a1 pointer mybag. - (forall s13:'a1 pointer mybag. - (forall m1:('a1, 'a2) memory. - (forall m2:('a1, 'a2) memory. - (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), - frame_between(s13, m1, m3)]. - (frame_between(s12, m1, m2) -> - (sub_mybag(s23, s13) -> - (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) - -axiom frame_between_pointer: - (forall sa:'a1 pointer mybag. - (forall m1:('a1, 'a2) memory. - (forall m2:('a1, 'a2) memory. - (forall p:'a1 pointer. - (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| - frame_between(sa, m1, m2), select(m2, p)]. - (frame_between(sa, m1, m2) -> - ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) - -axiom frame_between_sub: - (forall sa:'a1 pointer mybag. - (forall sb:'a1 pointer mybag. - (forall m1:('a1, 'a2) memory. - (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), - sub_mybag(sa, sb)]. - (frame_between(sa, m1, m2) -> - (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) - -type char_P - -type int_P - -type padding - -type void_P - -predicate Swap(a: int_P pointer, i: int, j: int, - int_P_int_M_a_1_at_L2: (int_P, int) memory, int_P_int_M_a_1_at_L1: (int_P, - int) memory) = - ((select(int_P_int_M_a_1_at_L1, shift(a, - i)) = select(int_P_int_M_a_1_at_L2, shift(a, j))) and - ((select(int_P_int_M_a_1_at_L1, shift(a, - j)) = select(int_P_int_M_a_1_at_L2, shift(a, i))) and - (forall k:int. - (((k <> i) and (k <> j)) -> (select(int_P_int_M_a_1_at_L1, shift(a, - k)) = select(int_P_int_M_a_1_at_L2, shift(a, k))))))) - -logic Permut : int_P pointer, int, int, (int_P, int) memory, (int_P, -int) memory -> prop - -axiom Permut_inversion: - (forall aux_1:int_P pointer. - (forall aux_2:int. - (forall aux_3:int. - (forall aux_4:(int_P, int) memory. - (forall aux_5:(int_P, int) memory [Permut(aux_1, aux_2, aux_3, - aux_4, aux_5)]. - (Permut(aux_1, aux_2, aux_3, aux_4, aux_5) -> - ((exists int_P_int_M_a_0_2_at_L:(int_P, int) memory. - (exists a_1:int_P pointer. - (exists l_0:int. - (exists h_0:int. - ((aux_1 = a_1) and - ((aux_2 = l_0) and - ((aux_3 = h_0) and - ((aux_4 = int_P_int_M_a_0_2_at_L) and - (aux_5 = int_P_int_M_a_0_2_at_L))))))))) or - ((exists int_P_int_M_a_0_2_at_L2:(int_P, int) memory. - (exists int_P_int_M_a_0_2_at_L1:(int_P, int) memory. - (exists a_2:int_P pointer. - (exists l_1:int. - (exists h_1:int. - (Permut(a_2, l_1, h_1, int_P_int_M_a_0_2_at_L2, - int_P_int_M_a_0_2_at_L1) and - ((aux_1 = a_2) and - ((aux_2 = l_1) and - ((aux_3 = h_1) and - ((aux_4 = int_P_int_M_a_0_2_at_L1) and - (aux_5 = int_P_int_M_a_0_2_at_L2))))))))))) or - ((exists int_P_int_M_a_0_2_at_L3:(int_P, int) memory. - (exists int_P_int_M_a_0_2_at_L2:(int_P, int) memory. - (exists int_P_int_M_a_0_2_at_L1:(int_P, int) memory. - (exists a_3:int_P pointer. - (exists l_2:int. - (exists h_2:int. - ((Permut(a_3, l_2, h_2, int_P_int_M_a_0_2_at_L2, - int_P_int_M_a_0_2_at_L1) and Permut(a_3, l_2, - h_2, int_P_int_M_a_0_2_at_L3, - int_P_int_M_a_0_2_at_L2)) and - ((aux_1 = a_3) and - ((aux_2 = l_2) and - ((aux_3 = h_2) and - ((aux_4 = int_P_int_M_a_0_2_at_L3) and - (aux_5 = int_P_int_M_a_0_2_at_L1)))))))))))) or - (exists int_P_int_M_a_0_2_at_L2:(int_P, int) memory. - (exists int_P_int_M_a_0_2_at_L1:(int_P, int) memory. - (exists a_4:int_P pointer. - (exists l_3:int. - (exists h_3:int. - (exists i_0_0:int. - (exists j_0_0:int. - (((l_3 <= i_0_0) and - ((i_0_0 <= h_3) and - ((l_3 <= j_0_0) and - ((j_0_0 <= h_3) and Swap(a_4, i_0_0, j_0_0, - int_P_int_M_a_0_2_at_L2, - int_P_int_M_a_0_2_at_L1))))) and - ((aux_1 = a_4) and - ((aux_2 = l_3) and - ((aux_3 = h_3) and - ((aux_4 = int_P_int_M_a_0_2_at_L2) and - (aux_5 = int_P_int_M_a_0_2_at_L1)))))))))))))))))))))) - -axiom Permut_refl: - (forall int_P_int_M_a_0_2_at_L:(int_P, int) memory. - (forall a_1:int_P pointer. - (forall l_0:int. - (forall h_0:int. Permut(a_1, l_0, h_0, int_P_int_M_a_0_2_at_L, - int_P_int_M_a_0_2_at_L))))) - -axiom Permut_sym: - (forall int_P_int_M_a_0_2_at_L2:(int_P, int) memory. - (forall int_P_int_M_a_0_2_at_L1:(int_P, int) memory. - (forall a_2:int_P pointer. - (forall l_1:int. - (forall h_1:int. - (Permut(a_2, l_1, h_1, int_P_int_M_a_0_2_at_L2, - int_P_int_M_a_0_2_at_L1) -> Permut(a_2, l_1, h_1, - int_P_int_M_a_0_2_at_L1, int_P_int_M_a_0_2_at_L2))))))) - -axiom Permut_trans: - (forall int_P_int_M_a_0_2_at_L3:(int_P, int) memory. - (forall int_P_int_M_a_0_2_at_L2:(int_P, int) memory. - (forall int_P_int_M_a_0_2_at_L1:(int_P, int) memory. - (forall a_3:int_P pointer. - (forall l_2:int. - (forall h_2:int. - ((Permut(a_3, l_2, h_2, int_P_int_M_a_0_2_at_L2, - int_P_int_M_a_0_2_at_L1) and Permut(a_3, l_2, h_2, - int_P_int_M_a_0_2_at_L3, int_P_int_M_a_0_2_at_L2)) -> - Permut(a_3, l_2, h_2, int_P_int_M_a_0_2_at_L3, - int_P_int_M_a_0_2_at_L1)))))))) - -axiom Permut_swap: - (forall int_P_int_M_a_0_2_at_L2:(int_P, int) memory. - (forall int_P_int_M_a_0_2_at_L1:(int_P, int) memory. - (forall a_4:int_P pointer. - (forall l_3:int. - (forall h_3:int. - (forall i_0_0:int. - (forall j_0_0:int. - (((l_3 <= i_0_0) and - ((i_0_0 <= h_3) and - ((l_3 <= j_0_0) and - ((j_0_0 <= h_3) and Swap(a_4, i_0_0, j_0_0, - int_P_int_M_a_0_2_at_L2, int_P_int_M_a_0_2_at_L1))))) -> - Permut(a_4, l_3, h_3, int_P_int_M_a_0_2_at_L2, - int_P_int_M_a_0_2_at_L1))))))))) - -predicate Sorted(a_5: int_P pointer, l_4: int, h_4: int, - int_P_int_M_a_5_3_at_L: (int_P, int) memory) = - (forall i_1:int. - (((l_4 <= i_1) and (i_1 < h_4)) -> (select(int_P_int_M_a_5_3_at_L, - shift(a_5, i_1)) <= select(int_P_int_M_a_5_3_at_L, shift(a_5, - (i_1 + 1)))))) - -logic char_P_tag : char_P tag_id - -axiom char_P_int: (int_of_tag(char_P_tag) = 1) - -logic char_P_of_pointer_address : unit pointer -> char_P pointer - -axiom char_P_of_pointer_address_of_pointer_addr: - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) - -axiom char_P_parenttag_bottom: parenttag(char_P_tag, bottom_tag) - -axiom char_P_tags: - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. instanceof(char_P_tag_table, - x, char_P_tag))) - -logic int_P_tag : int_P tag_id - -axiom int_P_int: (int_of_tag(int_P_tag) = 1) - -logic int_P_of_pointer_address : unit pointer -> int_P pointer - -axiom int_P_of_pointer_address_of_pointer_addr: - (forall p:int_P pointer. - (p = int_P_of_pointer_address(pointer_address(p)))) - -axiom int_P_parenttag_bottom: parenttag(int_P_tag, bottom_tag) - -axiom int_P_tags: - (forall x:int_P pointer. - (forall int_P_tag_table:int_P tag_table. instanceof(int_P_tag_table, x, - int_P_tag))) - -predicate left_valid_struct_char_P(p: char_P pointer, a: int, - char_P_alloc_table: char_P alloc_table) = (offset_min(char_P_alloc_table, - p) <= a) - -predicate left_valid_struct_int_P(p: int_P pointer, a: int, - int_P_alloc_table: int_P alloc_table) = (offset_min(int_P_alloc_table, - p) <= a) - -predicate left_valid_struct_void_P(p: void_P pointer, a: int, - void_P_alloc_table: void_P alloc_table) = (offset_min(void_P_alloc_table, - p) <= a) - -axiom pointer_addr_of_char_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(char_P_of_pointer_address(p)))) - -axiom pointer_addr_of_int_P_of_pointer_address: - (forall p:unit pointer. (p = pointer_address(int_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address : unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(void_P_of_pointer_address(p)))) - -predicate right_valid_struct_char_P(p: char_P pointer, b: int, - char_P_alloc_table: char_P alloc_table) = (offset_max(char_P_alloc_table, - p) >= b) - -predicate right_valid_struct_int_P(p: int_P pointer, b: int, - int_P_alloc_table: int_P alloc_table) = (offset_max(int_P_alloc_table, - p) >= b) - -predicate right_valid_struct_void_P(p: void_P pointer, b: int, - void_P_alloc_table: void_P alloc_table) = (offset_max(void_P_alloc_table, - p) >= b) - -predicate strict_valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) and (offset_max(int_P_alloc_table, - p) = b)) - -predicate strict_valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) and (offset_max(int_P_alloc_table, - p) = b)) - -predicate strict_valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_int_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) and (offset_max(int_P_alloc_table, - p) >= b)) - -predicate valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) and (offset_max(int_P_alloc_table, - p) >= b)) - -predicate valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag : void_P tag_id - -axiom void_P_int: (int_of_tag(void_P_tag) = 1) - -axiom void_P_of_pointer_address_of_pointer_addr: - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom: parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags: - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. instanceof(void_P_tag_table, - x, void_P_tag))) - -goal min_sort_ensures_default_po_1: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - ("JC_62": ("JC_60": ("JC_60": (0 <= i_0_1)))) - -goal min_sort_ensures_default_po_2: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - ("JC_62": ("JC_61": ("JC_61": (i_0_1 < n)))) - -goal min_sort_ensures_default_po_3: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - ("JC_69": ("JC_66": ("JC_66": (i_0_1_0 < j_0_1)))) - -goal min_sort_ensures_default_po_4: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - ("JC_69": ("JC_67": ("JC_67": (i_0_1_0 <= mi)))) - -goal min_sort_ensures_default_po_5: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - ("JC_69": ("JC_68": ("JC_68": (mi < n)))) - -goal min_sort_ensures_default_po_6: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_69": - (("JC_66": (i_0_1_0 < j_0_1_0)) and - (("JC_67": (i_0_1_0 <= mi0)) and ("JC_68": (mi0 < n))))) -> - (j_0_1_0 < n) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - (result0 < mv0) -> - forall mi1:int. - (mi1 = j_0_1_0) -> - forall result1:int. - (result1 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - forall mv1:int. - (mv1 = result1) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - ("JC_69": ("JC_66": ("JC_66": (i_0_1_0 < j_0_1_1)))) - -goal min_sort_ensures_default_po_7: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_69": - (("JC_66": (i_0_1_0 < j_0_1_0)) and - (("JC_67": (i_0_1_0 <= mi0)) and ("JC_68": (mi0 < n))))) -> - (j_0_1_0 < n) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - (result0 < mv0) -> - forall mi1:int. - (mi1 = j_0_1_0) -> - forall result1:int. - (result1 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - forall mv1:int. - (mv1 = result1) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - ("JC_69": ("JC_67": ("JC_67": (i_0_1_0 <= mi1)))) - -goal min_sort_ensures_default_po_8: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_69": - (("JC_66": (i_0_1_0 < j_0_1_0)) and - (("JC_67": (i_0_1_0 <= mi0)) and ("JC_68": (mi0 < n))))) -> - (j_0_1_0 < n) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - (result0 < mv0) -> - forall mi1:int. - (mi1 = j_0_1_0) -> - forall result1:int. - (result1 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - forall mv1:int. - (mv1 = result1) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - ("JC_69": ("JC_68": ("JC_68": (mi1 < n)))) - -goal min_sort_ensures_default_po_9: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_69": - (("JC_66": (i_0_1_0 < j_0_1_0)) and - (("JC_67": (i_0_1_0 <= mi0)) and ("JC_68": (mi0 < n))))) -> - (j_0_1_0 < n) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - (result0 >= mv0) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - ("JC_69": ("JC_66": ("JC_66": (i_0_1_0 < j_0_1_1)))) - -goal min_sort_ensures_default_po_10: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_69": - (("JC_66": (i_0_1_0 < j_0_1_0)) and - (("JC_67": (i_0_1_0 <= mi0)) and ("JC_68": (mi0 < n))))) -> - (j_0_1_0 < n) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - (result0 >= mv0) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - ("JC_69": ("JC_67": ("JC_67": (i_0_1_0 <= mi0)))) - -goal min_sort_ensures_default_po_11: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_69": - (("JC_66": (i_0_1_0 < j_0_1_0)) and - (("JC_67": (i_0_1_0 <= mi0)) and ("JC_68": (mi0 < n))))) -> - (j_0_1_0 < n) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - (result0 >= mv0) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - ("JC_69": ("JC_68": ("JC_68": (mi0 < n)))) - -goal min_sort_ensures_default_po_12: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - ("JC_69": - (("JC_66": (i_0_1_0 < j_0_1_0)) and - (("JC_67": (i_0_1_0 <= mi0)) and ("JC_68": (mi0 < n))))) -> - (j_0_1_0 >= n) -> - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_18": - (("JC_16": Swap(t, i_0_1_0, mi0, int_P_int_M_t_5_0, int_P_int_M_t_5)) and - ("JC_17": not_assigns(int_P_t_5_alloc_table, int_P_int_M_t_5, - int_P_int_M_t_5_0, pset_union(pset_range(pset_singleton(t), mi0, mi0), - pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> - forall i_0_1_1:int. - (i_0_1_1 = (i_0_1_0 + 1)) -> - ("JC_62": ("JC_60": ("JC_60": (0 <= i_0_1_1)))) - -goal min_sort_ensures_default_po_13: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_62": (("JC_60": (0 <= i_0_1_0)) and ("JC_61": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - ("JC_69": - (("JC_66": (i_0_1_0 < j_0_1_0)) and - (("JC_67": (i_0_1_0 <= mi0)) and ("JC_68": (mi0 < n))))) -> - (j_0_1_0 >= n) -> - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_18": - (("JC_16": Swap(t, i_0_1_0, mi0, int_P_int_M_t_5_0, int_P_int_M_t_5)) and - ("JC_17": not_assigns(int_P_t_5_alloc_table, int_P_int_M_t_5, - int_P_int_M_t_5_0, pset_union(pset_range(pset_singleton(t), mi0, mi0), - pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> - forall i_0_1_1:int. - (i_0_1_1 = (i_0_1_0 + 1)) -> - ("JC_62": ("JC_61": ("JC_61": (i_0_1_1 < n)))) - -goal min_sort_ensures_permutation_po_1: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n <= 0) -> - ("JC_39": Permut(t, 0, (n - 1), int_P_int_M_t_5, int_P_int_M_t_5)) - -goal min_sort_ensures_permutation_po_2: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - ("JC_94": Permut(t, 0, (n - 1), int_P_int_M_t_5, int_P_int_M_t_5)) - -goal min_sort_ensures_permutation_po_3: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_94": Permut(t, 0, (n - 1), int_P_int_M_t_5_0, int_P_int_M_t_5)) -> - ("JC_97": (("JC_95": (0 <= i_0_1_0)) and ("JC_96": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5_0, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - ("JC_101": Permut(t, 0, (n - 1), int_P_int_M_t_5_0, int_P_int_M_t_5)) -> - ("JC_105": - (("JC_102": (i_0_1_0 < j_0_1_0)) and - (("JC_103": (i_0_1_0 <= mi0)) and ("JC_104": (mi0 < n))))) -> - (j_0_1_0 >= n) -> - forall int_P_int_M_t_5_1:(int_P, - int) memory. - ("JC_18": - (("JC_16": Swap(t, i_0_1_0, mi0, int_P_int_M_t_5_1, int_P_int_M_t_5_0)) and - ("JC_17": not_assigns(int_P_t_5_alloc_table, int_P_int_M_t_5_0, - int_P_int_M_t_5_1, pset_union(pset_range(pset_singleton(t), mi0, mi0), - pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> - forall i_0_1_1:int. - (i_0_1_1 = (i_0_1_0 + 1)) -> - ("JC_94": Permut(t, 0, (n - 1), int_P_int_M_t_5_1, int_P_int_M_t_5)) - -goal min_sort_ensures_sorted_po_1: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n <= 0) -> - ("JC_37": Sorted(t, 0, (n - 1), int_P_int_M_t_5)) - -goal min_sort_ensures_sorted_po_2: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - ("JC_76": ("JC_74": ("JC_74": Sorted(t, 0, i_0_1, int_P_int_M_t_5)))) - -goal min_sort_ensures_sorted_po_3: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - ("JC_76": - ("JC_75": - ("JC_75": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and ((k1 < i_0_1) and ((i_0_1 <= k2) and (k2 < n)))) -> - (select(int_P_int_M_t_5, shift(t, k1)) <= select(int_P_int_M_t_5, - shift(t, k2))))))))) - -goal min_sort_ensures_sorted_po_4: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_76": - (("JC_74": Sorted(t, 0, i_0_1_0, int_P_int_M_t_5_0)) and - ("JC_75": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> - (select(int_P_int_M_t_5_0, shift(t, k1)) <= select(int_P_int_M_t_5_0, - shift(t, k2))))))))) -> - ("JC_79": (("JC_77": (0 <= i_0_1_0)) and ("JC_78": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5_0, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - ("JC_85": - ("JC_83": ("JC_83": (mv = select(int_P_int_M_t_5_0, shift(t, mi)))))) - -goal min_sort_ensures_sorted_po_5: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_76": - (("JC_74": Sorted(t, 0, i_0_1_0, int_P_int_M_t_5_0)) and - ("JC_75": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> - (select(int_P_int_M_t_5_0, shift(t, k1)) <= select(int_P_int_M_t_5_0, - shift(t, k2))))))))) -> - ("JC_79": (("JC_77": (0 <= i_0_1_0)) and ("JC_78": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5_0, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - ("JC_85": - ("JC_84": - ("JC_84": - (forall k_0:int. - (((i_0_1_0 <= k_0) and (k_0 < j_0_1)) -> (select(int_P_int_M_t_5_0, - shift(t, k_0)) >= mv)))))) - -goal min_sort_ensures_sorted_po_6: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_76": - (("JC_74": Sorted(t, 0, i_0_1_0, int_P_int_M_t_5_0)) and - ("JC_75": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> - (select(int_P_int_M_t_5_0, shift(t, k1)) <= select(int_P_int_M_t_5_0, - shift(t, k2))))))))) -> - ("JC_79": (("JC_77": (0 <= i_0_1_0)) and ("JC_78": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5_0, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_85": - (("JC_83": (mv0 = select(int_P_int_M_t_5_0, shift(t, mi0)))) and - ("JC_84": - (forall k_0:int. - (((i_0_1_0 <= k_0) and (k_0 < j_0_1_0)) -> (select(int_P_int_M_t_5_0, - shift(t, k_0)) >= mv0)))))) -> - ("JC_89": - (("JC_86": (i_0_1_0 < j_0_1_0)) and - (("JC_87": (i_0_1_0 <= mi0)) and ("JC_88": (mi0 < n))))) -> - (j_0_1_0 < n) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5_0, shift(t, j_0_1_0))) -> - (result0 < mv0) -> - forall mi1:int. - (mi1 = j_0_1_0) -> - forall result1:int. - (result1 = select(int_P_int_M_t_5_0, shift(t, j_0_1_0))) -> - forall mv1:int. - (mv1 = result1) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - ("JC_85": - ("JC_83": ("JC_83": (mv1 = select(int_P_int_M_t_5_0, shift(t, mi1)))))) - -goal min_sort_ensures_sorted_po_7: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_76": - (("JC_74": Sorted(t, 0, i_0_1_0, int_P_int_M_t_5_0)) and - ("JC_75": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> - (select(int_P_int_M_t_5_0, shift(t, k1)) <= select(int_P_int_M_t_5_0, - shift(t, k2))))))))) -> - ("JC_79": (("JC_77": (0 <= i_0_1_0)) and ("JC_78": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5_0, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_85": - (("JC_83": (mv0 = select(int_P_int_M_t_5_0, shift(t, mi0)))) and - ("JC_84": - (forall k_0:int. - (((i_0_1_0 <= k_0) and (k_0 < j_0_1_0)) -> (select(int_P_int_M_t_5_0, - shift(t, k_0)) >= mv0)))))) -> - ("JC_89": - (("JC_86": (i_0_1_0 < j_0_1_0)) and - (("JC_87": (i_0_1_0 <= mi0)) and ("JC_88": (mi0 < n))))) -> - (j_0_1_0 < n) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5_0, shift(t, j_0_1_0))) -> - (result0 < mv0) -> - forall mi1:int. - (mi1 = j_0_1_0) -> - forall result1:int. - (result1 = select(int_P_int_M_t_5_0, shift(t, j_0_1_0))) -> - forall mv1:int. - (mv1 = result1) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - ("JC_85": - ("JC_84": - ("JC_84": - (forall k_0:int. - (((i_0_1_0 <= k_0) and (k_0 < j_0_1_1)) -> (select(int_P_int_M_t_5_0, - shift(t, k_0)) >= mv1)))))) - -goal min_sort_ensures_sorted_po_8: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_76": - (("JC_74": Sorted(t, 0, i_0_1_0, int_P_int_M_t_5_0)) and - ("JC_75": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> - (select(int_P_int_M_t_5_0, shift(t, k1)) <= select(int_P_int_M_t_5_0, - shift(t, k2))))))))) -> - ("JC_79": (("JC_77": (0 <= i_0_1_0)) and ("JC_78": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5_0, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_85": - (("JC_83": (mv0 = select(int_P_int_M_t_5_0, shift(t, mi0)))) and - ("JC_84": - (forall k_0:int. - (((i_0_1_0 <= k_0) and (k_0 < j_0_1_0)) -> (select(int_P_int_M_t_5_0, - shift(t, k_0)) >= mv0)))))) -> - ("JC_89": - (("JC_86": (i_0_1_0 < j_0_1_0)) and - (("JC_87": (i_0_1_0 <= mi0)) and ("JC_88": (mi0 < n))))) -> - (j_0_1_0 < n) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5_0, shift(t, j_0_1_0))) -> - (result0 >= mv0) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - ("JC_85": - ("JC_84": - ("JC_84": - (forall k_0:int. - (((i_0_1_0 <= k_0) and (k_0 < j_0_1_1)) -> (select(int_P_int_M_t_5_0, - shift(t, k_0)) >= mv0)))))) - -goal min_sort_ensures_sorted_po_9: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_76": - (("JC_74": Sorted(t, 0, i_0_1_0, int_P_int_M_t_5_0)) and - ("JC_75": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> - (select(int_P_int_M_t_5_0, shift(t, k1)) <= select(int_P_int_M_t_5_0, - shift(t, k2))))))))) -> - ("JC_79": (("JC_77": (0 <= i_0_1_0)) and ("JC_78": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5_0, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_85": - (("JC_83": (mv0 = select(int_P_int_M_t_5_0, shift(t, mi0)))) and - ("JC_84": - (forall k_0:int. - (((i_0_1_0 <= k_0) and (k_0 < j_0_1_0)) -> (select(int_P_int_M_t_5_0, - shift(t, k_0)) >= mv0)))))) -> - ("JC_89": - (("JC_86": (i_0_1_0 < j_0_1_0)) and - (("JC_87": (i_0_1_0 <= mi0)) and ("JC_88": (mi0 < n))))) -> - (j_0_1_0 >= n) -> - forall int_P_int_M_t_5_1:(int_P, - int) memory. - ("JC_18": - (("JC_16": Swap(t, i_0_1_0, mi0, int_P_int_M_t_5_1, int_P_int_M_t_5_0)) and - ("JC_17": not_assigns(int_P_t_5_alloc_table, int_P_int_M_t_5_0, - int_P_int_M_t_5_1, pset_union(pset_range(pset_singleton(t), mi0, mi0), - pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> - forall i_0_1_1:int. - (i_0_1_1 = (i_0_1_0 + 1)) -> - ("JC_76": ("JC_74": ("JC_74": Sorted(t, 0, i_0_1_1, int_P_int_M_t_5_1)))) - -goal min_sort_ensures_sorted_po_10: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_76": - (("JC_74": Sorted(t, 0, i_0_1_0, int_P_int_M_t_5_0)) and - ("JC_75": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> - (select(int_P_int_M_t_5_0, shift(t, k1)) <= select(int_P_int_M_t_5_0, - shift(t, k2))))))))) -> - ("JC_79": (("JC_77": (0 <= i_0_1_0)) and ("JC_78": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - forall result:int. - (result = select(int_P_int_M_t_5_0, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_85": - (("JC_83": (mv0 = select(int_P_int_M_t_5_0, shift(t, mi0)))) and - ("JC_84": - (forall k_0:int. - (((i_0_1_0 <= k_0) and (k_0 < j_0_1_0)) -> (select(int_P_int_M_t_5_0, - shift(t, k_0)) >= mv0)))))) -> - ("JC_89": - (("JC_86": (i_0_1_0 < j_0_1_0)) and - (("JC_87": (i_0_1_0 <= mi0)) and ("JC_88": (mi0 < n))))) -> - (j_0_1_0 >= n) -> - forall int_P_int_M_t_5_1:(int_P, - int) memory. - ("JC_18": - (("JC_16": Swap(t, i_0_1_0, mi0, int_P_int_M_t_5_1, int_P_int_M_t_5_0)) and - ("JC_17": not_assigns(int_P_t_5_alloc_table, int_P_int_M_t_5_0, - int_P_int_M_t_5_1, pset_union(pset_range(pset_singleton(t), mi0, mi0), - pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> - forall i_0_1_1:int. - (i_0_1_1 = (i_0_1_0 + 1)) -> - ("JC_76": - ("JC_75": - ("JC_75": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and ((k1 < i_0_1_1) and ((i_0_1_1 <= k2) and (k2 < n)))) -> - (select(int_P_int_M_t_5_1, shift(t, k1)) <= select(int_P_int_M_t_5_1, - shift(t, k2))))))))) - -goal min_sort_ensures_sorted_po_11: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_76": - (("JC_74": Sorted(t, 0, i_0_1_0, int_P_int_M_t_5_0)) and - ("JC_75": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> - (select(int_P_int_M_t_5_0, shift(t, k1)) <= select(int_P_int_M_t_5_0, - shift(t, k2))))))))) -> - ("JC_79": (("JC_77": (0 <= i_0_1_0)) and ("JC_78": (i_0_1_0 < n)))) -> - (i_0_1_0 >= (n - 1)) -> - ("JC_37": Sorted(t, 0, (n - 1), int_P_int_M_t_5_0)) - -goal min_sort_safety_po_1: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - (offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) - -goal min_sort_safety_po_2: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t)) - -goal min_sort_safety_po_3: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 < n) -> - (offset_min(int_P_t_5_alloc_table, t) <= j_0_1_0) - -goal min_sort_safety_po_4: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 < n) -> - (j_0_1_0 <= offset_max(int_P_t_5_alloc_table, t)) - -goal min_sort_safety_po_5: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 < n) -> - ((offset_min(int_P_t_5_alloc_table, t) <= j_0_1_0) and - (j_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - (result0 < mv0) -> - forall mi1:int. - (mi1 = j_0_1_0) -> - ((offset_min(int_P_t_5_alloc_table, t) <= j_0_1_0) and - (j_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result1:int. - (result1 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - forall mv1:int. - (mv1 = result1) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - (0 <= ("JC_57": (n - j_0_1_0))) - -goal min_sort_safety_po_6: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 < n) -> - ((offset_min(int_P_t_5_alloc_table, t) <= j_0_1_0) and - (j_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - (result0 < mv0) -> - forall mi1:int. - (mi1 = j_0_1_0) -> - ((offset_min(int_P_t_5_alloc_table, t) <= j_0_1_0) and - (j_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result1:int. - (result1 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - forall mv1:int. - (mv1 = result1) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - (("JC_57": (n - j_0_1_1)) < ("JC_57": (n - j_0_1_0))) - -goal min_sort_safety_po_7: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 < n) -> - ((offset_min(int_P_t_5_alloc_table, t) <= j_0_1_0) and - (j_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - (result0 >= mv0) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - (0 <= ("JC_57": (n - j_0_1_0))) - -goal min_sort_safety_po_8: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - forall mv0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 < n) -> - ((offset_min(int_P_t_5_alloc_table, t) <= j_0_1_0) and - (j_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result0:int. - (result0 = select(int_P_int_M_t_5, shift(t, j_0_1_0))) -> - (result0 >= mv0) -> - forall j_0_1_1:int. - (j_0_1_1 = (j_0_1_0 + 1)) -> - (("JC_57": (n - j_0_1_1)) < ("JC_57": (n - j_0_1_0))) - -goal min_sort_safety_po_9: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 >= n) -> - ("JC_5": - ("JC_2": ("JC_2": (offset_max(int_P_t_5_alloc_table, t) >= i_0_1_0)))) - -goal min_sort_safety_po_10: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 >= n) -> - ("JC_5": ("JC_3": ("JC_3": (offset_min(int_P_t_5_alloc_table, t) <= mi0)))) - -goal min_sort_safety_po_11: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 >= n) -> - ("JC_5": ("JC_4": ("JC_4": (offset_max(int_P_t_5_alloc_table, t) >= mi0)))) - -goal min_sort_safety_po_12: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 >= n) -> - ("JC_5": - (("JC_1": (offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0)) and - (("JC_2": (offset_max(int_P_t_5_alloc_table, t) >= i_0_1_0)) and - (("JC_3": (offset_min(int_P_t_5_alloc_table, t) <= mi0)) and - ("JC_4": (offset_max(int_P_t_5_alloc_table, t) >= mi0)))))) -> - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_18": - (("JC_16": Swap(t, i_0_1_0, mi0, int_P_int_M_t_5_0, int_P_int_M_t_5)) and - ("JC_17": not_assigns(int_P_t_5_alloc_table, int_P_int_M_t_5, - int_P_int_M_t_5_0, pset_union(pset_range(pset_singleton(t), mi0, mi0), - pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> - forall i_0_1_1:int. - (i_0_1_1 = (i_0_1_0 + 1)) -> - (0 <= ("JC_59": (n - i_0_1_0))) - -goal min_sort_safety_po_13: - forall t:int_P pointer. - forall n:int. - forall int_P_t_5_alloc_table:int_P alloc_table. - ("JC_31": - (("JC_29": (offset_min(int_P_t_5_alloc_table, t) <= 0)) and - ("JC_30": (offset_max(int_P_t_5_alloc_table, t) >= (n - 1))))) -> - (n > 0) -> - forall i_0_1:int. - (i_0_1 = 0) -> - forall i_0_1_0:int. - forall int_P_int_M_t_5:(int_P, - int) memory. - ("JC_45": true) -> - ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> - (i_0_1_0 < (n - 1)) -> - ((offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0) and - (i_0_1_0 <= offset_max(int_P_t_5_alloc_table, t))) -> - forall result:int. - (result = select(int_P_int_M_t_5, shift(t, i_0_1_0))) -> - forall mv:int. - (mv = result) -> - forall mi:int. - (mi = i_0_1_0) -> - forall j_0_1:int. - (j_0_1 = (i_0_1_0 + 1)) -> - forall j_0_1_0:int. - forall mi0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_48": (i_0_1_0 < j_0_1_0)) and - (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> - (j_0_1_0 >= n) -> - ("JC_5": - (("JC_1": (offset_min(int_P_t_5_alloc_table, t) <= i_0_1_0)) and - (("JC_2": (offset_max(int_P_t_5_alloc_table, t) >= i_0_1_0)) and - (("JC_3": (offset_min(int_P_t_5_alloc_table, t) <= mi0)) and - ("JC_4": (offset_max(int_P_t_5_alloc_table, t) >= mi0)))))) -> - forall int_P_int_M_t_5_0:(int_P, - int) memory. - ("JC_18": - (("JC_16": Swap(t, i_0_1_0, mi0, int_P_int_M_t_5_0, int_P_int_M_t_5)) and - ("JC_17": not_assigns(int_P_t_5_alloc_table, int_P_int_M_t_5, - int_P_int_M_t_5_0, pset_union(pset_range(pset_singleton(t), mi0, mi0), - pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> - forall i_0_1_1:int. - (i_0_1_1 = (i_0_1_0 + 1)) -> - (("JC_59": (n - i_0_1_1)) < ("JC_59": (n - i_0_1_0))) - -goal swap_ensures_default_po_1: - forall t_0:int_P pointer. - forall i_0:int. - forall j_0:int. - forall int_P_t_0_4_alloc_table:int_P alloc_table. - forall int_P_int_M_t_0_4:(int_P, - int) memory. - ("JC_11": - (("JC_7": (offset_min(int_P_t_0_4_alloc_table, t_0) <= i_0)) and - (("JC_8": (offset_max(int_P_t_0_4_alloc_table, t_0) >= i_0)) and - (("JC_9": (offset_min(int_P_t_0_4_alloc_table, t_0) <= j_0)) and - ("JC_10": (offset_max(int_P_t_0_4_alloc_table, t_0) >= j_0)))))) -> - forall result:int. - (result = select(int_P_int_M_t_0_4, shift(t_0, i_0))) -> - forall tmp:int. - (tmp = result) -> - forall result0:int. - (result0 = select(int_P_int_M_t_0_4, shift(t_0, j_0))) -> - forall int_P_int_M_t_0_4_0:(int_P, - int) memory. - (int_P_int_M_t_0_4_0 = store(int_P_int_M_t_0_4, shift(t_0, i_0), - result0)) -> - forall int_P_int_M_t_0_4_1:(int_P, - int) memory. - (int_P_int_M_t_0_4_1 = store(int_P_int_M_t_0_4_0, shift(t_0, j_0), tmp)) -> - ("JC_15": - ("JC_13": - ("JC_13": Swap(t_0, i_0, j_0, int_P_int_M_t_0_4_1, int_P_int_M_t_0_4)))) - -goal swap_ensures_default_po_2: - forall t_0:int_P pointer. - forall i_0:int. - forall j_0:int. - forall int_P_t_0_4_alloc_table:int_P alloc_table. - forall int_P_int_M_t_0_4:(int_P, - int) memory. - ("JC_11": - (("JC_7": (offset_min(int_P_t_0_4_alloc_table, t_0) <= i_0)) and - (("JC_8": (offset_max(int_P_t_0_4_alloc_table, t_0) >= i_0)) and - (("JC_9": (offset_min(int_P_t_0_4_alloc_table, t_0) <= j_0)) and - ("JC_10": (offset_max(int_P_t_0_4_alloc_table, t_0) >= j_0)))))) -> - forall result:int. - (result = select(int_P_int_M_t_0_4, shift(t_0, i_0))) -> - forall tmp:int. - (tmp = result) -> - forall result0:int. - (result0 = select(int_P_int_M_t_0_4, shift(t_0, j_0))) -> - forall int_P_int_M_t_0_4_0:(int_P, - int) memory. - (int_P_int_M_t_0_4_0 = store(int_P_int_M_t_0_4, shift(t_0, i_0), - result0)) -> - forall int_P_int_M_t_0_4_1:(int_P, - int) memory. - (int_P_int_M_t_0_4_1 = store(int_P_int_M_t_0_4_0, shift(t_0, j_0), tmp)) -> - ("JC_15": - ("JC_14": - ("JC_14": not_assigns(int_P_t_0_4_alloc_table, int_P_int_M_t_0_4, - int_P_int_M_t_0_4_1, pset_union(pset_range(pset_singleton(t_0), j_0, j_0), - pset_range(pset_singleton(t_0), i_0, i_0)))))) - -goal swap_safety_po_1: - forall t_0:int_P pointer. - forall i_0:int. - forall j_0:int. - forall int_P_t_0_4_alloc_table:int_P alloc_table. - ("JC_11": - (("JC_7": (offset_min(int_P_t_0_4_alloc_table, t_0) <= i_0)) and - (("JC_8": (offset_max(int_P_t_0_4_alloc_table, t_0) >= i_0)) and - (("JC_9": (offset_min(int_P_t_0_4_alloc_table, t_0) <= j_0)) and - ("JC_10": (offset_max(int_P_t_0_4_alloc_table, t_0) >= j_0)))))) -> - (i_0 <= offset_max(int_P_t_0_4_alloc_table, t_0)) - -goal swap_safety_po_2: - forall t_0:int_P pointer. - forall i_0:int. - forall j_0:int. - forall int_P_t_0_4_alloc_table:int_P alloc_table. - forall int_P_int_M_t_0_4:(int_P, - int) memory. - ("JC_11": - (("JC_7": (offset_min(int_P_t_0_4_alloc_table, t_0) <= i_0)) and - (("JC_8": (offset_max(int_P_t_0_4_alloc_table, t_0) >= i_0)) and - (("JC_9": (offset_min(int_P_t_0_4_alloc_table, t_0) <= j_0)) and - ("JC_10": (offset_max(int_P_t_0_4_alloc_table, t_0) >= j_0)))))) -> - ((offset_min(int_P_t_0_4_alloc_table, t_0) <= i_0) and - (i_0 <= offset_max(int_P_t_0_4_alloc_table, t_0))) -> - forall result:int. - (result = select(int_P_int_M_t_0_4, shift(t_0, i_0))) -> - forall tmp:int. - (tmp = result) -> - (offset_min(int_P_t_0_4_alloc_table, t_0) <= j_0) - -goal swap_safety_po_3: - forall t_0:int_P pointer. - forall i_0:int. - forall j_0:int. - forall int_P_t_0_4_alloc_table:int_P alloc_table. - forall int_P_int_M_t_0_4:(int_P, - int) memory. - ("JC_11": - (("JC_7": (offset_min(int_P_t_0_4_alloc_table, t_0) <= i_0)) and - (("JC_8": (offset_max(int_P_t_0_4_alloc_table, t_0) >= i_0)) and - (("JC_9": (offset_min(int_P_t_0_4_alloc_table, t_0) <= j_0)) and - ("JC_10": (offset_max(int_P_t_0_4_alloc_table, t_0) >= j_0)))))) -> - ((offset_min(int_P_t_0_4_alloc_table, t_0) <= i_0) and - (i_0 <= offset_max(int_P_t_0_4_alloc_table, t_0))) -> - forall result:int. - (result = select(int_P_int_M_t_0_4, shift(t_0, i_0))) -> - forall tmp:int. - (tmp = result) -> - (j_0 <= offset_max(int_P_t_0_4_alloc_table, t_0)) - -========== running alt-ergo ========== -Running Alt-Ergo on proof obligations -(. = valid * = invalid ? = unknown # = timeout ! = failure) -why/minimum_sort_why.why : .........................................#... (44/0/0/1/0) -total : 45 -valid : 44 ( 98%) -invalid : 0 ( 0%) -unknown : 0 ( 0%) -timeout : 1 ( 2%) -failure : 0 ( 0%) -// RUNSIMPLIFY: will ask regtests to run Simplify on this program -========== generation of Simplify VC output ========== -why -simplify [...] why/minimum_sort.why -========== file tests/c/minimum_sort.jessie/simplify/minimum_sort_why.sx ========== - -;; DO NOT EDIT BELOW THIS LINE - -(BG_PUSH (NEQ |@true| |@false|)) - -(DEFPRED (zwf_zero a b) (AND (<= 0 b) (< a b))) - -(BG_PUSH - ;; Why axiom bool_and_def - (FORALL (a b) - (IFF (EQ (bool_and a b) |@true|) (AND (EQ a |@true|) (EQ b |@true|))))) - -(BG_PUSH - ;; Why axiom bool_or_def - (FORALL (a b) - (IFF (EQ (bool_or a b) |@true|) (OR (EQ a |@true|) (EQ b |@true|))))) - -(BG_PUSH - ;; Why axiom bool_xor_def - (FORALL (a b) (IFF (EQ (bool_xor a b) |@true|) (NEQ a b)))) - -(BG_PUSH - ;; Why axiom bool_not_def - (FORALL (a) (IFF (EQ (bool_not a) |@true|) (EQ a |@false|)))) - -(BG_PUSH - ;; Why axiom ite_true - (FORALL (x y) (EQ (ite |@true| x y) x))) - -(BG_PUSH - ;; Why axiom ite_false - (FORALL (x y) (EQ (ite |@false| x y) y))) - -(BG_PUSH - ;; Why axiom lt_int_bool_axiom - (FORALL (x y) (IFF (EQ (lt_int_bool x y) |@true|) (< x y)))) - -(BG_PUSH - ;; Why axiom le_int_bool_axiom - (FORALL (x y) (IFF (EQ (le_int_bool x y) |@true|) (<= x y)))) - -(BG_PUSH - ;; Why axiom gt_int_bool_axiom - (FORALL (x y) (IFF (EQ (gt_int_bool x y) |@true|) (> x y)))) - -(BG_PUSH - ;; Why axiom ge_int_bool_axiom - (FORALL (x y) (IFF (EQ (ge_int_bool x y) |@true|) (>= x y)))) - -(BG_PUSH - ;; Why axiom eq_int_bool_axiom - (FORALL (x y) (IFF (EQ (eq_int_bool x y) |@true|) (EQ x y)))) - -(BG_PUSH - ;; Why axiom neq_int_bool_axiom - (FORALL (x y) (IFF (EQ (neq_int_bool x y) |@true|) (NEQ x y)))) - -(BG_PUSH - ;; Why axiom abs_int_pos - (FORALL (x) (IMPLIES (>= x 0) (EQ (abs_int x) x)))) - -(BG_PUSH - ;; Why axiom abs_int_neg - (FORALL (x) (IMPLIES (<= x 0) (EQ (abs_int x) (- 0 x))))) - -(BG_PUSH - ;; Why axiom int_max_is_ge - (FORALL (x y) (AND (>= (int_max x y) x) (>= (int_max x y) y)))) - -(BG_PUSH - ;; Why axiom int_max_is_some - (FORALL (x y) (OR (EQ (int_max x y) x) (EQ (int_max x y) y)))) - -(BG_PUSH - ;; Why axiom int_min_is_le - (FORALL (x y) (AND (<= (int_min x y) x) (<= (int_min x y) y)))) - -(BG_PUSH - ;; Why axiom int_min_is_some - (FORALL (x y) (OR (EQ (int_min x y) x) (EQ (int_min x y) y)))) - -(BG_PUSH - ;; Why axiom real_of_int_zero - (EQ (real_of_int 0) real_constant_0_0e)) - -(BG_PUSH - ;; Why axiom real_of_int_one - (EQ (real_of_int 1) real_constant_1_0e)) - -(BG_PUSH - ;; Why axiom real_of_int_add - (FORALL (x y) - (EQ (real_of_int (+ x y)) (real_add (real_of_int x) (real_of_int y))))) - -(BG_PUSH - ;; Why axiom real_of_int_sub - (FORALL (x y) - (EQ (real_of_int (- x y)) (real_sub (real_of_int x) (real_of_int y))))) - -(BG_PUSH - ;; Why axiom truncate_down_pos - (FORALL (x) - (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) - (AND (EQ (le_real (real_of_int (truncate_real_to_int x)) x) |@true|) - (EQ (lt_real x (real_of_int (+ (truncate_real_to_int x) 1))) |@true|))))) - -(BG_PUSH - ;; Why axiom truncate_up_neg - (FORALL (x) - (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) - (AND (EQ (lt_real (real_of_int (- (truncate_real_to_int x) 1)) x) |@true|) - (EQ (le_real x (real_of_int (truncate_real_to_int x))) |@true|))))) - -(BG_PUSH - ;; Why axiom lt_real_bool_axiom - (FORALL (x y) - (IFF (EQ (lt_real_bool x y) |@true|) (EQ (lt_real x y) |@true|)))) - -(BG_PUSH - ;; Why axiom le_real_bool_axiom - (FORALL (x y) - (IFF (EQ (le_real_bool x y) |@true|) (EQ (le_real x y) |@true|)))) - -(BG_PUSH - ;; Why axiom gt_real_bool_axiom - (FORALL (x y) - (IFF (EQ (gt_real_bool x y) |@true|) (EQ (gt_real x y) |@true|)))) - -(BG_PUSH - ;; Why axiom ge_real_bool_axiom - (FORALL (x y) - (IFF (EQ (ge_real_bool x y) |@true|) (EQ (ge_real x y) |@true|)))) - -(BG_PUSH - ;; Why axiom eq_real_bool_axiom - (FORALL (x y) (IFF (EQ (eq_real_bool x y) |@true|) (EQ x y)))) - -(BG_PUSH - ;; Why axiom neq_real_bool_axiom - (FORALL (x y) (IFF (EQ (neq_real_bool x y) |@true|) (NEQ x y)))) - -(BG_PUSH - ;; Why axiom real_max_is_ge - (FORALL (x y) - (AND (EQ (ge_real (real_max x y) x) |@true|) - (EQ (ge_real (real_max x y) y) |@true|)))) - -(BG_PUSH - ;; Why axiom real_max_is_some - (FORALL (x y) (OR (EQ (real_max x y) x) (EQ (real_max x y) y)))) - -(BG_PUSH - ;; Why axiom real_min_is_le - (FORALL (x y) - (AND (EQ (le_real (real_min x y) x) |@true|) - (EQ (le_real (real_min x y) y) |@true|)))) - -(BG_PUSH - ;; Why axiom real_min_is_some - (FORALL (x y) (OR (EQ (real_min x y) x) (EQ (real_min x y) y)))) - -(BG_PUSH - ;; Why axiom sqr_real_def - (FORALL (x) (EQ (sqr_real x) (real_mul x x)))) - -(BG_PUSH - ;; Why axiom sqrt_pos - (FORALL (x) - (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) - (EQ (ge_real (real_sqrt x) real_constant_0_0e) |@true|)))) - -(BG_PUSH - ;; Why axiom sqrt_sqr - (FORALL (x) - (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) - (EQ (sqr_real (real_sqrt x)) x)))) - -(BG_PUSH - ;; Why axiom sqr_sqrt - (FORALL (x) - (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) - (EQ (real_sqrt (real_mul x x)) x)))) - -(BG_PUSH - ;; Why axiom abs_real_pos - (FORALL (x) - (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) (EQ (real_abs x) x)))) - -(BG_PUSH - ;; Why axiom abs_real_neg - (FORALL (x) - (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) - (EQ (real_abs x) (real_neg x))))) - -(BG_PUSH - ;; Why axiom log_exp - (FORALL (x) (EQ (log (exp x)) x))) - -(BG_PUSH - ;; Why axiom exp_log - (FORALL (x) - (IMPLIES (EQ (gt_real x real_constant_0_0e) |@true|) (EQ (exp (log x)) x)))) - -(BG_PUSH - ;; Why axiom prod_pos - (FORALL (x y) - (AND - (IMPLIES - (AND (EQ (gt_real x real_constant_0_0e) |@true|) - (EQ (gt_real y real_constant_0_0e) |@true|)) - (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|)) - (IMPLIES - (AND (EQ (lt_real x real_constant_0_0e) |@true|) - (EQ (lt_real y real_constant_0_0e) |@true|)) - (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|))))) - -(BG_PUSH - ;; Why axiom abs_minus - (FORALL (x) (EQ (real_abs (real_neg x)) (real_abs x)))) - -(BG_PUSH - ;; Why axiom math_div_mod - (FORALL (x y) - (IMPLIES (NEQ y 0) (EQ x (+ (* y (math_div x y)) (math_mod x y))))) - - (FORALL (y) - (IMPLIES (NEQ y 0) - (FORALL (x) (EQ x (+ (* y (math_div x y)) (math_mod x y))))))) - -(BG_PUSH - ;; Why axiom math_mod_bound - (FORALL (x y) - (IMPLIES (NEQ y 0) - (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))) - - (FORALL (y) - (IMPLIES (NEQ y 0) - (FORALL (x) (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))))) - -(BG_PUSH - ;; Why axiom computer_div_mod - (FORALL (x y) - (IMPLIES (NEQ y 0) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))) - - (FORALL (y) - (IMPLIES (NEQ y 0) - (FORALL (x) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))))) - -(BG_PUSH - ;; Why axiom computer_div_bound - (FORALL (x y) - (IMPLIES (AND (>= x 0) (> y 0)) - (AND (<= 0 (computer_div x y)) (<= (computer_div x y) x))))) - -(BG_PUSH - ;; Why axiom computer_mod_bound - (FORALL (x y) - (IMPLIES (NEQ y 0) (< (abs_int (computer_mod x y)) (abs_int y)))) - - (FORALL (y) - (IMPLIES (NEQ y 0) - (FORALL (x) (< (abs_int (computer_mod x y)) (abs_int y)))))) - -(BG_PUSH - ;; Why axiom computer_mod_sign_pos - (FORALL (x y) (IMPLIES (AND (>= x 0) (NEQ y 0)) (>= (computer_mod x y) 0)))) - -(BG_PUSH - ;; Why axiom computer_mod_sign_neg - (FORALL (x y) (IMPLIES (AND (<= x 0) (NEQ y 0)) (<= (computer_mod x y) 0)))) - -(BG_PUSH - ;; Why axiom computer_rounds_toward_zero - (FORALL (x y) - (IMPLIES (NEQ y 0) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))) - - (FORALL (y) - (IMPLIES (NEQ y 0) - (FORALL (x) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))))) - -(DEFPRED (valid a p) (AND (<= (offset_min a p) 0) (>= (offset_max a p) 0))) - -(DEFPRED (same_block p q) (EQ (base_block p) (base_block q))) - -(BG_PUSH - ;; Why axiom address_injective - (FORALL (p q) (IFF (EQ p q) (EQ (address p) (address q))))) - -(BG_PUSH - ;; Why axiom address_null - (EQ (address null) 0)) - -(BG_PUSH - ;; Why axiom address_shift_lt - (FORALL (p i j) - (IFF (< (address (shift p i)) (address (shift p j))) (< i j)))) - -(BG_PUSH - ;; Why axiom address_shift_le - (FORALL (p i j) - (IFF (<= (address (shift p i)) (address (shift p j))) (<= i j)))) - -(BG_PUSH - ;; Why axiom shift_zero - (FORALL (p) (EQ (shift p 0) p))) - -(BG_PUSH - ;; Why axiom shift_shift - (FORALL (p i j) (EQ (shift (shift p i) j) (shift p (+ i j))))) - -(BG_PUSH - ;; Why axiom offset_max_shift - (FORALL (a p i) (EQ (offset_max a (shift p i)) (- (offset_max a p) i)))) - -(BG_PUSH - ;; Why axiom offset_min_shift - (FORALL (a p i) (EQ (offset_min a (shift p i)) (- (offset_min a p) i)))) - -(BG_PUSH - ;; Why axiom neq_shift - (FORALL (p i j) (IMPLIES (NEQ i j) (NEQ (shift p i) (shift p j)))) - - (FORALL (i j) - (IMPLIES (NEQ i j) (FORALL (p) (NEQ (shift p i) (shift p j)))))) - -(BG_PUSH - ;; Why axiom null_not_valid - (FORALL (a) (NOT (valid a null)))) - -(BG_PUSH - ;; Why axiom null_pointer - (FORALL (a) - (AND (>= (offset_min a null) 0) (<= (offset_max a null) (- 0 2))))) - -(BG_PUSH - ;; Why axiom eq_pointer_bool_def - (FORALL (p1 p2) (IFF (EQ (eq_pointer_bool p1 p2) |@true|) (EQ p1 p2)))) - -(BG_PUSH - ;; Why axiom neq_pointer_bool_def - (FORALL (p1 p2) (IFF (EQ (neq_pointer_bool p1 p2) |@true|) (NEQ p1 p2)))) - -(BG_PUSH - ;; Why axiom same_block_shift_right - (FORALL (p q i) (IMPLIES (same_block p q) (same_block p (shift q i)))) - - (FORALL (p q) - (IMPLIES (same_block p q) (FORALL (i) (same_block p (shift q i)))))) - -(BG_PUSH - ;; Why axiom same_block_shift_left - (FORALL (p q i) (IMPLIES (same_block q p) (same_block (shift q i) p))) - - (FORALL (p q) - (IMPLIES (same_block q p) (FORALL (i) (same_block (shift q i) p))))) - -(BG_PUSH - ;; Why axiom sub_pointer_shift - (FORALL (p q) (IMPLIES (same_block p q) (EQ p (shift q (sub_pointer p q)))))) - -(BG_PUSH - ;; Why axiom sub_pointer_self - (FORALL (p) (EQ (sub_pointer p p) 0))) - -(BG_PUSH - ;; Why axiom sub_pointer_zero - (FORALL (p q) - (IMPLIES (same_block p q) (IMPLIES (EQ (sub_pointer p q) 0) (EQ p q))))) - -(BG_PUSH - ;; Why axiom sub_pointer_shift_left - (FORALL (p q i) (EQ (sub_pointer (shift p i) q) (+ (sub_pointer p q) i)))) - -(BG_PUSH - ;; Why axiom sub_pointer_shift_right - (FORALL (p q i) (EQ (sub_pointer p (shift q i)) (- (sub_pointer p q) i)))) - -(BG_PUSH - ;; Why axiom select_store_eq - (FORALL (m p1 p2 a) - (IMPLIES (EQ p1 p2) (EQ (select (|why__store| m p1 a) p2) a))) - - (FORALL (p1 p2) - (IMPLIES (EQ p1 p2) (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) a))))) - -(BG_PUSH - ;; Why axiom select_store_neq - (FORALL (m p1 p2 a) - (IMPLIES (NEQ p1 p2) (EQ (select (|why__store| m p1 a) p2) (select m p2)))) - - (FORALL (p1 p2) - (IMPLIES (NEQ p1 p2) - (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) (select m p2)))))) - -(DEFPRED (pset_disjoint ps1 ps2) - (FORALL (p) - (NOT (AND (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|))))) - -(DEFPRED (pset_included ps1 ps2) - (FORALL (p) - (IMPLIES (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|)))) - -(BG_PUSH - ;; Why axiom pset_included_self - (FORALL (ps) (pset_included ps ps))) - -(BG_PUSH - ;; Why axiom pset_included_range - (FORALL (ps a b c d) - (IMPLIES (AND (<= c a) (<= b d)) - (pset_included (pset_range ps a b) (pset_range ps c d)))) - - (FORALL (a b c d) - (IMPLIES (AND (<= c a) (<= b d)) - (FORALL (ps) (pset_included (pset_range ps a b) (pset_range ps c d)))))) - -(BG_PUSH - ;; Why axiom pset_included_range_all - (FORALL (ps a b c d) (pset_included (pset_range ps a b) (pset_all ps)))) - -(BG_PUSH - ;; Why axiom in_pset_empty - (FORALL (p) (NOT (EQ (in_pset p pset_empty) |@true|)))) - -(BG_PUSH - ;; Why axiom in_pset_singleton - (FORALL (p q) (IFF (EQ (in_pset p (pset_singleton q)) |@true|) (EQ p q)))) - -(BG_PUSH - ;; Why axiom in_pset_deref - (FORALL (p m q) - (IFF (EQ (in_pset p (pset_deref m q)) |@true|) - (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))))))) - -(BG_PUSH - ;; Why axiom in_pset_all - (FORALL (p q) - (IFF (EQ (in_pset p (pset_all q)) |@true|) - (EXISTS (i) - (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))) - -(BG_PUSH - ;; Why axiom in_pset_range - (FORALL (p q a b) - (IFF (EQ (in_pset p (pset_range q a b)) |@true|) - (EXISTS (i) - (EXISTS (r) - (AND (<= a i) - (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))))) - -(BG_PUSH - ;; Why axiom in_pset_range_left - (FORALL (p q b) - (IFF (EQ (in_pset p (pset_range_left q b)) |@true|) - (EXISTS (i) - (EXISTS (r) - (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) - -(BG_PUSH - ;; Why axiom in_pset_range_right - (FORALL (p q a) - (IFF (EQ (in_pset p (pset_range_right q a)) |@true|) - (EXISTS (i) - (EXISTS (r) - (AND (<= a i) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) - -(BG_PUSH - ;; Why axiom in_pset_union - (FORALL (p s1 s2) - (IFF (EQ (in_pset p (pset_union s1 s2)) |@true|) - (OR (EQ (in_pset p s1) |@true|) (EQ (in_pset p s2) |@true|))))) - -(BG_PUSH - ;; Why axiom valid_pset_empty - (FORALL (a) (EQ (valid_pset a pset_empty) |@true|))) - -(BG_PUSH - ;; Why axiom valid_pset_singleton - (FORALL (a p) - (IFF (EQ (valid_pset a (pset_singleton p)) |@true|) (valid a p)))) - -(BG_PUSH - ;; Why axiom valid_pset_deref - (FORALL (a m q) - (IFF (EQ (valid_pset a (pset_deref m q)) |@true|) - (FORALL (r p) - (IMPLIES (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))) (valid a p)))))) - -(BG_PUSH - ;; Why axiom valid_pset_range - (FORALL (a q c d) - (IFF (EQ (valid_pset a (pset_range q c d)) |@true|) - (FORALL (i r) - (IMPLIES (AND (EQ (in_pset r q) |@true|) (AND (<= c i) (<= i d))) - (valid a (shift r i))))))) - -(BG_PUSH - ;; Why axiom valid_pset_union - (FORALL (a s1 s2) - (IFF (EQ (valid_pset a (pset_union s1 s2)) |@true|) - (AND (EQ (valid_pset a s1) |@true|) (EQ (valid_pset a s2) |@true|))))) - -(DEFPRED (not_assigns a m1 m2 l) - (FORALL (p) - (IMPLIES (AND (valid a p) (NOT (EQ (in_pset p l) |@true|))) - (EQ (select m2 p) (select m1 p))))) - -(BG_PUSH - ;; Why axiom not_assigns_refl - (FORALL (a m l) (not_assigns a m m l))) - -(BG_PUSH - ;; Why axiom not_assigns_trans - (FORALL (a m1 m2 m3 l) - (IMPLIES (not_assigns a m1 m2 l) - (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))) - - (FORALL (a m1 m2 l) - (IMPLIES (not_assigns a m1 m2 l) - (FORALL (m3) (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))))) - -(BG_PUSH - ;; Why axiom full_separated_shift1 - (FORALL (p q i) - (IMPLIES (EQ (full_separated p q) |@true|) - (EQ (full_separated p (shift q i)) |@true|))) - - (FORALL (p q) - (IMPLIES (EQ (full_separated p q) |@true|) - (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) - -(BG_PUSH - ;; Why axiom full_separated_shift2 - (FORALL (p q i) - (IMPLIES (EQ (full_separated p q) |@true|) - (EQ (full_separated (shift q i) p) |@true|))) - - (FORALL (p q) - (IMPLIES (EQ (full_separated p q) |@true|) - (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) - -(BG_PUSH - ;; Why axiom full_separated_shift3 - (FORALL (p q i) - (IMPLIES (EQ (full_separated q p) |@true|) - (EQ (full_separated (shift q i) p) |@true|))) - - (FORALL (p q) - (IMPLIES (EQ (full_separated q p) |@true|) - (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) - -(BG_PUSH - ;; Why axiom full_separated_shift4 - (FORALL (p q i) - (IMPLIES (EQ (full_separated q p) |@true|) - (EQ (full_separated p (shift q i)) |@true|))) - - (FORALL (p q) - (IMPLIES (EQ (full_separated q p) |@true|) - (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) - -(BG_PUSH - ;; Why axiom subtag_bool_def - (FORALL (t1 t2) - (IFF (EQ (subtag_bool t1 t2) |@true|) (EQ (subtag t1 t2) |@true|)))) - -(BG_PUSH - ;; Why axiom subtag_refl - (FORALL (t) (EQ (subtag t t) |@true|))) - -(BG_PUSH - ;; Why axiom subtag_parent - (FORALL (t1 t2 t3) - (IMPLIES (EQ (subtag t1 t2) |@true|) - (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))) - - (FORALL (t1 t2) - (IMPLIES (EQ (subtag t1 t2) |@true|) - (FORALL (t3) - (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))))) - -(DEFPRED (instanceof a p t) (EQ (subtag (typeof a p) t) |@true|)) - -(BG_PUSH - ;; Why axiom downcast_instanceof - (FORALL (a p s) (IMPLIES (instanceof a p s) (EQ (downcast a p s) p)))) - -(BG_PUSH - ;; Why axiom bottom_tag_axiom - (FORALL (t) (EQ (subtag t bottom_tag) |@true|))) - -(DEFPRED (root_tag t) (EQ (parenttag t bottom_tag) |@true|)) - -(BG_PUSH - ;; Why axiom root_subtag - (FORALL (a b c) - (IMPLIES (root_tag a) - (IMPLIES (root_tag b) - (IMPLIES (NEQ a b) - (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|))))))) - - (FORALL (a) - (IMPLIES (root_tag a) - (FORALL (b) - (IMPLIES (root_tag b) - (IMPLIES (NEQ a b) - (FORALL (c) - (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|)))))))))) - -(DEFPRED (fully_packed tag_table mutable this) - (EQ (select mutable this) (typeof tag_table this))) - -(BG_PUSH - ;; Why axiom bw_and_not_null - (FORALL (a b) (IMPLIES (NEQ (bw_and a b) 0) (AND (NEQ a 0) (NEQ b 0))))) - -(BG_PUSH - ;; Why axiom lsl_left_positive_returns_positive - (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsl a b))))) - -(BG_PUSH - ;; Why axiom lsl_left_positive_monotone - (FORALL (a1 a2 b) - (IMPLIES (AND (<= 0 a1) (AND (<= a1 a2) (<= 0 b))) - (<= (lsl a1 b) (lsl a2 b))))) - -(BG_PUSH - ;; Why axiom lsr_left_positive_returns_positive - (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsr a b))))) - -(BG_PUSH - ;; Why axiom lsr_left_positive_decreases - (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsr a b) a)))) - -(BG_PUSH - ;; Why axiom asr_positive_on_positive - (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (asr a b))))) - -(BG_PUSH - ;; Why axiom asr_decreases_on_positive - (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (asr a b) a)))) - -(BG_PUSH - ;; Why axiom asr_lsr_same_on_positive - (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (asr a b) (lsr a b))))) - -(BG_PUSH - ;; Why axiom lsl_of_lsr_decreases_on_positive - (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsl (lsr a b) b) a)))) - -(BG_PUSH - ;; Why axiom lsr_of_lsl_identity_on_positive - (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (lsr (lsl a b) b) a)))) - -(DEFPRED (alloc_fresh a p n) - (FORALL (i) (IMPLIES (AND (<= 0 i) (< i n)) (NOT (valid a (shift p i)))))) - -(BG_PUSH - ;; Why axiom alloc_extends_offset_min - (FORALL (a1 a2) - (IMPLIES (EQ (alloc_extends a1 a2) |@true|) - (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_min a1 p) (offset_min a2 p))))))) - -(BG_PUSH - ;; Why axiom alloc_extends_offset_max - (FORALL (a1 a2) - (IMPLIES (EQ (alloc_extends a1 a2) |@true|) - (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_max a1 p) (offset_max a2 p))))))) - -(BG_PUSH - ;; Why axiom alloc_extends_not_assigns_empty - (FORALL (a1 a2 m1 m2 l p n) - (IMPLIES - (AND (EQ (alloc_extends a1 a2) |@true|) - (AND (alloc_fresh a1 p n) - (AND (not_assigns a2 m1 m2 l) - (pset_included l (pset_all (pset_singleton p)))))) - (not_assigns a1 m1 m2 pset_empty)))) - -(BG_PUSH - ;; Why axiom alloc_extends_except_offset_min - (FORALL (a1 a2 l) - (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) - (FORALL (p) - (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) - (EQ (offset_min a1 p) (offset_min a2 p))))))) - -(BG_PUSH - ;; Why axiom alloc_extends_except_offset_max - (FORALL (a1 a2 l) - (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) - (FORALL (p) - (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) - (EQ (offset_max a1 p) (offset_max a2 p))))))) - -(BG_PUSH - ;; Why axiom disj_sym - (FORALL (s1 s2) - (IMPLIES (EQ (disj_mybag s1 s2) |@true|) (EQ (disj_mybag s2 s1) |@true|)))) - -(BG_PUSH - ;; Why axiom sub_refl - (FORALL (sa) (EQ (sub_mybag sa sa) |@true|))) - -(BG_PUSH - ;; Why axiom sub_disj - (FORALL (s1 s2 s3) - (IMPLIES (EQ (disj_mybag s1 s2) |@true|) - (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))) - - (FORALL (s1 s2) - (IMPLIES (EQ (disj_mybag s1 s2) |@true|) - (FORALL (s3) - (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))))) - -(BG_PUSH - ;; Why axiom sub_in - (FORALL (s1 s2 p) - (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) - (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))) - - (FORALL (s2 p) - (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) - (FORALL (s1) - (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))))) - -(BG_PUSH - ;; Why axiom frame_between_refl - (FORALL (sa m) (EQ (frame_between sa m m) |@true|))) - -(BG_PUSH - ;; Why axiom frame_between_gen - (FORALL (sa m1 m2 p v) - (IMPLIES (EQ (frame_between sa m1 m2) |@true|) - (IMPLIES (EQ (in_mybag p sa) |@true|) - (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|)))) - - (FORALL (sa m1 m2) - (IMPLIES (EQ (frame_between sa m1 m2) |@true|) - (FORALL (p) - (IMPLIES (EQ (in_mybag p sa) |@true|) - (FORALL (v) (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|))))))) - -(BG_PUSH - ;; Why axiom frame_between_gen2 - (FORALL (sa m1 m2 m3) - (IMPLIES (EQ (frame_between sa m1 m2) |@true|) - (IMPLIES (EQ (frame_between sa m2 m3) |@true|) - (EQ (frame_between sa m1 m3) |@true|)))) - - (FORALL (sa m1 m2) - (IMPLIES (EQ (frame_between sa m1 m2) |@true|) - (FORALL (m3) - (IMPLIES (EQ (frame_between sa m2 m3) |@true|) - (EQ (frame_between sa m1 m3) |@true|)))))) - -(BG_PUSH - ;; Why axiom frame_between_gen_sub1 - (FORALL (s12 s23 s13 m1 m2 m3) - (IMPLIES (EQ (sub_mybag s12 s13) |@true|) - (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) - (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) - (EQ (frame_between s13 m1 m3) |@true|))))) - - (FORALL (s12 s13) - (IMPLIES (EQ (sub_mybag s12 s13) |@true|) - (FORALL (m2 m1) - (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) - (FORALL (s23 m3) - (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) - (EQ (frame_between s13 m1 m3) |@true|)))))))) - -(BG_PUSH - ;; Why axiom frame_between_gen_sub2 - (FORALL (s12 s23 s13 m1 m2 m3) - (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) - (IMPLIES (EQ (sub_mybag s23 s13) |@true|) - (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) - (EQ (frame_between s13 m1 m3) |@true|))))) - - (FORALL (s12 m1 m2) - (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) - (FORALL (s13 s23) - (IMPLIES (EQ (sub_mybag s23 s13) |@true|) - (FORALL (m3) - (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) - (EQ (frame_between s13 m1 m3) |@true|)))))))) - -(BG_PUSH - ;; Why axiom frame_between_pointer - (FORALL (sa m1 m2 p v) - (IMPLIES (EQ (frame_between sa m1 m2) |@true|) - (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) - (EQ (select m1 p) (select m2 p))))) - - (FORALL (sa m1 m2) - (IMPLIES (EQ (frame_between sa m1 m2) |@true|) - (FORALL (p) - (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) - (FORALL (v) (EQ (select m1 p) (select m2 p)))))))) - -(BG_PUSH - ;; Why axiom frame_between_sub - (FORALL (sa sb m1 m2) - (IMPLIES (EQ (frame_between sa m1 m2) |@true|) - (IMPLIES (EQ (sub_mybag sa sb) |@true|) - (EQ (frame_between sb m1 m2) |@true|)))) - - (FORALL (sa m1 m2) - (IMPLIES (EQ (frame_between sa m1 m2) |@true|) - (FORALL (sb) - (IMPLIES (EQ (sub_mybag sa sb) |@true|) - (EQ (frame_between sb m1 m2) |@true|)))))) - -(DEFPRED (Swap a i j int_P_int_M_a_1_at_L2 int_P_int_M_a_1_at_L1) - (AND - (EQ (select int_P_int_M_a_1_at_L1 (shift a i)) - (select int_P_int_M_a_1_at_L2 (shift a j))) - (AND - (EQ (select int_P_int_M_a_1_at_L1 (shift a j)) - (select int_P_int_M_a_1_at_L2 (shift a i))) - (FORALL (k) - (IMPLIES (AND (NEQ k i) (NEQ k j)) - (EQ (select int_P_int_M_a_1_at_L1 (shift a k)) - (select int_P_int_M_a_1_at_L2 (shift a k)))))))) - -(BG_PUSH - ;; Why axiom Permut_inversion - (FORALL (aux_1 aux_2 aux_3 aux_4 aux_5) - (IMPLIES (EQ (Permut aux_1 aux_2 aux_3 aux_4 aux_5) |@true|) - (OR - (EXISTS (int_P_int_M_a_0_2_at_L) - (EXISTS (a_1) - (EXISTS (l_0) - (EXISTS (h_0) - (AND (EQ aux_1 a_1) - (AND (EQ aux_2 l_0) - (AND (EQ aux_3 h_0) - (AND (EQ aux_4 int_P_int_M_a_0_2_at_L) (EQ aux_5 int_P_int_M_a_0_2_at_L))))))))) - (OR - (EXISTS (int_P_int_M_a_0_2_at_L2) - (EXISTS (int_P_int_M_a_0_2_at_L1) - (EXISTS (a_2) - (EXISTS (l_1) - (EXISTS (h_1) - (AND - (EQ (Permut - a_2 l_1 h_1 int_P_int_M_a_0_2_at_L2 int_P_int_M_a_0_2_at_L1) |@true|) - (AND (EQ aux_1 a_2) - (AND (EQ aux_2 l_1) - (AND (EQ aux_3 h_1) - (AND (EQ aux_4 int_P_int_M_a_0_2_at_L1) (EQ aux_5 int_P_int_M_a_0_2_at_L2))))))))))) - (OR - (EXISTS (int_P_int_M_a_0_2_at_L3) - (EXISTS (int_P_int_M_a_0_2_at_L2) - (EXISTS (int_P_int_M_a_0_2_at_L1) - (EXISTS (a_3) - (EXISTS (l_2) - (EXISTS (h_2) - (AND - (AND - (EQ (Permut - a_3 l_2 h_2 int_P_int_M_a_0_2_at_L2 int_P_int_M_a_0_2_at_L1) |@true|) - (EQ (Permut - a_3 l_2 h_2 int_P_int_M_a_0_2_at_L3 int_P_int_M_a_0_2_at_L2) |@true|)) - (AND (EQ aux_1 a_3) - (AND (EQ aux_2 l_2) - (AND (EQ aux_3 h_2) - (AND (EQ aux_4 int_P_int_M_a_0_2_at_L3) (EQ aux_5 int_P_int_M_a_0_2_at_L1)))))))))))) - (EXISTS (int_P_int_M_a_0_2_at_L2) - (EXISTS (int_P_int_M_a_0_2_at_L1) - (EXISTS (a_4) - (EXISTS (l_3) - (EXISTS (h_3) - (EXISTS (i_0_0) - (EXISTS (j_0_0) - (AND - (AND (<= l_3 i_0_0) - (AND (<= i_0_0 h_3) - (AND (<= l_3 j_0_0) - (AND (<= j_0_0 h_3) - (Swap a_4 i_0_0 j_0_0 int_P_int_M_a_0_2_at_L2 int_P_int_M_a_0_2_at_L1))))) - (AND (EQ aux_1 a_4) - (AND (EQ aux_2 l_3) - (AND (EQ aux_3 h_3) - (AND (EQ aux_4 int_P_int_M_a_0_2_at_L2) (EQ aux_5 int_P_int_M_a_0_2_at_L1))))))))))))))))))) - -(BG_PUSH - ;; Why axiom Permut_refl - (FORALL (int_P_int_M_a_0_2_at_L a_1 l_0 h_0) - (EQ (Permut - a_1 l_0 h_0 int_P_int_M_a_0_2_at_L int_P_int_M_a_0_2_at_L) |@true|))) - -(BG_PUSH - ;; Why axiom Permut_sym - (FORALL (int_P_int_M_a_0_2_at_L2 int_P_int_M_a_0_2_at_L1 a_2 l_1 h_1) - (IMPLIES - (EQ (Permut - a_2 l_1 h_1 int_P_int_M_a_0_2_at_L2 int_P_int_M_a_0_2_at_L1) |@true|) - (EQ (Permut - a_2 l_1 h_1 int_P_int_M_a_0_2_at_L1 int_P_int_M_a_0_2_at_L2) |@true|)))) - -(BG_PUSH - ;; Why axiom Permut_trans - (FORALL (int_P_int_M_a_0_2_at_L3 int_P_int_M_a_0_2_at_L2 int_P_int_M_a_0_2_at_L1 a_3 l_2 h_2) - (IMPLIES - (AND - (EQ (Permut - a_3 l_2 h_2 int_P_int_M_a_0_2_at_L2 int_P_int_M_a_0_2_at_L1) |@true|) - (EQ (Permut - a_3 l_2 h_2 int_P_int_M_a_0_2_at_L3 int_P_int_M_a_0_2_at_L2) |@true|)) - (EQ (Permut - a_3 l_2 h_2 int_P_int_M_a_0_2_at_L3 int_P_int_M_a_0_2_at_L1) |@true|)))) - -(BG_PUSH - ;; Why axiom Permut_swap - (FORALL (int_P_int_M_a_0_2_at_L2 int_P_int_M_a_0_2_at_L1 a_4 l_3 h_3 i_0_0 j_0_0) - (IMPLIES - (AND (<= l_3 i_0_0) - (AND (<= i_0_0 h_3) - (AND (<= l_3 j_0_0) - (AND (<= j_0_0 h_3) - (Swap a_4 i_0_0 j_0_0 int_P_int_M_a_0_2_at_L2 int_P_int_M_a_0_2_at_L1))))) - (EQ (Permut - a_4 l_3 h_3 int_P_int_M_a_0_2_at_L2 int_P_int_M_a_0_2_at_L1) |@true|)))) - -(DEFPRED (Sorted a_5 l_4 h_4 int_P_int_M_a_5_3_at_L) - (FORALL (i_1) - (IMPLIES (AND (<= l_4 i_1) (< i_1 h_4)) - (<= (select int_P_int_M_a_5_3_at_L (shift a_5 i_1)) (select - int_P_int_M_a_5_3_at_L - (shift a_5 (+ i_1 1))))))) - -(BG_PUSH - ;; Why axiom char_P_int - (EQ (int_of_tag char_P_tag) 1)) - -(BG_PUSH - ;; Why axiom char_P_of_pointer_address_of_pointer_addr - (FORALL (p) (EQ p (char_P_of_pointer_address (pointer_address p))))) - -(BG_PUSH - ;; Why axiom char_P_parenttag_bottom - (EQ (parenttag char_P_tag bottom_tag) |@true|)) - -(BG_PUSH - ;; Why axiom char_P_tags - (FORALL (x char_P_tag_table) (instanceof char_P_tag_table x char_P_tag))) - -(BG_PUSH - ;; Why axiom int_P_int - (EQ (int_of_tag int_P_tag) 1)) - -(BG_PUSH - ;; Why axiom int_P_of_pointer_address_of_pointer_addr - (FORALL (p) (EQ p (int_P_of_pointer_address (pointer_address p))))) - -(BG_PUSH - ;; Why axiom int_P_parenttag_bottom - (EQ (parenttag int_P_tag bottom_tag) |@true|)) - -(BG_PUSH - ;; Why axiom int_P_tags - (FORALL (x int_P_tag_table) (instanceof int_P_tag_table x int_P_tag))) - -(DEFPRED (left_valid_struct_char_P p a char_P_alloc_table) - (<= (offset_min char_P_alloc_table p) a)) - -(DEFPRED (left_valid_struct_int_P p a int_P_alloc_table) - (<= (offset_min int_P_alloc_table p) a)) - -(DEFPRED (left_valid_struct_void_P p a void_P_alloc_table) - (<= (offset_min void_P_alloc_table p) a)) - -(BG_PUSH - ;; Why axiom pointer_addr_of_char_P_of_pointer_address - (FORALL (p) (EQ p (pointer_address (char_P_of_pointer_address p))))) - -(BG_PUSH - ;; Why axiom pointer_addr_of_int_P_of_pointer_address - (FORALL (p) (EQ p (pointer_address (int_P_of_pointer_address p))))) - -(BG_PUSH - ;; Why axiom pointer_addr_of_void_P_of_pointer_address - (FORALL (p) (EQ p (pointer_address (void_P_of_pointer_address p))))) - -(DEFPRED (right_valid_struct_char_P p b char_P_alloc_table) - (>= (offset_max char_P_alloc_table p) b)) - -(DEFPRED (right_valid_struct_int_P p b int_P_alloc_table) - (>= (offset_max int_P_alloc_table p) b)) - -(DEFPRED (right_valid_struct_void_P p b void_P_alloc_table) - (>= (offset_max void_P_alloc_table p) b)) - -(DEFPRED (strict_valid_root_char_P p a b char_P_alloc_table) - (AND (EQ (offset_min char_P_alloc_table p) a) - (EQ (offset_max char_P_alloc_table p) b))) - -(DEFPRED (strict_valid_root_int_P p a b int_P_alloc_table) - (AND (EQ (offset_min int_P_alloc_table p) a) - (EQ (offset_max int_P_alloc_table p) b))) - -(DEFPRED (strict_valid_root_void_P p a b void_P_alloc_table) - (AND (EQ (offset_min void_P_alloc_table p) a) - (EQ (offset_max void_P_alloc_table p) b))) - -(DEFPRED (strict_valid_struct_char_P p a b char_P_alloc_table) - (AND (EQ (offset_min char_P_alloc_table p) a) - (EQ (offset_max char_P_alloc_table p) b))) - -(DEFPRED (strict_valid_struct_int_P p a b int_P_alloc_table) - (AND (EQ (offset_min int_P_alloc_table p) a) - (EQ (offset_max int_P_alloc_table p) b))) - -(DEFPRED (strict_valid_struct_void_P p a b void_P_alloc_table) - (AND (EQ (offset_min void_P_alloc_table p) a) - (EQ (offset_max void_P_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_char_P p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_int_P p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_void_P p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_root_char_P p a b char_P_alloc_table) - (AND (<= (offset_min char_P_alloc_table p) a) - (>= (offset_max char_P_alloc_table p) b))) - -(DEFPRED (valid_root_int_P p a b int_P_alloc_table) - (AND (<= (offset_min int_P_alloc_table p) a) - (>= (offset_max int_P_alloc_table p) b))) - -(DEFPRED (valid_root_void_P p a b void_P_alloc_table) - (AND (<= (offset_min void_P_alloc_table p) a) - (>= (offset_max void_P_alloc_table p) b))) - -(DEFPRED (valid_struct_char_P p a b char_P_alloc_table) - (AND (<= (offset_min char_P_alloc_table p) a) - (>= (offset_max char_P_alloc_table p) b))) - -(DEFPRED (valid_struct_int_P p a b int_P_alloc_table) - (AND (<= (offset_min int_P_alloc_table p) a) - (>= (offset_max int_P_alloc_table p) b))) - -(DEFPRED (valid_struct_void_P p a b void_P_alloc_table) - (AND (<= (offset_min void_P_alloc_table p) a) - (>= (offset_max void_P_alloc_table p) b))) - -(BG_PUSH - ;; Why axiom void_P_int - (EQ (int_of_tag void_P_tag) 1)) - -(BG_PUSH - ;; Why axiom void_P_of_pointer_address_of_pointer_addr - (FORALL (p) (EQ p (void_P_of_pointer_address (pointer_address p))))) - -(BG_PUSH - ;; Why axiom void_P_parenttag_bottom - (EQ (parenttag void_P_tag bottom_tag) |@true|)) - -(BG_PUSH - ;; Why axiom void_P_tags - (FORALL (x void_P_tag_table) (instanceof void_P_tag_table x void_P_tag))) - -;; min_sort_ensures_default_po_1, File "HOME/tests/c/minimum_sort.c", line 27, characters 21-27 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) (FORALL (i_0_1) (IMPLIES (EQ i_0_1 0) (<= 0 i_0_1)))))))) - -;; min_sort_ensures_default_po_2, File "HOME/tests/c/minimum_sort.c", line 27, characters 26-31 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) (FORALL (i_0_1) (IMPLIES (EQ i_0_1 0) (< i_0_1 n)))))))) - -;; min_sort_ensures_default_po_3, File "HOME/tests/c/minimum_sort.c", line 40, characters 23-28 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) (IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) (< i_0_1_0 j_0_1)))))))))))))))))))) - -;; min_sort_ensures_default_po_4, File "HOME/tests/c/minimum_sort.c", line 40, characters 32-39 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) (IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) (<= i_0_1_0 mi)))))))))))))))))))) - -;; min_sort_ensures_default_po_5, File "HOME/tests/c/minimum_sort.c", line 40, characters 37-43 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) (IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) (< mi n)))))))))))))))))))) - -;; min_sort_ensures_default_po_6, File "HOME/tests/c/minimum_sort.c", line 40, characters 23-28 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(IMPLIES (< result0 mv0) -(FORALL (mi1) -(IMPLIES (EQ mi1 j_0_1_0) -(FORALL (result1) -(IMPLIES (EQ result1 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(FORALL (mv1) -(IMPLIES (EQ mv1 result1) -(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< i_0_1_0 j_0_1_1)))))))))))))))))))))))))))))))))))) - -;; min_sort_ensures_default_po_7, File "HOME/tests/c/minimum_sort.c", line 40, characters 32-39 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(IMPLIES (< result0 mv0) -(FORALL (mi1) -(IMPLIES (EQ mi1 j_0_1_0) -(FORALL (result1) -(IMPLIES (EQ result1 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(FORALL (mv1) -(IMPLIES (EQ mv1 result1) -(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (<= i_0_1_0 mi1)))))))))))))))))))))))))))))))))))) - -;; min_sort_ensures_default_po_8, File "HOME/tests/c/minimum_sort.c", line 40, characters 37-43 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(IMPLIES (< result0 mv0) -(FORALL (mi1) -(IMPLIES (EQ mi1 j_0_1_0) -(FORALL (result1) -(IMPLIES (EQ result1 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(FORALL (mv1) -(IMPLIES (EQ mv1 result1) -(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< mi1 n)))))))))))))))))))))))))))))))))))) - -;; min_sort_ensures_default_po_9, File "HOME/tests/c/minimum_sort.c", line 40, characters 23-28 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(IMPLIES (>= result0 mv0) -(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< i_0_1_0 j_0_1_1)))))))))))))))))))))))))))))) - -;; min_sort_ensures_default_po_10, File "HOME/tests/c/minimum_sort.c", line 40, characters 32-39 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(IMPLIES (>= result0 mv0) -(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (<= i_0_1_0 mi0)))))))))))))))))))))))))))))) - -;; min_sort_ensures_default_po_11, File "HOME/tests/c/minimum_sort.c", line 40, characters 37-43 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(IMPLIES (>= result0 mv0) -(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< mi0 n)))))))))))))))))))))))))))))) - -;; min_sort_ensures_default_po_12, File "HOME/tests/c/minimum_sort.c", line 27, characters 21-27 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (>= j_0_1_0 n) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Swap t i_0_1_0 mi0 int_P_int_M_t_5_0 int_P_int_M_t_5) - (not_assigns - int_P_t_5_alloc_table int_P_int_M_t_5 int_P_int_M_t_5_0 (pset_union - (pset_range - (pset_singleton - t) mi0 mi0) - (pset_range - (pset_singleton - t) i_0_1_0 i_0_1_0)))) -(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (<= 0 i_0_1_1)))))))))))))))))))))))))))) - -;; min_sort_ensures_default_po_13, File "HOME/tests/c/minimum_sort.c", line 27, characters 26-31 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (>= j_0_1_0 n) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Swap t i_0_1_0 mi0 int_P_int_M_t_5_0 int_P_int_M_t_5) - (not_assigns - int_P_t_5_alloc_table int_P_int_M_t_5 int_P_int_M_t_5_0 (pset_union - (pset_range - (pset_singleton - t) mi0 mi0) - (pset_range - (pset_singleton - t) i_0_1_0 i_0_1_0)))) -(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (< i_0_1_1 n)))))))))))))))))))))))))))) - -;; min_sort_ensures_permutation_po_1, File "HOME/tests/c/minimum_sort.c", line 21, characters 14-39 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (<= n 0) -(EQ (Permut t 0 (- n 1) int_P_int_M_t_5 int_P_int_M_t_5) |@true|))))))) - -;; min_sort_ensures_permutation_po_2, File "HOME/tests/c/minimum_sort.c", line 34, characters 22-47 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(EQ (Permut t 0 (- n 1) int_P_int_M_t_5 int_P_int_M_t_5) |@true|))))))))) - -;; min_sort_ensures_permutation_po_3, File "HOME/tests/c/minimum_sort.c", line 34, characters 22-47 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (EQ (Permut t 0 (- n 1) int_P_int_M_t_5_0 int_P_int_M_t_5) |@true|) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5_0 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(IMPLIES (EQ (Permut t 0 (- n 1) int_P_int_M_t_5_0 int_P_int_M_t_5) |@true|) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (>= j_0_1_0 n) -(FORALL (int_P_int_M_t_5_1) -(IMPLIES (AND (Swap t i_0_1_0 mi0 int_P_int_M_t_5_1 int_P_int_M_t_5_0) - (not_assigns - int_P_t_5_alloc_table int_P_int_M_t_5_0 int_P_int_M_t_5_1 (pset_union - (pset_range - (pset_singleton - t) mi0 mi0) - (pset_range - (pset_singleton - t) i_0_1_0 i_0_1_0)))) -(FORALL (i_0_1_1) -(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) -(EQ (Permut t 0 (- n 1) int_P_int_M_t_5_1 int_P_int_M_t_5) |@true|))))))))))))))))))))))))))))))) - -;; min_sort_ensures_sorted_po_1, File "HOME/tests/c/minimum_sort.c", line 19, characters 14-29 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (<= n 0) (Sorted t 0 (- n 1) int_P_int_M_t_5))))))) - -;; min_sort_ensures_sorted_po_2, File "HOME/tests/c/minimum_sort.c", line 30, characters 8-21 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) (IMPLIES (EQ i_0_1 0) (Sorted t 0 i_0_1 int_P_int_M_t_5))))))))) - -;; min_sort_ensures_sorted_po_3, File "HOME/tests/c/minimum_sort.c", line 31, characters 8-86 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(FORALL (int_P_int_M_t_5) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (k1 k2) -(IMPLIES (AND (<= 0 k1) (AND (< k1 i_0_1) (AND (<= i_0_1 k2) (< k2 n)))) -(<= (select int_P_int_M_t_5 (shift t k1)) (select - int_P_int_M_t_5 (shift t k2))))))))))))) - -;; min_sort_ensures_sorted_po_4, File "HOME/tests/c/minimum_sort.c", line 43, characters 11-22 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Sorted t 0 i_0_1_0 int_P_int_M_t_5_0) - (FORALL (k1 k2) - (IMPLIES - (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) - (<= (select int_P_int_M_t_5_0 (shift t k1)) (select - int_P_int_M_t_5_0 - (shift t k2)))))) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5_0 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(EQ mv (select int_P_int_M_t_5_0 (shift t mi))))))))))))))))))))))) - -;; min_sort_ensures_sorted_po_5, File "HOME/tests/c/minimum_sort.c", line 44, characters 11-57 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Sorted t 0 i_0_1_0 int_P_int_M_t_5_0) - (FORALL (k1 k2) - (IMPLIES - (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) - (<= (select int_P_int_M_t_5_0 (shift t k1)) (select - int_P_int_M_t_5_0 - (shift t k2)))))) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5_0 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (k_0) -(IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1)) -(>= (select int_P_int_M_t_5_0 (shift t k_0)) mv))))))))))))))))))))))) - -;; min_sort_ensures_sorted_po_6, File "HOME/tests/c/minimum_sort.c", line 43, characters 11-22 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Sorted t 0 i_0_1_0 int_P_int_M_t_5_0) - (FORALL (k1 k2) - (IMPLIES - (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) - (<= (select int_P_int_M_t_5_0 (shift t k1)) (select - int_P_int_M_t_5_0 - (shift t k2)))))) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5_0 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (EQ mv0 (select int_P_int_M_t_5_0 (shift t mi0))) - (FORALL (k_0) - (IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_0)) - (>= (select int_P_int_M_t_5_0 (shift t k_0)) mv0)))) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5_0 (shift t j_0_1_0))) -(IMPLIES (< result0 mv0) -(FORALL (mi1) -(IMPLIES (EQ mi1 j_0_1_0) -(FORALL (result1) -(IMPLIES (EQ result1 (select int_P_int_M_t_5_0 (shift t j_0_1_0))) -(FORALL (mv1) -(IMPLIES (EQ mv1 result1) -(FORALL (j_0_1_1) -(IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) -(EQ mv1 (select int_P_int_M_t_5_0 (shift t mi1)))))))))))))))))))))))))))))))))))))))) - -;; min_sort_ensures_sorted_po_7, File "HOME/tests/c/minimum_sort.c", line 44, characters 11-57 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Sorted t 0 i_0_1_0 int_P_int_M_t_5_0) - (FORALL (k1 k2) - (IMPLIES - (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) - (<= (select int_P_int_M_t_5_0 (shift t k1)) (select - int_P_int_M_t_5_0 - (shift t k2)))))) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5_0 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (EQ mv0 (select int_P_int_M_t_5_0 (shift t mi0))) - (FORALL (k_0) - (IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_0)) - (>= (select int_P_int_M_t_5_0 (shift t k_0)) mv0)))) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5_0 (shift t j_0_1_0))) -(IMPLIES (< result0 mv0) -(FORALL (mi1) -(IMPLIES (EQ mi1 j_0_1_0) -(FORALL (result1) -(IMPLIES (EQ result1 (select int_P_int_M_t_5_0 (shift t j_0_1_0))) -(FORALL (mv1) -(IMPLIES (EQ mv1 result1) -(FORALL (j_0_1_1) -(IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) -(FORALL (k_0) -(IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_1)) -(>= (select int_P_int_M_t_5_0 (shift t k_0)) mv1)))))))))))))))))))))))))))))))))))))))) - -;; min_sort_ensures_sorted_po_8, File "HOME/tests/c/minimum_sort.c", line 44, characters 11-57 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Sorted t 0 i_0_1_0 int_P_int_M_t_5_0) - (FORALL (k1 k2) - (IMPLIES - (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) - (<= (select int_P_int_M_t_5_0 (shift t k1)) (select - int_P_int_M_t_5_0 - (shift t k2)))))) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5_0 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (EQ mv0 (select int_P_int_M_t_5_0 (shift t mi0))) - (FORALL (k_0) - (IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_0)) - (>= (select int_P_int_M_t_5_0 (shift t k_0)) mv0)))) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5_0 (shift t j_0_1_0))) -(IMPLIES (>= result0 mv0) -(FORALL (j_0_1_1) -(IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) -(FORALL (k_0) -(IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_1)) -(>= (select int_P_int_M_t_5_0 (shift t k_0)) mv0)))))))))))))))))))))))))))))))))) - -;; min_sort_ensures_sorted_po_9, File "HOME/tests/c/minimum_sort.c", line 30, characters 8-21 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Sorted t 0 i_0_1_0 int_P_int_M_t_5_0) - (FORALL (k1 k2) - (IMPLIES - (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) - (<= (select int_P_int_M_t_5_0 (shift t k1)) (select - int_P_int_M_t_5_0 - (shift t k2)))))) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5_0 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (EQ mv0 (select int_P_int_M_t_5_0 (shift t mi0))) - (FORALL (k_0) - (IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_0)) - (>= (select int_P_int_M_t_5_0 (shift t k_0)) mv0)))) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (>= j_0_1_0 n) -(FORALL (int_P_int_M_t_5_1) -(IMPLIES (AND (Swap t i_0_1_0 mi0 int_P_int_M_t_5_1 int_P_int_M_t_5_0) - (not_assigns - int_P_t_5_alloc_table int_P_int_M_t_5_0 int_P_int_M_t_5_1 (pset_union - (pset_range - (pset_singleton - t) mi0 mi0) - (pset_range - (pset_singleton - t) i_0_1_0 i_0_1_0)))) -(FORALL (i_0_1_1) -(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (Sorted t 0 i_0_1_1 int_P_int_M_t_5_1))))))))))))))))))))))))))))))) - -;; min_sort_ensures_sorted_po_10, File "HOME/tests/c/minimum_sort.c", line 31, characters 8-86 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Sorted t 0 i_0_1_0 int_P_int_M_t_5_0) - (FORALL (k1 k2) - (IMPLIES - (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) - (<= (select int_P_int_M_t_5_0 (shift t k1)) (select - int_P_int_M_t_5_0 - (shift t k2)))))) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5_0 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES (AND (EQ mv0 (select int_P_int_M_t_5_0 (shift t mi0))) - (FORALL (k_0) - (IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_0)) - (>= (select int_P_int_M_t_5_0 (shift t k_0)) mv0)))) -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (>= j_0_1_0 n) -(FORALL (int_P_int_M_t_5_1) -(IMPLIES (AND (Swap t i_0_1_0 mi0 int_P_int_M_t_5_1 int_P_int_M_t_5_0) - (not_assigns - int_P_t_5_alloc_table int_P_int_M_t_5_0 int_P_int_M_t_5_1 (pset_union - (pset_range - (pset_singleton - t) mi0 mi0) - (pset_range - (pset_singleton - t) i_0_1_0 i_0_1_0)))) -(FORALL (i_0_1_1) -(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) -(FORALL (k1 k2) -(IMPLIES (AND (<= 0 k1) (AND (< k1 i_0_1_1) (AND (<= i_0_1_1 k2) (< k2 n)))) -(<= (select int_P_int_M_t_5_1 (shift t k1)) (select - int_P_int_M_t_5_1 (shift t k2))))))))))))))))))))))))))))))))))) - -;; min_sort_ensures_sorted_po_11, File "HOME/tests/c/minimum_sort.c", line 19, characters 14-29 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Sorted t 0 i_0_1_0 int_P_int_M_t_5_0) - (FORALL (k1 k2) - (IMPLIES - (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) - (<= (select int_P_int_M_t_5_0 (shift t k1)) (select - int_P_int_M_t_5_0 - (shift t k2)))))) -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (>= i_0_1_0 (- n 1)) (Sorted t 0 (- n 1) int_P_int_M_t_5_0))))))))))))) - -;; min_sort_safety_po_1, File "HOME/tests/c/minimum_sort.c", line 39, characters 9-13 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(<= (offset_min int_P_t_5_alloc_table t) i_0_1_0)))))))))))) - -;; min_sort_safety_po_2, File "HOME/tests/c/minimum_sort.c", line 39, characters 9-13 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))))))))))))) - -;; min_sort_safety_po_3, File "HOME/tests/c/minimum_sort.c", line 51, characters 10-14 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) (<= (offset_min int_P_t_5_alloc_table t) j_0_1_0))))))))))))))))))))))))))) - -;; min_sort_safety_po_4, File "HOME/tests/c/minimum_sort.c", line 51, characters 10-14 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) (<= j_0_1_0 (offset_max int_P_t_5_alloc_table t)))))))))))))))))))))))))))) - -;; min_sort_safety_po_5, File "HOME/tests/c/minimum_sort.c", line 48, characters 21-24 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) j_0_1_0) - (<= j_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(IMPLIES (< result0 mv0) -(FORALL (mi1) -(IMPLIES (EQ mi1 j_0_1_0) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) j_0_1_0) - (<= j_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result1) -(IMPLIES (EQ result1 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(FORALL (mv1) -(IMPLIES (EQ mv1 result1) -(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (<= 0 (- n j_0_1_0)))))))))))))))))))))))))))))))))))))))))) - -;; min_sort_safety_po_6, File "HOME/tests/c/minimum_sort.c", line 48, characters 21-24 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) j_0_1_0) - (<= j_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(IMPLIES (< result0 mv0) -(FORALL (mi1) -(IMPLIES (EQ mi1 j_0_1_0) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) j_0_1_0) - (<= j_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result1) -(IMPLIES (EQ result1 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(FORALL (mv1) -(IMPLIES (EQ mv1 result1) -(FORALL (j_0_1_1) -(IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< (- n j_0_1_1) (- n j_0_1_0)))))))))))))))))))))))))))))))))))))))))) - -;; min_sort_safety_po_7, File "HOME/tests/c/minimum_sort.c", line 48, characters 21-24 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) j_0_1_0) - (<= j_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(IMPLIES (>= result0 mv0) -(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (<= 0 (- n j_0_1_0))))))))))))))))))))))))))))))))))) - -;; min_sort_safety_po_8, File "HOME/tests/c/minimum_sort.c", line 48, characters 21-24 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(FORALL (mv0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (< j_0_1_0 n) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) j_0_1_0) - (<= j_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_5 (shift t j_0_1_0))) -(IMPLIES (>= result0 mv0) -(FORALL (j_0_1_1) -(IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< (- n j_0_1_1) (- n j_0_1_0))))))))))))))))))))))))))))))))))) - -;; min_sort_safety_po_9, File "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc", line 171, characters 23-39 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (>= j_0_1_0 n) (>= (offset_max int_P_t_5_alloc_table t) i_0_1_0))))))))))))))))))))))))))) - -;; min_sort_safety_po_10, File "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc", line 171, characters 23-39 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (>= j_0_1_0 n) (<= (offset_min int_P_t_5_alloc_table t) mi0))))))))))))))))))))))))))) - -;; min_sort_safety_po_11, File "HOME/tests/c/minimum_sort.jessie/minimum_sort.jc", line 171, characters 23-39 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (>= j_0_1_0 n) (>= (offset_max int_P_t_5_alloc_table t) mi0))))))))))))))))))))))))))) - -;; min_sort_safety_po_12, File "HOME/tests/c/minimum_sort.c", line 35, characters 19-22 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (>= j_0_1_0 n) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (AND (>= (offset_max int_P_t_5_alloc_table t) i_0_1_0) - (AND (<= (offset_min int_P_t_5_alloc_table t) mi0) - (>= (offset_max int_P_t_5_alloc_table t) mi0)))) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Swap t i_0_1_0 mi0 int_P_int_M_t_5_0 int_P_int_M_t_5) - (not_assigns - int_P_t_5_alloc_table int_P_int_M_t_5 int_P_int_M_t_5_0 (pset_union - (pset_range - (pset_singleton - t) mi0 mi0) - (pset_range - (pset_singleton - t) i_0_1_0 i_0_1_0)))) -(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (<= 0 (- n i_0_1_0))))))))))))))))))))))))))))))))) - -;; min_sort_safety_po_13, File "HOME/tests/c/minimum_sort.c", line 35, characters 19-22 -(FORALL (t) -(FORALL (n) -(FORALL (int_P_t_5_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) 0) - (>= (offset_max int_P_t_5_alloc_table t) (- n 1))) -(IMPLIES (> n 0) -(FORALL (i_0_1) -(IMPLIES (EQ i_0_1 0) -(FORALL (i_0_1_0) -(FORALL (int_P_int_M_t_5) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) -(IMPLIES (< i_0_1_0 (- n 1)) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (<= i_0_1_0 (offset_max int_P_t_5_alloc_table t))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_5 (shift t i_0_1_0))) -(FORALL (mv) -(IMPLIES (EQ mv result) -(FORALL (mi) -(IMPLIES (EQ mi i_0_1_0) -(FORALL (j_0_1) -(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) -(FORALL (j_0_1_0) -(FORALL (mi0) -(IMPLIES TRUE -(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) -(IMPLIES (>= j_0_1_0 n) -(IMPLIES (AND (<= (offset_min int_P_t_5_alloc_table t) i_0_1_0) - (AND (>= (offset_max int_P_t_5_alloc_table t) i_0_1_0) - (AND (<= (offset_min int_P_t_5_alloc_table t) mi0) - (>= (offset_max int_P_t_5_alloc_table t) mi0)))) -(FORALL (int_P_int_M_t_5_0) -(IMPLIES (AND (Swap t i_0_1_0 mi0 int_P_int_M_t_5_0 int_P_int_M_t_5) - (not_assigns - int_P_t_5_alloc_table int_P_int_M_t_5 int_P_int_M_t_5_0 (pset_union - (pset_range - (pset_singleton - t) mi0 mi0) - (pset_range - (pset_singleton - t) i_0_1_0 i_0_1_0)))) -(FORALL (i_0_1_1) -(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (< (- n i_0_1_1) (- n i_0_1_0))))))))))))))))))))))))))))))))) - -;; swap_ensures_default_po_1, File "HOME/tests/c/minimum_sort.c", line 9, characters 12-33 -(FORALL (t_0) -(FORALL (i_0) -(FORALL (j_0) -(FORALL (int_P_t_0_4_alloc_table) -(FORALL (int_P_int_M_t_0_4) -(IMPLIES (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) i_0) - (AND (>= (offset_max int_P_t_0_4_alloc_table t_0) i_0) - (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) j_0) - (>= (offset_max int_P_t_0_4_alloc_table t_0) j_0)))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_0_4 (shift t_0 i_0))) -(FORALL (tmp) -(IMPLIES (EQ tmp result) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_0_4 (shift t_0 j_0))) -(FORALL (int_P_int_M_t_0_4_0) -(IMPLIES (EQ int_P_int_M_t_0_4_0 - (|why__store| int_P_int_M_t_0_4 (shift t_0 i_0) result0)) -(FORALL (int_P_int_M_t_0_4_1) -(IMPLIES (EQ int_P_int_M_t_0_4_1 - (|why__store| int_P_int_M_t_0_4_0 (shift t_0 j_0) tmp)) -(Swap t_0 i_0 j_0 int_P_int_M_t_0_4_1 int_P_int_M_t_0_4))))))))))))))))) - -;; swap_ensures_default_po_2, File "HOME/tests/c/minimum_sort.c", line 11, characters 5-9 -(FORALL (t_0) -(FORALL (i_0) -(FORALL (j_0) -(FORALL (int_P_t_0_4_alloc_table) -(FORALL (int_P_int_M_t_0_4) -(IMPLIES (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) i_0) - (AND (>= (offset_max int_P_t_0_4_alloc_table t_0) i_0) - (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) j_0) - (>= (offset_max int_P_t_0_4_alloc_table t_0) j_0)))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_0_4 (shift t_0 i_0))) -(FORALL (tmp) -(IMPLIES (EQ tmp result) -(FORALL (result0) -(IMPLIES (EQ result0 (select int_P_int_M_t_0_4 (shift t_0 j_0))) -(FORALL (int_P_int_M_t_0_4_0) -(IMPLIES (EQ int_P_int_M_t_0_4_0 - (|why__store| int_P_int_M_t_0_4 (shift t_0 i_0) result0)) -(FORALL (int_P_int_M_t_0_4_1) -(IMPLIES (EQ int_P_int_M_t_0_4_1 - (|why__store| int_P_int_M_t_0_4_0 (shift t_0 j_0) tmp)) -(not_assigns -int_P_t_0_4_alloc_table int_P_int_M_t_0_4 int_P_int_M_t_0_4_1 (pset_union - (pset_range - (pset_singleton - t_0) j_0 j_0) - (pset_range - (pset_singleton - t_0) i_0 i_0))))))))))))))))))) - -;; swap_safety_po_1, File "HOME/tests/c/minimum_sort.c", line 12, characters 12-16 -(FORALL (t_0) -(FORALL (i_0) -(FORALL (j_0) -(FORALL (int_P_t_0_4_alloc_table) -(IMPLIES (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) i_0) - (AND (>= (offset_max int_P_t_0_4_alloc_table t_0) i_0) - (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) j_0) - (>= (offset_max int_P_t_0_4_alloc_table t_0) j_0)))) -(<= i_0 (offset_max int_P_t_0_4_alloc_table t_0))))))) - -;; swap_safety_po_2, File "HOME/tests/c/minimum_sort.c", line 13, characters 9-13 -(FORALL (t_0) -(FORALL (i_0) -(FORALL (j_0) -(FORALL (int_P_t_0_4_alloc_table) -(FORALL (int_P_int_M_t_0_4) -(IMPLIES (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) i_0) - (AND (>= (offset_max int_P_t_0_4_alloc_table t_0) i_0) - (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) j_0) - (>= (offset_max int_P_t_0_4_alloc_table t_0) j_0)))) -(IMPLIES (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) i_0) - (<= i_0 (offset_max int_P_t_0_4_alloc_table t_0))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_0_4 (shift t_0 i_0))) -(FORALL (tmp) -(IMPLIES (EQ tmp result) (<= (offset_min int_P_t_0_4_alloc_table t_0) j_0)))))))))))) - -;; swap_safety_po_3, File "HOME/tests/c/minimum_sort.c", line 13, characters 9-13 -(FORALL (t_0) -(FORALL (i_0) -(FORALL (j_0) -(FORALL (int_P_t_0_4_alloc_table) -(FORALL (int_P_int_M_t_0_4) -(IMPLIES (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) i_0) - (AND (>= (offset_max int_P_t_0_4_alloc_table t_0) i_0) - (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) j_0) - (>= (offset_max int_P_t_0_4_alloc_table t_0) j_0)))) -(IMPLIES (AND (<= (offset_min int_P_t_0_4_alloc_table t_0) i_0) - (<= i_0 (offset_max int_P_t_0_4_alloc_table t_0))) -(FORALL (result) -(IMPLIES (EQ result (select int_P_int_M_t_0_4 (shift t_0 i_0))) -(FORALL (tmp) -(IMPLIES (EQ tmp result) (<= j_0 (offset_max int_P_t_0_4_alloc_table t_0))))))))))))) - -========== running Simplify ========== -Running Simplify on proof obligations -(. = valid * = invalid ? = unknown # = timeout ! = failure) -simplify/minimum_sort_why.sx : ...............?............................. (44/0/1/0/0) -total : 45 -valid : 44 ( 98%) -invalid : 0 ( 0%) -unknown : 1 ( 2%) -timeout : 0 ( 0%) -failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/minmax.res.oracle why-2.30+dfsg/tests/c/oracle/minmax.res.oracle --- why-2.29+dfsg/tests/c/oracle/minmax.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/minmax.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,2950 @@ +========== file tests/c/minmax.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + + +//@ ensures \result == \max(x,y); +int max(int x, int y) { + return (x <= y) ? y : x; +} + + +//@ ensures \result == \min(x,y); +int min(int x, int y) { + return (x <= y) ? x : y; +} + + +//@ ensures \result == \max(x,y); +float fmax(float x, float y) { + return (x <= y) ? y : x; +} + + +//@ ensures \result == \min(x,y); +float fmin(float x, float y) { + return (x <= y) ? x : y; +} + + +//@ ensures \result == \max(x,y); +double dmax(double x, double y) { + return (x <= y) ? y : x; +} + + +//@ ensures \result == \min(x,y); +double dmin(double x, double y) { + return (x <= y) ? x : y; +} + + + +/* +Local Variables: +compile-command: "make minmax.why3ml" +End: +*/ + +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/minmax.c" +[jessie] Starting Jessie translation +[jessie] Producing Jessie files in subdir tests/c/minmax.jessie +[jessie] File tests/c/minmax.jessie/minmax.jc written. +[jessie] File tests/c/minmax.jessie/minmax.cloc written. +========== file tests/c/minmax.jessie/minmax.jc ========== +# IntModel = bounded +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +type int8 = -128..127 + +type int32 = -2147483648..2147483647 + +tag charP = { + int8 charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +int32 max(int32 x_3, int32 y_3) +behavior default: + ensures (C_3 : (\result == \integer_max(\at(x_3,Old), \at(y_3,Old)))); +{ + (var int32 tmp); + + { (if (x_3 <= y_3) then (C_2 : (tmp = y_3)) else (C_1 : (tmp = x_3))); + + (return tmp) + } +} + +int32 min(int32 x_4, int32 y_4) +behavior default: + ensures (C_6 : (\result == \integer_min(\at(x_4,Old), \at(y_4,Old)))); +{ + (var int32 tmp_0); + + { (if (x_4 <= y_4) then (C_5 : (tmp_0 = x_4)) else (C_4 : (tmp_0 = y_4))); + + (return tmp_0) + } +} + +float fmax(float x_1, float y_1) +behavior default: + ensures (C_9 : ((\result :> real) == + \real_max((\at(x_1,Old) :> real), (\at(y_1,Old) :> real)))); +{ + (var float tmp_1); + + { (if (x_1 <= y_1) then (C_8 : (tmp_1 = y_1)) else (C_7 : (tmp_1 = x_1))); + + (return tmp_1) + } +} + +float fmin(float x_2, float y_2) +behavior default: + ensures (C_12 : ((\result :> real) == + \real_min((\at(x_2,Old) :> real), (\at(y_2,Old) :> real)))); +{ + (var float tmp_2); + + { (if (x_2 <= y_2) then (C_11 : (tmp_2 = x_2)) else (C_10 : (tmp_2 = y_2))); + + (return tmp_2) + } +} + +double dmax(double x, double y) +behavior default: + ensures (C_15 : ((\result :> real) == + \real_max((\at(x,Old) :> real), (\at(y,Old) :> real)))); +{ + (var double tmp_3); + + { (if (x <= y) then (C_14 : (tmp_3 = y)) else (C_13 : (tmp_3 = x))); + + (return tmp_3) + } +} + +double dmin(double x_0, double y_0) +behavior default: + ensures (C_18 : ((\result :> real) == + \real_min((\at(x_0,Old) :> real), (\at(y_0,Old) :> real)))); +{ + (var double tmp_4); + + { (if (x_0 <= y_0) then (C_17 : (tmp_4 = x_0)) else (C_16 : (tmp_4 = y_0))); + + (return tmp_4) + } +} +========== file tests/c/minmax.jessie/minmax.cloc ========== +[dmax] +name = "Function dmax" +file = "HOME/tests/c/minmax.c" +line = 58 +begin = 7 +end = 11 + +[C_10] +file = "HOME/tests/c/minmax.c" +line = 53 +begin = 9 +end = 25 + +[C_11] +file = "HOME/tests/c/minmax.c" +line = 53 +begin = 9 +end = 25 + +[C_12] +file = "HOME/tests/c/minmax.c" +line = 51 +begin = 12 +end = 32 + +[C_13] +file = "HOME/tests/c/minmax.c" +line = 59 +begin = 9 +end = 25 + +[C_14] +file = "HOME/tests/c/minmax.c" +line = 59 +begin = 9 +end = 25 + +[C_15] +file = "HOME/tests/c/minmax.c" +line = 57 +begin = 12 +end = 32 + +[min] +name = "Function min" +file = "HOME/tests/c/minmax.c" +line = 40 +begin = 4 +end = 7 + +[C_16] +file = "HOME/tests/c/minmax.c" +line = 65 +begin = 9 +end = 25 + +[C_17] +file = "HOME/tests/c/minmax.c" +line = 65 +begin = 9 +end = 25 + +[C_18] +file = "HOME/tests/c/minmax.c" +line = 63 +begin = 12 +end = 32 + +[fmax] +name = "Function fmax" +file = "HOME/tests/c/minmax.c" +line = 46 +begin = 6 +end = 10 + +[C_1] +file = "HOME/tests/c/minmax.c" +line = 35 +begin = 9 +end = 25 + +[C_2] +file = "HOME/tests/c/minmax.c" +line = 35 +begin = 9 +end = 25 + +[C_3] +file = "HOME/tests/c/minmax.c" +line = 33 +begin = 12 +end = 32 + +[dmin] +name = "Function dmin" +file = "HOME/tests/c/minmax.c" +line = 64 +begin = 7 +end = 11 + +[C_4] +file = "HOME/tests/c/minmax.c" +line = 41 +begin = 9 +end = 25 + +[C_5] +file = "HOME/tests/c/minmax.c" +line = 41 +begin = 9 +end = 25 + +[C_6] +file = "HOME/tests/c/minmax.c" +line = 39 +begin = 12 +end = 32 + +[C_7] +file = "HOME/tests/c/minmax.c" +line = 47 +begin = 9 +end = 25 + +[C_8] +file = "HOME/tests/c/minmax.c" +line = 47 +begin = 9 +end = 25 + +[C_9] +file = "HOME/tests/c/minmax.c" +line = 45 +begin = 12 +end = 32 + +[max] +name = "Function max" +file = "HOME/tests/c/minmax.c" +line = 34 +begin = 4 +end = 7 + +[fmin] +name = "Function fmin" +file = "HOME/tests/c/minmax.c" +line = 52 +begin = 6 +end = 10 + +========== jessie execution ========== +Generating Why function max +Generating Why function min +Generating Why function fmax +Generating Why function fmin +Generating Why function dmax +Generating Why function dmin +========== file tests/c/minmax.jessie/minmax.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs minmax.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs minmax.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why $(WHYLIB)/why/floats_strict.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/minmax_why.sx + +project: why/minmax.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/minmax_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/minmax_why.vo + +coq/minmax_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/minmax_why.v: why/minmax.why + @echo 'why -coq [...] why/minmax.why' && $(WHY) $(JESSIELIBFILES) why/minmax.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/minmax_ctx_why.vo + for f in why/*_po*.why; do make -f minmax.makefile coq/`basename $$f .why`_why.v ; done + +coq/minmax_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/minmax_ctx_why.v: why/minmax_ctx.why + @echo 'why -coq [...] why/minmax_ctx.why' && $(WHY) why/minmax_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export minmax_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/minmax_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/minmax_ctx_why.vo + +pvs: pvs/minmax_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/minmax_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/minmax_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/minmax_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/minmax_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/minmax_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/minmax_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/minmax_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/minmax_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/minmax_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/minmax_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/minmax_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/minmax_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/minmax_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/minmax_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: minmax.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/minmax_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/minmax_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: minmax.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include minmax.depend + +depend: coq/minmax_why.v + -$(COQDEP) -I coq coq/minmax*_why.v > minmax.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/minmax.jessie/minmax.loc ========== +[JC_40] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[min_ensures_default] +name = "Function min" +behavior = "default behavior" +file = "HOME/tests/c/minmax.c" +line = 40 +begin = 4 +end = 7 + +[JC_41] +file = "HOME/tests/c/minmax.c" +line = 64 +begin = 7 +end = 11 + +[JC_42] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_43] +file = "HOME/tests/c/minmax.c" +line = 64 +begin = 7 +end = 11 + +[JC_44] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_45] +file = "HOME/tests/c/minmax.c" +line = 63 +begin = 12 +end = 32 + +[JC_46] +file = "HOME/tests/c/minmax.c" +line = 63 +begin = 12 +end = 32 + +[JC_1] +file = "HOME/tests/c/minmax.c" +line = 34 +begin = 4 +end = 7 + +[JC_47] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_48] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_3] +file = "HOME/tests/c/minmax.c" +line = 34 +begin = 4 +end = 7 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[dmin_safety] +name = "Function dmin" +behavior = "Safety" +file = "HOME/tests/c/minmax.c" +line = 64 +begin = 7 +end = 11 + +[JC_5] +file = "HOME/tests/c/minmax.c" +line = 33 +begin = 12 +end = 32 + +[JC_6] +file = "HOME/tests/c/minmax.c" +line = 33 +begin = 12 +end = 32 + +[JC_7] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_9] +file = "HOME/tests/c/minmax.c" +line = 40 +begin = 4 +end = 7 + +[fmin_safety] +name = "Function fmin" +behavior = "Safety" +file = "HOME/tests/c/minmax.c" +line = 52 +begin = 6 +end = 10 + +[fmin_ensures_default] +name = "Function fmin" +behavior = "default behavior" +file = "HOME/tests/c/minmax.c" +line = 52 +begin = 6 +end = 10 + +[dmax_ensures_default] +name = "Function dmax" +behavior = "default behavior" +file = "HOME/tests/c/minmax.c" +line = 58 +begin = 7 +end = 11 + +[fmax_ensures_default] +name = "Function fmax" +behavior = "default behavior" +file = "HOME/tests/c/minmax.c" +line = 46 +begin = 6 +end = 10 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_11] +file = "HOME/tests/c/minmax.c" +line = 40 +begin = 4 +end = 7 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[max_safety] +name = "Function max" +behavior = "Safety" +file = "HOME/tests/c/minmax.c" +line = 34 +begin = 4 +end = 7 + +[JC_13] +file = "HOME/tests/c/minmax.c" +line = 39 +begin = 12 +end = 32 + +[JC_14] +file = "HOME/tests/c/minmax.c" +line = 39 +begin = 12 +end = 32 + +[min_safety] +name = "Function min" +behavior = "Safety" +file = "HOME/tests/c/minmax.c" +line = 40 +begin = 4 +end = 7 + +[JC_15] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_16] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_17] +file = "HOME/tests/c/minmax.c" +line = 46 +begin = 6 +end = 10 + +[JC_18] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_19] +file = "HOME/tests/c/minmax.c" +line = 46 +begin = 6 +end = 10 + +[max_ensures_default] +name = "Function max" +behavior = "default behavior" +file = "HOME/tests/c/minmax.c" +line = 34 +begin = 4 +end = 7 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_21] +file = "HOME/tests/c/minmax.c" +line = 45 +begin = 12 +end = 32 + +[JC_22] +file = "HOME/tests/c/minmax.c" +line = 45 +begin = 12 +end = 32 + +[JC_23] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_24] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_25] +file = "HOME/tests/c/minmax.c" +line = 52 +begin = 6 +end = 10 + +[JC_26] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_27] +file = "HOME/tests/c/minmax.c" +line = 52 +begin = 6 +end = 10 + +[JC_28] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_29] +file = "HOME/tests/c/minmax.c" +line = 51 +begin = 12 +end = 32 + +[dmax_safety] +name = "Function dmax" +behavior = "Safety" +file = "HOME/tests/c/minmax.c" +line = 58 +begin = 7 +end = 11 + +[JC_30] +file = "HOME/tests/c/minmax.c" +line = 51 +begin = 12 +end = 32 + +[JC_31] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_32] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[fmax_safety] +name = "Function fmax" +behavior = "Safety" +file = "HOME/tests/c/minmax.c" +line = 46 +begin = 6 +end = 10 + +[JC_33] +file = "HOME/tests/c/minmax.c" +line = 58 +begin = 7 +end = 11 + +[JC_34] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_35] +file = "HOME/tests/c/minmax.c" +line = 58 +begin = 7 +end = 11 + +[dmin_ensures_default] +name = "Function dmin" +behavior = "default behavior" +file = "HOME/tests/c/minmax.c" +line = 64 +begin = 7 +end = 11 + +[JC_36] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_37] +file = "HOME/tests/c/minmax.c" +line = 57 +begin = 12 +end = 32 + +[JC_38] +file = "HOME/tests/c/minmax.c" +line = 57 +begin = 12 +end = 32 + +[JC_39] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +========== file tests/c/minmax.jessie/why/minmax.why ========== +type charP + +type int32 + +type int8 + +type padding + +type voidP + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_int8: int8 -> int + +predicate eq_int8(x:int8, y:int8) = + eq_int(integer_of_int8(x), integer_of_int8(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic int8_of_integer: int -> int8 + +axiom int8_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_int8(int8_of_integer(x)), x))) + +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + +axiom int8_range : + (forall x:int8. + (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_int8 : unit -> { } int8 { true } + +parameter dmax : + x_0:double -> + y:double -> + { } double + { (JC_38: + (double_value(result) = real_max(double_value(x_0), double_value(y)))) } + +parameter dmax_requires : + x_0:double -> + y:double -> + { } double + { (JC_38: + (double_value(result) = real_max(double_value(x_0), double_value(y)))) } + +parameter dmin : + x_0_0:double -> + y_0:double -> + { } double + { (JC_46: + (double_value(result) = real_min(double_value(x_0_0), double_value(y_0)))) } + +parameter dmin_requires : + x_0_0:double -> + y_0:double -> + { } double + { (JC_46: + (double_value(result) = real_min(double_value(x_0_0), double_value(y_0)))) } + +parameter fmax : + x_1:single -> + y_1:single -> + { } single + { (JC_22: + (single_value(result) = real_max(single_value(x_1), single_value(y_1)))) } + +parameter fmax_requires : + x_1:single -> + y_1:single -> + { } single + { (JC_22: + (single_value(result) = real_max(single_value(x_1), single_value(y_1)))) } + +parameter fmin : + x_2:single -> + y_2:single -> + { } single + { (JC_30: + (single_value(result) = real_min(single_value(x_2), single_value(y_2)))) } + +parameter fmin_requires : + x_2:single -> + y_2:single -> + { } single + { (JC_30: + (single_value(result) = real_min(single_value(x_2), single_value(y_2)))) } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter int8_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} int8 + { eq_int(integer_of_int8(result), x) } + +parameter max : + x_3:int32 -> + y_3:int32 -> + { } int32 + { (JC_6: + (integer_of_int32(result) = int_max(integer_of_int32(x_3), + integer_of_int32(y_3)))) } + +parameter max_requires : + x_3:int32 -> + y_3:int32 -> + { } int32 + { (JC_6: + (integer_of_int32(result) = int_max(integer_of_int32(x_3), + integer_of_int32(y_3)))) } + +parameter min : + x_4:int32 -> + y_4:int32 -> + { } int32 + { (JC_14: + (integer_of_int32(result) = int_min(integer_of_int32(x_4), + integer_of_int32(y_4)))) } + +parameter min_requires : + x_4:int32 -> + y_4:int32 -> + { } int32 + { (JC_14: + (integer_of_int32(result) = int_min(integer_of_int32(x_4), + integer_of_int32(y_4)))) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_int8_of_integer_ : + x:int -> { } int8 { eq_int(integer_of_int8(result), x) } + +let dmax_ensures_default = + fun (x_0 : double) (y : double) -> + { (JC_36: true) } + (init: + (let return = ref (any_double void) in + try + begin + (let tmp_3 = ref (any_double void) in + begin + (let jessie_ = + (if ((le_double_ x_0) y) then (C_14: begin (tmp_3 := y); !tmp_3 end) + else (C_13: begin (tmp_3 := x_0); !tmp_3 end)) in void); + (return := !tmp_3); (raise Return) end); absurd end with Return -> + !return end)) + { (JC_37: + (double_value(result) = real_max(double_value(x_0), double_value(y)))) } + +let dmax_safety = + fun (x_0 : double) (y : double) -> + { (JC_36: true) } + (init: + (let return = ref (any_double void) in + try + begin + (let tmp_3 = ref (any_double void) in + begin + (let jessie_ = + (if ((le_double_ x_0) y) then (C_14: begin (tmp_3 := y); !tmp_3 end) + else (C_13: begin (tmp_3 := x_0); !tmp_3 end)) in void); + (return := !tmp_3); (raise Return) end); absurd end with Return -> + !return end)) { true } + +let dmin_ensures_default = + fun (x_0_0 : double) (y_0 : double) -> + { (JC_44: true) } + (init: + (let return = ref (any_double void) in + try + begin + (let tmp_4 = ref (any_double void) in + begin + (let jessie_ = + (if ((le_double_ x_0_0) y_0) + then (C_17: begin (tmp_4 := x_0_0); !tmp_4 end) + else (C_16: begin (tmp_4 := y_0); !tmp_4 end)) in void); + (return := !tmp_4); (raise Return) end); absurd end with Return -> + !return end)) + { (JC_45: + (double_value(result) = real_min(double_value(x_0_0), double_value(y_0)))) } + +let dmin_safety = + fun (x_0_0 : double) (y_0 : double) -> + { (JC_44: true) } + (init: + (let return = ref (any_double void) in + try + begin + (let tmp_4 = ref (any_double void) in + begin + (let jessie_ = + (if ((le_double_ x_0_0) y_0) + then (C_17: begin (tmp_4 := x_0_0); !tmp_4 end) + else (C_16: begin (tmp_4 := y_0); !tmp_4 end)) in void); + (return := !tmp_4); (raise Return) end); absurd end with Return -> + !return end)) { true } + +let fmax_ensures_default = + fun (x_1 : single) (y_1 : single) -> + { (JC_20: true) } + (init: + (let return = ref (any_single void) in + try + begin + (let tmp_1 = ref (any_single void) in + begin + (let jessie_ = + (if ((le_single_ x_1) y_1) + then (C_8: begin (tmp_1 := y_1); !tmp_1 end) + else (C_7: begin (tmp_1 := x_1); !tmp_1 end)) in void); + (return := !tmp_1); (raise Return) end); absurd end with Return -> + !return end)) + { (JC_21: + (single_value(result) = real_max(single_value(x_1), single_value(y_1)))) } + +let fmax_safety = + fun (x_1 : single) (y_1 : single) -> + { (JC_20: true) } + (init: + (let return = ref (any_single void) in + try + begin + (let tmp_1 = ref (any_single void) in + begin + (let jessie_ = + (if ((le_single_ x_1) y_1) + then (C_8: begin (tmp_1 := y_1); !tmp_1 end) + else (C_7: begin (tmp_1 := x_1); !tmp_1 end)) in void); + (return := !tmp_1); (raise Return) end); absurd end with Return -> + !return end)) { true } + +let fmin_ensures_default = + fun (x_2 : single) (y_2 : single) -> + { (JC_28: true) } + (init: + (let return = ref (any_single void) in + try + begin + (let tmp_2 = ref (any_single void) in + begin + (let jessie_ = + (if ((le_single_ x_2) y_2) + then (C_11: begin (tmp_2 := x_2); !tmp_2 end) + else (C_10: begin (tmp_2 := y_2); !tmp_2 end)) in void); + (return := !tmp_2); (raise Return) end); absurd end with Return -> + !return end)) + { (JC_29: + (single_value(result) = real_min(single_value(x_2), single_value(y_2)))) } + +let fmin_safety = + fun (x_2 : single) (y_2 : single) -> + { (JC_28: true) } + (init: + (let return = ref (any_single void) in + try + begin + (let tmp_2 = ref (any_single void) in + begin + (let jessie_ = + (if ((le_single_ x_2) y_2) + then (C_11: begin (tmp_2 := x_2); !tmp_2 end) + else (C_10: begin (tmp_2 := y_2); !tmp_2 end)) in void); + (return := !tmp_2); (raise Return) end); absurd end with Return -> + !return end)) { true } + +let max_ensures_default = + fun (x_3 : int32) (y_3 : int32) -> + { (JC_4: true) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let tmp = ref (any_int32 void) in + begin + (let jessie_ = + (if ((le_int_ (integer_of_int32 x_3)) (integer_of_int32 y_3)) + then (C_2: begin (tmp := y_3); !tmp end) + else (C_1: begin (tmp := x_3); !tmp end)) in void); + (return := !tmp); (raise Return) end); absurd end with Return -> + !return end)) + { (JC_5: + (integer_of_int32(result) = int_max(integer_of_int32(x_3), + integer_of_int32(y_3)))) } + +let max_safety = + fun (x_3 : int32) (y_3 : int32) -> + { (JC_4: true) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let tmp = ref (any_int32 void) in + begin + (let jessie_ = + (if ((le_int_ (integer_of_int32 x_3)) (integer_of_int32 y_3)) + then (C_2: begin (tmp := y_3); !tmp end) + else (C_1: begin (tmp := x_3); !tmp end)) in void); + (return := !tmp); (raise Return) end); absurd end with Return -> + !return end)) { true } + +let min_ensures_default = + fun (x_4 : int32) (y_4 : int32) -> + { (JC_12: true) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let tmp_0 = ref (any_int32 void) in + begin + (let jessie_ = + (if ((le_int_ (integer_of_int32 x_4)) (integer_of_int32 y_4)) + then (C_5: begin (tmp_0 := x_4); !tmp_0 end) + else (C_4: begin (tmp_0 := y_4); !tmp_0 end)) in void); + (return := !tmp_0); (raise Return) end); absurd end with Return -> + !return end)) + { (JC_13: + (integer_of_int32(result) = int_min(integer_of_int32(x_4), + integer_of_int32(y_4)))) } + +let min_safety = + fun (x_4 : int32) (y_4 : int32) -> + { (JC_12: true) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let tmp_0 = ref (any_int32 void) in + begin + (let jessie_ = + (if ((le_int_ (integer_of_int32 x_4)) (integer_of_int32 y_4)) + then (C_5: begin (tmp_0 := x_4); !tmp_0 end) + else (C_4: begin (tmp_0 := y_4); !tmp_0 end)) in void); + (return := !tmp_0); (raise Return) end); absurd end with Return -> + !return end)) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/minmax.why +========== file tests/c/minmax.jessie/why/minmax_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type mode + +logic nearest_even : mode + +logic to_zero : mode + +logic up : mode + +logic down : mode + +logic nearest_away : mode + +logic mode_match : mode, 'a1, 'a1, 'a1, 'a1, 'a1 -> 'a1 + +axiom mode_match_nearest_even: + (forall aux_2:'a1. + (forall aux_3:'a1. + (forall aux_4:'a1. + (forall aux_5:'a1. + (forall aux_6:'a1 [mode_match(nearest_even, aux_2, aux_3, aux_4, + aux_5, aux_6)]. (mode_match(nearest_even, aux_2, aux_3, aux_4, + aux_5, aux_6) = aux_2)))))) + +axiom mode_match_to_zero: + (forall aux_2:'a1. + (forall aux_3:'a1. + (forall aux_4:'a1. + (forall aux_5:'a1. + (forall aux_6:'a1 [mode_match(to_zero, aux_2, aux_3, aux_4, aux_5, + aux_6)]. (mode_match(to_zero, aux_2, aux_3, aux_4, aux_5, + aux_6) = aux_3)))))) + +axiom mode_match_up: + (forall aux_2:'a1. + (forall aux_3:'a1. + (forall aux_4:'a1. + (forall aux_5:'a1. + (forall aux_6:'a1 [mode_match(up, aux_2, aux_3, aux_4, aux_5, + aux_6)]. (mode_match(up, aux_2, aux_3, aux_4, aux_5, + aux_6) = aux_4)))))) + +axiom mode_match_down: + (forall aux_2:'a1. + (forall aux_3:'a1. + (forall aux_4:'a1. + (forall aux_5:'a1. + (forall aux_6:'a1 [mode_match(down, aux_2, aux_3, aux_4, aux_5, + aux_6)]. (mode_match(down, aux_2, aux_3, aux_4, aux_5, + aux_6) = aux_5)))))) + +axiom mode_match_nearest_away: + (forall aux_2:'a1. + (forall aux_3:'a1. + (forall aux_4:'a1. + (forall aux_5:'a1. + (forall aux_6:'a1 [mode_match(nearest_away, aux_2, aux_3, aux_4, + aux_5, aux_6)]. (mode_match(nearest_away, aux_2, aux_3, aux_4, + aux_5, aux_6) = aux_6)))))) + +axiom mode_inversion: + (forall aux_1:mode. + (((((aux_1 = nearest_even) or (aux_1 = to_zero)) or (aux_1 = up)) or + (aux_1 = down)) or + (aux_1 = nearest_away))) + +logic mode_to_int : mode -> int + +axiom mode_to_int_nearest_even: (mode_to_int(nearest_even) = 0) + +axiom mode_to_int_to_zero: (mode_to_int(to_zero) = 1) + +axiom mode_to_int_up: (mode_to_int(up) = 2) + +axiom mode_to_int_down: (mode_to_int(down) = 3) + +axiom mode_to_int_nearest_away: (mode_to_int(nearest_away) = 4) + +type double + +logic round_double : mode, real -> real + +logic round_double_logic : mode, real -> double + +logic double_value : double -> real + +logic double_exact : double -> real + +logic double_model : double -> real + +function double_round_error(x: double) : real = + abs_real((double_value(x) - double_exact(x))) + +function double_total_error(x: double) : real = + abs_real((double_value(x) - double_model(x))) + +function max_double() : real = 0x1.FFFFFFFFFFFFFp1023 + +predicate no_overflow_double(m: mode, x: real) = (abs_real(round_double(m, + x)) <= max_double) + +axiom bounded_real_no_overflow_double: + (forall m:mode. + (forall x:real. + ((abs_real(x) <= max_double) -> no_overflow_double(m, x)))) + +axiom round_double_monotonic: + (forall x:real. + (forall y:real. + (forall m:mode. + ((x <= y) -> (round_double(m, x) <= round_double(m, y)))))) + +axiom exact_round_double_for_integers: + (forall i:int. + (forall m:mode. + ((((-9007199254740992) <= i) and (i <= 9007199254740992)) -> + (round_double(m, real_of_int(i)) = real_of_int(i))))) + +axiom exact_round_double_for_doubles: + (forall x:double. + (forall m:mode. (round_double(m, double_value(x)) = double_value(x)))) + +axiom round_double_idempotent: + (forall m1:mode. + (forall m2:mode. + (forall x:real. (round_double(m1, round_double(m2, + x)) = round_double(m2, x))))) + +axiom round_down_double_neg: + (forall x:real. (round_double(down, (-x)) = (-round_double(up, x)))) + +axiom round_up_double_neg: + (forall x:real. (round_double(up, (-x)) = (-round_double(down, x)))) + +axiom round_double_down_le: (forall x:real. (round_double(down, x) <= x)) + +axiom round_up_double_ge: (forall x:real. (round_double(up, x) >= x)) + +type single + +logic round_single : mode, real -> real + +logic round_single_logic : mode, real -> single + +logic single_value : single -> real + +logic single_exact : single -> real + +logic single_model : single -> real + +function single_round_error(x: single) : real = + abs_real((single_value(x) - single_exact(x))) + +function single_total_error(x: single) : real = + abs_real((single_value(x) - single_model(x))) + +function max_single() : real = 0x1.FFFFFEp127 + +predicate no_overflow_single(m: mode, x: real) = (abs_real(round_single(m, + x)) <= max_single) + +axiom bounded_real_no_overflow_single: + (forall m:mode. + (forall x:real. + ((abs_real(x) <= max_single) -> no_overflow_single(m, x)))) + +axiom round_single_monotonic: + (forall x:real. + (forall y:real. + (forall m:mode. + ((x <= y) -> (round_single(m, x) <= round_single(m, y)))))) + +axiom exact_round_single_for_integers: + (forall i:int. + (forall m:mode. + ((((-16777216) <= i) and (i <= 16777216)) -> (round_single(m, + real_of_int(i)) = real_of_int(i))))) + +axiom exact_round_single_for_singles: + (forall x:single. + (forall m:mode. (round_single(m, single_value(x)) = single_value(x)))) + +axiom round_single_idempotent: + (forall m1:mode. + (forall m2:mode. + (forall x:real. (round_single(m1, round_single(m2, + x)) = round_single(m2, x))))) + +axiom round_down_single_neg: + (forall x:real. (round_single(down, (-x)) = (-round_single(up, x)))) + +axiom round_up_single_neg: + (forall x:real. (round_single(up, (-x)) = (-round_single(down, x)))) + +axiom round_single_down_le: (forall x:real. (round_single(down, x) <= x)) + +axiom round_up_single_ge: (forall x:real. (round_single(up, x) >= x)) + +axiom single_value_is_bounded: + (forall x:single. (abs_real(single_value(x)) <= max_single)) + +axiom double_value_is_bounded: + (forall x:double. (abs_real(double_value(x)) <= max_double)) + +predicate single_of_real_post(m: mode, x: real, res: single) = + ((single_value(res) = round_single(m, x)) and + ((single_exact(res) = x) and (single_model(res) = x))) + +predicate single_of_double_post(m: mode, x: double, res: single) = + ((single_value(res) = round_single(m, double_value(x))) and + ((single_exact(res) = double_exact(x)) and + (single_model(res) = double_model(x)))) + +predicate add_single_post(m: mode, x: single, y: single, res: single) = + ((single_value(res) = round_single(m, + (single_value(x) + single_value(y)))) and + ((single_exact(res) = (single_exact(x) + single_exact(y))) and + (single_model(res) = (single_model(x) + single_model(y))))) + +predicate sub_single_post(m: mode, x: single, y: single, res: single) = + ((single_value(res) = round_single(m, + (single_value(x) - single_value(y)))) and + ((single_exact(res) = (single_exact(x) - single_exact(y))) and + (single_model(res) = (single_model(x) - single_model(y))))) + +predicate mul_single_post(m: mode, x: single, y: single, res: single) = + ((single_value(res) = round_single(m, + (single_value(x) * single_value(y)))) and + ((single_exact(res) = (single_exact(x) * single_exact(y))) and + (single_model(res) = (single_model(x) * single_model(y))))) + +predicate div_single_post(m: mode, x: single, y: single, res: single) = + ((single_value(res) = round_single(m, div_real(single_value(x), + single_value(y)))) and + ((single_exact(res) = div_real(single_exact(x), single_exact(y))) and + (single_model(res) = div_real(single_model(x), single_model(y))))) + +predicate sqrt_single_post(m: mode, x: single, res: single) = + ((single_value(res) = round_single(m, sqrt_real(single_value(x)))) and + ((single_exact(res) = sqrt_real(single_exact(x))) and + (single_model(res) = sqrt_real(single_model(x))))) + +predicate neg_single_post(x: single, res: single) = + ((single_value(res) = (-single_value(x))) and + ((single_exact(res) = (-single_exact(x))) and + (single_model(res) = (-single_model(x))))) + +predicate abs_single_post(x: single, res: single) = + ((single_value(res) = abs_real(single_value(x))) and + ((single_exact(res) = abs_real(single_exact(x))) and + (single_model(res) = abs_real(single_model(x))))) + +predicate double_of_real_post(m: mode, x: real, res: double) = + ((double_value(res) = round_double(m, x)) and + ((double_exact(res) = x) and (double_model(res) = x))) + +predicate double_of_single_post(x: single, res: double) = + ((double_value(res) = single_value(x)) and + ((double_exact(res) = single_exact(x)) and + (double_model(res) = single_model(x)))) + +predicate add_double_post(m: mode, x: double, y: double, res: double) = + ((double_value(res) = round_double(m, + (double_value(x) + double_value(y)))) and + ((double_exact(res) = (double_exact(x) + double_exact(y))) and + (double_model(res) = (double_model(x) + double_model(y))))) + +predicate sub_double_post(m: mode, x: double, y: double, res: double) = + ((double_value(res) = round_double(m, + (double_value(x) - double_value(y)))) and + ((double_exact(res) = (double_exact(x) - double_exact(y))) and + (double_model(res) = (double_model(x) - double_model(y))))) + +predicate mul_double_post(m: mode, x: double, y: double, res: double) = + ((double_value(res) = round_double(m, + (double_value(x) * double_value(y)))) and + ((double_exact(res) = (double_exact(x) * double_exact(y))) and + (double_model(res) = (double_model(x) * double_model(y))))) + +predicate div_double_post(m: mode, x: double, y: double, res: double) = + ((double_value(res) = round_double(m, div_real(double_value(x), + double_value(y)))) and + ((double_exact(res) = div_real(double_exact(x), double_exact(y))) and + (double_model(res) = div_real(double_model(x), double_model(y))))) + +predicate sqrt_double_post(m: mode, x: double, res: double) = + ((double_value(res) = round_double(m, sqrt_real(double_value(x)))) and + ((double_exact(res) = sqrt_real(double_exact(x))) and + (double_model(res) = sqrt_real(double_model(x))))) + +predicate neg_double_post(x: double, res: double) = + ((double_value(res) = (-double_value(x))) and + ((double_exact(res) = (-double_exact(x))) and + (double_model(res) = (-double_model(x))))) + +predicate abs_double_post(x: double, res: double) = + ((double_value(res) = abs_real(double_value(x))) and + ((double_exact(res) = abs_real(double_exact(x))) and + (double_model(res) = abs_real(double_model(x))))) + +type charP + +type int32 + +type int8 + +type padding + +type voidP + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_int8 : int8 -> int + +predicate eq_int8(x: int8, y: int8) = + (integer_of_int8(x) = integer_of_int8(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic int8_of_integer : int -> int8 + +axiom int8_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_int8(int8_of_integer(x)) = x))) + +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + +axiom int8_range: + (forall x:int8. + (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal dmax_ensures_default_po_1: + forall x_0:double. + forall y:double. + ("JC_36": true) -> + (double_value(x_0) <= double_value(y)) -> + forall tmp_3:double. + (tmp_3 = y) -> + forall return:double. + (return = tmp_3) -> + ("JC_37": (double_value(return) = real_max(double_value(x_0), + double_value(y)))) + +goal dmax_ensures_default_po_2: + forall x_0:double. + forall y:double. + ("JC_36": true) -> + (double_value(x_0) > double_value(y)) -> + forall tmp_3:double. + (tmp_3 = x_0) -> + forall return:double. + (return = tmp_3) -> + ("JC_37": (double_value(return) = real_max(double_value(x_0), + double_value(y)))) + +goal dmin_ensures_default_po_1: + forall x_0_0:double. + forall y_0:double. + ("JC_44": true) -> + (double_value(x_0_0) <= double_value(y_0)) -> + forall tmp_4:double. + (tmp_4 = x_0_0) -> + forall return:double. + (return = tmp_4) -> + ("JC_45": (double_value(return) = real_min(double_value(x_0_0), + double_value(y_0)))) + +goal dmin_ensures_default_po_2: + forall x_0_0:double. + forall y_0:double. + ("JC_44": true) -> + (double_value(x_0_0) > double_value(y_0)) -> + forall tmp_4:double. + (tmp_4 = y_0) -> + forall return:double. + (return = tmp_4) -> + ("JC_45": (double_value(return) = real_min(double_value(x_0_0), + double_value(y_0)))) + +goal fmax_ensures_default_po_1: + forall x_1:single. + forall y_1:single. + ("JC_20": true) -> + (single_value(x_1) <= single_value(y_1)) -> + forall tmp_1:single. + (tmp_1 = y_1) -> + forall return:single. + (return = tmp_1) -> + ("JC_21": (single_value(return) = real_max(single_value(x_1), + single_value(y_1)))) + +goal fmax_ensures_default_po_2: + forall x_1:single. + forall y_1:single. + ("JC_20": true) -> + (single_value(x_1) > single_value(y_1)) -> + forall tmp_1:single. + (tmp_1 = x_1) -> + forall return:single. + (return = tmp_1) -> + ("JC_21": (single_value(return) = real_max(single_value(x_1), + single_value(y_1)))) + +goal fmin_ensures_default_po_1: + forall x_2:single. + forall y_2:single. + ("JC_28": true) -> + (single_value(x_2) <= single_value(y_2)) -> + forall tmp_2:single. + (tmp_2 = x_2) -> + forall return:single. + (return = tmp_2) -> + ("JC_29": (single_value(return) = real_min(single_value(x_2), + single_value(y_2)))) + +goal fmin_ensures_default_po_2: + forall x_2:single. + forall y_2:single. + ("JC_28": true) -> + (single_value(x_2) > single_value(y_2)) -> + forall tmp_2:single. + (tmp_2 = y_2) -> + forall return:single. + (return = tmp_2) -> + ("JC_29": (single_value(return) = real_min(single_value(x_2), + single_value(y_2)))) + +goal max_ensures_default_po_1: + forall x_3:int32. + forall y_3:int32. + ("JC_4": true) -> + (integer_of_int32(x_3) <= integer_of_int32(y_3)) -> + forall tmp:int32. + (tmp = y_3) -> + forall return:int32. + (return = tmp) -> + ("JC_5": (integer_of_int32(return) = int_max(integer_of_int32(x_3), + integer_of_int32(y_3)))) + +goal max_ensures_default_po_2: + forall x_3:int32. + forall y_3:int32. + ("JC_4": true) -> + (integer_of_int32(x_3) > integer_of_int32(y_3)) -> + forall tmp:int32. + (tmp = x_3) -> + forall return:int32. + (return = tmp) -> + ("JC_5": (integer_of_int32(return) = int_max(integer_of_int32(x_3), + integer_of_int32(y_3)))) + +goal min_ensures_default_po_1: + forall x_4:int32. + forall y_4:int32. + ("JC_12": true) -> + (integer_of_int32(x_4) <= integer_of_int32(y_4)) -> + forall tmp_0:int32. + (tmp_0 = x_4) -> + forall return:int32. + (return = tmp_0) -> + ("JC_13": (integer_of_int32(return) = int_min(integer_of_int32(x_4), + integer_of_int32(y_4)))) + +goal min_ensures_default_po_2: + forall x_4:int32. + forall y_4:int32. + ("JC_12": true) -> + (integer_of_int32(x_4) > integer_of_int32(y_4)) -> + forall tmp_0:int32. + (tmp_0 = y_4) -> + forall return:int32. + (return = tmp_0) -> + ("JC_13": (integer_of_int32(return) = int_min(integer_of_int32(x_4), + integer_of_int32(y_4)))) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/minmax_why.why : ............ (12/0/0/0/0) +total : 12 +valid : 12 (100%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 0 ( 0%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/muller.res.oracle why-2.30+dfsg/tests/c/oracle/muller.res.oracle --- why-2.29+dfsg/tests/c/oracle/muller.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/muller.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,6416 @@ +========== file tests/c/muller.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +/*@ axiomatic NumOfPos { + @ logic integer num_of_pos{L}(integer i,integer j,int *t); + @ axiom num_of_pos_empty{L} : + @ \forall integer i, j, int *t; + @ i >= j ==> num_of_pos(i,j,t) == 0; + @ axiom num_of_pos_true_case{L} : + @ \forall integer i, j, k, int *t; + @ i < j && t[j-1] > 0 ==> + @ num_of_pos(i,j,t) == num_of_pos(i,j-1,t) + 1; + @ axiom num_of_pos_false_case{L} : + @ \forall integer i, j, k, int *t; + @ i < j && ! (t[j-1] > 0) ==> + @ num_of_pos(i,j,t) == num_of_pos(i,j-1,t); + @ } + @*/ + + +/*@ lemma num_of_pos_non_negative{L} : + @ \forall integer i, j, int *t; 0 <= num_of_pos(i,j,t); + @*/ + +/*@ lemma num_of_pos_additive{L} : + @ \forall integer i, j, k, int *t; i <= j <= k ==> + @ num_of_pos(i,k,t) == num_of_pos(i,j,t) + num_of_pos(j,k,t); + @*/ + +/*@ lemma num_of_pos_increasing{L} : + @ \forall integer i, j, k, int *t; + @ j <= k ==> num_of_pos(i,j,t) <= num_of_pos(i,k,t); + @*/ + +/*@ lemma num_of_pos_strictly_increasing{L} : + @ \forall integer i, n, int *t; + @ 0 <= i < n && t[i] > 0 ==> + @ num_of_pos(0,i,t) < num_of_pos(0,n,t); + @*/ + +/*@ requires l >= 0 && \valid_range(t,0,l-1); + @*/ +int* m(int *t, int l) { + int i, count = 0; + int *u; + + /*@ loop invariant + @ 0 <= i <= l && + @ 0 <= count <= i && + @ count == num_of_pos(0,i,t) ; + @ loop variant l - i; + @*/ + for (i=0 ; i < l; i++) if (t[i] > 0) count++; + + u = (int*)calloc(count,sizeof(int)); + count = 0; + + /*@ loop invariant + @ 0 <= i <= l && + @ 0 <= count <= i && + @ count == num_of_pos(0,i,t); + @ loop variant l - i; + @*/ + for (int i=0 ; i < l; i++) { + if (t[i] > 0) u[count++] = t[i]; + } + return u; +} + + +/* +Local Variables: +compile-command: "make muller.why3ml" +End: +*/ +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/muller.c" +[jessie] Starting Jessie translation +[kernel] warning: No code for function calloc, default assigns generated for default behavior +[jessie] Producing Jessie files in subdir tests/c/muller.jessie +[jessie] File tests/c/muller.jessie/muller.jc written. +[jessie] File tests/c/muller.jessie/muller.cloc written. +========== file tests/c/muller.jessie/muller.jc ========== +# IntModel = bounded +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +type int32 = -2147483648..2147483647 + +type int8 = -128..127 + +tag intP = { + int32 intM: 32; +} + +type intP = [intP] + +tag charP = { + int8 charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +axiomatic NumOfPos { + + logic integer num_of_pos{L}(integer i, integer j, intP[..] t) + + axiom num_of_pos_empty{L} : + (\forall integer i_0; + (\forall integer j_0; + (\forall intP[..] t_0; + ((i_0 >= j_0) ==> (num_of_pos{L}(i_0, j_0, t_0) == 0))))) + + axiom num_of_pos_true_case{L} : + (\forall integer i_1; + (\forall integer j_1; + (\forall integer k; + (\forall intP[..] t_1; + (((i_1 < j_1) && ((t_1 + (j_1 - 1)).intM > 0)) ==> + (num_of_pos{L}(i_1, j_1, t_1) == + (num_of_pos{L}(i_1, (j_1 - 1), t_1) + 1))))))) + + axiom num_of_pos_false_case{L} : + (\forall integer i_2; + (\forall integer j_2; + (\forall integer k_0; + (\forall intP[..] t_2; + (((i_2 < j_2) && (! ((t_2 + (j_2 - 1)).intM > 0))) ==> + (num_of_pos{L}(i_2, j_2, t_2) == + num_of_pos{L}(i_2, (j_2 - 1), t_2))))))) + +} + +lemma num_of_pos_non_negative{L} : +(\forall integer i_3; + (\forall integer j_3; + (\forall intP[..] t_3; + (0 <= num_of_pos{L}(i_3, j_3, t_3))))) + +lemma num_of_pos_additive{L} : +(\forall integer i_4; + (\forall integer j_4; + (\forall integer k_1; + (\forall intP[..] t_4; + (((i_4 <= j_4) && (j_4 <= k_1)) ==> + (num_of_pos{L}(i_4, k_1, t_4) == + (num_of_pos{L}(i_4, j_4, t_4) + num_of_pos{L}(j_4, k_1, t_4)))))))) + +lemma num_of_pos_increasing{L} : +(\forall integer i_5; + (\forall integer j_5; + (\forall integer k_2; + (\forall intP[..] t_5; + ((j_5 <= k_2) ==> + (num_of_pos{L}(i_5, j_5, t_5) <= num_of_pos{L}(i_5, k_2, t_5))))))) + +lemma num_of_pos_strictly_increasing{L} : +(\forall integer i_6; + (\forall integer n; + (\forall intP[..] t_6; + ((((0 <= i_6) && (i_6 < n)) && ((t_6 + i_6).intM > 0)) ==> + (num_of_pos{L}(0, i_6, t_6) < num_of_pos{L}(0, n, t_6)))))) + +int32 calloc() +behavior default: + assigns \nothing; + ensures (C_1 : true); +; + +intP[..] m(intP[..] t, int32 l) + requires (C_51 : ((C_52 : (l >= 0)) && + ((C_54 : (\offset_min(t) <= 0)) && + (C_55 : (\offset_max(t) >= (l - 1)))))); +behavior default: + ensures (C_50 : true); +{ + (var int32 i); + + (var int32 count); + + (var intP[..] u); + + (var int32 i_0); + + (var int32 tmp_0); + + { (C_2 : (count = 0)); + (C_3 : (i = 0)); + + loop + behavior default: + invariant (C_5 : ((((C_8 : (0 <= i)) && (C_9 : (i <= l))) && + ((C_11 : (0 <= count)) && (C_12 : (count <= i)))) && + (C_13 : (count == num_of_pos{Here}(0, i, t))))); + variant (C_4 : (l - i)); + while (true) + { + { (if (i < l) then () else + (goto while_0_break)); + (if ((C_18 : (C_17 : (t + i)).intM) > 0) then (C_16 : (count = + (C_15 : ((C_14 : + (count + + 1)) :> int32)))) else ()); + (C_21 : (i = (C_20 : ((C_19 : (i + 1)) :> int32)))) + } + }; + (while_0_break : ()); + (C_23 : (u = (C_22 : (new intP[count])))); + (C_24 : (count = 0)); + + { (C_25 : (i_0 = 0)); + + loop + behavior default: + invariant (C_27 : ((((C_30 : (0 <= i_0)) && (C_31 : (i_0 <= l))) && + ((C_33 : (0 <= count)) && + (C_34 : (count <= i_0)))) && + (C_35 : (count == num_of_pos{Here}(0, i_0, t))))); + variant (C_26 : (l - i_0)); + while (true) + { + { (if (i_0 < l) then () else + (goto while_1_break)); + + { (if ((C_46 : (C_45 : (t + i_0)).intM) > 0) then + { (C_36 : (tmp_0 = count)); + (C_39 : (count = (C_38 : ((C_37 : (count + 1)) :> int32)))); + (C_44 : ((C_43 : (C_42 : (u + tmp_0)).intM) = (C_41 : + (C_40 : + (t + + i_0)).intM))) + } else ()) + }; + (C_49 : (i_0 = (C_48 : ((C_47 : (i_0 + 1)) :> int32)))) + } + }; + (while_1_break : ()) + }; + + (return u) + } +} +========== file tests/c/muller.jessie/muller.cloc ========== +[C_50] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[C_51] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 13 +end = 44 + +[C_52] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 13 +end = 19 + +[m] +name = "Function m" +file = "HOME/tests/c/muller.c" +line = 71 +begin = 3 +end = 4 + +[C_53] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 23 +end = 44 + +[C_54] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 23 +end = 44 + +[C_55] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 23 +end = 44 + +[num_of_pos_non_negative] +name = "Lemma num_of_pos_non_negative" +file = "HOME/tests/c/muller.c" +line = 49 +begin = 4 +end = 98 + +[C_10] +file = "HOME/tests/c/muller.c" +line = 77 +begin = 9 +end = 24 + +[C_11] +file = "HOME/tests/c/muller.c" +line = 77 +begin = 9 +end = 19 + +[C_12] +file = "HOME/tests/c/muller.c" +line = 77 +begin = 14 +end = 24 + +[C_13] +file = "HOME/tests/c/muller.c" +line = 78 +begin = 9 +end = 35 + +[C_14] +file = "HOME/tests/c/muller.c" +line = 81 +begin = 39 +end = 46 + +[C_15] +file = "HOME/tests/c/muller.c" +line = 81 +begin = 39 +end = 46 + +[C_16] +file = "HOME/tests/c/muller.c" +line = 81 +begin = 39 +end = 46 + +[C_17] +file = "HOME/tests/c/muller.c" +line = 81 +begin = 29 +end = 30 + +[C_18] +file = "HOME/tests/c/muller.c" +line = 81 +begin = 29 +end = 33 + +[C_19] +file = "HOME/tests/c/muller.c" +line = 81 +begin = 20 +end = 23 + +[C_1] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[C_2] +file = "HOME/tests/c/muller.c" +line = 72 +begin = 2 +end = 5 + +[C_3] +file = "HOME/tests/c/muller.c" +line = 81 +begin = 9 +end = 10 + +[C_4] +file = "HOME/tests/c/muller.c" +line = 79 +begin = 19 +end = 24 + +[C_20] +file = "HOME/tests/c/muller.c" +line = 81 +begin = 20 +end = 23 + +[C_5] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 9 +end = 87 + +[C_21] +file = "HOME/tests/c/muller.c" +line = 81 +begin = 20 +end = 23 + +[C_6] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 9 +end = 48 + +[C_22] +file = "HOME/tests/c/muller.c" +line = 83 +begin = 12 +end = 37 + +[C_7] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 9 +end = 20 + +[C_23] +file = "HOME/tests/c/muller.c" +line = 83 +begin = 12 +end = 37 + +[C_8] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 9 +end = 15 + +[C_24] +file = "HOME/tests/c/muller.c" +line = 84 +begin = 10 +end = 11 + +[C_9] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 14 +end = 20 + +[C_25] +file = "HOME/tests/c/muller.c" +line = 92 +begin = 7 +end = 10 + +[C_26] +file = "HOME/tests/c/muller.c" +line = 90 +begin = 19 +end = 24 + +[C_27] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 9 +end = 87 + +[C_28] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 9 +end = 48 + +[C_29] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 9 +end = 20 + +[num_of_pos_empty] +name = "Lemma num_of_pos_empty" +file = "HOME/tests/c/muller.c" +line = 34 +begin = 5 +end = 110 + +[C_30] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 9 +end = 15 + +[C_31] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 14 +end = 20 + +[C_32] +file = "HOME/tests/c/muller.c" +line = 88 +begin = 9 +end = 24 + +[num_of_pos_true_case] +name = "Lemma num_of_pos_true_case" +file = "HOME/tests/c/muller.c" +line = 37 +begin = 5 +end = 167 + +[C_33] +file = "HOME/tests/c/muller.c" +line = 88 +begin = 9 +end = 19 + +[C_34] +file = "HOME/tests/c/muller.c" +line = 88 +begin = 14 +end = 24 + +[C_35] +file = "HOME/tests/c/muller.c" +line = 89 +begin = 9 +end = 35 + +[C_36] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 20 +end = 27 + +[num_of_pos_additive] +name = "Lemma num_of_pos_additive" +file = "HOME/tests/c/muller.c" +line = 53 +begin = 4 +end = 159 + +[C_37] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 20 +end = 27 + +[C_38] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 20 +end = 27 + +[C_39] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 20 +end = 27 + +[num_of_pos_strictly_increasing] +name = "Lemma num_of_pos_strictly_increasing" +file = "HOME/tests/c/muller.c" +line = 63 +begin = 4 +end = 167 + +[C_40] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 31 +end = 32 + +[C_41] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 31 +end = 35 + +[C_42] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 18 +end = 19 + +[C_43] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 31 +end = 35 + +[num_of_pos_increasing] +name = "Lemma num_of_pos_increasing" +file = "HOME/tests/c/muller.c" +line = 58 +begin = 4 +end = 136 + +[C_44] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 31 +end = 35 + +[C_45] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 8 +end = 9 + +[C_46] +file = "HOME/tests/c/muller.c" +line = 93 +begin = 8 +end = 12 + +[C_47] +file = "HOME/tests/c/muller.c" +line = 92 +begin = 24 +end = 27 + +[C_48] +file = "HOME/tests/c/muller.c" +line = 92 +begin = 24 +end = 27 + +[C_49] +file = "HOME/tests/c/muller.c" +line = 92 +begin = 24 +end = 27 + +[num_of_pos_false_case] +name = "Lemma num_of_pos_false_case" +file = "HOME/tests/c/muller.c" +line = 41 +begin = 5 +end = 168 + +========== jessie execution ========== +Generating Why function m +========== file tests/c/muller.jessie/muller.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs muller.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs muller.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/muller_why.sx + +project: why/muller.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/muller_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/muller_why.vo + +coq/muller_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/muller_why.v: why/muller.why + @echo 'why -coq [...] why/muller.why' && $(WHY) $(JESSIELIBFILES) why/muller.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/muller_ctx_why.vo + for f in why/*_po*.why; do make -f muller.makefile coq/`basename $$f .why`_why.v ; done + +coq/muller_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/muller_ctx_why.v: why/muller_ctx.why + @echo 'why -coq [...] why/muller_ctx.why' && $(WHY) why/muller_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export muller_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/muller_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/muller_ctx_why.vo + +pvs: pvs/muller_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/muller_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/muller_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/muller_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/muller_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/muller_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/muller_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/muller_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/muller_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/muller_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/muller_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/muller_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/muller_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/muller_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/muller_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: muller.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/muller_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/muller_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: muller.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include muller.depend + +depend: coq/muller_why.v + -$(COQDEP) -I coq coq/muller*_why.v > muller.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/muller.jessie/muller.loc ========== +[m_safety] +name = "Function m" +behavior = "Safety" +file = "HOME/tests/c/muller.c" +line = 71 +begin = 3 +end = 4 + +[JC_40] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 14 +end = 20 + +[JC_41] +file = "HOME/tests/c/muller.c" +line = 88 +begin = 9 +end = 19 + +[JC_42] +file = "HOME/tests/c/muller.c" +line = 88 +begin = 14 +end = 24 + +[JC_43] +file = "HOME/tests/c/muller.c" +line = 89 +begin = 9 +end = 35 + +[JC_44] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 9 +end = 87 + +[JC_45] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_46] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 143 +begin = 9 +end = 1137 + +[JC_1] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 94 +begin = 6 +end = 12 + +[JC_47] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 143 +begin = 9 +end = 1137 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_48] +kind = PointerDeref +file = "HOME/tests/c/muller.c" +line = 93 +begin = 8 +end = 12 + +[JC_3] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 94 +begin = 6 +end = 12 + +[JC_49] +kind = ArithOverflow +file = "HOME/tests/c/muller.c" +line = 93 +begin = 20 +end = 27 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_6] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 96 +begin = 10 +end = 18 + +[JC_7] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_8] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 96 +begin = 10 +end = 18 + +[JC_9] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[num_of_pos_non_negative] +name = "Lemma num_of_pos_non_negative" +behavior = "lemma" +file = "HOME/tests/c/muller.c" +line = 49 +begin = 4 +end = 98 + +[JC_50] +kind = PointerDeref +file = "HOME/tests/c/muller.c" +line = 93 +begin = 31 +end = 35 + +[JC_51] +kind = PointerDeref +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 158 +begin = 30 +end = 303 + +[JC_52] +kind = ArithOverflow +file = "HOME/tests/c/muller.c" +line = 92 +begin = 24 +end = 27 + +[JC_53] +file = "HOME/tests/c/muller.c" +line = 90 +begin = 19 +end = 24 + +[JC_54] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 9 +end = 15 + +[JC_55] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 14 +end = 20 + +[JC_56] +file = "HOME/tests/c/muller.c" +line = 77 +begin = 9 +end = 19 + +[JC_57] +file = "HOME/tests/c/muller.c" +line = 77 +begin = 14 +end = 24 + +[JC_58] +file = "HOME/tests/c/muller.c" +line = 78 +begin = 9 +end = 35 + +[JC_59] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 9 +end = 87 + +[JC_60] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_61] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 120 +begin = 6 +end = 800 + +[JC_62] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 120 +begin = 6 +end = 800 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_63] +kind = AllocSize +file = "HOME/tests/c/muller.c" +line = 83 +begin = 12 +end = 37 + +[JC_11] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 13 +end = 19 + +[JC_64] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 9 +end = 15 + +[JC_12] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 23 +end = 44 + +[JC_65] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 14 +end = 20 + +[JC_13] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 23 +end = 44 + +[JC_66] +file = "HOME/tests/c/muller.c" +line = 88 +begin = 9 +end = 19 + +[JC_14] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 13 +end = 44 + +[JC_67] +file = "HOME/tests/c/muller.c" +line = 88 +begin = 14 +end = 24 + +[JC_15] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_68] +file = "HOME/tests/c/muller.c" +line = 89 +begin = 9 +end = 35 + +[JC_16] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 13 +end = 19 + +[JC_69] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 9 +end = 87 + +[JC_17] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 23 +end = 44 + +[JC_18] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 23 +end = 44 + +[JC_19] +file = "HOME/tests/c/muller.c" +line = 69 +begin = 13 +end = 44 + +[JC_70] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_71] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 143 +begin = 9 +end = 1137 + +[JC_72] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 143 +begin = 9 +end = 1137 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_21] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_22] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_23] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_24] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[num_of_pos_empty] +name = "Lemma num_of_pos_empty" +behavior = "axiom" +file = "HOME/tests/c/muller.c" +line = 34 +begin = 5 +end = 110 + +[JC_25] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 9 +end = 15 + +[JC_26] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 14 +end = 20 + +[JC_27] +file = "HOME/tests/c/muller.c" +line = 77 +begin = 9 +end = 19 + +[num_of_pos_true_case] +name = "Lemma num_of_pos_true_case" +behavior = "axiom" +file = "HOME/tests/c/muller.c" +line = 37 +begin = 5 +end = 167 + +[JC_28] +file = "HOME/tests/c/muller.c" +line = 77 +begin = 14 +end = 24 + +[JC_29] +file = "HOME/tests/c/muller.c" +line = 78 +begin = 9 +end = 35 + +[num_of_pos_additive] +name = "Lemma num_of_pos_additive" +behavior = "lemma" +file = "HOME/tests/c/muller.c" +line = 53 +begin = 4 +end = 159 + +[JC_30] +file = "HOME/tests/c/muller.c" +line = 76 +begin = 9 +end = 87 + +[m_ensures_default] +name = "Function m" +behavior = "default behavior" +file = "HOME/tests/c/muller.c" +line = 71 +begin = 3 +end = 4 + +[JC_31] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_32] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 120 +begin = 6 +end = 800 + +[num_of_pos_strictly_increasing] +name = "Lemma num_of_pos_strictly_increasing" +behavior = "lemma" +file = "HOME/tests/c/muller.c" +line = 63 +begin = 4 +end = 167 + +[JC_33] +file = "HOME/tests/c/muller.jessie/muller.jc" +line = 120 +begin = 6 +end = 800 + +[JC_34] +kind = PointerDeref +file = "HOME/tests/c/muller.c" +line = 81 +begin = 29 +end = 33 + +[JC_35] +kind = ArithOverflow +file = "HOME/tests/c/muller.c" +line = 81 +begin = 39 +end = 46 + +[JC_36] +kind = ArithOverflow +file = "HOME/tests/c/muller.c" +line = 81 +begin = 20 +end = 23 + +[JC_37] +file = "HOME/tests/c/muller.c" +line = 79 +begin = 19 +end = 24 + +[JC_38] +kind = AllocSize +file = "HOME/tests/c/muller.c" +line = 83 +begin = 12 +end = 37 + +[num_of_pos_increasing] +name = "Lemma num_of_pos_increasing" +behavior = "lemma" +file = "HOME/tests/c/muller.c" +line = 58 +begin = 4 +end = 136 + +[JC_39] +file = "HOME/tests/c/muller.c" +line = 87 +begin = 9 +end = 15 + +[num_of_pos_false_case] +name = "Lemma num_of_pos_false_case" +behavior = "axiom" +file = "HOME/tests/c/muller.c" +line = 41 +begin = 5 +end = 168 + +========== file tests/c/muller.jessie/why/muller.why ========== +type charP + +type int32 + +type int8 + +type intP + +type padding + +type voidP + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_int8: int8 -> int + +predicate eq_int8(x:int8, y:int8) = + eq_int(integer_of_int8(x), integer_of_int8(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic int8_of_integer: int -> int8 + +axiom int8_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_int8(int8_of_integer(x)), x))) + +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + +axiom int8_range : + (forall x:int8. + (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) + +logic intP_tag: -> intP tag_id + +axiom intP_int : (int_of_tag(intP_tag) = (1)) + +logic intP_of_pointer_address: unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr : + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom : parenttag(intP_tag, bottom_tag) + +axiom intP_tags : + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. + instanceof(intP_tag_table, x, intP_tag))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_intP(p:intP pointer, a:int, + intP_alloc_table:intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +logic num_of_pos: int, int, intP pointer, (intP, int32) memory -> int + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_intP(p:intP pointer, b:int, + intP_alloc_table:intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +axiom num_of_pos_empty : + (forall intP_intM_t_1_at_L:(intP, int32) memory. + (forall i_0:int. + (forall j_0:int. + (forall t_0_0:intP pointer. + (ge_int(i_0, j_0) -> + (num_of_pos(i_0, j_0, t_0_0, intP_intM_t_1_at_L) = (0))))))) + +axiom num_of_pos_true_case : + (forall intP_intM_t_1_at_L:(intP, int32) memory. + (forall i_1:int. + (forall j_1:int. + (forall k:int. + (forall t_1:intP pointer. + ((lt_int(i_1, j_1) + and gt_int(integer_of_int32(select(intP_intM_t_1_at_L, + shift(t_1, sub_int(j_1, (1))))), + (0))) -> + (num_of_pos(i_1, j_1, t_1, intP_intM_t_1_at_L) = add_int(num_of_pos(i_1, + sub_int(j_1, + (1)), t_1, + intP_intM_t_1_at_L), + (1))))))))) + +axiom num_of_pos_false_case : + (forall intP_intM_t_1_at_L:(intP, int32) memory. + (forall i_2:int. + (forall j_2:int. + (forall k_0:int. + (forall t_2:intP pointer. + ((lt_int(i_2, j_2) + and (not gt_int(integer_of_int32(select(intP_intM_t_1_at_L, + shift(t_2, sub_int(j_2, (1))))), + (0)))) -> + (num_of_pos(i_2, j_2, t_2, intP_intM_t_1_at_L) = num_of_pos(i_2, + sub_int(j_2, (1)), + t_2, + intP_intM_t_1_at_L)))))))) + +lemma num_of_pos_non_negative : + (forall intP_intM_t_3_8_at_L:(intP, int32) memory. + (forall i_3:int. + (forall j_3:int. + (forall t_3:intP pointer. + le_int((0), num_of_pos(i_3, j_3, t_3, intP_intM_t_3_8_at_L)))))) + +lemma num_of_pos_additive : + (forall intP_intM_t_4_9_at_L:(intP, int32) memory. + (forall i_4:int. + (forall j_4:int. + (forall k_1:int. + (forall t_4:intP pointer. + ((le_int(i_4, j_4) and le_int(j_4, k_1)) -> + (num_of_pos(i_4, k_1, t_4, intP_intM_t_4_9_at_L) = add_int(num_of_pos(i_4, + j_4, t_4, + intP_intM_t_4_9_at_L), + num_of_pos(j_4, + k_1, t_4, + intP_intM_t_4_9_at_L))))))))) + +lemma num_of_pos_increasing : + (forall intP_intM_t_5_10_at_L:(intP, int32) memory. + (forall i_5:int. + (forall j_5:int. + (forall k_2:int. + (forall t_5:intP pointer. + (le_int(j_5, k_2) -> + le_int(num_of_pos(i_5, j_5, t_5, intP_intM_t_5_10_at_L), + num_of_pos(i_5, k_2, t_5, intP_intM_t_5_10_at_L)))))))) + +lemma num_of_pos_strictly_increasing : + (forall intP_intM_t_6_11_at_L:(intP, int32) memory. + (forall i_6:int. + (forall n:int. + (forall t_6:intP pointer. + ((le_int((0), i_6) + and (lt_int(i_6, n) + and gt_int(integer_of_int32(select(intP_intM_t_6_11_at_L, + shift(t_6, i_6))), + (0)))) -> + lt_int(num_of_pos((0), i_6, t_6, intP_intM_t_6_11_at_L), + num_of_pos((0), n, t_6, intP_intM_t_6_11_at_L))))))) + +exception Goto_while_0_break_exc of unit + +exception Goto_while_1_break_exc of unit + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter intP_alloc_table : intP alloc_table ref + +parameter intP_tag_table : intP tag_table ref + +parameter alloc_struct_intP : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { } intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter alloc_struct_intP_requires : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { ge_int(n, (0))} intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_int8 : unit -> { } int8 { true } + +parameter calloc : tt:unit -> { } int32 { true } + +parameter calloc_requires : tt:unit -> { } int32 { true } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter int8_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} int8 + { eq_int(integer_of_int8(result), x) } + +parameter m : + t_0:intP pointer -> + l:int32 -> + intP_m_4_alloc_table:intP alloc_table ref -> + intP_m_4_tag_table:intP tag_table ref -> + intP_intM_m_4:(intP, int32) memory ref -> + intP_t_2_alloc_table:intP alloc_table -> + intP_intM_t_2:(intP, int32) memory -> + { } intP pointer reads intP_m_4_alloc_table + writes intP_intM_m_4,intP_m_4_alloc_table,intP_m_4_tag_table + { true } + +parameter m_requires : + t_0:intP pointer -> + l:int32 -> + intP_m_4_alloc_table:intP alloc_table ref -> + intP_m_4_tag_table:intP tag_table ref -> + intP_intM_m_4:(intP, int32) memory ref -> + intP_t_2_alloc_table:intP alloc_table -> + intP_intM_t_2:(intP, int32) memory -> + { (JC_14: + ((JC_11: ge_int(integer_of_int32(l), (0))) + and ((JC_12: le_int(offset_min(intP_t_2_alloc_table, t_0), (0))) + and (JC_13: + ge_int(offset_max(intP_t_2_alloc_table, t_0), + sub_int(integer_of_int32(l), (1)))))))} + intP pointer reads intP_m_4_alloc_table + writes intP_intM_m_4,intP_m_4_alloc_table,intP_m_4_tag_table + { true } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_int8_of_integer_ : + x:int -> { } int8 { eq_int(integer_of_int8(result), x) } + +let m_ensures_default = + fun (t_0 : intP pointer) (l : int32) (intP_m_4_alloc_table : intP alloc_table ref) (intP_m_4_tag_table : intP tag_table ref) (intP_intM_m_4 : (intP, int32) memory ref) (intP_t_2_alloc_table : intP alloc_table) (intP_intM_t_2 : (intP, int32) memory) -> + { (JC_19: + ((JC_16: ge_int(integer_of_int32(l), (0))) + and ((JC_17: le_int(offset_min(intP_t_2_alloc_table, t_0), (0))) + and (JC_18: + ge_int(offset_max(intP_t_2_alloc_table, t_0), + sub_int(integer_of_int32(l), (1))))))) } + (init: + (let return = ref (any_pointer void) in + try + begin + (let i_7 = ref (any_int32 void) in + (let count = ref (any_int32 void) in + (let u = ref (any_pointer void) in + (let i_0_0 = ref (any_int32 void) in + (let tmp_0 = ref (any_int32 void) in + try + (C_2: + (C_3: + begin + (let jessie_ = (count := (safe_int32_of_integer_ (0))) in void); + (let jessie_ = (i_7 := (safe_int32_of_integer_ (0))) in void); + (loop_3: + while true do + { invariant + (JC_59: + ((JC_54: le_int((0), integer_of_int32(i_7))) + and ((JC_55: le_int(integer_of_int32(i_7), integer_of_int32(l))) + and ((JC_56: le_int((0), integer_of_int32(count))) + and ((JC_57: + le_int(integer_of_int32(count), + integer_of_int32(i_7))) + and (JC_58: + (integer_of_int32(count) = num_of_pos((0), + integer_of_int32(i_7), + t_0, intP_intM_t_2)))))))) + } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_21: + begin + (if ((lt_int_ (integer_of_int32 !i_7)) (integer_of_int32 l)) + then void else (raise (Goto_while_0_break_exc void))); + (if ((gt_int_ (integer_of_int32 (C_18: + ((safe_acc_ intP_intM_t_2) + (C_17: + ((shift t_0) (integer_of_int32 !i_7))))))) (0)) + then + (let jessie_ = + (C_16: + (count := (C_15: + (safe_int32_of_integer_ (C_14: + ((add_int (integer_of_int32 !count)) (1))))))) in + void) else void); + (i_7 := (C_20: + (safe_int32_of_integer_ (C_19: + ((add_int (integer_of_int32 !i_7)) (1)))))); + !i_7 end) in void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end)) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: + (C_23: + (C_24: + begin + void; + (let jessie_ = + (u := (C_22: + (JC_63: + (((alloc_struct_intP (integer_of_int32 !count)) intP_m_4_alloc_table) intP_m_4_tag_table)))) in + void); + (let jessie_ = (count := (safe_int32_of_integer_ (0))) in void); + try + (C_25: + begin + (let jessie_ = (i_0_0 := (safe_int32_of_integer_ (0))) in void); + (loop_4: + while true do + { invariant + (JC_69: + ((JC_64: le_int((0), integer_of_int32(i_0_0))) + and ((JC_65: + le_int(integer_of_int32(i_0_0), integer_of_int32(l))) + and ((JC_66: le_int((0), integer_of_int32(count))) + and ((JC_67: + le_int(integer_of_int32(count), + integer_of_int32(i_0_0))) + and (JC_68: + (integer_of_int32(count) = num_of_pos((0), + integer_of_int32(i_0_0), + t_0, intP_intM_t_2)))))))) + } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_49: + begin + (if ((lt_int_ (integer_of_int32 !i_0_0)) (integer_of_int32 l)) + then void else (raise (Goto_while_1_break_exc void))); + (if ((gt_int_ (integer_of_int32 (C_46: + ((safe_acc_ intP_intM_t_2) + (C_45: + ((shift t_0) (integer_of_int32 !i_0_0))))))) (0)) + then + (let jessie_ = + (C_36: + (C_39: + begin + (let jessie_ = (tmp_0 := !count) in void); + (let jessie_ = + (count := (C_38: + (safe_int32_of_integer_ (C_37: + ((add_int (integer_of_int32 !count)) (1)))))) in + void); + (C_44: + (let jessie_ = + (C_41: + ((safe_acc_ intP_intM_t_2) (C_40: + ((shift t_0) (integer_of_int32 !i_0_0))))) in + (let jessie_ = !u in + (let jessie_ = (integer_of_int32 !tmp_0) in + (let jessie_ = ((shift jessie_) jessie_) in + begin + (((safe_upd_ intP_intM_m_4) jessie_) jessie_); + jessie_ end))))) end)) in void) else void); + (i_0_0 := (C_48: + (safe_int32_of_integer_ (C_47: + ((add_int (integer_of_int32 !i_0_0)) (1)))))); + !i_0_0 end) in void); (raise (Loop_continue_exc void)) end + with Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_1_break_exc void)) end) with + Goto_while_1_break_exc jessie_ -> (while_1_break: void) end; + (return := !u); (raise Return) end))) end))))); absurd end with + Return -> !return end)) { (JC_21: true) } + +let m_safety = + fun (t_0 : intP pointer) (l : int32) (intP_m_4_alloc_table : intP alloc_table ref) (intP_m_4_tag_table : intP tag_table ref) (intP_intM_m_4 : (intP, int32) memory ref) (intP_t_2_alloc_table : intP alloc_table) (intP_intM_t_2 : (intP, int32) memory) -> + { (JC_19: + ((JC_16: ge_int(integer_of_int32(l), (0))) + and ((JC_17: le_int(offset_min(intP_t_2_alloc_table, t_0), (0))) + and (JC_18: + ge_int(offset_max(intP_t_2_alloc_table, t_0), + sub_int(integer_of_int32(l), (1))))))) } + (init: + (let return = ref (any_pointer void) in + try + begin + (let i_7 = ref (any_int32 void) in + (let count = ref (any_int32 void) in + (let u = ref (any_pointer void) in + (let i_0_0 = ref (any_int32 void) in + (let tmp_0 = ref (any_int32 void) in + try + (C_2: + (C_3: + begin + (let jessie_ = (count := (safe_int32_of_integer_ (0))) in void); + (let jessie_ = (i_7 := (safe_int32_of_integer_ (0))) in void); + (loop_1: + while true do + { invariant (JC_32: true) + variant (JC_37 : sub_int(integer_of_int32(l), integer_of_int32(i_7))) } + begin + [ { } unit reads count,i_7 + { (JC_30: + ((JC_25: le_int((0), integer_of_int32(i_7))) + and ((JC_26: + le_int(integer_of_int32(i_7), integer_of_int32(l))) + and ((JC_27: le_int((0), integer_of_int32(count))) + and ((JC_28: + le_int(integer_of_int32(count), + integer_of_int32(i_7))) + and (JC_29: + (integer_of_int32(count) = num_of_pos((0), + integer_of_int32(i_7), + t_0, intP_intM_t_2)))))))) } ]; + try + begin + (let jessie_ = + (C_21: + begin + (if ((lt_int_ (integer_of_int32 !i_7)) (integer_of_int32 l)) + then void else (raise (Goto_while_0_break_exc void))); + (if ((gt_int_ (integer_of_int32 (C_18: + (JC_34: + ((((offset_acc_ intP_t_2_alloc_table) intP_intM_t_2) t_0) + (integer_of_int32 !i_7)))))) (0)) + then + (let jessie_ = + (C_16: + (count := (C_15: + (JC_35: + (int32_of_integer_ (C_14: + ((add_int (integer_of_int32 !count)) (1)))))))) in + void) else void); + (i_7 := (C_20: + (JC_36: + (int32_of_integer_ (C_19: + ((add_int (integer_of_int32 !i_7)) (1))))))); + !i_7 end) in void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end)) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: + (C_23: + (C_24: + begin + void; + (let jessie_ = + (u := (C_22: + (JC_38: + (((alloc_struct_intP_requires (integer_of_int32 !count)) intP_m_4_alloc_table) intP_m_4_tag_table)))) in + void); + (let jessie_ = (count := (safe_int32_of_integer_ (0))) in void); + try + (C_25: + begin + (let jessie_ = (i_0_0 := (safe_int32_of_integer_ (0))) in void); + (loop_2: + while true do + { invariant (JC_46: true) + variant (JC_53 : sub_int(integer_of_int32(l), + integer_of_int32(i_0_0))) } + begin + [ { } unit reads count,i_0_0 + { (JC_44: + ((JC_39: le_int((0), integer_of_int32(i_0_0))) + and ((JC_40: + le_int(integer_of_int32(i_0_0), integer_of_int32(l))) + and ((JC_41: le_int((0), integer_of_int32(count))) + and ((JC_42: + le_int(integer_of_int32(count), + integer_of_int32(i_0_0))) + and (JC_43: + (integer_of_int32(count) = num_of_pos((0), + integer_of_int32(i_0_0), + t_0, + intP_intM_t_2)))))))) } ]; + try + begin + (let jessie_ = + (C_49: + begin + (if ((lt_int_ (integer_of_int32 !i_0_0)) (integer_of_int32 l)) + then void else (raise (Goto_while_1_break_exc void))); + (if ((gt_int_ (integer_of_int32 (C_46: + (JC_48: + ((((offset_acc_ intP_t_2_alloc_table) intP_intM_t_2) t_0) + (integer_of_int32 !i_0_0)))))) (0)) + then + (let jessie_ = + (C_36: + (C_39: + begin + (let jessie_ = (tmp_0 := !count) in void); + (let jessie_ = + (count := (C_38: + (JC_49: + (int32_of_integer_ (C_37: + ((add_int (integer_of_int32 !count)) (1))))))) in + void); + (C_44: + (let jessie_ = + (C_41: + (JC_50: + ((((offset_acc_ intP_t_2_alloc_table) intP_intM_t_2) t_0) + (integer_of_int32 !i_0_0)))) in + (let jessie_ = !u in + (let jessie_ = (integer_of_int32 !tmp_0) in + (let jessie_ = ((shift jessie_) jessie_) in + begin + (JC_51: + (((((offset_upd_ !intP_m_4_alloc_table) intP_intM_m_4) jessie_) jessie_) jessie_)); + jessie_ end))))) end)) in void) else void); + (i_0_0 := (C_48: + (JC_52: + (int32_of_integer_ (C_47: + ((add_int (integer_of_int32 !i_0_0)) (1))))))); + !i_0_0 end) in void); (raise (Loop_continue_exc void)) end + with Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_1_break_exc void)) end) with + Goto_while_1_break_exc jessie_ -> (while_1_break: void) end; + (return := !u); (raise Return) end))) end))))); absurd end with + Return -> !return end)) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/muller.why +========== file tests/c/muller.jessie/why/muller_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type charP + +type int32 + +type int8 + +type intP + +type padding + +type voidP + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_int8 : int8 -> int + +predicate eq_int8(x: int8, y: int8) = + (integer_of_int8(x) = integer_of_int8(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic int8_of_integer : int -> int8 + +axiom int8_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_int8(int8_of_integer(x)) = x))) + +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + +axiom int8_range: + (forall x:int8. + (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) + +logic intP_tag : intP tag_id + +axiom intP_int: (int_of_tag(intP_tag) = 1) + +logic intP_of_pointer_address : unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr: + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom: parenttag(intP_tag, bottom_tag) + +axiom intP_tags: + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. instanceof(intP_tag_table, x, + intP_tag))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_intP(p: intP pointer, a: int, + intP_alloc_table: intP alloc_table) = (offset_min(intP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +logic num_of_pos : int, int, intP pointer, (intP, int32) memory -> int + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_intP(p: intP pointer, b: int, + intP_alloc_table: intP alloc_table) = (offset_max(intP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +axiom num_of_pos_empty: + (forall intP_intM_t_1_at_L:(intP, int32) memory. + (forall i_0:int. + (forall j_0:int. + (forall t_0_0:intP pointer. + ((i_0 >= j_0) -> (num_of_pos(i_0, j_0, t_0_0, + intP_intM_t_1_at_L) = 0)))))) + +axiom num_of_pos_true_case: + (forall intP_intM_t_1_at_L:(intP, int32) memory. + (forall i_1:int. + (forall j_1:int. + (forall k:int. + (forall t_1:intP pointer. + (((i_1 < j_1) and (integer_of_int32(select(intP_intM_t_1_at_L, + shift(t_1, (j_1 - 1)))) > 0)) -> + (num_of_pos(i_1, j_1, t_1, + intP_intM_t_1_at_L) = (num_of_pos(i_1, (j_1 - 1), t_1, + intP_intM_t_1_at_L) + 1)))))))) + +axiom num_of_pos_false_case: + (forall intP_intM_t_1_at_L:(intP, int32) memory. + (forall i_2:int. + (forall j_2:int. + (forall k_0:int. + (forall t_2:intP pointer. + (((i_2 < j_2) and + (not (integer_of_int32(select(intP_intM_t_1_at_L, shift(t_2, + (j_2 - 1)))) > 0))) -> + (num_of_pos(i_2, j_2, t_2, intP_intM_t_1_at_L) = num_of_pos(i_2, + (j_2 - 1), t_2, intP_intM_t_1_at_L)))))))) + +goal num_of_pos_non_negative: + (forall intP_intM_t_3_8_at_L:(intP, int32) memory. + (forall i_3:int. + (forall j_3:int. + (forall t_3:intP pointer. (0 <= num_of_pos(i_3, j_3, t_3, + intP_intM_t_3_8_at_L)))))) + +axiom num_of_pos_non_negative_as_axiom: + (forall intP_intM_t_3_8_at_L:(intP, int32) memory. + (forall i_3:int. + (forall j_3:int. + (forall t_3:intP pointer. (0 <= num_of_pos(i_3, j_3, t_3, + intP_intM_t_3_8_at_L)))))) + +goal num_of_pos_additive: + (forall intP_intM_t_4_9_at_L:(intP, int32) memory. + (forall i_4:int. + (forall j_4:int. + (forall k_1:int. + (forall t_4:intP pointer. + (((i_4 <= j_4) and (j_4 <= k_1)) -> (num_of_pos(i_4, k_1, t_4, + intP_intM_t_4_9_at_L) = (num_of_pos(i_4, j_4, t_4, + intP_intM_t_4_9_at_L) + num_of_pos(j_4, k_1, t_4, + intP_intM_t_4_9_at_L))))))))) + +axiom num_of_pos_additive_as_axiom: + (forall intP_intM_t_4_9_at_L:(intP, int32) memory. + (forall i_4:int. + (forall j_4:int. + (forall k_1:int. + (forall t_4:intP pointer. + (((i_4 <= j_4) and (j_4 <= k_1)) -> (num_of_pos(i_4, k_1, t_4, + intP_intM_t_4_9_at_L) = (num_of_pos(i_4, j_4, t_4, + intP_intM_t_4_9_at_L) + num_of_pos(j_4, k_1, t_4, + intP_intM_t_4_9_at_L))))))))) + +goal num_of_pos_increasing: + (forall intP_intM_t_5_10_at_L:(intP, int32) memory. + (forall i_5:int. + (forall j_5:int. + (forall k_2:int. + (forall t_5:intP pointer. + ((j_5 <= k_2) -> (num_of_pos(i_5, j_5, t_5, + intP_intM_t_5_10_at_L) <= num_of_pos(i_5, k_2, t_5, + intP_intM_t_5_10_at_L)))))))) + +axiom num_of_pos_increasing_as_axiom: + (forall intP_intM_t_5_10_at_L:(intP, int32) memory. + (forall i_5:int. + (forall j_5:int. + (forall k_2:int. + (forall t_5:intP pointer. + ((j_5 <= k_2) -> (num_of_pos(i_5, j_5, t_5, + intP_intM_t_5_10_at_L) <= num_of_pos(i_5, k_2, t_5, + intP_intM_t_5_10_at_L)))))))) + +goal num_of_pos_strictly_increasing: + (forall intP_intM_t_6_11_at_L:(intP, int32) memory. + (forall i_6:int. + (forall n:int. + (forall t_6:intP pointer. + (((0 <= i_6) and + ((i_6 < n) and (integer_of_int32(select(intP_intM_t_6_11_at_L, + shift(t_6, i_6))) > 0))) -> + (num_of_pos(0, i_6, t_6, intP_intM_t_6_11_at_L) < num_of_pos(0, n, + t_6, intP_intM_t_6_11_at_L))))))) + +axiom num_of_pos_strictly_increasing_as_axiom: + (forall intP_intM_t_6_11_at_L:(intP, int32) memory. + (forall i_6:int. + (forall n:int. + (forall t_6:intP pointer. + (((0 <= i_6) and + ((i_6 < n) and (integer_of_int32(select(intP_intM_t_6_11_at_L, + shift(t_6, i_6))) > 0))) -> + (num_of_pos(0, i_6, t_6, intP_intM_t_6_11_at_L) < num_of_pos(0, n, + t_6, intP_intM_t_6_11_at_L))))))) + +goal m_ensures_default_po_1: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + ("JC_59": ("JC_54": (0 <= integer_of_int32(i_7)))) + +goal m_ensures_default_po_2: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + ("JC_59": ("JC_55": (integer_of_int32(i_7) <= integer_of_int32(l)))) + +goal m_ensures_default_po_3: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + ("JC_59": ("JC_56": (0 <= integer_of_int32(count)))) + +goal m_ensures_default_po_4: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + ("JC_59": ("JC_57": (integer_of_int32(count) <= integer_of_int32(i_7)))) + +goal m_ensures_default_po_5: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + ("JC_59": + ("JC_58": (integer_of_int32(count) = num_of_pos(0, integer_of_int32(i_7), + t_0, intP_intM_t_2)))) + +goal m_ensures_default_po_6: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(count0) + 1)) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result3) -> + ("JC_59": ("JC_54": (0 <= integer_of_int32(i_7_1)))) + +goal m_ensures_default_po_7: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(count0) + 1)) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result3) -> + ("JC_59": ("JC_55": (integer_of_int32(i_7_1) <= integer_of_int32(l)))) + +goal m_ensures_default_po_8: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(count0) + 1)) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result3) -> + ("JC_59": ("JC_56": (0 <= integer_of_int32(count1)))) + +goal m_ensures_default_po_9: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(count0) + 1)) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result3) -> + ("JC_59": ("JC_57": (integer_of_int32(count1) <= integer_of_int32(i_7_1)))) + +goal m_ensures_default_po_10: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(count0) + 1)) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result3) -> + ("JC_59": + ("JC_58": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_7_1), t_0, intP_intM_t_2)))) + +goal m_ensures_default_po_11: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) <= 0) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result2) -> + ("JC_59": ("JC_54": (0 <= integer_of_int32(i_7_1)))) + +goal m_ensures_default_po_12: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) <= 0) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result2) -> + ("JC_59": ("JC_55": (integer_of_int32(i_7_1) <= integer_of_int32(l)))) + +goal m_ensures_default_po_13: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) <= 0) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result2) -> + ("JC_59": ("JC_56": (0 <= integer_of_int32(count0)))) + +goal m_ensures_default_po_14: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) <= 0) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result2) -> + ("JC_59": ("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_1)))) + +goal m_ensures_default_po_15: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) <= 0) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result2) -> + ("JC_59": + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_1), t_0, intP_intM_t_2)))) + +goal m_ensures_default_po_16: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + ("JC_69": ("JC_64": (0 <= integer_of_int32(i_0_0)))) + +goal m_ensures_default_po_17: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + ("JC_69": ("JC_65": (integer_of_int32(i_0_0) <= integer_of_int32(l)))) + +goal m_ensures_default_po_18: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + ("JC_69": ("JC_66": (0 <= integer_of_int32(count1)))) + +goal m_ensures_default_po_19: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + ("JC_69": ("JC_67": (integer_of_int32(count1) <= integer_of_int32(i_0_0)))) + +goal m_ensures_default_po_20: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + ("JC_69": + ("JC_68": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_0_0), t_0, intP_intM_t_2)))) + +goal m_ensures_default_po_21: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + forall intP_intM_m_4:(intP, + int32) memory. + ("JC_69": + (("JC_64": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_65": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_66": (0 <= integer_of_int32(count2))) and + (("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + forall intP_intM_m_4_0:(intP, + int32) memory. + (intP_intM_m_4_0 = store(intP_intM_m_4, shift(u, integer_of_int32(tmp_0)), + result6)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result7) -> + ("JC_69": ("JC_64": (0 <= integer_of_int32(i_0_0_1)))) + +goal m_ensures_default_po_22: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + forall intP_intM_m_4:(intP, + int32) memory. + ("JC_69": + (("JC_64": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_65": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_66": (0 <= integer_of_int32(count2))) and + (("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + forall intP_intM_m_4_0:(intP, + int32) memory. + (intP_intM_m_4_0 = store(intP_intM_m_4, shift(u, integer_of_int32(tmp_0)), + result6)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result7) -> + ("JC_69": ("JC_65": (integer_of_int32(i_0_0_1) <= integer_of_int32(l)))) + +goal m_ensures_default_po_23: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + forall intP_intM_m_4:(intP, + int32) memory. + ("JC_69": + (("JC_64": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_65": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_66": (0 <= integer_of_int32(count2))) and + (("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + forall intP_intM_m_4_0:(intP, + int32) memory. + (intP_intM_m_4_0 = store(intP_intM_m_4, shift(u, integer_of_int32(tmp_0)), + result6)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result7) -> + ("JC_69": ("JC_66": (0 <= integer_of_int32(count3)))) + +goal m_ensures_default_po_24: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + forall intP_intM_m_4:(intP, + int32) memory. + ("JC_69": + (("JC_64": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_65": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_66": (0 <= integer_of_int32(count2))) and + (("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + forall intP_intM_m_4_0:(intP, + int32) memory. + (intP_intM_m_4_0 = store(intP_intM_m_4, shift(u, integer_of_int32(tmp_0)), + result6)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result7) -> + ("JC_69": + ("JC_67": (integer_of_int32(count3) <= integer_of_int32(i_0_0_1)))) + +goal m_ensures_default_po_25: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + forall intP_intM_m_4:(intP, + int32) memory. + ("JC_69": + (("JC_64": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_65": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_66": (0 <= integer_of_int32(count2))) and + (("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + forall intP_intM_m_4_0:(intP, + int32) memory. + (intP_intM_m_4_0 = store(intP_intM_m_4, shift(u, integer_of_int32(tmp_0)), + result6)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result7) -> + ("JC_69": + ("JC_68": (integer_of_int32(count3) = num_of_pos(0, + integer_of_int32(i_0_0_1), t_0, intP_intM_t_2)))) + +goal m_ensures_default_po_26: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_69": + (("JC_64": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_65": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_66": (0 <= integer_of_int32(count2))) and + (("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) <= 0) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result5) -> + ("JC_69": ("JC_64": (0 <= integer_of_int32(i_0_0_1)))) + +goal m_ensures_default_po_27: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_69": + (("JC_64": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_65": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_66": (0 <= integer_of_int32(count2))) and + (("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) <= 0) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result5) -> + ("JC_69": ("JC_65": (integer_of_int32(i_0_0_1) <= integer_of_int32(l)))) + +goal m_ensures_default_po_28: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_69": + (("JC_64": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_65": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_66": (0 <= integer_of_int32(count2))) and + (("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) <= 0) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result5) -> + ("JC_69": ("JC_66": (0 <= integer_of_int32(count2)))) + +goal m_ensures_default_po_29: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_69": + (("JC_64": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_65": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_66": (0 <= integer_of_int32(count2))) and + (("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) <= 0) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result5) -> + ("JC_69": + ("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_1)))) + +goal m_ensures_default_po_30: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_59": + (("JC_54": (0 <= integer_of_int32(i_7_0))) and + (("JC_55": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_56": (0 <= integer_of_int32(count0))) and + (("JC_57": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_58": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_69": + (("JC_64": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_65": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_66": (0 <= integer_of_int32(count2))) and + (("JC_67": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) <= 0) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result5) -> + ("JC_69": + ("JC_68": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_1), t_0, intP_intM_t_2)))) + +goal m_safety_po_1: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + (offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) + +goal m_safety_po_2: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0)) + +goal m_safety_po_3: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) and + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + ((-2147483648) <= (integer_of_int32(count0) + 1)) + +goal m_safety_po_4: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) and + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + ((integer_of_int32(count0) + 1) <= 2147483647) + +goal m_safety_po_5: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) and + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + (((-2147483648) <= (integer_of_int32(count0) + 1)) and + ((integer_of_int32(count0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(count0) + 1)) -> + forall count1:int32. + (count1 = result2) -> + ((-2147483648) <= (integer_of_int32(i_7_0) + 1)) + +goal m_safety_po_6: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) and + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + (((-2147483648) <= (integer_of_int32(count0) + 1)) and + ((integer_of_int32(count0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(count0) + 1)) -> + forall count1:int32. + (count1 = result2) -> + ((integer_of_int32(i_7_0) + 1) <= 2147483647) + +goal m_safety_po_7: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) and + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + (((-2147483648) <= (integer_of_int32(count0) + 1)) and + ((integer_of_int32(count0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(count0) + 1)) -> + forall count1:int32. + (count1 = result2) -> + (((-2147483648) <= (integer_of_int32(i_7_0) + 1)) and + ((integer_of_int32(i_7_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result3) -> + (0 <= ("JC_37": (integer_of_int32(l) - integer_of_int32(i_7_0)))) + +goal m_safety_po_8: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) and + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) > 0) -> + (((-2147483648) <= (integer_of_int32(count0) + 1)) and + ((integer_of_int32(count0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(count0) + 1)) -> + forall count1:int32. + (count1 = result2) -> + (((-2147483648) <= (integer_of_int32(i_7_0) + 1)) and + ((integer_of_int32(i_7_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result3) -> + (("JC_37": (integer_of_int32(l) - integer_of_int32(i_7_1))) < ("JC_37": + (integer_of_int32(l) - integer_of_int32(i_7_0)))) + +goal m_safety_po_9: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) and + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) <= 0) -> + ((-2147483648) <= (integer_of_int32(i_7_0) + 1)) + +goal m_safety_po_10: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) and + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) <= 0) -> + ((integer_of_int32(i_7_0) + 1) <= 2147483647) + +goal m_safety_po_11: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) and + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_7_0) + 1)) and + ((integer_of_int32(i_7_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result2) -> + (0 <= ("JC_37": (integer_of_int32(l) - integer_of_int32(i_7_0)))) + +goal m_safety_po_12: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_7_0)) and + (integer_of_int32(i_7_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result1:int32. + (result1 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_7_0)))) -> + (integer_of_int32(result1) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_7_0) + 1)) and + ((integer_of_int32(i_7_0) + 1) <= 2147483647)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(i_7_0) + 1)) -> + forall i_7_1:int32. + (i_7_1 = result2) -> + (("JC_37": (integer_of_int32(l) - integer_of_int32(i_7_1))) < ("JC_37": + (integer_of_int32(l) - integer_of_int32(i_7_0)))) + +goal m_safety_po_13: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) + +goal m_safety_po_14: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + (offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) + +goal m_safety_po_15: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0)) + +goal m_safety_po_16: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + ((-2147483648) <= (integer_of_int32(count2) + 1)) + +goal m_safety_po_17: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + ((integer_of_int32(count2) + 1) <= 2147483647) + +goal m_safety_po_18: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + (((-2147483648) <= (integer_of_int32(count2) + 1)) and + ((integer_of_int32(count2) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (offset_min(intP_m_4_alloc_table0, u) <= integer_of_int32(tmp_0)) + +goal m_safety_po_19: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + (((-2147483648) <= (integer_of_int32(count2) + 1)) and + ((integer_of_int32(count2) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(tmp_0) <= offset_max(intP_m_4_alloc_table0, u)) + +goal m_safety_po_20: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + forall intP_intM_m_4:(intP, + int32) memory. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + (((-2147483648) <= (integer_of_int32(count2) + 1)) and + ((integer_of_int32(count2) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + ((offset_min(intP_m_4_alloc_table0, u) <= integer_of_int32(tmp_0)) and + (integer_of_int32(tmp_0) <= offset_max(intP_m_4_alloc_table0, u))) -> + forall intP_intM_m_4_0:(intP, + int32) memory. + (intP_intM_m_4_0 = store(intP_intM_m_4, shift(u, integer_of_int32(tmp_0)), + result6)) -> + ((-2147483648) <= (integer_of_int32(i_0_0_0) + 1)) + +goal m_safety_po_21: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + forall intP_intM_m_4:(intP, + int32) memory. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + (((-2147483648) <= (integer_of_int32(count2) + 1)) and + ((integer_of_int32(count2) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + ((offset_min(intP_m_4_alloc_table0, u) <= integer_of_int32(tmp_0)) and + (integer_of_int32(tmp_0) <= offset_max(intP_m_4_alloc_table0, u))) -> + forall intP_intM_m_4_0:(intP, + int32) memory. + (intP_intM_m_4_0 = store(intP_intM_m_4, shift(u, integer_of_int32(tmp_0)), + result6)) -> + ((integer_of_int32(i_0_0_0) + 1) <= 2147483647) + +goal m_safety_po_22: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + forall intP_intM_m_4:(intP, + int32) memory. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + (((-2147483648) <= (integer_of_int32(count2) + 1)) and + ((integer_of_int32(count2) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + ((offset_min(intP_m_4_alloc_table0, u) <= integer_of_int32(tmp_0)) and + (integer_of_int32(tmp_0) <= offset_max(intP_m_4_alloc_table0, u))) -> + forall intP_intM_m_4_0:(intP, + int32) memory. + (intP_intM_m_4_0 = store(intP_intM_m_4, shift(u, integer_of_int32(tmp_0)), + result6)) -> + (((-2147483648) <= (integer_of_int32(i_0_0_0) + 1)) and + ((integer_of_int32(i_0_0_0) + 1) <= 2147483647)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result7) -> + (0 <= ("JC_53": (integer_of_int32(l) - integer_of_int32(i_0_0_0)))) + +goal m_safety_po_23: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + forall intP_intM_m_4:(intP, + int32) memory. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) > 0) -> + forall tmp_0:int32. + (tmp_0 = count2) -> + (((-2147483648) <= (integer_of_int32(count2) + 1)) and + ((integer_of_int32(count2) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(count2) + 1)) -> + forall count3:int32. + (count3 = result5) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + ((offset_min(intP_m_4_alloc_table0, u) <= integer_of_int32(tmp_0)) and + (integer_of_int32(tmp_0) <= offset_max(intP_m_4_alloc_table0, u))) -> + forall intP_intM_m_4_0:(intP, + int32) memory. + (intP_intM_m_4_0 = store(intP_intM_m_4, shift(u, integer_of_int32(tmp_0)), + result6)) -> + (((-2147483648) <= (integer_of_int32(i_0_0_0) + 1)) and + ((integer_of_int32(i_0_0_0) + 1) <= 2147483647)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result7) -> + (("JC_53": (integer_of_int32(l) - integer_of_int32(i_0_0_1))) < ("JC_53": + (integer_of_int32(l) - integer_of_int32(i_0_0_0)))) + +goal m_safety_po_24: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) <= 0) -> + ((-2147483648) <= (integer_of_int32(i_0_0_0) + 1)) + +goal m_safety_po_25: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) <= 0) -> + ((integer_of_int32(i_0_0_0) + 1) <= 2147483647) + +goal m_safety_po_26: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_0_0_0) + 1)) and + ((integer_of_int32(i_0_0_0) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result5) -> + (0 <= ("JC_53": (integer_of_int32(l) - integer_of_int32(i_0_0_0)))) + +goal m_safety_po_27: + forall t_0:intP pointer. + forall l:int32. + forall intP_t_2_alloc_table:intP alloc_table. + forall intP_intM_t_2:(intP, + int32) memory. + forall intP_m_4_alloc_table:intP alloc_table. + ("JC_19": + (("JC_16": (integer_of_int32(l) >= 0)) and + (("JC_17": (offset_min(intP_t_2_alloc_table, t_0) <= 0)) and + ("JC_18": (offset_max(intP_t_2_alloc_table, + t_0) >= (integer_of_int32(l) - 1)))))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall count:int32. + (count = result) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall i_7:int32. + (i_7 = result0) -> + forall count0:int32. + forall i_7_0:int32. + ("JC_32": true) -> + ("JC_30": + (("JC_25": (0 <= integer_of_int32(i_7_0))) and + (("JC_26": (integer_of_int32(i_7_0) <= integer_of_int32(l))) and + (("JC_27": (0 <= integer_of_int32(count0))) and + (("JC_28": (integer_of_int32(count0) <= integer_of_int32(i_7_0))) and + ("JC_29": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_7_0) >= integer_of_int32(l)) -> + (integer_of_int32(count0) >= 0) -> + forall result1:intP pointer. + forall intP_m_4_alloc_table0:intP alloc_table. + forall intP_m_4_tag_table:intP tag_table. + (strict_valid_struct_intP(result1, 0, (integer_of_int32(count0) - 1), + intP_m_4_alloc_table0) and + (alloc_extends(intP_m_4_alloc_table, intP_m_4_alloc_table0) and + (alloc_fresh(intP_m_4_alloc_table, result1, integer_of_int32(count0)) and + instanceof(intP_m_4_tag_table, result1, intP_tag)))) -> + forall u:intP pointer. + (u = result1) -> + forall result2:int32. + (integer_of_int32(result2) = 0) -> + forall count1:int32. + (count1 = result2) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall i_0_0:int32. + (i_0_0 = result3) -> + forall count2:int32. + forall i_0_0_0:int32. + ("JC_46": true) -> + ("JC_44": + (("JC_39": (0 <= integer_of_int32(i_0_0_0))) and + (("JC_40": (integer_of_int32(i_0_0_0) <= integer_of_int32(l))) and + (("JC_41": (0 <= integer_of_int32(count2))) and + (("JC_42": (integer_of_int32(count2) <= integer_of_int32(i_0_0_0))) and + ("JC_43": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_0_0_0), t_0, intP_intM_t_2)))))))) -> + (integer_of_int32(i_0_0_0) < integer_of_int32(l)) -> + ((offset_min(intP_t_2_alloc_table, t_0) <= integer_of_int32(i_0_0_0)) and + (integer_of_int32(i_0_0_0) <= offset_max(intP_t_2_alloc_table, t_0))) -> + forall result4:int32. + (result4 = select(intP_intM_t_2, shift(t_0, integer_of_int32(i_0_0_0)))) -> + (integer_of_int32(result4) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_0_0_0) + 1)) and + ((integer_of_int32(i_0_0_0) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_0_0_0) + 1)) -> + forall i_0_0_1:int32. + (i_0_0_1 = result5) -> + (("JC_53": (integer_of_int32(l) - integer_of_int32(i_0_0_1))) < ("JC_53": + (integer_of_int32(l) - integer_of_int32(i_0_0_0)))) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/muller_why.why : ?###......................................................... (57/0/1/3/0) +total : 61 +valid : 57 ( 93%) +invalid : 0 ( 0%) +unknown : 1 ( 2%) +timeout : 3 ( 5%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/my_cosine.res.oracle why-2.30+dfsg/tests/c/oracle/my_cosine.res.oracle --- why-2.29+dfsg/tests/c/oracle/my_cosine.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/my_cosine.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,35 @@ ========== file tests/c/my_cosine.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // does not work: RUN GAPPA: will ask regtests to run Gappa on this program // RUNCOQ: for the first VC @@ -15,11 +46,11 @@ return 1.0f - x * x * 0.5f; } -/*@ requires \abs(x) <= 0x1p-5 - @ && \round_error(x) == 0.0; +/*@ requires \abs(x) <= 0x1p-5 && \round_error(x) == 0.0; @ ensures \abs(\result - \cos(x)) <= 0x1p-23; @*/ float my_cos2(float x) { + //@ assert \exact(x) == x; float r = 1.0f - x * x * 0.5f; //@ assert \abs(\exact(r) - \cos(x)) <= 0x1p-24; return r; @@ -48,7 +79,7 @@ /* Local Variables: -compile-command: "frama-c -jessie my_cosine.c" +compile-command: "make my_cosine.why3ml" End: */ @@ -74,16 +105,16 @@ type int8 = -128..127 -tag char_P = { - int8 char_M: 8; +tag charP = { + int8 charM: 8; } -type char_P = [char_P] +type charP = [charP] -tag void_P = { +tag voidP = { } -type void_P = [void_P] +type voidP = [voidP] lemma method_error : (\forall real x; @@ -116,20 +147,28 @@ } float my_cos2(float x_0) - requires (C_14 : ((C_15 : (\real_abs((x_0 :> real)) <= 0x1p-5)) && - (C_16 : (\single_round_error(x_0) == 0.0)))); + requires (C_15 : ((C_16 : (\real_abs((x_0 :> real)) <= 0x1p-5)) && + (C_17 : (\single_round_error(x_0) == 0.0)))); behavior default: - ensures (C_13 : (\real_abs(((\result :> real) - + ensures (C_14 : (\real_abs(((\result :> real) - \cos((\at(x_0,Old) :> real)))) <= 0x1p-23)); { (var float r); - { (C_11 : (r = (C_10 : ((1.0 :> float) - - (C_9 : ((C_8 : (x_0 * x_0)) * (0.5 :> float))))))); + { + { + (assert for default: (C_8 : (\single_exact(x_0) == (x_0 :> real)))); + () + }; + + { (C_12 : (r = (C_11 : ((1.0 :> float) - + (C_10 : ((C_9 : (x_0 * x_0)) * + (0.5 :> float))))))) + }; { - (assert for default: (C_12 : (\real_abs((\single_exact(r) - + (assert for default: (C_13 : (\real_abs((\single_exact(r) - \cos((x_0 :> real)))) <= 0x1p-24))); () @@ -140,23 +179,23 @@ } float my_cos3(float x_1) - requires (C_25 : ((C_26 : (\real_abs(\single_exact(x_1)) <= 0x1p-5)) && - (C_27 : (\single_round_error(x_1) <= 0x1p-20)))); + requires (C_26 : ((C_27 : (\real_abs(\single_exact(x_1)) <= 0x1p-5)) && + (C_28 : (\single_round_error(x_1) <= 0x1p-20)))); behavior default: - ensures (C_22 : ((C_23 : (\real_abs((\single_exact(\result) - + ensures (C_23 : ((C_24 : (\real_abs((\single_exact(\result) - \cos(\single_exact(\at(x_1,Old))))) <= 0x1p-24)) && - (C_24 : (\single_round_error(\result) <= + (C_25 : (\single_round_error(\result) <= (\single_round_error(\at(x_1,Old)) + 0x3p-24))))); { (var float r_0); - { (C_20 : (r_0 = (C_19 : ((1.0 :> float) - - (C_18 : ((C_17 : (x_1 * x_1)) * + { (C_21 : (r_0 = (C_20 : ((1.0 :> float) - + (C_19 : ((C_18 : (x_1 * x_1)) * (0.5 :> float))))))); { - (assert for default: (C_21 : (\real_abs((\single_exact(r_0) - + (assert for default: (C_22 : (\real_abs((\single_exact(r_0) - \cos(\single_exact(x_1)))) <= 0x1p-24))); () @@ -167,9 +206,9 @@ } float my_cos4(float x_2) - requires (C_34 : (\real_abs((x_2 :> real)) <= 0.07)); + requires (C_35 : (\real_abs((x_2 :> real)) <= 0.07)); behavior default: - ensures (C_33 : (\real_abs(((\result :> real) - + ensures (C_34 : (\real_abs(((\result :> real) - \cos((\at(x_2,Old) :> real)))) <= 0x1p-20)); { @@ -177,7 +216,7 @@ { { - (assert for default: (C_28 : (\real_abs(((1.0 - + (assert for default: (C_29 : (\real_abs(((1.0 - (((x_2 :> real) * (x_2 :> real)) * 0.5)) - @@ -185,8 +224,8 @@ 0x0.Fp-20))); () }; - (C_32 : (__retres_0 = (C_31 : ((1.0 :> float) - - (C_30 : ((C_29 : (x_2 * x_2)) * + (C_33 : (__retres_0 = (C_32 : ((1.0 :> float) - + (C_31 : ((C_30 : (x_2 * x_2)) * (0.5 :> float))))))); (return __retres_0) @@ -195,233 +234,246 @@ ========== file tests/c/my_cosine.jessie/my_cosine.cloc ========== [C_10] file = "HOME/tests/c/my_cosine.c" -line = 22 -begin = 12 +line = 53 +begin = 19 end = 31 [C_11] file = "HOME/tests/c/my_cosine.c" -line = 22 +line = 53 +begin = 12 +end = 31 + +[C_12] +file = "HOME/tests/c/my_cosine.c" +line = 53 begin = 2 end = 7 -[C_12] +[C_13] file = "HOME/tests/c/my_cosine.c" -line = 23 +line = 54 begin = 13 end = 49 -[C_13] +[C_14] file = "HOME/tests/c/my_cosine.c" -line = 19 +line = 49 begin = 12 end = 46 -[C_14] -file = "HOME/tests/c/my_cosine.c" -line = 17 -begin = 13 -end = 64 - [C_15] file = "HOME/tests/c/my_cosine.c" -line = 17 +line = 48 begin = 13 -end = 30 +end = 56 [C_16] file = "HOME/tests/c/my_cosine.c" -line = 18 -begin = 11 -end = 33 +line = 48 +begin = 13 +end = 30 [C_17] file = "HOME/tests/c/my_cosine.c" -line = 34 -begin = 19 -end = 24 +line = 48 +begin = 34 +end = 56 [C_18] file = "HOME/tests/c/my_cosine.c" -line = 34 +line = 65 begin = 19 -end = 31 +end = 24 [C_19] file = "HOME/tests/c/my_cosine.c" -line = 34 -begin = 12 +line = 65 +begin = 19 end = 31 [C_1] file = "HOME/tests/c/my_cosine.c" -line = 13 +line = 44 begin = 13 end = 53 [C_2] file = "HOME/tests/c/my_cosine.c" -line = 14 +line = 45 begin = 16 end = 21 [C_3] file = "HOME/tests/c/my_cosine.c" -line = 14 +line = 45 begin = 16 end = 28 [C_4] file = "HOME/tests/c/my_cosine.c" -line = 14 +line = 45 begin = 9 end = 28 [C_20] file = "HOME/tests/c/my_cosine.c" -line = 34 -begin = 2 -end = 7 +line = 65 +begin = 12 +end = 31 [C_5] file = "HOME/tests/c/my_cosine.c" -line = 14 +line = 45 begin = 2 end = 29 [C_21] file = "HOME/tests/c/my_cosine.c" -line = 35 -begin = 13 -end = 57 +line = 65 +begin = 2 +end = 7 [C_6] file = "HOME/tests/c/my_cosine.c" -line = 10 +line = 41 begin = 12 end = 46 [C_22] file = "HOME/tests/c/my_cosine.c" -line = 30 -begin = 12 -end = 124 +line = 66 +begin = 13 +end = 57 [C_7] file = "HOME/tests/c/my_cosine.c" -line = 9 +line = 40 begin = 13 end = 30 [C_23] file = "HOME/tests/c/my_cosine.c" -line = 30 +line = 61 begin = 12 -end = 62 +end = 124 [C_8] file = "HOME/tests/c/my_cosine.c" -line = 22 -begin = 19 -end = 24 +line = 52 +begin = 13 +end = 27 [C_24] file = "HOME/tests/c/my_cosine.c" -line = 31 -begin = 11 -end = 61 +line = 61 +begin = 12 +end = 62 [C_9] file = "HOME/tests/c/my_cosine.c" -line = 22 +line = 53 begin = 19 -end = 31 +end = 24 [C_25] file = "HOME/tests/c/my_cosine.c" -line = 28 +line = 62 +begin = 11 +end = 61 + +[C_26] +file = "HOME/tests/c/my_cosine.c" +line = 59 begin = 13 end = 76 -[C_26] +[C_27] file = "HOME/tests/c/my_cosine.c" -line = 28 +line = 59 begin = 13 end = 38 -[C_27] +[C_28] file = "HOME/tests/c/my_cosine.c" -line = 29 +line = 60 begin = 11 end = 37 -[C_28] +[C_29] file = "HOME/tests/c/my_cosine.c" -line = 43 +line = 74 begin = 13 end = 55 -[C_29] +[method_error] +name = "Lemma method_error" file = "HOME/tests/c/my_cosine.c" -line = 44 +line = 36 +begin = 4 +end = 111 + +[C_30] +file = "HOME/tests/c/my_cosine.c" +line = 75 begin = 16 end = 21 -[C_30] +[C_31] file = "HOME/tests/c/my_cosine.c" -line = 44 +line = 75 begin = 16 end = 28 -[C_31] +[C_32] file = "HOME/tests/c/my_cosine.c" -line = 44 +line = 75 begin = 9 end = 28 -[C_32] +[C_33] file = "HOME/tests/c/my_cosine.c" -line = 44 +line = 75 begin = 2 end = 29 -[C_33] +[C_34] file = "HOME/tests/c/my_cosine.c" -line = 40 +line = 71 begin = 12 end = 46 -[C_34] +[C_35] file = "HOME/tests/c/my_cosine.c" -line = 39 +line = 70 begin = 13 end = 28 [my_cos1] name = "Function my_cos1" file = "HOME/tests/c/my_cosine.c" -line = 12 +line = 43 begin = 6 end = 13 [my_cos2] name = "Function my_cos2" file = "HOME/tests/c/my_cosine.c" -line = 21 +line = 51 begin = 6 end = 13 [my_cos3] name = "Function my_cos3" file = "HOME/tests/c/my_cosine.c" -line = 33 +line = 64 begin = 6 end = 13 [my_cos4] name = "Function my_cos4" file = "HOME/tests/c/my_cosine.c" -line = 42 +line = 73 begin = 6 end = 13 @@ -445,10 +497,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs my_cosine.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why $(WHYLIB)/why/floats_strict.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/my_cosine_why.sx @@ -509,6 +562,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/my_cosine_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/my_cosine_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -581,6 +641,9 @@ why3ide: why/my_cosine_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: my_cosine.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include my_cosine.depend depend: coq/my_cosine_why.v @@ -592,73 +655,73 @@ ========== file tests/c/my_cosine.jessie/my_cosine.loc ========== [my_cos4_ensures_default] name = "Function my_cos4" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/my_cosine.c" -line = 42 +line = 73 begin = 6 end = 13 [JC_40] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/c/my_cosine.c" +line = 60 +begin = 11 +end = 37 [my_cos3_safety] name = "Function my_cos3" behavior = "Safety" file = "HOME/tests/c/my_cosine.c" -line = 33 +line = 64 begin = 6 end = 13 [JC_41] file = "HOME/tests/c/my_cosine.c" -line = 28 +line = 59 begin = 13 -end = 38 +end = 76 [JC_42] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_43] +file = "HOME/tests/c/my_cosine.c" +line = 59 +begin = 13 +end = 38 + +[JC_44] file = "HOME/tests/c/my_cosine.c" -line = 29 +line = 60 begin = 11 end = 37 -[JC_43] +[JC_45] file = "HOME/tests/c/my_cosine.c" -line = 28 +line = 59 begin = 13 end = 76 -[JC_44] +[JC_46] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_45] -file = "HOME/tests/c/my_cosine.c" -line = 30 -begin = 12 -end = 62 - -[JC_46] -file = "HOME/tests/c/my_cosine.c" -line = 31 -begin = 11 -end = 61 - [JC_1] file = "HOME/tests/c/my_cosine.c" -line = 9 +line = 40 begin = 13 end = 30 [JC_47] file = "HOME/tests/c/my_cosine.c" -line = 30 +line = 61 begin = 12 -end = 124 +end = 62 [JC_2] file = "HOME/" @@ -668,21 +731,21 @@ [JC_48] file = "HOME/tests/c/my_cosine.c" -line = 30 -begin = 12 -end = 62 +line = 62 +begin = 11 +end = 61 [JC_3] file = "HOME/tests/c/my_cosine.c" -line = 9 +line = 40 begin = 13 end = 30 [JC_49] file = "HOME/tests/c/my_cosine.c" -line = 31 -begin = 11 -end = 61 +line = 61 +begin = 12 +end = 124 [JC_4] file = "HOME/" @@ -692,13 +755,13 @@ [JC_5] file = "HOME/tests/c/my_cosine.c" -line = 10 +line = 41 begin = 12 end = 46 [JC_6] file = "HOME/tests/c/my_cosine.c" -line = 10 +line = 41 begin = 12 end = 46 @@ -716,119 +779,119 @@ [JC_9] file = "HOME/tests/c/my_cosine.c" -line = 13 +line = 44 begin = 13 end = 53 [JC_50] file = "HOME/tests/c/my_cosine.c" -line = 30 +line = 61 begin = 12 -end = 124 +end = 62 [JC_51] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/c/my_cosine.c" +line = 62 +begin = 11 +end = 61 [JC_52] +file = "HOME/tests/c/my_cosine.c" +line = 61 +begin = 12 +end = 124 + +[JC_53] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_53] -kind = FPOverflow -file = "HOME/tests/c/my_cosine.c" -line = 34 -begin = 19 -end = 24 - [my_cos4_safety] name = "Function my_cos4" behavior = "Safety" file = "HOME/tests/c/my_cosine.c" -line = 42 +line = 73 begin = 6 end = 13 [JC_54] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_55] +kind = FPOverflow +file = "HOME/tests/c/my_cosine.c" +line = 65 +begin = 19 +end = 24 + +[JC_56] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 34 +line = 65 begin = 19 end = 31 -[JC_55] +[JC_57] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 34 +line = 65 begin = 12 end = 31 -[JC_56] +[JC_58] file = "HOME/tests/c/my_cosine.c" -line = 35 +line = 66 begin = 13 end = 57 -[JC_57] +[JC_59] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 34 +line = 65 begin = 19 end = 24 -[JC_58] +[JC_60] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 34 +line = 65 begin = 19 end = 31 -[JC_59] +[JC_61] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 34 +line = 65 begin = 12 end = 31 -[JC_60] +[JC_62] file = "HOME/tests/c/my_cosine.c" -line = 35 +line = 66 begin = 13 end = 57 -[JC_61] -file = "HOME/tests/c/my_cosine.c" -line = 39 -begin = 13 -end = 28 - -[JC_62] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - [JC_10] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 14 +line = 45 begin = 16 end = 21 [JC_63] file = "HOME/tests/c/my_cosine.c" -line = 39 +line = 70 begin = 13 end = 28 [JC_11] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 14 +line = 45 begin = 16 end = 28 @@ -841,90 +904,90 @@ [JC_12] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 14 +line = 45 begin = 9 end = 28 [JC_65] file = "HOME/tests/c/my_cosine.c" -line = 40 -begin = 12 -end = 46 +line = 70 +begin = 13 +end = 28 [JC_13] file = "HOME/tests/c/my_cosine.c" -line = 13 +line = 44 begin = 13 end = 53 [JC_66] -file = "HOME/tests/c/my_cosine.c" -line = 40 -begin = 12 -end = 46 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_14] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 14 +line = 45 begin = 16 end = 21 [JC_67] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/c/my_cosine.c" +line = 71 +begin = 12 +end = 46 [JC_15] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 14 +line = 45 begin = 16 end = 28 [JC_68] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/c/my_cosine.c" +line = 71 +begin = 12 +end = 46 [JC_16] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 14 +line = 45 begin = 9 end = 28 [JC_69] -file = "HOME/tests/c/my_cosine.c" -line = 43 -begin = 13 -end = 55 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_17] file = "HOME/tests/c/my_cosine.c" -line = 17 +line = 48 begin = 13 end = 30 [JC_18] file = "HOME/tests/c/my_cosine.c" -line = 18 -begin = 11 -end = 33 +line = 48 +begin = 34 +end = 56 [JC_19] file = "HOME/tests/c/my_cosine.c" -line = 17 +line = 48 begin = 13 -end = 64 +end = 56 [my_cos1_ensures_default] name = "Function my_cos1" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/my_cosine.c" -line = 12 +line = 43 begin = 6 end = 13 @@ -932,38 +995,36 @@ name = "Function my_cos1" behavior = "Safety" file = "HOME/tests/c/my_cosine.c" -line = 12 +line = 43 begin = 6 end = 13 [JC_70] -kind = FPOverflow -file = "HOME/tests/c/my_cosine.c" -line = 44 -begin = 16 -end = 21 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [my_cos3_ensures_default] name = "Function my_cos3" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/my_cosine.c" -line = 33 +line = 64 begin = 6 end = 13 [JC_71] -kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 44 -begin = 16 -end = 28 +line = 74 +begin = 13 +end = 55 [JC_72] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 44 -begin = 9 -end = 28 +line = 75 +begin = 16 +end = 21 [JC_20] file = "HOME/" @@ -972,57 +1033,57 @@ end = -1 [JC_73] +kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 43 -begin = 13 -end = 55 +line = 75 +begin = 16 +end = 28 [JC_21] file = "HOME/tests/c/my_cosine.c" -line = 17 +line = 48 begin = 13 end = 30 [JC_74] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 44 -begin = 16 -end = 21 +line = 75 +begin = 9 +end = 28 [JC_22] file = "HOME/tests/c/my_cosine.c" -line = 18 -begin = 11 -end = 33 +line = 48 +begin = 34 +end = 56 [method_error] -name = "method_error" +name = "Lemma method_error" behavior = "lemma" -file = "HOME/tests/c/my_cosine.jessie/my_cosine.jc" -line = 26 -begin = 0 -end = 135 +file = "HOME/tests/c/my_cosine.c" +line = 36 +begin = 4 +end = 111 [JC_75] -kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 44 -begin = 16 -end = 28 +line = 74 +begin = 13 +end = 55 [JC_23] file = "HOME/tests/c/my_cosine.c" -line = 17 +line = 48 begin = 13 -end = 64 +end = 56 [JC_76] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 44 -begin = 9 -end = 28 +line = 75 +begin = 16 +end = 21 [JC_24] file = "HOME/" @@ -1030,15 +1091,29 @@ begin = -1 end = -1 +[JC_77] +kind = FPOverflow +file = "HOME/tests/c/my_cosine.c" +line = 75 +begin = 16 +end = 28 + [JC_25] file = "HOME/tests/c/my_cosine.c" -line = 19 +line = 49 begin = 12 end = 46 +[JC_78] +kind = FPOverflow +file = "HOME/tests/c/my_cosine.c" +line = 75 +begin = 9 +end = 28 + [JC_26] file = "HOME/tests/c/my_cosine.c" -line = 19 +line = 49 begin = 12 end = 46 @@ -1055,124 +1130,117 @@ end = -1 [JC_29] -kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 22 -begin = 19 -end = 24 +line = 52 +begin = 13 +end = 27 [my_cos2_safety] name = "Function my_cos2" behavior = "Safety" file = "HOME/tests/c/my_cosine.c" -line = 21 +line = 51 begin = 6 end = 13 [JC_30] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 22 +line = 53 begin = 19 -end = 31 +end = 24 [JC_31] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 22 -begin = 12 +line = 53 +begin = 19 end = 31 [JC_32] +kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 23 -begin = 13 -end = 49 +line = 53 +begin = 12 +end = 31 [JC_33] -kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 22 -begin = 19 -end = 24 +line = 54 +begin = 13 +end = 49 [JC_34] -kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 22 -begin = 19 -end = 31 +line = 52 +begin = 13 +end = 27 [JC_35] kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 22 -begin = 12 -end = 31 +line = 53 +begin = 19 +end = 24 [JC_36] +kind = FPOverflow file = "HOME/tests/c/my_cosine.c" -line = 23 -begin = 13 -end = 49 - -[JC_37] -file = "HOME/tests/c/my_cosine.c" -line = 28 -begin = 13 -end = 38 +line = 53 +begin = 19 +end = 31 [my_cos2_ensures_default] name = "Function my_cos2" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/my_cosine.c" -line = 21 +line = 51 begin = 6 end = 13 +[JC_37] +kind = FPOverflow +file = "HOME/tests/c/my_cosine.c" +line = 53 +begin = 12 +end = 31 + [JC_38] file = "HOME/tests/c/my_cosine.c" -line = 29 -begin = 11 -end = 37 +line = 54 +begin = 13 +end = 49 [JC_39] file = "HOME/tests/c/my_cosine.c" -line = 28 +line = 59 begin = 13 -end = 76 +end = 38 ========== file tests/c/my_cosine.jessie/why/my_cosine.why ========== -type char_P +type charP type int8 type padding -type void_P - -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - -exception Return_label_exc of unit +type voidP -logic char_P_tag: -> char_P tag_id +logic charP_tag: -> charP tag_id -axiom char_P_int : (int_of_tag(char_P_tag) = (1)) +axiom charP_int : (int_of_tag(charP_tag) = (1)) -logic char_P_of_pointer_address: unit pointer -> char_P pointer +logic charP_of_pointer_address: unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr : - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom : parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) -axiom char_P_tags : - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. - instanceof(char_P_tag_table, x, char_P_tag))) +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) logic integer_of_int8: int8 -> int @@ -1186,17 +1254,92 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_int8(int8_of_integer(x)), x))) +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + axiom int8_range : (forall x:int8. (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) -predicate left_valid_struct_char_P(p:char_P pointer, a:int, - char_P_alloc_table:char_P alloc_table) = - (offset_min(char_P_alloc_table, p) <= a) - -predicate left_valid_struct_void_P(p:void_P pointer, a:int, - void_P_alloc_table:void_P alloc_table) = - (offset_min(void_P_alloc_table, p) <= a) +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) lemma method_error : (forall x_3:real. @@ -1205,176 +1348,63 @@ cos(x_3))), 0x1p-24))) -axiom pointer_addr_of_char_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(char_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address: unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(void_P_of_pointer_address(p)))) - -predicate right_valid_struct_char_P(p:char_P pointer, b:int, - char_P_alloc_table:char_P alloc_table) = - (offset_max(char_P_alloc_table, p) >= b) - -predicate right_valid_struct_void_P(p:void_P pointer, b:int, - void_P_alloc_table:void_P alloc_table) = - (offset_max(void_P_alloc_table, p) >= b) - -predicate strict_valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag: -> void_P tag_id - -axiom void_P_int : (int_of_tag(void_P_tag) = (1)) - -axiom void_P_of_pointer_address_of_pointer_addr : - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom : parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags : - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. - instanceof(void_P_tag_table, x, void_P_tag))) - -parameter alloc_bitvector_struct_char_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_char_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_void_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_void_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter char_P_alloc_table : char_P alloc_table ref +parameter charP_alloc_table : charP alloc_table ref -parameter char_P_tag_table : char_P tag_table ref +parameter charP_tag_table : charP tag_table ref -parameter alloc_struct_char_P : +parameter alloc_struct_charP : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { } char_P pointer writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter alloc_struct_char_P_requires : +parameter alloc_struct_charP_requires : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { ge_int(n, (0))} char_P pointer - writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter void_P_alloc_table : void_P alloc_table ref +parameter voidP_alloc_table : voidP alloc_table ref -parameter void_P_tag_table : void_P tag_table ref +parameter voidP_tag_table : voidP tag_table ref -parameter alloc_struct_void_P : +parameter alloc_struct_voidP : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { } void_P pointer writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } -parameter alloc_struct_void_P_requires : +parameter alloc_struct_voidP_requires : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { ge_int(n, (0))} void_P pointer - writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } parameter any_int8 : unit -> { } int8 { true } @@ -1387,72 +1417,70 @@ x_0:single -> { } single { (JC_6: - le_real(abs_real(sub_real(single_value(result), cos(single_value(x_0@)))), + le_real(abs_real(sub_real(single_value(result), cos(single_value(x_0)))), 0x1p-23)) } parameter my_cos1_requires : x_0:single -> { (JC_1: le_real(abs_real(single_value(x_0)), 0x1p-5))} single { (JC_6: - le_real(abs_real(sub_real(single_value(result), cos(single_value(x_0@)))), + le_real(abs_real(sub_real(single_value(result), cos(single_value(x_0)))), 0x1p-23)) } parameter my_cos2 : x_0_0:single -> { } single { (JC_26: - le_real(abs_real(sub_real(single_value(result), - cos(single_value(x_0_0@)))), + le_real(abs_real(sub_real(single_value(result), cos(single_value(x_0_0)))), 0x1p-23)) } parameter my_cos2_requires : x_0_0:single -> { (JC_19: ((JC_17: le_real(abs_real(single_value(x_0_0)), 0x1p-5)) - and (JC_18: eq_real(single_round_error(x_0_0), 0.0))))} + and (JC_18: (single_round_error(x_0_0) = 0.0))))} single { (JC_26: - le_real(abs_real(sub_real(single_value(result), - cos(single_value(x_0_0@)))), + le_real(abs_real(sub_real(single_value(result), cos(single_value(x_0_0)))), 0x1p-23)) } parameter my_cos3 : x_1:single -> { } single - { (JC_50: - ((JC_48: - le_real(abs_real(sub_real(single_exact(result), cos(single_exact(x_1@)))), + { (JC_52: + ((JC_50: + le_real(abs_real(sub_real(single_exact(result), cos(single_exact(x_1)))), 0x1p-24)) - and (JC_49: + and (JC_51: le_real(single_round_error(result), - add_real(single_round_error(x_1@), 0x3p-24))))) } + add_real(single_round_error(x_1), 0x3p-24))))) } parameter my_cos3_requires : x_1:single -> - { (JC_39: - ((JC_37: le_real(abs_real(single_exact(x_1)), 0x1p-5)) - and (JC_38: le_real(single_round_error(x_1), 0x1p-20))))} + { (JC_41: + ((JC_39: le_real(abs_real(single_exact(x_1)), 0x1p-5)) + and (JC_40: le_real(single_round_error(x_1), 0x1p-20))))} single - { (JC_50: - ((JC_48: - le_real(abs_real(sub_real(single_exact(result), cos(single_exact(x_1@)))), + { (JC_52: + ((JC_50: + le_real(abs_real(sub_real(single_exact(result), cos(single_exact(x_1)))), 0x1p-24)) - and (JC_49: + and (JC_51: le_real(single_round_error(result), - add_real(single_round_error(x_1@), 0x3p-24))))) } + add_real(single_round_error(x_1), 0x3p-24))))) } parameter my_cos4 : x_2:single -> { } single - { (JC_66: - le_real(abs_real(sub_real(single_value(result), cos(single_value(x_2@)))), + { (JC_68: + le_real(abs_real(sub_real(single_value(result), cos(single_value(x_2)))), 0x1p-20)) } parameter my_cos4_requires : x_2:single -> - { (JC_61: le_real(abs_real(single_value(x_2)), 0.07))} single - { (JC_66: - le_real(abs_real(sub_real(single_value(result), cos(single_value(x_2@)))), + { (JC_63: le_real(abs_real(single_value(x_2)), 0.07))} single + { (JC_68: + le_real(abs_real(sub_real(single_value(result), cos(single_value(x_2)))), 0x1p-20)) } parameter safe_int8_of_integer_ : @@ -1489,7 +1517,7 @@ (return := !__retres); (raise Return) end)); absurd end with Return -> !return end)) { (JC_5: - le_real(abs_real(sub_real(single_value(result), cos(single_value(x_0@)))), + le_real(abs_real(sub_real(single_value(result), cos(single_value(x_0)))), 0x1p-23)) } let my_cos1_safety = @@ -1527,122 +1555,127 @@ fun (x_0_0 : single) -> { (JC_23: ((JC_21: le_real(abs_real(single_value(x_0_0)), 0x1p-5)) - and (JC_22: eq_real(single_round_error(x_0_0), 0.0)))) } + and (JC_22: (single_round_error(x_0_0) = 0.0)))) } (init: (let return = ref (any_single void) in try begin (let r = ref (any_single void) in - (C_11: begin - (let jessie_ = - (r := (C_10: - (JC_35: - (((sub_single_safe nearest_even) (single_of_real_exact 1.0)) - (C_9: - (JC_34: - (((mul_single_safe nearest_even) (C_8: - (JC_33: - (((mul_single_safe nearest_even) x_0_0) x_0_0)))) - (single_of_real_exact 0.5)))))))) in void); + (assert { (JC_34: (single_exact(x_0_0) = single_value(x_0_0))) }; + void); void; + (let jessie_ = + (C_12: + begin + (r := (C_11: + (JC_37: + (((sub_single_safe nearest_even) (single_of_real_exact 1.0)) + (C_10: + (JC_36: + (((mul_single_safe nearest_even) (C_9: + (JC_35: + (((mul_single_safe nearest_even) x_0_0) x_0_0)))) + (single_of_real_exact 0.5)))))))); !r end) in void); (assert - { (JC_36: + { (JC_38: le_real(abs_real(sub_real(single_exact(r), cos(single_value(x_0_0)))), - 0x1p-24)) }; void); void; (return := !r); (raise Return) end)); + 0x1p-24)) }; void); void; (return := !r); (raise Return) end); absurd end with Return -> !return end)) { (JC_25: - le_real(abs_real(sub_real(single_value(result), - cos(single_value(x_0_0@)))), + le_real(abs_real(sub_real(single_value(result), cos(single_value(x_0_0)))), 0x1p-23)) } let my_cos2_safety = fun (x_0_0 : single) -> { (JC_23: ((JC_21: le_real(abs_real(single_value(x_0_0)), 0x1p-5)) - and (JC_22: eq_real(single_round_error(x_0_0), 0.0)))) } + and (JC_22: (single_round_error(x_0_0) = 0.0)))) } (init: (let return = ref (any_single void) in try begin (let r = ref (any_single void) in - (C_11: begin - (let jessie_ = - (r := (C_10: - (JC_31: - (((sub_single nearest_even) (single_of_real_exact 1.0)) - (C_9: - (JC_30: - (((mul_single nearest_even) (C_8: - (JC_29: - (((mul_single nearest_even) x_0_0) x_0_0)))) - (single_of_real_exact 0.5)))))))) in void); + [ { } unit { (JC_29: (single_exact(x_0_0) = single_value(x_0_0))) } ]; + void; + (let jessie_ = + (C_12: + begin + (r := (C_11: + (JC_32: + (((sub_single nearest_even) (single_of_real_exact 1.0)) + (C_10: + (JC_31: + (((mul_single nearest_even) (C_9: + (JC_30: + (((mul_single nearest_even) x_0_0) x_0_0)))) + (single_of_real_exact 0.5)))))))); !r end) in void); [ { } unit reads r - { (JC_32: + { (JC_33: le_real(abs_real(sub_real(single_exact(r), cos(single_value(x_0_0)))), - 0x1p-24)) } ]; void; (return := !r); (raise Return) end)); - absurd end with Return -> !return end)) { true } + 0x1p-24)) } ]; void; (return := !r); (raise Return) end); absurd + end with Return -> !return end)) { true } let my_cos3_ensures_default = fun (x_1 : single) -> - { (JC_43: - ((JC_41: le_real(abs_real(single_exact(x_1)), 0x1p-5)) - and (JC_42: le_real(single_round_error(x_1), 0x1p-20)))) } + { (JC_45: + ((JC_43: le_real(abs_real(single_exact(x_1)), 0x1p-5)) + and (JC_44: le_real(single_round_error(x_1), 0x1p-20)))) } (init: (let return = ref (any_single void) in try begin (let r_0 = ref (any_single void) in - (C_20: + (C_21: begin (let jessie_ = - (r_0 := (C_19: - (JC_59: + (r_0 := (C_20: + (JC_61: (((sub_single_safe nearest_even) (single_of_real_exact 1.0)) - (C_18: - (JC_58: - (((mul_single_safe nearest_even) (C_17: - (JC_57: + (C_19: + (JC_60: + (((mul_single_safe nearest_even) (C_18: + (JC_59: (((mul_single_safe nearest_even) x_1) x_1)))) (single_of_real_exact 0.5)))))))) in void); (assert - { (JC_60: + { (JC_62: le_real(abs_real(sub_real(single_exact(r_0), cos(single_exact(x_1)))), 0x1p-24)) }; void); void; (return := !r_0); (raise Return) end)); absurd end with Return -> !return end)) - { (JC_47: - ((JC_45: - le_real(abs_real(sub_real(single_exact(result), cos(single_exact(x_1@)))), + { (JC_49: + ((JC_47: + le_real(abs_real(sub_real(single_exact(result), cos(single_exact(x_1)))), 0x1p-24)) - and (JC_46: + and (JC_48: le_real(single_round_error(result), - add_real(single_round_error(x_1@), 0x3p-24))))) } + add_real(single_round_error(x_1), 0x3p-24))))) } let my_cos3_safety = fun (x_1 : single) -> - { (JC_43: - ((JC_41: le_real(abs_real(single_exact(x_1)), 0x1p-5)) - and (JC_42: le_real(single_round_error(x_1), 0x1p-20)))) } + { (JC_45: + ((JC_43: le_real(abs_real(single_exact(x_1)), 0x1p-5)) + and (JC_44: le_real(single_round_error(x_1), 0x1p-20)))) } (init: (let return = ref (any_single void) in try begin (let r_0 = ref (any_single void) in - (C_20: + (C_21: begin (let jessie_ = - (r_0 := (C_19: - (JC_55: + (r_0 := (C_20: + (JC_57: (((sub_single nearest_even) (single_of_real_exact 1.0)) - (C_18: - (JC_54: - (((mul_single nearest_even) (C_17: - (JC_53: + (C_19: + (JC_56: + (((mul_single nearest_even) (C_18: + (JC_55: (((mul_single nearest_even) x_1) x_1)))) (single_of_real_exact 0.5)))))))) in void); [ { } unit reads r_0 - { (JC_56: + { (JC_58: le_real(abs_real(sub_real(single_exact(r_0), cos(single_exact(x_1)))), 0x1p-24)) } ]; void; (return := !r_0); (raise Return) end)); @@ -1650,16 +1683,16 @@ let my_cos4_ensures_default = fun (x_2 : single) -> - { (JC_63: le_real(abs_real(single_value(x_2)), 0.07)) } + { (JC_65: le_real(abs_real(single_value(x_2)), 0.07)) } (init: (let return = ref (any_single void) in try begin (let __retres_0 = ref (any_single void) in - (C_32: + (C_33: begin (assert - { (JC_73: + { (JC_75: le_real(abs_real(sub_real(sub_real(1.0, mul_real(mul_real(single_value(x_2), single_value(x_2)), @@ -1667,33 +1700,33 @@ cos(single_value(x_2)))), 0x0.Fp-20)) }; void); void; (let jessie_ = - (__retres_0 := (C_31: - (JC_76: + (__retres_0 := (C_32: + (JC_78: (((sub_single_safe nearest_even) (single_of_real_exact 1.0)) - (C_30: - (JC_75: - (((mul_single_safe nearest_even) (C_29: - (JC_74: + (C_31: + (JC_77: + (((mul_single_safe nearest_even) (C_30: + (JC_76: (((mul_single_safe nearest_even) x_2) x_2)))) (single_of_real_exact 0.5)))))))) in void); (return := !__retres_0); (raise Return) end)); absurd end with Return -> !return end)) - { (JC_65: - le_real(abs_real(sub_real(single_value(result), cos(single_value(x_2@)))), + { (JC_67: + le_real(abs_real(sub_real(single_value(result), cos(single_value(x_2)))), 0x1p-20)) } let my_cos4_safety = fun (x_2 : single) -> - { (JC_63: le_real(abs_real(single_value(x_2)), 0.07)) } + { (JC_65: le_real(abs_real(single_value(x_2)), 0.07)) } (init: (let return = ref (any_single void) in try begin (let __retres_0 = ref (any_single void) in - (C_32: + (C_33: begin [ { } unit - { (JC_69: + { (JC_71: le_real(abs_real(sub_real(sub_real(1.0, mul_real(mul_real(single_value(x_2), single_value(x_2)), @@ -1701,13 +1734,13 @@ cos(single_value(x_2)))), 0x0.Fp-20)) } ]; void; (let jessie_ = - (__retres_0 := (C_31: - (JC_72: + (__retres_0 := (C_32: + (JC_74: (((sub_single nearest_even) (single_of_real_exact 1.0)) - (C_30: - (JC_71: - (((mul_single nearest_even) (C_29: - (JC_70: + (C_31: + (JC_73: + (((mul_single nearest_even) (C_30: + (JC_72: (((mul_single nearest_even) x_2) x_2)))) (single_of_real_exact 0.5)))))))) in void); (return := !__retres_0); (raise Return) end)); absurd end with @@ -2763,6 +2796,10 @@ ((((-9007199254740992) <= i) and (i <= 9007199254740992)) -> (round_double(m, real_of_int(i)) = real_of_int(i))))) +axiom exact_round_double_for_doubles: + (forall x:double. + (forall m:mode. (round_double(m, double_value(x)) = double_value(x)))) + axiom round_double_idempotent: (forall m1:mode. (forall m2:mode. @@ -2819,6 +2856,10 @@ ((((-16777216) <= i) and (i <= 16777216)) -> (round_single(m, real_of_int(i)) = real_of_int(i))))) +axiom exact_round_single_for_singles: + (forall x:single. + (forall m:mode. (round_single(m, single_value(x)) = single_value(x)))) + axiom round_single_idempotent: (forall m1:mode. (forall m2:mode. @@ -2835,22 +2876,21 @@ axiom round_up_single_ge: (forall x:real. (round_single(up, x) >= x)) -logic single_to_double : single -> double - -logic double_to_single : mode, double -> single - -axiom single_to_double_val: - (forall s:single. (double_value(single_to_double(s)) = single_value(s))) +axiom single_value_is_bounded: + (forall x:single. (abs_real(single_value(x)) <= max_single)) -axiom double_to_single_val: - (forall m:mode. - (forall d:double. (single_value(double_to_single(m, d)) = round_single(m, - double_value(d))))) +axiom double_value_is_bounded: + (forall x:double. (abs_real(double_value(x)) <= max_double)) predicate single_of_real_post(m: mode, x: real, res: single) = ((single_value(res) = round_single(m, x)) and ((single_exact(res) = x) and (single_model(res) = x))) +predicate single_of_double_post(m: mode, x: double, res: single) = + ((single_value(res) = round_single(m, double_value(x))) and + ((single_exact(res) = double_exact(x)) and + (single_model(res) = double_model(x)))) + predicate add_single_post(m: mode, x: single, y: single, res: single) = ((single_value(res) = round_single(m, (single_value(x) + single_value(y)))) and @@ -2894,6 +2934,11 @@ ((double_value(res) = round_double(m, x)) and ((double_exact(res) = x) and (double_model(res) = x))) +predicate double_of_single_post(x: single, res: double) = + ((double_value(res) = single_value(x)) and + ((double_exact(res) = single_exact(x)) and + (double_model(res) = single_model(x)))) + predicate add_double_post(m: mode, x: double, y: double, res: double) = ((double_value(res) = round_double(m, (double_value(x) + double_value(y)))) and @@ -2933,30 +2978,30 @@ ((double_exact(res) = abs_real(double_exact(x))) and (double_model(res) = abs_real(double_model(x))))) -type char_P +type charP type int8 type padding -type void_P +type voidP -logic char_P_tag : char_P tag_id +logic charP_tag : charP tag_id -axiom char_P_int: (int_of_tag(char_P_tag) = 1) +axiom charP_int: (int_of_tag(charP_tag) = 1) -logic char_P_of_pointer_address : unit pointer -> char_P pointer +logic charP_of_pointer_address : unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr: - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom: parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) -axiom char_P_tags: - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. instanceof(char_P_tag_table, - x, char_P_tag))) +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) logic integer_of_int8 : int8 -> int @@ -2970,18 +3015,93 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_int8(int8_of_integer(x)) = x))) +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + axiom int8_range: (forall x:int8. (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) -predicate left_valid_struct_char_P(p: char_P pointer, a: int, - char_P_alloc_table: char_P alloc_table) = (offset_min(char_P_alloc_table, +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, p) <= a) -predicate left_valid_struct_void_P(p: void_P pointer, a: int, - void_P_alloc_table: void_P alloc_table) = (offset_min(void_P_alloc_table, +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, p) <= a) +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + goal method_error: (forall x_3:real. ((abs_real(x_3) <= 0x1.p-5) -> @@ -2992,95 +3112,11 @@ ((abs_real(x_3) <= 0x1.p-5) -> (abs_real(((1.0 - ((x_3 * x_3) * 0.5)) - cos(x_3))) <= 0x1.p-24))) -axiom pointer_addr_of_char_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(char_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address : unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(void_P_of_pointer_address(p)))) - -predicate right_valid_struct_char_P(p: char_P pointer, b: int, - char_P_alloc_table: char_P alloc_table) = (offset_max(char_P_alloc_table, - p) >= b) - -predicate right_valid_struct_void_P(p: void_P pointer, b: int, - void_P_alloc_table: void_P alloc_table) = (offset_max(void_P_alloc_table, - p) >= b) - -predicate strict_valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag : void_P tag_id - -axiom void_P_int: (int_of_tag(void_P_tag) = 1) - -axiom void_P_of_pointer_address_of_pointer_addr: - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom: parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags: - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. instanceof(void_P_tag_table, - x, void_P_tag))) - goal my_cos1_ensures_default_po_1: forall x_0:single. ("JC_3": (abs_real(single_value(x_0)) <= 0x1.p-5)) -> ("JC_13": - ("JC_13": - (abs_real(((1.0 - ((single_value(x_0) * single_value(x_0)) * 0.5)) - cos(single_value(x_0)))) <= 0x1.p-24))) + (abs_real(((1.0 - ((single_value(x_0) * single_value(x_0)) * 0.5)) - cos(single_value(x_0)))) <= 0x1.p-24)) goal my_cos1_ensures_default_po_2: forall x_0:single. @@ -3091,20 +3127,14 @@ ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> forall result0:single. - (no_overflow_single(nearest_even, - (single_value(x_0) * single_value(x_0))) and mul_single_post(nearest_even, - x_0, x_0, result0)) -> + mul_single_post(nearest_even, x_0, x_0, result0) -> forall result1:single. ((single_value(result1) = 0.5) and ((single_exact(result1) = 0.5) and (single_model(result1) = 0.5))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(result0) * single_value(result1))) and - mul_single_post(nearest_even, result0, result1, result2)) -> + mul_single_post(nearest_even, result0, result1, result2) -> forall result3:single. - (no_overflow_single(nearest_even, - (single_value(result) - single_value(result2))) and - sub_single_post(nearest_even, result, result2, result3)) -> + sub_single_post(nearest_even, result, result2, result3) -> forall __retres:single. (__retres = result3) -> forall return:single. @@ -3167,56 +3197,52 @@ ("JC_23": (("JC_21": (abs_real(single_value(x_0_0)) <= 0x1.p-5)) and ("JC_22": (single_round_error(x_0_0) = 0.0)))) -> + ("JC_34": (single_exact(x_0_0) = single_value(x_0_0))) + +goal my_cos2_ensures_default_po_2: + forall x_0_0:single. + ("JC_23": + (("JC_21": (abs_real(single_value(x_0_0)) <= 0x1.p-5)) and + ("JC_22": (single_round_error(x_0_0) = 0.0)))) -> + ("JC_34": (single_exact(x_0_0) = single_value(x_0_0))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> forall result0:single. - (no_overflow_single(nearest_even, - (single_value(x_0_0) * single_value(x_0_0))) and - mul_single_post(nearest_even, x_0_0, x_0_0, result0)) -> + mul_single_post(nearest_even, x_0_0, x_0_0, result0) -> forall result1:single. ((single_value(result1) = 0.5) and ((single_exact(result1) = 0.5) and (single_model(result1) = 0.5))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(result0) * single_value(result1))) and - mul_single_post(nearest_even, result0, result1, result2)) -> + mul_single_post(nearest_even, result0, result1, result2) -> forall result3:single. - (no_overflow_single(nearest_even, - (single_value(result) - single_value(result2))) and - sub_single_post(nearest_even, result, result2, result3)) -> + sub_single_post(nearest_even, result, result2, result3) -> forall r:single. (r = result3) -> - ("JC_36": - ("JC_36": - (abs_real((single_exact(r) - cos(single_value(x_0_0)))) <= 0x1.p-24))) + ("JC_38": + (abs_real((single_exact(r) - cos(single_value(x_0_0)))) <= 0x1.p-24)) -goal my_cos2_ensures_default_po_2: +goal my_cos2_ensures_default_po_3: forall x_0_0:single. ("JC_23": (("JC_21": (abs_real(single_value(x_0_0)) <= 0x1.p-5)) and ("JC_22": (single_round_error(x_0_0) = 0.0)))) -> + ("JC_34": (single_exact(x_0_0) = single_value(x_0_0))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> forall result0:single. - (no_overflow_single(nearest_even, - (single_value(x_0_0) * single_value(x_0_0))) and - mul_single_post(nearest_even, x_0_0, x_0_0, result0)) -> + mul_single_post(nearest_even, x_0_0, x_0_0, result0) -> forall result1:single. ((single_value(result1) = 0.5) and ((single_exact(result1) = 0.5) and (single_model(result1) = 0.5))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(result0) * single_value(result1))) and - mul_single_post(nearest_even, result0, result1, result2)) -> + mul_single_post(nearest_even, result0, result1, result2) -> forall result3:single. - (no_overflow_single(nearest_even, - (single_value(result) - single_value(result2))) and - sub_single_post(nearest_even, result, result2, result3)) -> + sub_single_post(nearest_even, result, result2, result3) -> forall r:single. (r = result3) -> - ("JC_36": + ("JC_38": (abs_real((single_exact(r) - cos(single_value(x_0_0)))) <= 0x1.p-24)) -> forall return:single. (return = r) -> @@ -3228,6 +3254,7 @@ ("JC_23": (("JC_21": (abs_real(single_value(x_0_0)) <= 0x1.p-5)) and ("JC_22": (single_round_error(x_0_0) = 0.0)))) -> + ("JC_29": (single_exact(x_0_0) = single_value(x_0_0))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> @@ -3239,6 +3266,7 @@ ("JC_23": (("JC_21": (abs_real(single_value(x_0_0)) <= 0x1.p-5)) and ("JC_22": (single_round_error(x_0_0) = 0.0)))) -> + ("JC_29": (single_exact(x_0_0) = single_value(x_0_0))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> @@ -3257,6 +3285,7 @@ ("JC_23": (("JC_21": (abs_real(single_value(x_0_0)) <= 0x1.p-5)) and ("JC_22": (single_round_error(x_0_0) = 0.0)))) -> + ("JC_29": (single_exact(x_0_0) = single_value(x_0_0))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> @@ -3276,106 +3305,85 @@ goal my_cos3_ensures_default_po_1: forall x_1:single. - ("JC_43": - (("JC_41": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and - ("JC_42": (single_round_error(x_1) <= 0x1.p-20)))) -> + ("JC_45": + (("JC_43": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and + ("JC_44": (single_round_error(x_1) <= 0x1.p-20)))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> forall result0:single. - (no_overflow_single(nearest_even, - (single_value(x_1) * single_value(x_1))) and mul_single_post(nearest_even, - x_1, x_1, result0)) -> + mul_single_post(nearest_even, x_1, x_1, result0) -> forall result1:single. ((single_value(result1) = 0.5) and ((single_exact(result1) = 0.5) and (single_model(result1) = 0.5))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(result0) * single_value(result1))) and - mul_single_post(nearest_even, result0, result1, result2)) -> + mul_single_post(nearest_even, result0, result1, result2) -> forall result3:single. - (no_overflow_single(nearest_even, - (single_value(result) - single_value(result2))) and - sub_single_post(nearest_even, result, result2, result3)) -> + sub_single_post(nearest_even, result, result2, result3) -> forall r_0:single. (r_0 = result3) -> - ("JC_60": - ("JC_60": - (abs_real((single_exact(r_0) - cos(single_exact(x_1)))) <= 0x1.p-24))) + ("JC_62": + (abs_real((single_exact(r_0) - cos(single_exact(x_1)))) <= 0x1.p-24)) goal my_cos3_ensures_default_po_2: forall x_1:single. - ("JC_43": - (("JC_41": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and - ("JC_42": (single_round_error(x_1) <= 0x1.p-20)))) -> + ("JC_45": + (("JC_43": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and + ("JC_44": (single_round_error(x_1) <= 0x1.p-20)))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> forall result0:single. - (no_overflow_single(nearest_even, - (single_value(x_1) * single_value(x_1))) and mul_single_post(nearest_even, - x_1, x_1, result0)) -> + mul_single_post(nearest_even, x_1, x_1, result0) -> forall result1:single. ((single_value(result1) = 0.5) and ((single_exact(result1) = 0.5) and (single_model(result1) = 0.5))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(result0) * single_value(result1))) and - mul_single_post(nearest_even, result0, result1, result2)) -> + mul_single_post(nearest_even, result0, result1, result2) -> forall result3:single. - (no_overflow_single(nearest_even, - (single_value(result) - single_value(result2))) and - sub_single_post(nearest_even, result, result2, result3)) -> + sub_single_post(nearest_even, result, result2, result3) -> forall r_0:single. (r_0 = result3) -> - ("JC_60": + ("JC_62": (abs_real((single_exact(r_0) - cos(single_exact(x_1)))) <= 0x1.p-24)) -> forall return:single. (return = r_0) -> + ("JC_49": ("JC_47": - ("JC_45": - ("JC_45": - (abs_real((single_exact(return) - cos(single_exact(x_1)))) <= 0x1.p-24)))) + (abs_real((single_exact(return) - cos(single_exact(x_1)))) <= 0x1.p-24))) goal my_cos3_ensures_default_po_3: forall x_1:single. - ("JC_43": - (("JC_41": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and - ("JC_42": (single_round_error(x_1) <= 0x1.p-20)))) -> + ("JC_45": + (("JC_43": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and + ("JC_44": (single_round_error(x_1) <= 0x1.p-20)))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> forall result0:single. - (no_overflow_single(nearest_even, - (single_value(x_1) * single_value(x_1))) and mul_single_post(nearest_even, - x_1, x_1, result0)) -> + mul_single_post(nearest_even, x_1, x_1, result0) -> forall result1:single. ((single_value(result1) = 0.5) and ((single_exact(result1) = 0.5) and (single_model(result1) = 0.5))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(result0) * single_value(result1))) and - mul_single_post(nearest_even, result0, result1, result2)) -> + mul_single_post(nearest_even, result0, result1, result2) -> forall result3:single. - (no_overflow_single(nearest_even, - (single_value(result) - single_value(result2))) and - sub_single_post(nearest_even, result, result2, result3)) -> + sub_single_post(nearest_even, result, result2, result3) -> forall r_0:single. (r_0 = result3) -> - ("JC_60": + ("JC_62": (abs_real((single_exact(r_0) - cos(single_exact(x_1)))) <= 0x1.p-24)) -> forall return:single. (return = r_0) -> - ("JC_47": - ("JC_46": - ("JC_46": - (single_round_error(return) <= (single_round_error(x_1) + 0x3.p-24))))) + ("JC_49": + ("JC_48": + (single_round_error(return) <= (single_round_error(x_1) + 0x3.p-24)))) goal my_cos3_safety_po_1: forall x_1:single. - ("JC_43": - (("JC_41": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and - ("JC_42": (single_round_error(x_1) <= 0x1.p-20)))) -> + ("JC_45": + (("JC_43": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and + ("JC_44": (single_round_error(x_1) <= 0x1.p-20)))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> @@ -3383,9 +3391,9 @@ goal my_cos3_safety_po_2: forall x_1:single. - ("JC_43": - (("JC_41": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and - ("JC_42": (single_round_error(x_1) <= 0x1.p-20)))) -> + ("JC_45": + (("JC_43": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and + ("JC_44": (single_round_error(x_1) <= 0x1.p-20)))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> @@ -3401,9 +3409,9 @@ goal my_cos3_safety_po_3: forall x_1:single. - ("JC_43": - (("JC_41": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and - ("JC_42": (single_round_error(x_1) <= 0x1.p-20)))) -> + ("JC_45": + (("JC_43": (abs_real(single_exact(x_1)) <= 0x1.p-5)) and + ("JC_44": (single_round_error(x_1) <= 0x1.p-20)))) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> @@ -3423,45 +3431,38 @@ goal my_cos4_ensures_default_po_1: forall x_2:single. - ("JC_63": (abs_real(single_value(x_2)) <= 0.07)) -> - ("JC_73": - ("JC_73": - (abs_real(((1.0 - ((single_value(x_2) * single_value(x_2)) * 0.5)) - cos(single_value(x_2)))) <= 0x0.Fp-20))) + ("JC_65": (abs_real(single_value(x_2)) <= 0.07)) -> + ("JC_75": + (abs_real(((1.0 - ((single_value(x_2) * single_value(x_2)) * 0.5)) - cos(single_value(x_2)))) <= 0x0.Fp-20)) goal my_cos4_ensures_default_po_2: forall x_2:single. - ("JC_63": (abs_real(single_value(x_2)) <= 0.07)) -> - ("JC_73": + ("JC_65": (abs_real(single_value(x_2)) <= 0.07)) -> + ("JC_75": (abs_real(((1.0 - ((single_value(x_2) * single_value(x_2)) * 0.5)) - cos(single_value(x_2)))) <= 0x0.Fp-20)) -> forall result:single. ((single_value(result) = 1.0) and ((single_exact(result) = 1.0) and (single_model(result) = 1.0))) -> forall result0:single. - (no_overflow_single(nearest_even, - (single_value(x_2) * single_value(x_2))) and mul_single_post(nearest_even, - x_2, x_2, result0)) -> + mul_single_post(nearest_even, x_2, x_2, result0) -> forall result1:single. ((single_value(result1) = 0.5) and ((single_exact(result1) = 0.5) and (single_model(result1) = 0.5))) -> forall result2:single. - (no_overflow_single(nearest_even, - (single_value(result0) * single_value(result1))) and - mul_single_post(nearest_even, result0, result1, result2)) -> + mul_single_post(nearest_even, result0, result1, result2) -> forall result3:single. - (no_overflow_single(nearest_even, - (single_value(result) - single_value(result2))) and - sub_single_post(nearest_even, result, result2, result3)) -> + sub_single_post(nearest_even, result, result2, result3) -> forall __retres_0:single. (__retres_0 = result3) -> forall return:single. (return = __retres_0) -> - ("JC_65": + ("JC_67": (abs_real((single_value(return) - cos(single_value(x_2)))) <= 0x1.p-20)) goal my_cos4_safety_po_1: forall x_2:single. - ("JC_63": (abs_real(single_value(x_2)) <= 0.07)) -> - ("JC_69": + ("JC_65": (abs_real(single_value(x_2)) <= 0.07)) -> + ("JC_71": (abs_real(((1.0 - ((single_value(x_2) * single_value(x_2)) * 0.5)) - cos(single_value(x_2)))) <= 0x0.Fp-20)) -> forall result:single. ((single_value(result) = 1.0) and @@ -3470,8 +3471,8 @@ goal my_cos4_safety_po_2: forall x_2:single. - ("JC_63": (abs_real(single_value(x_2)) <= 0.07)) -> - ("JC_69": + ("JC_65": (abs_real(single_value(x_2)) <= 0.07)) -> + ("JC_71": (abs_real(((1.0 - ((single_value(x_2) * single_value(x_2)) * 0.5)) - cos(single_value(x_2)))) <= 0x0.Fp-20)) -> forall result:single. ((single_value(result) = 1.0) and @@ -3488,8 +3489,8 @@ goal my_cos4_safety_po_3: forall x_2:single. - ("JC_63": (abs_real(single_value(x_2)) <= 0.07)) -> - ("JC_69": + ("JC_65": (abs_real(single_value(x_2)) <= 0.07)) -> + ("JC_71": (abs_real(((1.0 - ((single_value(x_2) * single_value(x_2)) * 0.5)) - cos(single_value(x_2)))) <= 0x0.Fp-20)) -> forall result:single. ((single_value(result) = 1.0) and @@ -3511,12 +3512,12 @@ ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/my_cosine_why.why : ?.??.###?.#..#?.#?#?.# (7/0/7/8/0) -total : 22 -valid : 7 ( 32%) +why/my_cosine_why.why : ?.??.#..#..#..#?.#???.# (10/0/7/6/0) +total : 23 +valid : 10 ( 43%) invalid : 0 ( 0%) -unknown : 7 ( 32%) -timeout : 8 ( 36%) +unknown : 7 ( 30%) +timeout : 6 ( 26%) failure : 0 ( 0%) // RUNCOQ: for the first VC ========== generation of Coq VC output ========== @@ -3525,11 +3526,11 @@ (* This file was originally generated by why. It can be modified; only the generated parts will be overwritten. *) Require Export jessie_why. -Require Import floats_strict. -Require Import tactics. +Require Import WhyFloatsStrict. +Require Import Interval_tactic. +Require Import Rtrigo_def. - -(*Why type*) Definition char_P: Set. +(*Why type*) Definition charP: Set. Admitted. (*Why type*) Definition int8: Set. @@ -3538,33 +3539,37 @@ (*Why type*) Definition padding: Set. Admitted. -(*Why type*) Definition void_P: Set. +(*Why type*) Definition voidP: Set. Admitted. -(*Why logic*) Definition char_P_tag : (tag_id char_P). +(*Why logic*) Definition charP_tag : (tag_id charP). Admitted. -(*Why axiom*) Lemma char_P_int : (int_of_tag char_P_tag) = 1. +(*Why axiom*) Lemma charP_int : (int_of_tag charP_tag) = 1. Admitted. +Dp_hint charP_int. -(*Why logic*) Definition char_P_of_pointer_address : - (pointer unit) -> (pointer char_P). +(*Why logic*) Definition charP_of_pointer_address : + (pointer unit) -> (pointer charP). Admitted. -(*Why axiom*) Lemma char_P_of_pointer_address_of_pointer_addr : - (forall (p:(pointer char_P)), - p = (char_P_of_pointer_address (pointer_address p))). +(*Why axiom*) Lemma charP_of_pointer_address_of_pointer_addr : + (forall (p:(pointer charP)), + p = (charP_of_pointer_address (pointer_address p))). Admitted. +Dp_hint charP_of_pointer_address_of_pointer_addr. -(*Why axiom*) Lemma char_P_parenttag_bottom : - (parenttag char_P_tag (@bottom_tag char_P)). +(*Why axiom*) Lemma charP_parenttag_bottom : + (parenttag charP_tag (@bottom_tag charP)). Admitted. +Dp_hint charP_parenttag_bottom. -(*Why axiom*) Lemma char_P_tags : - (forall (x:(pointer char_P)), - (forall (char_P_tag_table:(tag_table char_P)), - (instanceof char_P_tag_table x char_P_tag))). +(*Why axiom*) Lemma charP_tags : + (forall (x:(pointer charP)), + (forall (charP_tag_table:(tag_table charP)), + (instanceof charP_tag_table x charP_tag))). Admitted. +Dp_hint charP_tags. (*Why logic*) Definition integer_of_int8 : int8 -> Z. Admitted. @@ -3580,121 +3585,123 @@ ((-128) <= x /\ x <= 127 -> (integer_of_int8 (int8_of_integer x)) = x)). Admitted. +(*Why axiom*) Lemma int8_extensionality : + (forall (x:int8), + (forall (y:int8), ((integer_of_int8 x) = (integer_of_int8 y) -> x = y))). +Admitted. +Dp_hint int8_extensionality. + (*Why axiom*) Lemma int8_range : (forall (x:int8), (-128) <= (integer_of_int8 x) /\ (integer_of_int8 x) <= 127). Admitted. -(*Why predicate*) Definition left_valid_struct_char_P (p:(pointer char_P)) (a:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a. - -(*Why predicate*) Definition left_valid_struct_void_P (p:(pointer void_P)) (a:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a. - -(* Why obligation from file "my_cosine.jc", line 26, characters 0-135: *) -(*Why goal*) Lemma method_error : - (forall (x_3:R), - ((Rle (Rabs x_3) (1 / 32)%R) -> - (Rle - (Rabs - (Rminus (Rminus (1)%R (Rmult (Rmult x_3 x_3) (05 / 10)%R)) (cos x_3))) - (1 / 16777216)%R))). -Proof. -intros x H. -interval with (i_bisect_diff x,i_nocheck). -Save. +(*Why predicate*) Definition left_valid_struct_charP (p:(pointer charP)) (a:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a. -Dp_hint method_error. +(*Why predicate*) Definition left_valid_struct_voidP (p:(pointer voidP)) (a:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a. -(*Why axiom*) Lemma pointer_addr_of_char_P_of_pointer_address : +(*Why axiom*) Lemma pointer_addr_of_charP_of_pointer_address : (forall (p:(pointer unit)), - p = (pointer_address (char_P_of_pointer_address p))). + p = (pointer_address (charP_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_charP_of_pointer_address. -(*Why logic*) Definition void_P_of_pointer_address : - (pointer unit) -> (pointer void_P). +(*Why logic*) Definition voidP_of_pointer_address : + (pointer unit) -> (pointer voidP). Admitted. -(*Why axiom*) Lemma pointer_addr_of_void_P_of_pointer_address : +(*Why axiom*) Lemma pointer_addr_of_voidP_of_pointer_address : (forall (p:(pointer unit)), - p = (pointer_address (void_P_of_pointer_address p))). + p = (pointer_address (voidP_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_voidP_of_pointer_address. -(*Why predicate*) Definition right_valid_struct_char_P (p:(pointer char_P)) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_max char_P_alloc_table p) >= b. - -(*Why predicate*) Definition right_valid_struct_void_P (p:(pointer void_P)) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_max void_P_alloc_table p) >= b. - -(*Why predicate*) Definition strict_valid_root_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) = a /\ - (offset_max char_P_alloc_table p) = b. +(*Why predicate*) Definition right_valid_struct_charP (p:(pointer charP)) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition strict_valid_root_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) = a /\ - (offset_max void_P_alloc_table p) = b. +(*Why predicate*) Definition right_valid_struct_voidP (p:(pointer voidP)) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_max voidP_alloc_table p) >= b. -(*Why predicate*) Definition strict_valid_struct_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) = a /\ - (offset_max char_P_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_root_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) = a /\ + (offset_max charP_alloc_table p) = b. -(*Why predicate*) Definition strict_valid_struct_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) = a /\ - (offset_max void_P_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_root_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) = a /\ + (offset_max voidP_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_char_P (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_struct_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) = a /\ + (offset_max charP_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_void_P (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_struct_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) = a /\ + (offset_max voidP_alloc_table p) = b. -(*Why predicate*) Definition valid_root_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a /\ - (offset_max char_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_root_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a /\ + (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition valid_root_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a /\ - (offset_max void_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_root_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a /\ + (offset_max voidP_alloc_table p) >= b. -(*Why predicate*) Definition valid_struct_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a /\ - (offset_max char_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_struct_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a /\ + (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition valid_struct_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a /\ - (offset_max void_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_struct_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a /\ + (offset_max voidP_alloc_table p) >= b. -(*Why logic*) Definition void_P_tag : (tag_id void_P). +(*Why logic*) Definition voidP_tag : (tag_id voidP). Admitted. -(*Why axiom*) Lemma void_P_int : (int_of_tag void_P_tag) = 1. +(*Why axiom*) Lemma voidP_int : (int_of_tag voidP_tag) = 1. Admitted. +Dp_hint voidP_int. -(*Why axiom*) Lemma void_P_of_pointer_address_of_pointer_addr : - (forall (p:(pointer void_P)), - p = (void_P_of_pointer_address (pointer_address p))). +(*Why axiom*) Lemma voidP_of_pointer_address_of_pointer_addr : + (forall (p:(pointer voidP)), + p = (voidP_of_pointer_address (pointer_address p))). Admitted. +Dp_hint voidP_of_pointer_address_of_pointer_addr. -(*Why axiom*) Lemma void_P_parenttag_bottom : - (parenttag void_P_tag (@bottom_tag void_P)). +(*Why axiom*) Lemma voidP_parenttag_bottom : + (parenttag voidP_tag (@bottom_tag voidP)). Admitted. +Dp_hint voidP_parenttag_bottom. -(*Why axiom*) Lemma void_P_tags : - (forall (x:(pointer void_P)), - (forall (void_P_tag_table:(tag_table void_P)), - (instanceof void_P_tag_table x void_P_tag))). +(*Why axiom*) Lemma voidP_tags : + (forall (x:(pointer voidP)), + (forall (voidP_tag_table:(tag_table voidP)), + (instanceof voidP_tag_table x voidP_tag))). Admitted. +Dp_hint voidP_tags. +(* Why obligation from file "my_cosine.c", line 36, characters 4-111: *) +(*Why goal*) Lemma method_error : + (forall (x_3:R), + ((Rle (Rabs x_3) (1 / 32)%R) -> + (Rle + (Rabs + (Rminus (Rminus (1)%R (Rmult (Rmult x_3 x_3) (05 / 10)%R)) (cos x_3))) + (1 / 16777216)%R))). +Proof. +intros x H. + +interval with (i_bisect_diff x). +Save. +Dp_hint method_error. -(* Why obligation from file "my_cosine.c", line 13, characters 13-53: *) +(* Why obligation from file "my_cosine.c", line 44, characters 13-53: *) (*Why goal*) Lemma my_cos1_ensures_default_po_1 : forall (x_0: single), forall (HW_1: (* JC_3 *) (Rle (Rabs (single_value x_0)) (1 / 32)%R)), (* JC_13 *) - (* JC_13 *) (Rle (Rabs (Rminus @@ -3704,10 +3711,10 @@ (1 / 16777216)%R). Proof. intros x H. -interval with (i_bisect_diff (single_value x),i_nocheck). +interval with (i_bisect_diff (single_value x)). Save. -(* Why obligation from file "my_cosine.c", line 10, characters 12-46: *) +(* Why obligation from file "my_cosine.c", line 41, characters 12-46: *) (*Why goal*) Lemma my_cos1_ensures_default_po_2 : forall (x_0: single), forall (HW_1: (* JC_3 *) (Rle (Rabs (single_value x_0)) (1 / 32)%R)), @@ -3725,23 +3732,15 @@ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_6: (no_overflow_single - nearest_even (Rmult (single_value x_0) (single_value x_0))) /\ - (mul_single_post nearest_even x_0 x_0 result0)), + forall (HW_6: (mul_single_post nearest_even x_0 x_0 result0)), forall (result1: single), forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_8: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_8: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_9: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_9: (sub_single_post nearest_even result result2 result3)), forall (__retres: single), forall (HW_10: __retres = result3), forall (why__return: single), @@ -3754,7 +3753,7 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 14, characters 16-21: *) +(* Why obligation from file "my_cosine.c", line 45, characters 16-21: *) (*Why goal*) Lemma my_cos1_safety_po_1 : forall (x_0: single), forall (HW_1: (* JC_3 *) (Rle (Rabs (single_value x_0)) (1 / 32)%R)), @@ -3777,7 +3776,7 @@ admit. Save. -(* Why obligation from file "my_cosine.c", line 14, characters 16-28: *) +(* Why obligation from file "my_cosine.c", line 45, characters 16-28: *) (*Why goal*) Lemma my_cos1_safety_po_2 : forall (x_0: single), forall (HW_1: (* JC_3 *) (Rle (Rabs (single_value x_0)) (1 / 32)%R)), @@ -3809,7 +3808,7 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 14, characters 9-28: *) +(* Why obligation from file "my_cosine.c", line 45, characters 9-28: *) (*Why goal*) Lemma my_cos1_safety_po_3 : forall (x_0: single), forall (HW_1: (* JC_3 *) (Rle (Rabs (single_value x_0)) (1 / 32)%R)), @@ -3845,48 +3844,50 @@ admit. Save. -(* Why obligation from file "my_cosine.c", line 23, characters 13-49: *) +(* Why obligation from file "my_cosine.c", line 52, characters 13-27: *) (*Why goal*) Lemma my_cos2_ensures_default_po_1 : forall (x_0_0: single), forall (HW_1: (* JC_23 *) ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + (* JC_34 *) (eq (single_exact x_0_0) (single_value x_0_0)). +Proof. +admit. +Save. + +(* Why obligation from file "my_cosine.c", line 54, characters 13-49: *) +(*Why goal*) Lemma my_cos2_ensures_default_po_2 : + forall (x_0_0: single), + forall (HW_1: (* JC_23 *) + ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ + (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + forall (HW_4: (* JC_34 *) (eq (single_exact x_0_0) (single_value x_0_0))), forall (result: single), - forall (HW_4: (eq (single_value result) (1)%R) /\ + forall (HW_5: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_5: (no_overflow_single - nearest_even (Rmult - (single_value x_0_0) (single_value x_0_0))) /\ - (mul_single_post nearest_even x_0_0 x_0_0 result0)), + forall (HW_6: (mul_single_post nearest_even x_0_0 x_0_0 result0)), forall (result1: single), - forall (HW_6: (eq (single_value result1) (05 / 10)%R) /\ + forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_7: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_8: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_8: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_9: (sub_single_post nearest_even result result2 result3)), forall (r: single), - forall (HW_9: r = result3), - (* JC_36 *) - (* JC_36 *) + forall (HW_10: r = result3), + (* JC_38 *) (Rle (Rabs (Rminus (single_exact r) (cos (single_value x_0_0)))) (1 / 16777216)%R). Proof. -intros x (H1,H2). +intros x (H1,H2) Heq. intros r (_,(exa_r,_)). -intros r0 (_,(_,(exa_r0,_))). +intros r0 (_,(exa_r0,_)). intros r1 (_,(exa_r1,_)). -intros r2 (_,(_,(exa_r2,_))). -intros r3 (_,(_,(exa_r3,_))). +intros r2 (_,(exa_r2,_)). +intros r3 (_,(exa_r3,_)). intros r4 r4_eq. subst r4. rewrite exa_r3; clear exa_r3 r3. @@ -3895,49 +3896,39 @@ rewrite exa_r0; clear exa_r0 r0. rewrite exa_r; clear exa_r r. unfold single_round_error in H2. -assert (h:single_exact x = single_value x). - admit. (* TODO *) -rewrite h. -interval with (i_bisect_diff (single_value x),i_nocheck). +rewrite Heq. +interval with (i_bisect_diff (single_value x)). Save. -(* Why obligation from file "my_cosine.c", line 19, characters 12-46: *) -(*Why goal*) Lemma my_cos2_ensures_default_po_2 : +(* Why obligation from file "my_cosine.c", line 49, characters 12-46: *) +(*Why goal*) Lemma my_cos2_ensures_default_po_3 : forall (x_0_0: single), forall (HW_1: (* JC_23 *) ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + forall (HW_4: (* JC_34 *) (eq (single_exact x_0_0) (single_value x_0_0))), forall (result: single), - forall (HW_4: (eq (single_value result) (1)%R) /\ + forall (HW_5: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_5: (no_overflow_single - nearest_even (Rmult - (single_value x_0_0) (single_value x_0_0))) /\ - (mul_single_post nearest_even x_0_0 x_0_0 result0)), + forall (HW_6: (mul_single_post nearest_even x_0_0 x_0_0 result0)), forall (result1: single), - forall (HW_6: (eq (single_value result1) (05 / 10)%R) /\ + forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_7: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_8: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_8: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_9: (sub_single_post nearest_even result result2 result3)), forall (r: single), - forall (HW_9: r = result3), - forall (HW_10: (* JC_36 *) + forall (HW_10: r = result3), + forall (HW_11: (* JC_38 *) (Rle (Rabs (Rminus (single_exact r) (cos (single_value x_0_0)))) (1 / 16777216)%R)), forall (why__return: single), - forall (HW_11: why__return = r), + forall (HW_12: why__return = r), (* JC_25 *) (Rle (Rabs (Rminus (single_value why__return) (cos (single_value x_0_0)))) (1 / 8388608)%R). @@ -3946,14 +3937,15 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 22, characters 19-24: *) +(* Why obligation from file "my_cosine.c", line 53, characters 19-24: *) (*Why goal*) Lemma my_cos2_safety_po_1 : forall (x_0_0: single), forall (HW_1: (* JC_23 *) ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + forall (HW_4: (* JC_29 *) (eq (single_exact x_0_0) (single_value x_0_0))), forall (result: single), - forall (HW_4: (eq (single_value result) (1)%R) /\ + forall (HW_5: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), (no_overflow_single @@ -3963,23 +3955,24 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 22, characters 19-31: *) +(* Why obligation from file "my_cosine.c", line 53, characters 19-31: *) (*Why goal*) Lemma my_cos2_safety_po_2 : forall (x_0_0: single), forall (HW_1: (* JC_23 *) ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + forall (HW_4: (* JC_29 *) (eq (single_exact x_0_0) (single_value x_0_0))), forall (result: single), - forall (HW_4: (eq (single_value result) (1)%R) /\ + forall (HW_5: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), - forall (HW_5: (no_overflow_single + forall (HW_6: (no_overflow_single nearest_even (Rmult (single_value x_0_0) (single_value x_0_0)))), forall (result0: single), - forall (HW_6: (mul_single_post nearest_even x_0_0 x_0_0 result0)), + forall (HW_7: (mul_single_post nearest_even x_0_0 x_0_0 result0)), forall (result1: single), - forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ + forall (HW_8: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), (no_overflow_single @@ -3989,30 +3982,31 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 22, characters 12-31: *) +(* Why obligation from file "my_cosine.c", line 53, characters 12-31: *) (*Why goal*) Lemma my_cos2_safety_po_3 : forall (x_0_0: single), forall (HW_1: (* JC_23 *) ((* JC_21 *) (Rle (Rabs (single_value x_0_0)) (1 / 32)%R) /\ (* JC_22 *) (eq (single_round_error x_0_0) (0)%R))), + forall (HW_4: (* JC_29 *) (eq (single_exact x_0_0) (single_value x_0_0))), forall (result: single), - forall (HW_4: (eq (single_value result) (1)%R) /\ + forall (HW_5: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), - forall (HW_5: (no_overflow_single + forall (HW_6: (no_overflow_single nearest_even (Rmult (single_value x_0_0) (single_value x_0_0)))), forall (result0: single), - forall (HW_6: (mul_single_post nearest_even x_0_0 x_0_0 result0)), + forall (HW_7: (mul_single_post nearest_even x_0_0 x_0_0 result0)), forall (result1: single), - forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ + forall (HW_8: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), - forall (HW_8: (no_overflow_single + forall (HW_9: (no_overflow_single nearest_even (Rmult (single_value result0) (single_value result1)))), forall (result2: single), - forall (HW_9: (mul_single_post nearest_even result0 result1 result2)), + forall (HW_10: (mul_single_post nearest_even result0 result1 result2)), (no_overflow_single nearest_even (Rminus (single_value result) (single_value result2))). Proof. @@ -4020,38 +4014,29 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 35, characters 13-57: *) +(* Why obligation from file "my_cosine.c", line 66, characters 13-57: *) (*Why goal*) Lemma my_cos3_ensures_default_po_1 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_5: (no_overflow_single - nearest_even (Rmult (single_value x_1) (single_value x_1))) /\ - (mul_single_post nearest_even x_1 x_1 result0)), + forall (HW_5: (mul_single_post nearest_even x_1 x_1 result0)), forall (result1: single), forall (HW_6: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_7: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_7: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_8: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_8: (sub_single_post nearest_even result result2 result3)), forall (r_0: single), forall (HW_9: r_0 = result3), - (* JC_60 *) - (* JC_60 *) + (* JC_62 *) (Rle (Rabs (Rminus (single_exact r_0) (cos (single_exact x_1)))) (1 / 16777216)%R). Proof. @@ -4059,45 +4044,36 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 30, characters 12-62: *) +(* Why obligation from file "my_cosine.c", line 61, characters 12-62: *) (*Why goal*) Lemma my_cos3_ensures_default_po_2 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_5: (no_overflow_single - nearest_even (Rmult (single_value x_1) (single_value x_1))) /\ - (mul_single_post nearest_even x_1 x_1 result0)), + forall (HW_5: (mul_single_post nearest_even x_1 x_1 result0)), forall (result1: single), forall (HW_6: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_7: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_7: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_8: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_8: (sub_single_post nearest_even result result2 result3)), forall (r_0: single), forall (HW_9: r_0 = result3), - forall (HW_10: (* JC_60 *) + forall (HW_10: (* JC_62 *) (Rle (Rabs (Rminus (single_exact r_0) (cos (single_exact x_1)))) (1 / 16777216)%R)), forall (why__return: single), forall (HW_11: why__return = r_0), + (* JC_49 *) (* JC_47 *) - (* JC_45 *) - (* JC_45 *) (Rle (Rabs (Rminus (single_exact why__return) (cos (single_exact x_1)))) (1 / 16777216)%R). Proof. @@ -4105,45 +4081,36 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 31, characters 11-61: *) +(* Why obligation from file "my_cosine.c", line 62, characters 11-61: *) (*Why goal*) Lemma my_cos3_ensures_default_po_3 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_5: (no_overflow_single - nearest_even (Rmult (single_value x_1) (single_value x_1))) /\ - (mul_single_post nearest_even x_1 x_1 result0)), + forall (HW_5: (mul_single_post nearest_even x_1 x_1 result0)), forall (result1: single), forall (HW_6: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_7: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_7: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_8: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_8: (sub_single_post nearest_even result result2 result3)), forall (r_0: single), forall (HW_9: r_0 = result3), - forall (HW_10: (* JC_60 *) + forall (HW_10: (* JC_62 *) (Rle (Rabs (Rminus (single_exact r_0) (cos (single_exact x_1)))) (1 / 16777216)%R)), forall (why__return: single), forall (HW_11: why__return = r_0), - (* JC_47 *) - (* JC_46 *) - (* JC_46 *) + (* JC_49 *) + (* JC_48 *) (Rle (single_round_error why__return) (Rplus (single_round_error x_1) (3 / 16777216)%R)). Proof. @@ -4151,12 +4118,12 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 34, characters 19-24: *) +(* Why obligation from file "my_cosine.c", line 65, characters 19-24: *) (*Why goal*) Lemma my_cos3_safety_po_1 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ @@ -4168,12 +4135,12 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 34, characters 19-31: *) +(* Why obligation from file "my_cosine.c", line 65, characters 19-31: *) (*Why goal*) Lemma my_cos3_safety_po_2 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ @@ -4193,12 +4160,12 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 34, characters 12-31: *) +(* Why obligation from file "my_cosine.c", line 65, characters 12-31: *) (*Why goal*) Lemma my_cos3_safety_po_3 : forall (x_1: single), - forall (HW_1: (* JC_43 *) - ((* JC_41 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ - (* JC_42 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), + forall (HW_1: (* JC_45 *) + ((* JC_43 *) (Rle (Rabs (single_exact x_1)) (1 / 32)%R) /\ + (* JC_44 *) (Rle (single_round_error x_1) (1 / 1048576)%R))), forall (result: single), forall (HW_4: (eq (single_value result) (1)%R) /\ (eq (single_exact result) (1)%R) /\ @@ -4223,12 +4190,11 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 43, characters 13-55: *) +(* Why obligation from file "my_cosine.c", line 74, characters 13-55: *) (*Why goal*) Lemma my_cos4_ensures_default_po_1 : forall (x_2: single), - forall (HW_1: (* JC_63 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), - (* JC_73 *) - (* JC_73 *) + forall (HW_1: (* JC_65 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), + (* JC_75 *) (Rle (Rabs (Rminus @@ -4241,11 +4207,11 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 40, characters 12-46: *) +(* Why obligation from file "my_cosine.c", line 71, characters 12-46: *) (*Why goal*) Lemma my_cos4_ensures_default_po_2 : forall (x_2: single), - forall (HW_1: (* JC_63 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), - forall (HW_4: (* JC_73 *) + forall (HW_1: (* JC_65 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), + forall (HW_4: (* JC_75 *) (Rle (Rabs (Rminus @@ -4259,28 +4225,20 @@ (eq (single_exact result) (1)%R) /\ (eq (single_model result) (1)%R)), forall (result0: single), - forall (HW_6: (no_overflow_single - nearest_even (Rmult (single_value x_2) (single_value x_2))) /\ - (mul_single_post nearest_even x_2 x_2 result0)), + forall (HW_6: (mul_single_post nearest_even x_2 x_2 result0)), forall (result1: single), forall (HW_7: (eq (single_value result1) (05 / 10)%R) /\ (eq (single_exact result1) (05 / 10)%R) /\ (eq (single_model result1) (05 / 10)%R)), forall (result2: single), - forall (HW_8: (no_overflow_single - nearest_even (Rmult - (single_value result0) (single_value result1))) /\ - (mul_single_post nearest_even result0 result1 result2)), + forall (HW_8: (mul_single_post nearest_even result0 result1 result2)), forall (result3: single), - forall (HW_9: (no_overflow_single - nearest_even (Rminus - (single_value result) (single_value result2))) /\ - (sub_single_post nearest_even result result2 result3)), + forall (HW_9: (sub_single_post nearest_even result result2 result3)), forall (__retres_0: single), forall (HW_10: __retres_0 = result3), forall (why__return: single), forall (HW_11: why__return = __retres_0), - (* JC_65 *) + (* JC_67 *) (Rle (Rabs (Rminus (single_value why__return) (cos (single_value x_2)))) (1 / 1048576)%R). Proof. @@ -4288,11 +4246,11 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 44, characters 16-21: *) +(* Why obligation from file "my_cosine.c", line 75, characters 16-21: *) (*Why goal*) Lemma my_cos4_safety_po_1 : forall (x_2: single), - forall (HW_1: (* JC_63 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), - forall (HW_4: (* JC_69 *) + forall (HW_1: (* JC_65 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), + forall (HW_4: (* JC_71 *) (Rle (Rabs (Rminus @@ -4312,11 +4270,11 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 44, characters 16-28: *) +(* Why obligation from file "my_cosine.c", line 75, characters 16-28: *) (*Why goal*) Lemma my_cos4_safety_po_2 : forall (x_2: single), - forall (HW_1: (* JC_63 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), - forall (HW_4: (* JC_69 *) + forall (HW_1: (* JC_65 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), + forall (HW_4: (* JC_71 *) (Rle (Rabs (Rminus @@ -4344,11 +4302,11 @@ (* FILL PROOF HERE *) Save. -(* Why obligation from file "my_cosine.c", line 44, characters 9-28: *) +(* Why obligation from file "my_cosine.c", line 75, characters 9-28: *) (*Why goal*) Lemma my_cos4_safety_po_3 : forall (x_2: single), - forall (HW_1: (* JC_63 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), - forall (HW_4: (* JC_69 *) + forall (HW_1: (* JC_65 *) (Rle (Rabs (single_value x_2)) (007 / 100)%R)), + forall (HW_4: (* JC_71 *) (Rle (Rabs (Rminus @@ -4381,4 +4339,5 @@ (* FILL PROOF HERE *) Save. + ========== running Coq ========== diff -Nru why-2.29+dfsg/tests/c/oracle/quick_sort.err.oracle why-2.30+dfsg/tests/c/oracle/quick_sort.err.oracle --- why-2.29+dfsg/tests/c/oracle/quick_sort.err.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/quick_sort.err.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,7 @@ +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file diff -Nru why-2.29+dfsg/tests/c/oracle/quick_sort.res.oracle why-2.30+dfsg/tests/c/oracle/quick_sort.res.oracle --- why-2.29+dfsg/tests/c/oracle/quick_sort.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/quick_sort.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,9980 @@ +========== file tests/c/quick_sort.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +// RUNSIMPLIFY: will ask regtests to run Simplify on this program + +#pragma JessieIntegerModel(math) + +#include "sorting.h" + +/*@ requires \valid(t+i) && \valid(t+j); + @ assigns t[i],t[j]; + @ ensures Swap{Old,Here}(t,i,j); + @*/ +void swap(int t[], int i, int j) { + int tmp = t[i]; + t[i] = t[j]; + t[j] = tmp; +} + +// quick_rec sorts t[l..r] +/*@ requires \valid_range(t,l,r); + @ decreases r-l; + @ assigns t[l..r]; + @ behavior sorted: + @ ensures Sorted(t,l,r+1); + @ behavior permutation: + @ ensures Permut{Old,Here}(t,l,r); + @*/ +void quick_rec(int t[], int l, int r) { + int v,m,i; + if (l >= r) return; + v = t[l]; + m = l; + /*@ loop invariant + @ \forall integer j; l < j <= m ==> t[j] < v; + @ loop invariant + @ \forall integer j; m < j < i ==> t[j] >= v; + @ loop invariant + @ Permut{Pre,Here}(t,l,r); + @ loop invariant t[l] == v && l <= m < i <= r+1; + @ loop variant r-i; + @*/ + for (i = l + 1; i <= r; i++) { + if (t[i] < v) { + L1: + swap(t,i,++m); + //@ assert Permut{L1,Here}(t,l,r); + } + } + //@ assert l <= m <= r; + L: swap(t,l,m); + //@ assert Permut{L,Here}(t,l,r); + quick_rec(t,l,m-1); + quick_rec(t,m+1,r); +} + +/*@ requires \valid_range(t,0,n-1); + @ behavior sorted: + @ ensures Sorted(t,0,n); + @ behavior permutation: + @ ensures Permut{Old,Here}(t,0,n-1); + @*/ +void quick_sort(int t[], int n) { + quick_rec(t,0,n-1); +} + + +/* +Local Variables: +compile-command: "make quick_sort.why3ml" +End: +*/ +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/quick_sort.c" +[jessie] Starting Jessie translation +[jessie] Producing Jessie files in subdir tests/c/quick_sort.jessie +[jessie] File tests/c/quick_sort.jessie/quick_sort.jc written. +[jessie] File tests/c/quick_sort.jessie/quick_sort.cloc written. +========== file tests/c/quick_sort.jessie/quick_sort.jc ========== +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +tag intP = { + integer intM: 32; +} + +type intP = [intP] + +tag charP = { + integer charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +predicate Swap{L1, L2}(intP[..] a, integer i, integer j) = +(((\at((a + i).intM,L1) == \at((a + j).intM,L2)) && + (\at((a + j).intM,L1) == \at((a + i).intM,L2))) && + (\forall integer k; + (((k != i) && (k != j)) ==> + (\at((a + k).intM,L1) == \at((a + k).intM,L2))))) + +predicate Permut{L1, L2}(intP[..] a_0, integer l, integer h) { +case Permut_refl{L}: (\forall intP[..] a_1; + (\forall integer l_0; + (\forall integer h_0; + Permut{L, L}(a_1, l_0, h_0)))); + + case Permut_sym{L1, L2}: (\forall intP[..] a_2; + (\forall integer l_1; + (\forall integer h_1; + (Permut{L1, + L2}(a_2, l_1, h_1) ==> + Permut{L2, + L1}(a_2, l_1, h_1))))); + + case Permut_trans{L1, L2, L3}: (\forall intP[..] a_3; + (\forall integer l_2; + (\forall integer h_2; + ((Permut{L1, + L2}(a_3, l_2, h_2) && + Permut{L2, + L3}(a_3, l_2, h_2)) ==> + Permut{L1, + L3}(a_3, l_2, h_2))))); + + case Permut_swap{L1, L2}: (\forall intP[..] a_4; + (\forall integer l_3; + (\forall integer h_3; + (\forall integer i_0; + (\forall integer j_0; + (((((l_3 <= i_0) && (i_0 <= h_3)) && + ((l_3 <= j_0) && (j_0 <= h_3))) && + Swap{L1, + L2}(a_4, i_0, j_0)) ==> + Permut{L1, + L2}(a_4, l_3, h_3))))))); + +} + +predicate Sorted{L}(intP[..] a_5, integer l_4, integer h_4) = +(\forall integer i_1; + (\forall integer j_1; + (((l_4 <= i_1) && ((i_1 <= j_1) && (j_1 < h_4))) ==> + ((a_5 + i_1).intM <= (a_5 + j_1).intM)))) + +unit swap(intP[..] t_1, integer i, integer j) + requires (C_13 : (((C_15 : (\offset_min(t_1) <= i)) && + (C_16 : (\offset_max(t_1) >= i))) && + ((C_18 : (\offset_min(t_1) <= j)) && + (C_19 : (\offset_max(t_1) >= j))))); +behavior default: + assigns (t_1 + i).intM, + (t_1 + j).intM; + ensures (C_12 : Swap{Old, Here}(\at(t_1,Old), \at(i,Old), \at(j,Old))); +{ + (var integer tmp); + + { (C_3 : (tmp = (C_2 : (C_1 : (t_1 + i)).intM))); + (C_8 : ((C_7 : (C_6 : (t_1 + i)).intM) = (C_5 : (C_4 : (t_1 + j)).intM))); + (C_11 : ((C_10 : (C_9 : (t_1 + j)).intM) = tmp)); + + (return ()) + } +} + +unit quick_rec(intP[..] t, integer l, integer r) + requires (C_57 : ((C_58 : (\offset_min(t) <= l)) && + (C_59 : (\offset_max(t) >= r)))); + decreases (C_60 : (r - l)); +behavior default: + assigns (t + [l..r]).intM; + ensures (C_54 : true); +behavior sorted: + ensures (C_55 : Sorted{Here}(\at(t,Old), \at(l,Old), (\at(r,Old) + 1))); +behavior permutation: + ensures (C_56 : Permut{Old, Here}(\at(t,Old), \at(l,Old), \at(r,Old))); +{ + (var integer v); + + (var integer m); + + (var integer i_0); + + { (if (l >= r) then + (goto return_label) else ()); + (C_22 : (v = (C_21 : (C_20 : (t + l)).intM))); + (C_23 : (m = l)); + (C_25 : (i_0 = (C_24 : (l + 1)))); + + loop + behavior default: + invariant (C_36 : (\forall integer j_2; + (((l < j_2) && (j_2 <= m)) ==> + ((t + j_2).intM < v)))); + behavior default: + invariant (C_35 : (\forall integer j_3; + (((m < j_3) && (j_3 < i_0)) ==> + ((t + j_3).intM >= v)))); + behavior default: + invariant (C_34 : Permut{Pre, Here}(t, l, r)); + behavior default: + invariant (C_27 : ((C_28 : ((t + l).intM == v)) && + ((C_30 : (l <= m)) && + ((C_32 : (m < i_0)) && + (C_33 : (i_0 <= (r + 1))))))); + variant (C_26 : (r - i_0)); + while (true) + { + { (if (i_0 <= r) then () else + (goto while_0_break)); + + { (if ((C_42 : (C_41 : (t + i_0)).intM) < v) then + { (L1 : + { (C_38 : (m = (C_37 : (m + 1)))); + (); + (); + (C_39 : swap(t, i_0, m)) + }); + + { + (assert for default: (C_40 : Permut{L1, Here}(t, l, r))); + () + } + } else ()) + }; + (C_44 : (i_0 = (C_43 : (i_0 + 1)))) + } + }; + (while_0_break : ()); + + { + (assert for default: (C_45 : ((C_46 : (l <= m)) && + (C_47 : (m <= r))))); + () + }; + (L : (C_48 : swap(t, l, m))); + + { + (assert for default: (C_49 : Permut{L, Here}(t, l, r))); + () + }; + (C_51 : quick_rec(t, l, (C_50 : (m - 1)))); + (C_53 : quick_rec(t, (C_52 : (m + 1)), r)); + (return_label : + (return ())) + } +} + +unit quick_sort(intP[..] t_0, integer n) + requires (C_66 : ((C_67 : (\offset_min(t_0) <= 0)) && + (C_68 : (\offset_max(t_0) >= (n - 1))))); +behavior default: + ensures (C_63 : true); +behavior sorted: + ensures (C_64 : Sorted{Here}(\at(t_0,Old), 0, \at(n,Old))); +behavior permutation: + ensures (C_65 : Permut{Old, Here}(\at(t_0,Old), 0, (\at(n,Old) - 1))); +{ + { (C_62 : quick_rec(t_0, 0, (C_61 : (n - 1)))); + + (return ()) + } +} +========== file tests/c/quick_sort.jessie/quick_sort.cloc ========== +[C_50] +file = "HOME/tests/c/quick_sort.c" +line = 81 +begin = 16 +end = 19 + +[C_51] +file = "HOME/tests/c/quick_sort.c" +line = 81 +begin = 2 +end = 20 + +[quick_rec] +name = "Function quick_rec" +file = "HOME/tests/c/quick_sort.c" +line = 57 +begin = 5 +end = 14 + +[C_52] +file = "HOME/tests/c/quick_sort.c" +line = 82 +begin = 14 +end = 17 + +[C_53] +file = "HOME/tests/c/quick_sort.c" +line = 82 +begin = 2 +end = 20 + +[C_54] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[C_55] +file = "HOME/tests/c/quick_sort.c" +line = 53 +begin = 14 +end = 29 + +[C_56] +file = "HOME/tests/c/quick_sort.c" +line = 55 +begin = 14 +end = 37 + +[C_57] +file = "HOME/tests/c/quick_sort.c" +line = 49 +begin = 13 +end = 32 + +[C_58] +file = "HOME/tests/c/quick_sort.c" +line = 49 +begin = 13 +end = 32 + +[C_59] +file = "HOME/tests/c/quick_sort.c" +line = 49 +begin = 13 +end = 32 + +[C_60] +file = "HOME/tests/c/quick_sort.c" +line = 50 +begin = 14 +end = 17 + +[C_61] +file = "HOME/tests/c/quick_sort.c" +line = 92 +begin = 16 +end = 19 + +[C_62] +file = "HOME/tests/c/quick_sort.c" +line = 92 +begin = 2 +end = 20 + +[C_10] +file = "HOME/tests/c/quick_sort.c" +line = 45 +begin = 9 +end = 12 + +[C_63] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[C_11] +file = "HOME/tests/c/quick_sort.c" +line = 45 +begin = 9 +end = 12 + +[C_64] +file = "HOME/tests/c/quick_sort.c" +line = 87 +begin = 14 +end = 27 + +[C_12] +file = "HOME/tests/c/quick_sort.c" +line = 40 +begin = 12 +end = 33 + +[C_65] +file = "HOME/tests/c/quick_sort.c" +line = 89 +begin = 14 +end = 39 + +[C_13] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 13 +end = 39 + +[C_66] +file = "HOME/tests/c/quick_sort.c" +line = 85 +begin = 13 +end = 34 + +[C_14] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 13 +end = 24 + +[C_67] +file = "HOME/tests/c/quick_sort.c" +line = 85 +begin = 13 +end = 34 + +[C_15] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 13 +end = 24 + +[C_68] +file = "HOME/tests/c/quick_sort.c" +line = 85 +begin = 13 +end = 34 + +[C_16] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 13 +end = 24 + +[C_17] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 28 +end = 39 + +[C_18] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 28 +end = 39 + +[C_19] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 28 +end = 39 + +[C_1] +file = "HOME/tests/c/quick_sort.c" +line = 43 +begin = 12 +end = 13 + +[quick_sort] +name = "Function quick_sort" +file = "HOME/tests/c/quick_sort.c" +line = 91 +begin = 5 +end = 15 + +[C_2] +file = "HOME/tests/c/quick_sort.c" +line = 43 +begin = 12 +end = 16 + +[C_3] +file = "HOME/tests/c/quick_sort.c" +line = 43 +begin = 2 +end = 5 + +[C_4] +file = "HOME/tests/c/quick_sort.c" +line = 44 +begin = 9 +end = 10 + +[C_20] +file = "HOME/tests/c/quick_sort.c" +line = 60 +begin = 6 +end = 7 + +[C_5] +file = "HOME/tests/c/quick_sort.c" +line = 44 +begin = 9 +end = 13 + +[C_21] +file = "HOME/tests/c/quick_sort.c" +line = 60 +begin = 6 +end = 10 + +[C_6] +file = "HOME/tests/c/quick_sort.c" +line = 44 +begin = 2 +end = 3 + +[C_22] +file = "HOME/tests/c/quick_sort.c" +line = 60 +begin = 6 +end = 10 + +[C_7] +file = "HOME/tests/c/quick_sort.c" +line = 44 +begin = 9 +end = 13 + +[C_23] +file = "HOME/tests/c/quick_sort.c" +line = 61 +begin = 6 +end = 7 + +[C_8] +file = "HOME/tests/c/quick_sort.c" +line = 44 +begin = 9 +end = 13 + +[C_24] +file = "HOME/tests/c/quick_sort.c" +line = 71 +begin = 11 +end = 16 + +[C_9] +file = "HOME/tests/c/quick_sort.c" +line = 45 +begin = 2 +end = 3 + +[C_25] +file = "HOME/tests/c/quick_sort.c" +line = 71 +begin = 11 +end = 16 + +[C_26] +file = "HOME/tests/c/quick_sort.c" +line = 69 +begin = 19 +end = 22 + +[C_27] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 21 +end = 51 + +[C_28] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 21 +end = 30 + +[C_29] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 34 +end = 51 + +[C_30] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 34 +end = 40 + +[C_31] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 39 +end = 51 + +[C_32] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 39 +end = 44 + +[C_33] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 43 +end = 51 + +[C_34] +file = "HOME/tests/c/quick_sort.c" +line = 67 +begin = 8 +end = 31 + +[C_35] +file = "HOME/tests/c/quick_sort.c" +line = 65 +begin = 8 +end = 50 + +[C_36] +file = "HOME/tests/c/quick_sort.c" +line = 63 +begin = 8 +end = 50 + +[C_37] +file = "HOME/tests/c/quick_sort.c" +line = 74 +begin = 15 +end = 18 + +[C_38] +file = "HOME/tests/c/quick_sort.c" +line = 74 +begin = 15 +end = 18 + +[C_39] +file = "HOME/tests/c/quick_sort.c" +line = 74 +begin = 6 +end = 19 + +[swap] +name = "Function swap" +file = "HOME/tests/c/quick_sort.c" +line = 42 +begin = 5 +end = 9 + +[C_40] +file = "HOME/tests/c/quick_sort.c" +line = 75 +begin = 17 +end = 39 + +[C_41] +file = "HOME/tests/c/quick_sort.c" +line = 72 +begin = 8 +end = 9 + +[C_42] +file = "HOME/tests/c/quick_sort.c" +line = 72 +begin = 8 +end = 12 + +[C_43] +file = "HOME/tests/c/quick_sort.c" +line = 71 +begin = 26 +end = 29 + +[C_44] +file = "HOME/tests/c/quick_sort.c" +line = 71 +begin = 26 +end = 29 + +[C_45] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 13 +end = 24 + +[C_46] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 13 +end = 19 + +[C_47] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 18 +end = 24 + +[C_48] +file = "HOME/tests/c/quick_sort.c" +line = 79 +begin = 4 +end = 15 + +[C_49] +file = "HOME/tests/c/quick_sort.c" +line = 80 +begin = 13 +end = 34 + +========== jessie execution ========== +Generating Why function swap +Generating Why function quick_rec +Generating Why function quick_sort +========== file tests/c/quick_sort.jessie/quick_sort.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs quick_sort.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs quick_sort.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/quick_sort_why.sx + +project: why/quick_sort.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/quick_sort_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/quick_sort_why.vo + +coq/quick_sort_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/quick_sort_why.v: why/quick_sort.why + @echo 'why -coq [...] why/quick_sort.why' && $(WHY) $(JESSIELIBFILES) why/quick_sort.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/quick_sort_ctx_why.vo + for f in why/*_po*.why; do make -f quick_sort.makefile coq/`basename $$f .why`_why.v ; done + +coq/quick_sort_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/quick_sort_ctx_why.v: why/quick_sort_ctx.why + @echo 'why -coq [...] why/quick_sort_ctx.why' && $(WHY) why/quick_sort_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export quick_sort_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/quick_sort_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/quick_sort_ctx_why.vo + +pvs: pvs/quick_sort_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/quick_sort_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/quick_sort_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/quick_sort_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/quick_sort_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/quick_sort_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/quick_sort_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/quick_sort_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/quick_sort_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/quick_sort_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/quick_sort_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/quick_sort_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/quick_sort_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/quick_sort_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/quick_sort_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: quick_sort.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/quick_sort_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/quick_sort_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: quick_sort.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include quick_sort.depend + +depend: coq/quick_sort_why.v + -$(COQDEP) -I coq coq/quick_sort*_why.v > quick_sort.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/quick_sort.jessie/quick_sort.loc ========== +[JC_90] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 176 +begin = 14 +end = 47 + +[JC_91] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 177 +begin = 14 +end = 47 + +[JC_92] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 21 +end = 30 + +[JC_40] +file = "HOME/tests/c/quick_sort.c" +line = 53 +begin = 14 +end = 29 + +[JC_93] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 34 +end = 40 + +[JC_41] +file = "HOME/tests/c/quick_sort.c" +line = 55 +begin = 14 +end = 37 + +[quick_rec_ensures_permutation] +name = "Function quick_rec" +behavior = "Behavior `permutation'" +file = "HOME/tests/c/quick_sort.c" +line = 57 +begin = 5 +end = 14 + +[JC_94] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 39 +end = 44 + +[JC_42] +file = "HOME/tests/c/quick_sort.c" +line = 55 +begin = 14 +end = 37 + +[JC_95] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 43 +end = 51 + +[JC_43] +kind = PointerDeref +file = "HOME/tests/c/quick_sort.c" +line = 60 +begin = 6 +end = 10 + +[JC_96] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 21 +end = 51 + +[JC_44] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 21 +end = 30 + +[JC_150] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 193 +begin = 14 +end = 49 + +[JC_97] +file = "HOME/tests/c/quick_sort.c" +line = 67 +begin = 8 +end = 31 + +[JC_45] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 34 +end = 40 + +[JC_151] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 193 +begin = 14 +end = 49 + +[JC_98] +file = "HOME/tests/c/quick_sort.c" +line = 65 +begin = 8 +end = 50 + +[JC_46] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 39 +end = 44 + +[JC_1] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 13 +end = 24 + +[JC_100] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_99] +file = "HOME/tests/c/quick_sort.c" +line = 63 +begin = 8 +end = 50 + +[JC_47] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 43 +end = 51 + +[JC_2] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 13 +end = 24 + +[JC_101] +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 124 +begin = 6 +end = 1398 + +[JC_48] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 21 +end = 51 + +[JC_3] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 28 +end = 39 + +[JC_102] +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 124 +begin = 6 +end = 1398 + +[JC_49] +file = "HOME/tests/c/quick_sort.c" +line = 67 +begin = 8 +end = 31 + +[JC_4] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 28 +end = 39 + +[JC_103] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 151 +begin = 29 +end = 44 + +[JC_5] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 13 +end = 39 + +[JC_104] +file = "HOME/tests/c/quick_sort.c" +line = 75 +begin = 17 +end = 39 + +[JC_6] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[quick_sort_ensures_sorted] +name = "Function quick_sort" +behavior = "Behavior `sorted'" +file = "HOME/tests/c/quick_sort.c" +line = 91 +begin = 5 +end = 15 + +[JC_105] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 13 +end = 19 + +[JC_7] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 13 +end = 24 + +[quick_sort_safety] +name = "Function quick_sort" +behavior = "Safety" +file = "HOME/tests/c/quick_sort.c" +line = 91 +begin = 5 +end = 15 + +[JC_106] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 18 +end = 24 + +[JC_8] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 13 +end = 24 + +[JC_107] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 13 +end = 24 + +[JC_9] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 28 +end = 39 + +[JC_108] +kind = UserCall +file = "HOME/tests/c/quick_sort.c" +line = 79 +begin = 4 +end = 15 + +[JC_109] +file = "HOME/tests/c/quick_sort.c" +line = 80 +begin = 13 +end = 34 + +[JC_50] +file = "HOME/tests/c/quick_sort.c" +line = 65 +begin = 8 +end = 50 + +[JC_51] +file = "HOME/tests/c/quick_sort.c" +line = 63 +begin = 8 +end = 50 + +[JC_52] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_53] +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 124 +begin = 6 +end = 1398 + +[JC_54] +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 124 +begin = 6 +end = 1398 + +[JC_55] +kind = PointerDeref +file = "HOME/tests/c/quick_sort.c" +line = 72 +begin = 8 +end = 12 + +[JC_56] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 151 +begin = 29 +end = 44 + +[JC_110] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 176 +begin = 14 +end = 47 + +[JC_57] +file = "HOME/tests/c/quick_sort.c" +line = 75 +begin = 17 +end = 39 + +[JC_111] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 177 +begin = 14 +end = 47 + +[JC_58] +file = "HOME/tests/c/quick_sort.c" +line = 69 +begin = 19 +end = 22 + +[JC_112] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 21 +end = 30 + +[JC_59] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 13 +end = 19 + +[JC_113] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 34 +end = 40 + +[JC_114] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 39 +end = 44 + +[JC_115] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 43 +end = 51 + +[JC_116] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 21 +end = 51 + +[JC_117] +file = "HOME/tests/c/quick_sort.c" +line = 67 +begin = 8 +end = 31 + +[JC_118] +file = "HOME/tests/c/quick_sort.c" +line = 65 +begin = 8 +end = 50 + +[JC_119] +file = "HOME/tests/c/quick_sort.c" +line = 63 +begin = 8 +end = 50 + +[quick_rec_ensures_default] +name = "Function quick_rec" +behavior = "default behavior" +file = "HOME/tests/c/quick_sort.c" +line = 57 +begin = 5 +end = 14 + +[swap_safety] +name = "Function swap" +behavior = "Safety" +file = "HOME/tests/c/quick_sort.c" +line = 42 +begin = 5 +end = 9 + +[JC_60] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 18 +end = 24 + +[JC_61] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 13 +end = 24 + +[JC_62] +kind = UserCall +file = "HOME/tests/c/quick_sort.c" +line = 79 +begin = 4 +end = 15 + +[JC_10] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 28 +end = 39 + +[JC_63] +file = "HOME/tests/c/quick_sort.c" +line = 80 +begin = 13 +end = 34 + +[JC_11] +file = "HOME/tests/c/quick_sort.c" +line = 38 +begin = 13 +end = 39 + +[JC_64] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 176 +begin = 14 +end = 47 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_65] +file = "HOME/tests/c/quick_sort.c" +line = 50 +begin = 14 +end = 17 + +[JC_13] +file = "HOME/tests/c/quick_sort.c" +line = 40 +begin = 12 +end = 33 + +[JC_66] +file = "HOME/tests/c/quick_sort.c" +line = 50 +begin = 14 +end = 17 + +[JC_14] +file = "HOME/tests/c/quick_sort.c" +line = 42 +begin = 5 +end = 9 + +[JC_120] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_67] +kind = VarDecr +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 176 +begin = 14 +end = 47 + +[JC_15] +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 85 +begin = 9 +end = 16 + +[JC_121] +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 124 +begin = 6 +end = 1398 + +[quick_rec_safety] +name = "Function quick_rec" +behavior = "Safety" +file = "HOME/tests/c/quick_sort.c" +line = 57 +begin = 5 +end = 14 + +[JC_68] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 177 +begin = 14 +end = 47 + +[JC_16] +file = "HOME/tests/c/quick_sort.c" +line = 40 +begin = 12 +end = 33 + +[JC_122] +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 124 +begin = 6 +end = 1398 + +[JC_69] +file = "HOME/tests/c/quick_sort.c" +line = 50 +begin = 14 +end = 17 + +[JC_17] +file = "HOME/tests/c/quick_sort.c" +line = 42 +begin = 5 +end = 9 + +[JC_123] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 151 +begin = 29 +end = 44 + +[JC_18] +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 85 +begin = 9 +end = 16 + +[quick_sort_ensures_default] +name = "Function quick_sort" +behavior = "default behavior" +file = "HOME/tests/c/quick_sort.c" +line = 91 +begin = 5 +end = 15 + +[JC_124] +file = "HOME/tests/c/quick_sort.c" +line = 75 +begin = 17 +end = 39 + +[JC_19] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_125] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 13 +end = 19 + +[JC_126] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 18 +end = 24 + +[JC_127] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 13 +end = 24 + +[JC_128] +kind = UserCall +file = "HOME/tests/c/quick_sort.c" +line = 79 +begin = 4 +end = 15 + +[JC_129] +file = "HOME/tests/c/quick_sort.c" +line = 80 +begin = 13 +end = 34 + +[JC_70] +file = "HOME/tests/c/quick_sort.c" +line = 50 +begin = 14 +end = 17 + +[JC_71] +kind = VarDecr +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 177 +begin = 14 +end = 47 + +[JC_72] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 21 +end = 30 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_73] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 34 +end = 40 + +[JC_21] +kind = PointerDeref +file = "HOME/tests/c/quick_sort.c" +line = 43 +begin = 12 +end = 16 + +[JC_74] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 39 +end = 44 + +[JC_22] +kind = PointerDeref +file = "HOME/tests/c/quick_sort.c" +line = 44 +begin = 9 +end = 13 + +[JC_75] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 43 +end = 51 + +[JC_23] +kind = PointerDeref +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 93 +begin = 14 +end = 77 + +[JC_76] +file = "HOME/tests/c/quick_sort.c" +line = 68 +begin = 21 +end = 51 + +[swap_ensures_default] +name = "Function swap" +behavior = "default behavior" +file = "HOME/tests/c/quick_sort.c" +line = 42 +begin = 5 +end = 9 + +[JC_24] +kind = PointerDeref +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 94 +begin = 15 +end = 52 + +[JC_130] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 176 +begin = 14 +end = 47 + +[JC_77] +file = "HOME/tests/c/quick_sort.c" +line = 67 +begin = 8 +end = 31 + +[JC_25] +file = "HOME/tests/c/quick_sort.c" +line = 49 +begin = 13 +end = 32 + +[JC_131] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 177 +begin = 14 +end = 47 + +[JC_78] +file = "HOME/tests/c/quick_sort.c" +line = 65 +begin = 8 +end = 50 + +[JC_26] +file = "HOME/tests/c/quick_sort.c" +line = 49 +begin = 13 +end = 32 + +[JC_132] +file = "HOME/tests/c/quick_sort.c" +line = 85 +begin = 13 +end = 34 + +[JC_79] +file = "HOME/tests/c/quick_sort.c" +line = 63 +begin = 8 +end = 50 + +[JC_27] +file = "HOME/tests/c/quick_sort.c" +line = 49 +begin = 13 +end = 32 + +[JC_133] +file = "HOME/tests/c/quick_sort.c" +line = 85 +begin = 13 +end = 34 + +[JC_28] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_134] +file = "HOME/tests/c/quick_sort.c" +line = 85 +begin = 13 +end = 34 + +[JC_29] +file = "HOME/tests/c/quick_sort.c" +line = 49 +begin = 13 +end = 32 + +[JC_135] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_136] +file = "HOME/tests/c/quick_sort.c" +line = 85 +begin = 13 +end = 34 + +[JC_137] +file = "HOME/tests/c/quick_sort.c" +line = 85 +begin = 13 +end = 34 + +[JC_138] +file = "HOME/tests/c/quick_sort.c" +line = 85 +begin = 13 +end = 34 + +[JC_139] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_80] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_81] +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 124 +begin = 6 +end = 1398 + +[JC_82] +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 124 +begin = 6 +end = 1398 + +[JC_30] +file = "HOME/tests/c/quick_sort.c" +line = 49 +begin = 13 +end = 32 + +[JC_83] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 151 +begin = 29 +end = 44 + +[JC_31] +file = "HOME/tests/c/quick_sort.c" +line = 49 +begin = 13 +end = 32 + +[quick_sort_ensures_permutation] +name = "Function quick_sort" +behavior = "Behavior `permutation'" +file = "HOME/tests/c/quick_sort.c" +line = 91 +begin = 5 +end = 15 + +[JC_84] +file = "HOME/tests/c/quick_sort.c" +line = 75 +begin = 17 +end = 39 + +[JC_32] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[quick_rec_ensures_sorted] +name = "Function quick_rec" +behavior = "Behavior `sorted'" +file = "HOME/tests/c/quick_sort.c" +line = 57 +begin = 5 +end = 14 + +[JC_85] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 13 +end = 19 + +[JC_33] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_86] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 18 +end = 24 + +[JC_34] +file = "HOME/tests/c/quick_sort.c" +line = 57 +begin = 5 +end = 14 + +[JC_140] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_87] +file = "HOME/tests/c/quick_sort.c" +line = 78 +begin = 13 +end = 24 + +[JC_35] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_141] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_88] +kind = UserCall +file = "HOME/tests/c/quick_sort.c" +line = 79 +begin = 4 +end = 15 + +[JC_36] +file = "HOME/tests/c/quick_sort.c" +line = 57 +begin = 5 +end = 14 + +[JC_142] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_89] +file = "HOME/tests/c/quick_sort.c" +line = 80 +begin = 13 +end = 34 + +[JC_37] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_143] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_38] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_144] +file = "HOME/tests/c/quick_sort.c" +line = 87 +begin = 14 +end = 27 + +[JC_39] +file = "HOME/tests/c/quick_sort.c" +line = 53 +begin = 14 +end = 29 + +[JC_145] +file = "HOME/tests/c/quick_sort.c" +line = 87 +begin = 14 +end = 27 + +[JC_146] +file = "HOME/tests/c/quick_sort.c" +line = 89 +begin = 14 +end = 39 + +[JC_147] +file = "HOME/tests/c/quick_sort.c" +line = 89 +begin = 14 +end = 39 + +[JC_148] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 193 +begin = 14 +end = 49 + +[JC_149] +kind = UserCall +file = "HOME/tests/c/quick_sort.jessie/quick_sort.jc" +line = 193 +begin = 14 +end = 49 + +========== file tests/c/quick_sort.jessie/why/quick_sort.why ========== +type charP + +type intP + +type padding + +type voidP + +predicate Swap(a:intP pointer, i:int, j:int, + intP_intM_a_1_at_L2:(intP, int) memory, + intP_intM_a_1_at_L1:(intP, int) memory) = + ((select(intP_intM_a_1_at_L1, shift(a, i)) = select(intP_intM_a_1_at_L2, + shift(a, j))) + and ((select(intP_intM_a_1_at_L1, shift(a, j)) = select(intP_intM_a_1_at_L2, + shift(a, i))) + and (forall k:int. + (((k <> i) and (k <> j)) -> + (select(intP_intM_a_1_at_L1, shift(a, k)) = select(intP_intM_a_1_at_L2, + shift(a, k))))))) + +inductive Permut: intP pointer, int, int, (intP, int) memory, + (intP, int) memory -> prop = + | Permut_refl: (forall intP_intM_a_0_2_at_L:(intP, int) memory. + (forall a_1:intP pointer. + (forall l_0_0:int. + (forall h_0:int. + Permut(a_1, l_0_0, h_0, intP_intM_a_0_2_at_L, + intP_intM_a_0_2_at_L))))) + | Permut_sym: (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_2:intP pointer. + (forall l_1:int. + (forall h_1:int. + (Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) -> + Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L1, + intP_intM_a_0_2_at_L2))))))) + | Permut_trans: (forall intP_intM_a_0_2_at_L3:(intP, int) memory. + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_3:intP pointer. + (forall l_2:int. + (forall h_2:int. + ((Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) + and Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L2)) -> + Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L1)))))))) + | Permut_swap: (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_4:intP pointer. + (forall l_3:int. + (forall h_3:int. + (forall i_0_0:int. + (forall j_0_0:int. + ((le_int(l_3, i_0_0) + and (le_int(i_0_0, h_3) + and (le_int(l_3, j_0_0) + and (le_int(j_0_0, h_3) + and Swap(a_4, i_0_0, j_0_0, + intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))) -> + Permut(a_4, l_3, h_3, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))))))) + +predicate Sorted(a_5:intP pointer, l_4:int, h_4:int, + intP_intM_a_5_3_at_L:(intP, int) memory) = + (forall i_1:int. + (forall j_1:int. + ((le_int(l_4, i_1) and (le_int(i_1, j_1) and lt_int(j_1, h_4))) -> + le_int(select(intP_intM_a_5_3_at_L, shift(a_5, i_1)), + select(intP_intM_a_5_3_at_L, shift(a_5, j_1)))))) + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +logic intP_tag: -> intP tag_id + +axiom intP_int : (int_of_tag(intP_tag) = (1)) + +logic intP_of_pointer_address: unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr : + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom : parenttag(intP_tag, bottom_tag) + +axiom intP_tags : + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. + instanceof(intP_tag_table, x, intP_tag))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_intP(p:intP pointer, a:int, + intP_alloc_table:intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_intP(p:intP pointer, b:int, + intP_alloc_table:intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +exception Goto_while_0_break_exc of unit + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter intP_alloc_table : intP alloc_table ref + +parameter intP_tag_table : intP tag_table ref + +parameter alloc_struct_intP : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { } intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter alloc_struct_intP_requires : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { ge_int(n, (0))} intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter quick_rec : + t:intP pointer -> + l_0:int -> + r:int -> + intP_intM_t_5:(intP, int) memory ref -> + intP_t_5_alloc_table:intP alloc_table -> + { } unit reads intP_intM_t_5 writes intP_intM_t_5 + { ((JC_42: Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@)) + and ((JC_40: Sorted(t, l_0, add_int(r, (1)), intP_intM_t_5)) + and (JC_36: + not_assigns(intP_t_5_alloc_table, intP_intM_t_5@, + intP_intM_t_5, pset_range(pset_singleton(t), l_0, r))))) } + +parameter quick_rec_requires : + t:intP pointer -> + l_0:int -> + r:int -> + intP_intM_t_5:(intP, int) memory ref -> + intP_t_5_alloc_table:intP alloc_table -> + { (JC_27: + ((JC_25: le_int(offset_min(intP_t_5_alloc_table, t), l_0)) + and (JC_26: ge_int(offset_max(intP_t_5_alloc_table, t), r))))} + unit reads intP_intM_t_5 writes intP_intM_t_5 + { ((JC_42: Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@)) + and ((JC_40: Sorted(t, l_0, add_int(r, (1)), intP_intM_t_5)) + and (JC_36: + not_assigns(intP_t_5_alloc_table, intP_intM_t_5@, + intP_intM_t_5, pset_range(pset_singleton(t), l_0, r))))) } + +parameter quick_sort : + t_0:intP pointer -> + n:int -> + intP_intM_t_0_6:(intP, int) memory ref -> + intP_t_0_6_alloc_table:intP alloc_table -> + { } unit reads intP_intM_t_0_6 writes intP_intM_t_0_6 + { ((JC_147: + Permut(t_0, (0), sub_int(n, (1)), intP_intM_t_0_6, intP_intM_t_0_6@)) + and (JC_145: Sorted(t_0, (0), n, intP_intM_t_0_6))) } + +parameter quick_sort_requires : + t_0:intP pointer -> + n:int -> + intP_intM_t_0_6:(intP, int) memory ref -> + intP_t_0_6_alloc_table:intP alloc_table -> + { (JC_134: + ((JC_132: le_int(offset_min(intP_t_0_6_alloc_table, t_0), (0))) + and (JC_133: + ge_int(offset_max(intP_t_0_6_alloc_table, t_0), sub_int(n, (1))))))} + unit reads intP_intM_t_0_6 writes intP_intM_t_0_6 + { ((JC_147: + Permut(t_0, (0), sub_int(n, (1)), intP_intM_t_0_6, intP_intM_t_0_6@)) + and (JC_145: Sorted(t_0, (0), n, intP_intM_t_0_6))) } + +parameter swap : + t_1:intP pointer -> + i_0:int -> + j_0:int -> + intP_intM_t_1_4:(intP, int) memory ref -> + intP_t_1_4_alloc_table:intP alloc_table -> + { } unit reads intP_intM_t_1_4 writes intP_intM_t_1_4 + { (JC_18: + ((JC_16: Swap(t_1, i_0, j_0, intP_intM_t_1_4, intP_intM_t_1_4@)) + and (JC_17: + not_assigns(intP_t_1_4_alloc_table, intP_intM_t_1_4@, + intP_intM_t_1_4, + pset_union(pset_range(pset_singleton(t_1), j_0, j_0), + pset_range(pset_singleton(t_1), i_0, i_0)))))) } + +parameter swap_requires : + t_1:intP pointer -> + i_0:int -> + j_0:int -> + intP_intM_t_1_4:(intP, int) memory ref -> + intP_t_1_4_alloc_table:intP alloc_table -> + { (JC_5: + ((JC_1: le_int(offset_min(intP_t_1_4_alloc_table, t_1), i_0)) + and ((JC_2: ge_int(offset_max(intP_t_1_4_alloc_table, t_1), i_0)) + and ((JC_3: le_int(offset_min(intP_t_1_4_alloc_table, t_1), j_0)) + and (JC_4: + ge_int(offset_max(intP_t_1_4_alloc_table, t_1), j_0))))))} + unit reads intP_intM_t_1_4 writes intP_intM_t_1_4 + { (JC_18: + ((JC_16: Swap(t_1, i_0, j_0, intP_intM_t_1_4, intP_intM_t_1_4@)) + and (JC_17: + not_assigns(intP_t_1_4_alloc_table, intP_intM_t_1_4@, + intP_intM_t_1_4, + pset_union(pset_range(pset_singleton(t_1), j_0, j_0), + pset_range(pset_singleton(t_1), i_0, i_0)))))) } + +let quick_rec_ensures_default = + fun (t : intP pointer) (l_0 : int) (r : int) (intP_intM_t_5 : (intP, int) memory ref) (intP_t_5_alloc_table : intP alloc_table) -> + { (JC_31: + ((JC_29: le_int(offset_min(intP_t_5_alloc_table, t), l_0)) + and (JC_30: ge_int(offset_max(intP_t_5_alloc_table, t), r)))) } + (init: + try + begin + (let v = ref (any_int void) in + (let m = ref (any_int void) in + (let i_0_1 = ref (any_int void) in + try + begin + try + (C_22: + (C_23: + (C_25: + begin + (if ((ge_int_ l_0) r) then (raise (Return_label_exc void)) + else void); + (let jessie_ = + (v := (C_21: ((safe_acc_ !intP_intM_t_5) (C_20: ((shift t) l_0))))) in + void); (let jessie_ = (m := l_0) in void); + (let jessie_ = (i_0_1 := (C_24: ((add_int l_0) (1)))) in void); + (loop_2: + while true do + { invariant + (((JC_76: + ((JC_72: (select(intP_intM_t_5, shift(t, l_0)) = v)) + and ((JC_73: le_int(l_0, m)) + and ((JC_74: lt_int(m, i_0_1)) + and (JC_75: le_int(i_0_1, add_int(r, (1)))))))) + and ((JC_77: + Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@init)) + and ((JC_78: + (forall j_3:int. + ((lt_int(m, j_3) and lt_int(j_3, i_0_1)) -> + ge_int(select(intP_intM_t_5, shift(t, j_3)), v)))) + and (JC_79: + (forall j_2:int. + ((lt_int(l_0, j_2) and le_int(j_2, m)) -> + lt_int(select(intP_intM_t_5, shift(t, j_2)), v))))))) + and (JC_81: + not_assigns(intP_t_5_alloc_table, intP_intM_t_5@init, + intP_intM_t_5, pset_range(pset_singleton(t), l_0, r)))) + } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_44: + begin + (if ((le_int_ !i_0_1) r) then void + else (raise (Goto_while_0_break_exc void))); + (if ((lt_int_ (C_42: + ((safe_acc_ !intP_intM_t_5) (C_41: + ((shift t) !i_0_1))))) !v) + then + (L1: + (C_38: + begin + (let jessie_ = (m := (C_37: ((add_int !m) (1)))) in + void); void; void; + (C_39: + (let jessie_ = t in + (let jessie_ = !i_0_1 in + (let jessie_ = !m in + (JC_83: + (((((swap jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + (assert + { (JC_84: + Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@L1)) }; + void); void end)) else void); + (i_0_1 := (C_43: ((add_int !i_0_1) (1)))); !i_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end))) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: + (L: + (C_51: + begin + void; + (assert + { (JC_87: ((JC_85: le_int(l_0, m)) and (JC_86: le_int(m, r)))) }; + void); void; + (C_48: + (let jessie_ = t in + (let jessie_ = l_0 in + (let jessie_ = !m in + (JC_88: + (((((swap jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + (assert + { (JC_89: Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@L)) }; + void); void; + (let jessie_ = t in + (let jessie_ = l_0 in + (let jessie_ = (C_50: ((sub_int !m) (1))) in + (JC_90: + (((((quick_rec jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table))))); + (C_53: + (let jessie_ = t in + (let jessie_ = (C_52: ((add_int !m) (1))) in + (let jessie_ = r in + (JC_91: + (((((quick_rec jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))) + end))) end; (raise (Return_label_exc void)) end with + Return_label_exc jessie_ -> (return_label: (raise Return)) end))); + (raise Return) end with Return -> void end) + { (JC_34: + not_assigns(intP_t_5_alloc_table, intP_intM_t_5@, intP_intM_t_5, + pset_range(pset_singleton(t), l_0, r))) } + +let quick_rec_ensures_permutation = + fun (t : intP pointer) (l_0 : int) (r : int) (intP_intM_t_5 : (intP, int) memory ref) (intP_t_5_alloc_table : intP alloc_table) -> + { (JC_31: + ((JC_29: le_int(offset_min(intP_t_5_alloc_table, t), l_0)) + and (JC_30: ge_int(offset_max(intP_t_5_alloc_table, t), r)))) } + (init: + try + begin + (let v = ref (any_int void) in + (let m = ref (any_int void) in + (let i_0_1 = ref (any_int void) in + try + begin + try + (C_22: + (C_23: + (C_25: + begin + (if ((ge_int_ l_0) r) then (raise (Return_label_exc void)) + else void); + (let jessie_ = + (v := (C_21: ((safe_acc_ !intP_intM_t_5) (C_20: ((shift t) l_0))))) in + void); (let jessie_ = (m := l_0) in void); + (let jessie_ = (i_0_1 := (C_24: ((add_int l_0) (1)))) in void); + (loop_4: + while true do + { invariant (JC_121: true) } + begin + [ { } unit reads i_0_1,intP_intM_t_5,m,v + { ((JC_116: + ((JC_112: (select(intP_intM_t_5, shift(t, l_0)) = v)) + and ((JC_113: le_int(l_0, m)) + and ((JC_114: lt_int(m, i_0_1)) + and (JC_115: le_int(i_0_1, add_int(r, (1)))))))) + and ((JC_117: + Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@init)) + and ((JC_118: + (forall j_3:int. + ((lt_int(m, j_3) and lt_int(j_3, i_0_1)) -> + ge_int(select(intP_intM_t_5, shift(t, j_3)), v)))) + and (JC_119: + (forall j_2:int. + ((lt_int(l_0, j_2) and le_int(j_2, m)) -> + lt_int(select(intP_intM_t_5, shift(t, j_2)), + v))))))) } ]; + try + begin + (let jessie_ = + (C_44: + begin + (if ((le_int_ !i_0_1) r) then void + else (raise (Goto_while_0_break_exc void))); + (if ((lt_int_ (C_42: + ((safe_acc_ !intP_intM_t_5) (C_41: + ((shift t) !i_0_1))))) !v) + then + (L1: + (C_38: + begin + (let jessie_ = (m := (C_37: ((add_int !m) (1)))) in + void); void; void; + (C_39: + (let jessie_ = t in + (let jessie_ = !i_0_1 in + (let jessie_ = !m in + (JC_123: + (((((swap jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + [ { } unit reads intP_intM_t_5 + { (JC_124: + Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@L1)) } ]; + void end)) else void); + (i_0_1 := (C_43: ((add_int !i_0_1) (1)))); !i_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end))) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: + (L: + (C_51: + begin + void; + [ { } unit reads m + { (JC_127: ((JC_125: le_int(l_0, m)) and (JC_126: le_int(m, r)))) } ]; + void; + (C_48: + (let jessie_ = t in + (let jessie_ = l_0 in + (let jessie_ = !m in + (JC_128: + (((((swap jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + [ { } unit reads intP_intM_t_5 + { (JC_129: Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@L)) } ]; + void; + (let jessie_ = t in + (let jessie_ = l_0 in + (let jessie_ = (C_50: ((sub_int !m) (1))) in + (JC_130: + (((((quick_rec jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table))))); + (C_53: + (let jessie_ = t in + (let jessie_ = (C_52: ((add_int !m) (1))) in + (let jessie_ = r in + (JC_131: + (((((quick_rec jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))) + end))) end; (raise (Return_label_exc void)) end with + Return_label_exc jessie_ -> (return_label: (raise Return)) end))); + (raise Return) end with Return -> void end) + { (JC_41: Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@)) } + +let quick_rec_ensures_sorted = + fun (t : intP pointer) (l_0 : int) (r : int) (intP_intM_t_5 : (intP, int) memory ref) (intP_t_5_alloc_table : intP alloc_table) -> + { (JC_31: + ((JC_29: le_int(offset_min(intP_t_5_alloc_table, t), l_0)) + and (JC_30: ge_int(offset_max(intP_t_5_alloc_table, t), r)))) } + (init: + try + begin + (let v = ref (any_int void) in + (let m = ref (any_int void) in + (let i_0_1 = ref (any_int void) in + try + begin + try + (C_22: + (C_23: + (C_25: + begin + (if ((ge_int_ l_0) r) then (raise (Return_label_exc void)) + else void); + (let jessie_ = + (v := (C_21: ((safe_acc_ !intP_intM_t_5) (C_20: ((shift t) l_0))))) in + void); (let jessie_ = (m := l_0) in void); + (let jessie_ = (i_0_1 := (C_24: ((add_int l_0) (1)))) in void); + (loop_3: + while true do + { invariant (JC_101: true) } + begin + [ { } unit reads i_0_1,intP_intM_t_5,m,v + { ((JC_96: + ((JC_92: (select(intP_intM_t_5, shift(t, l_0)) = v)) + and ((JC_93: le_int(l_0, m)) + and ((JC_94: lt_int(m, i_0_1)) + and (JC_95: le_int(i_0_1, add_int(r, (1)))))))) + and ((JC_97: + Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@init)) + and ((JC_98: + (forall j_3:int. + ((lt_int(m, j_3) and lt_int(j_3, i_0_1)) -> + ge_int(select(intP_intM_t_5, shift(t, j_3)), v)))) + and (JC_99: + (forall j_2:int. + ((lt_int(l_0, j_2) and le_int(j_2, m)) -> + lt_int(select(intP_intM_t_5, shift(t, j_2)), + v))))))) } ]; + try + begin + (let jessie_ = + (C_44: + begin + (if ((le_int_ !i_0_1) r) then void + else (raise (Goto_while_0_break_exc void))); + (if ((lt_int_ (C_42: + ((safe_acc_ !intP_intM_t_5) (C_41: + ((shift t) !i_0_1))))) !v) + then + (L1: + (C_38: + begin + (let jessie_ = (m := (C_37: ((add_int !m) (1)))) in + void); void; void; + (C_39: + (let jessie_ = t in + (let jessie_ = !i_0_1 in + (let jessie_ = !m in + (JC_103: + (((((swap jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + [ { } unit reads intP_intM_t_5 + { (JC_104: + Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@L1)) } ]; + void end)) else void); + (i_0_1 := (C_43: ((add_int !i_0_1) (1)))); !i_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end))) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: + (L: + (C_51: + begin + void; + [ { } unit reads m + { (JC_107: ((JC_105: le_int(l_0, m)) and (JC_106: le_int(m, r)))) } ]; + void; + (C_48: + (let jessie_ = t in + (let jessie_ = l_0 in + (let jessie_ = !m in + (JC_108: + (((((swap jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + [ { } unit reads intP_intM_t_5 + { (JC_109: Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@L)) } ]; + void; + (let jessie_ = t in + (let jessie_ = l_0 in + (let jessie_ = (C_50: ((sub_int !m) (1))) in + (JC_110: + (((((quick_rec jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table))))); + (C_53: + (let jessie_ = t in + (let jessie_ = (C_52: ((add_int !m) (1))) in + (let jessie_ = r in + (JC_111: + (((((quick_rec jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))) + end))) end; (raise (Return_label_exc void)) end with + Return_label_exc jessie_ -> (return_label: (raise Return)) end))); + (raise Return) end with Return -> void end) + { (JC_39: Sorted(t, l_0, add_int(r, (1)), intP_intM_t_5)) } + +let quick_rec_safety = + fun (t : intP pointer) (l_0 : int) (r : int) (intP_intM_t_5 : (intP, int) memory ref) (intP_t_5_alloc_table : intP alloc_table) -> + { (JC_31: + ((JC_29: le_int(offset_min(intP_t_5_alloc_table, t), l_0)) + and (JC_30: ge_int(offset_max(intP_t_5_alloc_table, t), r)))) } + (init: + try + begin + (let v = ref (any_int void) in + (let m = ref (any_int void) in + (let i_0_1 = ref (any_int void) in + try + begin + try + (C_22: + (C_23: + (C_25: + begin + (if ((ge_int_ l_0) r) then (raise (Return_label_exc void)) + else void); + (let jessie_ = + (v := (C_21: + (JC_43: + ((((offset_acc_ intP_t_5_alloc_table) !intP_intM_t_5) t) l_0)))) in + void); (let jessie_ = (m := l_0) in void); + (let jessie_ = (i_0_1 := (C_24: ((add_int l_0) (1)))) in void); + (loop_1: + while true do + { invariant (JC_53: true) variant (JC_58 : sub_int(r, i_0_1)) } + begin + [ { } unit reads i_0_1,intP_intM_t_5,m,v + { ((JC_48: + ((JC_44: (select(intP_intM_t_5, shift(t, l_0)) = v)) + and ((JC_45: le_int(l_0, m)) + and ((JC_46: lt_int(m, i_0_1)) + and (JC_47: le_int(i_0_1, add_int(r, (1)))))))) + and ((JC_49: + Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@init)) + and ((JC_50: + (forall j_3:int. + ((lt_int(m, j_3) and lt_int(j_3, i_0_1)) -> + ge_int(select(intP_intM_t_5, shift(t, j_3)), v)))) + and (JC_51: + (forall j_2:int. + ((lt_int(l_0, j_2) and le_int(j_2, m)) -> + lt_int(select(intP_intM_t_5, shift(t, j_2)), + v))))))) } ]; + try + begin + (let jessie_ = + (C_44: + begin + (if ((le_int_ !i_0_1) r) then void + else (raise (Goto_while_0_break_exc void))); + (if ((lt_int_ (C_42: + (JC_55: + ((((offset_acc_ intP_t_5_alloc_table) !intP_intM_t_5) t) !i_0_1)))) !v) + then + (L1: + (C_38: + begin + (let jessie_ = (m := (C_37: ((add_int !m) (1)))) in + void); void; void; + (C_39: + (let jessie_ = t in + (let jessie_ = !i_0_1 in + (let jessie_ = !m in + (JC_56: + (((((swap_requires jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + [ { } unit reads intP_intM_t_5 + { (JC_57: + Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@L1)) } ]; + void end)) else void); + (i_0_1 := (C_43: ((add_int !i_0_1) (1)))); !i_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end))) with + Goto_while_0_break_exc jessie_ -> + (while_0_break: + (L: + (C_51: + begin + void; + [ { } unit reads m + { (JC_61: ((JC_59: le_int(l_0, m)) and (JC_60: le_int(m, r)))) } ]; + void; + (C_48: + (let jessie_ = t in + (let jessie_ = l_0 in + (let jessie_ = !m in + (JC_62: + (((((swap_requires jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + [ { } unit reads intP_intM_t_5 + { (JC_63: Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5@L)) } ]; + void; + (let jessie_ = t in + (let jessie_ = l_0 in + (let jessie_ = (C_50: ((sub_int !m) (1))) in + (JC_67: + (check + { zwf_zero((JC_66 : sub_int(jessie_, jessie_)), + (JC_65 : sub_int(r, l_0))) }; + (JC_64: + (((((quick_rec_requires jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table))))))); + (C_53: + (let jessie_ = t in + (let jessie_ = (C_52: ((add_int !m) (1))) in + (let jessie_ = r in + (JC_71: + (check + { zwf_zero((JC_70 : sub_int(jessie_, jessie_)), + (JC_69 : sub_int(r, l_0))) }; + (JC_68: + (((((quick_rec_requires jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))))) + end))) end; (raise (Return_label_exc void)) end with + Return_label_exc jessie_ -> (return_label: (raise Return)) end))); + (raise Return) end with Return -> void end) { true } + +let quick_sort_ensures_default = + fun (t_0 : intP pointer) (n : int) (intP_intM_t_0_6 : (intP, int) memory ref) (intP_t_0_6_alloc_table : intP alloc_table) -> + { (JC_138: + ((JC_136: le_int(offset_min(intP_t_0_6_alloc_table, t_0), (0))) + and (JC_137: + ge_int(offset_max(intP_t_0_6_alloc_table, t_0), sub_int(n, (1)))))) } + (init: + try + (C_62: + begin + (let jessie_ = t_0 in + (let jessie_ = (0) in + (let jessie_ = (C_61: ((sub_int n) (1))) in + (JC_149: + (((((quick_rec jessie_) jessie_) jessie_) intP_intM_t_0_6) intP_t_0_6_alloc_table))))); + (raise Return); (raise Return) end) with Return -> void end) + { (JC_140: true) } + +let quick_sort_ensures_permutation = + fun (t_0 : intP pointer) (n : int) (intP_intM_t_0_6 : (intP, int) memory ref) (intP_t_0_6_alloc_table : intP alloc_table) -> + { (JC_138: + ((JC_136: le_int(offset_min(intP_t_0_6_alloc_table, t_0), (0))) + and (JC_137: + ge_int(offset_max(intP_t_0_6_alloc_table, t_0), sub_int(n, (1)))))) } + (init: + try + (C_62: + begin + (let jessie_ = t_0 in + (let jessie_ = (0) in + (let jessie_ = (C_61: ((sub_int n) (1))) in + (JC_151: + (((((quick_rec jessie_) jessie_) jessie_) intP_intM_t_0_6) intP_t_0_6_alloc_table))))); + (raise Return); (raise Return) end) with Return -> void end) + { (JC_146: + Permut(t_0, (0), sub_int(n, (1)), intP_intM_t_0_6, intP_intM_t_0_6@)) } + +let quick_sort_ensures_sorted = + fun (t_0 : intP pointer) (n : int) (intP_intM_t_0_6 : (intP, int) memory ref) (intP_t_0_6_alloc_table : intP alloc_table) -> + { (JC_138: + ((JC_136: le_int(offset_min(intP_t_0_6_alloc_table, t_0), (0))) + and (JC_137: + ge_int(offset_max(intP_t_0_6_alloc_table, t_0), sub_int(n, (1)))))) } + (init: + try + (C_62: + begin + (let jessie_ = t_0 in + (let jessie_ = (0) in + (let jessie_ = (C_61: ((sub_int n) (1))) in + (JC_150: + (((((quick_rec jessie_) jessie_) jessie_) intP_intM_t_0_6) intP_t_0_6_alloc_table))))); + (raise Return); (raise Return) end) with Return -> void end) + { (JC_144: Sorted(t_0, (0), n, intP_intM_t_0_6)) } + +let quick_sort_safety = + fun (t_0 : intP pointer) (n : int) (intP_intM_t_0_6 : (intP, int) memory ref) (intP_t_0_6_alloc_table : intP alloc_table) -> + { (JC_138: + ((JC_136: le_int(offset_min(intP_t_0_6_alloc_table, t_0), (0))) + and (JC_137: + ge_int(offset_max(intP_t_0_6_alloc_table, t_0), sub_int(n, (1)))))) } + (init: + try + (C_62: + begin + (let jessie_ = t_0 in + (let jessie_ = (0) in + (let jessie_ = (C_61: ((sub_int n) (1))) in + (JC_148: + (((((quick_rec_requires jessie_) jessie_) jessie_) intP_intM_t_0_6) intP_t_0_6_alloc_table))))); + (raise Return); (raise Return) end) with Return -> void end) { true } + +let swap_ensures_default = + fun (t_1 : intP pointer) (i_0 : int) (j_0 : int) (intP_intM_t_1_4 : (intP, int) memory ref) (intP_t_1_4_alloc_table : intP alloc_table) -> + { (JC_11: + ((JC_7: le_int(offset_min(intP_t_1_4_alloc_table, t_1), i_0)) + and ((JC_8: ge_int(offset_max(intP_t_1_4_alloc_table, t_1), i_0)) + and ((JC_9: le_int(offset_min(intP_t_1_4_alloc_table, t_1), j_0)) + and (JC_10: ge_int(offset_max(intP_t_1_4_alloc_table, t_1), j_0)))))) } + (init: + try + begin + (let tmp = ref (any_int void) in + (C_3: + (C_8: + (C_11: + begin + (let jessie_ = + (tmp := (C_2: ((safe_acc_ !intP_intM_t_1_4) (C_1: ((shift t_1) i_0))))) in + void); + (let jessie_ = + (let jessie_ = + (C_5: ((safe_acc_ !intP_intM_t_1_4) (C_4: ((shift t_1) j_0)))) in + (let jessie_ = t_1 in + (let jessie_ = i_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (((safe_upd_ intP_intM_t_1_4) jessie_) jessie_))))) in void); + (let jessie_ = + (let jessie_ = !tmp in + (let jessie_ = t_1 in + (let jessie_ = j_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (((safe_upd_ intP_intM_t_1_4) jessie_) jessie_))))) in void); + (raise Return) end)))); (raise Return) end with Return -> void end) + { (JC_15: + ((JC_13: Swap(t_1, i_0, j_0, intP_intM_t_1_4, intP_intM_t_1_4@)) + and (JC_14: + not_assigns(intP_t_1_4_alloc_table, intP_intM_t_1_4@, + intP_intM_t_1_4, + pset_union(pset_range(pset_singleton(t_1), j_0, j_0), + pset_range(pset_singleton(t_1), i_0, i_0)))))) } + +let swap_safety = + fun (t_1 : intP pointer) (i_0 : int) (j_0 : int) (intP_intM_t_1_4 : (intP, int) memory ref) (intP_t_1_4_alloc_table : intP alloc_table) -> + { (JC_11: + ((JC_7: le_int(offset_min(intP_t_1_4_alloc_table, t_1), i_0)) + and ((JC_8: ge_int(offset_max(intP_t_1_4_alloc_table, t_1), i_0)) + and ((JC_9: le_int(offset_min(intP_t_1_4_alloc_table, t_1), j_0)) + and (JC_10: ge_int(offset_max(intP_t_1_4_alloc_table, t_1), j_0)))))) } + (init: + try + begin + (let tmp = ref (any_int void) in + (C_3: + (C_8: + (C_11: + begin + (let jessie_ = + (tmp := (C_2: + (JC_21: + ((((offset_acc_ intP_t_1_4_alloc_table) !intP_intM_t_1_4) t_1) i_0)))) in + void); + (let jessie_ = + (let jessie_ = + (C_5: + (JC_22: + ((((offset_acc_ intP_t_1_4_alloc_table) !intP_intM_t_1_4) t_1) j_0))) in + (let jessie_ = t_1 in + (let jessie_ = i_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (JC_23: + (((((offset_upd_ intP_t_1_4_alloc_table) intP_intM_t_1_4) jessie_) jessie_) jessie_)))))) in + void); + (let jessie_ = + (let jessie_ = !tmp in + (let jessie_ = t_1 in + (let jessie_ = j_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (JC_24: + (((((offset_upd_ intP_t_1_4_alloc_table) intP_intM_t_1_4) jessie_) jessie_) jessie_)))))) in + void); (raise Return) end)))); (raise Return) end with Return -> + void end) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/quick_sort.why +========== file tests/c/quick_sort.jessie/why/quick_sort_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type charP + +type intP + +type padding + +type voidP + +predicate Swap(a: intP pointer, i: int, j: int, intP_intM_a_1_at_L2: (intP, + int) memory, intP_intM_a_1_at_L1: (intP, int) memory) = + ((select(intP_intM_a_1_at_L1, shift(a, i)) = select(intP_intM_a_1_at_L2, + shift(a, j))) and + ((select(intP_intM_a_1_at_L1, shift(a, j)) = select(intP_intM_a_1_at_L2, + shift(a, i))) and + (forall k:int. + (((k <> i) and (k <> j)) -> (select(intP_intM_a_1_at_L1, shift(a, + k)) = select(intP_intM_a_1_at_L2, shift(a, k))))))) + +logic Permut : intP pointer, int, int, (intP, int) memory, (intP, +int) memory -> prop + +axiom Permut_inversion: + (forall aux_1:intP pointer. + (forall aux_2:int. + (forall aux_3:int. + (forall aux_4:(intP, int) memory. + (forall aux_5:(intP, int) memory [Permut(aux_1, aux_2, aux_3, + aux_4, aux_5)]. + (Permut(aux_1, aux_2, aux_3, aux_4, aux_5) -> + ((exists intP_intM_a_0_2_at_L:(intP, int) memory. + (exists a_1:intP pointer. + (exists l_0_0:int. + (exists h_0:int. + ((aux_1 = a_1) and + ((aux_2 = l_0_0) and + ((aux_3 = h_0) and + ((aux_4 = intP_intM_a_0_2_at_L) and + (aux_5 = intP_intM_a_0_2_at_L))))))))) or + ((exists intP_intM_a_0_2_at_L2:(intP, int) memory. + (exists intP_intM_a_0_2_at_L1:(intP, int) memory. + (exists a_2:intP pointer. + (exists l_1:int. + (exists h_1:int. + (Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) and + ((aux_1 = a_2) and + ((aux_2 = l_1) and + ((aux_3 = h_1) and + ((aux_4 = intP_intM_a_0_2_at_L1) and + (aux_5 = intP_intM_a_0_2_at_L2))))))))))) or + ((exists intP_intM_a_0_2_at_L3:(intP, int) memory. + (exists intP_intM_a_0_2_at_L2:(intP, int) memory. + (exists intP_intM_a_0_2_at_L1:(intP, int) memory. + (exists a_3:intP pointer. + (exists l_2:int. + (exists h_2:int. + ((Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) and Permut(a_3, l_2, + h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L2)) and + ((aux_1 = a_3) and + ((aux_2 = l_2) and + ((aux_3 = h_2) and + ((aux_4 = intP_intM_a_0_2_at_L3) and + (aux_5 = intP_intM_a_0_2_at_L1)))))))))))) or + (exists intP_intM_a_0_2_at_L2:(intP, int) memory. + (exists intP_intM_a_0_2_at_L1:(intP, int) memory. + (exists a_4:intP pointer. + (exists l_3:int. + (exists h_3:int. + (exists i_0_0:int. + (exists j_0_0:int. + (((l_3 <= i_0_0) and + ((i_0_0 <= h_3) and + ((l_3 <= j_0_0) and + ((j_0_0 <= h_3) and Swap(a_4, i_0_0, j_0_0, + intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))) and + ((aux_1 = a_4) and + ((aux_2 = l_3) and + ((aux_3 = h_3) and + ((aux_4 = intP_intM_a_0_2_at_L2) and + (aux_5 = intP_intM_a_0_2_at_L1)))))))))))))))))))))) + +axiom Permut_refl: + (forall intP_intM_a_0_2_at_L:(intP, int) memory. + (forall a_1:intP pointer. + (forall l_0_0:int. + (forall h_0:int. Permut(a_1, l_0_0, h_0, intP_intM_a_0_2_at_L, + intP_intM_a_0_2_at_L))))) + +axiom Permut_sym: + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_2:intP pointer. + (forall l_1:int. + (forall h_1:int. + (Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) -> Permut(a_2, l_1, h_1, + intP_intM_a_0_2_at_L1, intP_intM_a_0_2_at_L2))))))) + +axiom Permut_trans: + (forall intP_intM_a_0_2_at_L3:(intP, int) memory. + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_3:intP pointer. + (forall l_2:int. + (forall h_2:int. + ((Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) and Permut(a_3, l_2, h_2, + intP_intM_a_0_2_at_L3, intP_intM_a_0_2_at_L2)) -> + Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L1)))))))) + +axiom Permut_swap: + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_4:intP pointer. + (forall l_3:int. + (forall h_3:int. + (forall i_0_0:int. + (forall j_0_0:int. + (((l_3 <= i_0_0) and + ((i_0_0 <= h_3) and + ((l_3 <= j_0_0) and + ((j_0_0 <= h_3) and Swap(a_4, i_0_0, j_0_0, + intP_intM_a_0_2_at_L2, intP_intM_a_0_2_at_L1))))) -> + Permut(a_4, l_3, h_3, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))))))) + +predicate Sorted(a_5: intP pointer, l_4: int, h_4: int, + intP_intM_a_5_3_at_L: (intP, int) memory) = + (forall i_1:int. + (forall j_1:int. + (((l_4 <= i_1) and ((i_1 <= j_1) and (j_1 < h_4))) -> + (select(intP_intM_a_5_3_at_L, shift(a_5, + i_1)) <= select(intP_intM_a_5_3_at_L, shift(a_5, j_1)))))) + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +logic intP_tag : intP tag_id + +axiom intP_int: (int_of_tag(intP_tag) = 1) + +logic intP_of_pointer_address : unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr: + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom: parenttag(intP_tag, bottom_tag) + +axiom intP_tags: + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. instanceof(intP_tag_table, x, + intP_tag))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_intP(p: intP pointer, a: int, + intP_alloc_table: intP alloc_table) = (offset_min(intP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_intP(p: intP pointer, b: int, + intP_alloc_table: intP alloc_table) = (offset_max(intP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal quick_rec_ensures_default_po_1: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 >= r) -> + ("JC_34": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, intP_intM_t_5, + pset_range(pset_singleton(t), l_0, r))) + +goal quick_rec_ensures_default_po_2: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + ("JC_76": ("JC_72": (select(intP_intM_t_5, shift(t, l_0)) = v))) + +goal quick_rec_ensures_default_po_3: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + ("JC_76": ("JC_73": (l_0 <= m))) + +goal quick_rec_ensures_default_po_4: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + ("JC_76": ("JC_74": (m < i_0_1))) + +goal quick_rec_ensures_default_po_5: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + ("JC_76": ("JC_75": (i_0_1 <= (r + 1)))) + +goal quick_rec_ensures_default_po_6: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + ("JC_77": Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5)) + +goal quick_rec_ensures_default_po_7: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall j_3:int. + ((m < j_3) and (j_3 < i_0_1)) -> + ("JC_78": (select(intP_intM_t_5, shift(t, j_3)) >= v)) + +goal quick_rec_ensures_default_po_8: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall j_2:int. + ((l_0 < j_2) and (j_2 <= m)) -> + ("JC_79": (select(intP_intM_t_5, shift(t, j_2)) < v)) + +goal quick_rec_ensures_default_po_9: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, intP_intM_t_5, + pset_range(pset_singleton(t), l_0, r))) + +goal quick_rec_ensures_default_po_10: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_84": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) + +goal quick_rec_ensures_default_po_11: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_84": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_76": ("JC_72": (select(intP_intM_t_5_1, shift(t, l_0)) = v))) + +goal quick_rec_ensures_default_po_12: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_84": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_76": ("JC_73": (l_0 <= m1))) + +goal quick_rec_ensures_default_po_13: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_84": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_76": ("JC_74": (m1 < i_0_1_1))) + +goal quick_rec_ensures_default_po_14: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_84": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_76": ("JC_75": (i_0_1_1 <= (r + 1)))) + +goal quick_rec_ensures_default_po_15: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_84": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_77": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5)) + +goal quick_rec_ensures_default_po_16: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_84": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + forall j_3:int. + ((m1 < j_3) and (j_3 < i_0_1_1)) -> + ("JC_78": (select(intP_intM_t_5_1, shift(t, j_3)) >= v)) + +goal quick_rec_ensures_default_po_17: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_84": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + forall j_2:int. + ((l_0 < j_2) and (j_2 <= m1)) -> + ("JC_79": (select(intP_intM_t_5_1, shift(t, j_2)) < v)) + +goal quick_rec_ensures_default_po_18: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_84": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, intP_intM_t_5_1, + pset_range(pset_singleton(t), l_0, r))) + +goal quick_rec_ensures_default_po_19: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 >= v) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_76": ("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v))) + +goal quick_rec_ensures_default_po_20: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 >= v) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_76": ("JC_73": (l_0 <= m0))) + +goal quick_rec_ensures_default_po_21: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 >= v) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_76": ("JC_74": (m0 < i_0_1_1))) + +goal quick_rec_ensures_default_po_22: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 >= v) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_76": ("JC_75": (i_0_1_1 <= (r + 1)))) + +goal quick_rec_ensures_default_po_23: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 >= v) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) + +goal quick_rec_ensures_default_po_24: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 >= v) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + forall j_3:int. + ((m0 < j_3) and (j_3 < i_0_1_1)) -> + ("JC_78": (select(intP_intM_t_5_0, shift(t, j_3)) >= v)) + +goal quick_rec_ensures_default_po_25: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 <= r) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 >= v) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + forall j_2:int. + ((l_0 < j_2) and (j_2 <= m0)) -> + ("JC_79": (select(intP_intM_t_5_0, shift(t, j_2)) < v)) + +goal quick_rec_ensures_default_po_26: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 > r) -> + ("JC_87": ("JC_85": (l_0 <= m0))) + +goal quick_rec_ensures_default_po_27: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 > r) -> + ("JC_87": ("JC_86": (m0 <= r))) + +goal quick_rec_ensures_default_po_28: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 > r) -> + ("JC_87": (("JC_85": (l_0 <= m0)) and ("JC_86": (m0 <= r)))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, l_0, m0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m0, m0), + pset_range(pset_singleton(t), l_0, l_0)))))) -> + ("JC_89": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) + +goal quick_rec_ensures_default_po_29: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ((("JC_76": + (("JC_72": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_73": (l_0 <= m0)) and + (("JC_74": (m0 < i_0_1_0)) and ("JC_75": (i_0_1_0 <= (r + 1))))))) and + (("JC_77": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_78": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, j_3)) >= v)))) and + ("JC_79": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) and + ("JC_81": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_range(pset_singleton(t), l_0, r)))) -> + (i_0_1_0 > r) -> + ("JC_87": (("JC_85": (l_0 <= m0)) and ("JC_86": (m0 <= r)))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, l_0, m0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m0, m0), + pset_range(pset_singleton(t), l_0, l_0)))))) -> + ("JC_89": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall intP_intM_t_5_2:(intP, + int) memory. + (("JC_42": Permut(t, l_0, (m0 - 1), intP_intM_t_5_2, intP_intM_t_5_1)) and + (("JC_40": Sorted(t, l_0, ((m0 - 1) + 1), intP_intM_t_5_2)) and + ("JC_36": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_1, + intP_intM_t_5_2, pset_range(pset_singleton(t), l_0, (m0 - 1)))))) -> + forall intP_intM_t_5_3:(intP, + int) memory. + (("JC_42": Permut(t, (m0 + 1), r, intP_intM_t_5_3, intP_intM_t_5_2)) and + (("JC_40": Sorted(t, (m0 + 1), (r + 1), intP_intM_t_5_3)) and + ("JC_36": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_2, + intP_intM_t_5_3, pset_range(pset_singleton(t), (m0 + 1), r))))) -> + ("JC_34": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, intP_intM_t_5_3, + pset_range(pset_singleton(t), l_0, r))) + +goal quick_rec_ensures_permutation_po_1: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 >= r) -> + ("JC_41": Permut(t, l_0, r, intP_intM_t_5, intP_intM_t_5)) + +goal quick_rec_ensures_permutation_po_2: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_121": true) -> + (("JC_116": + (("JC_112": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_113": (l_0 <= m0)) and + (("JC_114": (m0 < i_0_1_0)) and ("JC_115": (i_0_1_0 <= (r + 1))))))) and + (("JC_117": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_118": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_119": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_127": (("JC_125": (l_0 <= m0)) and ("JC_126": (m0 <= r)))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, l_0, m0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m0, m0), + pset_range(pset_singleton(t), l_0, l_0)))))) -> + ("JC_129": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall intP_intM_t_5_2:(intP, + int) memory. + (("JC_42": Permut(t, l_0, (m0 - 1), intP_intM_t_5_2, intP_intM_t_5_1)) and + (("JC_40": Sorted(t, l_0, ((m0 - 1) + 1), intP_intM_t_5_2)) and + ("JC_36": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_1, + intP_intM_t_5_2, pset_range(pset_singleton(t), l_0, (m0 - 1)))))) -> + forall intP_intM_t_5_3:(intP, + int) memory. + (("JC_42": Permut(t, (m0 + 1), r, intP_intM_t_5_3, intP_intM_t_5_2)) and + (("JC_40": Sorted(t, (m0 + 1), (r + 1), intP_intM_t_5_3)) and + ("JC_36": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_2, + intP_intM_t_5_3, pset_range(pset_singleton(t), (m0 + 1), r))))) -> + ("JC_41": Permut(t, l_0, r, intP_intM_t_5_3, intP_intM_t_5)) + +goal quick_rec_ensures_sorted_po_1: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 >= r) -> + ("JC_39": Sorted(t, l_0, (r + 1), intP_intM_t_5)) + +goal quick_rec_ensures_sorted_po_2: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_101": true) -> + (("JC_96": + (("JC_92": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_93": (l_0 <= m0)) and + (("JC_94": (m0 < i_0_1_0)) and ("JC_95": (i_0_1_0 <= (r + 1))))))) and + (("JC_97": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_98": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_99": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_107": (("JC_105": (l_0 <= m0)) and ("JC_106": (m0 <= r)))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, l_0, m0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m0, m0), + pset_range(pset_singleton(t), l_0, l_0)))))) -> + ("JC_109": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall intP_intM_t_5_2:(intP, + int) memory. + (("JC_42": Permut(t, l_0, (m0 - 1), intP_intM_t_5_2, intP_intM_t_5_1)) and + (("JC_40": Sorted(t, l_0, ((m0 - 1) + 1), intP_intM_t_5_2)) and + ("JC_36": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_1, + intP_intM_t_5_2, pset_range(pset_singleton(t), l_0, (m0 - 1)))))) -> + forall intP_intM_t_5_3:(intP, + int) memory. + (("JC_42": Permut(t, (m0 + 1), r, intP_intM_t_5_3, intP_intM_t_5_2)) and + (("JC_40": Sorted(t, (m0 + 1), (r + 1), intP_intM_t_5_3)) and + ("JC_36": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_2, + intP_intM_t_5_3, pset_range(pset_singleton(t), (m0 + 1), r))))) -> + ("JC_39": Sorted(t, l_0, (r + 1), intP_intM_t_5_3)) + +goal quick_rec_safety_po_1: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + (l_0 <= offset_max(intP_t_5_alloc_table, t)) + +goal quick_rec_safety_po_2: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 <= r) -> + (offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) + +goal quick_rec_safety_po_3: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 <= r) -> + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t)) + +goal quick_rec_safety_po_4: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 <= r) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + ("JC_5": ("JC_2": (offset_max(intP_t_5_alloc_table, t) >= i_0_1_0))) + +goal quick_rec_safety_po_5: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 <= r) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + ("JC_5": ("JC_3": (offset_min(intP_t_5_alloc_table, t) <= m1))) + +goal quick_rec_safety_po_6: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 <= r) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + ("JC_5": ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= m1))) + +goal quick_rec_safety_po_7: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 <= r) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + ("JC_5": + (("JC_1": (offset_min(intP_t_5_alloc_table, t) <= i_0_1_0)) and + (("JC_2": (offset_max(intP_t_5_alloc_table, t) >= i_0_1_0)) and + (("JC_3": (offset_min(intP_t_5_alloc_table, t) <= m1)) and + ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= m1)))))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_57": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + (0 <= ("JC_58": (r - i_0_1_0))) + +goal quick_rec_safety_po_8: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 <= r) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 < v) -> + forall m1:int. + (m1 = (m0 + 1)) -> + ("JC_5": + (("JC_1": (offset_min(intP_t_5_alloc_table, t) <= i_0_1_0)) and + (("JC_2": (offset_max(intP_t_5_alloc_table, t) >= i_0_1_0)) and + (("JC_3": (offset_min(intP_t_5_alloc_table, t) <= m1)) and + ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= m1)))))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, m1, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m1, m1), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_57": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + (("JC_58": (r - i_0_1_1)) < ("JC_58": (r - i_0_1_0))) + +goal quick_rec_safety_po_9: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 <= r) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 >= v) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + (0 <= ("JC_58": (r - i_0_1_0))) + +goal quick_rec_safety_po_10: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 <= r) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + (result0 >= v) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + (("JC_58": (r - i_0_1_1)) < ("JC_58": (r - i_0_1_0))) + +goal quick_rec_safety_po_11: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_61": (("JC_59": (l_0 <= m0)) and ("JC_60": (m0 <= r)))) -> + ("JC_5": ("JC_2": (offset_max(intP_t_5_alloc_table, t) >= l_0))) + +goal quick_rec_safety_po_12: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_61": (("JC_59": (l_0 <= m0)) and ("JC_60": (m0 <= r)))) -> + ("JC_5": ("JC_3": (offset_min(intP_t_5_alloc_table, t) <= m0))) + +goal quick_rec_safety_po_13: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_61": (("JC_59": (l_0 <= m0)) and ("JC_60": (m0 <= r)))) -> + ("JC_5": ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= m0))) + +goal quick_rec_safety_po_14: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_61": (("JC_59": (l_0 <= m0)) and ("JC_60": (m0 <= r)))) -> + ("JC_5": + (("JC_1": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + (("JC_2": (offset_max(intP_t_5_alloc_table, t) >= l_0)) and + (("JC_3": (offset_min(intP_t_5_alloc_table, t) <= m0)) and + ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= m0)))))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, l_0, m0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m0, m0), + pset_range(pset_singleton(t), l_0, l_0)))))) -> + ("JC_63": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + (0 <= ("JC_65": (r - l_0))) + +goal quick_rec_safety_po_15: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_61": (("JC_59": (l_0 <= m0)) and ("JC_60": (m0 <= r)))) -> + ("JC_5": + (("JC_1": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + (("JC_2": (offset_max(intP_t_5_alloc_table, t) >= l_0)) and + (("JC_3": (offset_min(intP_t_5_alloc_table, t) <= m0)) and + ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= m0)))))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, l_0, m0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m0, m0), + pset_range(pset_singleton(t), l_0, l_0)))))) -> + ("JC_63": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + (("JC_66": ((m0 - 1) - l_0)) < ("JC_65": (r - l_0))) + +goal quick_rec_safety_po_16: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_61": (("JC_59": (l_0 <= m0)) and ("JC_60": (m0 <= r)))) -> + ("JC_5": + (("JC_1": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + (("JC_2": (offset_max(intP_t_5_alloc_table, t) >= l_0)) and + (("JC_3": (offset_min(intP_t_5_alloc_table, t) <= m0)) and + ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= m0)))))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, l_0, m0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m0, m0), + pset_range(pset_singleton(t), l_0, l_0)))))) -> + ("JC_63": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + ("JC_27": ("JC_26": (offset_max(intP_t_5_alloc_table, t) >= (m0 - 1)))) + +goal quick_rec_safety_po_17: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_61": (("JC_59": (l_0 <= m0)) and ("JC_60": (m0 <= r)))) -> + ("JC_5": + (("JC_1": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + (("JC_2": (offset_max(intP_t_5_alloc_table, t) >= l_0)) and + (("JC_3": (offset_min(intP_t_5_alloc_table, t) <= m0)) and + ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= m0)))))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, l_0, m0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m0, m0), + pset_range(pset_singleton(t), l_0, l_0)))))) -> + ("JC_63": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + ("JC_27": + (("JC_25": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_26": (offset_max(intP_t_5_alloc_table, t) >= (m0 - 1))))) -> + forall intP_intM_t_5_2:(intP, + int) memory. + (("JC_42": Permut(t, l_0, (m0 - 1), intP_intM_t_5_2, intP_intM_t_5_1)) and + (("JC_40": Sorted(t, l_0, ((m0 - 1) + 1), intP_intM_t_5_2)) and + ("JC_36": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_1, + intP_intM_t_5_2, pset_range(pset_singleton(t), l_0, (m0 - 1)))))) -> + (0 <= ("JC_69": (r - l_0))) + +goal quick_rec_safety_po_18: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_61": (("JC_59": (l_0 <= m0)) and ("JC_60": (m0 <= r)))) -> + ("JC_5": + (("JC_1": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + (("JC_2": (offset_max(intP_t_5_alloc_table, t) >= l_0)) and + (("JC_3": (offset_min(intP_t_5_alloc_table, t) <= m0)) and + ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= m0)))))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, l_0, m0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m0, m0), + pset_range(pset_singleton(t), l_0, l_0)))))) -> + ("JC_63": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + ("JC_27": + (("JC_25": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_26": (offset_max(intP_t_5_alloc_table, t) >= (m0 - 1))))) -> + forall intP_intM_t_5_2:(intP, + int) memory. + (("JC_42": Permut(t, l_0, (m0 - 1), intP_intM_t_5_2, intP_intM_t_5_1)) and + (("JC_40": Sorted(t, l_0, ((m0 - 1) + 1), intP_intM_t_5_2)) and + ("JC_36": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_1, + intP_intM_t_5_2, pset_range(pset_singleton(t), l_0, (m0 - 1)))))) -> + (("JC_70": (r - (m0 + 1))) < ("JC_69": (r - l_0))) + +goal quick_rec_safety_po_19: + forall t:intP pointer. + forall l_0:int. + forall r:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= r)))) -> + (l_0 < r) -> + ((offset_min(intP_t_5_alloc_table, t) <= l_0) and + (l_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, l_0))) -> + forall v:int. + (v = result) -> + forall m:int. + (m = l_0) -> + forall i_0_1:int. + (i_0_1 = (l_0 + 1)) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + forall m0:int. + ("JC_53": true) -> + (("JC_48": + (("JC_44": (select(intP_intM_t_5_0, shift(t, l_0)) = v)) and + (("JC_45": (l_0 <= m0)) and + (("JC_46": (m0 < i_0_1_0)) and ("JC_47": (i_0_1_0 <= (r + 1))))))) and + (("JC_49": Permut(t, l_0, r, intP_intM_t_5_0, intP_intM_t_5)) and + (("JC_50": + (forall j_3:int. + (((m0 < j_3) and (j_3 < i_0_1_0)) -> (select(intP_intM_t_5_0, shift(t, + j_3)) >= v)))) and + ("JC_51": + (forall j_2:int. + (((l_0 < j_2) and (j_2 <= m0)) -> (select(intP_intM_t_5_0, shift(t, + j_2)) < v))))))) -> + (i_0_1_0 > r) -> + ("JC_61": (("JC_59": (l_0 <= m0)) and ("JC_60": (m0 <= r)))) -> + ("JC_5": + (("JC_1": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + (("JC_2": (offset_max(intP_t_5_alloc_table, t) >= l_0)) and + (("JC_3": (offset_min(intP_t_5_alloc_table, t) <= m0)) and + ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= m0)))))) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, l_0, m0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), m0, m0), + pset_range(pset_singleton(t), l_0, l_0)))))) -> + ("JC_63": Permut(t, l_0, r, intP_intM_t_5_1, intP_intM_t_5_0)) -> + ("JC_27": + (("JC_25": (offset_min(intP_t_5_alloc_table, t) <= l_0)) and + ("JC_26": (offset_max(intP_t_5_alloc_table, t) >= (m0 - 1))))) -> + forall intP_intM_t_5_2:(intP, + int) memory. + (("JC_42": Permut(t, l_0, (m0 - 1), intP_intM_t_5_2, intP_intM_t_5_1)) and + (("JC_40": Sorted(t, l_0, ((m0 - 1) + 1), intP_intM_t_5_2)) and + ("JC_36": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_1, + intP_intM_t_5_2, pset_range(pset_singleton(t), l_0, (m0 - 1)))))) -> + ("JC_27": ("JC_25": (offset_min(intP_t_5_alloc_table, t) <= (m0 + 1)))) + +goal quick_sort_ensures_sorted_po_1: + forall t_0:intP pointer. + forall n:int. + forall intP_t_0_6_alloc_table:intP alloc_table. + forall intP_intM_t_0_6:(intP, + int) memory. + ("JC_138": + (("JC_136": (offset_min(intP_t_0_6_alloc_table, t_0) <= 0)) and + ("JC_137": (offset_max(intP_t_0_6_alloc_table, t_0) >= (n - 1))))) -> + forall intP_intM_t_0_6_0:(intP, + int) memory. + (("JC_42": Permut(t_0, 0, (n - 1), intP_intM_t_0_6_0, intP_intM_t_0_6)) and + (("JC_40": Sorted(t_0, 0, ((n - 1) + 1), intP_intM_t_0_6_0)) and + ("JC_36": not_assigns(intP_t_0_6_alloc_table, intP_intM_t_0_6, + intP_intM_t_0_6_0, pset_range(pset_singleton(t_0), 0, (n - 1)))))) -> + ("JC_144": Sorted(t_0, 0, n, intP_intM_t_0_6_0)) + +goal swap_ensures_default_po_1: + forall t_1:intP pointer. + forall i_0:int. + forall j_0:int. + forall intP_t_1_4_alloc_table:intP alloc_table. + forall intP_intM_t_1_4:(intP, + int) memory. + ("JC_11": + (("JC_7": (offset_min(intP_t_1_4_alloc_table, t_1) <= i_0)) and + (("JC_8": (offset_max(intP_t_1_4_alloc_table, t_1) >= i_0)) and + (("JC_9": (offset_min(intP_t_1_4_alloc_table, t_1) <= j_0)) and + ("JC_10": (offset_max(intP_t_1_4_alloc_table, t_1) >= j_0)))))) -> + forall result:int. + (result = select(intP_intM_t_1_4, shift(t_1, i_0))) -> + forall tmp:int. + (tmp = result) -> + forall result0:int. + (result0 = select(intP_intM_t_1_4, shift(t_1, j_0))) -> + forall intP_intM_t_1_4_0:(intP, + int) memory. + (intP_intM_t_1_4_0 = store(intP_intM_t_1_4, shift(t_1, i_0), result0)) -> + forall intP_intM_t_1_4_1:(intP, + int) memory. + (intP_intM_t_1_4_1 = store(intP_intM_t_1_4_0, shift(t_1, j_0), tmp)) -> + ("JC_15": + ("JC_13": Swap(t_1, i_0, j_0, intP_intM_t_1_4_1, intP_intM_t_1_4))) + +goal swap_ensures_default_po_2: + forall t_1:intP pointer. + forall i_0:int. + forall j_0:int. + forall intP_t_1_4_alloc_table:intP alloc_table. + forall intP_intM_t_1_4:(intP, + int) memory. + ("JC_11": + (("JC_7": (offset_min(intP_t_1_4_alloc_table, t_1) <= i_0)) and + (("JC_8": (offset_max(intP_t_1_4_alloc_table, t_1) >= i_0)) and + (("JC_9": (offset_min(intP_t_1_4_alloc_table, t_1) <= j_0)) and + ("JC_10": (offset_max(intP_t_1_4_alloc_table, t_1) >= j_0)))))) -> + forall result:int. + (result = select(intP_intM_t_1_4, shift(t_1, i_0))) -> + forall tmp:int. + (tmp = result) -> + forall result0:int. + (result0 = select(intP_intM_t_1_4, shift(t_1, j_0))) -> + forall intP_intM_t_1_4_0:(intP, + int) memory. + (intP_intM_t_1_4_0 = store(intP_intM_t_1_4, shift(t_1, i_0), result0)) -> + forall intP_intM_t_1_4_1:(intP, + int) memory. + (intP_intM_t_1_4_1 = store(intP_intM_t_1_4_0, shift(t_1, j_0), tmp)) -> + ("JC_15": + ("JC_14": not_assigns(intP_t_1_4_alloc_table, intP_intM_t_1_4, + intP_intM_t_1_4_1, pset_union(pset_range(pset_singleton(t_1), j_0, j_0), + pset_range(pset_singleton(t_1), i_0, i_0))))) + +goal swap_safety_po_1: + forall t_1:intP pointer. + forall i_0:int. + forall j_0:int. + forall intP_t_1_4_alloc_table:intP alloc_table. + ("JC_11": + (("JC_7": (offset_min(intP_t_1_4_alloc_table, t_1) <= i_0)) and + (("JC_8": (offset_max(intP_t_1_4_alloc_table, t_1) >= i_0)) and + (("JC_9": (offset_min(intP_t_1_4_alloc_table, t_1) <= j_0)) and + ("JC_10": (offset_max(intP_t_1_4_alloc_table, t_1) >= j_0)))))) -> + (i_0 <= offset_max(intP_t_1_4_alloc_table, t_1)) + +goal swap_safety_po_2: + forall t_1:intP pointer. + forall i_0:int. + forall j_0:int. + forall intP_t_1_4_alloc_table:intP alloc_table. + forall intP_intM_t_1_4:(intP, + int) memory. + ("JC_11": + (("JC_7": (offset_min(intP_t_1_4_alloc_table, t_1) <= i_0)) and + (("JC_8": (offset_max(intP_t_1_4_alloc_table, t_1) >= i_0)) and + (("JC_9": (offset_min(intP_t_1_4_alloc_table, t_1) <= j_0)) and + ("JC_10": (offset_max(intP_t_1_4_alloc_table, t_1) >= j_0)))))) -> + ((offset_min(intP_t_1_4_alloc_table, t_1) <= i_0) and + (i_0 <= offset_max(intP_t_1_4_alloc_table, t_1))) -> + forall result:int. + (result = select(intP_intM_t_1_4, shift(t_1, i_0))) -> + forall tmp:int. + (tmp = result) -> + (offset_min(intP_t_1_4_alloc_table, t_1) <= j_0) + +goal swap_safety_po_3: + forall t_1:intP pointer. + forall i_0:int. + forall j_0:int. + forall intP_t_1_4_alloc_table:intP alloc_table. + forall intP_intM_t_1_4:(intP, + int) memory. + ("JC_11": + (("JC_7": (offset_min(intP_t_1_4_alloc_table, t_1) <= i_0)) and + (("JC_8": (offset_max(intP_t_1_4_alloc_table, t_1) >= i_0)) and + (("JC_9": (offset_min(intP_t_1_4_alloc_table, t_1) <= j_0)) and + ("JC_10": (offset_max(intP_t_1_4_alloc_table, t_1) >= j_0)))))) -> + ((offset_min(intP_t_1_4_alloc_table, t_1) <= i_0) and + (i_0 <= offset_max(intP_t_1_4_alloc_table, t_1))) -> + forall result:int. + (result = select(intP_intM_t_1_4, shift(t_1, i_0))) -> + forall tmp:int. + (tmp = result) -> + (j_0 <= offset_max(intP_t_1_4_alloc_table, t_1)) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/quick_sort_why.why : .................#..........#.#.#.....................#... (53/0/0/5/0) +total : 58 +valid : 53 ( 91%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 5 ( 9%) +failure : 0 ( 0%) +// RUNSIMPLIFY: will ask regtests to run Simplify on this program +========== generation of Simplify VC output ========== +why -simplify [...] why/quick_sort.why +========== file tests/c/quick_sort.jessie/simplify/quick_sort_why.sx ========== + +;; DO NOT EDIT BELOW THIS LINE + +(BG_PUSH (NEQ |@true| |@false|)) + +(DEFPRED (zwf_zero a b) (AND (<= 0 b) (< a b))) + +(BG_PUSH + ;; Why axiom bool_and_def + (FORALL (a b) + (IFF (EQ (bool_and a b) |@true|) (AND (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_or_def + (FORALL (a b) + (IFF (EQ (bool_or a b) |@true|) (OR (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_xor_def + (FORALL (a b) (IFF (EQ (bool_xor a b) |@true|) (NEQ a b)))) + +(BG_PUSH + ;; Why axiom bool_not_def + (FORALL (a) (IFF (EQ (bool_not a) |@true|) (EQ a |@false|)))) + +(BG_PUSH + ;; Why axiom ite_true + (FORALL (x y) (EQ (ite |@true| x y) x))) + +(BG_PUSH + ;; Why axiom ite_false + (FORALL (x y) (EQ (ite |@false| x y) y))) + +(BG_PUSH + ;; Why axiom lt_int_bool_axiom + (FORALL (x y) (IFF (EQ (lt_int_bool x y) |@true|) (< x y)))) + +(BG_PUSH + ;; Why axiom le_int_bool_axiom + (FORALL (x y) (IFF (EQ (le_int_bool x y) |@true|) (<= x y)))) + +(BG_PUSH + ;; Why axiom gt_int_bool_axiom + (FORALL (x y) (IFF (EQ (gt_int_bool x y) |@true|) (> x y)))) + +(BG_PUSH + ;; Why axiom ge_int_bool_axiom + (FORALL (x y) (IFF (EQ (ge_int_bool x y) |@true|) (>= x y)))) + +(BG_PUSH + ;; Why axiom eq_int_bool_axiom + (FORALL (x y) (IFF (EQ (eq_int_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_int_bool_axiom + (FORALL (x y) (IFF (EQ (neq_int_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom abs_int_pos + (FORALL (x) (IMPLIES (>= x 0) (EQ (abs_int x) x)))) + +(BG_PUSH + ;; Why axiom abs_int_neg + (FORALL (x) (IMPLIES (<= x 0) (EQ (abs_int x) (- 0 x))))) + +(BG_PUSH + ;; Why axiom int_max_is_ge + (FORALL (x y) (AND (>= (int_max x y) x) (>= (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_max_is_some + (FORALL (x y) (OR (EQ (int_max x y) x) (EQ (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_le + (FORALL (x y) (AND (<= (int_min x y) x) (<= (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_some + (FORALL (x y) (OR (EQ (int_min x y) x) (EQ (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom real_of_int_zero + (EQ (real_of_int 0) real_constant_0_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_one + (EQ (real_of_int 1) real_constant_1_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_add + (FORALL (x y) + (EQ (real_of_int (+ x y)) (real_add (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom real_of_int_sub + (FORALL (x y) + (EQ (real_of_int (- x y)) (real_sub (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom truncate_down_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (AND (EQ (le_real (real_of_int (truncate_real_to_int x)) x) |@true|) + (EQ (lt_real x (real_of_int (+ (truncate_real_to_int x) 1))) |@true|))))) + +(BG_PUSH + ;; Why axiom truncate_up_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (AND (EQ (lt_real (real_of_int (- (truncate_real_to_int x) 1)) x) |@true|) + (EQ (le_real x (real_of_int (truncate_real_to_int x))) |@true|))))) + +(BG_PUSH + ;; Why axiom lt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (lt_real_bool x y) |@true|) (EQ (lt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom le_real_bool_axiom + (FORALL (x y) + (IFF (EQ (le_real_bool x y) |@true|) (EQ (le_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom gt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (gt_real_bool x y) |@true|) (EQ (gt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom ge_real_bool_axiom + (FORALL (x y) + (IFF (EQ (ge_real_bool x y) |@true|) (EQ (ge_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom eq_real_bool_axiom + (FORALL (x y) (IFF (EQ (eq_real_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_real_bool_axiom + (FORALL (x y) (IFF (EQ (neq_real_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom real_max_is_ge + (FORALL (x y) + (AND (EQ (ge_real (real_max x y) x) |@true|) + (EQ (ge_real (real_max x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_max_is_some + (FORALL (x y) (OR (EQ (real_max x y) x) (EQ (real_max x y) y)))) + +(BG_PUSH + ;; Why axiom real_min_is_le + (FORALL (x y) + (AND (EQ (le_real (real_min x y) x) |@true|) + (EQ (le_real (real_min x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_min_is_some + (FORALL (x y) (OR (EQ (real_min x y) x) (EQ (real_min x y) y)))) + +(BG_PUSH + ;; Why axiom sqr_real_def + (FORALL (x) (EQ (sqr_real x) (real_mul x x)))) + +(BG_PUSH + ;; Why axiom sqrt_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (ge_real (real_sqrt x) real_constant_0_0e) |@true|)))) + +(BG_PUSH + ;; Why axiom sqrt_sqr + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (sqr_real (real_sqrt x)) x)))) + +(BG_PUSH + ;; Why axiom sqr_sqrt + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (real_sqrt (real_mul x x)) x)))) + +(BG_PUSH + ;; Why axiom abs_real_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) (EQ (real_abs x) x)))) + +(BG_PUSH + ;; Why axiom abs_real_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (EQ (real_abs x) (real_neg x))))) + +(BG_PUSH + ;; Why axiom log_exp + (FORALL (x) (EQ (log (exp x)) x))) + +(BG_PUSH + ;; Why axiom exp_log + (FORALL (x) + (IMPLIES (EQ (gt_real x real_constant_0_0e) |@true|) (EQ (exp (log x)) x)))) + +(BG_PUSH + ;; Why axiom prod_pos + (FORALL (x y) + (AND + (IMPLIES + (AND (EQ (gt_real x real_constant_0_0e) |@true|) + (EQ (gt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|)) + (IMPLIES + (AND (EQ (lt_real x real_constant_0_0e) |@true|) + (EQ (lt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|))))) + +(BG_PUSH + ;; Why axiom abs_minus + (FORALL (x) (EQ (real_abs (real_neg x)) (real_abs x)))) + +(BG_PUSH + ;; Why axiom math_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (math_div x y)) (math_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (math_div x y)) (math_mod x y))))))) + +(BG_PUSH + ;; Why axiom math_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) + (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))))) + +(BG_PUSH + ;; Why axiom computer_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))))) + +(BG_PUSH + ;; Why axiom computer_div_bound + (FORALL (x y) + (IMPLIES (AND (>= x 0) (> y 0)) + (AND (<= 0 (computer_div x y)) (<= (computer_div x y) x))))) + +(BG_PUSH + ;; Why axiom computer_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) (< (abs_int (computer_mod x y)) (abs_int y)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (< (abs_int (computer_mod x y)) (abs_int y)))))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_pos + (FORALL (x y) (IMPLIES (AND (>= x 0) (NEQ y 0)) (>= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_neg + (FORALL (x y) (IMPLIES (AND (<= x 0) (NEQ y 0)) (<= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_rounds_toward_zero + (FORALL (x y) + (IMPLIES (NEQ y 0) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))))) + +(DEFPRED (valid a p) (AND (<= (offset_min a p) 0) (>= (offset_max a p) 0))) + +(DEFPRED (same_block p q) (EQ (base_block p) (base_block q))) + +(BG_PUSH + ;; Why axiom address_injective + (FORALL (p q) (IFF (EQ p q) (EQ (address p) (address q))))) + +(BG_PUSH + ;; Why axiom address_null + (EQ (address null) 0)) + +(BG_PUSH + ;; Why axiom address_shift_lt + (FORALL (p i j) + (IFF (< (address (shift p i)) (address (shift p j))) (< i j)))) + +(BG_PUSH + ;; Why axiom address_shift_le + (FORALL (p i j) + (IFF (<= (address (shift p i)) (address (shift p j))) (<= i j)))) + +(BG_PUSH + ;; Why axiom shift_zero + (FORALL (p) (EQ (shift p 0) p))) + +(BG_PUSH + ;; Why axiom shift_shift + (FORALL (p i j) (EQ (shift (shift p i) j) (shift p (+ i j))))) + +(BG_PUSH + ;; Why axiom offset_max_shift + (FORALL (a p i) (EQ (offset_max a (shift p i)) (- (offset_max a p) i)))) + +(BG_PUSH + ;; Why axiom offset_min_shift + (FORALL (a p i) (EQ (offset_min a (shift p i)) (- (offset_min a p) i)))) + +(BG_PUSH + ;; Why axiom neq_shift + (FORALL (p i j) (IMPLIES (NEQ i j) (NEQ (shift p i) (shift p j)))) + + (FORALL (i j) + (IMPLIES (NEQ i j) (FORALL (p) (NEQ (shift p i) (shift p j)))))) + +(BG_PUSH + ;; Why axiom null_not_valid + (FORALL (a) (NOT (valid a null)))) + +(BG_PUSH + ;; Why axiom null_pointer + (FORALL (a) + (AND (>= (offset_min a null) 0) (<= (offset_max a null) (- 0 2))))) + +(BG_PUSH + ;; Why axiom eq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (eq_pointer_bool p1 p2) |@true|) (EQ p1 p2)))) + +(BG_PUSH + ;; Why axiom neq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (neq_pointer_bool p1 p2) |@true|) (NEQ p1 p2)))) + +(BG_PUSH + ;; Why axiom same_block_shift_right + (FORALL (p q i) (IMPLIES (same_block p q) (same_block p (shift q i)))) + + (FORALL (p q) + (IMPLIES (same_block p q) (FORALL (i) (same_block p (shift q i)))))) + +(BG_PUSH + ;; Why axiom same_block_shift_left + (FORALL (p q i) (IMPLIES (same_block q p) (same_block (shift q i) p))) + + (FORALL (p q) + (IMPLIES (same_block q p) (FORALL (i) (same_block (shift q i) p))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift + (FORALL (p q) (IMPLIES (same_block p q) (EQ p (shift q (sub_pointer p q)))))) + +(BG_PUSH + ;; Why axiom sub_pointer_self + (FORALL (p) (EQ (sub_pointer p p) 0))) + +(BG_PUSH + ;; Why axiom sub_pointer_zero + (FORALL (p q) + (IMPLIES (same_block p q) (IMPLIES (EQ (sub_pointer p q) 0) (EQ p q))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_left + (FORALL (p q i) (EQ (sub_pointer (shift p i) q) (+ (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_right + (FORALL (p q i) (EQ (sub_pointer p (shift q i)) (- (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom select_store_eq + (FORALL (m p1 p2 a) + (IMPLIES (EQ p1 p2) (EQ (select (|why__store| m p1 a) p2) a))) + + (FORALL (p1 p2) + (IMPLIES (EQ p1 p2) (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) a))))) + +(BG_PUSH + ;; Why axiom select_store_neq + (FORALL (m p1 p2 a) + (IMPLIES (NEQ p1 p2) (EQ (select (|why__store| m p1 a) p2) (select m p2)))) + + (FORALL (p1 p2) + (IMPLIES (NEQ p1 p2) + (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) (select m p2)))))) + +(DEFPRED (pset_disjoint ps1 ps2) + (FORALL (p) + (NOT (AND (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|))))) + +(DEFPRED (pset_included ps1 ps2) + (FORALL (p) + (IMPLIES (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|)))) + +(BG_PUSH + ;; Why axiom pset_included_self + (FORALL (ps) (pset_included ps ps))) + +(BG_PUSH + ;; Why axiom pset_included_range + (FORALL (ps a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (pset_included (pset_range ps a b) (pset_range ps c d)))) + + (FORALL (a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (FORALL (ps) (pset_included (pset_range ps a b) (pset_range ps c d)))))) + +(BG_PUSH + ;; Why axiom pset_included_range_all + (FORALL (ps a b c d) (pset_included (pset_range ps a b) (pset_all ps)))) + +(BG_PUSH + ;; Why axiom in_pset_empty + (FORALL (p) (NOT (EQ (in_pset p pset_empty) |@true|)))) + +(BG_PUSH + ;; Why axiom in_pset_singleton + (FORALL (p q) (IFF (EQ (in_pset p (pset_singleton q)) |@true|) (EQ p q)))) + +(BG_PUSH + ;; Why axiom in_pset_deref + (FORALL (p m q) + (IFF (EQ (in_pset p (pset_deref m q)) |@true|) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))))))) + +(BG_PUSH + ;; Why axiom in_pset_all + (FORALL (p q) + (IFF (EQ (in_pset p (pset_all q)) |@true|) + (EXISTS (i) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))) + +(BG_PUSH + ;; Why axiom in_pset_range + (FORALL (p q a b) + (IFF (EQ (in_pset p (pset_range q a b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_left + (FORALL (p q b) + (IFF (EQ (in_pset p (pset_range_left q b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_right + (FORALL (p q a) + (IFF (EQ (in_pset p (pset_range_right q a)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_union + (FORALL (p s1 s2) + (IFF (EQ (in_pset p (pset_union s1 s2)) |@true|) + (OR (EQ (in_pset p s1) |@true|) (EQ (in_pset p s2) |@true|))))) + +(BG_PUSH + ;; Why axiom valid_pset_empty + (FORALL (a) (EQ (valid_pset a pset_empty) |@true|))) + +(BG_PUSH + ;; Why axiom valid_pset_singleton + (FORALL (a p) + (IFF (EQ (valid_pset a (pset_singleton p)) |@true|) (valid a p)))) + +(BG_PUSH + ;; Why axiom valid_pset_deref + (FORALL (a m q) + (IFF (EQ (valid_pset a (pset_deref m q)) |@true|) + (FORALL (r p) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))) (valid a p)))))) + +(BG_PUSH + ;; Why axiom valid_pset_range + (FORALL (a q c d) + (IFF (EQ (valid_pset a (pset_range q c d)) |@true|) + (FORALL (i r) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (AND (<= c i) (<= i d))) + (valid a (shift r i))))))) + +(BG_PUSH + ;; Why axiom valid_pset_union + (FORALL (a s1 s2) + (IFF (EQ (valid_pset a (pset_union s1 s2)) |@true|) + (AND (EQ (valid_pset a s1) |@true|) (EQ (valid_pset a s2) |@true|))))) + +(DEFPRED (not_assigns a m1 m2 l) + (FORALL (p) + (IMPLIES (AND (valid a p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (select m2 p) (select m1 p))))) + +(BG_PUSH + ;; Why axiom not_assigns_refl + (FORALL (a m l) (not_assigns a m m l))) + +(BG_PUSH + ;; Why axiom not_assigns_trans + (FORALL (a m1 m2 m3 l) + (IMPLIES (not_assigns a m1 m2 l) + (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))) + + (FORALL (a m1 m2 l) + (IMPLIES (not_assigns a m1 m2 l) + (FORALL (m3) (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))))) + +(BG_PUSH + ;; Why axiom full_separated_shift1 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift2 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift3 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift4 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom subtag_bool_def + (FORALL (t1 t2) + (IFF (EQ (subtag_bool t1 t2) |@true|) (EQ (subtag t1 t2) |@true|)))) + +(BG_PUSH + ;; Why axiom subtag_refl + (FORALL (t) (EQ (subtag t t) |@true|))) + +(BG_PUSH + ;; Why axiom subtag_parent + (FORALL (t1 t2 t3) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))) + + (FORALL (t1 t2) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (FORALL (t3) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))))) + +(DEFPRED (instanceof a p t) (EQ (subtag (typeof a p) t) |@true|)) + +(BG_PUSH + ;; Why axiom downcast_instanceof + (FORALL (a p s) (IMPLIES (instanceof a p s) (EQ (downcast a p s) p)))) + +(BG_PUSH + ;; Why axiom bottom_tag_axiom + (FORALL (t) (EQ (subtag t bottom_tag) |@true|))) + +(DEFPRED (root_tag t) (EQ (parenttag t bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom root_subtag + (FORALL (a b c) + (IMPLIES (root_tag a) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|))))))) + + (FORALL (a) + (IMPLIES (root_tag a) + (FORALL (b) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (FORALL (c) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|)))))))))) + +(DEFPRED (fully_packed tag_table mutable this) + (EQ (select mutable this) (typeof tag_table this))) + +(BG_PUSH + ;; Why axiom bw_and_not_null + (FORALL (a b) (IMPLIES (NEQ (bw_and a b) 0) (AND (NEQ a 0) (NEQ b 0))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsl a b))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_monotone + (FORALL (a1 a2 b) + (IMPLIES (AND (<= 0 a1) (AND (<= a1 a2) (<= 0 b))) + (<= (lsl a1 b) (lsl a2 b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_decreases + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_positive_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (asr a b))))) + +(BG_PUSH + ;; Why axiom asr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (asr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_lsr_same_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (asr a b) (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsl_of_lsr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsl (lsr a b) b) a)))) + +(BG_PUSH + ;; Why axiom lsr_of_lsl_identity_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (lsr (lsl a b) b) a)))) + +(DEFPRED (alloc_fresh a p n) + (FORALL (i) (IMPLIES (AND (<= 0 i) (< i n)) (NOT (valid a (shift p i)))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_min + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_max + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_not_assigns_empty + (FORALL (a1 a2 m1 m2 l p n) + (IMPLIES + (AND (EQ (alloc_extends a1 a2) |@true|) + (AND (alloc_fresh a1 p n) + (AND (not_assigns a2 m1 m2 l) + (pset_included l (pset_all (pset_singleton p)))))) + (not_assigns a1 m1 m2 pset_empty)))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_min + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_max + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom disj_sym + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) (EQ (disj_mybag s2 s1) |@true|)))) + +(BG_PUSH + ;; Why axiom sub_refl + (FORALL (sa) (EQ (sub_mybag sa sa) |@true|))) + +(BG_PUSH + ;; Why axiom sub_disj + (FORALL (s1 s2 s3) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))) + + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (FORALL (s3) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))))) + +(BG_PUSH + ;; Why axiom sub_in + (FORALL (s1 s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))) + + (FORALL (s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (FORALL (s1) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_refl + (FORALL (sa m) (EQ (frame_between sa m m) |@true|))) + +(BG_PUSH + ;; Why axiom frame_between_gen + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (FORALL (v) (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen2 + (FORALL (sa m1 m2 m3) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub1 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 s13) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (FORALL (m2 m1) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s23 m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub2 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 m1 m2) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s13 s23) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_pointer + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (EQ (select m1 p) (select m2 p))))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (FORALL (v) (EQ (select m1 p) (select m2 p)))))))) + +(BG_PUSH + ;; Why axiom frame_between_sub + (FORALL (sa sb m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (sb) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))))) + +(DEFPRED (Swap a i j intP_intM_a_1_at_L2 intP_intM_a_1_at_L1) + (AND + (EQ (select intP_intM_a_1_at_L1 (shift a i)) + (select intP_intM_a_1_at_L2 (shift a j))) + (AND + (EQ (select intP_intM_a_1_at_L1 (shift a j)) + (select intP_intM_a_1_at_L2 (shift a i))) + (FORALL (k) + (IMPLIES (AND (NEQ k i) (NEQ k j)) + (EQ (select intP_intM_a_1_at_L1 (shift a k)) + (select intP_intM_a_1_at_L2 (shift a k)))))))) + +(BG_PUSH + ;; Why axiom Permut_inversion + (FORALL (aux_1 aux_2 aux_3 aux_4 aux_5) + (IMPLIES (EQ (Permut aux_1 aux_2 aux_3 aux_4 aux_5) |@true|) + (OR + (EXISTS (intP_intM_a_0_2_at_L) + (EXISTS (a_1) + (EXISTS (l_0_0) + (EXISTS (h_0) + (AND (EQ aux_1 a_1) + (AND (EQ aux_2 l_0_0) + (AND (EQ aux_3 h_0) + (AND (EQ aux_4 intP_intM_a_0_2_at_L) (EQ aux_5 intP_intM_a_0_2_at_L))))))))) + (OR + (EXISTS (intP_intM_a_0_2_at_L2) + (EXISTS (intP_intM_a_0_2_at_L1) + (EXISTS (a_2) + (EXISTS (l_1) + (EXISTS (h_1) + (AND + (EQ (Permut + a_2 l_1 h_1 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (AND (EQ aux_1 a_2) + (AND (EQ aux_2 l_1) + (AND (EQ aux_3 h_1) + (AND (EQ aux_4 intP_intM_a_0_2_at_L1) (EQ aux_5 intP_intM_a_0_2_at_L2))))))))))) + (OR + (EXISTS (intP_intM_a_0_2_at_L3) + (EXISTS (intP_intM_a_0_2_at_L2) + (EXISTS (intP_intM_a_0_2_at_L1) + (EXISTS (a_3) + (EXISTS (l_2) + (EXISTS (h_2) + (AND + (AND + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L2) |@true|)) + (AND (EQ aux_1 a_3) + (AND (EQ aux_2 l_2) + (AND (EQ aux_3 h_2) + (AND (EQ aux_4 intP_intM_a_0_2_at_L3) (EQ aux_5 intP_intM_a_0_2_at_L1)))))))))))) + (EXISTS (intP_intM_a_0_2_at_L2) + (EXISTS (intP_intM_a_0_2_at_L1) + (EXISTS (a_4) + (EXISTS (l_3) + (EXISTS (h_3) + (EXISTS (i_0_0) + (EXISTS (j_0_0) + (AND + (AND (<= l_3 i_0_0) + (AND (<= i_0_0 h_3) + (AND (<= l_3 j_0_0) + (AND (<= j_0_0 h_3) + (Swap a_4 i_0_0 j_0_0 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1))))) + (AND (EQ aux_1 a_4) + (AND (EQ aux_2 l_3) + (AND (EQ aux_3 h_3) + (AND (EQ aux_4 intP_intM_a_0_2_at_L2) (EQ aux_5 intP_intM_a_0_2_at_L1))))))))))))))))))) + +(BG_PUSH + ;; Why axiom Permut_refl + (FORALL (intP_intM_a_0_2_at_L a_1 l_0_0 h_0) + (EQ (Permut + a_1 l_0_0 h_0 intP_intM_a_0_2_at_L intP_intM_a_0_2_at_L) |@true|))) + +(BG_PUSH + ;; Why axiom Permut_sym + (FORALL (intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1 a_2 l_1 h_1) + (IMPLIES + (EQ (Permut + a_2 l_1 h_1 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (EQ (Permut + a_2 l_1 h_1 intP_intM_a_0_2_at_L1 intP_intM_a_0_2_at_L2) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_trans + (FORALL (intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1 a_3 l_2 h_2) + (IMPLIES + (AND + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L2) |@true|)) + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L1) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_swap + (FORALL (intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1 a_4 l_3 h_3 i_0_0 j_0_0) + (IMPLIES + (AND (<= l_3 i_0_0) + (AND (<= i_0_0 h_3) + (AND (<= l_3 j_0_0) + (AND (<= j_0_0 h_3) + (Swap a_4 i_0_0 j_0_0 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1))))) + (EQ (Permut + a_4 l_3 h_3 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|)))) + +(DEFPRED (Sorted a_5 l_4 h_4 intP_intM_a_5_3_at_L) + (FORALL (i_1 j_1) + (IMPLIES (AND (<= l_4 i_1) (AND (<= i_1 j_1) (< j_1 h_4))) + (<= (select intP_intM_a_5_3_at_L (shift a_5 i_1)) (select + intP_intM_a_5_3_at_L + (shift a_5 j_1)))))) + +(BG_PUSH + ;; Why axiom charP_int + (EQ (int_of_tag charP_tag) 1)) + +(BG_PUSH + ;; Why axiom charP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (charP_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom charP_parenttag_bottom + (EQ (parenttag charP_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom charP_tags + (FORALL (x charP_tag_table) (instanceof charP_tag_table x charP_tag))) + +(BG_PUSH + ;; Why axiom intP_int + (EQ (int_of_tag intP_tag) 1)) + +(BG_PUSH + ;; Why axiom intP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (intP_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom intP_parenttag_bottom + (EQ (parenttag intP_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom intP_tags + (FORALL (x intP_tag_table) (instanceof intP_tag_table x intP_tag))) + +(DEFPRED (left_valid_struct_charP p a charP_alloc_table) + (<= (offset_min charP_alloc_table p) a)) + +(DEFPRED (left_valid_struct_intP p a intP_alloc_table) + (<= (offset_min intP_alloc_table p) a)) + +(DEFPRED (left_valid_struct_voidP p a voidP_alloc_table) + (<= (offset_min voidP_alloc_table p) a)) + +(BG_PUSH + ;; Why axiom pointer_addr_of_charP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (charP_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_intP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (intP_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_voidP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (voidP_of_pointer_address p))))) + +(DEFPRED (right_valid_struct_charP p b charP_alloc_table) + (>= (offset_max charP_alloc_table p) b)) + +(DEFPRED (right_valid_struct_intP p b intP_alloc_table) + (>= (offset_max intP_alloc_table p) b)) + +(DEFPRED (right_valid_struct_voidP p b voidP_alloc_table) + (>= (offset_max voidP_alloc_table p) b)) + +(DEFPRED (strict_valid_root_charP p a b charP_alloc_table) + (AND (EQ (offset_min charP_alloc_table p) a) + (EQ (offset_max charP_alloc_table p) b))) + +(DEFPRED (strict_valid_root_intP p a b intP_alloc_table) + (AND (EQ (offset_min intP_alloc_table p) a) + (EQ (offset_max intP_alloc_table p) b))) + +(DEFPRED (strict_valid_root_voidP p a b voidP_alloc_table) + (AND (EQ (offset_min voidP_alloc_table p) a) + (EQ (offset_max voidP_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_charP p a b charP_alloc_table) + (AND (EQ (offset_min charP_alloc_table p) a) + (EQ (offset_max charP_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_intP p a b intP_alloc_table) + (AND (EQ (offset_min intP_alloc_table p) a) + (EQ (offset_max intP_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_voidP p a b voidP_alloc_table) + (AND (EQ (offset_min voidP_alloc_table p) a) + (EQ (offset_max voidP_alloc_table p) b))) + +(DEFPRED (valid_root_charP p a b charP_alloc_table) + (AND (<= (offset_min charP_alloc_table p) a) + (>= (offset_max charP_alloc_table p) b))) + +(DEFPRED (valid_root_intP p a b intP_alloc_table) + (AND (<= (offset_min intP_alloc_table p) a) + (>= (offset_max intP_alloc_table p) b))) + +(DEFPRED (valid_root_voidP p a b voidP_alloc_table) + (AND (<= (offset_min voidP_alloc_table p) a) + (>= (offset_max voidP_alloc_table p) b))) + +(DEFPRED (valid_struct_charP p a b charP_alloc_table) + (AND (<= (offset_min charP_alloc_table p) a) + (>= (offset_max charP_alloc_table p) b))) + +(DEFPRED (valid_struct_intP p a b intP_alloc_table) + (AND (<= (offset_min intP_alloc_table p) a) + (>= (offset_max intP_alloc_table p) b))) + +(DEFPRED (valid_struct_voidP p a b voidP_alloc_table) + (AND (<= (offset_min voidP_alloc_table p) a) + (>= (offset_max voidP_alloc_table p) b))) + +(BG_PUSH + ;; Why axiom voidP_int + (EQ (int_of_tag voidP_tag) 1)) + +(BG_PUSH + ;; Why axiom voidP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (voidP_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom voidP_parenttag_bottom + (EQ (parenttag voidP_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom voidP_tags + (FORALL (x voidP_tag_table) (instanceof voidP_tag_table x voidP_tag))) + +;; quick_rec_ensures_default_po_1, File "HOME/tests/c/quick_sort.c", line 57, characters 5-14 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (>= l_0 r) +(not_assigns +intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5 (pset_range + (pset_singleton t) l_0 r))))))))) + +;; quick_rec_ensures_default_po_2, File "HOME/tests/c/quick_sort.c", line 68, characters 21-30 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) (EQ (select intP_intM_t_5 (shift t l_0)) v)))))))))))))))) + +;; quick_rec_ensures_default_po_3, File "HOME/tests/c/quick_sort.c", line 68, characters 34-40 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) (IMPLIES (EQ i_0_1 (+ l_0 1)) (<= l_0 m)))))))))))))))) + +;; quick_rec_ensures_default_po_4, File "HOME/tests/c/quick_sort.c", line 68, characters 39-44 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) (IMPLIES (EQ i_0_1 (+ l_0 1)) (< m i_0_1)))))))))))))))) + +;; quick_rec_ensures_default_po_5, File "HOME/tests/c/quick_sort.c", line 68, characters 43-51 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) (IMPLIES (EQ i_0_1 (+ l_0 1)) (<= i_0_1 (+ r 1))))))))))))))))) + +;; quick_rec_ensures_default_po_6, File "HOME/tests/c/quick_sort.c", line 67, characters 8-31 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(EQ (Permut t l_0 r intP_intM_t_5 intP_intM_t_5) |@true|)))))))))))))))) + +;; quick_rec_ensures_default_po_7, File "HOME/tests/c/quick_sort.c", line 65, characters 8-50 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (j_3) +(IMPLIES (AND (< m j_3) (< j_3 i_0_1)) +(>= (select intP_intM_t_5 (shift t j_3)) v)))))))))))))))))) + +;; quick_rec_ensures_default_po_8, File "HOME/tests/c/quick_sort.c", line 63, characters 8-50 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (j_2) +(IMPLIES (AND (< l_0 j_2) (<= j_2 m)) +(< (select intP_intM_t_5 (shift t j_2)) v)))))))))))))))))) + +;; quick_rec_ensures_default_po_9, File "HOME/tests/c/quick_sort.jessie/quick_sort.jc", line 124, characters 6-1398 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(not_assigns +intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5 (pset_range + (pset_singleton t) l_0 r))))))))))))))))) + +;; quick_rec_ensures_default_po_10, File "HOME/tests/c/quick_sort.c", line 75, characters 17-39 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|)))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_11, File "HOME/tests/c/quick_sort.c", line 68, characters 21-30 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(EQ (select intP_intM_t_5_1 (shift t l_0)) v))))))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_12, File "HOME/tests/c/quick_sort.c", line 68, characters 34-40 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (<= l_0 m1))))))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_13, File "HOME/tests/c/quick_sort.c", line 68, characters 39-44 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (< m1 i_0_1_1))))))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_14, File "HOME/tests/c/quick_sort.c", line 68, characters 43-51 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (<= i_0_1_1 (+ r 1)))))))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_15, File "HOME/tests/c/quick_sort.c", line 67, characters 8-31 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5) |@true|))))))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_16, File "HOME/tests/c/quick_sort.c", line 65, characters 8-50 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(FORALL (j_3) +(IMPLIES (AND (< m1 j_3) (< j_3 i_0_1_1)) +(>= (select intP_intM_t_5_1 (shift t j_3)) v))))))))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_17, File "HOME/tests/c/quick_sort.c", line 63, characters 8-50 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(FORALL (j_2) +(IMPLIES (AND (< l_0 j_2) (<= j_2 m1)) +(< (select intP_intM_t_5_1 (shift t j_2)) v))))))))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_18, File "HOME/tests/c/quick_sort.jessie/quick_sort.jc", line 124, characters 6-1398 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(not_assigns +intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_1 (pset_range + (pset_singleton t) l_0 r)))))))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_19, File "HOME/tests/c/quick_sort.c", line 68, characters 21-30 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (>= result0 v) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(EQ (select intP_intM_t_5_0 (shift t l_0)) v)))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_20, File "HOME/tests/c/quick_sort.c", line 68, characters 34-40 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (>= result0 v) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (<= l_0 m0)))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_21, File "HOME/tests/c/quick_sort.c", line 68, characters 39-44 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (>= result0 v) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (< m0 i_0_1_1)))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_22, File "HOME/tests/c/quick_sort.c", line 68, characters 43-51 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (>= result0 v) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (<= i_0_1_1 (+ r 1))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_23, File "HOME/tests/c/quick_sort.c", line 67, characters 8-31 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (>= result0 v) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|)))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_24, File "HOME/tests/c/quick_sort.c", line 65, characters 8-50 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (>= result0 v) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(FORALL (j_3) +(IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_1)) +(>= (select intP_intM_t_5_0 (shift t j_3)) v)))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_25, File "HOME/tests/c/quick_sort.c", line 63, characters 8-50 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (<= i_0_1_0 r) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (>= result0 v) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(FORALL (j_2) +(IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) +(< (select intP_intM_t_5_0 (shift t j_2)) v)))))))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_26, File "HOME/tests/c/quick_sort.c", line 78, characters 13-19 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (> i_0_1_0 r) (<= l_0 m0))))))))))))))))))))) + +;; quick_rec_ensures_default_po_27, File "HOME/tests/c/quick_sort.c", line 78, characters 18-24 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (> i_0_1_0 r) (<= m0 r))))))))))))))))))))) + +;; quick_rec_ensures_default_po_28, File "HOME/tests/c/quick_sort.c", line 80, characters 13-34 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t l_0 m0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m0 m0) + (pset_range + (pset_singleton + t) l_0 l_0)))) +(EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|)))))))))))))))))))))))) + +;; quick_rec_ensures_default_po_29, File "HOME/tests/c/quick_sort.c", line 57, characters 5-14 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES (AND + (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_range + (pset_singleton + t) l_0 r))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t l_0 m0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m0 m0) + (pset_range + (pset_singleton + t) l_0 l_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (intP_intM_t_5_2) +(IMPLIES (AND + (EQ (Permut t l_0 (- m0 1) intP_intM_t_5_2 intP_intM_t_5_1) |@true|) + (AND (Sorted t l_0 (+ (- m0 1) 1) intP_intM_t_5_2) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_1 intP_intM_t_5_2 (pset_range + (pset_singleton + t) l_0 + (- m0 1))))) +(FORALL (intP_intM_t_5_3) +(IMPLIES (AND + (EQ (Permut t (+ m0 1) r intP_intM_t_5_3 intP_intM_t_5_2) |@true|) + (AND (Sorted t (+ m0 1) (+ r 1) intP_intM_t_5_3) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_2 intP_intM_t_5_3 (pset_range + (pset_singleton + t) (+ m0 1) r)))) +(not_assigns +intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_3 (pset_range + (pset_singleton t) l_0 r)))))))))))))))))))))))))))))) + +;; quick_rec_ensures_permutation_po_1, File "HOME/tests/c/quick_sort.c", line 55, characters 14-37 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (>= l_0 r) +(EQ (Permut t l_0 r intP_intM_t_5 intP_intM_t_5) |@true|)))))))) + +;; quick_rec_ensures_permutation_po_2, File "HOME/tests/c/quick_sort.c", line 55, characters 14-37 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t l_0 m0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m0 m0) + (pset_range + (pset_singleton + t) l_0 l_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (intP_intM_t_5_2) +(IMPLIES (AND + (EQ (Permut t l_0 (- m0 1) intP_intM_t_5_2 intP_intM_t_5_1) |@true|) + (AND (Sorted t l_0 (+ (- m0 1) 1) intP_intM_t_5_2) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_1 intP_intM_t_5_2 (pset_range + (pset_singleton + t) l_0 + (- m0 1))))) +(FORALL (intP_intM_t_5_3) +(IMPLIES (AND + (EQ (Permut t (+ m0 1) r intP_intM_t_5_3 intP_intM_t_5_2) |@true|) + (AND (Sorted t (+ m0 1) (+ r 1) intP_intM_t_5_3) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_2 intP_intM_t_5_3 (pset_range + (pset_singleton + t) (+ m0 1) r)))) +(EQ (Permut t l_0 r intP_intM_t_5_3 intP_intM_t_5) |@true|)))))))))))))))))))))))))))))) + +;; quick_rec_ensures_sorted_po_1, File "HOME/tests/c/quick_sort.c", line 53, characters 14-29 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (>= l_0 r) (Sorted t l_0 (+ r 1) intP_intM_t_5)))))))) + +;; quick_rec_ensures_sorted_po_2, File "HOME/tests/c/quick_sort.c", line 53, characters 14-29 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t l_0 m0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m0 m0) + (pset_range + (pset_singleton + t) l_0 l_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (intP_intM_t_5_2) +(IMPLIES (AND + (EQ (Permut t l_0 (- m0 1) intP_intM_t_5_2 intP_intM_t_5_1) |@true|) + (AND (Sorted t l_0 (+ (- m0 1) 1) intP_intM_t_5_2) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_1 intP_intM_t_5_2 (pset_range + (pset_singleton + t) l_0 + (- m0 1))))) +(FORALL (intP_intM_t_5_3) +(IMPLIES (AND + (EQ (Permut t (+ m0 1) r intP_intM_t_5_3 intP_intM_t_5_2) |@true|) + (AND (Sorted t (+ m0 1) (+ r 1) intP_intM_t_5_3) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_2 intP_intM_t_5_3 (pset_range + (pset_singleton + t) (+ m0 1) r)))) +(Sorted t l_0 (+ r 1) intP_intM_t_5_3)))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_1, File "HOME/tests/c/quick_sort.c", line 60, characters 6-10 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) (<= l_0 (offset_max intP_t_5_alloc_table t)))))))) + +;; quick_rec_safety_po_2, File "HOME/tests/c/quick_sort.c", line 72, characters 8-12 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (<= i_0_1_0 r) (<= (offset_min intP_t_5_alloc_table t) i_0_1_0))))))))))))))))))))))) + +;; quick_rec_safety_po_3, File "HOME/tests/c/quick_sort.c", line 72, characters 8-12 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (<= i_0_1_0 r) (<= i_0_1_0 (offset_max intP_t_5_alloc_table t)))))))))))))))))))))))) + +;; quick_rec_safety_po_4, File "HOME/tests/c/quick_sort.jessie/quick_sort.jc", line 151, characters 29-44 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (<= i_0_1_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) (>= (offset_max intP_t_5_alloc_table t) i_0_1_0))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_5, File "HOME/tests/c/quick_sort.jessie/quick_sort.jc", line 151, characters 29-44 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (<= i_0_1_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) (<= (offset_min intP_t_5_alloc_table t) m1))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_6, File "HOME/tests/c/quick_sort.jessie/quick_sort.jc", line 151, characters 29-44 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (<= i_0_1_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) (>= (offset_max intP_t_5_alloc_table t) m1))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_7, File "HOME/tests/c/quick_sort.c", line 69, characters 19-22 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (<= i_0_1_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (AND (>= (offset_max intP_t_5_alloc_table t) i_0_1_0) + (AND (<= (offset_min intP_t_5_alloc_table t) m1) + (>= (offset_max intP_t_5_alloc_table t) m1)))) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (<= 0 (- r i_0_1_0)))))))))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_8, File "HOME/tests/c/quick_sort.c", line 69, characters 19-22 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (<= i_0_1_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (< result0 v) +(FORALL (m1) +(IMPLIES (EQ m1 (+ m0 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (AND (>= (offset_max intP_t_5_alloc_table t) i_0_1_0) + (AND (<= (offset_min intP_t_5_alloc_table t) m1) + (>= (offset_max intP_t_5_alloc_table t) m1)))) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 m1 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m1 m1) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (< (- r i_0_1_1) (- r i_0_1_0)))))))))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_9, File "HOME/tests/c/quick_sort.c", line 69, characters 19-22 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (<= i_0_1_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (>= result0 v) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (<= 0 (- r i_0_1_0)))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_10, File "HOME/tests/c/quick_sort.c", line 69, characters 19-22 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (<= i_0_1_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t i_0_1_0))) +(IMPLIES (>= result0 v) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (< (- r i_0_1_1) (- r i_0_1_0)))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_11, File "HOME/tests/c/quick_sort.c", line 79, characters 4-15 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(>= (offset_max intP_t_5_alloc_table t) l_0)))))))))))))))))))))))) + +;; quick_rec_safety_po_12, File "HOME/tests/c/quick_sort.c", line 79, characters 4-15 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(<= (offset_min intP_t_5_alloc_table t) m0)))))))))))))))))))))))) + +;; quick_rec_safety_po_13, File "HOME/tests/c/quick_sort.c", line 79, characters 4-15 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(>= (offset_max intP_t_5_alloc_table t) m0)))))))))))))))))))))))) + +;; quick_rec_safety_po_14, File "why/quick_sort.why", line 821, characters 12-100 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (AND (>= (offset_max intP_t_5_alloc_table t) l_0) + (AND (<= (offset_min intP_t_5_alloc_table t) m0) + (>= (offset_max intP_t_5_alloc_table t) m0)))) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t l_0 m0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m0 m0) + (pset_range + (pset_singleton + t) l_0 l_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(<= 0 (- r l_0))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_15, File "why/quick_sort.why", line 821, characters 12-100 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (AND (>= (offset_max intP_t_5_alloc_table t) l_0) + (AND (<= (offset_min intP_t_5_alloc_table t) m0) + (>= (offset_max intP_t_5_alloc_table t) m0)))) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t l_0 m0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m0 m0) + (pset_range + (pset_singleton + t) l_0 l_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(< (- (- m0 1) l_0) (- r l_0))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_16, File "HOME/tests/c/quick_sort.jessie/quick_sort.jc", line 176, characters 14-47 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (AND (>= (offset_max intP_t_5_alloc_table t) l_0) + (AND (<= (offset_min intP_t_5_alloc_table t) m0) + (>= (offset_max intP_t_5_alloc_table t) m0)))) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t l_0 m0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m0 m0) + (pset_range + (pset_singleton + t) l_0 l_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(>= (offset_max intP_t_5_alloc_table t) (- m0 1))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_17, File "why/quick_sort.why", line 831, characters 12-100 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (AND (>= (offset_max intP_t_5_alloc_table t) l_0) + (AND (<= (offset_min intP_t_5_alloc_table t) m0) + (>= (offset_max intP_t_5_alloc_table t) m0)))) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t l_0 m0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m0 m0) + (pset_range + (pset_singleton + t) l_0 l_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) (- m0 1))) +(FORALL (intP_intM_t_5_2) +(IMPLIES (AND + (EQ (Permut t l_0 (- m0 1) intP_intM_t_5_2 intP_intM_t_5_1) |@true|) + (AND (Sorted t l_0 (+ (- m0 1) 1) intP_intM_t_5_2) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_1 intP_intM_t_5_2 (pset_range + (pset_singleton + t) l_0 + (- m0 1))))) +(<= 0 (- r l_0)))))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_18, File "why/quick_sort.why", line 831, characters 12-100 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (AND (>= (offset_max intP_t_5_alloc_table t) l_0) + (AND (<= (offset_min intP_t_5_alloc_table t) m0) + (>= (offset_max intP_t_5_alloc_table t) m0)))) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t l_0 m0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m0 m0) + (pset_range + (pset_singleton + t) l_0 l_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) (- m0 1))) +(FORALL (intP_intM_t_5_2) +(IMPLIES (AND + (EQ (Permut t l_0 (- m0 1) intP_intM_t_5_2 intP_intM_t_5_1) |@true|) + (AND (Sorted t l_0 (+ (- m0 1) 1) intP_intM_t_5_2) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_1 intP_intM_t_5_2 (pset_range + (pset_singleton + t) l_0 + (- m0 1))))) +(< (- r (+ m0 1)) (- r l_0)))))))))))))))))))))))))))))))) + +;; quick_rec_safety_po_19, File "HOME/tests/c/quick_sort.jessie/quick_sort.jc", line 177, characters 14-47 +(FORALL (t) +(FORALL (l_0) +(FORALL (r) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) r)) +(IMPLIES (< l_0 r) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (<= l_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t l_0))) +(FORALL (v) +(IMPLIES (EQ v result) +(FORALL (m) +(IMPLIES (EQ m l_0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 (+ l_0 1)) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(FORALL (m0) +(IMPLIES TRUE +(IMPLIES (AND + (AND (EQ (select intP_intM_t_5_0 (shift t l_0)) v) + (AND (<= l_0 m0) (AND (< m0 i_0_1_0) (<= i_0_1_0 (+ r 1))))) + (AND (EQ (Permut t l_0 r intP_intM_t_5_0 intP_intM_t_5) |@true|) + (AND + (FORALL (j_3) + (IMPLIES (AND (< m0 j_3) (< j_3 i_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t j_3)) v))) + (FORALL (j_2) + (IMPLIES (AND (< l_0 j_2) (<= j_2 m0)) + (< (select intP_intM_t_5_0 (shift t j_2)) v)))))) +(IMPLIES (> i_0_1_0 r) +(IMPLIES (AND (<= l_0 m0) (<= m0 r)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (AND (>= (offset_max intP_t_5_alloc_table t) l_0) + (AND (<= (offset_min intP_t_5_alloc_table t) m0) + (>= (offset_max intP_t_5_alloc_table t) m0)))) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t l_0 m0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) m0 m0) + (pset_range + (pset_singleton + t) l_0 l_0)))) +(IMPLIES (EQ (Permut t l_0 r intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) l_0) + (>= (offset_max intP_t_5_alloc_table t) (- m0 1))) +(FORALL (intP_intM_t_5_2) +(IMPLIES (AND + (EQ (Permut t l_0 (- m0 1) intP_intM_t_5_2 intP_intM_t_5_1) |@true|) + (AND (Sorted t l_0 (+ (- m0 1) 1) intP_intM_t_5_2) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_1 intP_intM_t_5_2 (pset_range + (pset_singleton + t) l_0 + (- m0 1))))) +(<= (offset_min intP_t_5_alloc_table t) (+ m0 1)))))))))))))))))))))))))))))))) + +;; quick_sort_ensures_sorted_po_1, File "HOME/tests/c/quick_sort.c", line 87, characters 14-27 +(FORALL (t_0) +(FORALL (n) +(FORALL (intP_t_0_6_alloc_table) +(FORALL (intP_intM_t_0_6) +(IMPLIES (AND (<= (offset_min intP_t_0_6_alloc_table t_0) 0) + (>= (offset_max intP_t_0_6_alloc_table t_0) (- n 1))) +(FORALL (intP_intM_t_0_6_0) +(IMPLIES (AND + (EQ (Permut + t_0 0 (- n 1) intP_intM_t_0_6_0 intP_intM_t_0_6) |@true|) + (AND (Sorted t_0 0 (+ (- n 1) 1) intP_intM_t_0_6_0) + (not_assigns + intP_t_0_6_alloc_table intP_intM_t_0_6 intP_intM_t_0_6_0 (pset_range + (pset_singleton + t_0) 0 + (- n 1))))) +(Sorted t_0 0 n intP_intM_t_0_6_0)))))))) + +;; swap_ensures_default_po_1, File "HOME/tests/c/quick_sort.c", line 40, characters 12-33 +(FORALL (t_1) +(FORALL (i_0) +(FORALL (j_0) +(FORALL (intP_t_1_4_alloc_table) +(FORALL (intP_intM_t_1_4) +(IMPLIES (AND (<= (offset_min intP_t_1_4_alloc_table t_1) i_0) + (AND (>= (offset_max intP_t_1_4_alloc_table t_1) i_0) + (AND (<= (offset_min intP_t_1_4_alloc_table t_1) j_0) + (>= (offset_max intP_t_1_4_alloc_table t_1) j_0)))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_1_4 (shift t_1 i_0))) +(FORALL (tmp) +(IMPLIES (EQ tmp result) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_1_4 (shift t_1 j_0))) +(FORALL (intP_intM_t_1_4_0) +(IMPLIES (EQ intP_intM_t_1_4_0 + (|why__store| intP_intM_t_1_4 (shift t_1 i_0) result0)) +(FORALL (intP_intM_t_1_4_1) +(IMPLIES (EQ intP_intM_t_1_4_1 + (|why__store| intP_intM_t_1_4_0 (shift t_1 j_0) tmp)) +(Swap t_1 i_0 j_0 intP_intM_t_1_4_1 intP_intM_t_1_4))))))))))))))))) + +;; swap_ensures_default_po_2, File "HOME/tests/c/quick_sort.c", line 42, characters 5-9 +(FORALL (t_1) +(FORALL (i_0) +(FORALL (j_0) +(FORALL (intP_t_1_4_alloc_table) +(FORALL (intP_intM_t_1_4) +(IMPLIES (AND (<= (offset_min intP_t_1_4_alloc_table t_1) i_0) + (AND (>= (offset_max intP_t_1_4_alloc_table t_1) i_0) + (AND (<= (offset_min intP_t_1_4_alloc_table t_1) j_0) + (>= (offset_max intP_t_1_4_alloc_table t_1) j_0)))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_1_4 (shift t_1 i_0))) +(FORALL (tmp) +(IMPLIES (EQ tmp result) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_1_4 (shift t_1 j_0))) +(FORALL (intP_intM_t_1_4_0) +(IMPLIES (EQ intP_intM_t_1_4_0 + (|why__store| intP_intM_t_1_4 (shift t_1 i_0) result0)) +(FORALL (intP_intM_t_1_4_1) +(IMPLIES (EQ intP_intM_t_1_4_1 + (|why__store| intP_intM_t_1_4_0 (shift t_1 j_0) tmp)) +(not_assigns +intP_t_1_4_alloc_table intP_intM_t_1_4 intP_intM_t_1_4_1 (pset_union + (pset_range + (pset_singleton t_1) j_0 j_0) + (pset_range + (pset_singleton t_1) i_0 i_0))))))))))))))))))) + +;; swap_safety_po_1, File "HOME/tests/c/quick_sort.c", line 43, characters 12-16 +(FORALL (t_1) +(FORALL (i_0) +(FORALL (j_0) +(FORALL (intP_t_1_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_1_4_alloc_table t_1) i_0) + (AND (>= (offset_max intP_t_1_4_alloc_table t_1) i_0) + (AND (<= (offset_min intP_t_1_4_alloc_table t_1) j_0) + (>= (offset_max intP_t_1_4_alloc_table t_1) j_0)))) +(<= i_0 (offset_max intP_t_1_4_alloc_table t_1))))))) + +;; swap_safety_po_2, File "HOME/tests/c/quick_sort.c", line 44, characters 9-13 +(FORALL (t_1) +(FORALL (i_0) +(FORALL (j_0) +(FORALL (intP_t_1_4_alloc_table) +(FORALL (intP_intM_t_1_4) +(IMPLIES (AND (<= (offset_min intP_t_1_4_alloc_table t_1) i_0) + (AND (>= (offset_max intP_t_1_4_alloc_table t_1) i_0) + (AND (<= (offset_min intP_t_1_4_alloc_table t_1) j_0) + (>= (offset_max intP_t_1_4_alloc_table t_1) j_0)))) +(IMPLIES (AND (<= (offset_min intP_t_1_4_alloc_table t_1) i_0) + (<= i_0 (offset_max intP_t_1_4_alloc_table t_1))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_1_4 (shift t_1 i_0))) +(FORALL (tmp) +(IMPLIES (EQ tmp result) (<= (offset_min intP_t_1_4_alloc_table t_1) j_0)))))))))))) + +;; swap_safety_po_3, File "HOME/tests/c/quick_sort.c", line 44, characters 9-13 +(FORALL (t_1) +(FORALL (i_0) +(FORALL (j_0) +(FORALL (intP_t_1_4_alloc_table) +(FORALL (intP_intM_t_1_4) +(IMPLIES (AND (<= (offset_min intP_t_1_4_alloc_table t_1) i_0) + (AND (>= (offset_max intP_t_1_4_alloc_table t_1) i_0) + (AND (<= (offset_min intP_t_1_4_alloc_table t_1) j_0) + (>= (offset_max intP_t_1_4_alloc_table t_1) j_0)))) +(IMPLIES (AND (<= (offset_min intP_t_1_4_alloc_table t_1) i_0) + (<= i_0 (offset_max intP_t_1_4_alloc_table t_1))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_1_4 (shift t_1 i_0))) +(FORALL (tmp) +(IMPLIES (EQ tmp result) (<= j_0 (offset_max intP_t_1_4_alloc_table t_1))))))))))))) + +========== running Simplify ========== +Running Simplify on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +simplify/quick_sort_why.sx : ..............................?.#......................... (56/0/1/1/0) +total : 58 +valid : 56 ( 97%) +invalid : 0 ( 0%) +unknown : 1 ( 2%) +timeout : 1 ( 2%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/rec.res.oracle why-2.30+dfsg/tests/c/oracle/rec.res.oracle --- why-2.29+dfsg/tests/c/oracle/rec.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/rec.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,3015 @@ +========== file tests/c/rec.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +//@ logic integer sum_upto(integer n) = n*(n+1) / 2; + +/*@ lemma sum_rec: \forall integer n; n >=0 ==> + @ sum_upto(n+1) == sum_upto(n)+n+1; + @*/ + +/*@ requires x >= 0; + @ requires x <= 1000; + @ decreases x; + @ ensures \result == sum_upto(x); + @*/ +long sum(int x) { + if (x == 0) return 0; + else return x + sum (x-1); +} + + +/*@ ensures \result == 36; + @*/ +long main () { + long i = sum(8); + return i; +} + + + +/*@ decreases 101-n ; + @ behavior less_than_101: + @ assumes n <= 100; + @ ensures \result == 91; + @ behavior greater_than_100: + @ assumes n >= 101; + @ ensures \result == n - 10; + @*/ +int f91(int n) { + if (n <= 100) { + return f91(f91(n + 11)); + } + else + return n - 10; +} + +/* +Local Variables: +compile-command: "make rec.why3ml" +End: +*/ + + +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/rec.c" +[jessie] Starting Jessie translation +[jessie] Producing Jessie files in subdir tests/c/rec.jessie +[jessie] File tests/c/rec.jessie/rec.jc written. +[jessie] File tests/c/rec.jessie/rec.cloc written. +========== file tests/c/rec.jessie/rec.jc ========== +# IntModel = bounded +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +type int8 = -128..127 + +type int32 = -2147483648..2147483647 + +tag charP = { + int8 charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +logic integer sum_upto(integer n) = +((n * (n + 1)) / 2) + +lemma sum_rec : +(\forall integer n_0; + ((n_0 >= 0) ==> (sum_upto((n_0 + 1)) == ((sum_upto(n_0) + n_0) + 1)))) + +int32 sum(int32 x) + requires (C_12 : (x >= 0)); + requires (C_11 : (x <= 1000)); + decreases (C_13 : x); +behavior default: + ensures (C_10 : (\result == sum_upto(\at(x,Old)))); +{ + (var int32 tmp); + + (var int32 __retres); + + { (if (x == 0) then + { (C_9 : (__retres = 0)); + + (goto return_label) + } else + { (C_4 : (tmp = (C_3 : sum((C_2 : ((C_1 : (x - 1)) :> int32)))))); + (C_8 : (__retres = (C_7 : ((C_6 : ((C_5 : (x :> int32)) + tmp)) :> int32)))); + + (goto return_label) + }); + (return_label : + (return __retres)) + } +} + +int32 main() +behavior default: + ensures (C_16 : (\result == 36)); +{ + (var int32 i); + + { (C_15 : (i = (C_14 : sum(8)))); + + (return i) + } +} + +int32 f91(int32 n) + decreases (C_30 : (101 - n)); +behavior default: + ensures (C_27 : true); +behavior less_than_101: + assumes (n <= 100); + ensures (C_28 : (\result == 91)); +behavior greater_than_100: + assumes (n >= 101); + ensures (C_29 : (\result == (\at(n,Old) - 10))); +{ + (var int32 tmp_0); + + (var int32 tmp_0_0); + + (var int32 __retres_0); + + { (if (n <= 100) then + { + { (C_23 : (tmp_0 = (C_22 : f91((C_21 : ((C_20 : (n + 11)) :> int32)))))); + (C_25 : (tmp_0_0 = (C_24 : f91(tmp_0)))) + }; + (C_26 : (__retres_0 = tmp_0_0)); + + (goto return_label) + } else + { (C_19 : (__retres_0 = (C_18 : ((C_17 : (n - 10)) :> int32)))); + + (goto return_label) + }); + (return_label : + (return __retres_0)) + } +} +========== file tests/c/rec.jessie/rec.cloc ========== +[sum] +name = "Function sum" +file = "HOME/tests/c/rec.c" +line = 43 +begin = 5 +end = 8 + +[main] +name = "Function main" +file = "HOME/tests/c/rec.c" +line = 51 +begin = 5 +end = 9 + +[f91] +name = "Function f91" +file = "HOME/tests/c/rec.c" +line = 66 +begin = 4 +end = 7 + +[C_10] +file = "HOME/tests/c/rec.c" +line = 41 +begin = 12 +end = 34 + +[C_11] +file = "HOME/tests/c/rec.c" +line = 39 +begin = 13 +end = 22 + +[C_12] +file = "HOME/tests/c/rec.c" +line = 38 +begin = 13 +end = 19 + +[C_13] +file = "HOME/tests/c/rec.c" +line = 40 +begin = 14 +end = 15 + +[C_14] +file = "HOME/tests/c/rec.c" +line = 52 +begin = 11 +end = 17 + +[C_15] +file = "HOME/tests/c/rec.c" +line = 52 +begin = 11 +end = 17 + +[C_16] +file = "HOME/tests/c/rec.c" +line = 49 +begin = 12 +end = 25 + +[C_17] +file = "HOME/tests/c/rec.c" +line = 71 +begin = 11 +end = 17 + +[C_18] +file = "HOME/tests/c/rec.c" +line = 71 +begin = 11 +end = 17 + +[C_19] +file = "HOME/tests/c/rec.c" +line = 71 +begin = 4 +end = 18 + +[C_1] +file = "HOME/tests/c/rec.c" +line = 45 +begin = 23 +end = 26 + +[C_2] +file = "HOME/tests/c/rec.c" +line = 45 +begin = 23 +end = 26 + +[C_3] +file = "HOME/tests/c/rec.c" +line = 45 +begin = 18 +end = 27 + +[C_4] +file = "HOME/tests/c/rec.c" +line = 45 +begin = 18 +end = 27 + +[sum_rec] +name = "Lemma sum_rec" +file = "HOME/tests/c/rec.c" +line = 34 +begin = 4 +end = 89 + +[C_20] +file = "HOME/tests/c/rec.c" +line = 68 +begin = 19 +end = 25 + +[C_5] +file = "HOME/tests/c/rec.c" +line = 45 +begin = 14 +end = 15 + +[C_21] +file = "HOME/tests/c/rec.c" +line = 68 +begin = 19 +end = 25 + +[C_6] +file = "HOME/tests/c/rec.c" +line = 45 +begin = 14 +end = 27 + +[C_22] +file = "HOME/tests/c/rec.c" +line = 68 +begin = 15 +end = 26 + +[C_7] +file = "HOME/tests/c/rec.c" +line = 45 +begin = 14 +end = 27 + +[C_23] +file = "HOME/tests/c/rec.c" +line = 68 +begin = 15 +end = 26 + +[C_8] +file = "HOME/tests/c/rec.c" +line = 45 +begin = 7 +end = 28 + +[C_24] +file = "HOME/tests/c/rec.c" +line = 68 +begin = 11 +end = 27 + +[C_9] +file = "HOME/tests/c/rec.c" +line = 44 +begin = 14 +end = 23 + +[C_25] +file = "HOME/tests/c/rec.c" +line = 68 +begin = 11 +end = 27 + +[C_26] +file = "HOME/tests/c/rec.c" +line = 68 +begin = 4 +end = 28 + +[C_27] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[C_28] +file = "HOME/tests/c/rec.c" +line = 61 +begin = 14 +end = 27 + +[C_29] +file = "HOME/tests/c/rec.c" +line = 64 +begin = 14 +end = 31 + +[C_30] +file = "HOME/tests/c/rec.c" +line = 58 +begin = 14 +end = 19 + +========== jessie execution ========== +Generating Why function sum +Generating Why function main +Generating Why function f91 +========== file tests/c/rec.jessie/rec.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs rec.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs rec.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/rec_why.sx + +project: why/rec.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/rec_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/rec_why.vo + +coq/rec_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/rec_why.v: why/rec.why + @echo 'why -coq [...] why/rec.why' && $(WHY) $(JESSIELIBFILES) why/rec.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/rec_ctx_why.vo + for f in why/*_po*.why; do make -f rec.makefile coq/`basename $$f .why`_why.v ; done + +coq/rec_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/rec_ctx_why.v: why/rec_ctx.why + @echo 'why -coq [...] why/rec_ctx.why' && $(WHY) why/rec_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export rec_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/rec_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/rec_ctx_why.vo + +pvs: pvs/rec_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/rec_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/rec_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/rec_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/rec_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/rec_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/rec_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/rec_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/rec_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/rec_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/rec_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/rec_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/rec_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/rec_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/rec_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: rec.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/rec_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/rec_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: rec.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include rec.depend + +depend: coq/rec_why.v + -$(COQDEP) -I coq coq/rec*_why.v > rec.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/rec.jessie/rec.loc ========== +[main_ensures_default] +name = "Function main" +behavior = "default behavior" +file = "HOME/tests/c/rec.c" +line = 51 +begin = 5 +end = 9 + +[JC_40] +file = "HOME/tests/c/rec.c" +line = 64 +begin = 14 +end = 31 + +[JC_41] +file = "HOME/tests/c/rec.c" +line = 64 +begin = 14 +end = 31 + +[JC_42] +kind = ArithOverflow +file = "HOME/tests/c/rec.c" +line = 68 +begin = 19 +end = 25 + +[JC_43] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 68 +begin = 15 +end = 26 + +[JC_44] +file = "HOME/tests/c/rec.c" +line = 58 +begin = 14 +end = 19 + +[JC_45] +file = "HOME/tests/c/rec.c" +line = 58 +begin = 14 +end = 19 + +[JC_46] +kind = VarDecr +file = "HOME/tests/c/rec.c" +line = 68 +begin = 15 +end = 26 + +[JC_1] +file = "HOME/tests/c/rec.c" +line = 38 +begin = 13 +end = 19 + +[JC_47] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 68 +begin = 11 +end = 27 + +[JC_2] +file = "HOME/tests/c/rec.c" +line = 39 +begin = 13 +end = 22 + +[JC_48] +file = "HOME/tests/c/rec.c" +line = 58 +begin = 14 +end = 19 + +[JC_3] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_49] +file = "HOME/tests/c/rec.c" +line = 58 +begin = 14 +end = 19 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/tests/c/rec.c" +line = 38 +begin = 13 +end = 19 + +[JC_6] +file = "HOME/tests/c/rec.c" +line = 39 +begin = 13 +end = 22 + +[JC_7] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_9] +file = "HOME/tests/c/rec.c" +line = 41 +begin = 12 +end = 34 + +[JC_50] +kind = VarDecr +file = "HOME/tests/c/rec.c" +line = 68 +begin = 11 +end = 27 + +[JC_51] +kind = ArithOverflow +file = "HOME/tests/c/rec.c" +line = 71 +begin = 11 +end = 17 + +[JC_52] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 68 +begin = 15 +end = 26 + +[JC_53] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 68 +begin = 11 +end = 27 + +[JC_54] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 68 +begin = 15 +end = 26 + +[JC_55] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 68 +begin = 11 +end = 27 + +[JC_56] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 68 +begin = 15 +end = 26 + +[JC_57] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 68 +begin = 11 +end = 27 + +[f91_safety] +name = "Function f91" +behavior = "Safety" +file = "HOME/tests/c/rec.c" +line = 66 +begin = 4 +end = 7 + +[f91_ensures_greater_than_100] +name = "Function f91" +behavior = "Behavior `greater_than_100'" +file = "HOME/tests/c/rec.c" +line = 66 +begin = 4 +end = 7 + +[JC_10] +file = "HOME/tests/c/rec.c" +line = 41 +begin = 12 +end = 34 + +[JC_11] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_13] +kind = ArithOverflow +file = "HOME/tests/c/rec.c" +line = 45 +begin = 23 +end = 26 + +[JC_14] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 45 +begin = 18 +end = 27 + +[sum_rec] +name = "Lemma sum_rec" +behavior = "lemma" +file = "HOME/tests/c/rec.c" +line = 34 +begin = 4 +end = 89 + +[JC_15] +file = "HOME/tests/c/rec.c" +line = 40 +begin = 14 +end = 15 + +[JC_16] +file = "HOME/tests/c/rec.c" +line = 40 +begin = 14 +end = 15 + +[JC_17] +kind = VarDecr +file = "HOME/tests/c/rec.c" +line = 45 +begin = 18 +end = 27 + +[JC_18] +kind = ArithOverflow +file = "HOME/tests/c/rec.c" +line = 45 +begin = 14 +end = 27 + +[JC_19] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 45 +begin = 18 +end = 27 + +[f91_ensures_default] +name = "Function f91" +behavior = "default behavior" +file = "HOME/tests/c/rec.c" +line = 66 +begin = 4 +end = 7 + +[JC_20] +file = "HOME/tests/c/rec.c" +line = 51 +begin = 5 +end = 9 + +[JC_21] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_22] +file = "HOME/tests/c/rec.c" +line = 51 +begin = 5 +end = 9 + +[sum_safety] +name = "Function sum" +behavior = "Safety" +file = "HOME/tests/c/rec.c" +line = 43 +begin = 5 +end = 8 + +[JC_23] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_24] +file = "HOME/tests/c/rec.c" +line = 49 +begin = 12 +end = 25 + +[JC_25] +file = "HOME/tests/c/rec.c" +line = 49 +begin = 12 +end = 25 + +[JC_26] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_27] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_28] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 52 +begin = 11 +end = 17 + +[JC_29] +kind = UserCall +file = "HOME/tests/c/rec.c" +line = 52 +begin = 11 +end = 17 + +[f91_ensures_less_than_101] +name = "Function f91" +behavior = "Behavior `less_than_101'" +file = "HOME/tests/c/rec.c" +line = 66 +begin = 4 +end = 7 + +[JC_30] +file = "HOME/tests/c/rec.c" +line = 66 +begin = 4 +end = 7 + +[JC_31] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_32] +file = "HOME/tests/c/rec.c" +line = 66 +begin = 4 +end = 7 + +[JC_33] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_34] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_35] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[main_safety] +name = "Function main" +behavior = "Safety" +file = "HOME/tests/c/rec.c" +line = 51 +begin = 5 +end = 9 + +[JC_36] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_37] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_38] +file = "HOME/tests/c/rec.c" +line = 61 +begin = 14 +end = 27 + +[JC_39] +file = "HOME/tests/c/rec.c" +line = 61 +begin = 14 +end = 27 + +[sum_ensures_default] +name = "Function sum" +behavior = "default behavior" +file = "HOME/tests/c/rec.c" +line = 43 +begin = 5 +end = 8 + +========== file tests/c/rec.jessie/why/rec.why ========== +type charP + +type int32 + +type int8 + +type padding + +type voidP + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_int8: int8 -> int + +predicate eq_int8(x:int8, y:int8) = + eq_int(integer_of_int8(x), integer_of_int8(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic int8_of_integer: int -> int8 + +axiom int8_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_int8(int8_of_integer(x)), x))) + +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + +axiom int8_range : + (forall x:int8. + (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +function sum_upto(n:int) : int = + computer_div(mul_int(n, add_int(n, (1))), (2)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +lemma sum_rec : + (forall n_0_0:int. + (ge_int(n_0_0, (0)) -> + (sum_upto(add_int(n_0_0, (1))) = add_int(add_int(sum_upto(n_0_0), n_0_0), + (1))))) + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_int8 : unit -> { } int8 { true } + +parameter f91 : + n_0:int32 -> + { } int32 + { ((ge_int(integer_of_int32(n_0), (101)) -> + (JC_41: + (integer_of_int32(result) = sub_int(integer_of_int32(n_0), (10))))) + and (le_int(integer_of_int32(n_0), (100)) -> + (JC_39: (integer_of_int32(result) = (91))))) } + +parameter f91_requires : + n_0:int32 -> + { } int32 + { ((ge_int(integer_of_int32(n_0), (101)) -> + (JC_41: + (integer_of_int32(result) = sub_int(integer_of_int32(n_0), (10))))) + and (le_int(integer_of_int32(n_0), (100)) -> + (JC_39: (integer_of_int32(result) = (91))))) } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter int8_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} int8 + { eq_int(integer_of_int8(result), x) } + +parameter main : + tt:unit -> { } int32 { (JC_25: (integer_of_int32(result) = (36))) } + +parameter main_requires : + tt:unit -> { } int32 { (JC_25: (integer_of_int32(result) = (36))) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_int8_of_integer_ : + x:int -> { } int8 { eq_int(integer_of_int8(result), x) } + +parameter sum : + x_0:int32 -> + { } int32 + { (JC_10: (integer_of_int32(result) = sum_upto(integer_of_int32(x_0)))) } + +parameter sum_requires : + x_0:int32 -> + { (JC_3: + ((JC_1: ge_int(integer_of_int32(x_0), (0))) + and (JC_2: le_int(integer_of_int32(x_0), (1000)))))} + int32 + { (JC_10: (integer_of_int32(result) = sum_upto(integer_of_int32(x_0)))) } + +let f91_ensures_default = + fun (n_0 : int32) -> + { (JC_33: true) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let tmp_0 = ref (any_int32 void) in + (let tmp_0_0 = ref (any_int32 void) in + (let __retres_0 = ref (any_int32 void) in + try + begin + (if ((le_int_ (integer_of_int32 n_0)) (100)) + then + (C_26: + begin + (let jessie_ = + (C_23: + (C_25: + begin + (let jessie_ = + (tmp_0 := (C_22: + (let jessie_ = + (C_21: + (safe_int32_of_integer_ (C_20: + ((add_int (integer_of_int32 n_0)) (11))))) in + (JC_52: (f91 jessie_))))) in void); + (tmp_0_0 := (C_24: + (let jessie_ = !tmp_0 in (JC_53: (f91 jessie_))))); + !tmp_0_0 end)) in void); + (let jessie_ = (__retres_0 := !tmp_0_0) in void); + (raise (Return_label_exc void)) end) + else + (C_19: + begin + (let jessie_ = + (__retres_0 := (C_18: + (safe_int32_of_integer_ (C_17: + ((sub_int (integer_of_int32 n_0)) (10)))))) in + void); (raise (Return_label_exc void)) end)); + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: begin (return := !__retres_0); (raise Return) end) end))); + absurd end with Return -> !return end)) { (JC_34: true) } + +let f91_ensures_greater_than_100 = + fun (n_0 : int32) -> + { ge_int(integer_of_int32(n_0), (101)) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let tmp_0 = ref (any_int32 void) in + (let tmp_0_0 = ref (any_int32 void) in + (let __retres_0 = ref (any_int32 void) in + try + begin + (if ((le_int_ (integer_of_int32 n_0)) (100)) + then + (C_26: + begin + (let jessie_ = + (C_23: + (C_25: + begin + (let jessie_ = + (tmp_0 := (C_22: + (let jessie_ = + (C_21: + (safe_int32_of_integer_ (C_20: + ((add_int (integer_of_int32 n_0)) (11))))) in + (JC_56: (f91 jessie_))))) in void); + (tmp_0_0 := (C_24: + (let jessie_ = !tmp_0 in (JC_57: (f91 jessie_))))); + !tmp_0_0 end)) in void); + (let jessie_ = (__retres_0 := !tmp_0_0) in void); + (raise (Return_label_exc void)) end) + else + (C_19: + begin + (let jessie_ = + (__retres_0 := (C_18: + (safe_int32_of_integer_ (C_17: + ((sub_int (integer_of_int32 n_0)) (10)))))) in + void); (raise (Return_label_exc void)) end)); + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: begin (return := !__retres_0); (raise Return) end) end))); + absurd end with Return -> !return end)) + { (JC_40: + (integer_of_int32(result) = sub_int(integer_of_int32(n_0), (10)))) } + +let f91_ensures_less_than_101 = + fun (n_0 : int32) -> + { le_int(integer_of_int32(n_0), (100)) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let tmp_0 = ref (any_int32 void) in + (let tmp_0_0 = ref (any_int32 void) in + (let __retres_0 = ref (any_int32 void) in + try + begin + (if ((le_int_ (integer_of_int32 n_0)) (100)) + then + (C_26: + begin + (let jessie_ = + (C_23: + (C_25: + begin + (let jessie_ = + (tmp_0 := (C_22: + (let jessie_ = + (C_21: + (safe_int32_of_integer_ (C_20: + ((add_int (integer_of_int32 n_0)) (11))))) in + (JC_54: (f91 jessie_))))) in void); + (tmp_0_0 := (C_24: + (let jessie_ = !tmp_0 in (JC_55: (f91 jessie_))))); + !tmp_0_0 end)) in void); + (let jessie_ = (__retres_0 := !tmp_0_0) in void); + (raise (Return_label_exc void)) end) + else + (C_19: + begin + (let jessie_ = + (__retres_0 := (C_18: + (safe_int32_of_integer_ (C_17: + ((sub_int (integer_of_int32 n_0)) (10)))))) in + void); (raise (Return_label_exc void)) end)); + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: begin (return := !__retres_0); (raise Return) end) end))); + absurd end with Return -> !return end)) + { (JC_38: (integer_of_int32(result) = (91))) } + +let f91_safety = + fun (n_0 : int32) -> + { (JC_33: true) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let tmp_0 = ref (any_int32 void) in + (let tmp_0_0 = ref (any_int32 void) in + (let __retres_0 = ref (any_int32 void) in + try + begin + (if ((le_int_ (integer_of_int32 n_0)) (100)) + then + (C_26: + begin + (let jessie_ = + (C_23: + (C_25: + begin + (let jessie_ = + (tmp_0 := (C_22: + (let jessie_ = + (C_21: + (JC_42: + (int32_of_integer_ (C_20: + ((add_int (integer_of_int32 n_0)) (11)))))) in + (JC_46: + (check + { zwf_zero((JC_45 : sub_int((101), + integer_of_int32(jessie_))), + (JC_44 : sub_int((101), integer_of_int32(n_0)))) }; + (JC_43: (f91_requires jessie_))))))) in void); + (tmp_0_0 := (C_24: + (let jessie_ = !tmp_0 in + (JC_50: + (check + { zwf_zero((JC_49 : sub_int((101), + integer_of_int32(jessie_))), + (JC_48 : sub_int((101), integer_of_int32(n_0)))) }; + (JC_47: (f91_requires jessie_))))))); !tmp_0_0 end)) in + void); (let jessie_ = (__retres_0 := !tmp_0_0) in void); + (raise (Return_label_exc void)) end) + else + (C_19: + begin + (let jessie_ = + (__retres_0 := (C_18: + (JC_51: + (int32_of_integer_ (C_17: + ((sub_int (integer_of_int32 n_0)) (10))))))) in + void); (raise (Return_label_exc void)) end)); + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: begin (return := !__retres_0); (raise Return) end) end))); + absurd end with Return -> !return end)) { true } + +let main_ensures_default = + fun (tt : unit) -> + { (JC_23: true) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let i = ref (any_int32 void) in + (C_15: + begin + (let jessie_ = + (i := (C_14: + (let jessie_ = (safe_int32_of_integer_ (8)) in + (JC_29: (sum jessie_))))) in void); (return := !i); + (raise Return) end)); absurd end with Return -> !return end)) + { (JC_24: (integer_of_int32(result) = (36))) } + +let main_safety = + fun (tt : unit) -> + { (JC_23: true) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let i = ref (any_int32 void) in + (C_15: + begin + (let jessie_ = + (i := (C_14: + (let jessie_ = (safe_int32_of_integer_ (8)) in + (JC_28: (sum_requires jessie_))))) in void); (return := !i); + (raise Return) end)); absurd end with Return -> !return end)) + { true } + +let sum_ensures_default = + fun (x_0 : int32) -> + { (JC_7: + ((JC_5: ge_int(integer_of_int32(x_0), (0))) + and (JC_6: le_int(integer_of_int32(x_0), (1000))))) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let tmp = ref (any_int32 void) in + (let __retres = ref (any_int32 void) in + try + begin + (if ((eq_int_ (integer_of_int32 x_0)) (0)) + then + (C_9: + begin + (let jessie_ = (__retres := (safe_int32_of_integer_ (0))) in + void); (raise (Return_label_exc void)) end) + else + (C_4: + (C_8: + begin + (let jessie_ = + (tmp := (C_3: + (let jessie_ = + (C_2: + (safe_int32_of_integer_ (C_1: + ((sub_int (integer_of_int32 x_0)) (1))))) in + (JC_19: (sum jessie_))))) in void); + (let jessie_ = + (__retres := (C_7: + (safe_int32_of_integer_ (C_6: + ((add_int (integer_of_int32 + (C_5: x_0))) + (integer_of_int32 !tmp)))))) in + void); (raise (Return_label_exc void)) end))); + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: begin (return := !__retres); (raise Return) end) end)); + absurd end with Return -> !return end)) + { (JC_9: (integer_of_int32(result) = sum_upto(integer_of_int32(x_0)))) } + +let sum_safety = + fun (x_0 : int32) -> + { (JC_7: + ((JC_5: ge_int(integer_of_int32(x_0), (0))) + and (JC_6: le_int(integer_of_int32(x_0), (1000))))) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let tmp = ref (any_int32 void) in + (let __retres = ref (any_int32 void) in + try + begin + (if ((eq_int_ (integer_of_int32 x_0)) (0)) + then + (C_9: + begin + (let jessie_ = (__retres := (safe_int32_of_integer_ (0))) in + void); (raise (Return_label_exc void)) end) + else + (C_4: + (C_8: + begin + (let jessie_ = + (tmp := (C_3: + (let jessie_ = + (C_2: + (JC_13: + (int32_of_integer_ (C_1: + ((sub_int (integer_of_int32 x_0)) (1)))))) in + (JC_17: + (check + { zwf_zero(integer_of_int32((JC_16 : jessie_)), + integer_of_int32((JC_15 : x_0))) }; + (JC_14: (sum_requires jessie_))))))) in void); + (let jessie_ = + (__retres := (C_7: + (JC_18: + (int32_of_integer_ (C_6: + ((add_int (integer_of_int32 + (C_5: x_0))) (integer_of_int32 !tmp))))))) in + void); (raise (Return_label_exc void)) end))); + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: begin (return := !__retres); (raise Return) end) end)); + absurd end with Return -> !return end)) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/rec.why +========== file tests/c/rec.jessie/why/rec_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type charP + +type int32 + +type int8 + +type padding + +type voidP + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_int8 : int8 -> int + +predicate eq_int8(x: int8, y: int8) = + (integer_of_int8(x) = integer_of_int8(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic int8_of_integer : int -> int8 + +axiom int8_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_int8(int8_of_integer(x)) = x))) + +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + +axiom int8_range: + (forall x:int8. + (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +function sum_upto(n: int) : int = computer_div((n * (n + 1)), 2) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal sum_rec: + (forall n_0_0:int. + ((n_0_0 >= 0) -> + (sum_upto((n_0_0 + 1)) = ((sum_upto(n_0_0) + n_0_0) + 1)))) + +axiom sum_rec_as_axiom: + (forall n_0_0:int. + ((n_0_0 >= 0) -> + (sum_upto((n_0_0 + 1)) = ((sum_upto(n_0_0) + n_0_0) + 1)))) + +goal f91_ensures_greater_than_100_po_1: + forall n_0:int32. + (integer_of_int32(n_0) >= 101) -> + (integer_of_int32(n_0) <= 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n_0) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_41": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_39": (integer_of_int32(result0) = 91)))) -> + forall tmp_0:int32. + (tmp_0 = result0) -> + forall result1:int32. + (((integer_of_int32(tmp_0) >= 101) -> + ("JC_41": (integer_of_int32(result1) = (integer_of_int32(tmp_0) - 10)))) and + ((integer_of_int32(tmp_0) <= 100) -> + ("JC_39": (integer_of_int32(result1) = 91)))) -> + forall tmp_0_0:int32. + (tmp_0_0 = result1) -> + forall __retres_0:int32. + (__retres_0 = tmp_0_0) -> + forall return:int32. + (return = __retres_0) -> + ("JC_40": (integer_of_int32(return) = (integer_of_int32(n_0) - 10))) + +goal f91_ensures_greater_than_100_po_2: + forall n_0:int32. + (integer_of_int32(n_0) >= 101) -> + (integer_of_int32(n_0) > 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n_0) - 10)) -> + forall __retres_0:int32. + (__retres_0 = result) -> + forall return:int32. + (return = __retres_0) -> + ("JC_40": (integer_of_int32(return) = (integer_of_int32(n_0) - 10))) + +goal f91_ensures_less_than_101_po_1: + forall n_0:int32. + (integer_of_int32(n_0) <= 100) -> + (integer_of_int32(n_0) <= 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n_0) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_41": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_39": (integer_of_int32(result0) = 91)))) -> + forall tmp_0:int32. + (tmp_0 = result0) -> + forall result1:int32. + (((integer_of_int32(tmp_0) >= 101) -> + ("JC_41": (integer_of_int32(result1) = (integer_of_int32(tmp_0) - 10)))) and + ((integer_of_int32(tmp_0) <= 100) -> + ("JC_39": (integer_of_int32(result1) = 91)))) -> + forall tmp_0_0:int32. + (tmp_0_0 = result1) -> + forall __retres_0:int32. + (__retres_0 = tmp_0_0) -> + forall return:int32. + (return = __retres_0) -> + ("JC_38": (integer_of_int32(return) = 91)) + +goal f91_ensures_less_than_101_po_2: + forall n_0:int32. + (integer_of_int32(n_0) <= 100) -> + (integer_of_int32(n_0) > 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n_0) - 10)) -> + forall __retres_0:int32. + (__retres_0 = result) -> + forall return:int32. + (return = __retres_0) -> + ("JC_38": (integer_of_int32(return) = 91)) + +goal f91_safety_po_1: + forall n_0:int32. + ("JC_33": true) -> + (integer_of_int32(n_0) <= 100) -> + ((-2147483648) <= (integer_of_int32(n_0) + 11)) + +goal f91_safety_po_2: + forall n_0:int32. + ("JC_33": true) -> + (integer_of_int32(n_0) <= 100) -> + ((integer_of_int32(n_0) + 11) <= 2147483647) + +goal f91_safety_po_3: + forall n_0:int32. + ("JC_33": true) -> + (integer_of_int32(n_0) <= 100) -> + (((-2147483648) <= (integer_of_int32(n_0) + 11)) and + ((integer_of_int32(n_0) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n_0) + 11)) -> + (0 <= ("JC_44": (101 - integer_of_int32(n_0)))) + +goal f91_safety_po_4: + forall n_0:int32. + ("JC_33": true) -> + (integer_of_int32(n_0) <= 100) -> + (((-2147483648) <= (integer_of_int32(n_0) + 11)) and + ((integer_of_int32(n_0) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n_0) + 11)) -> + (("JC_45": (101 - integer_of_int32(result))) < ("JC_44": + (101 - integer_of_int32(n_0)))) + +goal f91_safety_po_5: + forall n_0:int32. + ("JC_33": true) -> + (integer_of_int32(n_0) <= 100) -> + (((-2147483648) <= (integer_of_int32(n_0) + 11)) and + ((integer_of_int32(n_0) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n_0) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_41": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_39": (integer_of_int32(result0) = 91)))) -> + forall tmp_0:int32. + (tmp_0 = result0) -> + (0 <= ("JC_48": (101 - integer_of_int32(n_0)))) + +goal f91_safety_po_6: + forall n_0:int32. + ("JC_33": true) -> + (integer_of_int32(n_0) <= 100) -> + (((-2147483648) <= (integer_of_int32(n_0) + 11)) and + ((integer_of_int32(n_0) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n_0) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_41": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_39": (integer_of_int32(result0) = 91)))) -> + forall tmp_0:int32. + (tmp_0 = result0) -> + (("JC_49": (101 - integer_of_int32(tmp_0))) < ("JC_48": + (101 - integer_of_int32(n_0)))) + +goal f91_safety_po_7: + forall n_0:int32. + ("JC_33": true) -> + (integer_of_int32(n_0) > 100) -> + ((-2147483648) <= (integer_of_int32(n_0) - 10)) + +goal f91_safety_po_8: + forall n_0:int32. + ("JC_33": true) -> + (integer_of_int32(n_0) > 100) -> + ((integer_of_int32(n_0) - 10) <= 2147483647) + +goal main_ensures_default_po_1: + ("JC_23": true) -> + forall result:int32. + (integer_of_int32(result) = 8) -> + forall result0:int32. + ("JC_10": (integer_of_int32(result0) = sum_upto(integer_of_int32(result)))) -> + forall i:int32. + (i = result0) -> + forall return:int32. + (return = i) -> + ("JC_24": (integer_of_int32(return) = 36)) + +goal main_safety_po_1: + ("JC_23": true) -> + forall result:int32. + (integer_of_int32(result) = 8) -> + ("JC_3": ("JC_1": (integer_of_int32(result) >= 0))) + +goal main_safety_po_2: + ("JC_23": true) -> + forall result:int32. + (integer_of_int32(result) = 8) -> + ("JC_3": ("JC_2": (integer_of_int32(result) <= 1000))) + +goal sum_ensures_default_po_1: + forall x_0:int32. + ("JC_7": + (("JC_5": (integer_of_int32(x_0) >= 0)) and + ("JC_6": (integer_of_int32(x_0) <= 1000)))) -> + (integer_of_int32(x_0) = 0) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall __retres:int32. + (__retres = result) -> + forall return:int32. + (return = __retres) -> + ("JC_9": (integer_of_int32(return) = sum_upto(integer_of_int32(x_0)))) + +goal sum_ensures_default_po_2: + forall x_0:int32. + ("JC_7": + (("JC_5": (integer_of_int32(x_0) >= 0)) and + ("JC_6": (integer_of_int32(x_0) <= 1000)))) -> + (integer_of_int32(x_0) <> 0) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(x_0) - 1)) -> + forall result0:int32. + ("JC_10": (integer_of_int32(result0) = sum_upto(integer_of_int32(result)))) -> + forall tmp:int32. + (tmp = result0) -> + forall result1:int32. + (integer_of_int32(result1) = (integer_of_int32(x_0) + integer_of_int32(tmp))) -> + forall __retres:int32. + (__retres = result1) -> + forall return:int32. + (return = __retres) -> + ("JC_9": (integer_of_int32(return) = sum_upto(integer_of_int32(x_0)))) + +goal sum_safety_po_1: + forall x_0:int32. + ("JC_7": + (("JC_5": (integer_of_int32(x_0) >= 0)) and + ("JC_6": (integer_of_int32(x_0) <= 1000)))) -> + (integer_of_int32(x_0) <> 0) -> + ((-2147483648) <= (integer_of_int32(x_0) - 1)) + +goal sum_safety_po_2: + forall x_0:int32. + ("JC_7": + (("JC_5": (integer_of_int32(x_0) >= 0)) and + ("JC_6": (integer_of_int32(x_0) <= 1000)))) -> + (integer_of_int32(x_0) <> 0) -> + ((integer_of_int32(x_0) - 1) <= 2147483647) + +goal sum_safety_po_3: + forall x_0:int32. + ("JC_7": + (("JC_5": (integer_of_int32(x_0) >= 0)) and + ("JC_6": (integer_of_int32(x_0) <= 1000)))) -> + (integer_of_int32(x_0) <> 0) -> + (((-2147483648) <= (integer_of_int32(x_0) - 1)) and + ((integer_of_int32(x_0) - 1) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(x_0) - 1)) -> + (0 <= integer_of_int32(("JC_15": x_0))) + +goal sum_safety_po_4: + forall x_0:int32. + ("JC_7": + (("JC_5": (integer_of_int32(x_0) >= 0)) and + ("JC_6": (integer_of_int32(x_0) <= 1000)))) -> + (integer_of_int32(x_0) <> 0) -> + (((-2147483648) <= (integer_of_int32(x_0) - 1)) and + ((integer_of_int32(x_0) - 1) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(x_0) - 1)) -> + (integer_of_int32(("JC_16": result)) < integer_of_int32(("JC_15": x_0))) + +goal sum_safety_po_5: + forall x_0:int32. + ("JC_7": + (("JC_5": (integer_of_int32(x_0) >= 0)) and + ("JC_6": (integer_of_int32(x_0) <= 1000)))) -> + (integer_of_int32(x_0) <> 0) -> + (((-2147483648) <= (integer_of_int32(x_0) - 1)) and + ((integer_of_int32(x_0) - 1) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(x_0) - 1)) -> + ("JC_3": ("JC_1": (integer_of_int32(result) >= 0))) + +goal sum_safety_po_6: + forall x_0:int32. + ("JC_7": + (("JC_5": (integer_of_int32(x_0) >= 0)) and + ("JC_6": (integer_of_int32(x_0) <= 1000)))) -> + (integer_of_int32(x_0) <> 0) -> + (((-2147483648) <= (integer_of_int32(x_0) - 1)) and + ((integer_of_int32(x_0) - 1) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(x_0) - 1)) -> + ("JC_3": ("JC_2": (integer_of_int32(result) <= 1000))) + +goal sum_safety_po_7: + forall x_0:int32. + ("JC_7": + (("JC_5": (integer_of_int32(x_0) >= 0)) and + ("JC_6": (integer_of_int32(x_0) <= 1000)))) -> + (integer_of_int32(x_0) <> 0) -> + (((-2147483648) <= (integer_of_int32(x_0) - 1)) and + ((integer_of_int32(x_0) - 1) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(x_0) - 1)) -> + ("JC_3": + (("JC_1": (integer_of_int32(result) >= 0)) and + ("JC_2": (integer_of_int32(result) <= 1000)))) -> + forall result0:int32. + ("JC_10": (integer_of_int32(result0) = sum_upto(integer_of_int32(result)))) -> + forall tmp:int32. + (tmp = result0) -> + ((-2147483648) <= (integer_of_int32(x_0) + integer_of_int32(tmp))) + +goal sum_safety_po_8: + forall x_0:int32. + ("JC_7": + (("JC_5": (integer_of_int32(x_0) >= 0)) and + ("JC_6": (integer_of_int32(x_0) <= 1000)))) -> + (integer_of_int32(x_0) <> 0) -> + (((-2147483648) <= (integer_of_int32(x_0) - 1)) and + ((integer_of_int32(x_0) - 1) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(x_0) - 1)) -> + ("JC_3": + (("JC_1": (integer_of_int32(result) >= 0)) and + ("JC_2": (integer_of_int32(result) <= 1000)))) -> + forall result0:int32. + ("JC_10": (integer_of_int32(result0) = sum_upto(integer_of_int32(result)))) -> + forall tmp:int32. + (tmp = result0) -> + ((integer_of_int32(x_0) + integer_of_int32(tmp)) <= 2147483647) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/rec_why.why : ?............?...........# (23/0/2/1/0) +total : 26 +valid : 23 ( 88%) +invalid : 0 ( 0%) +unknown : 2 ( 8%) +timeout : 1 ( 4%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/selection_sort.err.oracle why-2.30+dfsg/tests/c/oracle/selection_sort.err.oracle --- why-2.29+dfsg/tests/c/oracle/selection_sort.err.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/selection_sort.err.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,7 @@ +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file diff -Nru why-2.29+dfsg/tests/c/oracle/selection_sort.res.oracle why-2.30+dfsg/tests/c/oracle/selection_sort.res.oracle --- why-2.29+dfsg/tests/c/oracle/selection_sort.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/selection_sort.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,7696 @@ +========== file tests/c/selection_sort.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +// RUNSIMPLIFY: will ask regtests to run Simplify on this program + +#pragma JessieIntegerModel(math) + +#include "sorting.h" + +/*@ requires \valid(t+i) && \valid(t+j); + @ assigns t[i],t[j]; + @ ensures Swap{Old,Here}(t,i,j); + @*/ +void swap(int t[], int i, int j) { + int tmp = t[i]; + t[i] = t[j]; + t[j] = tmp; +} + +/*@ requires \valid_range(t,0,n-1); + @ behavior sorted: + @ ensures Sorted(t,0,n); + @ behavior permutation: + @ ensures Permut{Old,Here}(t,0,n-1); + @*/ +void sel_sort(int t[], int n) { + int i,j; + int mi,mv; + if (n <= 0) return; + /*@ loop invariant 0 <= i < n; + @ for sorted: + @ loop invariant + @ Sorted(t,0,i) && + @ (\forall integer k1, k2 ; + @ 0 <= k1 < i <= k2 < n ==> t[k1] <= t[k2]) ; + @ for permutation: + @ loop invariant Permut{Pre,Here}(t,0,n-1); + @ loop variant n-i; + @*/ + for (i=0; i t[k] >= mv); + @ for permutation: + @ loop invariant + @ Permut{Pre,Here}(t,0,n-1); + @ loop variant n-j; + @*/ + for (j=i+1; j < n; j++) { + if (t[j] < mv) { + mi = j ; mv = t[j]; + } + } + L: + swap(t,i,mi); + //@ assert Permut{L,Here}(t,0,n-1); + } +} + + +/* +Local Variables: +compile-command: "frama-c -jessie selection_sort.c" +End: +*/ +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/selection_sort.c" +[jessie] Starting Jessie translation +[jessie] Producing Jessie files in subdir tests/c/selection_sort.jessie +[jessie] File tests/c/selection_sort.jessie/selection_sort.jc written. +[jessie] File tests/c/selection_sort.jessie/selection_sort.cloc written. +========== file tests/c/selection_sort.jessie/selection_sort.jc ========== +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +tag intP = { + integer intM: 32; +} + +type intP = [intP] + +tag charP = { + integer charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +predicate Swap{L1, L2}(intP[..] a, integer i, integer j) = +(((\at((a + i).intM,L1) == \at((a + j).intM,L2)) && + (\at((a + j).intM,L1) == \at((a + i).intM,L2))) && + (\forall integer k; + (((k != i) && (k != j)) ==> + (\at((a + k).intM,L1) == \at((a + k).intM,L2))))) + +predicate Permut{L1, L2}(intP[..] a_0, integer l, integer h) { +case Permut_refl{L}: (\forall intP[..] a_1; + (\forall integer l_0; + (\forall integer h_0; + Permut{L, L}(a_1, l_0, h_0)))); + + case Permut_sym{L1, L2}: (\forall intP[..] a_2; + (\forall integer l_1; + (\forall integer h_1; + (Permut{L1, + L2}(a_2, l_1, h_1) ==> + Permut{L2, + L1}(a_2, l_1, h_1))))); + + case Permut_trans{L1, L2, L3}: (\forall intP[..] a_3; + (\forall integer l_2; + (\forall integer h_2; + ((Permut{L1, + L2}(a_3, l_2, h_2) && + Permut{L2, + L3}(a_3, l_2, h_2)) ==> + Permut{L1, + L3}(a_3, l_2, h_2))))); + + case Permut_swap{L1, L2}: (\forall intP[..] a_4; + (\forall integer l_3; + (\forall integer h_3; + (\forall integer i_0; + (\forall integer j_0; + (((((l_3 <= i_0) && (i_0 <= h_3)) && + ((l_3 <= j_0) && (j_0 <= h_3))) && + Swap{L1, + L2}(a_4, i_0, j_0)) ==> + Permut{L1, + L2}(a_4, l_3, h_3))))))); + +} + +predicate Sorted{L}(intP[..] a_5, integer l_4, integer h_4) = +(\forall integer i_1; + (\forall integer j_1; + (((l_4 <= i_1) && ((i_1 <= j_1) && (j_1 < h_4))) ==> + ((a_5 + i_1).intM <= (a_5 + j_1).intM)))) + +unit swap(intP[..] t_0, integer i, integer j) + requires (C_13 : (((C_15 : (\offset_min(t_0) <= i)) && + (C_16 : (\offset_max(t_0) >= i))) && + ((C_18 : (\offset_min(t_0) <= j)) && + (C_19 : (\offset_max(t_0) >= j))))); +behavior default: + assigns (t_0 + i).intM, + (t_0 + j).intM; + ensures (C_12 : Swap{Old, Here}(\at(t_0,Old), \at(i,Old), \at(j,Old))); +{ + (var integer tmp); + + { (C_3 : (tmp = (C_2 : (C_1 : (t_0 + i)).intM))); + (C_8 : ((C_7 : (C_6 : (t_0 + i)).intM) = (C_5 : (C_4 : (t_0 + j)).intM))); + (C_11 : ((C_10 : (C_9 : (t_0 + j)).intM) = tmp)); + + (return ()) + } +} + +unit sel_sort(intP[..] t, integer n) + requires (C_61 : ((C_62 : (\offset_min(t) <= 0)) && + (C_63 : (\offset_max(t) >= (n - 1))))); +behavior default: + ensures (C_58 : true); +behavior sorted: + ensures (C_59 : Sorted{Here}(\at(t,Old), 0, \at(n,Old))); +behavior permutation: + ensures (C_60 : Permut{Old, Here}(\at(t,Old), 0, (\at(n,Old) - 1))); +{ + (var integer i_0); + + (var integer j_0); + + (var integer mi); + + (var integer mv); + + { (if (n <= 0) then + (goto return_label) else ()); + (C_20 : (i_0 = 0)); + + loop + behavior default: + invariant (C_26 : ((C_27 : (0 <= i_0)) && (C_28 : (i_0 < n)))); + behavior sorted: + invariant (C_23 : ((C_24 : Sorted{Here}(t, 0, i_0)) && + (C_25 : (\forall integer k1; + (\forall integer k2; + (((0 <= k1) && + ((k1 < i_0) && + ((i_0 <= k2) && (k2 < n)))) ==> + ((t + k1).intM <= (t + k2).intM))))))); + behavior permutation: + invariant (C_22 : Permut{Pre, Here}(t, 0, (n - 1))); + variant (C_21 : (n - i_0)); + while (true) + { + { (if (i_0 < (C_29 : (n - 1))) then () else + (goto while_0_break)); + + { (C_32 : (mv = (C_31 : (C_30 : (t + i_0)).intM))); + (C_33 : (mi = i_0)); + (C_35 : (j_0 = (C_34 : (i_0 + 1)))); + + loop + behavior default: + invariant (C_41 : ((C_42 : (i_0 < j_0)) && + ((C_44 : (i_0 <= mi)) && + (C_45 : (mi < n))))); + behavior sorted: + invariant (C_38 : ((C_39 : (mv == (t + mi).intM)) && + (C_40 : (\forall integer k_0; + (((i_0 <= k_0) && (k_0 < j_0)) ==> + ((t + k_0).intM >= mv)))))); + behavior permutation: + invariant (C_37 : Permut{Pre, Here}(t, 0, (n - 1))); + variant (C_36 : (n - j_0)); + while (true) + { + { (if (j_0 < n) then () else + (goto while_1_break)); + + { (if ((C_51 : (C_50 : (t + j_0)).intM) < mv) then + { (C_46 : (mi = j_0)); + (C_49 : (mv = (C_48 : (C_47 : (t + j_0)).intM))) + } else ()) + }; + (C_53 : (j_0 = (C_52 : (j_0 + 1)))) + } + }; + (while_1_break : ()); + (L : (C_54 : swap(t, i_0, mi))); + + { + (assert for default: (C_55 : Permut{L, + Here}(t, 0, (n - 1)))); + () + } + }; + (C_57 : (i_0 = (C_56 : (i_0 + 1)))) + } + }; + (while_0_break : ()); + (return_label : + (return ())) + } +} +========== file tests/c/selection_sort.jessie/selection_sort.cloc ========== +[C_50] +file = "HOME/tests/c/selection_sort.c" +line = 82 +begin = 10 +end = 11 + +[C_51] +file = "HOME/tests/c/selection_sort.c" +line = 82 +begin = 10 +end = 14 + +[C_52] +file = "HOME/tests/c/selection_sort.c" +line = 81 +begin = 23 +end = 26 + +[C_53] +file = "HOME/tests/c/selection_sort.c" +line = 81 +begin = 23 +end = 26 + +[C_54] +file = "HOME/tests/c/selection_sort.c" +line = 87 +begin = 4 +end = 16 + +[C_55] +file = "HOME/tests/c/selection_sort.c" +line = 88 +begin = 15 +end = 38 + +[C_56] +file = "HOME/tests/c/selection_sort.c" +line = 68 +begin = 19 +end = 22 + +[C_57] +file = "HOME/tests/c/selection_sort.c" +line = 68 +begin = 19 +end = 22 + +[C_58] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[C_59] +file = "HOME/tests/c/selection_sort.c" +line = 50 +begin = 14 +end = 27 + +[C_60] +file = "HOME/tests/c/selection_sort.c" +line = 52 +begin = 14 +end = 39 + +[C_61] +file = "HOME/tests/c/selection_sort.c" +line = 48 +begin = 13 +end = 34 + +[C_62] +file = "HOME/tests/c/selection_sort.c" +line = 48 +begin = 13 +end = 34 + +[C_10] +file = "HOME/tests/c/selection_sort.c" +line = 45 +begin = 9 +end = 12 + +[C_63] +file = "HOME/tests/c/selection_sort.c" +line = 48 +begin = 13 +end = 34 + +[C_11] +file = "HOME/tests/c/selection_sort.c" +line = 45 +begin = 9 +end = 12 + +[C_12] +file = "HOME/tests/c/selection_sort.c" +line = 40 +begin = 12 +end = 33 + +[C_13] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 13 +end = 39 + +[C_14] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 13 +end = 24 + +[C_15] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 13 +end = 24 + +[C_16] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 13 +end = 24 + +[C_17] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 28 +end = 39 + +[C_18] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 28 +end = 39 + +[C_19] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 28 +end = 39 + +[C_1] +file = "HOME/tests/c/selection_sort.c" +line = 43 +begin = 12 +end = 13 + +[C_2] +file = "HOME/tests/c/selection_sort.c" +line = 43 +begin = 12 +end = 16 + +[C_3] +file = "HOME/tests/c/selection_sort.c" +line = 43 +begin = 2 +end = 5 + +[C_4] +file = "HOME/tests/c/selection_sort.c" +line = 44 +begin = 9 +end = 10 + +[C_20] +file = "HOME/tests/c/selection_sort.c" +line = 68 +begin = 9 +end = 10 + +[C_5] +file = "HOME/tests/c/selection_sort.c" +line = 44 +begin = 9 +end = 13 + +[C_21] +file = "HOME/tests/c/selection_sort.c" +line = 66 +begin = 19 +end = 22 + +[C_6] +file = "HOME/tests/c/selection_sort.c" +line = 44 +begin = 2 +end = 3 + +[C_22] +file = "HOME/tests/c/selection_sort.c" +line = 65 +begin = 22 +end = 47 + +[C_7] +file = "HOME/tests/c/selection_sort.c" +line = 44 +begin = 9 +end = 13 + +[C_23] +file = "HOME/tests/c/selection_sort.c" +line = 61 +begin = 8 +end = 111 + +[C_8] +file = "HOME/tests/c/selection_sort.c" +line = 44 +begin = 9 +end = 13 + +[C_24] +file = "HOME/tests/c/selection_sort.c" +line = 61 +begin = 8 +end = 21 + +[C_9] +file = "HOME/tests/c/selection_sort.c" +line = 45 +begin = 2 +end = 3 + +[C_25] +file = "HOME/tests/c/selection_sort.c" +line = 62 +begin = 8 +end = 86 + +[C_26] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 21 +end = 31 + +[C_27] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 21 +end = 27 + +[C_28] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 26 +end = 31 + +[C_29] +file = "HOME/tests/c/selection_sort.c" +line = 68 +begin = 14 +end = 17 + +[sel_sort] +name = "Function sel_sort" +file = "HOME/tests/c/selection_sort.c" +line = 54 +begin = 5 +end = 13 + +[C_30] +file = "HOME/tests/c/selection_sort.c" +line = 70 +begin = 9 +end = 10 + +[C_31] +file = "HOME/tests/c/selection_sort.c" +line = 70 +begin = 9 +end = 13 + +[C_32] +file = "HOME/tests/c/selection_sort.c" +line = 70 +begin = 9 +end = 13 + +[C_33] +file = "HOME/tests/c/selection_sort.c" +line = 70 +begin = 20 +end = 21 + +[C_34] +file = "HOME/tests/c/selection_sort.c" +line = 81 +begin = 11 +end = 14 + +[C_35] +file = "HOME/tests/c/selection_sort.c" +line = 81 +begin = 11 +end = 14 + +[C_36] +file = "HOME/tests/c/selection_sort.c" +line = 79 +begin = 21 +end = 24 + +[C_37] +file = "HOME/tests/c/selection_sort.c" +line = 78 +begin = 10 +end = 35 + +[C_38] +file = "HOME/tests/c/selection_sort.c" +line = 74 +begin = 11 +end = 83 + +[C_39] +file = "HOME/tests/c/selection_sort.c" +line = 74 +begin = 11 +end = 22 + +[swap] +name = "Function swap" +file = "HOME/tests/c/selection_sort.c" +line = 42 +begin = 5 +end = 9 + +[C_40] +file = "HOME/tests/c/selection_sort.c" +line = 75 +begin = 11 +end = 57 + +[C_41] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 23 +end = 43 + +[C_42] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 23 +end = 28 + +[C_43] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 32 +end = 43 + +[C_44] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 32 +end = 39 + +[C_45] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 37 +end = 43 + +[C_46] +file = "HOME/tests/c/selection_sort.c" +line = 83 +begin = 6 +end = 7 + +[C_47] +file = "HOME/tests/c/selection_sort.c" +line = 83 +begin = 15 +end = 16 + +[C_48] +file = "HOME/tests/c/selection_sort.c" +line = 83 +begin = 15 +end = 19 + +[C_49] +file = "HOME/tests/c/selection_sort.c" +line = 83 +begin = 15 +end = 19 + +========== jessie execution ========== +Generating Why function swap +Generating Why function sel_sort +========== file tests/c/selection_sort.jessie/selection_sort.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs selection_sort.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs selection_sort.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/selection_sort_why.sx + +project: why/selection_sort.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/selection_sort_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/selection_sort_why.vo + +coq/selection_sort_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/selection_sort_why.v: why/selection_sort.why + @echo 'why -coq [...] why/selection_sort.why' && $(WHY) $(JESSIELIBFILES) why/selection_sort.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/selection_sort_ctx_why.vo + for f in why/*_po*.why; do make -f selection_sort.makefile coq/`basename $$f .why`_why.v ; done + +coq/selection_sort_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/selection_sort_ctx_why.v: why/selection_sort_ctx.why + @echo 'why -coq [...] why/selection_sort_ctx.why' && $(WHY) why/selection_sort_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export selection_sort_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/selection_sort_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/selection_sort_ctx_why.vo + +pvs: pvs/selection_sort_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/selection_sort_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/selection_sort_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/selection_sort_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/selection_sort_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/selection_sort_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/selection_sort_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/selection_sort_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/selection_sort_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/selection_sort_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/selection_sort_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/selection_sort_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/selection_sort_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/selection_sort_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/selection_sort_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: selection_sort.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/selection_sort_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/selection_sort_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: selection_sort.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include selection_sort.depend + +depend: coq/selection_sort_why.v + -$(COQDEP) -I coq coq/selection_sort*_why.v > selection_sort.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/selection_sort.jessie/selection_sort.loc ========== +[JC_90] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 37 +end = 43 + +[JC_91] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 23 +end = 43 + +[JC_92] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_40] +file = "HOME/tests/c/selection_sort.c" +line = 52 +begin = 14 +end = 39 + +[JC_93] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 145 +begin = 15 +end = 1228 + +[JC_41] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 21 +end = 27 + +[JC_94] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 145 +begin = 15 +end = 1228 + +[JC_42] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 26 +end = 31 + +[JC_95] +kind = UserCall +file = "HOME/tests/c/selection_sort.c" +line = 87 +begin = 4 +end = 16 + +[JC_43] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 21 +end = 31 + +[JC_96] +file = "HOME/tests/c/selection_sort.c" +line = 88 +begin = 15 +end = 38 + +[JC_44] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_97] +file = "HOME/tests/c/selection_sort.c" +line = 65 +begin = 22 +end = 47 + +[JC_45] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 122 +begin = 6 +end = 2595 + +[JC_98] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 21 +end = 27 + +[JC_46] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 122 +begin = 6 +end = 2595 + +[JC_1] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 13 +end = 24 + +[JC_100] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 21 +end = 31 + +[JC_99] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 26 +end = 31 + +[JC_47] +kind = PointerDeref +file = "HOME/tests/c/selection_sort.c" +line = 70 +begin = 9 +end = 13 + +[JC_2] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 13 +end = 24 + +[JC_101] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_48] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 23 +end = 28 + +[JC_3] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 28 +end = 39 + +[JC_102] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 122 +begin = 6 +end = 2595 + +[JC_49] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 32 +end = 39 + +[JC_4] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 28 +end = 39 + +[JC_103] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 122 +begin = 6 +end = 2595 + +[JC_5] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 13 +end = 39 + +[JC_104] +file = "HOME/tests/c/selection_sort.c" +line = 78 +begin = 10 +end = 35 + +[JC_6] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_105] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 23 +end = 28 + +[JC_7] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 13 +end = 24 + +[sel_sort_ensures_permutation] +name = "Function sel_sort" +behavior = "Behavior `permutation'" +file = "HOME/tests/c/selection_sort.c" +line = 54 +begin = 5 +end = 13 + +[JC_106] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 32 +end = 39 + +[JC_8] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 13 +end = 24 + +[JC_107] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 37 +end = 43 + +[JC_9] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 28 +end = 39 + +[JC_108] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 23 +end = 43 + +[JC_109] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_50] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 37 +end = 43 + +[JC_51] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 23 +end = 43 + +[JC_52] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[sel_sort_ensures_default] +name = "Function sel_sort" +behavior = "default behavior" +file = "HOME/tests/c/selection_sort.c" +line = 54 +begin = 5 +end = 13 + +[JC_53] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 145 +begin = 15 +end = 1228 + +[JC_54] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 145 +begin = 15 +end = 1228 + +[JC_55] +kind = PointerDeref +file = "HOME/tests/c/selection_sort.c" +line = 82 +begin = 10 +end = 14 + +[JC_56] +kind = PointerDeref +file = "HOME/tests/c/selection_sort.c" +line = 83 +begin = 15 +end = 19 + +[JC_110] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 145 +begin = 15 +end = 1228 + +[JC_57] +file = "HOME/tests/c/selection_sort.c" +line = 79 +begin = 21 +end = 24 + +[JC_111] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 145 +begin = 15 +end = 1228 + +[JC_58] +kind = UserCall +file = "HOME/tests/c/selection_sort.c" +line = 87 +begin = 4 +end = 16 + +[JC_112] +kind = UserCall +file = "HOME/tests/c/selection_sort.c" +line = 87 +begin = 4 +end = 16 + +[JC_59] +file = "HOME/tests/c/selection_sort.c" +line = 88 +begin = 15 +end = 38 + +[JC_113] +file = "HOME/tests/c/selection_sort.c" +line = 88 +begin = 15 +end = 38 + +[swap_safety] +name = "Function swap" +behavior = "Safety" +file = "HOME/tests/c/selection_sort.c" +line = 42 +begin = 5 +end = 9 + +[JC_60] +file = "HOME/tests/c/selection_sort.c" +line = 66 +begin = 19 +end = 22 + +[JC_61] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 21 +end = 27 + +[JC_62] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 26 +end = 31 + +[JC_10] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 28 +end = 39 + +[JC_63] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 21 +end = 31 + +[JC_11] +file = "HOME/tests/c/selection_sort.c" +line = 38 +begin = 13 +end = 39 + +[JC_64] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_65] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 122 +begin = 6 +end = 2595 + +[JC_13] +file = "HOME/tests/c/selection_sort.c" +line = 40 +begin = 12 +end = 33 + +[JC_66] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 122 +begin = 6 +end = 2595 + +[JC_14] +file = "HOME/tests/c/selection_sort.c" +line = 42 +begin = 5 +end = 9 + +[JC_67] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 23 +end = 28 + +[JC_15] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 85 +begin = 9 +end = 16 + +[JC_68] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 32 +end = 39 + +[JC_16] +file = "HOME/tests/c/selection_sort.c" +line = 40 +begin = 12 +end = 33 + +[JC_69] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 37 +end = 43 + +[JC_17] +file = "HOME/tests/c/selection_sort.c" +line = 42 +begin = 5 +end = 9 + +[JC_18] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 85 +begin = 9 +end = 16 + +[JC_19] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[sel_sort_safety] +name = "Function sel_sort" +behavior = "Safety" +file = "HOME/tests/c/selection_sort.c" +line = 54 +begin = 5 +end = 13 + +[JC_70] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 23 +end = 43 + +[JC_71] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_72] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 145 +begin = 15 +end = 1228 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[sel_sort_ensures_sorted] +name = "Function sel_sort" +behavior = "Behavior `sorted'" +file = "HOME/tests/c/selection_sort.c" +line = 54 +begin = 5 +end = 13 + +[JC_73] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 145 +begin = 15 +end = 1228 + +[JC_21] +kind = PointerDeref +file = "HOME/tests/c/selection_sort.c" +line = 43 +begin = 12 +end = 16 + +[JC_74] +kind = UserCall +file = "HOME/tests/c/selection_sort.c" +line = 87 +begin = 4 +end = 16 + +[JC_22] +kind = PointerDeref +file = "HOME/tests/c/selection_sort.c" +line = 44 +begin = 9 +end = 13 + +[JC_75] +file = "HOME/tests/c/selection_sort.c" +line = 88 +begin = 15 +end = 38 + +[JC_23] +kind = PointerDeref +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 93 +begin = 14 +end = 77 + +[JC_76] +file = "HOME/tests/c/selection_sort.c" +line = 61 +begin = 8 +end = 21 + +[swap_ensures_default] +name = "Function swap" +behavior = "default behavior" +file = "HOME/tests/c/selection_sort.c" +line = 42 +begin = 5 +end = 9 + +[JC_24] +kind = PointerDeref +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 94 +begin = 15 +end = 52 + +[JC_77] +file = "HOME/tests/c/selection_sort.c" +line = 62 +begin = 8 +end = 86 + +[JC_25] +file = "HOME/tests/c/selection_sort.c" +line = 48 +begin = 13 +end = 34 + +[JC_78] +file = "HOME/tests/c/selection_sort.c" +line = 61 +begin = 8 +end = 111 + +[JC_26] +file = "HOME/tests/c/selection_sort.c" +line = 48 +begin = 13 +end = 34 + +[JC_79] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 21 +end = 27 + +[JC_27] +file = "HOME/tests/c/selection_sort.c" +line = 48 +begin = 13 +end = 34 + +[JC_28] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_29] +file = "HOME/tests/c/selection_sort.c" +line = 48 +begin = 13 +end = 34 + +[JC_80] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 26 +end = 31 + +[JC_81] +file = "HOME/tests/c/selection_sort.c" +line = 58 +begin = 21 +end = 31 + +[JC_82] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_30] +file = "HOME/tests/c/selection_sort.c" +line = 48 +begin = 13 +end = 34 + +[JC_83] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 122 +begin = 6 +end = 2595 + +[JC_31] +file = "HOME/tests/c/selection_sort.c" +line = 48 +begin = 13 +end = 34 + +[JC_84] +file = "HOME/tests/c/selection_sort.jessie/selection_sort.jc" +line = 122 +begin = 6 +end = 2595 + +[JC_32] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_85] +file = "HOME/tests/c/selection_sort.c" +line = 74 +begin = 11 +end = 22 + +[JC_33] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_86] +file = "HOME/tests/c/selection_sort.c" +line = 75 +begin = 11 +end = 57 + +[JC_34] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_87] +file = "HOME/tests/c/selection_sort.c" +line = 74 +begin = 11 +end = 83 + +[JC_35] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_88] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 23 +end = 28 + +[JC_36] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_89] +file = "HOME/tests/c/selection_sort.c" +line = 71 +begin = 32 +end = 39 + +[JC_37] +file = "HOME/tests/c/selection_sort.c" +line = 50 +begin = 14 +end = 27 + +[JC_38] +file = "HOME/tests/c/selection_sort.c" +line = 50 +begin = 14 +end = 27 + +[JC_39] +file = "HOME/tests/c/selection_sort.c" +line = 52 +begin = 14 +end = 39 + +========== file tests/c/selection_sort.jessie/why/selection_sort.why ========== +type charP + +type intP + +type padding + +type voidP + +predicate Swap(a:intP pointer, i:int, j:int, + intP_intM_a_1_at_L2:(intP, int) memory, + intP_intM_a_1_at_L1:(intP, int) memory) = + ((select(intP_intM_a_1_at_L1, shift(a, i)) = select(intP_intM_a_1_at_L2, + shift(a, j))) + and ((select(intP_intM_a_1_at_L1, shift(a, j)) = select(intP_intM_a_1_at_L2, + shift(a, i))) + and (forall k:int. + (((k <> i) and (k <> j)) -> + (select(intP_intM_a_1_at_L1, shift(a, k)) = select(intP_intM_a_1_at_L2, + shift(a, k))))))) + +inductive Permut: intP pointer, int, int, (intP, int) memory, + (intP, int) memory -> prop = + | Permut_refl: (forall intP_intM_a_0_2_at_L:(intP, int) memory. + (forall a_1:intP pointer. + (forall l_0:int. + (forall h_0:int. + Permut(a_1, l_0, h_0, intP_intM_a_0_2_at_L, + intP_intM_a_0_2_at_L))))) + | Permut_sym: (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_2:intP pointer. + (forall l_1:int. + (forall h_1:int. + (Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) -> + Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L1, + intP_intM_a_0_2_at_L2))))))) + | Permut_trans: (forall intP_intM_a_0_2_at_L3:(intP, int) memory. + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_3:intP pointer. + (forall l_2:int. + (forall h_2:int. + ((Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) + and Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L2)) -> + Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L1)))))))) + | Permut_swap: (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_4:intP pointer. + (forall l_3:int. + (forall h_3:int. + (forall i_0_0:int. + (forall j_0_0:int. + ((le_int(l_3, i_0_0) + and (le_int(i_0_0, h_3) + and (le_int(l_3, j_0_0) + and (le_int(j_0_0, h_3) + and Swap(a_4, i_0_0, j_0_0, + intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))) -> + Permut(a_4, l_3, h_3, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))))))) + +predicate Sorted(a_5:intP pointer, l_4:int, h_4:int, + intP_intM_a_5_3_at_L:(intP, int) memory) = + (forall i_1:int. + (forall j_1:int. + ((le_int(l_4, i_1) and (le_int(i_1, j_1) and lt_int(j_1, h_4))) -> + le_int(select(intP_intM_a_5_3_at_L, shift(a_5, i_1)), + select(intP_intM_a_5_3_at_L, shift(a_5, j_1)))))) + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +logic intP_tag: -> intP tag_id + +axiom intP_int : (int_of_tag(intP_tag) = (1)) + +logic intP_of_pointer_address: unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr : + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom : parenttag(intP_tag, bottom_tag) + +axiom intP_tags : + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. + instanceof(intP_tag_table, x, intP_tag))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_intP(p:intP pointer, a:int, + intP_alloc_table:intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_intP(p:intP pointer, b:int, + intP_alloc_table:intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +exception Goto_while_0_break_exc of unit + +exception Goto_while_1_break_exc of unit + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter intP_alloc_table : intP alloc_table ref + +parameter intP_tag_table : intP tag_table ref + +parameter alloc_struct_intP : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { } intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter alloc_struct_intP_requires : + n:int -> + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { ge_int(n, (0))} intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter sel_sort : + t:intP pointer -> + n:int -> + intP_intM_t_5:(intP, int) memory ref -> + intP_t_5_alloc_table:intP alloc_table -> + { } unit reads intP_intM_t_5 writes intP_intM_t_5 + { ((JC_40: + Permut(t, (0), sub_int(n, (1)), intP_intM_t_5, intP_intM_t_5@)) + and (JC_38: Sorted(t, (0), n, intP_intM_t_5))) } + +parameter sel_sort_requires : + t:intP pointer -> + n:int -> + intP_intM_t_5:(intP, int) memory ref -> + intP_t_5_alloc_table:intP alloc_table -> + { (JC_27: + ((JC_25: le_int(offset_min(intP_t_5_alloc_table, t), (0))) + and (JC_26: + ge_int(offset_max(intP_t_5_alloc_table, t), sub_int(n, (1))))))} + unit reads intP_intM_t_5 writes intP_intM_t_5 + { ((JC_40: + Permut(t, (0), sub_int(n, (1)), intP_intM_t_5, intP_intM_t_5@)) + and (JC_38: Sorted(t, (0), n, intP_intM_t_5))) } + +parameter swap : + t_0:intP pointer -> + i_0:int -> + j_0:int -> + intP_intM_t_0_4:(intP, int) memory ref -> + intP_t_0_4_alloc_table:intP alloc_table -> + { } unit reads intP_intM_t_0_4 writes intP_intM_t_0_4 + { (JC_18: + ((JC_16: Swap(t_0, i_0, j_0, intP_intM_t_0_4, intP_intM_t_0_4@)) + and (JC_17: + not_assigns(intP_t_0_4_alloc_table, intP_intM_t_0_4@, + intP_intM_t_0_4, + pset_union(pset_range(pset_singleton(t_0), j_0, j_0), + pset_range(pset_singleton(t_0), i_0, i_0)))))) } + +parameter swap_requires : + t_0:intP pointer -> + i_0:int -> + j_0:int -> + intP_intM_t_0_4:(intP, int) memory ref -> + intP_t_0_4_alloc_table:intP alloc_table -> + { (JC_5: + ((JC_1: le_int(offset_min(intP_t_0_4_alloc_table, t_0), i_0)) + and ((JC_2: ge_int(offset_max(intP_t_0_4_alloc_table, t_0), i_0)) + and ((JC_3: le_int(offset_min(intP_t_0_4_alloc_table, t_0), j_0)) + and (JC_4: + ge_int(offset_max(intP_t_0_4_alloc_table, t_0), j_0))))))} + unit reads intP_intM_t_0_4 writes intP_intM_t_0_4 + { (JC_18: + ((JC_16: Swap(t_0, i_0, j_0, intP_intM_t_0_4, intP_intM_t_0_4@)) + and (JC_17: + not_assigns(intP_t_0_4_alloc_table, intP_intM_t_0_4@, + intP_intM_t_0_4, + pset_union(pset_range(pset_singleton(t_0), j_0, j_0), + pset_range(pset_singleton(t_0), i_0, i_0)))))) } + +let sel_sort_ensures_default = + fun (t : intP pointer) (n : int) (intP_intM_t_5 : (intP, int) memory ref) (intP_t_5_alloc_table : intP alloc_table) -> + { (JC_31: + ((JC_29: le_int(offset_min(intP_t_5_alloc_table, t), (0))) + and (JC_30: ge_int(offset_max(intP_t_5_alloc_table, t), sub_int(n, (1)))))) } + (init: + try + begin + (let i_0_1 = ref (any_int void) in + (let j_0_1 = ref (any_int void) in + (let mi = ref (any_int void) in + (let mv = ref (any_int void) in + try + begin + try + (C_20: + begin + (if ((le_int_ n) (0)) then (raise (Return_label_exc void)) + else void); (let jessie_ = (i_0_1 := (0)) in void); + (loop_3: + while true do + { invariant + (JC_63: + ((JC_61: le_int((0), i_0_1)) and (JC_62: lt_int(i_0_1, n)))) + } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_57: + begin + (if ((lt_int_ !i_0_1) (C_29: ((sub_int n) (1)))) then void + else (raise (Goto_while_0_break_exc void))); + try + (C_32: + (C_33: + (C_35: + begin + (let jessie_ = + (mv := (C_31: + ((safe_acc_ !intP_intM_t_5) (C_30: + ((shift t) !i_0_1))))) in + void); (let jessie_ = (mi := !i_0_1) in void); + (let jessie_ = + (j_0_1 := (C_34: ((add_int !i_0_1) (1)))) in void); + (loop_4: + while true do + { invariant + (JC_70: + ((JC_67: lt_int(i_0_1, j_0_1)) + and ((JC_68: le_int(i_0_1, mi)) + and (JC_69: lt_int(mi, n))))) } + begin + [ { } unit { true } ]; + try + begin + (let jessie_ = + (C_53: + begin + (if ((lt_int_ !j_0_1) n) then void + else (raise (Goto_while_1_break_exc void))); + (if ((lt_int_ (C_51: + ((safe_acc_ !intP_intM_t_5) (C_50: + ((shift t) !j_0_1))))) !mv) + then + (let jessie_ = + (C_46: + (C_49: + begin + (let jessie_ = (mi := !j_0_1) in void); + (mv := (C_48: + ((safe_acc_ !intP_intM_t_5) (C_47: + ((shift t) !j_0_1))))); + !mv end)) in void) else void); + (j_0_1 := (C_52: ((add_int !j_0_1) (1)))); !j_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_1_break_exc void)) end))) with + Goto_while_1_break_exc jessie_ -> + (while_1_break: + (L: + begin + void; + (C_54: + (let jessie_ = t in + (let jessie_ = !i_0_1 in + (let jessie_ = !mi in + (JC_74: + (((((swap jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + (assert + { (JC_75: + Permut(t, (0), sub_int(n, (1)), intP_intM_t_5, + intP_intM_t_5@L)) }; void); void end)) end; + (i_0_1 := (C_56: ((add_int !i_0_1) (1)))); !i_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: (raise Return)) end)))); (raise Return) end with + Return -> void end) { (JC_33: true) } + +let sel_sort_ensures_permutation = + fun (t : intP pointer) (n : int) (intP_intM_t_5 : (intP, int) memory ref) (intP_t_5_alloc_table : intP alloc_table) -> + { (JC_31: + ((JC_29: le_int(offset_min(intP_t_5_alloc_table, t), (0))) + and (JC_30: ge_int(offset_max(intP_t_5_alloc_table, t), sub_int(n, (1)))))) } + (init: + try + begin + (let i_0_1 = ref (any_int void) in + (let j_0_1 = ref (any_int void) in + (let mi = ref (any_int void) in + (let mv = ref (any_int void) in + try + begin + try + (C_20: + begin + (if ((le_int_ n) (0)) then (raise (Return_label_exc void)) + else void); (let jessie_ = (i_0_1 := (0)) in void); + (loop_7: + while true do + { invariant + (JC_97: + Permut(t, (0), sub_int(n, (1)), intP_intM_t_5, + intP_intM_t_5@init)) } + begin + [ { } unit reads i_0_1 + { (JC_100: + ((JC_98: le_int((0), i_0_1)) and (JC_99: lt_int(i_0_1, n)))) } ]; + try + begin + (let jessie_ = + (C_57: + begin + (if ((lt_int_ !i_0_1) (C_29: ((sub_int n) (1)))) then void + else (raise (Goto_while_0_break_exc void))); + try + (C_32: + (C_33: + (C_35: + begin + (let jessie_ = + (mv := (C_31: + ((safe_acc_ !intP_intM_t_5) (C_30: + ((shift t) !i_0_1))))) in + void); (let jessie_ = (mi := !i_0_1) in void); + (let jessie_ = + (j_0_1 := (C_34: ((add_int !i_0_1) (1)))) in void); + (loop_8: + while true do + { invariant + (JC_104: + Permut(t, (0), sub_int(n, (1)), intP_intM_t_5, + intP_intM_t_5@init)) } + begin + [ { } unit reads i_0_1,j_0_1,mi + { (JC_108: + ((JC_105: lt_int(i_0_1, j_0_1)) + and ((JC_106: le_int(i_0_1, mi)) + and (JC_107: lt_int(mi, n))))) } ]; + try + begin + (let jessie_ = + (C_53: + begin + (if ((lt_int_ !j_0_1) n) then void + else (raise (Goto_while_1_break_exc void))); + (if ((lt_int_ (C_51: + ((safe_acc_ !intP_intM_t_5) (C_50: + ((shift t) !j_0_1))))) !mv) + then + (let jessie_ = + (C_46: + (C_49: + begin + (let jessie_ = (mi := !j_0_1) in void); + (mv := (C_48: + ((safe_acc_ !intP_intM_t_5) (C_47: + ((shift t) !j_0_1))))); + !mv end)) in void) else void); + (j_0_1 := (C_52: ((add_int !j_0_1) (1)))); !j_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_1_break_exc void)) end))) with + Goto_while_1_break_exc jessie_ -> + (while_1_break: + (L: + begin + void; + (C_54: + (let jessie_ = t in + (let jessie_ = !i_0_1 in + (let jessie_ = !mi in + (JC_112: + (((((swap jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + [ { } unit reads intP_intM_t_5 + { (JC_113: + Permut(t, (0), sub_int(n, (1)), intP_intM_t_5, + intP_intM_t_5@L)) } ]; void end)) end; + (i_0_1 := (C_56: ((add_int !i_0_1) (1)))); !i_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: (raise Return)) end)))); (raise Return) end with + Return -> void end) + { (JC_39: Permut(t, (0), sub_int(n, (1)), intP_intM_t_5, intP_intM_t_5@)) } + +let sel_sort_ensures_sorted = + fun (t : intP pointer) (n : int) (intP_intM_t_5 : (intP, int) memory ref) (intP_t_5_alloc_table : intP alloc_table) -> + { (JC_31: + ((JC_29: le_int(offset_min(intP_t_5_alloc_table, t), (0))) + and (JC_30: ge_int(offset_max(intP_t_5_alloc_table, t), sub_int(n, (1)))))) } + (init: + try + begin + (let i_0_1 = ref (any_int void) in + (let j_0_1 = ref (any_int void) in + (let mi = ref (any_int void) in + (let mv = ref (any_int void) in + try + begin + try + (C_20: + begin + (if ((le_int_ n) (0)) then (raise (Return_label_exc void)) + else void); (let jessie_ = (i_0_1 := (0)) in void); + (loop_5: + while true do + { invariant + (JC_78: + ((JC_76: Sorted(t, (0), i_0_1, intP_intM_t_5)) + and (JC_77: + (forall k1:int. + (forall k2:int. + ((le_int((0), k1) + and (lt_int(k1, i_0_1) + and (le_int(i_0_1, k2) and lt_int(k2, n)))) -> + le_int(select(intP_intM_t_5, shift(t, k1)), + select(intP_intM_t_5, shift(t, k2))))))))) } + begin + [ { } unit reads i_0_1 + { (JC_81: + ((JC_79: le_int((0), i_0_1)) and (JC_80: lt_int(i_0_1, n)))) } ]; + try + begin + (let jessie_ = + (C_57: + begin + (if ((lt_int_ !i_0_1) (C_29: ((sub_int n) (1)))) then void + else (raise (Goto_while_0_break_exc void))); + try + (C_32: + (C_33: + (C_35: + begin + (let jessie_ = + (mv := (C_31: + ((safe_acc_ !intP_intM_t_5) (C_30: + ((shift t) !i_0_1))))) in + void); (let jessie_ = (mi := !i_0_1) in void); + (let jessie_ = + (j_0_1 := (C_34: ((add_int !i_0_1) (1)))) in void); + (loop_6: + while true do + { invariant + (JC_87: + ((JC_85: (mv = select(intP_intM_t_5, shift(t, mi)))) + and (JC_86: + (forall k_0:int. + ((le_int(i_0_1, k_0) and lt_int(k_0, j_0_1)) -> + ge_int(select(intP_intM_t_5, shift(t, k_0)), mv)))))) + } + begin + [ { } unit reads i_0_1,j_0_1,mi + { (JC_91: + ((JC_88: lt_int(i_0_1, j_0_1)) + and ((JC_89: le_int(i_0_1, mi)) + and (JC_90: lt_int(mi, n))))) } ]; + try + begin + (let jessie_ = + (C_53: + begin + (if ((lt_int_ !j_0_1) n) then void + else (raise (Goto_while_1_break_exc void))); + (if ((lt_int_ (C_51: + ((safe_acc_ !intP_intM_t_5) (C_50: + ((shift t) !j_0_1))))) !mv) + then + (let jessie_ = + (C_46: + (C_49: + begin + (let jessie_ = (mi := !j_0_1) in void); + (mv := (C_48: + ((safe_acc_ !intP_intM_t_5) (C_47: + ((shift t) !j_0_1))))); + !mv end)) in void) else void); + (j_0_1 := (C_52: ((add_int !j_0_1) (1)))); !j_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_1_break_exc void)) end))) with + Goto_while_1_break_exc jessie_ -> + (while_1_break: + (L: + begin + void; + (C_54: + (let jessie_ = t in + (let jessie_ = !i_0_1 in + (let jessie_ = !mi in + (JC_95: + (((((swap jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + [ { } unit reads intP_intM_t_5 + { (JC_96: + Permut(t, (0), sub_int(n, (1)), intP_intM_t_5, + intP_intM_t_5@L)) } ]; void end)) end; + (i_0_1 := (C_56: ((add_int !i_0_1) (1)))); !i_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: (raise Return)) end)))); (raise Return) end with + Return -> void end) { (JC_37: Sorted(t, (0), n, intP_intM_t_5)) } + +let sel_sort_safety = + fun (t : intP pointer) (n : int) (intP_intM_t_5 : (intP, int) memory ref) (intP_t_5_alloc_table : intP alloc_table) -> + { (JC_31: + ((JC_29: le_int(offset_min(intP_t_5_alloc_table, t), (0))) + and (JC_30: ge_int(offset_max(intP_t_5_alloc_table, t), sub_int(n, (1)))))) } + (init: + try + begin + (let i_0_1 = ref (any_int void) in + (let j_0_1 = ref (any_int void) in + (let mi = ref (any_int void) in + (let mv = ref (any_int void) in + try + begin + try + (C_20: + begin + (if ((le_int_ n) (0)) then (raise (Return_label_exc void)) + else void); (let jessie_ = (i_0_1 := (0)) in void); + (loop_1: + while true do + { invariant (JC_45: true) variant (JC_60 : sub_int(n, i_0_1)) } + begin + [ { } unit reads i_0_1 + { (JC_43: + ((JC_41: le_int((0), i_0_1)) and (JC_42: lt_int(i_0_1, n)))) } ]; + try + begin + (let jessie_ = + (C_57: + begin + (if ((lt_int_ !i_0_1) (C_29: ((sub_int n) (1)))) then void + else (raise (Goto_while_0_break_exc void))); + try + (C_32: + (C_33: + (C_35: + begin + (let jessie_ = + (mv := (C_31: + (JC_47: + ((((offset_acc_ intP_t_5_alloc_table) !intP_intM_t_5) t) !i_0_1)))) in + void); (let jessie_ = (mi := !i_0_1) in void); + (let jessie_ = + (j_0_1 := (C_34: ((add_int !i_0_1) (1)))) in void); + (loop_2: + while true do + { invariant (JC_53: true) + variant (JC_57 : sub_int(n, j_0_1)) } + begin + [ { } unit reads i_0_1,j_0_1,mi + { (JC_51: + ((JC_48: lt_int(i_0_1, j_0_1)) + and ((JC_49: le_int(i_0_1, mi)) + and (JC_50: lt_int(mi, n))))) } ]; + try + begin + (let jessie_ = + (C_53: + begin + (if ((lt_int_ !j_0_1) n) then void + else (raise (Goto_while_1_break_exc void))); + (if ((lt_int_ (C_51: + (JC_55: + ((((offset_acc_ intP_t_5_alloc_table) !intP_intM_t_5) t) !j_0_1)))) !mv) + then + (let jessie_ = + (C_46: + (C_49: + begin + (let jessie_ = (mi := !j_0_1) in void); + (mv := (C_48: + (JC_56: + ((((offset_acc_ intP_t_5_alloc_table) !intP_intM_t_5) t) !j_0_1)))); + !mv end)) in void) else void); + (j_0_1 := (C_52: ((add_int !j_0_1) (1)))); !j_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_1_break_exc void)) end))) with + Goto_while_1_break_exc jessie_ -> + (while_1_break: + (L: + begin + void; + (C_54: + (let jessie_ = t in + (let jessie_ = !i_0_1 in + (let jessie_ = !mi in + (JC_58: + (((((swap_requires jessie_) jessie_) jessie_) intP_intM_t_5) intP_t_5_alloc_table)))))); + [ { } unit reads intP_intM_t_5 + { (JC_59: + Permut(t, (0), sub_int(n, (1)), intP_intM_t_5, + intP_intM_t_5@L)) } ]; void end)) end; + (i_0_1 := (C_56: ((add_int !i_0_1) (1)))); !i_0_1 end) in + void); (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done); + (raise (Goto_while_0_break_exc void)) end) with + Goto_while_0_break_exc jessie_ -> (while_0_break: void) end; + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> + (return_label: (raise Return)) end)))); (raise Return) end with + Return -> void end) { true } + +let swap_ensures_default = + fun (t_0 : intP pointer) (i_0 : int) (j_0 : int) (intP_intM_t_0_4 : (intP, int) memory ref) (intP_t_0_4_alloc_table : intP alloc_table) -> + { (JC_11: + ((JC_7: le_int(offset_min(intP_t_0_4_alloc_table, t_0), i_0)) + and ((JC_8: ge_int(offset_max(intP_t_0_4_alloc_table, t_0), i_0)) + and ((JC_9: le_int(offset_min(intP_t_0_4_alloc_table, t_0), j_0)) + and (JC_10: ge_int(offset_max(intP_t_0_4_alloc_table, t_0), j_0)))))) } + (init: + try + begin + (let tmp = ref (any_int void) in + (C_3: + (C_8: + (C_11: + begin + (let jessie_ = + (tmp := (C_2: ((safe_acc_ !intP_intM_t_0_4) (C_1: ((shift t_0) i_0))))) in + void); + (let jessie_ = + (let jessie_ = + (C_5: ((safe_acc_ !intP_intM_t_0_4) (C_4: ((shift t_0) j_0)))) in + (let jessie_ = t_0 in + (let jessie_ = i_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (((safe_upd_ intP_intM_t_0_4) jessie_) jessie_))))) in void); + (let jessie_ = + (let jessie_ = !tmp in + (let jessie_ = t_0 in + (let jessie_ = j_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (((safe_upd_ intP_intM_t_0_4) jessie_) jessie_))))) in void); + (raise Return) end)))); (raise Return) end with Return -> void end) + { (JC_15: + ((JC_13: Swap(t_0, i_0, j_0, intP_intM_t_0_4, intP_intM_t_0_4@)) + and (JC_14: + not_assigns(intP_t_0_4_alloc_table, intP_intM_t_0_4@, + intP_intM_t_0_4, + pset_union(pset_range(pset_singleton(t_0), j_0, j_0), + pset_range(pset_singleton(t_0), i_0, i_0)))))) } + +let swap_safety = + fun (t_0 : intP pointer) (i_0 : int) (j_0 : int) (intP_intM_t_0_4 : (intP, int) memory ref) (intP_t_0_4_alloc_table : intP alloc_table) -> + { (JC_11: + ((JC_7: le_int(offset_min(intP_t_0_4_alloc_table, t_0), i_0)) + and ((JC_8: ge_int(offset_max(intP_t_0_4_alloc_table, t_0), i_0)) + and ((JC_9: le_int(offset_min(intP_t_0_4_alloc_table, t_0), j_0)) + and (JC_10: ge_int(offset_max(intP_t_0_4_alloc_table, t_0), j_0)))))) } + (init: + try + begin + (let tmp = ref (any_int void) in + (C_3: + (C_8: + (C_11: + begin + (let jessie_ = + (tmp := (C_2: + (JC_21: + ((((offset_acc_ intP_t_0_4_alloc_table) !intP_intM_t_0_4) t_0) i_0)))) in + void); + (let jessie_ = + (let jessie_ = + (C_5: + (JC_22: + ((((offset_acc_ intP_t_0_4_alloc_table) !intP_intM_t_0_4) t_0) j_0))) in + (let jessie_ = t_0 in + (let jessie_ = i_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (JC_23: + (((((offset_upd_ intP_t_0_4_alloc_table) intP_intM_t_0_4) jessie_) jessie_) jessie_)))))) in + void); + (let jessie_ = + (let jessie_ = !tmp in + (let jessie_ = t_0 in + (let jessie_ = j_0 in + (let jessie_ = ((shift jessie_) jessie_) in + (JC_24: + (((((offset_upd_ intP_t_0_4_alloc_table) intP_intM_t_0_4) jessie_) jessie_) jessie_)))))) in + void); (raise Return) end)))); (raise Return) end with Return -> + void end) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/selection_sort.why +========== file tests/c/selection_sort.jessie/why/selection_sort_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type charP + +type intP + +type padding + +type voidP + +predicate Swap(a: intP pointer, i: int, j: int, intP_intM_a_1_at_L2: (intP, + int) memory, intP_intM_a_1_at_L1: (intP, int) memory) = + ((select(intP_intM_a_1_at_L1, shift(a, i)) = select(intP_intM_a_1_at_L2, + shift(a, j))) and + ((select(intP_intM_a_1_at_L1, shift(a, j)) = select(intP_intM_a_1_at_L2, + shift(a, i))) and + (forall k:int. + (((k <> i) and (k <> j)) -> (select(intP_intM_a_1_at_L1, shift(a, + k)) = select(intP_intM_a_1_at_L2, shift(a, k))))))) + +logic Permut : intP pointer, int, int, (intP, int) memory, (intP, +int) memory -> prop + +axiom Permut_inversion: + (forall aux_1:intP pointer. + (forall aux_2:int. + (forall aux_3:int. + (forall aux_4:(intP, int) memory. + (forall aux_5:(intP, int) memory [Permut(aux_1, aux_2, aux_3, + aux_4, aux_5)]. + (Permut(aux_1, aux_2, aux_3, aux_4, aux_5) -> + ((exists intP_intM_a_0_2_at_L:(intP, int) memory. + (exists a_1:intP pointer. + (exists l_0:int. + (exists h_0:int. + ((aux_1 = a_1) and + ((aux_2 = l_0) and + ((aux_3 = h_0) and + ((aux_4 = intP_intM_a_0_2_at_L) and + (aux_5 = intP_intM_a_0_2_at_L))))))))) or + ((exists intP_intM_a_0_2_at_L2:(intP, int) memory. + (exists intP_intM_a_0_2_at_L1:(intP, int) memory. + (exists a_2:intP pointer. + (exists l_1:int. + (exists h_1:int. + (Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) and + ((aux_1 = a_2) and + ((aux_2 = l_1) and + ((aux_3 = h_1) and + ((aux_4 = intP_intM_a_0_2_at_L1) and + (aux_5 = intP_intM_a_0_2_at_L2))))))))))) or + ((exists intP_intM_a_0_2_at_L3:(intP, int) memory. + (exists intP_intM_a_0_2_at_L2:(intP, int) memory. + (exists intP_intM_a_0_2_at_L1:(intP, int) memory. + (exists a_3:intP pointer. + (exists l_2:int. + (exists h_2:int. + ((Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) and Permut(a_3, l_2, + h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L2)) and + ((aux_1 = a_3) and + ((aux_2 = l_2) and + ((aux_3 = h_2) and + ((aux_4 = intP_intM_a_0_2_at_L3) and + (aux_5 = intP_intM_a_0_2_at_L1)))))))))))) or + (exists intP_intM_a_0_2_at_L2:(intP, int) memory. + (exists intP_intM_a_0_2_at_L1:(intP, int) memory. + (exists a_4:intP pointer. + (exists l_3:int. + (exists h_3:int. + (exists i_0_0:int. + (exists j_0_0:int. + (((l_3 <= i_0_0) and + ((i_0_0 <= h_3) and + ((l_3 <= j_0_0) and + ((j_0_0 <= h_3) and Swap(a_4, i_0_0, j_0_0, + intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))) and + ((aux_1 = a_4) and + ((aux_2 = l_3) and + ((aux_3 = h_3) and + ((aux_4 = intP_intM_a_0_2_at_L2) and + (aux_5 = intP_intM_a_0_2_at_L1)))))))))))))))))))))) + +axiom Permut_refl: + (forall intP_intM_a_0_2_at_L:(intP, int) memory. + (forall a_1:intP pointer. + (forall l_0:int. + (forall h_0:int. Permut(a_1, l_0, h_0, intP_intM_a_0_2_at_L, + intP_intM_a_0_2_at_L))))) + +axiom Permut_sym: + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_2:intP pointer. + (forall l_1:int. + (forall h_1:int. + (Permut(a_2, l_1, h_1, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) -> Permut(a_2, l_1, h_1, + intP_intM_a_0_2_at_L1, intP_intM_a_0_2_at_L2))))))) + +axiom Permut_trans: + (forall intP_intM_a_0_2_at_L3:(intP, int) memory. + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_3:intP pointer. + (forall l_2:int. + (forall h_2:int. + ((Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1) and Permut(a_3, l_2, h_2, + intP_intM_a_0_2_at_L3, intP_intM_a_0_2_at_L2)) -> + Permut(a_3, l_2, h_2, intP_intM_a_0_2_at_L3, + intP_intM_a_0_2_at_L1)))))))) + +axiom Permut_swap: + (forall intP_intM_a_0_2_at_L2:(intP, int) memory. + (forall intP_intM_a_0_2_at_L1:(intP, int) memory. + (forall a_4:intP pointer. + (forall l_3:int. + (forall h_3:int. + (forall i_0_0:int. + (forall j_0_0:int. + (((l_3 <= i_0_0) and + ((i_0_0 <= h_3) and + ((l_3 <= j_0_0) and + ((j_0_0 <= h_3) and Swap(a_4, i_0_0, j_0_0, + intP_intM_a_0_2_at_L2, intP_intM_a_0_2_at_L1))))) -> + Permut(a_4, l_3, h_3, intP_intM_a_0_2_at_L2, + intP_intM_a_0_2_at_L1))))))))) + +predicate Sorted(a_5: intP pointer, l_4: int, h_4: int, + intP_intM_a_5_3_at_L: (intP, int) memory) = + (forall i_1:int. + (forall j_1:int. + (((l_4 <= i_1) and ((i_1 <= j_1) and (j_1 < h_4))) -> + (select(intP_intM_a_5_3_at_L, shift(a_5, + i_1)) <= select(intP_intM_a_5_3_at_L, shift(a_5, j_1)))))) + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +logic intP_tag : intP tag_id + +axiom intP_int: (int_of_tag(intP_tag) = 1) + +logic intP_of_pointer_address : unit pointer -> intP pointer + +axiom intP_of_pointer_address_of_pointer_addr: + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) + +axiom intP_parenttag_bottom: parenttag(intP_tag, bottom_tag) + +axiom intP_tags: + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. instanceof(intP_tag_table, x, + intP_tag))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_intP(p: intP pointer, a: int, + intP_alloc_table: intP alloc_table) = (offset_min(intP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +axiom pointer_addr_of_intP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_intP(p: intP pointer, b: int, + intP_alloc_table: intP alloc_table) = (offset_max(intP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal sel_sort_ensures_default_po_1: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + ("JC_63": ("JC_61": (0 <= i_0_1))) + +goal sel_sort_ensures_default_po_2: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + ("JC_63": ("JC_62": (i_0_1 < n))) + +goal sel_sort_ensures_default_po_3: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + ("JC_70": ("JC_67": (i_0_1_0 < j_0_1))) + +goal sel_sort_ensures_default_po_4: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + ("JC_70": ("JC_68": (i_0_1_0 <= mi))) + +goal sel_sort_ensures_default_po_5: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + ("JC_70": ("JC_69": (mi < n))) + +goal sel_sort_ensures_default_po_6: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_70": + (("JC_67": (i_0_1_0 < j_0_1_0)) and + (("JC_68": (i_0_1_0 <= mi0)) and ("JC_69": (mi0 < n))))) -> + (j_0_1_0 < n) -> + forall result0:int. + (result0 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + (result0 < mv0) -> + forall mi1:int. + (mi1 = j_0_1_0) -> + forall result1:int. + (result1 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + forall mv1:int. + (mv1 = result1) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + ("JC_70": ("JC_67": (i_0_1_0 < j_0_1_1))) + +goal sel_sort_ensures_default_po_7: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_70": + (("JC_67": (i_0_1_0 < j_0_1_0)) and + (("JC_68": (i_0_1_0 <= mi0)) and ("JC_69": (mi0 < n))))) -> + (j_0_1_0 < n) -> + forall result0:int. + (result0 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + (result0 < mv0) -> + forall mi1:int. + (mi1 = j_0_1_0) -> + forall result1:int. + (result1 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + forall mv1:int. + (mv1 = result1) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + ("JC_70": ("JC_68": (i_0_1_0 <= mi1))) + +goal sel_sort_ensures_default_po_8: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_70": + (("JC_67": (i_0_1_0 < j_0_1_0)) and + (("JC_68": (i_0_1_0 <= mi0)) and ("JC_69": (mi0 < n))))) -> + (j_0_1_0 < n) -> + forall result0:int. + (result0 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + (result0 < mv0) -> + forall mi1:int. + (mi1 = j_0_1_0) -> + forall result1:int. + (result1 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + forall mv1:int. + (mv1 = result1) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + ("JC_70": ("JC_69": (mi1 < n))) + +goal sel_sort_ensures_default_po_9: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_70": + (("JC_67": (i_0_1_0 < j_0_1_0)) and + (("JC_68": (i_0_1_0 <= mi0)) and ("JC_69": (mi0 < n))))) -> + (j_0_1_0 < n) -> + forall result0:int. + (result0 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + (result0 >= mv0) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + ("JC_70": ("JC_67": (i_0_1_0 < j_0_1_1))) + +goal sel_sort_ensures_default_po_10: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_70": + (("JC_67": (i_0_1_0 < j_0_1_0)) and + (("JC_68": (i_0_1_0 <= mi0)) and ("JC_69": (mi0 < n))))) -> + (j_0_1_0 < n) -> + forall result0:int. + (result0 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + (result0 >= mv0) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + ("JC_70": ("JC_68": (i_0_1_0 <= mi0))) + +goal sel_sort_ensures_default_po_11: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_70": + (("JC_67": (i_0_1_0 < j_0_1_0)) and + (("JC_68": (i_0_1_0 <= mi0)) and ("JC_69": (mi0 < n))))) -> + (j_0_1_0 < n) -> + forall result0:int. + (result0 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + (result0 >= mv0) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + ("JC_70": ("JC_69": (mi0 < n))) + +goal sel_sort_ensures_default_po_12: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_70": + (("JC_67": (i_0_1_0 < j_0_1_0)) and + (("JC_68": (i_0_1_0 <= mi0)) and ("JC_69": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, mi0, intP_intM_t_5_0, intP_intM_t_5)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_union(pset_range(pset_singleton(t), mi0, mi0), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_75": Permut(t, 0, (n - 1), intP_intM_t_5_0, intP_intM_t_5)) + +goal sel_sort_ensures_default_po_13: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_70": + (("JC_67": (i_0_1_0 < j_0_1_0)) and + (("JC_68": (i_0_1_0 <= mi0)) and ("JC_69": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, mi0, intP_intM_t_5_0, intP_intM_t_5)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_union(pset_range(pset_singleton(t), mi0, mi0), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_75": Permut(t, 0, (n - 1), intP_intM_t_5_0, intP_intM_t_5)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_63": ("JC_61": (0 <= i_0_1_1))) + +goal sel_sort_ensures_default_po_14: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_63": (("JC_61": (0 <= i_0_1_0)) and ("JC_62": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_70": + (("JC_67": (i_0_1_0 < j_0_1_0)) and + (("JC_68": (i_0_1_0 <= mi0)) and ("JC_69": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, mi0, intP_intM_t_5_0, intP_intM_t_5)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_union(pset_range(pset_singleton(t), mi0, mi0), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_75": Permut(t, 0, (n - 1), intP_intM_t_5_0, intP_intM_t_5)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_63": ("JC_62": (i_0_1_1 < n))) + +goal sel_sort_ensures_permutation_po_1: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n <= 0) -> + ("JC_39": Permut(t, 0, (n - 1), intP_intM_t_5, intP_intM_t_5)) + +goal sel_sort_ensures_permutation_po_2: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + ("JC_97": Permut(t, 0, (n - 1), intP_intM_t_5, intP_intM_t_5)) + +goal sel_sort_ensures_permutation_po_3: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_97": Permut(t, 0, (n - 1), intP_intM_t_5_0, intP_intM_t_5)) -> + ("JC_100": (("JC_98": (0 <= i_0_1_0)) and ("JC_99": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_104": Permut(t, 0, (n - 1), intP_intM_t_5_0, intP_intM_t_5)) -> + ("JC_108": + (("JC_105": (i_0_1_0 < j_0_1_0)) and + (("JC_106": (i_0_1_0 <= mi0)) and ("JC_107": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, mi0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), mi0, mi0), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_113": Permut(t, 0, (n - 1), intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_97": Permut(t, 0, (n - 1), intP_intM_t_5_1, intP_intM_t_5)) + +goal sel_sort_ensures_sorted_po_1: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n <= 0) -> + ("JC_37": Sorted(t, 0, n, intP_intM_t_5)) + +goal sel_sort_ensures_sorted_po_2: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + ("JC_78": ("JC_76": Sorted(t, 0, i_0_1, intP_intM_t_5))) + +goal sel_sort_ensures_sorted_po_3: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall k1:int. + forall k2:int. + ((0 <= k1) and ((k1 < i_0_1) and ((i_0_1 <= k2) and (k2 < n)))) -> + ("JC_78": + ("JC_77": (select(intP_intM_t_5, shift(t, k1)) <= select(intP_intM_t_5, + shift(t, k2))))) + +goal sel_sort_ensures_sorted_po_4: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_78": + (("JC_76": Sorted(t, 0, i_0_1_0, intP_intM_t_5_0)) and + ("JC_77": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> + (select(intP_intM_t_5_0, shift(t, k1)) <= select(intP_intM_t_5_0, + shift(t, k2))))))))) -> + ("JC_81": (("JC_79": (0 <= i_0_1_0)) and ("JC_80": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + ("JC_87": ("JC_85": (mv = select(intP_intM_t_5_0, shift(t, mi))))) + +goal sel_sort_ensures_sorted_po_5: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_78": + (("JC_76": Sorted(t, 0, i_0_1_0, intP_intM_t_5_0)) and + ("JC_77": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> + (select(intP_intM_t_5_0, shift(t, k1)) <= select(intP_intM_t_5_0, + shift(t, k2))))))))) -> + ("JC_81": (("JC_79": (0 <= i_0_1_0)) and ("JC_80": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall k_0:int. + ((i_0_1_0 <= k_0) and (k_0 < j_0_1)) -> + ("JC_87": ("JC_86": (select(intP_intM_t_5_0, shift(t, k_0)) >= mv))) + +goal sel_sort_ensures_sorted_po_6: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_78": + (("JC_76": Sorted(t, 0, i_0_1_0, intP_intM_t_5_0)) and + ("JC_77": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> + (select(intP_intM_t_5_0, shift(t, k1)) <= select(intP_intM_t_5_0, + shift(t, k2))))))))) -> + ("JC_81": (("JC_79": (0 <= i_0_1_0)) and ("JC_80": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_87": + (("JC_85": (mv0 = select(intP_intM_t_5_0, shift(t, mi0)))) and + ("JC_86": + (forall k_0:int. + (((i_0_1_0 <= k_0) and (k_0 < j_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, k_0)) >= mv0)))))) -> + ("JC_91": + (("JC_88": (i_0_1_0 < j_0_1_0)) and + (("JC_89": (i_0_1_0 <= mi0)) and ("JC_90": (mi0 < n))))) -> + (j_0_1_0 < n) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, j_0_1_0))) -> + (result0 < mv0) -> + forall mi1:int. + (mi1 = j_0_1_0) -> + forall result1:int. + (result1 = select(intP_intM_t_5_0, shift(t, j_0_1_0))) -> + forall mv1:int. + (mv1 = result1) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + ("JC_87": ("JC_85": (mv1 = select(intP_intM_t_5_0, shift(t, mi1))))) + +goal sel_sort_ensures_sorted_po_7: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_78": + (("JC_76": Sorted(t, 0, i_0_1_0, intP_intM_t_5_0)) and + ("JC_77": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> + (select(intP_intM_t_5_0, shift(t, k1)) <= select(intP_intM_t_5_0, + shift(t, k2))))))))) -> + ("JC_81": (("JC_79": (0 <= i_0_1_0)) and ("JC_80": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_87": + (("JC_85": (mv0 = select(intP_intM_t_5_0, shift(t, mi0)))) and + ("JC_86": + (forall k_0:int. + (((i_0_1_0 <= k_0) and (k_0 < j_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, k_0)) >= mv0)))))) -> + ("JC_91": + (("JC_88": (i_0_1_0 < j_0_1_0)) and + (("JC_89": (i_0_1_0 <= mi0)) and ("JC_90": (mi0 < n))))) -> + (j_0_1_0 < n) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, j_0_1_0))) -> + (result0 < mv0) -> + forall mi1:int. + (mi1 = j_0_1_0) -> + forall result1:int. + (result1 = select(intP_intM_t_5_0, shift(t, j_0_1_0))) -> + forall mv1:int. + (mv1 = result1) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + forall k_0:int. + ((i_0_1_0 <= k_0) and (k_0 < j_0_1_1)) -> + ("JC_87": ("JC_86": (select(intP_intM_t_5_0, shift(t, k_0)) >= mv1))) + +goal sel_sort_ensures_sorted_po_8: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_78": + (("JC_76": Sorted(t, 0, i_0_1_0, intP_intM_t_5_0)) and + ("JC_77": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> + (select(intP_intM_t_5_0, shift(t, k1)) <= select(intP_intM_t_5_0, + shift(t, k2))))))))) -> + ("JC_81": (("JC_79": (0 <= i_0_1_0)) and ("JC_80": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_87": + (("JC_85": (mv0 = select(intP_intM_t_5_0, shift(t, mi0)))) and + ("JC_86": + (forall k_0:int. + (((i_0_1_0 <= k_0) and (k_0 < j_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, k_0)) >= mv0)))))) -> + ("JC_91": + (("JC_88": (i_0_1_0 < j_0_1_0)) and + (("JC_89": (i_0_1_0 <= mi0)) and ("JC_90": (mi0 < n))))) -> + (j_0_1_0 < n) -> + forall result0:int. + (result0 = select(intP_intM_t_5_0, shift(t, j_0_1_0))) -> + (result0 >= mv0) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + forall k_0:int. + ((i_0_1_0 <= k_0) and (k_0 < j_0_1_1)) -> + ("JC_87": ("JC_86": (select(intP_intM_t_5_0, shift(t, k_0)) >= mv0))) + +goal sel_sort_ensures_sorted_po_9: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_78": + (("JC_76": Sorted(t, 0, i_0_1_0, intP_intM_t_5_0)) and + ("JC_77": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> + (select(intP_intM_t_5_0, shift(t, k1)) <= select(intP_intM_t_5_0, + shift(t, k2))))))))) -> + ("JC_81": (("JC_79": (0 <= i_0_1_0)) and ("JC_80": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_87": + (("JC_85": (mv0 = select(intP_intM_t_5_0, shift(t, mi0)))) and + ("JC_86": + (forall k_0:int. + (((i_0_1_0 <= k_0) and (k_0 < j_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, k_0)) >= mv0)))))) -> + ("JC_91": + (("JC_88": (i_0_1_0 < j_0_1_0)) and + (("JC_89": (i_0_1_0 <= mi0)) and ("JC_90": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, mi0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), mi0, mi0), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_96": Permut(t, 0, (n - 1), intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + ("JC_78": ("JC_76": Sorted(t, 0, i_0_1_1, intP_intM_t_5_1))) + +goal sel_sort_ensures_sorted_po_10: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_78": + (("JC_76": Sorted(t, 0, i_0_1_0, intP_intM_t_5_0)) and + ("JC_77": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> + (select(intP_intM_t_5_0, shift(t, k1)) <= select(intP_intM_t_5_0, + shift(t, k2))))))))) -> + ("JC_81": (("JC_79": (0 <= i_0_1_0)) and ("JC_80": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + forall result:int. + (result = select(intP_intM_t_5_0, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_87": + (("JC_85": (mv0 = select(intP_intM_t_5_0, shift(t, mi0)))) and + ("JC_86": + (forall k_0:int. + (((i_0_1_0 <= k_0) and (k_0 < j_0_1_0)) -> (select(intP_intM_t_5_0, + shift(t, k_0)) >= mv0)))))) -> + ("JC_91": + (("JC_88": (i_0_1_0 < j_0_1_0)) and + (("JC_89": (i_0_1_0 <= mi0)) and ("JC_90": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + forall intP_intM_t_5_1:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, mi0, intP_intM_t_5_1, intP_intM_t_5_0)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5_0, + intP_intM_t_5_1, pset_union(pset_range(pset_singleton(t), mi0, mi0), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_96": Permut(t, 0, (n - 1), intP_intM_t_5_1, intP_intM_t_5_0)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + forall k1:int. + forall k2:int. + ((0 <= k1) and ((k1 < i_0_1_1) and ((i_0_1_1 <= k2) and (k2 < n)))) -> + ("JC_78": + ("JC_77": (select(intP_intM_t_5_1, shift(t, k1)) <= select(intP_intM_t_5_1, + shift(t, k2))))) + +goal sel_sort_ensures_sorted_po_11: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_78": + (("JC_76": Sorted(t, 0, i_0_1_0, intP_intM_t_5_0)) and + ("JC_77": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and ((k1 < i_0_1_0) and ((i_0_1_0 <= k2) and (k2 < n)))) -> + (select(intP_intM_t_5_0, shift(t, k1)) <= select(intP_intM_t_5_0, + shift(t, k2))))))))) -> + ("JC_81": (("JC_79": (0 <= i_0_1_0)) and ("JC_80": (i_0_1_0 < n)))) -> + (i_0_1_0 >= (n - 1)) -> + ("JC_37": Sorted(t, 0, n, intP_intM_t_5_0)) + +goal sel_sort_safety_po_1: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + (offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) + +goal sel_sort_safety_po_2: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t)) + +goal sel_sort_safety_po_3: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 < n) -> + (offset_min(intP_t_5_alloc_table, t) <= j_0_1_0) + +goal sel_sort_safety_po_4: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 < n) -> + (j_0_1_0 <= offset_max(intP_t_5_alloc_table, t)) + +goal sel_sort_safety_po_5: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 < n) -> + ((offset_min(intP_t_5_alloc_table, t) <= j_0_1_0) and + (j_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + (result0 < mv0) -> + forall mi1:int. + (mi1 = j_0_1_0) -> + ((offset_min(intP_t_5_alloc_table, t) <= j_0_1_0) and + (j_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result1:int. + (result1 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + forall mv1:int. + (mv1 = result1) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + (0 <= ("JC_57": (n - j_0_1_0))) + +goal sel_sort_safety_po_6: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 < n) -> + ((offset_min(intP_t_5_alloc_table, t) <= j_0_1_0) and + (j_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + (result0 < mv0) -> + forall mi1:int. + (mi1 = j_0_1_0) -> + ((offset_min(intP_t_5_alloc_table, t) <= j_0_1_0) and + (j_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result1:int. + (result1 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + forall mv1:int. + (mv1 = result1) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + (("JC_57": (n - j_0_1_1)) < ("JC_57": (n - j_0_1_0))) + +goal sel_sort_safety_po_7: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 < n) -> + ((offset_min(intP_t_5_alloc_table, t) <= j_0_1_0) and + (j_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + (result0 >= mv0) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + (0 <= ("JC_57": (n - j_0_1_0))) + +goal sel_sort_safety_po_8: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + forall mv0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 < n) -> + ((offset_min(intP_t_5_alloc_table, t) <= j_0_1_0) and + (j_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result0:int. + (result0 = select(intP_intM_t_5, shift(t, j_0_1_0))) -> + (result0 >= mv0) -> + forall j_0_1_1:int. + (j_0_1_1 = (j_0_1_0 + 1)) -> + (("JC_57": (n - j_0_1_1)) < ("JC_57": (n - j_0_1_0))) + +goal sel_sort_safety_po_9: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + ("JC_5": ("JC_2": (offset_max(intP_t_5_alloc_table, t) >= i_0_1_0))) + +goal sel_sort_safety_po_10: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + ("JC_5": ("JC_3": (offset_min(intP_t_5_alloc_table, t) <= mi0))) + +goal sel_sort_safety_po_11: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + ("JC_5": ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= mi0))) + +goal sel_sort_safety_po_12: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + ("JC_5": + (("JC_1": (offset_min(intP_t_5_alloc_table, t) <= i_0_1_0)) and + (("JC_2": (offset_max(intP_t_5_alloc_table, t) >= i_0_1_0)) and + (("JC_3": (offset_min(intP_t_5_alloc_table, t) <= mi0)) and + ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= mi0)))))) -> + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, mi0, intP_intM_t_5_0, intP_intM_t_5)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_union(pset_range(pset_singleton(t), mi0, mi0), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_59": Permut(t, 0, (n - 1), intP_intM_t_5_0, intP_intM_t_5)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + (0 <= ("JC_60": (n - i_0_1_0))) + +goal sel_sort_safety_po_13: + forall t:intP pointer. + forall n:int. + forall intP_t_5_alloc_table:intP alloc_table. + ("JC_31": + (("JC_29": (offset_min(intP_t_5_alloc_table, t) <= 0)) and + ("JC_30": (offset_max(intP_t_5_alloc_table, t) >= (n - 1))))) -> + (n > 0) -> + forall i_0_1:int. + (i_0_1 = 0) -> + forall i_0_1_0:int. + forall intP_intM_t_5:(intP, + int) memory. + ("JC_45": true) -> + ("JC_43": (("JC_41": (0 <= i_0_1_0)) and ("JC_42": (i_0_1_0 < n)))) -> + (i_0_1_0 < (n - 1)) -> + ((offset_min(intP_t_5_alloc_table, t) <= i_0_1_0) and + (i_0_1_0 <= offset_max(intP_t_5_alloc_table, t))) -> + forall result:int. + (result = select(intP_intM_t_5, shift(t, i_0_1_0))) -> + forall mv:int. + (mv = result) -> + forall mi:int. + (mi = i_0_1_0) -> + forall j_0_1:int. + (j_0_1 = (i_0_1_0 + 1)) -> + forall j_0_1_0:int. + forall mi0:int. + ("JC_53": true) -> + ("JC_51": + (("JC_48": (i_0_1_0 < j_0_1_0)) and + (("JC_49": (i_0_1_0 <= mi0)) and ("JC_50": (mi0 < n))))) -> + (j_0_1_0 >= n) -> + ("JC_5": + (("JC_1": (offset_min(intP_t_5_alloc_table, t) <= i_0_1_0)) and + (("JC_2": (offset_max(intP_t_5_alloc_table, t) >= i_0_1_0)) and + (("JC_3": (offset_min(intP_t_5_alloc_table, t) <= mi0)) and + ("JC_4": (offset_max(intP_t_5_alloc_table, t) >= mi0)))))) -> + forall intP_intM_t_5_0:(intP, + int) memory. + ("JC_18": + (("JC_16": Swap(t, i_0_1_0, mi0, intP_intM_t_5_0, intP_intM_t_5)) and + ("JC_17": not_assigns(intP_t_5_alloc_table, intP_intM_t_5, + intP_intM_t_5_0, pset_union(pset_range(pset_singleton(t), mi0, mi0), + pset_range(pset_singleton(t), i_0_1_0, i_0_1_0)))))) -> + ("JC_59": Permut(t, 0, (n - 1), intP_intM_t_5_0, intP_intM_t_5)) -> + forall i_0_1_1:int. + (i_0_1_1 = (i_0_1_0 + 1)) -> + (("JC_60": (n - i_0_1_1)) < ("JC_60": (n - i_0_1_0))) + +goal swap_ensures_default_po_1: + forall t_0:intP pointer. + forall i_0:int. + forall j_0:int. + forall intP_t_0_4_alloc_table:intP alloc_table. + forall intP_intM_t_0_4:(intP, + int) memory. + ("JC_11": + (("JC_7": (offset_min(intP_t_0_4_alloc_table, t_0) <= i_0)) and + (("JC_8": (offset_max(intP_t_0_4_alloc_table, t_0) >= i_0)) and + (("JC_9": (offset_min(intP_t_0_4_alloc_table, t_0) <= j_0)) and + ("JC_10": (offset_max(intP_t_0_4_alloc_table, t_0) >= j_0)))))) -> + forall result:int. + (result = select(intP_intM_t_0_4, shift(t_0, i_0))) -> + forall tmp:int. + (tmp = result) -> + forall result0:int. + (result0 = select(intP_intM_t_0_4, shift(t_0, j_0))) -> + forall intP_intM_t_0_4_0:(intP, + int) memory. + (intP_intM_t_0_4_0 = store(intP_intM_t_0_4, shift(t_0, i_0), result0)) -> + forall intP_intM_t_0_4_1:(intP, + int) memory. + (intP_intM_t_0_4_1 = store(intP_intM_t_0_4_0, shift(t_0, j_0), tmp)) -> + ("JC_15": + ("JC_13": Swap(t_0, i_0, j_0, intP_intM_t_0_4_1, intP_intM_t_0_4))) + +goal swap_ensures_default_po_2: + forall t_0:intP pointer. + forall i_0:int. + forall j_0:int. + forall intP_t_0_4_alloc_table:intP alloc_table. + forall intP_intM_t_0_4:(intP, + int) memory. + ("JC_11": + (("JC_7": (offset_min(intP_t_0_4_alloc_table, t_0) <= i_0)) and + (("JC_8": (offset_max(intP_t_0_4_alloc_table, t_0) >= i_0)) and + (("JC_9": (offset_min(intP_t_0_4_alloc_table, t_0) <= j_0)) and + ("JC_10": (offset_max(intP_t_0_4_alloc_table, t_0) >= j_0)))))) -> + forall result:int. + (result = select(intP_intM_t_0_4, shift(t_0, i_0))) -> + forall tmp:int. + (tmp = result) -> + forall result0:int. + (result0 = select(intP_intM_t_0_4, shift(t_0, j_0))) -> + forall intP_intM_t_0_4_0:(intP, + int) memory. + (intP_intM_t_0_4_0 = store(intP_intM_t_0_4, shift(t_0, i_0), result0)) -> + forall intP_intM_t_0_4_1:(intP, + int) memory. + (intP_intM_t_0_4_1 = store(intP_intM_t_0_4_0, shift(t_0, j_0), tmp)) -> + ("JC_15": + ("JC_14": not_assigns(intP_t_0_4_alloc_table, intP_intM_t_0_4, + intP_intM_t_0_4_1, pset_union(pset_range(pset_singleton(t_0), j_0, j_0), + pset_range(pset_singleton(t_0), i_0, i_0))))) + +goal swap_safety_po_1: + forall t_0:intP pointer. + forall i_0:int. + forall j_0:int. + forall intP_t_0_4_alloc_table:intP alloc_table. + ("JC_11": + (("JC_7": (offset_min(intP_t_0_4_alloc_table, t_0) <= i_0)) and + (("JC_8": (offset_max(intP_t_0_4_alloc_table, t_0) >= i_0)) and + (("JC_9": (offset_min(intP_t_0_4_alloc_table, t_0) <= j_0)) and + ("JC_10": (offset_max(intP_t_0_4_alloc_table, t_0) >= j_0)))))) -> + (i_0 <= offset_max(intP_t_0_4_alloc_table, t_0)) + +goal swap_safety_po_2: + forall t_0:intP pointer. + forall i_0:int. + forall j_0:int. + forall intP_t_0_4_alloc_table:intP alloc_table. + forall intP_intM_t_0_4:(intP, + int) memory. + ("JC_11": + (("JC_7": (offset_min(intP_t_0_4_alloc_table, t_0) <= i_0)) and + (("JC_8": (offset_max(intP_t_0_4_alloc_table, t_0) >= i_0)) and + (("JC_9": (offset_min(intP_t_0_4_alloc_table, t_0) <= j_0)) and + ("JC_10": (offset_max(intP_t_0_4_alloc_table, t_0) >= j_0)))))) -> + ((offset_min(intP_t_0_4_alloc_table, t_0) <= i_0) and + (i_0 <= offset_max(intP_t_0_4_alloc_table, t_0))) -> + forall result:int. + (result = select(intP_intM_t_0_4, shift(t_0, i_0))) -> + forall tmp:int. + (tmp = result) -> + (offset_min(intP_t_0_4_alloc_table, t_0) <= j_0) + +goal swap_safety_po_3: + forall t_0:intP pointer. + forall i_0:int. + forall j_0:int. + forall intP_t_0_4_alloc_table:intP alloc_table. + forall intP_intM_t_0_4:(intP, + int) memory. + ("JC_11": + (("JC_7": (offset_min(intP_t_0_4_alloc_table, t_0) <= i_0)) and + (("JC_8": (offset_max(intP_t_0_4_alloc_table, t_0) >= i_0)) and + (("JC_9": (offset_min(intP_t_0_4_alloc_table, t_0) <= j_0)) and + ("JC_10": (offset_max(intP_t_0_4_alloc_table, t_0) >= j_0)))))) -> + ((offset_min(intP_t_0_4_alloc_table, t_0) <= i_0) and + (i_0 <= offset_max(intP_t_0_4_alloc_table, t_0))) -> + forall result:int. + (result = select(intP_intM_t_0_4, shift(t_0, i_0))) -> + forall tmp:int. + (tmp = result) -> + (j_0 <= offset_max(intP_t_0_4_alloc_table, t_0)) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/selection_sort_why.why : ..........................................#... (45/0/0/1/0) +total : 46 +valid : 45 ( 98%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 1 ( 2%) +failure : 0 ( 0%) +// RUNSIMPLIFY: will ask regtests to run Simplify on this program +========== generation of Simplify VC output ========== +why -simplify [...] why/selection_sort.why +========== file tests/c/selection_sort.jessie/simplify/selection_sort_why.sx ========== + +;; DO NOT EDIT BELOW THIS LINE + +(BG_PUSH (NEQ |@true| |@false|)) + +(DEFPRED (zwf_zero a b) (AND (<= 0 b) (< a b))) + +(BG_PUSH + ;; Why axiom bool_and_def + (FORALL (a b) + (IFF (EQ (bool_and a b) |@true|) (AND (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_or_def + (FORALL (a b) + (IFF (EQ (bool_or a b) |@true|) (OR (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_xor_def + (FORALL (a b) (IFF (EQ (bool_xor a b) |@true|) (NEQ a b)))) + +(BG_PUSH + ;; Why axiom bool_not_def + (FORALL (a) (IFF (EQ (bool_not a) |@true|) (EQ a |@false|)))) + +(BG_PUSH + ;; Why axiom ite_true + (FORALL (x y) (EQ (ite |@true| x y) x))) + +(BG_PUSH + ;; Why axiom ite_false + (FORALL (x y) (EQ (ite |@false| x y) y))) + +(BG_PUSH + ;; Why axiom lt_int_bool_axiom + (FORALL (x y) (IFF (EQ (lt_int_bool x y) |@true|) (< x y)))) + +(BG_PUSH + ;; Why axiom le_int_bool_axiom + (FORALL (x y) (IFF (EQ (le_int_bool x y) |@true|) (<= x y)))) + +(BG_PUSH + ;; Why axiom gt_int_bool_axiom + (FORALL (x y) (IFF (EQ (gt_int_bool x y) |@true|) (> x y)))) + +(BG_PUSH + ;; Why axiom ge_int_bool_axiom + (FORALL (x y) (IFF (EQ (ge_int_bool x y) |@true|) (>= x y)))) + +(BG_PUSH + ;; Why axiom eq_int_bool_axiom + (FORALL (x y) (IFF (EQ (eq_int_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_int_bool_axiom + (FORALL (x y) (IFF (EQ (neq_int_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom abs_int_pos + (FORALL (x) (IMPLIES (>= x 0) (EQ (abs_int x) x)))) + +(BG_PUSH + ;; Why axiom abs_int_neg + (FORALL (x) (IMPLIES (<= x 0) (EQ (abs_int x) (- 0 x))))) + +(BG_PUSH + ;; Why axiom int_max_is_ge + (FORALL (x y) (AND (>= (int_max x y) x) (>= (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_max_is_some + (FORALL (x y) (OR (EQ (int_max x y) x) (EQ (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_le + (FORALL (x y) (AND (<= (int_min x y) x) (<= (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_some + (FORALL (x y) (OR (EQ (int_min x y) x) (EQ (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom real_of_int_zero + (EQ (real_of_int 0) real_constant_0_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_one + (EQ (real_of_int 1) real_constant_1_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_add + (FORALL (x y) + (EQ (real_of_int (+ x y)) (real_add (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom real_of_int_sub + (FORALL (x y) + (EQ (real_of_int (- x y)) (real_sub (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom truncate_down_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (AND (EQ (le_real (real_of_int (truncate_real_to_int x)) x) |@true|) + (EQ (lt_real x (real_of_int (+ (truncate_real_to_int x) 1))) |@true|))))) + +(BG_PUSH + ;; Why axiom truncate_up_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (AND (EQ (lt_real (real_of_int (- (truncate_real_to_int x) 1)) x) |@true|) + (EQ (le_real x (real_of_int (truncate_real_to_int x))) |@true|))))) + +(BG_PUSH + ;; Why axiom lt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (lt_real_bool x y) |@true|) (EQ (lt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom le_real_bool_axiom + (FORALL (x y) + (IFF (EQ (le_real_bool x y) |@true|) (EQ (le_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom gt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (gt_real_bool x y) |@true|) (EQ (gt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom ge_real_bool_axiom + (FORALL (x y) + (IFF (EQ (ge_real_bool x y) |@true|) (EQ (ge_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom eq_real_bool_axiom + (FORALL (x y) (IFF (EQ (eq_real_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_real_bool_axiom + (FORALL (x y) (IFF (EQ (neq_real_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom real_max_is_ge + (FORALL (x y) + (AND (EQ (ge_real (real_max x y) x) |@true|) + (EQ (ge_real (real_max x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_max_is_some + (FORALL (x y) (OR (EQ (real_max x y) x) (EQ (real_max x y) y)))) + +(BG_PUSH + ;; Why axiom real_min_is_le + (FORALL (x y) + (AND (EQ (le_real (real_min x y) x) |@true|) + (EQ (le_real (real_min x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_min_is_some + (FORALL (x y) (OR (EQ (real_min x y) x) (EQ (real_min x y) y)))) + +(BG_PUSH + ;; Why axiom sqr_real_def + (FORALL (x) (EQ (sqr_real x) (real_mul x x)))) + +(BG_PUSH + ;; Why axiom sqrt_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (ge_real (real_sqrt x) real_constant_0_0e) |@true|)))) + +(BG_PUSH + ;; Why axiom sqrt_sqr + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (sqr_real (real_sqrt x)) x)))) + +(BG_PUSH + ;; Why axiom sqr_sqrt + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (real_sqrt (real_mul x x)) x)))) + +(BG_PUSH + ;; Why axiom abs_real_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) (EQ (real_abs x) x)))) + +(BG_PUSH + ;; Why axiom abs_real_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (EQ (real_abs x) (real_neg x))))) + +(BG_PUSH + ;; Why axiom log_exp + (FORALL (x) (EQ (log (exp x)) x))) + +(BG_PUSH + ;; Why axiom exp_log + (FORALL (x) + (IMPLIES (EQ (gt_real x real_constant_0_0e) |@true|) (EQ (exp (log x)) x)))) + +(BG_PUSH + ;; Why axiom prod_pos + (FORALL (x y) + (AND + (IMPLIES + (AND (EQ (gt_real x real_constant_0_0e) |@true|) + (EQ (gt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|)) + (IMPLIES + (AND (EQ (lt_real x real_constant_0_0e) |@true|) + (EQ (lt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|))))) + +(BG_PUSH + ;; Why axiom abs_minus + (FORALL (x) (EQ (real_abs (real_neg x)) (real_abs x)))) + +(BG_PUSH + ;; Why axiom math_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (math_div x y)) (math_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (math_div x y)) (math_mod x y))))))) + +(BG_PUSH + ;; Why axiom math_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) + (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))))) + +(BG_PUSH + ;; Why axiom computer_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))))) + +(BG_PUSH + ;; Why axiom computer_div_bound + (FORALL (x y) + (IMPLIES (AND (>= x 0) (> y 0)) + (AND (<= 0 (computer_div x y)) (<= (computer_div x y) x))))) + +(BG_PUSH + ;; Why axiom computer_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) (< (abs_int (computer_mod x y)) (abs_int y)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (< (abs_int (computer_mod x y)) (abs_int y)))))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_pos + (FORALL (x y) (IMPLIES (AND (>= x 0) (NEQ y 0)) (>= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_neg + (FORALL (x y) (IMPLIES (AND (<= x 0) (NEQ y 0)) (<= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_rounds_toward_zero + (FORALL (x y) + (IMPLIES (NEQ y 0) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))))) + +(DEFPRED (valid a p) (AND (<= (offset_min a p) 0) (>= (offset_max a p) 0))) + +(DEFPRED (same_block p q) (EQ (base_block p) (base_block q))) + +(BG_PUSH + ;; Why axiom address_injective + (FORALL (p q) (IFF (EQ p q) (EQ (address p) (address q))))) + +(BG_PUSH + ;; Why axiom address_null + (EQ (address null) 0)) + +(BG_PUSH + ;; Why axiom address_shift_lt + (FORALL (p i j) + (IFF (< (address (shift p i)) (address (shift p j))) (< i j)))) + +(BG_PUSH + ;; Why axiom address_shift_le + (FORALL (p i j) + (IFF (<= (address (shift p i)) (address (shift p j))) (<= i j)))) + +(BG_PUSH + ;; Why axiom shift_zero + (FORALL (p) (EQ (shift p 0) p))) + +(BG_PUSH + ;; Why axiom shift_shift + (FORALL (p i j) (EQ (shift (shift p i) j) (shift p (+ i j))))) + +(BG_PUSH + ;; Why axiom offset_max_shift + (FORALL (a p i) (EQ (offset_max a (shift p i)) (- (offset_max a p) i)))) + +(BG_PUSH + ;; Why axiom offset_min_shift + (FORALL (a p i) (EQ (offset_min a (shift p i)) (- (offset_min a p) i)))) + +(BG_PUSH + ;; Why axiom neq_shift + (FORALL (p i j) (IMPLIES (NEQ i j) (NEQ (shift p i) (shift p j)))) + + (FORALL (i j) + (IMPLIES (NEQ i j) (FORALL (p) (NEQ (shift p i) (shift p j)))))) + +(BG_PUSH + ;; Why axiom null_not_valid + (FORALL (a) (NOT (valid a null)))) + +(BG_PUSH + ;; Why axiom null_pointer + (FORALL (a) + (AND (>= (offset_min a null) 0) (<= (offset_max a null) (- 0 2))))) + +(BG_PUSH + ;; Why axiom eq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (eq_pointer_bool p1 p2) |@true|) (EQ p1 p2)))) + +(BG_PUSH + ;; Why axiom neq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (neq_pointer_bool p1 p2) |@true|) (NEQ p1 p2)))) + +(BG_PUSH + ;; Why axiom same_block_shift_right + (FORALL (p q i) (IMPLIES (same_block p q) (same_block p (shift q i)))) + + (FORALL (p q) + (IMPLIES (same_block p q) (FORALL (i) (same_block p (shift q i)))))) + +(BG_PUSH + ;; Why axiom same_block_shift_left + (FORALL (p q i) (IMPLIES (same_block q p) (same_block (shift q i) p))) + + (FORALL (p q) + (IMPLIES (same_block q p) (FORALL (i) (same_block (shift q i) p))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift + (FORALL (p q) (IMPLIES (same_block p q) (EQ p (shift q (sub_pointer p q)))))) + +(BG_PUSH + ;; Why axiom sub_pointer_self + (FORALL (p) (EQ (sub_pointer p p) 0))) + +(BG_PUSH + ;; Why axiom sub_pointer_zero + (FORALL (p q) + (IMPLIES (same_block p q) (IMPLIES (EQ (sub_pointer p q) 0) (EQ p q))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_left + (FORALL (p q i) (EQ (sub_pointer (shift p i) q) (+ (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_right + (FORALL (p q i) (EQ (sub_pointer p (shift q i)) (- (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom select_store_eq + (FORALL (m p1 p2 a) + (IMPLIES (EQ p1 p2) (EQ (select (|why__store| m p1 a) p2) a))) + + (FORALL (p1 p2) + (IMPLIES (EQ p1 p2) (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) a))))) + +(BG_PUSH + ;; Why axiom select_store_neq + (FORALL (m p1 p2 a) + (IMPLIES (NEQ p1 p2) (EQ (select (|why__store| m p1 a) p2) (select m p2)))) + + (FORALL (p1 p2) + (IMPLIES (NEQ p1 p2) + (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) (select m p2)))))) + +(DEFPRED (pset_disjoint ps1 ps2) + (FORALL (p) + (NOT (AND (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|))))) + +(DEFPRED (pset_included ps1 ps2) + (FORALL (p) + (IMPLIES (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|)))) + +(BG_PUSH + ;; Why axiom pset_included_self + (FORALL (ps) (pset_included ps ps))) + +(BG_PUSH + ;; Why axiom pset_included_range + (FORALL (ps a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (pset_included (pset_range ps a b) (pset_range ps c d)))) + + (FORALL (a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (FORALL (ps) (pset_included (pset_range ps a b) (pset_range ps c d)))))) + +(BG_PUSH + ;; Why axiom pset_included_range_all + (FORALL (ps a b c d) (pset_included (pset_range ps a b) (pset_all ps)))) + +(BG_PUSH + ;; Why axiom in_pset_empty + (FORALL (p) (NOT (EQ (in_pset p pset_empty) |@true|)))) + +(BG_PUSH + ;; Why axiom in_pset_singleton + (FORALL (p q) (IFF (EQ (in_pset p (pset_singleton q)) |@true|) (EQ p q)))) + +(BG_PUSH + ;; Why axiom in_pset_deref + (FORALL (p m q) + (IFF (EQ (in_pset p (pset_deref m q)) |@true|) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))))))) + +(BG_PUSH + ;; Why axiom in_pset_all + (FORALL (p q) + (IFF (EQ (in_pset p (pset_all q)) |@true|) + (EXISTS (i) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))) + +(BG_PUSH + ;; Why axiom in_pset_range + (FORALL (p q a b) + (IFF (EQ (in_pset p (pset_range q a b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_left + (FORALL (p q b) + (IFF (EQ (in_pset p (pset_range_left q b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_right + (FORALL (p q a) + (IFF (EQ (in_pset p (pset_range_right q a)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_union + (FORALL (p s1 s2) + (IFF (EQ (in_pset p (pset_union s1 s2)) |@true|) + (OR (EQ (in_pset p s1) |@true|) (EQ (in_pset p s2) |@true|))))) + +(BG_PUSH + ;; Why axiom valid_pset_empty + (FORALL (a) (EQ (valid_pset a pset_empty) |@true|))) + +(BG_PUSH + ;; Why axiom valid_pset_singleton + (FORALL (a p) + (IFF (EQ (valid_pset a (pset_singleton p)) |@true|) (valid a p)))) + +(BG_PUSH + ;; Why axiom valid_pset_deref + (FORALL (a m q) + (IFF (EQ (valid_pset a (pset_deref m q)) |@true|) + (FORALL (r p) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))) (valid a p)))))) + +(BG_PUSH + ;; Why axiom valid_pset_range + (FORALL (a q c d) + (IFF (EQ (valid_pset a (pset_range q c d)) |@true|) + (FORALL (i r) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (AND (<= c i) (<= i d))) + (valid a (shift r i))))))) + +(BG_PUSH + ;; Why axiom valid_pset_union + (FORALL (a s1 s2) + (IFF (EQ (valid_pset a (pset_union s1 s2)) |@true|) + (AND (EQ (valid_pset a s1) |@true|) (EQ (valid_pset a s2) |@true|))))) + +(DEFPRED (not_assigns a m1 m2 l) + (FORALL (p) + (IMPLIES (AND (valid a p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (select m2 p) (select m1 p))))) + +(BG_PUSH + ;; Why axiom not_assigns_refl + (FORALL (a m l) (not_assigns a m m l))) + +(BG_PUSH + ;; Why axiom not_assigns_trans + (FORALL (a m1 m2 m3 l) + (IMPLIES (not_assigns a m1 m2 l) + (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))) + + (FORALL (a m1 m2 l) + (IMPLIES (not_assigns a m1 m2 l) + (FORALL (m3) (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))))) + +(BG_PUSH + ;; Why axiom full_separated_shift1 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift2 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift3 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift4 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom subtag_bool_def + (FORALL (t1 t2) + (IFF (EQ (subtag_bool t1 t2) |@true|) (EQ (subtag t1 t2) |@true|)))) + +(BG_PUSH + ;; Why axiom subtag_refl + (FORALL (t) (EQ (subtag t t) |@true|))) + +(BG_PUSH + ;; Why axiom subtag_parent + (FORALL (t1 t2 t3) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))) + + (FORALL (t1 t2) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (FORALL (t3) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))))) + +(DEFPRED (instanceof a p t) (EQ (subtag (typeof a p) t) |@true|)) + +(BG_PUSH + ;; Why axiom downcast_instanceof + (FORALL (a p s) (IMPLIES (instanceof a p s) (EQ (downcast a p s) p)))) + +(BG_PUSH + ;; Why axiom bottom_tag_axiom + (FORALL (t) (EQ (subtag t bottom_tag) |@true|))) + +(DEFPRED (root_tag t) (EQ (parenttag t bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom root_subtag + (FORALL (a b c) + (IMPLIES (root_tag a) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|))))))) + + (FORALL (a) + (IMPLIES (root_tag a) + (FORALL (b) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (FORALL (c) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|)))))))))) + +(DEFPRED (fully_packed tag_table mutable this) + (EQ (select mutable this) (typeof tag_table this))) + +(BG_PUSH + ;; Why axiom bw_and_not_null + (FORALL (a b) (IMPLIES (NEQ (bw_and a b) 0) (AND (NEQ a 0) (NEQ b 0))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsl a b))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_monotone + (FORALL (a1 a2 b) + (IMPLIES (AND (<= 0 a1) (AND (<= a1 a2) (<= 0 b))) + (<= (lsl a1 b) (lsl a2 b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_decreases + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_positive_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (asr a b))))) + +(BG_PUSH + ;; Why axiom asr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (asr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_lsr_same_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (asr a b) (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsl_of_lsr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsl (lsr a b) b) a)))) + +(BG_PUSH + ;; Why axiom lsr_of_lsl_identity_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (lsr (lsl a b) b) a)))) + +(DEFPRED (alloc_fresh a p n) + (FORALL (i) (IMPLIES (AND (<= 0 i) (< i n)) (NOT (valid a (shift p i)))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_min + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_max + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_not_assigns_empty + (FORALL (a1 a2 m1 m2 l p n) + (IMPLIES + (AND (EQ (alloc_extends a1 a2) |@true|) + (AND (alloc_fresh a1 p n) + (AND (not_assigns a2 m1 m2 l) + (pset_included l (pset_all (pset_singleton p)))))) + (not_assigns a1 m1 m2 pset_empty)))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_min + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_max + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom disj_sym + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) (EQ (disj_mybag s2 s1) |@true|)))) + +(BG_PUSH + ;; Why axiom sub_refl + (FORALL (sa) (EQ (sub_mybag sa sa) |@true|))) + +(BG_PUSH + ;; Why axiom sub_disj + (FORALL (s1 s2 s3) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))) + + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (FORALL (s3) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))))) + +(BG_PUSH + ;; Why axiom sub_in + (FORALL (s1 s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))) + + (FORALL (s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (FORALL (s1) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_refl + (FORALL (sa m) (EQ (frame_between sa m m) |@true|))) + +(BG_PUSH + ;; Why axiom frame_between_gen + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (FORALL (v) (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen2 + (FORALL (sa m1 m2 m3) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub1 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 s13) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (FORALL (m2 m1) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s23 m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub2 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 m1 m2) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s13 s23) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_pointer + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (EQ (select m1 p) (select m2 p))))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (FORALL (v) (EQ (select m1 p) (select m2 p)))))))) + +(BG_PUSH + ;; Why axiom frame_between_sub + (FORALL (sa sb m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (sb) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))))) + +(DEFPRED (Swap a i j intP_intM_a_1_at_L2 intP_intM_a_1_at_L1) + (AND + (EQ (select intP_intM_a_1_at_L1 (shift a i)) + (select intP_intM_a_1_at_L2 (shift a j))) + (AND + (EQ (select intP_intM_a_1_at_L1 (shift a j)) + (select intP_intM_a_1_at_L2 (shift a i))) + (FORALL (k) + (IMPLIES (AND (NEQ k i) (NEQ k j)) + (EQ (select intP_intM_a_1_at_L1 (shift a k)) + (select intP_intM_a_1_at_L2 (shift a k)))))))) + +(BG_PUSH + ;; Why axiom Permut_inversion + (FORALL (aux_1 aux_2 aux_3 aux_4 aux_5) + (IMPLIES (EQ (Permut aux_1 aux_2 aux_3 aux_4 aux_5) |@true|) + (OR + (EXISTS (intP_intM_a_0_2_at_L) + (EXISTS (a_1) + (EXISTS (l_0) + (EXISTS (h_0) + (AND (EQ aux_1 a_1) + (AND (EQ aux_2 l_0) + (AND (EQ aux_3 h_0) + (AND (EQ aux_4 intP_intM_a_0_2_at_L) (EQ aux_5 intP_intM_a_0_2_at_L))))))))) + (OR + (EXISTS (intP_intM_a_0_2_at_L2) + (EXISTS (intP_intM_a_0_2_at_L1) + (EXISTS (a_2) + (EXISTS (l_1) + (EXISTS (h_1) + (AND + (EQ (Permut + a_2 l_1 h_1 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (AND (EQ aux_1 a_2) + (AND (EQ aux_2 l_1) + (AND (EQ aux_3 h_1) + (AND (EQ aux_4 intP_intM_a_0_2_at_L1) (EQ aux_5 intP_intM_a_0_2_at_L2))))))))))) + (OR + (EXISTS (intP_intM_a_0_2_at_L3) + (EXISTS (intP_intM_a_0_2_at_L2) + (EXISTS (intP_intM_a_0_2_at_L1) + (EXISTS (a_3) + (EXISTS (l_2) + (EXISTS (h_2) + (AND + (AND + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L2) |@true|)) + (AND (EQ aux_1 a_3) + (AND (EQ aux_2 l_2) + (AND (EQ aux_3 h_2) + (AND (EQ aux_4 intP_intM_a_0_2_at_L3) (EQ aux_5 intP_intM_a_0_2_at_L1)))))))))))) + (EXISTS (intP_intM_a_0_2_at_L2) + (EXISTS (intP_intM_a_0_2_at_L1) + (EXISTS (a_4) + (EXISTS (l_3) + (EXISTS (h_3) + (EXISTS (i_0_0) + (EXISTS (j_0_0) + (AND + (AND (<= l_3 i_0_0) + (AND (<= i_0_0 h_3) + (AND (<= l_3 j_0_0) + (AND (<= j_0_0 h_3) + (Swap a_4 i_0_0 j_0_0 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1))))) + (AND (EQ aux_1 a_4) + (AND (EQ aux_2 l_3) + (AND (EQ aux_3 h_3) + (AND (EQ aux_4 intP_intM_a_0_2_at_L2) (EQ aux_5 intP_intM_a_0_2_at_L1))))))))))))))))))) + +(BG_PUSH + ;; Why axiom Permut_refl + (FORALL (intP_intM_a_0_2_at_L a_1 l_0 h_0) + (EQ (Permut a_1 l_0 h_0 intP_intM_a_0_2_at_L intP_intM_a_0_2_at_L) |@true|))) + +(BG_PUSH + ;; Why axiom Permut_sym + (FORALL (intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1 a_2 l_1 h_1) + (IMPLIES + (EQ (Permut + a_2 l_1 h_1 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (EQ (Permut + a_2 l_1 h_1 intP_intM_a_0_2_at_L1 intP_intM_a_0_2_at_L2) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_trans + (FORALL (intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1 a_3 l_2 h_2) + (IMPLIES + (AND + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|) + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L2) |@true|)) + (EQ (Permut + a_3 l_2 h_2 intP_intM_a_0_2_at_L3 intP_intM_a_0_2_at_L1) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_swap + (FORALL (intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1 a_4 l_3 h_3 i_0_0 j_0_0) + (IMPLIES + (AND (<= l_3 i_0_0) + (AND (<= i_0_0 h_3) + (AND (<= l_3 j_0_0) + (AND (<= j_0_0 h_3) + (Swap a_4 i_0_0 j_0_0 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1))))) + (EQ (Permut + a_4 l_3 h_3 intP_intM_a_0_2_at_L2 intP_intM_a_0_2_at_L1) |@true|)))) + +(DEFPRED (Sorted a_5 l_4 h_4 intP_intM_a_5_3_at_L) + (FORALL (i_1 j_1) + (IMPLIES (AND (<= l_4 i_1) (AND (<= i_1 j_1) (< j_1 h_4))) + (<= (select intP_intM_a_5_3_at_L (shift a_5 i_1)) (select + intP_intM_a_5_3_at_L + (shift a_5 j_1)))))) + +(BG_PUSH + ;; Why axiom charP_int + (EQ (int_of_tag charP_tag) 1)) + +(BG_PUSH + ;; Why axiom charP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (charP_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom charP_parenttag_bottom + (EQ (parenttag charP_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom charP_tags + (FORALL (x charP_tag_table) (instanceof charP_tag_table x charP_tag))) + +(BG_PUSH + ;; Why axiom intP_int + (EQ (int_of_tag intP_tag) 1)) + +(BG_PUSH + ;; Why axiom intP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (intP_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom intP_parenttag_bottom + (EQ (parenttag intP_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom intP_tags + (FORALL (x intP_tag_table) (instanceof intP_tag_table x intP_tag))) + +(DEFPRED (left_valid_struct_charP p a charP_alloc_table) + (<= (offset_min charP_alloc_table p) a)) + +(DEFPRED (left_valid_struct_intP p a intP_alloc_table) + (<= (offset_min intP_alloc_table p) a)) + +(DEFPRED (left_valid_struct_voidP p a voidP_alloc_table) + (<= (offset_min voidP_alloc_table p) a)) + +(BG_PUSH + ;; Why axiom pointer_addr_of_charP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (charP_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_intP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (intP_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_voidP_of_pointer_address + (FORALL (p) (EQ p (pointer_address (voidP_of_pointer_address p))))) + +(DEFPRED (right_valid_struct_charP p b charP_alloc_table) + (>= (offset_max charP_alloc_table p) b)) + +(DEFPRED (right_valid_struct_intP p b intP_alloc_table) + (>= (offset_max intP_alloc_table p) b)) + +(DEFPRED (right_valid_struct_voidP p b voidP_alloc_table) + (>= (offset_max voidP_alloc_table p) b)) + +(DEFPRED (strict_valid_root_charP p a b charP_alloc_table) + (AND (EQ (offset_min charP_alloc_table p) a) + (EQ (offset_max charP_alloc_table p) b))) + +(DEFPRED (strict_valid_root_intP p a b intP_alloc_table) + (AND (EQ (offset_min intP_alloc_table p) a) + (EQ (offset_max intP_alloc_table p) b))) + +(DEFPRED (strict_valid_root_voidP p a b voidP_alloc_table) + (AND (EQ (offset_min voidP_alloc_table p) a) + (EQ (offset_max voidP_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_charP p a b charP_alloc_table) + (AND (EQ (offset_min charP_alloc_table p) a) + (EQ (offset_max charP_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_intP p a b intP_alloc_table) + (AND (EQ (offset_min intP_alloc_table p) a) + (EQ (offset_max intP_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_voidP p a b voidP_alloc_table) + (AND (EQ (offset_min voidP_alloc_table p) a) + (EQ (offset_max voidP_alloc_table p) b))) + +(DEFPRED (valid_root_charP p a b charP_alloc_table) + (AND (<= (offset_min charP_alloc_table p) a) + (>= (offset_max charP_alloc_table p) b))) + +(DEFPRED (valid_root_intP p a b intP_alloc_table) + (AND (<= (offset_min intP_alloc_table p) a) + (>= (offset_max intP_alloc_table p) b))) + +(DEFPRED (valid_root_voidP p a b voidP_alloc_table) + (AND (<= (offset_min voidP_alloc_table p) a) + (>= (offset_max voidP_alloc_table p) b))) + +(DEFPRED (valid_struct_charP p a b charP_alloc_table) + (AND (<= (offset_min charP_alloc_table p) a) + (>= (offset_max charP_alloc_table p) b))) + +(DEFPRED (valid_struct_intP p a b intP_alloc_table) + (AND (<= (offset_min intP_alloc_table p) a) + (>= (offset_max intP_alloc_table p) b))) + +(DEFPRED (valid_struct_voidP p a b voidP_alloc_table) + (AND (<= (offset_min voidP_alloc_table p) a) + (>= (offset_max voidP_alloc_table p) b))) + +(BG_PUSH + ;; Why axiom voidP_int + (EQ (int_of_tag voidP_tag) 1)) + +(BG_PUSH + ;; Why axiom voidP_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (voidP_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom voidP_parenttag_bottom + (EQ (parenttag voidP_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom voidP_tags + (FORALL (x voidP_tag_table) (instanceof voidP_tag_table x voidP_tag))) + +;; sel_sort_ensures_default_po_1, File "HOME/tests/c/selection_sort.c", line 58, characters 21-27 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) (FORALL (i_0_1) (IMPLIES (EQ i_0_1 0) (<= 0 i_0_1)))))))) + +;; sel_sort_ensures_default_po_2, File "HOME/tests/c/selection_sort.c", line 58, characters 26-31 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) (FORALL (i_0_1) (IMPLIES (EQ i_0_1 0) (< i_0_1 n)))))))) + +;; sel_sort_ensures_default_po_3, File "HOME/tests/c/selection_sort.c", line 71, characters 23-28 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) (IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) (< i_0_1_0 j_0_1)))))))))))))))))))) + +;; sel_sort_ensures_default_po_4, File "HOME/tests/c/selection_sort.c", line 71, characters 32-39 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) (IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) (<= i_0_1_0 mi)))))))))))))))))))) + +;; sel_sort_ensures_default_po_5, File "HOME/tests/c/selection_sort.c", line 71, characters 37-43 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) (IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) (< mi n)))))))))))))))))))) + +;; sel_sort_ensures_default_po_6, File "HOME/tests/c/selection_sort.c", line 71, characters 23-28 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5 (shift t j_0_1_0))) +(IMPLIES (< result0 mv0) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_0_1_0) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_5 (shift t j_0_1_0))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result1) +(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< i_0_1_0 j_0_1_1)))))))))))))))))))))))))))))))))))) + +;; sel_sort_ensures_default_po_7, File "HOME/tests/c/selection_sort.c", line 71, characters 32-39 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5 (shift t j_0_1_0))) +(IMPLIES (< result0 mv0) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_0_1_0) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_5 (shift t j_0_1_0))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result1) +(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (<= i_0_1_0 mi1)))))))))))))))))))))))))))))))))))) + +;; sel_sort_ensures_default_po_8, File "HOME/tests/c/selection_sort.c", line 71, characters 37-43 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5 (shift t j_0_1_0))) +(IMPLIES (< result0 mv0) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_0_1_0) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_5 (shift t j_0_1_0))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result1) +(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< mi1 n)))))))))))))))))))))))))))))))))))) + +;; sel_sort_ensures_default_po_9, File "HOME/tests/c/selection_sort.c", line 71, characters 23-28 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5 (shift t j_0_1_0))) +(IMPLIES (>= result0 mv0) +(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< i_0_1_0 j_0_1_1)))))))))))))))))))))))))))))) + +;; sel_sort_ensures_default_po_10, File "HOME/tests/c/selection_sort.c", line 71, characters 32-39 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5 (shift t j_0_1_0))) +(IMPLIES (>= result0 mv0) +(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (<= i_0_1_0 mi0)))))))))))))))))))))))))))))) + +;; sel_sort_ensures_default_po_11, File "HOME/tests/c/selection_sort.c", line 71, characters 37-43 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5 (shift t j_0_1_0))) +(IMPLIES (>= result0 mv0) +(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< mi0 n)))))))))))))))))))))))))))))) + +;; sel_sort_ensures_default_po_12, File "HOME/tests/c/selection_sort.c", line 88, characters 15-38 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Swap t i_0_1_0 mi0 intP_intM_t_5_0 intP_intM_t_5) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_union + (pset_range + (pset_singleton + t) mi0 mi0) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(EQ (Permut t 0 (- n 1) intP_intM_t_5_0 intP_intM_t_5) |@true|)))))))))))))))))))))))))) + +;; sel_sort_ensures_default_po_13, File "HOME/tests/c/selection_sort.c", line 58, characters 21-27 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Swap t i_0_1_0 mi0 intP_intM_t_5_0 intP_intM_t_5) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_union + (pset_range + (pset_singleton + t) mi0 mi0) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t 0 (- n 1) intP_intM_t_5_0 intP_intM_t_5) |@true|) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (<= 0 i_0_1_1))))))))))))))))))))))))))))) + +;; sel_sort_ensures_default_po_14, File "HOME/tests/c/selection_sort.c", line 58, characters 26-31 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Swap t i_0_1_0 mi0 intP_intM_t_5_0 intP_intM_t_5) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_union + (pset_range + (pset_singleton + t) mi0 mi0) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t 0 (- n 1) intP_intM_t_5_0 intP_intM_t_5) |@true|) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (< i_0_1_1 n))))))))))))))))))))))))))))) + +;; sel_sort_ensures_permutation_po_1, File "HOME/tests/c/selection_sort.c", line 52, characters 14-39 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (<= n 0) +(EQ (Permut t 0 (- n 1) intP_intM_t_5 intP_intM_t_5) |@true|))))))) + +;; sel_sort_ensures_permutation_po_2, File "HOME/tests/c/selection_sort.c", line 65, characters 22-47 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(EQ (Permut t 0 (- n 1) intP_intM_t_5 intP_intM_t_5) |@true|))))))))) + +;; sel_sort_ensures_permutation_po_3, File "HOME/tests/c/selection_sort.c", line 65, characters 22-47 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(IMPLIES (EQ (Permut t 0 (- n 1) intP_intM_t_5_0 intP_intM_t_5) |@true|) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5_0 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES (EQ (Permut t 0 (- n 1) intP_intM_t_5_0 intP_intM_t_5) |@true|) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 mi0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) mi0 mi0) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t 0 (- n 1) intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(EQ (Permut t 0 (- n 1) intP_intM_t_5_1 intP_intM_t_5) |@true|)))))))))))))))))))))))))))))))) + +;; sel_sort_ensures_sorted_po_1, File "HOME/tests/c/selection_sort.c", line 50, characters 14-27 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (<= n 0) (Sorted t 0 n intP_intM_t_5))))))) + +;; sel_sort_ensures_sorted_po_2, File "HOME/tests/c/selection_sort.c", line 61, characters 8-21 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) (IMPLIES (EQ i_0_1 0) (Sorted t 0 i_0_1 intP_intM_t_5))))))))) + +;; sel_sort_ensures_sorted_po_3, File "HOME/tests/c/selection_sort.c", line 62, characters 8-86 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(FORALL (intP_intM_t_5) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (k1) +(FORALL (k2) +(IMPLIES (AND (<= 0 k1) (AND (< k1 i_0_1) (AND (<= i_0_1 k2) (< k2 n)))) +(<= (select intP_intM_t_5 (shift t k1)) (select intP_intM_t_5 (shift t k2)))))))))))))) + +;; sel_sort_ensures_sorted_po_4, File "HOME/tests/c/selection_sort.c", line 74, characters 11-22 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Sorted t 0 i_0_1_0 intP_intM_t_5_0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) + (<= (select intP_intM_t_5_0 (shift t k1)) (select + intP_intM_t_5_0 (shift + t k2)))))) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5_0 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(EQ mv (select intP_intM_t_5_0 (shift t mi))))))))))))))))))))))) + +;; sel_sort_ensures_sorted_po_5, File "HOME/tests/c/selection_sort.c", line 75, characters 11-57 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Sorted t 0 i_0_1_0 intP_intM_t_5_0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) + (<= (select intP_intM_t_5_0 (shift t k1)) (select + intP_intM_t_5_0 (shift + t k2)))))) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5_0 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (k_0) +(IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1)) +(>= (select intP_intM_t_5_0 (shift t k_0)) mv))))))))))))))))))))))) + +;; sel_sort_ensures_sorted_po_6, File "HOME/tests/c/selection_sort.c", line 74, characters 11-22 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Sorted t 0 i_0_1_0 intP_intM_t_5_0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) + (<= (select intP_intM_t_5_0 (shift t k1)) (select + intP_intM_t_5_0 (shift + t k2)))))) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5_0 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (EQ mv0 (select intP_intM_t_5_0 (shift t mi0))) + (FORALL (k_0) + (IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t k_0)) mv0)))) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t j_0_1_0))) +(IMPLIES (< result0 mv0) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_0_1_0) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_5_0 (shift t j_0_1_0))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result1) +(FORALL (j_0_1_1) +(IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) +(EQ mv1 (select intP_intM_t_5_0 (shift t mi1)))))))))))))))))))))))))))))))))))))))) + +;; sel_sort_ensures_sorted_po_7, File "HOME/tests/c/selection_sort.c", line 75, characters 11-57 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Sorted t 0 i_0_1_0 intP_intM_t_5_0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) + (<= (select intP_intM_t_5_0 (shift t k1)) (select + intP_intM_t_5_0 (shift + t k2)))))) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5_0 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (EQ mv0 (select intP_intM_t_5_0 (shift t mi0))) + (FORALL (k_0) + (IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t k_0)) mv0)))) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t j_0_1_0))) +(IMPLIES (< result0 mv0) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_0_1_0) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_5_0 (shift t j_0_1_0))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result1) +(FORALL (j_0_1_1) +(IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) +(FORALL (k_0) +(IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_1)) +(>= (select intP_intM_t_5_0 (shift t k_0)) mv1)))))))))))))))))))))))))))))))))))))))) + +;; sel_sort_ensures_sorted_po_8, File "HOME/tests/c/selection_sort.c", line 75, characters 11-57 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Sorted t 0 i_0_1_0 intP_intM_t_5_0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) + (<= (select intP_intM_t_5_0 (shift t k1)) (select + intP_intM_t_5_0 (shift + t k2)))))) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5_0 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (EQ mv0 (select intP_intM_t_5_0 (shift t mi0))) + (FORALL (k_0) + (IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t k_0)) mv0)))) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5_0 (shift t j_0_1_0))) +(IMPLIES (>= result0 mv0) +(FORALL (j_0_1_1) +(IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) +(FORALL (k_0) +(IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_1)) +(>= (select intP_intM_t_5_0 (shift t k_0)) mv0)))))))))))))))))))))))))))))))))) + +;; sel_sort_ensures_sorted_po_9, File "HOME/tests/c/selection_sort.c", line 61, characters 8-21 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Sorted t 0 i_0_1_0 intP_intM_t_5_0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) + (<= (select intP_intM_t_5_0 (shift t k1)) (select + intP_intM_t_5_0 (shift + t k2)))))) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5_0 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (EQ mv0 (select intP_intM_t_5_0 (shift t mi0))) + (FORALL (k_0) + (IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t k_0)) mv0)))) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 mi0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) mi0 mi0) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t 0 (- n 1) intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (Sorted t 0 i_0_1_1 intP_intM_t_5_1)))))))))))))))))))))))))))))))) + +;; sel_sort_ensures_sorted_po_10, File "HOME/tests/c/selection_sort.c", line 62, characters 8-86 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Sorted t 0 i_0_1_0 intP_intM_t_5_0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) + (<= (select intP_intM_t_5_0 (shift t k1)) (select + intP_intM_t_5_0 (shift + t k2)))))) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5_0 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (EQ mv0 (select intP_intM_t_5_0 (shift t mi0))) + (FORALL (k_0) + (IMPLIES (AND (<= i_0_1_0 k_0) (< k_0 j_0_1_0)) + (>= (select intP_intM_t_5_0 (shift t k_0)) mv0)))) +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) +(FORALL (intP_intM_t_5_1) +(IMPLIES (AND (Swap t i_0_1_0 mi0 intP_intM_t_5_1 intP_intM_t_5_0) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5_0 intP_intM_t_5_1 (pset_union + (pset_range + (pset_singleton + t) mi0 mi0) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t 0 (- n 1) intP_intM_t_5_1 intP_intM_t_5_0) |@true|) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) +(FORALL (k1) +(FORALL (k2) +(IMPLIES (AND (<= 0 k1) (AND (< k1 i_0_1_1) (AND (<= i_0_1_1 k2) (< k2 n)))) +(<= (select intP_intM_t_5_1 (shift t k1)) (select + intP_intM_t_5_1 (shift t k2))))))))))))))))))))))))))))))))))))) + +;; sel_sort_ensures_sorted_po_11, File "HOME/tests/c/selection_sort.c", line 50, characters 14-27 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Sorted t 0 i_0_1_0 intP_intM_t_5_0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) (AND (< k1 i_0_1_0) (AND (<= i_0_1_0 k2) (< k2 n)))) + (<= (select intP_intM_t_5_0 (shift t k1)) (select + intP_intM_t_5_0 (shift + t k2)))))) +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (>= i_0_1_0 (- n 1)) (Sorted t 0 n intP_intM_t_5_0))))))))))))) + +;; sel_sort_safety_po_1, File "HOME/tests/c/selection_sort.c", line 70, characters 9-13 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(<= (offset_min intP_t_5_alloc_table t) i_0_1_0)))))))))))) + +;; sel_sort_safety_po_2, File "HOME/tests/c/selection_sort.c", line 70, characters 9-13 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(<= i_0_1_0 (offset_max intP_t_5_alloc_table t))))))))))))) + +;; sel_sort_safety_po_3, File "HOME/tests/c/selection_sort.c", line 82, characters 10-14 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) (<= (offset_min intP_t_5_alloc_table t) j_0_1_0))))))))))))))))))))))))))) + +;; sel_sort_safety_po_4, File "HOME/tests/c/selection_sort.c", line 82, characters 10-14 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) (<= j_0_1_0 (offset_max intP_t_5_alloc_table t)))))))))))))))))))))))))))) + +;; sel_sort_safety_po_5, File "HOME/tests/c/selection_sort.c", line 79, characters 21-24 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) j_0_1_0) + (<= j_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5 (shift t j_0_1_0))) +(IMPLIES (< result0 mv0) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_0_1_0) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) j_0_1_0) + (<= j_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_5 (shift t j_0_1_0))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result1) +(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (<= 0 (- n j_0_1_0)))))))))))))))))))))))))))))))))))))))))) + +;; sel_sort_safety_po_6, File "HOME/tests/c/selection_sort.c", line 79, characters 21-24 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) j_0_1_0) + (<= j_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5 (shift t j_0_1_0))) +(IMPLIES (< result0 mv0) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_0_1_0) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) j_0_1_0) + (<= j_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result1) +(IMPLIES (EQ result1 (select intP_intM_t_5 (shift t j_0_1_0))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result1) +(FORALL (j_0_1_1) +(IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< (- n j_0_1_1) (- n j_0_1_0)))))))))))))))))))))))))))))))))))))))))) + +;; sel_sort_safety_po_7, File "HOME/tests/c/selection_sort.c", line 79, characters 21-24 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) j_0_1_0) + (<= j_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5 (shift t j_0_1_0))) +(IMPLIES (>= result0 mv0) +(FORALL (j_0_1_1) (IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (<= 0 (- n j_0_1_0))))))))))))))))))))))))))))))))))) + +;; sel_sort_safety_po_8, File "HOME/tests/c/selection_sort.c", line 79, characters 21-24 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (< j_0_1_0 n) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) j_0_1_0) + (<= j_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_5 (shift t j_0_1_0))) +(IMPLIES (>= result0 mv0) +(FORALL (j_0_1_1) +(IMPLIES (EQ j_0_1_1 (+ j_0_1_0 1)) (< (- n j_0_1_1) (- n j_0_1_0))))))))))))))))))))))))))))))))))) + +;; sel_sort_safety_po_9, File "HOME/tests/c/selection_sort.c", line 87, characters 4-16 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) (>= (offset_max intP_t_5_alloc_table t) i_0_1_0))))))))))))))))))))))))))) + +;; sel_sort_safety_po_10, File "HOME/tests/c/selection_sort.c", line 87, characters 4-16 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) (<= (offset_min intP_t_5_alloc_table t) mi0))))))))))))))))))))))))))) + +;; sel_sort_safety_po_11, File "HOME/tests/c/selection_sort.c", line 87, characters 4-16 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) (>= (offset_max intP_t_5_alloc_table t) mi0))))))))))))))))))))))))))) + +;; sel_sort_safety_po_12, File "HOME/tests/c/selection_sort.c", line 66, characters 19-22 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (AND (>= (offset_max intP_t_5_alloc_table t) i_0_1_0) + (AND (<= (offset_min intP_t_5_alloc_table t) mi0) + (>= (offset_max intP_t_5_alloc_table t) mi0)))) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Swap t i_0_1_0 mi0 intP_intM_t_5_0 intP_intM_t_5) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_union + (pset_range + (pset_singleton + t) mi0 mi0) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t 0 (- n 1) intP_intM_t_5_0 intP_intM_t_5) |@true|) +(FORALL (i_0_1_1) (IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (<= 0 (- n i_0_1_0)))))))))))))))))))))))))))))))))) + +;; sel_sort_safety_po_13, File "HOME/tests/c/selection_sort.c", line 66, characters 19-22 +(FORALL (t) +(FORALL (n) +(FORALL (intP_t_5_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) 0) + (>= (offset_max intP_t_5_alloc_table t) (- n 1))) +(IMPLIES (> n 0) +(FORALL (i_0_1) +(IMPLIES (EQ i_0_1 0) +(FORALL (i_0_1_0) +(FORALL (intP_intM_t_5) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i_0_1_0) (< i_0_1_0 n)) +(IMPLIES (< i_0_1_0 (- n 1)) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (<= i_0_1_0 (offset_max intP_t_5_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_5 (shift t i_0_1_0))) +(FORALL (mv) +(IMPLIES (EQ mv result) +(FORALL (mi) +(IMPLIES (EQ mi i_0_1_0) +(FORALL (j_0_1) +(IMPLIES (EQ j_0_1 (+ i_0_1_0 1)) +(FORALL (j_0_1_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< i_0_1_0 j_0_1_0) (AND (<= i_0_1_0 mi0) (< mi0 n))) +(IMPLIES (>= j_0_1_0 n) +(IMPLIES (AND (<= (offset_min intP_t_5_alloc_table t) i_0_1_0) + (AND (>= (offset_max intP_t_5_alloc_table t) i_0_1_0) + (AND (<= (offset_min intP_t_5_alloc_table t) mi0) + (>= (offset_max intP_t_5_alloc_table t) mi0)))) +(FORALL (intP_intM_t_5_0) +(IMPLIES (AND (Swap t i_0_1_0 mi0 intP_intM_t_5_0 intP_intM_t_5) + (not_assigns + intP_t_5_alloc_table intP_intM_t_5 intP_intM_t_5_0 (pset_union + (pset_range + (pset_singleton + t) mi0 mi0) + (pset_range + (pset_singleton + t) i_0_1_0 i_0_1_0)))) +(IMPLIES (EQ (Permut t 0 (- n 1) intP_intM_t_5_0 intP_intM_t_5) |@true|) +(FORALL (i_0_1_1) +(IMPLIES (EQ i_0_1_1 (+ i_0_1_0 1)) (< (- n i_0_1_1) (- n i_0_1_0)))))))))))))))))))))))))))))))))) + +;; swap_ensures_default_po_1, File "HOME/tests/c/selection_sort.c", line 40, characters 12-33 +(FORALL (t_0) +(FORALL (i_0) +(FORALL (j_0) +(FORALL (intP_t_0_4_alloc_table) +(FORALL (intP_intM_t_0_4) +(IMPLIES (AND (<= (offset_min intP_t_0_4_alloc_table t_0) i_0) + (AND (>= (offset_max intP_t_0_4_alloc_table t_0) i_0) + (AND (<= (offset_min intP_t_0_4_alloc_table t_0) j_0) + (>= (offset_max intP_t_0_4_alloc_table t_0) j_0)))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_0_4 (shift t_0 i_0))) +(FORALL (tmp) +(IMPLIES (EQ tmp result) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_0_4 (shift t_0 j_0))) +(FORALL (intP_intM_t_0_4_0) +(IMPLIES (EQ intP_intM_t_0_4_0 + (|why__store| intP_intM_t_0_4 (shift t_0 i_0) result0)) +(FORALL (intP_intM_t_0_4_1) +(IMPLIES (EQ intP_intM_t_0_4_1 + (|why__store| intP_intM_t_0_4_0 (shift t_0 j_0) tmp)) +(Swap t_0 i_0 j_0 intP_intM_t_0_4_1 intP_intM_t_0_4))))))))))))))))) + +;; swap_ensures_default_po_2, File "HOME/tests/c/selection_sort.c", line 42, characters 5-9 +(FORALL (t_0) +(FORALL (i_0) +(FORALL (j_0) +(FORALL (intP_t_0_4_alloc_table) +(FORALL (intP_intM_t_0_4) +(IMPLIES (AND (<= (offset_min intP_t_0_4_alloc_table t_0) i_0) + (AND (>= (offset_max intP_t_0_4_alloc_table t_0) i_0) + (AND (<= (offset_min intP_t_0_4_alloc_table t_0) j_0) + (>= (offset_max intP_t_0_4_alloc_table t_0) j_0)))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_0_4 (shift t_0 i_0))) +(FORALL (tmp) +(IMPLIES (EQ tmp result) +(FORALL (result0) +(IMPLIES (EQ result0 (select intP_intM_t_0_4 (shift t_0 j_0))) +(FORALL (intP_intM_t_0_4_0) +(IMPLIES (EQ intP_intM_t_0_4_0 + (|why__store| intP_intM_t_0_4 (shift t_0 i_0) result0)) +(FORALL (intP_intM_t_0_4_1) +(IMPLIES (EQ intP_intM_t_0_4_1 + (|why__store| intP_intM_t_0_4_0 (shift t_0 j_0) tmp)) +(not_assigns +intP_t_0_4_alloc_table intP_intM_t_0_4 intP_intM_t_0_4_1 (pset_union + (pset_range + (pset_singleton t_0) j_0 j_0) + (pset_range + (pset_singleton t_0) i_0 i_0))))))))))))))))))) + +;; swap_safety_po_1, File "HOME/tests/c/selection_sort.c", line 43, characters 12-16 +(FORALL (t_0) +(FORALL (i_0) +(FORALL (j_0) +(FORALL (intP_t_0_4_alloc_table) +(IMPLIES (AND (<= (offset_min intP_t_0_4_alloc_table t_0) i_0) + (AND (>= (offset_max intP_t_0_4_alloc_table t_0) i_0) + (AND (<= (offset_min intP_t_0_4_alloc_table t_0) j_0) + (>= (offset_max intP_t_0_4_alloc_table t_0) j_0)))) +(<= i_0 (offset_max intP_t_0_4_alloc_table t_0))))))) + +;; swap_safety_po_2, File "HOME/tests/c/selection_sort.c", line 44, characters 9-13 +(FORALL (t_0) +(FORALL (i_0) +(FORALL (j_0) +(FORALL (intP_t_0_4_alloc_table) +(FORALL (intP_intM_t_0_4) +(IMPLIES (AND (<= (offset_min intP_t_0_4_alloc_table t_0) i_0) + (AND (>= (offset_max intP_t_0_4_alloc_table t_0) i_0) + (AND (<= (offset_min intP_t_0_4_alloc_table t_0) j_0) + (>= (offset_max intP_t_0_4_alloc_table t_0) j_0)))) +(IMPLIES (AND (<= (offset_min intP_t_0_4_alloc_table t_0) i_0) + (<= i_0 (offset_max intP_t_0_4_alloc_table t_0))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_0_4 (shift t_0 i_0))) +(FORALL (tmp) +(IMPLIES (EQ tmp result) (<= (offset_min intP_t_0_4_alloc_table t_0) j_0)))))))))))) + +;; swap_safety_po_3, File "HOME/tests/c/selection_sort.c", line 44, characters 9-13 +(FORALL (t_0) +(FORALL (i_0) +(FORALL (j_0) +(FORALL (intP_t_0_4_alloc_table) +(FORALL (intP_intM_t_0_4) +(IMPLIES (AND (<= (offset_min intP_t_0_4_alloc_table t_0) i_0) + (AND (>= (offset_max intP_t_0_4_alloc_table t_0) i_0) + (AND (<= (offset_min intP_t_0_4_alloc_table t_0) j_0) + (>= (offset_max intP_t_0_4_alloc_table t_0) j_0)))) +(IMPLIES (AND (<= (offset_min intP_t_0_4_alloc_table t_0) i_0) + (<= i_0 (offset_max intP_t_0_4_alloc_table t_0))) +(FORALL (result) +(IMPLIES (EQ result (select intP_intM_t_0_4 (shift t_0 i_0))) +(FORALL (tmp) +(IMPLIES (EQ tmp result) (<= j_0 (offset_max intP_t_0_4_alloc_table t_0))))))))))))) + +========== running Simplify ========== +Running Simplify on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +simplify/selection_sort_why.sx: .............................................. (46/0/0/0/0) +total : 46 +valid : 46 (100%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 0 ( 0%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/sparse_array2.res.oracle why-2.30+dfsg/tests/c/oracle/sparse_array2.res.oracle --- why-2.29+dfsg/tests/c/oracle/sparse_array2.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/sparse_array2.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/c/sparse_array2.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ typedef unsigned int uint; @@ -103,11 +133,17 @@ + +/* +Local Variables: +compile-command: "make sparse_array2.why3ml" +End: +*/ ========== frama-c -jessie execution ========== [kernel] preprocessing with "gcc -C -E -I. -dD tests/c/sparse_array2.c" [jessie] Starting Jessie translation -[kernel] No code for function calloc, default assigns generated -[kernel] No code for function malloc, default assigns generated +[kernel] warning: No code for function calloc, default assigns generated for default behavior +[kernel] warning: No code for function malloc, default assigns generated for default behavior [jessie] Producing Jessie files in subdir tests/c/sparse_array2.jessie [jessie] File tests/c/sparse_array2.jessie/sparse_array2.jc written. [jessie] File tests/c/sparse_array2.jessie/sparse_array2.cloc written. @@ -130,33 +166,33 @@ type int8 = -128..127 -tag unsigned_int_P = { - uint32 unsigned_int_M: 32; +tag unsigned_intP = { + uint32 unsigned_intM: 32; } -type unsigned_int_P = [unsigned_int_P] +type unsigned_intP = [unsigned_intP] -tag int_P = { - int32 int_M: 32; +tag intP = { + int32 intM: 32; } -type int_P = [int_P] +type intP = [intP] -tag char_P = { - int8 char_M: 8; +tag charP = { + int8 charM: 8; } -type char_P = [char_P] +type charP = [charP] -tag void_P = { +tag voidP = { } -type void_P = [void_P] +type voidP = [voidP] tag SparseArray = { - int_P[..] val: 32; - unsigned_int_P[..] idx: 32; - unsigned_int_P[..] back: 32; + intP[..] val: 32; + unsigned_intP[..] idx: 32; + unsigned_intP[..] back: 32; uint32 n: 32; uint32 sz_0: 32; } @@ -164,8 +200,8 @@ type SparseArray = [SparseArray] predicate is_elt{L}(SparseArray[..] a, integer i) = -(((0 <= (a.idx + i).unsigned_int_M) && ((a.idx + i).unsigned_int_M < a.n)) && - ((a.back + (a.idx + i).unsigned_int_M).unsigned_int_M == i)) +(((0 <= (a.idx + i).unsigned_intM) && ((a.idx + i).unsigned_intM < a.n)) && + ((a.back + (a.idx + i).unsigned_intM).unsigned_intM == i)) axiomatic Model { @@ -174,7 +210,7 @@ axiom model_in{L} : (\forall SparseArray[..] a_1; (\forall integer i_1; - (is_elt{L}(a_1, i_1) ==> (model{L}(a_1, i_1) == (a_1.val + i_1).int_M)))) + (is_elt{L}(a_1, i_1) ==> (model{L}(a_1, i_1) == (a_1.val + i_1).intM)))) axiom model_out{L} : (\forall SparseArray[..] a_2; @@ -193,9 +229,9 @@ (\offset_max(a_3.back) >= (a_3.sz_0 - 1)))) && (\forall integer i_3; (((0 <= i_3) && (i_3 < a_3.n)) ==> - (((0 <= (a_3.back + i_3).unsigned_int_M) && - ((a_3.back + i_3).unsigned_int_M < a_3.sz_0)) && - ((a_3.idx + (a_3.back + i_3).unsigned_int_M).unsigned_int_M == i_3))))) + (((0 <= (a_3.back + i_3).unsigned_intM) && + ((a_3.back + i_3).unsigned_intM < a_3.sz_0)) && + ((a_3.idx + (a_3.back + i_3).unsigned_intM).unsigned_intM == i_3))))) int32 calloc() behavior default: @@ -215,9 +251,9 @@ (var SparseArray[..] a_1); { (C_3 : (a_1 = (C_2 : (new SparseArray[1])))); - (C_6 : ((C_5 : a_1.val) = (C_4 : (new int_P[sz])))); - (C_9 : ((C_8 : a_1.idx) = (C_7 : (new unsigned_int_P[sz])))); - (C_12 : ((C_11 : a_1.back) = (C_10 : (new unsigned_int_P[sz])))); + (C_6 : ((C_5 : a_1.val) = (C_4 : (new intP[sz])))); + (C_9 : ((C_8 : a_1.idx) = (C_7 : (new unsigned_intP[sz])))); + (C_12 : ((C_11 : a_1.back) = (C_10 : (new unsigned_intP[sz])))); (C_14 : ((C_13 : a_1.n) = 0)); (C_16 : ((C_15 : a_1.sz_0) = sz)); @@ -238,19 +274,19 @@ { { - (assert for default: (C_23 : (0 <= (a.idx + i).unsigned_int_M))); + (assert for default: (C_23 : (0 <= (a.idx + i).unsigned_intM))); () }; - { (if ((C_39 : (C_38 : ((C_37 : a.idx) + i)).unsigned_int_M) < + { (if ((C_39 : (C_38 : ((C_37 : a.idx) + i)).unsigned_intM) < (C_36 : a.n)) then (if ((C_35 : (C_34 : ((C_33 : a.back) + (C_32 : (C_31 : ((C_30 : a.idx) + - i)).unsigned_int_M))).unsigned_int_M) == + i)).unsigned_intM))).unsigned_intM) == i) then { (C_29 : (__retres = (C_28 : (C_27 : ((C_26 : a.val) + - i)).int_M))); + i)).intM))); (goto return_label) } else @@ -274,9 +310,9 @@ requires (C_82 : inv{Here}(a_0)); requires (C_81 : (i_0 <= (a_0.sz_0 - 1))); behavior default: - assigns (a_0.val + i_0).int_M, - (a_0.idx + [..]).unsigned_int_M, - (a_0.back + [..]).unsigned_int_M, + assigns (a_0.val + i_0).intM, + (a_0.idx + [..]).unsigned_intM, + (a_0.back + [..]).unsigned_intM, a_0.n; ensures (C_76 : ((C_77 : inv{Here}(\at(a_0,Old))) && ((C_79 : (model{Here}(\at(a_0,Old), \at(i_0,Old)) == @@ -284,14 +320,14 @@ (C_80 : (\forall integer j; ((j != \at(i_0,Old)) ==> (model{Here}(\at(a_0,Old), j) == - \old(model{Old}(a_0, j))))))))); + \at(model{Old}(a_0, j),Old)))))))); { - { (C_49 : ((C_48 : (C_47 : ((C_46 : a_0.val) + i_0)).int_M) = v)); - (if ((C_59 : (C_58 : ((C_57 : a_0.idx) + i_0)).unsigned_int_M) < + { (C_49 : ((C_48 : (C_47 : ((C_46 : a_0.val) + i_0)).intM) = v)); + (if ((C_59 : (C_58 : ((C_57 : a_0.idx) + i_0)).unsigned_intM) < (C_56 : a_0.n)) then (if ((C_55 : (C_54 : ((C_53 : a_0.back) + (C_52 : (C_51 : ((C_50 : a_0.idx) + - i_0)).unsigned_int_M))).unsigned_int_M) == + i_0)).unsigned_intM))).unsigned_intM) == i_0) then () else (goto _LAND)) else (goto _LAND)); @@ -303,9 +339,9 @@ (assert for default: (C_60 : (a_0.n < a_0.sz_0))); () }; - (C_65 : ((C_64 : (C_63 : ((C_62 : a_0.idx) + i_0)).unsigned_int_M) = + (C_65 : ((C_64 : (C_63 : ((C_62 : a_0.idx) + i_0)).unsigned_intM) = (C_61 : a_0.n))); - (C_70 : ((C_69 : (C_68 : ((C_67 : a_0.back) + (C_66 : a_0.n))).unsigned_int_M) = i_0)); + (C_70 : ((C_69 : (C_68 : ((C_67 : a_0.back) + (C_66 : a_0.n))).unsigned_intM) = i_0)); (C_75 : ((C_74 : a_0.n) = (C_73 : ((C_72 : ((C_71 : a_0.n) + 1)) :> uint32)))) }); (_LAND_0 : ()); @@ -364,189 +400,196 @@ ========== file tests/c/sparse_array2.jessie/sparse_array2.cloc ========== [C_50] file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 37 end = 43 [C_51] file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 37 end = 43 [C_52] file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 37 end = 46 [C_53] file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 28 end = 36 [C_54] file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 28 end = 36 [C_55] file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 28 end = 47 [C_56] file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 20 end = 24 [C_57] file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 8 end = 14 +[model_in] +name = "Lemma model_in" +file = "HOME/tests/c/sparse_array2.c" +line = 51 +begin = 6 +end = 105 + [C_58] file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 8 end = 14 [C_59] file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 8 end = 17 [main] name = "Function main" file = "HOME/tests/c/sparse_array2.c" -line = 89 +line = 119 begin = 4 end = 8 [C_60] file = "HOME/tests/c/sparse_array2.c" -line = 82 +line = 112 begin = 15 end = 27 [C_61] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 16 end = 20 [C_62] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 4 end = 10 [get] name = "Function get" file = "HOME/tests/c/sparse_array2.c" -line = 62 +line = 92 begin = 4 end = 7 [C_10] file = "HOME/tests/c/sparse_array2.c" -line = 50 +line = 80 begin = 19 end = 42 [C_63] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 4 end = 10 [C_11] file = "HOME/tests/c/sparse_array2.c" -line = 50 +line = 80 begin = 19 end = 42 [C_64] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 16 end = 20 [C_12] file = "HOME/tests/c/sparse_array2.c" -line = 50 +line = 80 begin = 19 end = 42 [C_65] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 16 end = 20 [C_13] file = "HOME/tests/c/sparse_array2.c" -line = 51 +line = 81 begin = 9 end = 10 [C_66] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 30 end = 34 [C_14] file = "HOME/tests/c/sparse_array2.c" -line = 51 +line = 81 begin = 9 end = 10 [C_67] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 22 end = 29 [C_15] file = "HOME/tests/c/sparse_array2.c" -line = 52 +line = 82 begin = 10 end = 12 [C_100] file = "HOME/tests/c/sparse_array2.c" -line = 95 +line = 125 begin = 6 end = 14 [C_68] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 22 end = 29 [C_16] file = "HOME/tests/c/sparse_array2.c" -line = 52 +line = 82 begin = 10 end = 12 [C_101] file = "HOME/tests/c/sparse_array2.c" -line = 95 +line = 125 begin = 20 end = 28 [C_69] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 38 end = 39 @@ -558,19 +601,19 @@ [C_102] file = "HOME/tests/c/sparse_array2.c" -line = 95 +line = 125 begin = 20 end = 28 [C_18] file = "HOME/tests/c/sparse_array2.c" -line = 42 +line = 72 begin = 12 end = 24 [C_103] file = "HOME/tests/c/sparse_array2.c" -line = 96 +line = 126 begin = 13 end = 29 @@ -582,37 +625,37 @@ [C_104] file = "HOME/tests/c/sparse_array2.c" -line = 96 +line = 126 begin = 13 end = 19 [C_105] file = "HOME/tests/c/sparse_array2.c" -line = 96 +line = 126 begin = 23 end = 29 [C_106] file = "HOME/tests/c/sparse_array2.c" -line = 97 +line = 127 begin = 6 end = 14 [C_107] file = "HOME/tests/c/sparse_array2.c" -line = 97 +line = 127 begin = 6 end = 14 [C_108] file = "HOME/tests/c/sparse_array2.c" -line = 97 +line = 127 begin = 20 end = 28 [C_109] file = "HOME/tests/c/sparse_array2.c" -line = 97 +line = 127 begin = 20 end = 28 @@ -624,103 +667,103 @@ [C_2] file = "HOME/tests/c/sparse_array2.c" -line = 47 +line = 77 begin = 33 end = 67 [C_70] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 38 end = 39 [C_3] file = "HOME/tests/c/sparse_array2.c" -line = 47 +line = 77 begin = 33 end = 67 [C_71] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 41 end = 45 [C_4] file = "HOME/tests/c/sparse_array2.c" -line = 48 +line = 78 begin = 17 end = 39 [C_72] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 41 end = 47 [C_20] file = "HOME/tests/c/sparse_array2.c" -line = 43 +line = 73 begin = 12 end = 29 [C_5] file = "HOME/tests/c/sparse_array2.c" -line = 48 +line = 78 begin = 17 end = 39 [C_73] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 41 end = 47 [C_21] file = "HOME/tests/c/sparse_array2.c" -line = 44 +line = 74 begin = 12 end = 52 [C_6] file = "HOME/tests/c/sparse_array2.c" -line = 48 +line = 78 begin = 17 end = 39 [C_74] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 41 end = 47 [C_22] file = "HOME/tests/c/sparse_array2.c" -line = 39 +line = 69 begin = 13 end = 20 [C_7] file = "HOME/tests/c/sparse_array2.c" -line = 49 +line = 79 begin = 18 end = 41 [C_75] file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 41 end = 47 [C_23] file = "HOME/tests/c/sparse_array2.c" -line = 64 +line = 94 begin = 13 end = 27 [C_8] file = "HOME/tests/c/sparse_array2.c" -line = 49 +line = 79 begin = 18 end = 41 @@ -732,31 +775,31 @@ [C_24] file = "HOME/tests/c/sparse_array2.c" -line = 67 +line = 97 begin = 7 end = 16 [C_9] file = "HOME/tests/c/sparse_array2.c" -line = 49 +line = 79 begin = 18 end = 41 [C_77] file = "HOME/tests/c/sparse_array2.c" -line = 74 +line = 104 begin = 12 end = 18 [C_25] file = "HOME/tests/c/sparse_array2.c" -line = 67 +line = 97 begin = 7 end = 16 [C_110] file = "HOME/tests/c/sparse_array2.c" -line = 98 +line = 128 begin = 13 end = 29 @@ -768,49 +811,56 @@ [C_26] file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 38 end = 44 [C_111] file = "HOME/tests/c/sparse_array2.c" -line = 98 +line = 128 begin = 13 end = 19 [C_79] file = "HOME/tests/c/sparse_array2.c" -line = 75 +line = 105 begin = 12 end = 27 [C_27] file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 38 end = 44 [C_112] file = "HOME/tests/c/sparse_array2.c" -line = 98 +line = 128 begin = 23 end = 29 [C_28] file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 38 end = 47 +[model_out] +name = "Lemma model_out" +file = "HOME/tests/c/sparse_array2.c" +line = 53 +begin = 6 +end = 99 + [C_113] file = "HOME/tests/c/sparse_array2.c" -line = 99 +line = 129 begin = 2 end = 11 [C_29] file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 31 end = 48 @@ -822,255 +872,255 @@ [C_80] file = "HOME/tests/c/sparse_array2.c" -line = 76 +line = 106 begin = 12 end = 79 [C_81] file = "HOME/tests/c/sparse_array2.c" -line = 72 +line = 102 begin = 13 end = 27 [C_82] file = "HOME/tests/c/sparse_array2.c" -line = 71 +line = 101 begin = 13 end = 19 [C_30] file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 14 end = 20 [C_83] file = "HOME/tests/c/sparse_array2.c" -line = 70 +line = 100 begin = 13 end = 22 [C_31] file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 14 end = 20 [C_84] file = "HOME/tests/c/sparse_array2.c" -line = 70 +line = 100 begin = 13 end = 22 [C_32] file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 14 end = 23 [C_85] file = "HOME/tests/c/sparse_array2.c" -line = 70 +line = 100 begin = 13 end = 22 [C_33] file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 6 end = 13 [C_86] file = "HOME/tests/c/sparse_array2.c" -line = 90 +line = 120 begin = 19 end = 29 [C_34] file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 6 end = 13 [C_87] file = "HOME/tests/c/sparse_array2.c" -line = 90 +line = 120 begin = 19 end = 29 [C_35] file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 6 end = 24 [C_88] file = "HOME/tests/c/sparse_array2.c" -line = 90 +line = 120 begin = 35 end = 45 [C_36] file = "HOME/tests/c/sparse_array2.c" -line = 65 +line = 95 begin = 18 end = 22 [C_89] file = "HOME/tests/c/sparse_array2.c" -line = 90 +line = 120 begin = 35 end = 45 [C_37] file = "HOME/tests/c/sparse_array2.c" -line = 65 +line = 95 begin = 6 end = 12 [C_38] file = "HOME/tests/c/sparse_array2.c" -line = 65 +line = 95 begin = 6 end = 12 [C_39] file = "HOME/tests/c/sparse_array2.c" -line = 65 +line = 95 begin = 6 end = 15 [C_90] file = "HOME/tests/c/sparse_array2.c" -line = 92 +line = 122 begin = 6 end = 14 [C_91] file = "HOME/tests/c/sparse_array2.c" -line = 92 +line = 122 begin = 6 end = 14 [C_92] file = "HOME/tests/c/sparse_array2.c" -line = 92 +line = 122 begin = 20 end = 28 [C_40] file = "HOME/tests/c/sparse_array2.c" -line = 60 +line = 90 begin = 12 end = 33 [C_93] file = "HOME/tests/c/sparse_array2.c" -line = 92 +line = 122 begin = 20 end = 28 [C_41] file = "HOME/tests/c/sparse_array2.c" -line = 58 +line = 88 begin = 13 end = 27 [C_94] file = "HOME/tests/c/sparse_array2.c" -line = 93 +line = 123 begin = 13 end = 29 [C_42] file = "HOME/tests/c/sparse_array2.c" -line = 57 +line = 87 begin = 13 end = 19 [C_95] file = "HOME/tests/c/sparse_array2.c" -line = 93 +line = 123 begin = 13 end = 19 [C_43] file = "HOME/tests/c/sparse_array2.c" -line = 56 +line = 86 begin = 13 end = 22 [C_96] file = "HOME/tests/c/sparse_array2.c" -line = 93 +line = 123 begin = 23 end = 29 [C_44] file = "HOME/tests/c/sparse_array2.c" -line = 56 +line = 86 begin = 13 end = 22 [C_97] file = "HOME/tests/c/sparse_array2.c" -line = 94 +line = 124 begin = 2 end = 12 [C_45] file = "HOME/tests/c/sparse_array2.c" -line = 56 +line = 86 begin = 13 end = 22 [C_98] file = "HOME/tests/c/sparse_array2.c" -line = 94 +line = 124 begin = 14 end = 24 [C_46] file = "HOME/tests/c/sparse_array2.c" -line = 80 +line = 110 begin = 2 end = 8 [create] name = "Function create" file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 [C_99] file = "HOME/tests/c/sparse_array2.c" -line = 95 +line = 125 begin = 6 end = 14 [set] name = "Function set" file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 [C_47] file = "HOME/tests/c/sparse_array2.c" -line = 80 +line = 110 begin = 2 end = 8 [C_48] file = "HOME/tests/c/sparse_array2.c" -line = 80 +line = 110 begin = 14 end = 15 [C_49] file = "HOME/tests/c/sparse_array2.c" -line = 80 +line = 110 begin = 14 end = 15 @@ -1094,10 +1144,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs sparse_array2.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/sparse_array2_why.sx @@ -1158,6 +1209,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/sparse_array2_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/sparse_array2_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -1230,6 +1288,9 @@ why3ide: why/sparse_array2_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: sparse_array2.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include sparse_array2.depend depend: coq/sparse_array2_why.v @@ -1241,15 +1302,15 @@ ========== file tests/c/sparse_array2.jessie/sparse_array2.loc ========== [JC_90] file = "HOME/tests/c/sparse_array2.c" -line = 72 +line = 102 begin = 13 end = 27 [main_ensures_default] name = "Function main" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/sparse_array2.c" -line = 89 +line = 119 begin = 4 end = 8 @@ -1268,39 +1329,39 @@ [JC_40] kind = AllocSize file = "HOME/tests/c/sparse_array2.c" -line = 48 +line = 78 begin = 17 end = 39 [JC_93] file = "HOME/tests/c/sparse_array2.c" -line = 74 +line = 104 begin = 12 end = 18 [JC_41] kind = AllocSize file = "HOME/tests/c/sparse_array2.c" -line = 49 +line = 79 begin = 18 end = 41 [JC_94] file = "HOME/tests/c/sparse_array2.c" -line = 75 +line = 105 begin = 12 end = 27 [JC_42] kind = AllocSize file = "HOME/tests/c/sparse_array2.c" -line = 50 +line = 80 begin = 19 end = 42 [JC_95] file = "HOME/tests/c/sparse_array2.c" -line = 76 +line = 106 begin = 12 end = 79 @@ -1309,7 +1370,7 @@ file = "HOME/tests/c/sparse_array2.jessie/sparse_array2.jc" line = 104 begin = 14 -end = 55 +end = 54 [JC_96] file = "HOME/" @@ -1322,7 +1383,7 @@ file = "HOME/tests/c/sparse_array2.jessie/sparse_array2.jc" line = 105 begin = 14 -end = 64 +end = 63 [JC_150] kind = UserCall @@ -1333,7 +1394,7 @@ [JC_97] file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 @@ -1342,7 +1403,7 @@ file = "HOME/tests/c/sparse_array2.jessie/sparse_array2.jc" line = 106 begin = 15 -end = 68 +end = 67 [JC_151] kind = UserCall @@ -1353,7 +1414,7 @@ [JC_98] file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 @@ -1373,19 +1434,19 @@ [JC_152] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 95 +line = 125 begin = 6 end = 14 [JC_100] file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 [JC_99] file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 @@ -1405,7 +1466,7 @@ [JC_153] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 95 +line = 125 begin = 20 end = 28 @@ -1413,12 +1474,12 @@ file = "HOME/tests/c/sparse_array2.jessie/sparse_array2.jc" line = 163 begin = 10 -end = 111 +end = 108 [JC_48] kind = AllocSize file = "HOME/tests/c/sparse_array2.c" -line = 47 +line = 77 begin = 33 end = 67 @@ -1430,7 +1491,7 @@ [JC_154] file = "HOME/tests/c/sparse_array2.c" -line = 96 +line = 126 begin = 13 end = 19 @@ -1444,14 +1505,14 @@ name = "Function get" behavior = "Safety" file = "HOME/tests/c/sparse_array2.c" -line = 62 +line = 92 begin = 4 end = 7 [JC_49] kind = AllocSize file = "HOME/tests/c/sparse_array2.c" -line = 48 +line = 78 begin = 17 end = 39 @@ -1463,13 +1524,13 @@ [JC_155] file = "HOME/tests/c/sparse_array2.c" -line = 96 +line = 126 begin = 23 end = 29 [JC_103] file = "HOME/tests/c/sparse_array2.c" -line = 74 +line = 104 begin = 12 end = 18 @@ -1481,13 +1542,13 @@ [JC_156] file = "HOME/tests/c/sparse_array2.c" -line = 96 +line = 126 begin = 13 end = 29 [JC_104] file = "HOME/tests/c/sparse_array2.c" -line = 75 +line = 105 begin = 12 end = 27 @@ -1500,13 +1561,13 @@ [JC_157] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 97 +line = 127 begin = 6 end = 14 [JC_105] file = "HOME/tests/c/sparse_array2.c" -line = 76 +line = 106 begin = 12 end = 79 @@ -1517,17 +1578,17 @@ end = -1 [model_in] -name = "model_in" +name = "Lemma model_in" behavior = "axiom" -file = "HOME/tests/c/sparse_array2.jessie/sparse_array2.jc" -line = 60 -begin = 2 -end = 159 +file = "HOME/tests/c/sparse_array2.c" +line = 51 +begin = 6 +end = 105 [JC_158] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 97 +line = 127 begin = 20 end = 28 @@ -1545,13 +1606,13 @@ [JC_159] file = "HOME/tests/c/sparse_array2.c" -line = 98 +line = 128 begin = 13 end = 19 [JC_107] file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 @@ -1563,71 +1624,71 @@ [JC_108] file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 [JC_109] file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 [JC_50] kind = AllocSize file = "HOME/tests/c/sparse_array2.c" -line = 49 +line = 79 begin = 18 end = 41 [JC_51] kind = AllocSize file = "HOME/tests/c/sparse_array2.c" -line = 50 +line = 80 begin = 19 end = 42 [JC_52] file = "HOME/tests/c/sparse_array2.c" -line = 56 +line = 86 begin = 13 end = 22 [JC_53] file = "HOME/tests/c/sparse_array2.c" -line = 56 +line = 86 begin = 13 end = 22 [JC_54] file = "HOME/tests/c/sparse_array2.c" -line = 57 +line = 87 begin = 13 end = 19 [JC_160] file = "HOME/tests/c/sparse_array2.c" -line = 98 +line = 128 begin = 23 end = 29 [JC_55] file = "HOME/tests/c/sparse_array2.c" -line = 58 +line = 88 begin = 13 end = 27 [create_ensures_default] name = "Function create" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 [JC_161] file = "HOME/tests/c/sparse_array2.c" -line = 98 +line = 128 begin = 13 end = 29 @@ -1635,7 +1696,7 @@ name = "Function set" behavior = "Safety" file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 @@ -1648,13 +1709,13 @@ [JC_162] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 90 +line = 120 begin = 19 end = 29 [JC_110] file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 @@ -1667,7 +1728,7 @@ [JC_163] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 90 +line = 120 begin = 35 end = 45 @@ -1675,18 +1736,18 @@ file = "HOME/tests/c/sparse_array2.jessie/sparse_array2.jc" line = 163 begin = 10 -end = 111 +end = 108 [JC_58] file = "HOME/tests/c/sparse_array2.c" -line = 56 +line = 86 begin = 13 end = 22 [JC_164] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 92 +line = 122 begin = 6 end = 14 @@ -1698,14 +1759,14 @@ [JC_59] file = "HOME/tests/c/sparse_array2.c" -line = 56 +line = 86 begin = 13 end = 22 [JC_165] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 92 +line = 122 begin = 20 end = 28 @@ -1717,7 +1778,7 @@ [JC_166] file = "HOME/tests/c/sparse_array2.c" -line = 93 +line = 123 begin = 13 end = 19 @@ -1729,20 +1790,20 @@ [JC_167] file = "HOME/tests/c/sparse_array2.c" -line = 93 +line = 123 begin = 23 end = 29 [JC_115] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 80 +line = 110 begin = 2 end = 8 [JC_168] file = "HOME/tests/c/sparse_array2.c" -line = 93 +line = 123 begin = 13 end = 29 @@ -1751,7 +1812,7 @@ file = "HOME/tests/c/sparse_array2.jessie/sparse_array2.jc" line = 175 begin = 15 -end = 67 +end = 66 [JC_169] kind = UserCall @@ -1763,33 +1824,33 @@ [JC_117] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 8 end = 14 [JC_118] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 8 end = 17 [JC_119] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 20 end = 24 [JC_60] file = "HOME/tests/c/sparse_array2.c" -line = 57 +line = 87 begin = 13 end = 19 [JC_61] file = "HOME/tests/c/sparse_array2.c" -line = 58 +line = 88 begin = 13 end = 27 @@ -1813,13 +1874,13 @@ [JC_11] file = "HOME/tests/c/sparse_array2.c" -line = 39 +line = 69 begin = 13 end = 20 [JC_64] file = "HOME/tests/c/sparse_array2.c" -line = 60 +line = 90 begin = 12 end = 33 @@ -1844,20 +1905,20 @@ [JC_13] file = "HOME/tests/c/sparse_array2.c" -line = 39 +line = 69 begin = 13 end = 20 [JC_171] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 95 +line = 125 begin = 6 end = 14 [JC_66] file = "HOME/tests/c/sparse_array2.c" -line = 60 +line = 90 begin = 12 end = 33 @@ -1870,14 +1931,14 @@ [JC_172] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 95 +line = 125 begin = 20 end = 28 [JC_120] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 37 end = 43 @@ -1889,20 +1950,20 @@ [JC_15] file = "HOME/tests/c/sparse_array2.c" -line = 42 +line = 72 begin = 12 end = 24 [JC_173] file = "HOME/tests/c/sparse_array2.c" -line = 96 +line = 126 begin = 13 end = 19 [JC_121] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 37 end = 46 @@ -1914,20 +1975,20 @@ [JC_16] file = "HOME/tests/c/sparse_array2.c" -line = 43 +line = 73 begin = 12 end = 29 [JC_174] file = "HOME/tests/c/sparse_array2.c" -line = 96 +line = 126 begin = 23 end = 29 [JC_122] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 28 end = 36 @@ -1939,20 +2000,20 @@ [JC_17] file = "HOME/tests/c/sparse_array2.c" -line = 44 +line = 74 begin = 12 end = 52 [JC_175] file = "HOME/tests/c/sparse_array2.c" -line = 96 +line = 126 begin = 13 end = 29 [JC_123] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 81 +line = 111 begin = 28 end = 47 @@ -1965,52 +2026,52 @@ [JC_176] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 97 +line = 127 begin = 6 end = 14 [JC_124] file = "HOME/tests/c/sparse_array2.c" -line = 82 +line = 112 begin = 15 end = 27 [JC_19] file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 [JC_177] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 97 +line = 127 begin = 20 end = 28 [JC_125] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 16 end = 20 [JC_178] file = "HOME/tests/c/sparse_array2.c" -line = 98 +line = 128 begin = 13 end = 19 [JC_126] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 4 end = 10 [JC_179] file = "HOME/tests/c/sparse_array2.c" -line = 98 +line = 128 begin = 23 end = 29 @@ -2019,47 +2080,47 @@ file = "HOME/tests/c/sparse_array2.jessie/sparse_array2.jc" line = 192 begin = 18 -end = 102 +end = 101 [JC_128] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 22 end = 29 [model_out] -name = "model_out" +name = "Lemma model_out" behavior = "axiom" -file = "HOME/tests/c/sparse_array2.jessie/sparse_array2.jc" -line = 65 -begin = 2 -end = 144 +file = "HOME/tests/c/sparse_array2.c" +line = 53 +begin = 6 +end = 99 [JC_129] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 30 end = 34 [JC_70] file = "HOME/tests/c/sparse_array2.c" -line = 64 +line = 94 begin = 13 end = 27 [JC_71] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 65 +line = 95 begin = 6 end = 12 [JC_72] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 65 +line = 95 begin = 6 end = 15 @@ -2067,65 +2128,65 @@ name = "Function create" behavior = "Safety" file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 [JC_20] file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 [JC_73] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 65 +line = 95 begin = 18 end = 22 [JC_21] file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 [JC_74] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 14 end = 20 [JC_22] file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 [JC_180] file = "HOME/tests/c/sparse_array2.c" -line = 98 +line = 128 begin = 13 end = 29 [JC_75] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 14 end = 23 [JC_23] file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 [JC_76] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 6 end = 13 @@ -2140,12 +2201,12 @@ file = "HOME/tests/c/sparse_array2.jessie/sparse_array2.jc" line = 194 begin = 18 -end = 93 +end = 92 [JC_77] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 6 end = 24 @@ -2158,40 +2219,40 @@ [JC_131] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 41 end = 45 [JC_78] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 38 end = 44 [JC_26] file = "HOME/tests/c/sparse_array2.c" -line = 42 +line = 72 begin = 12 end = 24 [JC_132] kind = ArithOverflow file = "HOME/tests/c/sparse_array2.c" -line = 83 +line = 113 begin = 41 end = 47 [JC_79] kind = PointerDeref file = "HOME/tests/c/sparse_array2.c" -line = 66 +line = 96 begin = 38 end = 47 [JC_27] file = "HOME/tests/c/sparse_array2.c" -line = 43 +line = 73 begin = 12 end = 29 @@ -2204,13 +2265,13 @@ [JC_28] file = "HOME/tests/c/sparse_array2.c" -line = 44 +line = 74 begin = 12 end = 52 [JC_134] file = "HOME/tests/c/sparse_array2.c" -line = 82 +line = 112 begin = 15 end = 27 @@ -2222,7 +2283,7 @@ [JC_135] file = "HOME/tests/c/sparse_array2.c" -line = 89 +line = 119 begin = 4 end = 8 @@ -2234,7 +2295,7 @@ [JC_137] file = "HOME/tests/c/sparse_array2.c" -line = 89 +line = 119 begin = 4 end = 8 @@ -2246,9 +2307,9 @@ [set_ensures_default] name = "Function set" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/sparse_array2.c" -line = 79 +line = 109 begin = 5 end = 8 @@ -2260,49 +2321,49 @@ [JC_80] file = "HOME/tests/c/sparse_array2.c" -line = 64 +line = 94 begin = 13 end = 27 [JC_81] file = "HOME/tests/c/sparse_array2.c" -line = 70 +line = 100 begin = 13 end = 22 [JC_82] file = "HOME/tests/c/sparse_array2.c" -line = 70 +line = 100 begin = 13 end = 22 [JC_30] file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 [JC_83] file = "HOME/tests/c/sparse_array2.c" -line = 71 +line = 101 begin = 13 end = 19 [JC_31] file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 [JC_84] file = "HOME/tests/c/sparse_array2.c" -line = 72 +line = 102 begin = 13 end = 27 [JC_32] file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 @@ -2314,7 +2375,7 @@ [JC_33] file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 @@ -2326,15 +2387,15 @@ [get_ensures_default] name = "Function get" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/sparse_array2.c" -line = 62 +line = 92 begin = 4 end = 7 [JC_34] file = "HOME/tests/c/sparse_array2.c" -line = 46 +line = 76 begin = 13 end = 19 @@ -2342,7 +2403,7 @@ name = "Function main" behavior = "Safety" file = "HOME/tests/c/sparse_array2.c" -line = 89 +line = 119 begin = 4 end = 8 @@ -2354,7 +2415,7 @@ [JC_87] file = "HOME/tests/c/sparse_array2.c" -line = 70 +line = 100 begin = 13 end = 22 @@ -2372,7 +2433,7 @@ [JC_88] file = "HOME/tests/c/sparse_array2.c" -line = 70 +line = 100 begin = 13 end = 22 @@ -2390,7 +2451,7 @@ [JC_89] file = "HOME/tests/c/sparse_array2.c" -line = 71 +line = 101 begin = 13 end = 19 @@ -2403,7 +2464,7 @@ [JC_143] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 90 +line = 120 begin = 19 end = 29 @@ -2416,77 +2477,67 @@ [JC_144] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 90 +line = 120 begin = 35 end = 45 [JC_39] kind = AllocSize file = "HOME/tests/c/sparse_array2.c" -line = 47 +line = 77 begin = 33 end = 67 [JC_145] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 92 +line = 122 begin = 6 end = 14 [JC_146] kind = UserCall file = "HOME/tests/c/sparse_array2.c" -line = 92 +line = 122 begin = 20 end = 28 [JC_147] file = "HOME/tests/c/sparse_array2.c" -line = 93 +line = 123 begin = 13 end = 19 [JC_148] file = "HOME/tests/c/sparse_array2.c" -line = 93 +line = 123 begin = 23 end = 29 [JC_149] file = "HOME/tests/c/sparse_array2.c" -line = 93 +line = 123 begin = 13 end = 29 ========== file tests/c/sparse_array2.jessie/why/sparse_array2.why ========== type SparseArray -type char_P +type charP type int32 type int8 -type int_P +type intP type padding type uint32 -type unsigned_int_P +type unsigned_intP -type void_P - -exception Goto__LAND_0_exc of unit - -exception Goto__LAND_exc of unit - -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - -exception Return_label_exc of unit +type voidP logic SparseArray_tag: -> SparseArray tag_id @@ -2505,22 +2556,21 @@ (forall SparseArray_tag_table:SparseArray tag_table. instanceof(SparseArray_tag_table, x, SparseArray_tag))) -logic char_P_tag: -> char_P tag_id +logic charP_tag: -> charP tag_id -axiom char_P_int : (int_of_tag(char_P_tag) = (1)) +axiom charP_int : (int_of_tag(charP_tag) = (1)) -logic char_P_of_pointer_address: unit pointer -> char_P pointer +logic charP_of_pointer_address: unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr : - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom : parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) -axiom char_P_tags : - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. - instanceof(char_P_tag_table, x, char_P_tag))) +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) logic integer_of_int32: int32 -> int @@ -2544,6 +2594,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -2556,65 +2611,70 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_int8(int8_of_integer(x)), x))) +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + axiom int8_range : (forall x:int8. (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) -logic int_P_tag: -> int_P tag_id +logic intP_tag: -> intP tag_id -axiom int_P_int : (int_of_tag(int_P_tag) = (1)) +axiom intP_int : (int_of_tag(intP_tag) = (1)) -logic int_P_of_pointer_address: unit pointer -> int_P pointer +logic intP_of_pointer_address: unit pointer -> intP pointer -axiom int_P_of_pointer_address_of_pointer_addr : - (forall p:int_P pointer. (p = int_P_of_pointer_address(pointer_address(p)))) +axiom intP_of_pointer_address_of_pointer_addr : + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) -axiom int_P_parenttag_bottom : parenttag(int_P_tag, bottom_tag) +axiom intP_parenttag_bottom : parenttag(intP_tag, bottom_tag) -axiom int_P_tags : - (forall x:int_P pointer. - (forall int_P_tag_table:int_P tag_table. - instanceof(int_P_tag_table, x, int_P_tag))) +axiom intP_tags : + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. + instanceof(intP_tag_table, x, intP_tag))) predicate inv(a_3:SparseArray pointer, - unsigned_int_P_back_15_alloc_table_at_L:unsigned_int_P alloc_table, - unsigned_int_P_idx_14_alloc_table_at_L:unsigned_int_P alloc_table, - int_P_val_13_alloc_table_at_L:int_P alloc_table, + unsigned_intP_back_15_alloc_table_at_L:unsigned_intP alloc_table, + unsigned_intP_idx_14_alloc_table_at_L:unsigned_intP alloc_table, + intP_val_13_alloc_table_at_L:intP alloc_table, SparseArray_a_3_3_alloc_table_at_L:SparseArray alloc_table, SparseArray_sz_0_a_3_3_at_L:(SparseArray, uint32) memory, SparseArray_n_a_3_3_at_L:(SparseArray, uint32) memory, - SparseArray_back_a_3_3_at_L:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx_a_3_3_at_L:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_val_a_3_3_at_L:(SparseArray, int_P pointer) memory, - unsigned_int_P_unsigned_int_M_back_15_at_L:(unsigned_int_P, uint32) memory, - unsigned_int_P_unsigned_int_M_idx_14_at_L:(unsigned_int_P, uint32) memory) = + SparseArray_back_a_3_3_at_L:(SparseArray, unsigned_intP pointer) memory, + SparseArray_idx_a_3_3_at_L:(SparseArray, unsigned_intP pointer) memory, + SparseArray_val_a_3_3_at_L:(SparseArray, intP pointer) memory, + unsigned_intP_unsigned_intM_back_15_at_L:(unsigned_intP, uint32) memory, + unsigned_intP_unsigned_intM_idx_14_at_L:(unsigned_intP, uint32) memory) = (le_int(offset_min(SparseArray_a_3_3_alloc_table_at_L, a_3), (0)) and (ge_int(offset_max(SparseArray_a_3_3_alloc_table_at_L, a_3), (0)) and (le_int((0), integer_of_uint32(select(SparseArray_n_a_3_3_at_L, a_3))) and (le_int(integer_of_uint32(select(SparseArray_n_a_3_3_at_L, a_3)), integer_of_uint32(select(SparseArray_sz_0_a_3_3_at_L, a_3))) - and (le_int(offset_min(int_P_val_13_alloc_table_at_L, + and (le_int(offset_min(intP_val_13_alloc_table_at_L, select(SparseArray_val_a_3_3_at_L, a_3)), (0)) - and (ge_int(offset_max(int_P_val_13_alloc_table_at_L, + and (ge_int(offset_max(intP_val_13_alloc_table_at_L, select(SparseArray_val_a_3_3_at_L, a_3)), sub_int(integer_of_uint32(select(SparseArray_sz_0_a_3_3_at_L, a_3)), (1))) - and (le_int(offset_min(unsigned_int_P_idx_14_alloc_table_at_L, + and (le_int(offset_min(unsigned_intP_idx_14_alloc_table_at_L, select(SparseArray_idx_a_3_3_at_L, a_3)), (0)) - and (ge_int(offset_max(unsigned_int_P_idx_14_alloc_table_at_L, + and (ge_int(offset_max(unsigned_intP_idx_14_alloc_table_at_L, select(SparseArray_idx_a_3_3_at_L, a_3)), sub_int(integer_of_uint32(select(SparseArray_sz_0_a_3_3_at_L, a_3)), (1))) - and (le_int(offset_min(unsigned_int_P_back_15_alloc_table_at_L, + and (le_int(offset_min(unsigned_intP_back_15_alloc_table_at_L, select(SparseArray_back_a_3_3_at_L, a_3)), (0)) - and (ge_int(offset_max(unsigned_int_P_back_15_alloc_table_at_L, + and (ge_int(offset_max(unsigned_intP_back_15_alloc_table_at_L, select(SparseArray_back_a_3_3_at_L, a_3)), sub_int(integer_of_uint32(select(SparseArray_sz_0_a_3_3_at_L, @@ -2626,216 +2686,160 @@ integer_of_uint32(select(SparseArray_n_a_3_3_at_L, a_3)))) -> (le_int((0), - integer_of_uint32(select(unsigned_int_P_unsigned_int_M_back_15_at_L, + integer_of_uint32(select(unsigned_intP_unsigned_intM_back_15_at_L, shift(select(SparseArray_back_a_3_3_at_L, a_3), i_3)))) and (lt_int(integer_of_uint32( - select(unsigned_int_P_unsigned_int_M_back_15_at_L, + select(unsigned_intP_unsigned_intM_back_15_at_L, shift(select(SparseArray_back_a_3_3_at_L, a_3), i_3))), integer_of_uint32(select(SparseArray_sz_0_a_3_3_at_L, a_3))) - and eq_int(integer_of_uint32( - select(unsigned_int_P_unsigned_int_M_idx_14_at_L, - shift(select(SparseArray_idx_a_3_3_at_L, - a_3), - integer_of_uint32( - select(unsigned_int_P_unsigned_int_M_back_15_at_L, - shift(select(SparseArray_back_a_3_3_at_L, - a_3), - i_3)))))), - i_3))))))))))))))) + and (integer_of_uint32( + select(unsigned_intP_unsigned_intM_idx_14_at_L, + shift(select(SparseArray_idx_a_3_3_at_L, + a_3), + integer_of_uint32( + select(unsigned_intP_unsigned_intM_back_15_at_L, + shift(select(SparseArray_back_a_3_3_at_L, + a_3), + i_3)))))) = i_3))))))))))))))) predicate is_elt(a:SparseArray pointer, i:int, SparseArray_n_a_1_at_L:(SparseArray, uint32) memory, - SparseArray_back_a_1_at_L:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx_a_1_at_L:(SparseArray, unsigned_int_P pointer) memory, - unsigned_int_P_unsigned_int_M_back_9_at_L:(unsigned_int_P, uint32) memory, - unsigned_int_P_unsigned_int_M_idx_8_at_L:(unsigned_int_P, uint32) memory) = + SparseArray_back_a_1_at_L:(SparseArray, unsigned_intP pointer) memory, + SparseArray_idx_a_1_at_L:(SparseArray, unsigned_intP pointer) memory, + unsigned_intP_unsigned_intM_back_9_at_L:(unsigned_intP, uint32) memory, + unsigned_intP_unsigned_intM_idx_8_at_L:(unsigned_intP, uint32) memory) = (le_int((0), - integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_8_at_L, + integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_8_at_L, shift(select(SparseArray_idx_a_1_at_L, a), i)))) - and (lt_int(integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_8_at_L, + and (lt_int(integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_8_at_L, shift(select(SparseArray_idx_a_1_at_L, a), i))), integer_of_uint32(select(SparseArray_n_a_1_at_L, a))) - and eq_int(integer_of_uint32(select(unsigned_int_P_unsigned_int_M_back_9_at_L, - shift(select(SparseArray_back_a_1_at_L, a), - integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_8_at_L, - shift(select(SparseArray_idx_a_1_at_L, - a), - i)))))), - i))) + and (integer_of_uint32(select(unsigned_intP_unsigned_intM_back_9_at_L, + shift(select(SparseArray_back_a_1_at_L, a), + integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_8_at_L, + shift(select(SparseArray_idx_a_1_at_L, + a), + i)))))) = i))) predicate left_valid_struct_SparseArray(p:SparseArray pointer, a:int, SparseArray_alloc_table:SparseArray alloc_table) = (offset_min(SparseArray_alloc_table, p) <= a) -predicate left_valid_struct_char_P(p:char_P pointer, a:int, - char_P_alloc_table:char_P alloc_table) = - (offset_min(char_P_alloc_table, p) <= a) - -predicate left_valid_struct_int_P(p:int_P pointer, a:int, - int_P_alloc_table:int_P alloc_table) = - (offset_min(int_P_alloc_table, p) <= a) - -predicate left_valid_struct_unsigned_int_P(p:unsigned_int_P pointer, a:int, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - (offset_min(unsigned_int_P_alloc_table, p) <= a) - -predicate left_valid_struct_void_P(p:void_P pointer, a:int, - void_P_alloc_table:void_P alloc_table) = - (offset_min(void_P_alloc_table, p) <= a) +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_intP(p:intP pointer, a:int, + intP_alloc_table:intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) + +predicate left_valid_struct_unsigned_intP(p:unsigned_intP pointer, a:int, + unsigned_intP_alloc_table:unsigned_intP alloc_table) = + (offset_min(unsigned_intP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) logic model: SparseArray pointer, int, (SparseArray, uint32) memory, - (SparseArray, unsigned_int_P pointer) memory, - (SparseArray, unsigned_int_P pointer) memory, - (SparseArray, int_P pointer) memory, (int_P, int32) memory, - (unsigned_int_P, uint32) memory, (unsigned_int_P, uint32) memory -> int - -axiom model_in : - (forall SparseArray_n_a_0_2_at_L:(SparseArray, uint32) memory. - (forall SparseArray_back_a_0_2_at_L: - (SparseArray, unsigned_int_P pointer) memory. - (forall SparseArray_idx_a_0_2_at_L: - (SparseArray, unsigned_int_P pointer) memory. - (forall SparseArray_val_a_0_2_at_L:(SparseArray, int_P pointer) memory. - (forall int_P_int_M_val_11_at_L:(int_P, int32) memory. - (forall unsigned_int_P_unsigned_int_M_idx_35_at_L: - (unsigned_int_P, uint32) memory. - (forall unsigned_int_P_unsigned_int_M_back_34_at_L: - (unsigned_int_P, uint32) memory. - (forall a_1_0:SparseArray pointer. - (forall i_1_0:int. - (is_elt(a_1_0, i_1_0, SparseArray_n_a_0_2_at_L, - SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, - unsigned_int_P_unsigned_int_M_back_34_at_L, - unsigned_int_P_unsigned_int_M_idx_35_at_L) -> - eq_int(model(a_1_0, i_1_0, SparseArray_n_a_0_2_at_L, - SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, - SparseArray_val_a_0_2_at_L, int_P_int_M_val_11_at_L, - unsigned_int_P_unsigned_int_M_idx_35_at_L, - unsigned_int_P_unsigned_int_M_back_34_at_L), - integer_of_int32(select(int_P_int_M_val_11_at_L, - shift(select(SparseArray_val_a_0_2_at_L, a_1_0), - i_1_0)))))))))))))) - -axiom model_out : - (forall SparseArray_n_a_0_2_at_L:(SparseArray, uint32) memory. - (forall SparseArray_back_a_0_2_at_L: - (SparseArray, unsigned_int_P pointer) memory. - (forall SparseArray_idx_a_0_2_at_L: - (SparseArray, unsigned_int_P pointer) memory. - (forall SparseArray_val_a_0_2_at_L:(SparseArray, int_P pointer) memory. - (forall int_P_int_M_val_11_at_L:(int_P, int32) memory. - (forall unsigned_int_P_unsigned_int_M_idx_35_at_L: - (unsigned_int_P, uint32) memory. - (forall unsigned_int_P_unsigned_int_M_back_34_at_L: - (unsigned_int_P, uint32) memory. - (forall a_2:SparseArray pointer. - (forall i_2:int. - ((not is_elt(a_2, i_2, SparseArray_n_a_0_2_at_L, - SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, - unsigned_int_P_unsigned_int_M_back_34_at_L, - unsigned_int_P_unsigned_int_M_idx_35_at_L)) -> - eq_int(model(a_2, i_2, SparseArray_n_a_0_2_at_L, - SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, - SparseArray_val_a_0_2_at_L, int_P_int_M_val_11_at_L, - unsigned_int_P_unsigned_int_M_idx_35_at_L, - unsigned_int_P_unsigned_int_M_back_34_at_L), - (0)))))))))))) + (SparseArray, unsigned_intP pointer) memory, + (SparseArray, unsigned_intP pointer) memory, + (SparseArray, intP pointer) memory, (intP, int32) memory, + (unsigned_intP, uint32) memory, (unsigned_intP, uint32) memory -> int axiom pointer_addr_of_SparseArray_of_pointer_address : (forall p:unit pointer. (p = pointer_address(SparseArray_of_pointer_address(p)))) -axiom pointer_addr_of_char_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(char_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) -axiom pointer_addr_of_int_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(int_P_of_pointer_address(p)))) +axiom pointer_addr_of_intP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) -logic unsigned_int_P_of_pointer_address: unit pointer -> unsigned_int_P pointer +logic unsigned_intP_of_pointer_address: unit pointer -> unsigned_intP pointer -axiom pointer_addr_of_unsigned_int_P_of_pointer_address : +axiom pointer_addr_of_unsigned_intP_of_pointer_address : (forall p:unit pointer. - (p = pointer_address(unsigned_int_P_of_pointer_address(p)))) + (p = pointer_address(unsigned_intP_of_pointer_address(p)))) -logic void_P_of_pointer_address: unit pointer -> void_P pointer +logic voidP_of_pointer_address: unit pointer -> voidP pointer -axiom pointer_addr_of_void_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) predicate right_valid_struct_SparseArray(p:SparseArray pointer, b:int, SparseArray_alloc_table:SparseArray alloc_table) = (offset_max(SparseArray_alloc_table, p) >= b) -predicate right_valid_struct_char_P(p:char_P pointer, b:int, - char_P_alloc_table:char_P alloc_table) = - (offset_max(char_P_alloc_table, p) >= b) - -predicate right_valid_struct_int_P(p:int_P pointer, b:int, - int_P_alloc_table:int_P alloc_table) = - (offset_max(int_P_alloc_table, p) >= b) - -predicate right_valid_struct_unsigned_int_P(p:unsigned_int_P pointer, b:int, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - (offset_max(unsigned_int_P_alloc_table, p) >= b) - -predicate right_valid_struct_void_P(p:void_P pointer, b:int, - void_P_alloc_table:void_P alloc_table) = - (offset_max(void_P_alloc_table, p) >= b) +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_intP(p:intP pointer, b:int, + intP_alloc_table:intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) + +predicate right_valid_struct_unsigned_intP(p:unsigned_intP pointer, b:int, + unsigned_intP_alloc_table:unsigned_intP alloc_table) = + (offset_max(unsigned_intP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) predicate strict_valid_root_SparseArray(p:SparseArray pointer, a:int, b:int, SparseArray_alloc_table:SparseArray alloc_table) = ((offset_min(SparseArray_alloc_table, p) = a) and (offset_max(SparseArray_alloc_table, p) = b)) -predicate strict_valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) - and (offset_max(int_P_alloc_table, p) = b)) - -predicate strict_valid_root_unsigned_int_P(p:unsigned_int_P pointer, a:int, - b:int, unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) = a) - and (offset_max(unsigned_int_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_root_unsigned_intP(p:unsigned_intP pointer, a:int, + b:int, unsigned_intP_alloc_table:unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) = a) + and (offset_max(unsigned_intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) predicate strict_valid_struct_SparseArray(p:SparseArray pointer, a:int, b:int, SparseArray_alloc_table:SparseArray alloc_table) = ((offset_min(SparseArray_alloc_table, p) = a) and (offset_max(SparseArray_alloc_table, p) = b)) -predicate strict_valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) - and (offset_max(int_P_alloc_table, p) = b)) - -predicate strict_valid_struct_unsigned_int_P(p:unsigned_int_P pointer, a:int, - b:int, unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) = a) - and (offset_max(unsigned_int_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_struct_unsigned_intP(p:unsigned_intP pointer, a:int, + b:int, unsigned_intP_alloc_table:unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) = a) + and (offset_max(unsigned_intP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) logic uint32_of_integer: int -> uint32 @@ -2844,210 +2848,161 @@ ((le_int((0), x) and le_int(x, (4294967295))) -> eq_int(integer_of_uint32(uint32_of_integer(x)), x))) +axiom uint32_extensionality : + (forall x:uint32. + (forall y:uint32. + (eq_int(integer_of_uint32(x), integer_of_uint32(y)) -> (x = y)))) + axiom uint32_range : (forall x:uint32. (le_int((0), integer_of_uint32(x)) and le_int(integer_of_uint32(x), (4294967295)))) -logic unsigned_int_P_tag: -> unsigned_int_P tag_id +logic unsigned_intP_tag: -> unsigned_intP tag_id -axiom unsigned_int_P_int : (int_of_tag(unsigned_int_P_tag) = (1)) +axiom unsigned_intP_int : (int_of_tag(unsigned_intP_tag) = (1)) -axiom unsigned_int_P_of_pointer_address_of_pointer_addr : - (forall p:unsigned_int_P pointer. - (p = unsigned_int_P_of_pointer_address(pointer_address(p)))) - -axiom unsigned_int_P_parenttag_bottom : - parenttag(unsigned_int_P_tag, bottom_tag) - -axiom unsigned_int_P_tags : - (forall x:unsigned_int_P pointer. - (forall unsigned_int_P_tag_table:unsigned_int_P tag_table. - instanceof(unsigned_int_P_tag_table, x, unsigned_int_P_tag))) - -predicate valid_bitvector_struct_SparseArray(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_int_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_unsigned_int_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) +axiom unsigned_intP_of_pointer_address_of_pointer_addr : + (forall p:unsigned_intP pointer. + (p = unsigned_intP_of_pointer_address(pointer_address(p)))) + +axiom unsigned_intP_parenttag_bottom : + parenttag(unsigned_intP_tag, bottom_tag) + +axiom unsigned_intP_tags : + (forall x:unsigned_intP pointer. + (forall unsigned_intP_tag_table:unsigned_intP tag_table. + instanceof(unsigned_intP_tag_table, x, unsigned_intP_tag))) predicate valid_root_SparseArray(p:SparseArray pointer, a:int, b:int, SparseArray_alloc_table:SparseArray alloc_table) = ((offset_min(SparseArray_alloc_table, p) <= a) and (offset_max(SparseArray_alloc_table, p) >= b)) -predicate valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) - and (offset_max(int_P_alloc_table, p) >= b)) - -predicate valid_root_unsigned_int_P(p:unsigned_int_P pointer, a:int, b:int, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) <= a) - and (offset_max(unsigned_int_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_root_unsigned_intP(p:unsigned_intP pointer, a:int, b:int, + unsigned_intP_alloc_table:unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) <= a) + and (offset_max(unsigned_intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) predicate valid_struct_SparseArray(p:SparseArray pointer, a:int, b:int, SparseArray_alloc_table:SparseArray alloc_table) = ((offset_min(SparseArray_alloc_table, p) <= a) and (offset_max(SparseArray_alloc_table, p) >= b)) -predicate valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) - and (offset_max(int_P_alloc_table, p) >= b)) - -predicate valid_struct_unsigned_int_P(p:unsigned_int_P pointer, a:int, b:int, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) <= a) - and (offset_max(unsigned_int_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag: -> void_P tag_id - -axiom void_P_int : (int_of_tag(void_P_tag) = (1)) - -axiom void_P_of_pointer_address_of_pointer_addr : - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom : parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags : - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. - instanceof(void_P_tag_table, x, void_P_tag))) - -parameter SparseArray_alloc_table : SparseArray alloc_table ref - -parameter SparseArray_tag_table : SparseArray tag_table ref +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_struct_unsigned_intP(p:unsigned_intP pointer, a:int, b:int, + unsigned_intP_alloc_table:unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) <= a) + and (offset_max(unsigned_intP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) -parameter alloc_bitvector_struct_SparseArray : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_SparseArray(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_SparseArray_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_SparseArray(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +axiom model_in : + (forall SparseArray_n_a_0_2_at_L:(SparseArray, uint32) memory. + (forall SparseArray_back_a_0_2_at_L: + (SparseArray, unsigned_intP pointer) memory. + (forall SparseArray_idx_a_0_2_at_L: + (SparseArray, unsigned_intP pointer) memory. + (forall SparseArray_val_a_0_2_at_L:(SparseArray, intP pointer) memory. + (forall intP_intM_val_11_at_L:(intP, int32) memory. + (forall unsigned_intP_unsigned_intM_idx_35_at_L: + (unsigned_intP, uint32) memory. + (forall unsigned_intP_unsigned_intM_back_34_at_L: + (unsigned_intP, uint32) memory. + (forall a_1_0:SparseArray pointer. + (forall i_1_0:int. + (is_elt(a_1_0, i_1_0, SparseArray_n_a_0_2_at_L, + SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, + unsigned_intP_unsigned_intM_back_34_at_L, + unsigned_intP_unsigned_intM_idx_35_at_L) -> + (model(a_1_0, i_1_0, SparseArray_n_a_0_2_at_L, + SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, + SparseArray_val_a_0_2_at_L, intP_intM_val_11_at_L, + unsigned_intP_unsigned_intM_idx_35_at_L, + unsigned_intP_unsigned_intM_back_34_at_L) = integer_of_int32( + select(intP_intM_val_11_at_L, + shift(select(SparseArray_val_a_0_2_at_L, + a_1_0), + i_1_0)))))))))))))) -parameter alloc_bitvector_struct_char_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +axiom model_out : + (forall SparseArray_n_a_0_2_at_L:(SparseArray, uint32) memory. + (forall SparseArray_back_a_0_2_at_L: + (SparseArray, unsigned_intP pointer) memory. + (forall SparseArray_idx_a_0_2_at_L: + (SparseArray, unsigned_intP pointer) memory. + (forall SparseArray_val_a_0_2_at_L:(SparseArray, intP pointer) memory. + (forall intP_intM_val_11_at_L:(intP, int32) memory. + (forall unsigned_intP_unsigned_intM_idx_35_at_L: + (unsigned_intP, uint32) memory. + (forall unsigned_intP_unsigned_intM_back_34_at_L: + (unsigned_intP, uint32) memory. + (forall a_2:SparseArray pointer. + (forall i_2:int. + ((not is_elt(a_2, i_2, SparseArray_n_a_0_2_at_L, + SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, + unsigned_intP_unsigned_intM_back_34_at_L, + unsigned_intP_unsigned_intM_idx_35_at_L)) -> + (model(a_2, i_2, SparseArray_n_a_0_2_at_L, + SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, + SparseArray_val_a_0_2_at_L, intP_intM_val_11_at_L, + unsigned_intP_unsigned_intM_idx_35_at_L, + unsigned_intP_unsigned_intM_back_34_at_L) = (0)))))))))))) -parameter alloc_bitvector_struct_char_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Goto__LAND_0_exc of unit -parameter alloc_bitvector_struct_int_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Goto__LAND_exc of unit -parameter alloc_bitvector_struct_int_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_unsigned_int_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_unsigned_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_unsigned_int_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_unsigned_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_void_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter SparseArray_alloc_table : SparseArray alloc_table ref -parameter alloc_bitvector_struct_void_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter SparseArray_tag_table : SparseArray tag_table ref parameter alloc_struct_SparseArray : n:int -> @@ -3073,117 +3028,115 @@ and (alloc_fresh(SparseArray_alloc_table@, result, n) and instanceof(SparseArray_tag_table, result, SparseArray_tag)))) } -parameter char_P_alloc_table : char_P alloc_table ref +parameter charP_alloc_table : charP alloc_table ref -parameter char_P_tag_table : char_P tag_table ref +parameter charP_tag_table : charP tag_table ref -parameter alloc_struct_char_P : +parameter alloc_struct_charP : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { } char_P pointer writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter alloc_struct_char_P_requires : +parameter alloc_struct_charP_requires : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { ge_int(n, (0))} char_P pointer - writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter int_P_alloc_table : int_P alloc_table ref +parameter intP_alloc_table : intP alloc_table ref -parameter int_P_tag_table : int_P tag_table ref +parameter intP_tag_table : intP tag_table ref -parameter alloc_struct_int_P : +parameter alloc_struct_intP : n:int -> - int_P_alloc_table:int_P alloc_table ref -> - int_P_tag_table:int_P tag_table ref -> - { } int_P pointer writes int_P_alloc_table,int_P_tag_table - { (strict_valid_struct_int_P(result, (0), sub_int(n, (1)), - int_P_alloc_table) - and (alloc_extends(int_P_alloc_table@, int_P_alloc_table) - and (alloc_fresh(int_P_alloc_table@, result, n) - and instanceof(int_P_tag_table, result, int_P_tag)))) } + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { } intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } -parameter alloc_struct_int_P_requires : +parameter alloc_struct_intP_requires : n:int -> - int_P_alloc_table:int_P alloc_table ref -> - int_P_tag_table:int_P tag_table ref -> - { ge_int(n, (0))} int_P pointer writes int_P_alloc_table,int_P_tag_table - { (strict_valid_struct_int_P(result, (0), sub_int(n, (1)), - int_P_alloc_table) - and (alloc_extends(int_P_alloc_table@, int_P_alloc_table) - and (alloc_fresh(int_P_alloc_table@, result, n) - and instanceof(int_P_tag_table, result, int_P_tag)))) } + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { ge_int(n, (0))} intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } -parameter unsigned_int_P_alloc_table : unsigned_int_P alloc_table ref +parameter unsigned_intP_alloc_table : unsigned_intP alloc_table ref -parameter unsigned_int_P_tag_table : unsigned_int_P tag_table ref +parameter unsigned_intP_tag_table : unsigned_intP tag_table ref -parameter alloc_struct_unsigned_int_P : +parameter alloc_struct_unsigned_intP : n:int -> - unsigned_int_P_alloc_table:unsigned_int_P alloc_table ref -> - unsigned_int_P_tag_table:unsigned_int_P tag_table ref -> - { } unsigned_int_P pointer - writes unsigned_int_P_alloc_table,unsigned_int_P_tag_table - { (strict_valid_struct_unsigned_int_P(result, (0), sub_int(n, (1)), - unsigned_int_P_alloc_table) - and (alloc_extends(unsigned_int_P_alloc_table@, - unsigned_int_P_alloc_table) - and (alloc_fresh(unsigned_int_P_alloc_table@, result, n) - and instanceof(unsigned_int_P_tag_table, result, - unsigned_int_P_tag)))) } + unsigned_intP_alloc_table:unsigned_intP alloc_table ref -> + unsigned_intP_tag_table:unsigned_intP tag_table ref -> + { } unsigned_intP pointer + writes unsigned_intP_alloc_table,unsigned_intP_tag_table + { (strict_valid_struct_unsigned_intP(result, (0), sub_int(n, (1)), + unsigned_intP_alloc_table) + and (alloc_extends(unsigned_intP_alloc_table@, + unsigned_intP_alloc_table) + and (alloc_fresh(unsigned_intP_alloc_table@, result, n) + and instanceof(unsigned_intP_tag_table, result, + unsigned_intP_tag)))) } -parameter alloc_struct_unsigned_int_P_requires : +parameter alloc_struct_unsigned_intP_requires : n:int -> - unsigned_int_P_alloc_table:unsigned_int_P alloc_table ref -> - unsigned_int_P_tag_table:unsigned_int_P tag_table ref -> - { ge_int(n, (0))} unsigned_int_P pointer - writes unsigned_int_P_alloc_table,unsigned_int_P_tag_table - { (strict_valid_struct_unsigned_int_P(result, (0), sub_int(n, (1)), - unsigned_int_P_alloc_table) - and (alloc_extends(unsigned_int_P_alloc_table@, - unsigned_int_P_alloc_table) - and (alloc_fresh(unsigned_int_P_alloc_table@, result, n) - and instanceof(unsigned_int_P_tag_table, result, - unsigned_int_P_tag)))) } + unsigned_intP_alloc_table:unsigned_intP alloc_table ref -> + unsigned_intP_tag_table:unsigned_intP tag_table ref -> + { ge_int(n, (0))} unsigned_intP pointer + writes unsigned_intP_alloc_table,unsigned_intP_tag_table + { (strict_valid_struct_unsigned_intP(result, (0), sub_int(n, (1)), + unsigned_intP_alloc_table) + and (alloc_extends(unsigned_intP_alloc_table@, + unsigned_intP_alloc_table) + and (alloc_fresh(unsigned_intP_alloc_table@, result, n) + and instanceof(unsigned_intP_tag_table, result, + unsigned_intP_tag)))) } -parameter void_P_alloc_table : void_P alloc_table ref +parameter voidP_alloc_table : voidP alloc_table ref -parameter void_P_tag_table : void_P tag_table ref +parameter voidP_tag_table : voidP tag_table ref -parameter alloc_struct_void_P : +parameter alloc_struct_voidP : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { } void_P pointer writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } -parameter alloc_struct_void_P_requires : +parameter alloc_struct_voidP_requires : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { ge_int(n, (0))} void_P pointer - writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } parameter any_int32 : unit -> { } int32 { true } @@ -3197,52 +3150,48 @@ parameter create : sz:uint32 -> - unsigned_int_P_back_22_alloc_table:unsigned_int_P alloc_table ref -> - unsigned_int_P_idx_20_alloc_table:unsigned_int_P alloc_table ref -> - int_P_val_18_alloc_table:int_P alloc_table ref -> + unsigned_intP_back_22_alloc_table:unsigned_intP alloc_table ref -> + unsigned_intP_idx_20_alloc_table:unsigned_intP alloc_table ref -> + intP_val_18_alloc_table:intP alloc_table ref -> SparseArray_result_4_alloc_table:SparseArray alloc_table ref -> - unsigned_int_P_back_22_tag_table:unsigned_int_P tag_table ref -> - unsigned_int_P_idx_20_tag_table:unsigned_int_P tag_table ref -> - int_P_val_18_tag_table:int_P tag_table ref -> + unsigned_intP_back_22_tag_table:unsigned_intP tag_table ref -> + unsigned_intP_idx_20_tag_table:unsigned_intP tag_table ref -> + intP_val_18_tag_table:intP tag_table ref -> SparseArray_result_4_tag_table:SparseArray tag_table ref -> SparseArray_sz_0_result_4:(SparseArray, uint32) memory ref -> SparseArray_n_result_4:(SparseArray, uint32) memory ref -> - SparseArray_back_result_4:(SparseArray, unsigned_int_P pointer) memory ref -> - SparseArray_idx_result_4:(SparseArray, unsigned_int_P pointer) memory ref -> - SparseArray_val_result_4:(SparseArray, int_P pointer) memory ref -> - int_P_int_M_val_18:(int_P, int32) memory -> - unsigned_int_P_unsigned_int_M_back_22:(unsigned_int_P, uint32) memory -> - unsigned_int_P_unsigned_int_M_idx_20:(unsigned_int_P, uint32) memory -> + SparseArray_back_result_4:(SparseArray, unsigned_intP pointer) memory ref -> + SparseArray_idx_result_4:(SparseArray, unsigned_intP pointer) memory ref -> + SparseArray_val_result_4:(SparseArray, intP pointer) memory ref -> + intP_intM_val_18:(intP, int32) memory -> + unsigned_intP_unsigned_intM_back_22:(unsigned_intP, uint32) memory -> + unsigned_intP_unsigned_intM_idx_20:(unsigned_intP, uint32) memory -> { } SparseArray pointer - reads SparseArray_back_result_4,SparseArray_idx_result_4,SparseArray_n_result_4,SparseArray_result_4_alloc_table,SparseArray_sz_0_result_4,SparseArray_val_result_4,int_P_val_18_alloc_table,unsigned_int_P_back_22_alloc_table,unsigned_int_P_idx_20_alloc_table - writes SparseArray_back_result_4,SparseArray_idx_result_4,SparseArray_n_result_4,SparseArray_result_4_alloc_table,SparseArray_result_4_tag_table,SparseArray_sz_0_result_4,SparseArray_val_result_4,int_P_val_18_alloc_table,int_P_val_18_tag_table,unsigned_int_P_back_22_alloc_table,unsigned_int_P_back_22_tag_table,unsigned_int_P_idx_20_alloc_table,unsigned_int_P_idx_20_tag_table + reads SparseArray_back_result_4,SparseArray_idx_result_4,SparseArray_n_result_4,SparseArray_result_4_alloc_table,SparseArray_sz_0_result_4,SparseArray_val_result_4,intP_val_18_alloc_table,unsigned_intP_back_22_alloc_table,unsigned_intP_idx_20_alloc_table + writes SparseArray_back_result_4,SparseArray_idx_result_4,SparseArray_n_result_4,SparseArray_result_4_alloc_table,SparseArray_result_4_tag_table,SparseArray_sz_0_result_4,SparseArray_val_result_4,intP_val_18_alloc_table,intP_val_18_tag_table,unsigned_intP_back_22_alloc_table,unsigned_intP_back_22_tag_table,unsigned_intP_idx_20_alloc_table,unsigned_intP_idx_20_tag_table { (JC_36: ((JC_29: ((JC_26: - inv(result, unsigned_int_P_back_22_alloc_table, - unsigned_int_P_idx_20_alloc_table, - int_P_val_18_alloc_table, + inv(result, unsigned_intP_back_22_alloc_table, + unsigned_intP_idx_20_alloc_table, + intP_val_18_alloc_table, SparseArray_result_4_alloc_table, SparseArray_sz_0_result_4, SparseArray_n_result_4, SparseArray_back_result_4, SparseArray_idx_result_4, SparseArray_val_result_4, - unsigned_int_P_unsigned_int_M_back_22, - unsigned_int_P_unsigned_int_M_idx_20)) + unsigned_intP_unsigned_intM_back_22, + unsigned_intP_unsigned_intM_idx_20)) and ((JC_27: - eq_int(integer_of_uint32(select(SparseArray_sz_0_result_4, - result)), - integer_of_uint32(sz@))) + (integer_of_uint32(select(SparseArray_sz_0_result_4, + result)) = integer_of_uint32(sz))) and (JC_28: (forall i_4:int. - eq_int(model(result, i_4, - SparseArray_n_result_4, - SparseArray_back_result_4, - SparseArray_idx_result_4, - SparseArray_val_result_4, - int_P_int_M_val_18, - unsigned_int_P_unsigned_int_M_idx_20, - unsigned_int_P_unsigned_int_M_back_22), - (0))))))) + (model(result, i_4, SparseArray_n_result_4, + SparseArray_back_result_4, + SparseArray_idx_result_4, + SparseArray_val_result_4, intP_intM_val_18, + unsigned_intP_unsigned_intM_idx_20, + unsigned_intP_unsigned_intM_back_22) = (0))))))) and (JC_35: (((((JC_30: not_assigns(SparseArray_result_4_alloc_table@, @@ -3267,53 +3216,49 @@ parameter create_requires : sz:uint32 -> - unsigned_int_P_back_22_alloc_table:unsigned_int_P alloc_table ref -> - unsigned_int_P_idx_20_alloc_table:unsigned_int_P alloc_table ref -> - int_P_val_18_alloc_table:int_P alloc_table ref -> + unsigned_intP_back_22_alloc_table:unsigned_intP alloc_table ref -> + unsigned_intP_idx_20_alloc_table:unsigned_intP alloc_table ref -> + intP_val_18_alloc_table:intP alloc_table ref -> SparseArray_result_4_alloc_table:SparseArray alloc_table ref -> - unsigned_int_P_back_22_tag_table:unsigned_int_P tag_table ref -> - unsigned_int_P_idx_20_tag_table:unsigned_int_P tag_table ref -> - int_P_val_18_tag_table:int_P tag_table ref -> + unsigned_intP_back_22_tag_table:unsigned_intP tag_table ref -> + unsigned_intP_idx_20_tag_table:unsigned_intP tag_table ref -> + intP_val_18_tag_table:intP tag_table ref -> SparseArray_result_4_tag_table:SparseArray tag_table ref -> SparseArray_sz_0_result_4:(SparseArray, uint32) memory ref -> SparseArray_n_result_4:(SparseArray, uint32) memory ref -> - SparseArray_back_result_4:(SparseArray, unsigned_int_P pointer) memory ref -> - SparseArray_idx_result_4:(SparseArray, unsigned_int_P pointer) memory ref -> - SparseArray_val_result_4:(SparseArray, int_P pointer) memory ref -> - int_P_int_M_val_18:(int_P, int32) memory -> - unsigned_int_P_unsigned_int_M_back_22:(unsigned_int_P, uint32) memory -> - unsigned_int_P_unsigned_int_M_idx_20:(unsigned_int_P, uint32) memory -> + SparseArray_back_result_4:(SparseArray, unsigned_intP pointer) memory ref -> + SparseArray_idx_result_4:(SparseArray, unsigned_intP pointer) memory ref -> + SparseArray_val_result_4:(SparseArray, intP pointer) memory ref -> + intP_intM_val_18:(intP, int32) memory -> + unsigned_intP_unsigned_intM_back_22:(unsigned_intP, uint32) memory -> + unsigned_intP_unsigned_intM_idx_20:(unsigned_intP, uint32) memory -> { (JC_11: ge_int(integer_of_uint32(sz), (0)))} SparseArray pointer - reads SparseArray_back_result_4,SparseArray_idx_result_4,SparseArray_n_result_4,SparseArray_result_4_alloc_table,SparseArray_sz_0_result_4,SparseArray_val_result_4,int_P_val_18_alloc_table,unsigned_int_P_back_22_alloc_table,unsigned_int_P_idx_20_alloc_table - writes SparseArray_back_result_4,SparseArray_idx_result_4,SparseArray_n_result_4,SparseArray_result_4_alloc_table,SparseArray_result_4_tag_table,SparseArray_sz_0_result_4,SparseArray_val_result_4,int_P_val_18_alloc_table,int_P_val_18_tag_table,unsigned_int_P_back_22_alloc_table,unsigned_int_P_back_22_tag_table,unsigned_int_P_idx_20_alloc_table,unsigned_int_P_idx_20_tag_table + reads SparseArray_back_result_4,SparseArray_idx_result_4,SparseArray_n_result_4,SparseArray_result_4_alloc_table,SparseArray_sz_0_result_4,SparseArray_val_result_4,intP_val_18_alloc_table,unsigned_intP_back_22_alloc_table,unsigned_intP_idx_20_alloc_table + writes SparseArray_back_result_4,SparseArray_idx_result_4,SparseArray_n_result_4,SparseArray_result_4_alloc_table,SparseArray_result_4_tag_table,SparseArray_sz_0_result_4,SparseArray_val_result_4,intP_val_18_alloc_table,intP_val_18_tag_table,unsigned_intP_back_22_alloc_table,unsigned_intP_back_22_tag_table,unsigned_intP_idx_20_alloc_table,unsigned_intP_idx_20_tag_table { (JC_36: ((JC_29: ((JC_26: - inv(result, unsigned_int_P_back_22_alloc_table, - unsigned_int_P_idx_20_alloc_table, - int_P_val_18_alloc_table, + inv(result, unsigned_intP_back_22_alloc_table, + unsigned_intP_idx_20_alloc_table, + intP_val_18_alloc_table, SparseArray_result_4_alloc_table, SparseArray_sz_0_result_4, SparseArray_n_result_4, SparseArray_back_result_4, SparseArray_idx_result_4, SparseArray_val_result_4, - unsigned_int_P_unsigned_int_M_back_22, - unsigned_int_P_unsigned_int_M_idx_20)) + unsigned_intP_unsigned_intM_back_22, + unsigned_intP_unsigned_intM_idx_20)) and ((JC_27: - eq_int(integer_of_uint32(select(SparseArray_sz_0_result_4, - result)), - integer_of_uint32(sz@))) + (integer_of_uint32(select(SparseArray_sz_0_result_4, + result)) = integer_of_uint32(sz))) and (JC_28: (forall i_4:int. - eq_int(model(result, i_4, - SparseArray_n_result_4, - SparseArray_back_result_4, - SparseArray_idx_result_4, - SparseArray_val_result_4, - int_P_int_M_val_18, - unsigned_int_P_unsigned_int_M_idx_20, - unsigned_int_P_unsigned_int_M_back_22), - (0))))))) + (model(result, i_4, SparseArray_n_result_4, + SparseArray_back_result_4, + SparseArray_idx_result_4, + SparseArray_val_result_4, intP_intM_val_18, + unsigned_intP_unsigned_intM_idx_20, + unsigned_intP_unsigned_intM_back_22) = (0))))))) and (JC_35: (((((JC_30: not_assigns(SparseArray_result_4_alloc_table@, @@ -3339,42 +3284,45 @@ parameter get : a_1:SparseArray pointer -> i_1:uint32 -> - unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table -> - unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table -> - int_P_val_26_alloc_table:int_P alloc_table -> + unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table -> + unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table -> + intP_val_26_alloc_table:intP alloc_table -> SparseArray_a_6_alloc_table:SparseArray alloc_table -> SparseArray_sz_0_a_6:(SparseArray, uint32) memory -> SparseArray_n_a_6:(SparseArray, uint32) memory -> - SparseArray_back_a_6:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_idx_a_6:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_val_a_6:(SparseArray, int_P pointer) memory -> - int_P_int_M_val_26:(int_P, int32) memory -> - unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, uint32) memory -> - unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, uint32) memory -> + SparseArray_back_a_6:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_idx_a_6:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_val_a_6:(SparseArray, intP pointer) memory -> + intP_intM_val_26:(intP, int32) memory -> + unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory -> + unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory -> { } int32 { (JC_66: - eq_int(integer_of_int32(result), - model(a_1@, integer_of_uint32(i_1@), SparseArray_n_a_6, - SparseArray_back_a_6, SparseArray_idx_a_6, - SparseArray_val_a_6, int_P_int_M_val_26, - unsigned_int_P_unsigned_int_M_idx_24, - unsigned_int_P_unsigned_int_M_back_25))) } + (integer_of_int32(result) = model(a_1, + integer_of_uint32(i_1), + SparseArray_n_a_6, + SparseArray_back_a_6, + SparseArray_idx_a_6, + SparseArray_val_a_6, + intP_intM_val_26, + unsigned_intP_unsigned_intM_idx_24, + unsigned_intP_unsigned_intM_back_25))) } parameter get_requires : a_1:SparseArray pointer -> i_1:uint32 -> - unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table -> - unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table -> - int_P_val_26_alloc_table:int_P alloc_table -> + unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table -> + unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table -> + intP_val_26_alloc_table:intP alloc_table -> SparseArray_a_6_alloc_table:SparseArray alloc_table -> SparseArray_sz_0_a_6:(SparseArray, uint32) memory -> SparseArray_n_a_6:(SparseArray, uint32) memory -> - SparseArray_back_a_6:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_idx_a_6:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_val_a_6:(SparseArray, int_P pointer) memory -> - int_P_int_M_val_26:(int_P, int32) memory -> - unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, uint32) memory -> - unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, uint32) memory -> + SparseArray_back_a_6:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_idx_a_6:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_val_a_6:(SparseArray, intP pointer) memory -> + intP_intM_val_26:(intP, int32) memory -> + unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory -> + unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory -> { (JC_56: ((JC_52: le_int(offset_min(SparseArray_a_6_alloc_table, a_1), (0))) @@ -3382,14 +3330,14 @@ ge_int(offset_max(SparseArray_a_6_alloc_table, a_1), (0))) and ((JC_54: - inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, - int_P_val_26_alloc_table, + inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, + intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and (JC_55: le_int(integer_of_uint32(i_1), sub_int(integer_of_uint32(select(SparseArray_sz_0_a_6, @@ -3397,12 +3345,15 @@ (1))))))))} int32 { (JC_66: - eq_int(integer_of_int32(result), - model(a_1@, integer_of_uint32(i_1@), SparseArray_n_a_6, - SparseArray_back_a_6, SparseArray_idx_a_6, - SparseArray_val_a_6, int_P_int_M_val_26, - unsigned_int_P_unsigned_int_M_idx_24, - unsigned_int_P_unsigned_int_M_back_25))) } + (integer_of_int32(result) = model(a_1, + integer_of_uint32(i_1), + SparseArray_n_a_6, + SparseArray_back_a_6, + SparseArray_idx_a_6, + SparseArray_val_a_6, + intP_intM_val_26, + unsigned_intP_unsigned_intM_idx_24, + unsigned_intP_unsigned_intM_back_25))) } parameter int32_of_integer_ : x:int -> @@ -3432,95 +3383,92 @@ i_0_0:uint32 -> v:int32 -> SparseArray_n_a_0_7:(SparseArray, uint32) memory ref -> - int_P_int_M_val_27:(int_P, int32) memory ref -> - unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, uint32) memory ref -> - unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, uint32) memory ref -> - unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table -> - unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table -> - int_P_val_27_alloc_table:int_P alloc_table -> + intP_intM_val_27:(intP, int32) memory ref -> + unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory ref -> + unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory ref -> + unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table -> + unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table -> + intP_val_27_alloc_table:intP alloc_table -> SparseArray_a_0_7_alloc_table:SparseArray alloc_table -> SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory -> - SparseArray_back_a_0_7:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_idx_a_0_7:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_val_a_0_7:(SparseArray, int_P pointer) memory -> + SparseArray_back_a_0_7:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_idx_a_0_7:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_val_a_0_7:(SparseArray, intP pointer) memory -> { } unit - reads SparseArray_n_a_0_7,int_P_int_M_val_27,unsigned_int_P_unsigned_int_M_back_29,unsigned_int_P_unsigned_int_M_idx_28 - writes SparseArray_n_a_0_7,int_P_int_M_val_27,unsigned_int_P_unsigned_int_M_back_29,unsigned_int_P_unsigned_int_M_idx_28 + reads SparseArray_n_a_0_7,intP_intM_val_27,unsigned_intP_unsigned_intM_back_29,unsigned_intP_unsigned_intM_idx_28 + writes SparseArray_n_a_0_7,intP_intM_val_27,unsigned_intP_unsigned_intM_back_29,unsigned_intP_unsigned_intM_idx_28 { (JC_112: ((JC_106: ((JC_103: - inv(a_0_0@, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, - int_P_val_27_alloc_table, SparseArray_a_0_7_alloc_table, + inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, + intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) + unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ((JC_104: - eq_int(model(a_0_0@, integer_of_uint32(i_0_0@), - SparseArray_n_a_0_7, SparseArray_back_a_0_7, - SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - int_P_int_M_val_27, - unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29), - integer_of_int32(v@))) + (model(a_0_0, integer_of_uint32(i_0_0), + SparseArray_n_a_0_7, SparseArray_back_a_0_7, + SparseArray_idx_a_0_7, SparseArray_val_a_0_7, + intP_intM_val_27, + unsigned_intP_unsigned_intM_idx_28, + unsigned_intP_unsigned_intM_back_29) = integer_of_int32(v))) and (JC_105: (forall j:int. - (neq_int(j, integer_of_uint32(i_0_0@)) -> - eq_int(model(a_0_0@, j, SparseArray_n_a_0_7, - SparseArray_back_a_0_7, - SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, - int_P_int_M_val_27, - unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29), - model(a_0_0@, j@, SparseArray_n_a_0_7@, - SparseArray_back_a_0_7@, SparseArray_idx_a_0_7@, - SparseArray_val_a_0_7@, int_P_int_M_val_27@, - unsigned_int_P_unsigned_int_M_idx_28@, - unsigned_int_P_unsigned_int_M_back_29@)))))))) + ((j <> integer_of_uint32(i_0_0)) -> + (model(a_0_0, j, SparseArray_n_a_0_7, + SparseArray_back_a_0_7, SparseArray_idx_a_0_7, + SparseArray_val_a_0_7, intP_intM_val_27, + unsigned_intP_unsigned_intM_idx_28, + unsigned_intP_unsigned_intM_back_29) = + model(a_0_0, j, SparseArray_n_a_0_7@, + SparseArray_back_a_0_7, SparseArray_idx_a_0_7, + SparseArray_val_a_0_7, intP_intM_val_27@, + unsigned_intP_unsigned_intM_idx_28@, + unsigned_intP_unsigned_intM_back_29@)))))))) and (JC_111: ((((JC_107: - not_assigns(unsigned_int_P_idx_28_alloc_table@, - unsigned_int_P_unsigned_int_M_idx_28@, - unsigned_int_P_unsigned_int_M_idx_28, - pset_all(pset_deref(SparseArray_idx_a_0_7@, - pset_singleton(a_0_0@))))) + not_assigns(unsigned_intP_idx_28_alloc_table, + unsigned_intP_unsigned_intM_idx_28@, + unsigned_intP_unsigned_intM_idx_28, + pset_all(pset_deref(SparseArray_idx_a_0_7, + pset_singleton(a_0_0))))) and (JC_108: - not_assigns(unsigned_int_P_back_29_alloc_table@, - unsigned_int_P_unsigned_int_M_back_29@, - unsigned_int_P_unsigned_int_M_back_29, - pset_all(pset_deref(SparseArray_back_a_0_7@, - pset_singleton(a_0_0@)))))) + not_assigns(unsigned_intP_back_29_alloc_table, + unsigned_intP_unsigned_intM_back_29@, + unsigned_intP_unsigned_intM_back_29, + pset_all(pset_deref(SparseArray_back_a_0_7, + pset_singleton(a_0_0)))))) and (JC_109: - not_assigns(int_P_val_27_alloc_table@, - int_P_int_M_val_27@, int_P_int_M_val_27, - pset_range(pset_deref(SparseArray_val_a_0_7@, - pset_singleton(a_0_0@)), - integer_of_uint32(i_0_0@), - integer_of_uint32(i_0_0@))))) + not_assigns(intP_val_27_alloc_table, + intP_intM_val_27@, intP_intM_val_27, + pset_range(pset_deref(SparseArray_val_a_0_7, + pset_singleton(a_0_0)), + integer_of_uint32(i_0_0), + integer_of_uint32(i_0_0))))) and (JC_110: - not_assigns(SparseArray_a_0_7_alloc_table@, + not_assigns(SparseArray_a_0_7_alloc_table, SparseArray_n_a_0_7@, SparseArray_n_a_0_7, - pset_singleton(a_0_0@))))))) } + pset_singleton(a_0_0))))))) } parameter set_requires : a_0_0:SparseArray pointer -> i_0_0:uint32 -> v:int32 -> SparseArray_n_a_0_7:(SparseArray, uint32) memory ref -> - int_P_int_M_val_27:(int_P, int32) memory ref -> - unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, uint32) memory ref -> - unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, uint32) memory ref -> - unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table -> - unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table -> - int_P_val_27_alloc_table:int_P alloc_table -> + intP_intM_val_27:(intP, int32) memory ref -> + unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory ref -> + unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory ref -> + unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table -> + unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table -> + intP_val_27_alloc_table:intP alloc_table -> SparseArray_a_0_7_alloc_table:SparseArray alloc_table -> SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory -> - SparseArray_back_a_0_7:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_idx_a_0_7:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_val_a_0_7:(SparseArray, int_P pointer) memory -> + SparseArray_back_a_0_7:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_idx_a_0_7:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_val_a_0_7:(SparseArray, intP pointer) memory -> { (JC_85: ((JC_81: le_int(offset_min(SparseArray_a_0_7_alloc_table, a_0_0), @@ -3530,81 +3478,78 @@ a_0_0), (0))) and ((JC_83: - inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, - int_P_val_27_alloc_table, + inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, + intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) + unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and (JC_84: le_int(integer_of_uint32(i_0_0), sub_int(integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)), (1))))))))} unit - reads SparseArray_n_a_0_7,int_P_int_M_val_27,unsigned_int_P_unsigned_int_M_back_29,unsigned_int_P_unsigned_int_M_idx_28 - writes SparseArray_n_a_0_7,int_P_int_M_val_27,unsigned_int_P_unsigned_int_M_back_29,unsigned_int_P_unsigned_int_M_idx_28 + reads SparseArray_n_a_0_7,intP_intM_val_27,unsigned_intP_unsigned_intM_back_29,unsigned_intP_unsigned_intM_idx_28 + writes SparseArray_n_a_0_7,intP_intM_val_27,unsigned_intP_unsigned_intM_back_29,unsigned_intP_unsigned_intM_idx_28 { (JC_112: ((JC_106: ((JC_103: - inv(a_0_0@, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, - int_P_val_27_alloc_table, SparseArray_a_0_7_alloc_table, + inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, + intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) + unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ((JC_104: - eq_int(model(a_0_0@, integer_of_uint32(i_0_0@), - SparseArray_n_a_0_7, SparseArray_back_a_0_7, - SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - int_P_int_M_val_27, - unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29), - integer_of_int32(v@))) + (model(a_0_0, integer_of_uint32(i_0_0), + SparseArray_n_a_0_7, SparseArray_back_a_0_7, + SparseArray_idx_a_0_7, SparseArray_val_a_0_7, + intP_intM_val_27, + unsigned_intP_unsigned_intM_idx_28, + unsigned_intP_unsigned_intM_back_29) = integer_of_int32(v))) and (JC_105: (forall j:int. - (neq_int(j, integer_of_uint32(i_0_0@)) -> - eq_int(model(a_0_0@, j, SparseArray_n_a_0_7, - SparseArray_back_a_0_7, - SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, - int_P_int_M_val_27, - unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29), - model(a_0_0@, j@, SparseArray_n_a_0_7@, - SparseArray_back_a_0_7@, SparseArray_idx_a_0_7@, - SparseArray_val_a_0_7@, int_P_int_M_val_27@, - unsigned_int_P_unsigned_int_M_idx_28@, - unsigned_int_P_unsigned_int_M_back_29@)))))))) + ((j <> integer_of_uint32(i_0_0)) -> + (model(a_0_0, j, SparseArray_n_a_0_7, + SparseArray_back_a_0_7, SparseArray_idx_a_0_7, + SparseArray_val_a_0_7, intP_intM_val_27, + unsigned_intP_unsigned_intM_idx_28, + unsigned_intP_unsigned_intM_back_29) = + model(a_0_0, j, SparseArray_n_a_0_7@, + SparseArray_back_a_0_7, SparseArray_idx_a_0_7, + SparseArray_val_a_0_7, intP_intM_val_27@, + unsigned_intP_unsigned_intM_idx_28@, + unsigned_intP_unsigned_intM_back_29@)))))))) and (JC_111: ((((JC_107: - not_assigns(unsigned_int_P_idx_28_alloc_table@, - unsigned_int_P_unsigned_int_M_idx_28@, - unsigned_int_P_unsigned_int_M_idx_28, - pset_all(pset_deref(SparseArray_idx_a_0_7@, - pset_singleton(a_0_0@))))) + not_assigns(unsigned_intP_idx_28_alloc_table, + unsigned_intP_unsigned_intM_idx_28@, + unsigned_intP_unsigned_intM_idx_28, + pset_all(pset_deref(SparseArray_idx_a_0_7, + pset_singleton(a_0_0))))) and (JC_108: - not_assigns(unsigned_int_P_back_29_alloc_table@, - unsigned_int_P_unsigned_int_M_back_29@, - unsigned_int_P_unsigned_int_M_back_29, - pset_all(pset_deref(SparseArray_back_a_0_7@, - pset_singleton(a_0_0@)))))) + not_assigns(unsigned_intP_back_29_alloc_table, + unsigned_intP_unsigned_intM_back_29@, + unsigned_intP_unsigned_intM_back_29, + pset_all(pset_deref(SparseArray_back_a_0_7, + pset_singleton(a_0_0)))))) and (JC_109: - not_assigns(int_P_val_27_alloc_table@, - int_P_int_M_val_27@, int_P_int_M_val_27, - pset_range(pset_deref(SparseArray_val_a_0_7@, - pset_singleton(a_0_0@)), - integer_of_uint32(i_0_0@), - integer_of_uint32(i_0_0@))))) + not_assigns(intP_val_27_alloc_table, + intP_intM_val_27@, intP_intM_val_27, + pset_range(pset_deref(SparseArray_val_a_0_7, + pset_singleton(a_0_0)), + integer_of_uint32(i_0_0), + integer_of_uint32(i_0_0))))) and (JC_110: - not_assigns(SparseArray_a_0_7_alloc_table@, + not_assigns(SparseArray_a_0_7_alloc_table, SparseArray_n_a_0_7@, SparseArray_n_a_0_7, - pset_singleton(a_0_0@))))))) } + pset_singleton(a_0_0))))))) } parameter uint32_of_integer_ : x:int -> @@ -3612,7 +3557,7 @@ { eq_int(integer_of_uint32(result), x) } let create_ensures_default = - fun (sz : uint32) (SparseArray_result_4_alloc_table : SparseArray alloc_table ref) (int_P_val_18_alloc_table : int_P alloc_table ref) (unsigned_int_P_idx_20_alloc_table : unsigned_int_P alloc_table ref) (unsigned_int_P_back_22_alloc_table : unsigned_int_P alloc_table ref) (unsigned_int_P_back_22_tag_table : unsigned_int_P tag_table ref) (unsigned_int_P_idx_20_tag_table : unsigned_int_P tag_table ref) (int_P_val_18_tag_table : int_P tag_table ref) (SparseArray_result_4_tag_table : SparseArray tag_table ref) (SparseArray_val_result_4 : (SparseArray, int_P pointer) memory ref) (SparseArray_idx_result_4 : (SparseArray, unsigned_int_P pointer) memory ref) (SparseArray_back_result_4 : (SparseArray, unsigned_int_P pointer) memory ref) (SparseArray_n_result_4 : (SparseArray, uint32) memory ref) (SparseArray_sz_0_result_4 : (SparseArray, uint32) memory ref) (unsigned_int_P_unsigned_int_M_idx_20 : (unsigned_int_P, uint32) memory) (unsigned_int_P_unsigned_int_M_back_22 : (unsigned_int_P, uint32) memory) (int_P_int_M_val_18 : (int_P, int32) memory) -> + fun (sz : uint32) (SparseArray_result_4_alloc_table : SparseArray alloc_table ref) (intP_val_18_alloc_table : intP alloc_table ref) (unsigned_intP_idx_20_alloc_table : unsigned_intP alloc_table ref) (unsigned_intP_back_22_alloc_table : unsigned_intP alloc_table ref) (unsigned_intP_back_22_tag_table : unsigned_intP tag_table ref) (unsigned_intP_idx_20_tag_table : unsigned_intP tag_table ref) (intP_val_18_tag_table : intP tag_table ref) (SparseArray_result_4_tag_table : SparseArray tag_table ref) (SparseArray_val_result_4 : (SparseArray, intP pointer) memory ref) (SparseArray_idx_result_4 : (SparseArray, unsigned_intP pointer) memory ref) (SparseArray_back_result_4 : (SparseArray, unsigned_intP pointer) memory ref) (SparseArray_n_result_4 : (SparseArray, uint32) memory ref) (SparseArray_sz_0_result_4 : (SparseArray, uint32) memory ref) (unsigned_intP_unsigned_intM_idx_20 : (unsigned_intP, uint32) memory) (unsigned_intP_unsigned_intM_back_22 : (unsigned_intP, uint32) memory) (intP_intM_val_18 : (intP, int32) memory) -> { (JC_13: ge_int(integer_of_uint32(sz), (0))) } (init: (let return = ref (any_pointer void) in @@ -3634,19 +3579,19 @@ (let jessie_ = (C_4: (JC_49: - (((alloc_struct_int_P (integer_of_uint32 sz)) int_P_val_18_alloc_table) int_P_val_18_tag_table))) in + (((alloc_struct_intP (integer_of_uint32 sz)) intP_val_18_alloc_table) intP_val_18_tag_table))) in (let jessie_ = !a_1_1 in (((safe_upd_ SparseArray_val_result_4) jessie_) jessie_))); (let jessie_ = (C_7: (JC_50: - (((alloc_struct_unsigned_int_P (integer_of_uint32 sz)) unsigned_int_P_idx_20_alloc_table) unsigned_int_P_idx_20_tag_table))) in + (((alloc_struct_unsigned_intP (integer_of_uint32 sz)) unsigned_intP_idx_20_alloc_table) unsigned_intP_idx_20_tag_table))) in (let jessie_ = !a_1_1 in (((safe_upd_ SparseArray_idx_result_4) jessie_) jessie_))); (let jessie_ = (C_10: (JC_51: - (((alloc_struct_unsigned_int_P (integer_of_uint32 sz)) unsigned_int_P_back_22_alloc_table) unsigned_int_P_back_22_tag_table))) in + (((alloc_struct_unsigned_intP (integer_of_uint32 sz)) unsigned_intP_back_22_alloc_table) unsigned_intP_back_22_tag_table))) in (let jessie_ = !a_1_1 in (((safe_upd_ SparseArray_back_result_4) jessie_) jessie_))); (let jessie_ = (safe_uint32_of_integer_ (0)) in @@ -3660,24 +3605,23 @@ { (JC_25: ((JC_18: ((JC_15: - inv(result, unsigned_int_P_back_22_alloc_table, - unsigned_int_P_idx_20_alloc_table, int_P_val_18_alloc_table, + inv(result, unsigned_intP_back_22_alloc_table, + unsigned_intP_idx_20_alloc_table, intP_val_18_alloc_table, SparseArray_result_4_alloc_table, SparseArray_sz_0_result_4, SparseArray_n_result_4, SparseArray_back_result_4, SparseArray_idx_result_4, SparseArray_val_result_4, - unsigned_int_P_unsigned_int_M_back_22, - unsigned_int_P_unsigned_int_M_idx_20)) + unsigned_intP_unsigned_intM_back_22, + unsigned_intP_unsigned_intM_idx_20)) and ((JC_16: - eq_int(integer_of_uint32(select(SparseArray_sz_0_result_4, result)), - integer_of_uint32(sz@))) + (integer_of_uint32(select(SparseArray_sz_0_result_4, result)) = + integer_of_uint32(sz))) and (JC_17: (forall i_4:int. - eq_int(model(result, i_4, SparseArray_n_result_4, - SparseArray_back_result_4, SparseArray_idx_result_4, - SparseArray_val_result_4, int_P_int_M_val_18, - unsigned_int_P_unsigned_int_M_idx_20, - unsigned_int_P_unsigned_int_M_back_22), - (0))))))) + (model(result, i_4, SparseArray_n_result_4, + SparseArray_back_result_4, SparseArray_idx_result_4, + SparseArray_val_result_4, intP_intM_val_18, + unsigned_intP_unsigned_intM_idx_20, + unsigned_intP_unsigned_intM_back_22) = (0))))))) and (JC_24: (((((JC_19: not_assigns(SparseArray_result_4_alloc_table@, @@ -3699,7 +3643,7 @@ pset_empty)))))) } let create_safety = - fun (sz : uint32) (SparseArray_result_4_alloc_table : SparseArray alloc_table ref) (int_P_val_18_alloc_table : int_P alloc_table ref) (unsigned_int_P_idx_20_alloc_table : unsigned_int_P alloc_table ref) (unsigned_int_P_back_22_alloc_table : unsigned_int_P alloc_table ref) (unsigned_int_P_back_22_tag_table : unsigned_int_P tag_table ref) (unsigned_int_P_idx_20_tag_table : unsigned_int_P tag_table ref) (int_P_val_18_tag_table : int_P tag_table ref) (SparseArray_result_4_tag_table : SparseArray tag_table ref) (SparseArray_val_result_4 : (SparseArray, int_P pointer) memory ref) (SparseArray_idx_result_4 : (SparseArray, unsigned_int_P pointer) memory ref) (SparseArray_back_result_4 : (SparseArray, unsigned_int_P pointer) memory ref) (SparseArray_n_result_4 : (SparseArray, uint32) memory ref) (SparseArray_sz_0_result_4 : (SparseArray, uint32) memory ref) (unsigned_int_P_unsigned_int_M_idx_20 : (unsigned_int_P, uint32) memory) (unsigned_int_P_unsigned_int_M_back_22 : (unsigned_int_P, uint32) memory) (int_P_int_M_val_18 : (int_P, int32) memory) -> + fun (sz : uint32) (SparseArray_result_4_alloc_table : SparseArray alloc_table ref) (intP_val_18_alloc_table : intP alloc_table ref) (unsigned_intP_idx_20_alloc_table : unsigned_intP alloc_table ref) (unsigned_intP_back_22_alloc_table : unsigned_intP alloc_table ref) (unsigned_intP_back_22_tag_table : unsigned_intP tag_table ref) (unsigned_intP_idx_20_tag_table : unsigned_intP tag_table ref) (intP_val_18_tag_table : intP tag_table ref) (SparseArray_result_4_tag_table : SparseArray tag_table ref) (SparseArray_val_result_4 : (SparseArray, intP pointer) memory ref) (SparseArray_idx_result_4 : (SparseArray, unsigned_intP pointer) memory ref) (SparseArray_back_result_4 : (SparseArray, unsigned_intP pointer) memory ref) (SparseArray_n_result_4 : (SparseArray, uint32) memory ref) (SparseArray_sz_0_result_4 : (SparseArray, uint32) memory ref) (unsigned_intP_unsigned_intM_idx_20 : (unsigned_intP, uint32) memory) (unsigned_intP_unsigned_intM_back_22 : (unsigned_intP, uint32) memory) (intP_intM_val_18 : (intP, int32) memory) -> { (JC_13: ge_int(integer_of_uint32(sz), (0))) } (init: (let return = ref (any_pointer void) in @@ -3721,21 +3665,21 @@ (let jessie_ = (C_4: (JC_40: - (((alloc_struct_int_P_requires (integer_of_uint32 sz)) int_P_val_18_alloc_table) int_P_val_18_tag_table))) in + (((alloc_struct_intP_requires (integer_of_uint32 sz)) intP_val_18_alloc_table) intP_val_18_tag_table))) in (let jessie_ = !a_1_1 in (JC_43: ((((upd_ !SparseArray_result_4_alloc_table) SparseArray_val_result_4) jessie_) jessie_)))); (let jessie_ = (C_7: (JC_41: - (((alloc_struct_unsigned_int_P_requires (integer_of_uint32 sz)) unsigned_int_P_idx_20_alloc_table) unsigned_int_P_idx_20_tag_table))) in + (((alloc_struct_unsigned_intP_requires (integer_of_uint32 sz)) unsigned_intP_idx_20_alloc_table) unsigned_intP_idx_20_tag_table))) in (let jessie_ = !a_1_1 in (JC_44: ((((upd_ !SparseArray_result_4_alloc_table) SparseArray_idx_result_4) jessie_) jessie_)))); (let jessie_ = (C_10: (JC_42: - (((alloc_struct_unsigned_int_P_requires (integer_of_uint32 sz)) unsigned_int_P_back_22_alloc_table) unsigned_int_P_back_22_tag_table))) in + (((alloc_struct_unsigned_intP_requires (integer_of_uint32 sz)) unsigned_intP_back_22_alloc_table) unsigned_intP_back_22_tag_table))) in (let jessie_ = !a_1_1 in (JC_45: ((((upd_ !SparseArray_result_4_alloc_table) SparseArray_back_result_4) jessie_) jessie_)))); @@ -3751,17 +3695,17 @@ Return -> !return end)) { true } let get_ensures_default = - fun (a_1 : SparseArray pointer) (i_1 : uint32) (SparseArray_a_6_alloc_table : SparseArray alloc_table) (int_P_val_26_alloc_table : int_P alloc_table) (unsigned_int_P_idx_24_alloc_table : unsigned_int_P alloc_table) (unsigned_int_P_back_25_alloc_table : unsigned_int_P alloc_table) (unsigned_int_P_unsigned_int_M_idx_24 : (unsigned_int_P, uint32) memory) (unsigned_int_P_unsigned_int_M_back_25 : (unsigned_int_P, uint32) memory) (int_P_int_M_val_26 : (int_P, int32) memory) (SparseArray_val_a_6 : (SparseArray, int_P pointer) memory) (SparseArray_idx_a_6 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_back_a_6 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_n_a_6 : (SparseArray, uint32) memory) (SparseArray_sz_0_a_6 : (SparseArray, uint32) memory) -> + fun (a_1 : SparseArray pointer) (i_1 : uint32) (SparseArray_a_6_alloc_table : SparseArray alloc_table) (intP_val_26_alloc_table : intP alloc_table) (unsigned_intP_idx_24_alloc_table : unsigned_intP alloc_table) (unsigned_intP_back_25_alloc_table : unsigned_intP alloc_table) (unsigned_intP_unsigned_intM_idx_24 : (unsigned_intP, uint32) memory) (unsigned_intP_unsigned_intM_back_25 : (unsigned_intP, uint32) memory) (intP_intM_val_26 : (intP, int32) memory) (SparseArray_val_a_6 : (SparseArray, intP pointer) memory) (SparseArray_idx_a_6 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_back_a_6 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_n_a_6 : (SparseArray, uint32) memory) (SparseArray_sz_0_a_6 : (SparseArray, uint32) memory) -> { (JC_62: ((JC_58: le_int(offset_min(SparseArray_a_6_alloc_table, a_1), (0))) and ((JC_59: ge_int(offset_max(SparseArray_a_6_alloc_table, a_1), (0))) and ((JC_60: - inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, - SparseArray_val_a_6, unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) + SparseArray_val_a_6, unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and (JC_61: le_int(integer_of_uint32(i_1), sub_int(integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)), @@ -3775,14 +3719,13 @@ (assert { (JC_80: le_int((0), - integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) }; void); void; try - (let jessie_ = begin (if ((lt_int_ (integer_of_uint32 (C_39: - ((safe_acc_ unsigned_int_P_unsigned_int_M_idx_24) + ((safe_acc_ unsigned_intP_unsigned_intM_idx_24) (C_38: ((shift (C_37: ((safe_acc_ SparseArray_idx_a_6) a_1))) @@ -3790,12 +3733,12 @@ (integer_of_uint32 (C_36: ((safe_acc_ SparseArray_n_a_6) a_1)))) then (if ((eq_int_ (integer_of_uint32 (C_35: - ((safe_acc_ unsigned_int_P_unsigned_int_M_back_25) + ((safe_acc_ unsigned_intP_unsigned_intM_back_25) (C_34: ((shift (C_33: ((safe_acc_ SparseArray_back_a_6) a_1))) (integer_of_uint32 (C_32: - ((safe_acc_ unsigned_int_P_unsigned_int_M_idx_24) + ((safe_acc_ unsigned_intP_unsigned_intM_idx_24) (C_31: ((shift (C_30: @@ -3803,51 +3746,48 @@ (integer_of_uint32 i_1)))))))))))) (integer_of_uint32 i_1)) then - (let jessie_ = (C_29: begin (let jessie_ = (__retres := (C_28: - ((safe_acc_ int_P_int_M_val_26) (C_27: - ((shift (C_26: - ((safe_acc_ SparseArray_val_a_6) a_1))) - (integer_of_uint32 i_1)))))) in - void); (raise (Return_label_exc void)) end) in void) + ((safe_acc_ intP_intM_val_26) (C_27: + ((shift (C_26: + ((safe_acc_ SparseArray_val_a_6) a_1))) + (integer_of_uint32 i_1)))))) in + void); (raise (Return_label_exc void)) end) else - (let jessie_ = (C_25: begin (let jessie_ = (__retres := (safe_int32_of_integer_ (0))) in - void); (raise (Return_label_exc void)) end) in void)) + void); (raise (Return_label_exc void)) end)) else - (let jessie_ = (C_24: begin (let jessie_ = (__retres := (safe_int32_of_integer_ (0))) in - void); (raise (Return_label_exc void)) end) in void)); - (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> + void); (raise (Return_label_exc void)) end)); + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end end); absurd end with Return -> !return end)) { (JC_64: - eq_int(integer_of_int32(result), - model(a_1@, integer_of_uint32(i_1@), SparseArray_n_a_6, - SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - int_P_int_M_val_26, unsigned_int_P_unsigned_int_M_idx_24, - unsigned_int_P_unsigned_int_M_back_25))) } + (integer_of_int32(result) = model(a_1, integer_of_uint32(i_1), + SparseArray_n_a_6, SparseArray_back_a_6, + SparseArray_idx_a_6, SparseArray_val_a_6, + intP_intM_val_26, + unsigned_intP_unsigned_intM_idx_24, + unsigned_intP_unsigned_intM_back_25))) } let get_safety = - fun (a_1 : SparseArray pointer) (i_1 : uint32) (SparseArray_a_6_alloc_table : SparseArray alloc_table) (int_P_val_26_alloc_table : int_P alloc_table) (unsigned_int_P_idx_24_alloc_table : unsigned_int_P alloc_table) (unsigned_int_P_back_25_alloc_table : unsigned_int_P alloc_table) (unsigned_int_P_unsigned_int_M_idx_24 : (unsigned_int_P, uint32) memory) (unsigned_int_P_unsigned_int_M_back_25 : (unsigned_int_P, uint32) memory) (int_P_int_M_val_26 : (int_P, int32) memory) (SparseArray_val_a_6 : (SparseArray, int_P pointer) memory) (SparseArray_idx_a_6 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_back_a_6 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_n_a_6 : (SparseArray, uint32) memory) (SparseArray_sz_0_a_6 : (SparseArray, uint32) memory) -> + fun (a_1 : SparseArray pointer) (i_1 : uint32) (SparseArray_a_6_alloc_table : SparseArray alloc_table) (intP_val_26_alloc_table : intP alloc_table) (unsigned_intP_idx_24_alloc_table : unsigned_intP alloc_table) (unsigned_intP_back_25_alloc_table : unsigned_intP alloc_table) (unsigned_intP_unsigned_intM_idx_24 : (unsigned_intP, uint32) memory) (unsigned_intP_unsigned_intM_back_25 : (unsigned_intP, uint32) memory) (intP_intM_val_26 : (intP, int32) memory) (SparseArray_val_a_6 : (SparseArray, intP pointer) memory) (SparseArray_idx_a_6 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_back_a_6 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_n_a_6 : (SparseArray, uint32) memory) (SparseArray_sz_0_a_6 : (SparseArray, uint32) memory) -> { (JC_62: ((JC_58: le_int(offset_min(SparseArray_a_6_alloc_table, a_1), (0))) and ((JC_59: ge_int(offset_max(SparseArray_a_6_alloc_table, a_1), (0))) and ((JC_60: - inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, - SparseArray_val_a_6, unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) + SparseArray_val_a_6, unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and (JC_61: le_int(integer_of_uint32(i_1), sub_int(integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)), @@ -3861,15 +3801,14 @@ [ { } unit { (JC_70: le_int((0), - integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) } ]; void; try - (let jessie_ = begin (if ((lt_int_ (integer_of_uint32 (C_39: (JC_72: - ((((offset_acc_ unsigned_int_P_idx_24_alloc_table) unsigned_int_P_unsigned_int_M_idx_24) + ((((offset_acc_ unsigned_intP_idx_24_alloc_table) unsigned_intP_unsigned_intM_idx_24) (C_37: (JC_71: (((acc_ SparseArray_a_6_alloc_table) SparseArray_idx_a_6) a_1)))) @@ -3880,45 +3819,41 @@ then (if ((eq_int_ (integer_of_uint32 (C_35: (JC_77: - ((((offset_acc_ unsigned_int_P_back_25_alloc_table) unsigned_int_P_unsigned_int_M_back_25) + ((((offset_acc_ unsigned_intP_back_25_alloc_table) unsigned_intP_unsigned_intM_back_25) (C_33: (JC_76: (((acc_ SparseArray_a_6_alloc_table) SparseArray_back_a_6) a_1)))) (integer_of_uint32 (C_32: (JC_75: - ((((offset_acc_ unsigned_int_P_idx_24_alloc_table) unsigned_int_P_unsigned_int_M_idx_24) + ((((offset_acc_ unsigned_intP_idx_24_alloc_table) unsigned_intP_unsigned_intM_idx_24) (C_30: (JC_74: (((acc_ SparseArray_a_6_alloc_table) SparseArray_idx_a_6) a_1)))) (integer_of_uint32 i_1)))))))))) (integer_of_uint32 i_1)) then - (let jessie_ = (C_29: begin (let jessie_ = (__retres := (C_28: (JC_79: - ((((offset_acc_ int_P_val_26_alloc_table) int_P_int_M_val_26) + ((((offset_acc_ intP_val_26_alloc_table) intP_intM_val_26) (C_26: (JC_78: (((acc_ SparseArray_a_6_alloc_table) SparseArray_val_a_6) a_1)))) (integer_of_uint32 i_1))))) in void); - (raise (Return_label_exc void)) end) in void) + (raise (Return_label_exc void)) end) else - (let jessie_ = (C_25: begin (let jessie_ = (__retres := (safe_int32_of_integer_ (0))) in - void); (raise (Return_label_exc void)) end) in void)) + void); (raise (Return_label_exc void)) end)) else - (let jessie_ = (C_24: begin (let jessie_ = (__retres := (safe_int32_of_integer_ (0))) in - void); (raise (Return_label_exc void)) end) in void)); - (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> + void); (raise (Return_label_exc void)) end)); + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end end); absurd end with Return -> !return end)) { true } @@ -3939,26 +3874,26 @@ (let SparseArray_idx_a_2_30 = ref (any_memory void) in (let SparseArray_val_b_31 = ref (any_memory void) in (let SparseArray_val_a_2_30 = ref (any_memory void) in - (let int_P_int_M_val_145 = ref (any_memory void) in - (let int_P_int_M_val_141 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_back_146 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_idx_144 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_back_142 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_idx_140 = ref (any_memory void) in + (let intP_intM_val_145 = ref (any_memory void) in + (let intP_intM_val_141 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_back_146 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_idx_144 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_back_142 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_idx_140 = ref (any_memory void) in (let SparseArray_a_2_30_tag_table = ref (any_tag_table void) in (let SparseArray_b_31_tag_table = ref (any_tag_table void) in - (let int_P_val_141_tag_table = ref (any_tag_table void) in - (let int_P_val_145_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_idx_140_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_back_142_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_idx_144_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_back_146_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_back_146_alloc_table = ref (any_alloc_table void) in - (let unsigned_int_P_idx_144_alloc_table = ref (any_alloc_table void) in - (let unsigned_int_P_back_142_alloc_table = ref (any_alloc_table void) in - (let unsigned_int_P_idx_140_alloc_table = ref (any_alloc_table void) in - (let int_P_val_145_alloc_table = ref (any_alloc_table void) in - (let int_P_val_141_alloc_table = ref (any_alloc_table void) in + (let intP_val_141_tag_table = ref (any_tag_table void) in + (let intP_val_145_tag_table = ref (any_tag_table void) in + (let unsigned_intP_idx_140_tag_table = ref (any_tag_table void) in + (let unsigned_intP_back_142_tag_table = ref (any_tag_table void) in + (let unsigned_intP_idx_144_tag_table = ref (any_tag_table void) in + (let unsigned_intP_back_146_tag_table = ref (any_tag_table void) in + (let unsigned_intP_back_146_alloc_table = ref (any_alloc_table void) in + (let unsigned_intP_idx_144_alloc_table = ref (any_alloc_table void) in + (let unsigned_intP_back_142_alloc_table = ref (any_alloc_table void) in + (let unsigned_intP_idx_140_alloc_table = ref (any_alloc_table void) in + (let intP_val_145_alloc_table = ref (any_alloc_table void) in + (let intP_val_141_alloc_table = ref (any_alloc_table void) in (let SparseArray_b_31_alloc_table = ref (any_alloc_table void) in (let SparseArray_a_2_30_alloc_table = ref (any_alloc_table void) in (let a_2_0 = ref (any_pointer void) in @@ -3982,78 +3917,78 @@ (a_2_0 := (C_86: (let jessie_ = (safe_uint32_of_integer_ (10)) in (JC_162: - (((((((((((((((((create jessie_) unsigned_int_P_back_142_alloc_table) unsigned_int_P_idx_140_alloc_table) int_P_val_141_alloc_table) SparseArray_a_2_30_alloc_table) unsigned_int_P_back_142_tag_table) unsigned_int_P_idx_140_tag_table) int_P_val_141_tag_table) SparseArray_a_2_30_tag_table) SparseArray_sz_0_a_2_30) SparseArray_n_a_2_30) SparseArray_back_a_2_30) SparseArray_idx_a_2_30) SparseArray_val_a_2_30) !int_P_int_M_val_141) !unsigned_int_P_unsigned_int_M_back_142) !unsigned_int_P_unsigned_int_M_idx_140))))) in + (((((((((((((((((create jessie_) unsigned_intP_back_142_alloc_table) unsigned_intP_idx_140_alloc_table) intP_val_141_alloc_table) SparseArray_a_2_30_alloc_table) unsigned_intP_back_142_tag_table) unsigned_intP_idx_140_tag_table) intP_val_141_tag_table) SparseArray_a_2_30_tag_table) SparseArray_sz_0_a_2_30) SparseArray_n_a_2_30) SparseArray_back_a_2_30) SparseArray_idx_a_2_30) SparseArray_val_a_2_30) !intP_intM_val_141) !unsigned_intP_unsigned_intM_back_142) !unsigned_intP_unsigned_intM_idx_140))))) in void); (let jessie_ = (b := (C_88: (let jessie_ = (safe_uint32_of_integer_ (20)) in (JC_163: - (((((((((((((((((create jessie_) unsigned_int_P_back_146_alloc_table) unsigned_int_P_idx_144_alloc_table) int_P_val_145_alloc_table) SparseArray_b_31_alloc_table) unsigned_int_P_back_146_tag_table) unsigned_int_P_idx_144_tag_table) int_P_val_145_tag_table) SparseArray_b_31_tag_table) SparseArray_sz_0_b_31) SparseArray_n_b_31) SparseArray_back_b_31) SparseArray_idx_b_31) SparseArray_val_b_31) !int_P_int_M_val_145) !unsigned_int_P_unsigned_int_M_back_146) !unsigned_int_P_unsigned_int_M_idx_144))))) in + (((((((((((((((((create jessie_) unsigned_intP_back_146_alloc_table) unsigned_intP_idx_144_alloc_table) intP_val_145_alloc_table) SparseArray_b_31_alloc_table) unsigned_intP_back_146_tag_table) unsigned_intP_idx_144_tag_table) intP_val_145_tag_table) SparseArray_b_31_tag_table) SparseArray_sz_0_b_31) SparseArray_n_b_31) SparseArray_back_b_31) SparseArray_idx_b_31) SparseArray_val_b_31) !intP_intM_val_145) !unsigned_intP_unsigned_intM_back_146) !unsigned_intP_unsigned_intM_idx_144))))) in void); (let jessie_ = (x_0 := (C_90: (let jessie_ = !a_2_0 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (JC_164: - ((((((((((((((get jessie_) jessie_) !unsigned_int_P_back_142_alloc_table) !unsigned_int_P_idx_140_alloc_table) !int_P_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !int_P_int_M_val_141) !unsigned_int_P_unsigned_int_M_back_142) !unsigned_int_P_unsigned_int_M_idx_140)))))) in + ((((((((((((((get jessie_) jessie_) !unsigned_intP_back_142_alloc_table) !unsigned_intP_idx_140_alloc_table) !intP_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !intP_intM_val_141) !unsigned_intP_unsigned_intM_back_142) !unsigned_intP_unsigned_intM_idx_140)))))) in void); (let jessie_ = (y := (C_92: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (JC_165: - ((((((((((((((get jessie_) jessie_) !unsigned_int_P_back_146_alloc_table) !unsigned_int_P_idx_144_alloc_table) !int_P_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !int_P_int_M_val_145) !unsigned_int_P_unsigned_int_M_back_146) !unsigned_int_P_unsigned_int_M_idx_144)))))) in + ((((((((((((((get jessie_) jessie_) !unsigned_intP_back_146_alloc_table) !unsigned_intP_idx_144_alloc_table) !intP_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !intP_intM_val_145) !unsigned_intP_unsigned_intM_back_146) !unsigned_intP_unsigned_intM_idx_144)))))) in void); (assert { (JC_168: - ((JC_166: eq_int(integer_of_int32(x_0), (0))) - and (JC_167: eq_int(integer_of_int32(y), (0))))) }; void); void; + ((JC_166: (integer_of_int32(x_0) = (0))) + and (JC_167: (integer_of_int32(y) = (0))))) }; void); void; (let jessie_ = !a_2_0 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (let jessie_ = (safe_int32_of_integer_ (1)) in (JC_169: - (((((((((((((((set jessie_) jessie_) jessie_) SparseArray_n_a_2_30) int_P_int_M_val_141) unsigned_int_P_unsigned_int_M_back_142) unsigned_int_P_unsigned_int_M_idx_140) !unsigned_int_P_back_142_alloc_table) !unsigned_int_P_idx_140_alloc_table) !int_P_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30))))); + (((((((((((((((set jessie_) jessie_) jessie_) SparseArray_n_a_2_30) intP_intM_val_141) unsigned_intP_unsigned_intM_back_142) unsigned_intP_unsigned_intM_idx_140) !unsigned_intP_back_142_alloc_table) !unsigned_intP_idx_140_alloc_table) !intP_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30))))); (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (let jessie_ = (safe_int32_of_integer_ (2)) in (JC_170: - (((((((((((((((set jessie_) jessie_) jessie_) SparseArray_n_b_31) int_P_int_M_val_145) unsigned_int_P_unsigned_int_M_back_146) unsigned_int_P_unsigned_int_M_idx_144) !unsigned_int_P_back_146_alloc_table) !unsigned_int_P_idx_144_alloc_table) !int_P_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31))))); + (((((((((((((((set jessie_) jessie_) jessie_) SparseArray_n_b_31) intP_intM_val_145) unsigned_intP_unsigned_intM_back_146) unsigned_intP_unsigned_intM_idx_144) !unsigned_intP_back_146_alloc_table) !unsigned_intP_idx_144_alloc_table) !intP_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31))))); (let jessie_ = (x_0 := (C_99: (let jessie_ = !a_2_0 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (JC_171: - ((((((((((((((get jessie_) jessie_) !unsigned_int_P_back_142_alloc_table) !unsigned_int_P_idx_140_alloc_table) !int_P_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !int_P_int_M_val_141) !unsigned_int_P_unsigned_int_M_back_142) !unsigned_int_P_unsigned_int_M_idx_140)))))) in + ((((((((((((((get jessie_) jessie_) !unsigned_intP_back_142_alloc_table) !unsigned_intP_idx_140_alloc_table) !intP_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !intP_intM_val_141) !unsigned_intP_unsigned_intM_back_142) !unsigned_intP_unsigned_intM_idx_140)))))) in void); (let jessie_ = (y := (C_101: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (JC_172: - ((((((((((((((get jessie_) jessie_) !unsigned_int_P_back_146_alloc_table) !unsigned_int_P_idx_144_alloc_table) !int_P_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !int_P_int_M_val_145) !unsigned_int_P_unsigned_int_M_back_146) !unsigned_int_P_unsigned_int_M_idx_144)))))) in + ((((((((((((((get jessie_) jessie_) !unsigned_intP_back_146_alloc_table) !unsigned_intP_idx_144_alloc_table) !intP_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !intP_intM_val_145) !unsigned_intP_unsigned_intM_back_146) !unsigned_intP_unsigned_intM_idx_144)))))) in void); (assert { (JC_175: - ((JC_173: eq_int(integer_of_int32(x_0), (1))) - and (JC_174: eq_int(integer_of_int32(y), (2))))) }; void); void; + ((JC_173: (integer_of_int32(x_0) = (1))) + and (JC_174: (integer_of_int32(y) = (2))))) }; void); void; (let jessie_ = (x_0 := (C_106: (let jessie_ = !a_2_0 in (let jessie_ = (safe_uint32_of_integer_ (0)) in (JC_176: - ((((((((((((((get jessie_) jessie_) !unsigned_int_P_back_142_alloc_table) !unsigned_int_P_idx_140_alloc_table) !int_P_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !int_P_int_M_val_141) !unsigned_int_P_unsigned_int_M_back_142) !unsigned_int_P_unsigned_int_M_idx_140)))))) in + ((((((((((((((get jessie_) jessie_) !unsigned_intP_back_142_alloc_table) !unsigned_intP_idx_140_alloc_table) !intP_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !intP_intM_val_141) !unsigned_intP_unsigned_intM_back_142) !unsigned_intP_unsigned_intM_idx_140)))))) in void); (let jessie_ = (y := (C_108: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (0)) in (JC_177: - ((((((((((((((get jessie_) jessie_) !unsigned_int_P_back_146_alloc_table) !unsigned_int_P_idx_144_alloc_table) !int_P_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !int_P_int_M_val_145) !unsigned_int_P_unsigned_int_M_back_146) !unsigned_int_P_unsigned_int_M_idx_144)))))) in + ((((((((((((((get jessie_) jessie_) !unsigned_intP_back_146_alloc_table) !unsigned_intP_idx_144_alloc_table) !intP_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !intP_intM_val_145) !unsigned_intP_unsigned_intM_back_146) !unsigned_intP_unsigned_intM_idx_144)))))) in void); (assert { (JC_180: - ((JC_178: eq_int(integer_of_int32(x_0), (0))) - and (JC_179: eq_int(integer_of_int32(y), (0))))) }; void); void; + ((JC_178: (integer_of_int32(x_0) = (0))) + and (JC_179: (integer_of_int32(y) = (0))))) }; void); void; (let jessie_ = (__retres_0 := (safe_int32_of_integer_ (0))) in void); (return := !__retres_0); (raise Return) end)))))))))))))))))))))))))))))))))))))))))))))))); absurd end with Return -> !return end)) { (JC_139: true) } @@ -4075,26 +4010,26 @@ (let SparseArray_idx_a_2_30 = ref (any_memory void) in (let SparseArray_val_b_31 = ref (any_memory void) in (let SparseArray_val_a_2_30 = ref (any_memory void) in - (let int_P_int_M_val_145 = ref (any_memory void) in - (let int_P_int_M_val_141 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_back_146 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_idx_144 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_back_142 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_idx_140 = ref (any_memory void) in + (let intP_intM_val_145 = ref (any_memory void) in + (let intP_intM_val_141 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_back_146 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_idx_144 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_back_142 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_idx_140 = ref (any_memory void) in (let SparseArray_a_2_30_tag_table = ref (any_tag_table void) in (let SparseArray_b_31_tag_table = ref (any_tag_table void) in - (let int_P_val_141_tag_table = ref (any_tag_table void) in - (let int_P_val_145_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_idx_140_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_back_142_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_idx_144_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_back_146_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_back_146_alloc_table = ref (any_alloc_table void) in - (let unsigned_int_P_idx_144_alloc_table = ref (any_alloc_table void) in - (let unsigned_int_P_back_142_alloc_table = ref (any_alloc_table void) in - (let unsigned_int_P_idx_140_alloc_table = ref (any_alloc_table void) in - (let int_P_val_145_alloc_table = ref (any_alloc_table void) in - (let int_P_val_141_alloc_table = ref (any_alloc_table void) in + (let intP_val_141_tag_table = ref (any_tag_table void) in + (let intP_val_145_tag_table = ref (any_tag_table void) in + (let unsigned_intP_idx_140_tag_table = ref (any_tag_table void) in + (let unsigned_intP_back_142_tag_table = ref (any_tag_table void) in + (let unsigned_intP_idx_144_tag_table = ref (any_tag_table void) in + (let unsigned_intP_back_146_tag_table = ref (any_tag_table void) in + (let unsigned_intP_back_146_alloc_table = ref (any_alloc_table void) in + (let unsigned_intP_idx_144_alloc_table = ref (any_alloc_table void) in + (let unsigned_intP_back_142_alloc_table = ref (any_alloc_table void) in + (let unsigned_intP_idx_140_alloc_table = ref (any_alloc_table void) in + (let intP_val_145_alloc_table = ref (any_alloc_table void) in + (let intP_val_141_alloc_table = ref (any_alloc_table void) in (let SparseArray_b_31_alloc_table = ref (any_alloc_table void) in (let SparseArray_a_2_30_alloc_table = ref (any_alloc_table void) in (let a_2_0 = ref (any_pointer void) in @@ -4118,96 +4053,96 @@ (a_2_0 := (C_86: (let jessie_ = (safe_uint32_of_integer_ (10)) in (JC_143: - (((((((((((((((((create_requires jessie_) unsigned_int_P_back_142_alloc_table) unsigned_int_P_idx_140_alloc_table) int_P_val_141_alloc_table) SparseArray_a_2_30_alloc_table) unsigned_int_P_back_142_tag_table) unsigned_int_P_idx_140_tag_table) int_P_val_141_tag_table) SparseArray_a_2_30_tag_table) SparseArray_sz_0_a_2_30) SparseArray_n_a_2_30) SparseArray_back_a_2_30) SparseArray_idx_a_2_30) SparseArray_val_a_2_30) !int_P_int_M_val_141) !unsigned_int_P_unsigned_int_M_back_142) !unsigned_int_P_unsigned_int_M_idx_140))))) in + (((((((((((((((((create_requires jessie_) unsigned_intP_back_142_alloc_table) unsigned_intP_idx_140_alloc_table) intP_val_141_alloc_table) SparseArray_a_2_30_alloc_table) unsigned_intP_back_142_tag_table) unsigned_intP_idx_140_tag_table) intP_val_141_tag_table) SparseArray_a_2_30_tag_table) SparseArray_sz_0_a_2_30) SparseArray_n_a_2_30) SparseArray_back_a_2_30) SparseArray_idx_a_2_30) SparseArray_val_a_2_30) !intP_intM_val_141) !unsigned_intP_unsigned_intM_back_142) !unsigned_intP_unsigned_intM_idx_140))))) in void); (let jessie_ = (b := (C_88: (let jessie_ = (safe_uint32_of_integer_ (20)) in (JC_144: - (((((((((((((((((create_requires jessie_) unsigned_int_P_back_146_alloc_table) unsigned_int_P_idx_144_alloc_table) int_P_val_145_alloc_table) SparseArray_b_31_alloc_table) unsigned_int_P_back_146_tag_table) unsigned_int_P_idx_144_tag_table) int_P_val_145_tag_table) SparseArray_b_31_tag_table) SparseArray_sz_0_b_31) SparseArray_n_b_31) SparseArray_back_b_31) SparseArray_idx_b_31) SparseArray_val_b_31) !int_P_int_M_val_145) !unsigned_int_P_unsigned_int_M_back_146) !unsigned_int_P_unsigned_int_M_idx_144))))) in + (((((((((((((((((create_requires jessie_) unsigned_intP_back_146_alloc_table) unsigned_intP_idx_144_alloc_table) intP_val_145_alloc_table) SparseArray_b_31_alloc_table) unsigned_intP_back_146_tag_table) unsigned_intP_idx_144_tag_table) intP_val_145_tag_table) SparseArray_b_31_tag_table) SparseArray_sz_0_b_31) SparseArray_n_b_31) SparseArray_back_b_31) SparseArray_idx_b_31) SparseArray_val_b_31) !intP_intM_val_145) !unsigned_intP_unsigned_intM_back_146) !unsigned_intP_unsigned_intM_idx_144))))) in void); (let jessie_ = (x_0 := (C_90: (let jessie_ = !a_2_0 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (JC_145: - ((((((((((((((get_requires jessie_) jessie_) !unsigned_int_P_back_142_alloc_table) !unsigned_int_P_idx_140_alloc_table) !int_P_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !int_P_int_M_val_141) !unsigned_int_P_unsigned_int_M_back_142) !unsigned_int_P_unsigned_int_M_idx_140)))))) in + ((((((((((((((get_requires jessie_) jessie_) !unsigned_intP_back_142_alloc_table) !unsigned_intP_idx_140_alloc_table) !intP_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !intP_intM_val_141) !unsigned_intP_unsigned_intM_back_142) !unsigned_intP_unsigned_intM_idx_140)))))) in void); (let jessie_ = (y := (C_92: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (JC_146: - ((((((((((((((get_requires jessie_) jessie_) !unsigned_int_P_back_146_alloc_table) !unsigned_int_P_idx_144_alloc_table) !int_P_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !int_P_int_M_val_145) !unsigned_int_P_unsigned_int_M_back_146) !unsigned_int_P_unsigned_int_M_idx_144)))))) in + ((((((((((((((get_requires jessie_) jessie_) !unsigned_intP_back_146_alloc_table) !unsigned_intP_idx_144_alloc_table) !intP_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !intP_intM_val_145) !unsigned_intP_unsigned_intM_back_146) !unsigned_intP_unsigned_intM_idx_144)))))) in void); [ { } unit reads x_0,y { (JC_149: - ((JC_147: eq_int(integer_of_int32(x_0), (0))) - and (JC_148: eq_int(integer_of_int32(y), (0))))) } ]; void; + ((JC_147: (integer_of_int32(x_0) = (0))) + and (JC_148: (integer_of_int32(y) = (0))))) } ]; void; (let jessie_ = !a_2_0 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (let jessie_ = (safe_int32_of_integer_ (1)) in (JC_150: - (((((((((((((((set_requires jessie_) jessie_) jessie_) SparseArray_n_a_2_30) int_P_int_M_val_141) unsigned_int_P_unsigned_int_M_back_142) unsigned_int_P_unsigned_int_M_idx_140) !unsigned_int_P_back_142_alloc_table) !unsigned_int_P_idx_140_alloc_table) !int_P_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30))))); + (((((((((((((((set_requires jessie_) jessie_) jessie_) SparseArray_n_a_2_30) intP_intM_val_141) unsigned_intP_unsigned_intM_back_142) unsigned_intP_unsigned_intM_idx_140) !unsigned_intP_back_142_alloc_table) !unsigned_intP_idx_140_alloc_table) !intP_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30))))); (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (let jessie_ = (safe_int32_of_integer_ (2)) in (JC_151: - (((((((((((((((set_requires jessie_) jessie_) jessie_) SparseArray_n_b_31) int_P_int_M_val_145) unsigned_int_P_unsigned_int_M_back_146) unsigned_int_P_unsigned_int_M_idx_144) !unsigned_int_P_back_146_alloc_table) !unsigned_int_P_idx_144_alloc_table) !int_P_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31))))); + (((((((((((((((set_requires jessie_) jessie_) jessie_) SparseArray_n_b_31) intP_intM_val_145) unsigned_intP_unsigned_intM_back_146) unsigned_intP_unsigned_intM_idx_144) !unsigned_intP_back_146_alloc_table) !unsigned_intP_idx_144_alloc_table) !intP_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31))))); (let jessie_ = (x_0 := (C_99: (let jessie_ = !a_2_0 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (JC_152: - ((((((((((((((get_requires jessie_) jessie_) !unsigned_int_P_back_142_alloc_table) !unsigned_int_P_idx_140_alloc_table) !int_P_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !int_P_int_M_val_141) !unsigned_int_P_unsigned_int_M_back_142) !unsigned_int_P_unsigned_int_M_idx_140)))))) in + ((((((((((((((get_requires jessie_) jessie_) !unsigned_intP_back_142_alloc_table) !unsigned_intP_idx_140_alloc_table) !intP_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !intP_intM_val_141) !unsigned_intP_unsigned_intM_back_142) !unsigned_intP_unsigned_intM_idx_140)))))) in void); (let jessie_ = (y := (C_101: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (JC_153: - ((((((((((((((get_requires jessie_) jessie_) !unsigned_int_P_back_146_alloc_table) !unsigned_int_P_idx_144_alloc_table) !int_P_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !int_P_int_M_val_145) !unsigned_int_P_unsigned_int_M_back_146) !unsigned_int_P_unsigned_int_M_idx_144)))))) in + ((((((((((((((get_requires jessie_) jessie_) !unsigned_intP_back_146_alloc_table) !unsigned_intP_idx_144_alloc_table) !intP_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !intP_intM_val_145) !unsigned_intP_unsigned_intM_back_146) !unsigned_intP_unsigned_intM_idx_144)))))) in void); [ { } unit reads x_0,y { (JC_156: - ((JC_154: eq_int(integer_of_int32(x_0), (1))) - and (JC_155: eq_int(integer_of_int32(y), (2))))) } ]; void; + ((JC_154: (integer_of_int32(x_0) = (1))) + and (JC_155: (integer_of_int32(y) = (2))))) } ]; void; (let jessie_ = (x_0 := (C_106: (let jessie_ = !a_2_0 in (let jessie_ = (safe_uint32_of_integer_ (0)) in (JC_157: - ((((((((((((((get_requires jessie_) jessie_) !unsigned_int_P_back_142_alloc_table) !unsigned_int_P_idx_140_alloc_table) !int_P_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !int_P_int_M_val_141) !unsigned_int_P_unsigned_int_M_back_142) !unsigned_int_P_unsigned_int_M_idx_140)))))) in + ((((((((((((((get_requires jessie_) jessie_) !unsigned_intP_back_142_alloc_table) !unsigned_intP_idx_140_alloc_table) !intP_val_141_alloc_table) !SparseArray_a_2_30_alloc_table) !SparseArray_sz_0_a_2_30) !SparseArray_n_a_2_30) !SparseArray_back_a_2_30) !SparseArray_idx_a_2_30) !SparseArray_val_a_2_30) !intP_intM_val_141) !unsigned_intP_unsigned_intM_back_142) !unsigned_intP_unsigned_intM_idx_140)))))) in void); (let jessie_ = (y := (C_108: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (0)) in (JC_158: - ((((((((((((((get_requires jessie_) jessie_) !unsigned_int_P_back_146_alloc_table) !unsigned_int_P_idx_144_alloc_table) !int_P_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !int_P_int_M_val_145) !unsigned_int_P_unsigned_int_M_back_146) !unsigned_int_P_unsigned_int_M_idx_144)))))) in + ((((((((((((((get_requires jessie_) jessie_) !unsigned_intP_back_146_alloc_table) !unsigned_intP_idx_144_alloc_table) !intP_val_145_alloc_table) !SparseArray_b_31_alloc_table) !SparseArray_sz_0_b_31) !SparseArray_n_b_31) !SparseArray_back_b_31) !SparseArray_idx_b_31) !SparseArray_val_b_31) !intP_intM_val_145) !unsigned_intP_unsigned_intM_back_146) !unsigned_intP_unsigned_intM_idx_144)))))) in void); [ { } unit reads x_0,y { (JC_161: - ((JC_159: eq_int(integer_of_int32(x_0), (0))) - and (JC_160: eq_int(integer_of_int32(y), (0))))) } ]; void; + ((JC_159: (integer_of_int32(x_0) = (0))) + and (JC_160: (integer_of_int32(y) = (0))))) } ]; void; (let jessie_ = (__retres_0 := (safe_int32_of_integer_ (0))) in void); (return := !__retres_0); (raise Return) end)))))))))))))))))))))))))))))))))))))))))))))))); absurd end with Return -> !return end)) { true } let set_ensures_default = - fun (a_0_0 : SparseArray pointer) (i_0_0 : uint32) (v : int32) (unsigned_int_P_unsigned_int_M_idx_28 : (unsigned_int_P, uint32) memory ref) (unsigned_int_P_unsigned_int_M_back_29 : (unsigned_int_P, uint32) memory ref) (int_P_int_M_val_27 : (int_P, int32) memory ref) (SparseArray_n_a_0_7 : (SparseArray, uint32) memory ref) (SparseArray_a_0_7_alloc_table : SparseArray alloc_table) (int_P_val_27_alloc_table : int_P alloc_table) (unsigned_int_P_idx_28_alloc_table : unsigned_int_P alloc_table) (unsigned_int_P_back_29_alloc_table : unsigned_int_P alloc_table) (SparseArray_val_a_0_7 : (SparseArray, int_P pointer) memory) (SparseArray_idx_a_0_7 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_back_a_0_7 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_sz_0_a_0_7 : (SparseArray, uint32) memory) -> + fun (a_0_0 : SparseArray pointer) (i_0_0 : uint32) (v : int32) (unsigned_intP_unsigned_intM_idx_28 : (unsigned_intP, uint32) memory ref) (unsigned_intP_unsigned_intM_back_29 : (unsigned_intP, uint32) memory ref) (intP_intM_val_27 : (intP, int32) memory ref) (SparseArray_n_a_0_7 : (SparseArray, uint32) memory ref) (SparseArray_a_0_7_alloc_table : SparseArray alloc_table) (intP_val_27_alloc_table : intP alloc_table) (unsigned_intP_idx_28_alloc_table : unsigned_intP alloc_table) (unsigned_intP_back_29_alloc_table : unsigned_intP alloc_table) (SparseArray_val_a_0_7 : (SparseArray, intP pointer) memory) (SparseArray_idx_a_0_7 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_back_a_0_7 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_sz_0_a_0_7 : (SparseArray, uint32) memory) -> { (JC_91: ((JC_87: le_int(offset_min(SparseArray_a_0_7_alloc_table, a_0_0), (0))) and ((JC_88: ge_int(offset_max(SparseArray_a_0_7_alloc_table, a_0_0), (0))) and ((JC_89: - inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) + unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and (JC_90: le_int(integer_of_uint32(i_0_0), sub_int(integer_of_uint32(select(SparseArray_sz_0_a_0_7, @@ -4217,10 +4152,8 @@ try begin try - (let jessie_ = begin try - (let jessie_ = (C_49: begin (let jessie_ = @@ -4229,10 +4162,9 @@ (C_46: ((safe_acc_ SparseArray_val_a_0_7) a_0_0)) in (let jessie_ = (integer_of_uint32 i_0_0) in (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ int_P_int_M_val_27) jessie_) jessie_))))) in - void); + (((safe_upd_ intP_intM_val_27) jessie_) jessie_))))) in void); (if ((lt_int_ (integer_of_uint32 (C_59: - ((safe_acc_ !unsigned_int_P_unsigned_int_M_idx_28) + ((safe_acc_ !unsigned_intP_unsigned_intM_idx_28) (C_58: ((shift (C_57: ((safe_acc_ SparseArray_idx_a_0_7) a_0_0))) @@ -4241,23 +4173,22 @@ ((safe_acc_ !SparseArray_n_a_0_7) a_0_0)))) then (if ((eq_int_ (integer_of_uint32 (C_55: - ((safe_acc_ !unsigned_int_P_unsigned_int_M_back_29) + ((safe_acc_ !unsigned_intP_unsigned_intM_back_29) (C_54: ((shift (C_53: ((safe_acc_ SparseArray_back_a_0_7) a_0_0))) (integer_of_uint32 (C_52: - ((safe_acc_ !unsigned_int_P_unsigned_int_M_idx_28) + ((safe_acc_ !unsigned_intP_unsigned_intM_idx_28) (C_51: ((shift (C_50: ((safe_acc_ SparseArray_idx_a_0_7) a_0_0))) (integer_of_uint32 i_0_0)))))))))))) (integer_of_uint32 i_0_0)) then void - else (let jessie_ = (raise (Goto__LAND_exc void)) in void)) - else (let jessie_ = (raise (Goto__LAND_exc void)) in void)); - (let jessie_ = (raise (Goto__LAND_0_exc void)) in void); - (raise (Goto__LAND_exc void)) end) in void) with - Goto__LAND_exc jessie_ -> + else (raise (Goto__LAND_exc void))) + else (raise (Goto__LAND_exc void))); + (raise (Goto__LAND_0_exc void)); (raise (Goto__LAND_exc void)) end) + with Goto__LAND_exc jessie_ -> (let jessie_ = (_LAND: (C_65: @@ -4275,7 +4206,7 @@ (C_62: ((safe_acc_ SparseArray_idx_a_0_7) a_0_0)) in (let jessie_ = (integer_of_uint32 i_0_0) in (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ unsigned_int_P_unsigned_int_M_idx_28) jessie_) jessie_))))) in + (((safe_upd_ unsigned_intP_unsigned_intM_idx_28) jessie_) jessie_))))) in void); (let jessie_ = (let jessie_ = i_0_0 in @@ -4284,7 +4215,7 @@ (let jessie_ = (integer_of_uint32 (C_66: ((safe_acc_ !SparseArray_n_a_0_7) a_0_0))) in (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ unsigned_int_P_unsigned_int_M_back_29) jessie_) jessie_))))) in + (((safe_upd_ unsigned_intP_unsigned_intM_back_29) jessie_) jessie_))))) in void); (C_75: (let jessie_ = @@ -4296,76 +4227,74 @@ (let jessie_ = a_0_0 in (((safe_upd_ SparseArray_n_a_0_7) jessie_) jessie_)); jessie_ end)) end))) in void) end; - (raise (Goto__LAND_0_exc void)) end in void) with - Goto__LAND_0_exc jessie_ -> + (raise (Goto__LAND_0_exc void)) end with Goto__LAND_0_exc jessie_ -> (_LAND_0: begin void; (raise Return) end) end; (raise Return) end with Return -> void end) { (JC_102: ((JC_96: ((JC_93: - inv(a_0_0@, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ((JC_94: - eq_int(model(a_0_0@, integer_of_uint32(i_0_0@), - SparseArray_n_a_0_7, SparseArray_back_a_0_7, - SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - int_P_int_M_val_27, unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29), - integer_of_int32(v@))) + (model(a_0_0, integer_of_uint32(i_0_0), SparseArray_n_a_0_7, + SparseArray_back_a_0_7, SparseArray_idx_a_0_7, + SparseArray_val_a_0_7, intP_intM_val_27, + unsigned_intP_unsigned_intM_idx_28, + unsigned_intP_unsigned_intM_back_29) = integer_of_int32(v))) and (JC_95: (forall j:int. - (neq_int(j, integer_of_uint32(i_0_0@)) -> - eq_int(model(a_0_0@, j, SparseArray_n_a_0_7, - SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, int_P_int_M_val_27, - unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29), - model(a_0_0@, j@, SparseArray_n_a_0_7@, - SparseArray_back_a_0_7@, SparseArray_idx_a_0_7@, - SparseArray_val_a_0_7@, int_P_int_M_val_27@, - unsigned_int_P_unsigned_int_M_idx_28@, - unsigned_int_P_unsigned_int_M_back_29@)))))))) + ((j <> integer_of_uint32(i_0_0)) -> + (model(a_0_0, j, SparseArray_n_a_0_7, SparseArray_back_a_0_7, + SparseArray_idx_a_0_7, SparseArray_val_a_0_7, + intP_intM_val_27, unsigned_intP_unsigned_intM_idx_28, + unsigned_intP_unsigned_intM_back_29) = model(a_0_0, j, + SparseArray_n_a_0_7@, + SparseArray_back_a_0_7, + SparseArray_idx_a_0_7, + SparseArray_val_a_0_7, + intP_intM_val_27@, + unsigned_intP_unsigned_intM_idx_28@, + unsigned_intP_unsigned_intM_back_29@)))))))) and (JC_101: ((((JC_97: - not_assigns(unsigned_int_P_idx_28_alloc_table@, - unsigned_int_P_unsigned_int_M_idx_28@, - unsigned_int_P_unsigned_int_M_idx_28, - pset_all(pset_deref(SparseArray_idx_a_0_7@, - pset_singleton(a_0_0@))))) + not_assigns(unsigned_intP_idx_28_alloc_table, + unsigned_intP_unsigned_intM_idx_28@, + unsigned_intP_unsigned_intM_idx_28, + pset_all(pset_deref(SparseArray_idx_a_0_7, pset_singleton(a_0_0))))) and (JC_98: - not_assigns(unsigned_int_P_back_29_alloc_table@, - unsigned_int_P_unsigned_int_M_back_29@, - unsigned_int_P_unsigned_int_M_back_29, - pset_all(pset_deref(SparseArray_back_a_0_7@, - pset_singleton(a_0_0@)))))) + not_assigns(unsigned_intP_back_29_alloc_table, + unsigned_intP_unsigned_intM_back_29@, + unsigned_intP_unsigned_intM_back_29, + pset_all(pset_deref(SparseArray_back_a_0_7, + pset_singleton(a_0_0)))))) and (JC_99: - not_assigns(int_P_val_27_alloc_table@, int_P_int_M_val_27@, - int_P_int_M_val_27, - pset_range(pset_deref(SparseArray_val_a_0_7@, - pset_singleton(a_0_0@)), - integer_of_uint32(i_0_0@), integer_of_uint32(i_0_0@))))) + not_assigns(intP_val_27_alloc_table, intP_intM_val_27@, + intP_intM_val_27, + pset_range(pset_deref(SparseArray_val_a_0_7, + pset_singleton(a_0_0)), + integer_of_uint32(i_0_0), integer_of_uint32(i_0_0))))) and (JC_100: - not_assigns(SparseArray_a_0_7_alloc_table@, SparseArray_n_a_0_7@, - SparseArray_n_a_0_7, pset_singleton(a_0_0@))))))) } + not_assigns(SparseArray_a_0_7_alloc_table, SparseArray_n_a_0_7@, + SparseArray_n_a_0_7, pset_singleton(a_0_0))))))) } let set_safety = - fun (a_0_0 : SparseArray pointer) (i_0_0 : uint32) (v : int32) (unsigned_int_P_unsigned_int_M_idx_28 : (unsigned_int_P, uint32) memory ref) (unsigned_int_P_unsigned_int_M_back_29 : (unsigned_int_P, uint32) memory ref) (int_P_int_M_val_27 : (int_P, int32) memory ref) (SparseArray_n_a_0_7 : (SparseArray, uint32) memory ref) (SparseArray_a_0_7_alloc_table : SparseArray alloc_table) (int_P_val_27_alloc_table : int_P alloc_table) (unsigned_int_P_idx_28_alloc_table : unsigned_int_P alloc_table) (unsigned_int_P_back_29_alloc_table : unsigned_int_P alloc_table) (SparseArray_val_a_0_7 : (SparseArray, int_P pointer) memory) (SparseArray_idx_a_0_7 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_back_a_0_7 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_sz_0_a_0_7 : (SparseArray, uint32) memory) -> + fun (a_0_0 : SparseArray pointer) (i_0_0 : uint32) (v : int32) (unsigned_intP_unsigned_intM_idx_28 : (unsigned_intP, uint32) memory ref) (unsigned_intP_unsigned_intM_back_29 : (unsigned_intP, uint32) memory ref) (intP_intM_val_27 : (intP, int32) memory ref) (SparseArray_n_a_0_7 : (SparseArray, uint32) memory ref) (SparseArray_a_0_7_alloc_table : SparseArray alloc_table) (intP_val_27_alloc_table : intP alloc_table) (unsigned_intP_idx_28_alloc_table : unsigned_intP alloc_table) (unsigned_intP_back_29_alloc_table : unsigned_intP alloc_table) (SparseArray_val_a_0_7 : (SparseArray, intP pointer) memory) (SparseArray_idx_a_0_7 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_back_a_0_7 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_sz_0_a_0_7 : (SparseArray, uint32) memory) -> { (JC_91: ((JC_87: le_int(offset_min(SparseArray_a_0_7_alloc_table, a_0_0), (0))) and ((JC_88: ge_int(offset_max(SparseArray_a_0_7_alloc_table, a_0_0), (0))) and ((JC_89: - inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) + unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and (JC_90: le_int(integer_of_uint32(i_0_0), sub_int(integer_of_uint32(select(SparseArray_sz_0_a_0_7, @@ -4375,10 +4304,8 @@ try begin try - (let jessie_ = begin try - (let jessie_ = (C_49: begin (let jessie_ = @@ -4390,11 +4317,11 @@ (let jessie_ = (integer_of_uint32 i_0_0) in (let jessie_ = ((shift jessie_) jessie_) in (JC_116: - (((((offset_upd_ int_P_val_27_alloc_table) int_P_int_M_val_27) jessie_) jessie_) jessie_)))))) in + (((((offset_upd_ intP_val_27_alloc_table) intP_intM_val_27) jessie_) jessie_) jessie_)))))) in void); (if ((lt_int_ (integer_of_uint32 (C_59: (JC_118: - ((((offset_acc_ unsigned_int_P_idx_28_alloc_table) !unsigned_int_P_unsigned_int_M_idx_28) + ((((offset_acc_ unsigned_intP_idx_28_alloc_table) !unsigned_intP_unsigned_intM_idx_28) (C_57: (JC_117: (((acc_ SparseArray_a_0_7_alloc_table) SparseArray_idx_a_0_7) a_0_0)))) @@ -4405,23 +4332,22 @@ then (if ((eq_int_ (integer_of_uint32 (C_55: (JC_123: - ((((offset_acc_ unsigned_int_P_back_29_alloc_table) !unsigned_int_P_unsigned_int_M_back_29) + ((((offset_acc_ unsigned_intP_back_29_alloc_table) !unsigned_intP_unsigned_intM_back_29) (C_53: (JC_122: (((acc_ SparseArray_a_0_7_alloc_table) SparseArray_back_a_0_7) a_0_0)))) (integer_of_uint32 (C_52: (JC_121: - ((((offset_acc_ unsigned_int_P_idx_28_alloc_table) !unsigned_int_P_unsigned_int_M_idx_28) + ((((offset_acc_ unsigned_intP_idx_28_alloc_table) !unsigned_intP_unsigned_intM_idx_28) (C_50: (JC_120: (((acc_ SparseArray_a_0_7_alloc_table) SparseArray_idx_a_0_7) a_0_0)))) (integer_of_uint32 i_0_0)))))))))) (integer_of_uint32 i_0_0)) then void - else (let jessie_ = (raise (Goto__LAND_exc void)) in void)) - else (let jessie_ = (raise (Goto__LAND_exc void)) in void)); - (let jessie_ = (raise (Goto__LAND_0_exc void)) in void); - (raise (Goto__LAND_exc void)) end) in void) with - Goto__LAND_exc jessie_ -> + else (raise (Goto__LAND_exc void))) + else (raise (Goto__LAND_exc void))); + (raise (Goto__LAND_0_exc void)); (raise (Goto__LAND_exc void)) end) + with Goto__LAND_exc jessie_ -> (let jessie_ = (_LAND: (C_65: @@ -4444,7 +4370,7 @@ (let jessie_ = (integer_of_uint32 i_0_0) in (let jessie_ = ((shift jessie_) jessie_) in (JC_127: - (((((offset_upd_ unsigned_int_P_idx_28_alloc_table) unsigned_int_P_unsigned_int_M_idx_28) jessie_) jessie_) jessie_)))))) in + (((((offset_upd_ unsigned_intP_idx_28_alloc_table) unsigned_intP_unsigned_intM_idx_28) jessie_) jessie_) jessie_)))))) in void); (let jessie_ = (let jessie_ = i_0_0 in @@ -4458,7 +4384,7 @@ (((acc_ SparseArray_a_0_7_alloc_table) !SparseArray_n_a_0_7) a_0_0)))) in (let jessie_ = ((shift jessie_) jessie_) in (JC_130: - (((((offset_upd_ unsigned_int_P_back_29_alloc_table) unsigned_int_P_unsigned_int_M_back_29) jessie_) jessie_) jessie_)))))) in + (((((offset_upd_ unsigned_intP_back_29_alloc_table) unsigned_intP_unsigned_intM_back_29) jessie_) jessie_) jessie_)))))) in void); (C_75: (let jessie_ = @@ -4473,8 +4399,7 @@ (JC_133: ((((upd_ SparseArray_a_0_7_alloc_table) SparseArray_n_a_0_7) jessie_) jessie_))); jessie_ end)) end))) in void) end; - (raise (Goto__LAND_0_exc void)) end in void) with - Goto__LAND_0_exc jessie_ -> + (raise (Goto__LAND_0_exc void)) end with Goto__LAND_0_exc jessie_ -> (_LAND_0: begin void; (raise Return) end) end; (raise Return) end with Return -> void end) { true } @@ -5413,21 +5338,21 @@ type SparseArray -type char_P +type charP type int32 type int8 -type int_P +type intP type padding type uint32 -type unsigned_int_P +type unsigned_intP -type void_P +type voidP logic SparseArray_tag : SparseArray tag_id @@ -5446,22 +5371,22 @@ (forall SparseArray_tag_table:SparseArray tag_table. instanceof(SparseArray_tag_table, x, SparseArray_tag))) -logic char_P_tag : char_P tag_id +logic charP_tag : charP tag_id -axiom char_P_int: (int_of_tag(char_P_tag) = 1) +axiom charP_int: (int_of_tag(charP_tag) = 1) -logic char_P_of_pointer_address : unit pointer -> char_P pointer +logic charP_of_pointer_address : unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr: - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom: parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) -axiom char_P_tags: - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. instanceof(char_P_tag_table, - x, char_P_tag))) +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) logic integer_of_int32 : int32 -> int @@ -5485,6 +5410,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -5497,61 +5427,63 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_int8(int8_of_integer(x)) = x))) +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + axiom int8_range: (forall x:int8. (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) -logic int_P_tag : int_P tag_id +logic intP_tag : intP tag_id -axiom int_P_int: (int_of_tag(int_P_tag) = 1) +axiom intP_int: (int_of_tag(intP_tag) = 1) -logic int_P_of_pointer_address : unit pointer -> int_P pointer +logic intP_of_pointer_address : unit pointer -> intP pointer -axiom int_P_of_pointer_address_of_pointer_addr: - (forall p:int_P pointer. - (p = int_P_of_pointer_address(pointer_address(p)))) +axiom intP_of_pointer_address_of_pointer_addr: + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) -axiom int_P_parenttag_bottom: parenttag(int_P_tag, bottom_tag) +axiom intP_parenttag_bottom: parenttag(intP_tag, bottom_tag) -axiom int_P_tags: - (forall x:int_P pointer. - (forall int_P_tag_table:int_P tag_table. instanceof(int_P_tag_table, x, - int_P_tag))) +axiom intP_tags: + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. instanceof(intP_tag_table, x, + intP_tag))) predicate inv(a_3: SparseArray pointer, - unsigned_int_P_back_15_alloc_table_at_L: unsigned_int_P alloc_table, - unsigned_int_P_idx_14_alloc_table_at_L: unsigned_int_P alloc_table, - int_P_val_13_alloc_table_at_L: int_P alloc_table, + unsigned_intP_back_15_alloc_table_at_L: unsigned_intP alloc_table, + unsigned_intP_idx_14_alloc_table_at_L: unsigned_intP alloc_table, + intP_val_13_alloc_table_at_L: intP alloc_table, SparseArray_a_3_3_alloc_table_at_L: SparseArray alloc_table, SparseArray_sz_0_a_3_3_at_L: (SparseArray, uint32) memory, SparseArray_n_a_3_3_at_L: (SparseArray, uint32) memory, - SparseArray_back_a_3_3_at_L: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx_a_3_3_at_L: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_val_a_3_3_at_L: (SparseArray, int_P pointer) memory, - unsigned_int_P_unsigned_int_M_back_15_at_L: (unsigned_int_P, - uint32) memory, unsigned_int_P_unsigned_int_M_idx_14_at_L: (unsigned_int_P, - uint32) memory) = + SparseArray_back_a_3_3_at_L: (SparseArray, unsigned_intP pointer) memory, + SparseArray_idx_a_3_3_at_L: (SparseArray, unsigned_intP pointer) memory, + SparseArray_val_a_3_3_at_L: (SparseArray, intP pointer) memory, + unsigned_intP_unsigned_intM_back_15_at_L: (unsigned_intP, uint32) memory, + unsigned_intP_unsigned_intM_idx_14_at_L: (unsigned_intP, uint32) memory) = ((offset_min(SparseArray_a_3_3_alloc_table_at_L, a_3) <= 0) and ((offset_max(SparseArray_a_3_3_alloc_table_at_L, a_3) >= 0) and ((0 <= integer_of_uint32(select(SparseArray_n_a_3_3_at_L, a_3))) and ((integer_of_uint32(select(SparseArray_n_a_3_3_at_L, a_3)) <= integer_of_uint32(select(SparseArray_sz_0_a_3_3_at_L, a_3))) and - ((offset_min(int_P_val_13_alloc_table_at_L, + ((offset_min(intP_val_13_alloc_table_at_L, select(SparseArray_val_a_3_3_at_L, a_3)) <= 0) and - ((offset_max(int_P_val_13_alloc_table_at_L, + ((offset_max(intP_val_13_alloc_table_at_L, select(SparseArray_val_a_3_3_at_L, a_3)) >= (integer_of_uint32(select(SparseArray_sz_0_a_3_3_at_L, a_3)) - 1)) and - ((offset_min(unsigned_int_P_idx_14_alloc_table_at_L, + ((offset_min(unsigned_intP_idx_14_alloc_table_at_L, select(SparseArray_idx_a_3_3_at_L, a_3)) <= 0) and - ((offset_max(unsigned_int_P_idx_14_alloc_table_at_L, + ((offset_max(unsigned_intP_idx_14_alloc_table_at_L, select(SparseArray_idx_a_3_3_at_L, a_3)) >= (integer_of_uint32(select(SparseArray_sz_0_a_3_3_at_L, a_3)) - 1)) and - ((offset_min(unsigned_int_P_back_15_alloc_table_at_L, + ((offset_min(unsigned_intP_back_15_alloc_table_at_L, select(SparseArray_back_a_3_3_at_L, a_3)) <= 0) and - ((offset_max(unsigned_int_P_back_15_alloc_table_at_L, + ((offset_max(unsigned_intP_back_15_alloc_table_at_L, select(SparseArray_back_a_3_3_at_L, a_3)) >= (integer_of_uint32(select(SparseArray_sz_0_a_3_3_at_L, a_3)) - 1)) and @@ -5559,154 +5491,99 @@ (((0 <= i_3) and (i_3 < integer_of_uint32(select(SparseArray_n_a_3_3_at_L, a_3)))) -> - ((0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_back_15_at_L, + ((0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_back_15_at_L, shift(select(SparseArray_back_a_3_3_at_L, a_3), i_3)))) and - ((integer_of_uint32(select(unsigned_int_P_unsigned_int_M_back_15_at_L, + ((integer_of_uint32(select(unsigned_intP_unsigned_intM_back_15_at_L, shift(select(SparseArray_back_a_3_3_at_L, a_3), i_3))) < integer_of_uint32(select(SparseArray_sz_0_a_3_3_at_L, a_3))) and - (integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_14_at_L, + (integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_14_at_L, shift(select(SparseArray_idx_a_3_3_at_L, a_3), - integer_of_uint32(select(unsigned_int_P_unsigned_int_M_back_15_at_L, + integer_of_uint32(select(unsigned_intP_unsigned_intM_back_15_at_L, shift(select(SparseArray_back_a_3_3_at_L, a_3), i_3)))))) = i_3))))))))))))))) predicate is_elt(a: SparseArray pointer, i: int, SparseArray_n_a_1_at_L: (SparseArray, uint32) memory, - SparseArray_back_a_1_at_L: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx_a_1_at_L: (SparseArray, unsigned_int_P pointer) memory, - unsigned_int_P_unsigned_int_M_back_9_at_L: (unsigned_int_P, uint32) memory, - unsigned_int_P_unsigned_int_M_idx_8_at_L: (unsigned_int_P, - uint32) memory) = - ((0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_8_at_L, + SparseArray_back_a_1_at_L: (SparseArray, unsigned_intP pointer) memory, + SparseArray_idx_a_1_at_L: (SparseArray, unsigned_intP pointer) memory, + unsigned_intP_unsigned_intM_back_9_at_L: (unsigned_intP, uint32) memory, + unsigned_intP_unsigned_intM_idx_8_at_L: (unsigned_intP, uint32) memory) = + ((0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_8_at_L, shift(select(SparseArray_idx_a_1_at_L, a), i)))) and - ((integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_8_at_L, + ((integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_8_at_L, shift(select(SparseArray_idx_a_1_at_L, a), i))) < integer_of_uint32(select(SparseArray_n_a_1_at_L, a))) and - (integer_of_uint32(select(unsigned_int_P_unsigned_int_M_back_9_at_L, + (integer_of_uint32(select(unsigned_intP_unsigned_intM_back_9_at_L, shift(select(SparseArray_back_a_1_at_L, a), - integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_8_at_L, + integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_8_at_L, shift(select(SparseArray_idx_a_1_at_L, a), i)))))) = i))) predicate left_valid_struct_SparseArray(p: SparseArray pointer, a: int, SparseArray_alloc_table: SparseArray alloc_table) = (offset_min(SparseArray_alloc_table, p) <= a) -predicate left_valid_struct_char_P(p: char_P pointer, a: int, - char_P_alloc_table: char_P alloc_table) = (offset_min(char_P_alloc_table, +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, p) <= a) -predicate left_valid_struct_int_P(p: int_P pointer, a: int, - int_P_alloc_table: int_P alloc_table) = (offset_min(int_P_alloc_table, +predicate left_valid_struct_intP(p: intP pointer, a: int, + intP_alloc_table: intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) -predicate left_valid_struct_unsigned_int_P(p: unsigned_int_P pointer, a: int, - unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - (offset_min(unsigned_int_P_alloc_table, p) <= a) +predicate left_valid_struct_unsigned_intP(p: unsigned_intP pointer, a: int, + unsigned_intP_alloc_table: unsigned_intP alloc_table) = + (offset_min(unsigned_intP_alloc_table, p) <= a) -predicate left_valid_struct_void_P(p: void_P pointer, a: int, - void_P_alloc_table: void_P alloc_table) = (offset_min(void_P_alloc_table, +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, p) <= a) logic model : SparseArray pointer, int, (SparseArray, uint32) memory, -(SparseArray, unsigned_int_P pointer) memory, (SparseArray, -unsigned_int_P pointer) memory, (SparseArray, int_P pointer) memory, (int_P, -int32) memory, (unsigned_int_P, uint32) memory, (unsigned_int_P, +(SparseArray, unsigned_intP pointer) memory, (SparseArray, +unsigned_intP pointer) memory, (SparseArray, intP pointer) memory, (intP, +int32) memory, (unsigned_intP, uint32) memory, (unsigned_intP, uint32) memory -> int -axiom model_in: - (forall SparseArray_n_a_0_2_at_L:(SparseArray, uint32) memory. - (forall SparseArray_back_a_0_2_at_L:(SparseArray, - unsigned_int_P pointer) memory. - (forall SparseArray_idx_a_0_2_at_L:(SparseArray, - unsigned_int_P pointer) memory. - (forall SparseArray_val_a_0_2_at_L:(SparseArray, - int_P pointer) memory. - (forall int_P_int_M_val_11_at_L:(int_P, int32) memory. - (forall unsigned_int_P_unsigned_int_M_idx_35_at_L:(unsigned_int_P, - uint32) memory. - (forall unsigned_int_P_unsigned_int_M_back_34_at_L:(unsigned_int_P, - uint32) memory. - (forall a_1_0:SparseArray pointer. - (forall i_1_0:int. - (is_elt(a_1_0, i_1_0, SparseArray_n_a_0_2_at_L, - SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, - unsigned_int_P_unsigned_int_M_back_34_at_L, - unsigned_int_P_unsigned_int_M_idx_35_at_L) -> - (model(a_1_0, i_1_0, SparseArray_n_a_0_2_at_L, - SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, - SparseArray_val_a_0_2_at_L, int_P_int_M_val_11_at_L, - unsigned_int_P_unsigned_int_M_idx_35_at_L, - unsigned_int_P_unsigned_int_M_back_34_at_L) = integer_of_int32(select(int_P_int_M_val_11_at_L, - shift(select(SparseArray_val_a_0_2_at_L, a_1_0), - i_1_0)))))))))))))) - -axiom model_out: - (forall SparseArray_n_a_0_2_at_L:(SparseArray, uint32) memory. - (forall SparseArray_back_a_0_2_at_L:(SparseArray, - unsigned_int_P pointer) memory. - (forall SparseArray_idx_a_0_2_at_L:(SparseArray, - unsigned_int_P pointer) memory. - (forall SparseArray_val_a_0_2_at_L:(SparseArray, - int_P pointer) memory. - (forall int_P_int_M_val_11_at_L:(int_P, int32) memory. - (forall unsigned_int_P_unsigned_int_M_idx_35_at_L:(unsigned_int_P, - uint32) memory. - (forall unsigned_int_P_unsigned_int_M_back_34_at_L:(unsigned_int_P, - uint32) memory. - (forall a_2:SparseArray pointer. - (forall i_2:int. - ((not is_elt(a_2, i_2, SparseArray_n_a_0_2_at_L, - SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, - unsigned_int_P_unsigned_int_M_back_34_at_L, - unsigned_int_P_unsigned_int_M_idx_35_at_L)) -> - (model(a_2, i_2, SparseArray_n_a_0_2_at_L, - SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, - SparseArray_val_a_0_2_at_L, int_P_int_M_val_11_at_L, - unsigned_int_P_unsigned_int_M_idx_35_at_L, - unsigned_int_P_unsigned_int_M_back_34_at_L) = 0))))))))))) - axiom pointer_addr_of_SparseArray_of_pointer_address: (forall p:unit pointer. (p = pointer_address(SparseArray_of_pointer_address(p)))) -axiom pointer_addr_of_char_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(char_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) -axiom pointer_addr_of_int_P_of_pointer_address: - (forall p:unit pointer. (p = pointer_address(int_P_of_pointer_address(p)))) +axiom pointer_addr_of_intP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) -logic unsigned_int_P_of_pointer_address : unit pointer -> unsigned_int_P pointer +logic unsigned_intP_of_pointer_address : unit pointer -> unsigned_intP pointer -axiom pointer_addr_of_unsigned_int_P_of_pointer_address: +axiom pointer_addr_of_unsigned_intP_of_pointer_address: (forall p:unit pointer. - (p = pointer_address(unsigned_int_P_of_pointer_address(p)))) + (p = pointer_address(unsigned_intP_of_pointer_address(p)))) -logic void_P_of_pointer_address : unit pointer -> void_P pointer +logic voidP_of_pointer_address : unit pointer -> voidP pointer -axiom pointer_addr_of_void_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) predicate right_valid_struct_SparseArray(p: SparseArray pointer, b: int, SparseArray_alloc_table: SparseArray alloc_table) = (offset_max(SparseArray_alloc_table, p) >= b) -predicate right_valid_struct_char_P(p: char_P pointer, b: int, - char_P_alloc_table: char_P alloc_table) = (offset_max(char_P_alloc_table, +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, p) >= b) -predicate right_valid_struct_int_P(p: int_P pointer, b: int, - int_P_alloc_table: int_P alloc_table) = (offset_max(int_P_alloc_table, +predicate right_valid_struct_intP(p: intP pointer, b: int, + intP_alloc_table: intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) -predicate right_valid_struct_unsigned_int_P(p: unsigned_int_P pointer, - b: int, unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - (offset_max(unsigned_int_P_alloc_table, p) >= b) +predicate right_valid_struct_unsigned_intP(p: unsigned_intP pointer, b: int, + unsigned_intP_alloc_table: unsigned_intP alloc_table) = + (offset_max(unsigned_intP_alloc_table, p) >= b) -predicate right_valid_struct_void_P(p: void_P pointer, b: int, - void_P_alloc_table: void_P alloc_table) = (offset_max(void_P_alloc_table, +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, p) >= b) predicate strict_valid_root_SparseArray(p: SparseArray pointer, a: int, @@ -5714,50 +5591,50 @@ ((offset_min(SparseArray_alloc_table, p) = a) and (offset_max(SparseArray_alloc_table, p) = b)) -predicate strict_valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) and (offset_max(int_P_alloc_table, +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, p) = b)) -predicate strict_valid_root_unsigned_int_P(p: unsigned_int_P pointer, a: int, - b: int, unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) = a) and - (offset_max(unsigned_int_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) +predicate strict_valid_root_unsigned_intP(p: unsigned_intP pointer, a: int, + b: int, unsigned_intP_alloc_table: unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) = a) and + (offset_max(unsigned_intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) predicate strict_valid_struct_SparseArray(p: SparseArray pointer, a: int, b: int, SparseArray_alloc_table: SparseArray alloc_table) = ((offset_min(SparseArray_alloc_table, p) = a) and (offset_max(SparseArray_alloc_table, p) = b)) -predicate strict_valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) and (offset_max(int_P_alloc_table, +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, p) = b)) -predicate strict_valid_struct_unsigned_int_P(p: unsigned_int_P pointer, - a: int, b: int, unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) = a) and - (offset_max(unsigned_int_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) +predicate strict_valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_struct_unsigned_intP(p: unsigned_intP pointer, a: int, + b: int, unsigned_intP_alloc_table: unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) = a) and + (offset_max(unsigned_intP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) logic uint32_of_integer : int -> uint32 @@ -5766,136 +5643,168 @@ (((0 <= x) and (x <= 4294967295)) -> (integer_of_uint32(uint32_of_integer(x)) = x))) +axiom uint32_extensionality: + (forall x:uint32. + (forall y:uint32. + ((integer_of_uint32(x) = integer_of_uint32(y)) -> (x = y)))) + axiom uint32_range: (forall x:uint32. ((0 <= integer_of_uint32(x)) and (integer_of_uint32(x) <= 4294967295))) -logic unsigned_int_P_tag : unsigned_int_P tag_id +logic unsigned_intP_tag : unsigned_intP tag_id -axiom unsigned_int_P_int: (int_of_tag(unsigned_int_P_tag) = 1) +axiom unsigned_intP_int: (int_of_tag(unsigned_intP_tag) = 1) -axiom unsigned_int_P_of_pointer_address_of_pointer_addr: - (forall p:unsigned_int_P pointer. - (p = unsigned_int_P_of_pointer_address(pointer_address(p)))) +axiom unsigned_intP_of_pointer_address_of_pointer_addr: + (forall p:unsigned_intP pointer. + (p = unsigned_intP_of_pointer_address(pointer_address(p)))) -axiom unsigned_int_P_parenttag_bottom: parenttag(unsigned_int_P_tag, +axiom unsigned_intP_parenttag_bottom: parenttag(unsigned_intP_tag, bottom_tag) -axiom unsigned_int_P_tags: - (forall x:unsigned_int_P pointer. - (forall unsigned_int_P_tag_table:unsigned_int_P tag_table. - instanceof(unsigned_int_P_tag_table, x, unsigned_int_P_tag))) - -predicate valid_bitvector_struct_SparseArray(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_int_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_unsigned_int_P(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) +axiom unsigned_intP_tags: + (forall x:unsigned_intP pointer. + (forall unsigned_intP_tag_table:unsigned_intP tag_table. + instanceof(unsigned_intP_tag_table, x, unsigned_intP_tag))) predicate valid_root_SparseArray(p: SparseArray pointer, a: int, b: int, SparseArray_alloc_table: SparseArray alloc_table) = ((offset_min(SparseArray_alloc_table, p) <= a) and (offset_max(SparseArray_alloc_table, p) >= b)) -predicate valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) and (offset_max(int_P_alloc_table, +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, p) >= b)) -predicate valid_root_unsigned_int_P(p: unsigned_int_P pointer, a: int, - b: int, unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) <= a) and - (offset_max(unsigned_int_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) +predicate valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_root_unsigned_intP(p: unsigned_intP pointer, a: int, b: int, + unsigned_intP_alloc_table: unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) <= a) and + (offset_max(unsigned_intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) predicate valid_struct_SparseArray(p: SparseArray pointer, a: int, b: int, SparseArray_alloc_table: SparseArray alloc_table) = ((offset_min(SparseArray_alloc_table, p) <= a) and (offset_max(SparseArray_alloc_table, p) >= b)) -predicate valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) and (offset_max(int_P_alloc_table, +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, p) >= b)) -predicate valid_struct_unsigned_int_P(p: unsigned_int_P pointer, a: int, - b: int, unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) <= a) and - (offset_max(unsigned_int_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag : void_P tag_id - -axiom void_P_int: (int_of_tag(void_P_tag) = 1) - -axiom void_P_of_pointer_address_of_pointer_addr: - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom: parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags: - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. instanceof(void_P_tag_table, - x, void_P_tag))) +predicate valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_struct_unsigned_intP(p: unsigned_intP pointer, a: int, + b: int, unsigned_intP_alloc_table: unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) <= a) and + (offset_max(unsigned_intP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +axiom model_in: + (forall SparseArray_n_a_0_2_at_L:(SparseArray, uint32) memory. + (forall SparseArray_back_a_0_2_at_L:(SparseArray, + unsigned_intP pointer) memory. + (forall SparseArray_idx_a_0_2_at_L:(SparseArray, + unsigned_intP pointer) memory. + (forall SparseArray_val_a_0_2_at_L:(SparseArray, + intP pointer) memory. + (forall intP_intM_val_11_at_L:(intP, int32) memory. + (forall unsigned_intP_unsigned_intM_idx_35_at_L:(unsigned_intP, + uint32) memory. + (forall unsigned_intP_unsigned_intM_back_34_at_L:(unsigned_intP, + uint32) memory. + (forall a_1_0:SparseArray pointer. + (forall i_1_0:int. + (is_elt(a_1_0, i_1_0, SparseArray_n_a_0_2_at_L, + SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, + unsigned_intP_unsigned_intM_back_34_at_L, + unsigned_intP_unsigned_intM_idx_35_at_L) -> + (model(a_1_0, i_1_0, SparseArray_n_a_0_2_at_L, + SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, + SparseArray_val_a_0_2_at_L, intP_intM_val_11_at_L, + unsigned_intP_unsigned_intM_idx_35_at_L, + unsigned_intP_unsigned_intM_back_34_at_L) = integer_of_int32(select(intP_intM_val_11_at_L, + shift(select(SparseArray_val_a_0_2_at_L, a_1_0), + i_1_0)))))))))))))) + +axiom model_out: + (forall SparseArray_n_a_0_2_at_L:(SparseArray, uint32) memory. + (forall SparseArray_back_a_0_2_at_L:(SparseArray, + unsigned_intP pointer) memory. + (forall SparseArray_idx_a_0_2_at_L:(SparseArray, + unsigned_intP pointer) memory. + (forall SparseArray_val_a_0_2_at_L:(SparseArray, + intP pointer) memory. + (forall intP_intM_val_11_at_L:(intP, int32) memory. + (forall unsigned_intP_unsigned_intM_idx_35_at_L:(unsigned_intP, + uint32) memory. + (forall unsigned_intP_unsigned_intM_back_34_at_L:(unsigned_intP, + uint32) memory. + (forall a_2:SparseArray pointer. + (forall i_2:int. + ((not is_elt(a_2, i_2, SparseArray_n_a_0_2_at_L, + SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, + unsigned_intP_unsigned_intM_back_34_at_L, + unsigned_intP_unsigned_intM_idx_35_at_L)) -> (model(a_2, + i_2, SparseArray_n_a_0_2_at_L, + SparseArray_back_a_0_2_at_L, SparseArray_idx_a_0_2_at_L, + SparseArray_val_a_0_2_at_L, intP_intM_val_11_at_L, + unsigned_intP_unsigned_intM_idx_35_at_L, + unsigned_intP_unsigned_intM_back_34_at_L) = 0))))))))))) goal create_ensures_default_po_1: forall sz:uint32. - forall unsigned_int_P_unsigned_int_M_idx_20:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_20:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_22:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_22:(unsigned_intP, uint32) memory. forall SparseArray_back_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_result_4:(SparseArray, uint32) memory. forall SparseArray_result_4_alloc_table:SparseArray alloc_table. forall SparseArray_sz_0_result_4:(SparseArray, uint32) memory. forall SparseArray_val_result_4:(SparseArray, - int_P pointer) memory. - forall int_P_val_18_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_22_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_18_alloc_table:intP alloc_table. + forall unsigned_intP_back_22_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_alloc_table:unsigned_intP alloc_table. ("JC_13": (integer_of_uint32(sz) >= 0)) -> forall result:SparseArray pointer. forall SparseArray_result_4_alloc_table0:SparseArray alloc_table. @@ -5908,45 +5817,44 @@ instanceof(SparseArray_result_4_tag_table, result, SparseArray_tag)))) -> forall a_1_1:SparseArray pointer. (a_1_1 = result) -> - forall result0:int_P pointer. - forall int_P_val_18_alloc_table0:int_P alloc_table. - forall int_P_val_18_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result0, 0, (integer_of_uint32(sz) - 1), - int_P_val_18_alloc_table0) and - (alloc_extends(int_P_val_18_alloc_table, int_P_val_18_alloc_table0) and - (alloc_fresh(int_P_val_18_alloc_table, result0, - integer_of_uint32(sz)) and instanceof(int_P_val_18_tag_table, result0, - int_P_tag)))) -> + forall result0:intP pointer. + forall intP_val_18_alloc_table0:intP alloc_table. + forall intP_val_18_tag_table:intP tag_table. + (strict_valid_struct_intP(result0, 0, (integer_of_uint32(sz) - 1), + intP_val_18_alloc_table0) and + (alloc_extends(intP_val_18_alloc_table, intP_val_18_alloc_table0) and + (alloc_fresh(intP_val_18_alloc_table, result0, integer_of_uint32(sz)) and + instanceof(intP_val_18_tag_table, result0, intP_tag)))) -> forall SparseArray_val_result_4_0:(SparseArray, - int_P pointer) memory. + intP pointer) memory. (SparseArray_val_result_4_0 = store(SparseArray_val_result_4, a_1_1, result0)) -> - forall result1:unsigned_int_P pointer. - forall unsigned_int_P_idx_20_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result1, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_idx_20_alloc_table0) and - (alloc_extends(unsigned_int_P_idx_20_alloc_table, - unsigned_int_P_idx_20_alloc_table0) and - (alloc_fresh(unsigned_int_P_idx_20_alloc_table, result1, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_idx_20_tag_table, - result1, unsigned_int_P_tag)))) -> + forall result1:unsigned_intP pointer. + forall unsigned_intP_idx_20_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result1, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_idx_20_alloc_table0) and + (alloc_extends(unsigned_intP_idx_20_alloc_table, + unsigned_intP_idx_20_alloc_table0) and + (alloc_fresh(unsigned_intP_idx_20_alloc_table, result1, + integer_of_uint32(sz)) and instanceof(unsigned_intP_idx_20_tag_table, + result1, unsigned_intP_tag)))) -> forall SparseArray_idx_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_idx_result_4_0 = store(SparseArray_idx_result_4, a_1_1, result1)) -> - forall result2:unsigned_int_P pointer. - forall unsigned_int_P_back_22_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_back_22_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result2, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_back_22_alloc_table0) and - (alloc_extends(unsigned_int_P_back_22_alloc_table, - unsigned_int_P_back_22_alloc_table0) and - (alloc_fresh(unsigned_int_P_back_22_alloc_table, result2, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_back_22_tag_table, - result2, unsigned_int_P_tag)))) -> + forall result2:unsigned_intP pointer. + forall unsigned_intP_back_22_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_back_22_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result2, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_back_22_alloc_table0) and + (alloc_extends(unsigned_intP_back_22_alloc_table, + unsigned_intP_back_22_alloc_table0) and + (alloc_fresh(unsigned_intP_back_22_alloc_table, result2, + integer_of_uint32(sz)) and instanceof(unsigned_intP_back_22_tag_table, + result2, unsigned_intP_tag)))) -> forall SparseArray_back_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_back_result_4_0 = store(SparseArray_back_result_4, a_1_1, result2)) -> forall result3:uint32. @@ -5963,31 +5871,29 @@ (return = a_1_1) -> ("JC_25": ("JC_18": - ("JC_15": - ("JC_15": inv(return, unsigned_int_P_back_22_alloc_table0, - unsigned_int_P_idx_20_alloc_table0, int_P_val_18_alloc_table0, + ("JC_15": inv(return, unsigned_intP_back_22_alloc_table0, + unsigned_intP_idx_20_alloc_table0, intP_val_18_alloc_table0, SparseArray_result_4_alloc_table0, SparseArray_sz_0_result_4_0, SparseArray_n_result_4_0, SparseArray_back_result_4_0, SparseArray_idx_result_4_0, SparseArray_val_result_4_0, - unsigned_int_P_unsigned_int_M_back_22, - unsigned_int_P_unsigned_int_M_idx_20))))) + unsigned_intP_unsigned_intM_back_22, unsigned_intP_unsigned_intM_idx_20)))) goal create_ensures_default_po_2: forall sz:uint32. forall SparseArray_back_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_result_4:(SparseArray, uint32) memory. forall SparseArray_result_4_alloc_table:SparseArray alloc_table. forall SparseArray_sz_0_result_4:(SparseArray, uint32) memory. forall SparseArray_val_result_4:(SparseArray, - int_P pointer) memory. - forall int_P_val_18_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_22_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_18_alloc_table:intP alloc_table. + forall unsigned_intP_back_22_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_alloc_table:unsigned_intP alloc_table. ("JC_13": (integer_of_uint32(sz) >= 0)) -> forall result:SparseArray pointer. forall SparseArray_result_4_alloc_table0:SparseArray alloc_table. @@ -6000,45 +5906,44 @@ instanceof(SparseArray_result_4_tag_table, result, SparseArray_tag)))) -> forall a_1_1:SparseArray pointer. (a_1_1 = result) -> - forall result0:int_P pointer. - forall int_P_val_18_alloc_table0:int_P alloc_table. - forall int_P_val_18_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result0, 0, (integer_of_uint32(sz) - 1), - int_P_val_18_alloc_table0) and - (alloc_extends(int_P_val_18_alloc_table, int_P_val_18_alloc_table0) and - (alloc_fresh(int_P_val_18_alloc_table, result0, - integer_of_uint32(sz)) and instanceof(int_P_val_18_tag_table, result0, - int_P_tag)))) -> + forall result0:intP pointer. + forall intP_val_18_alloc_table0:intP alloc_table. + forall intP_val_18_tag_table:intP tag_table. + (strict_valid_struct_intP(result0, 0, (integer_of_uint32(sz) - 1), + intP_val_18_alloc_table0) and + (alloc_extends(intP_val_18_alloc_table, intP_val_18_alloc_table0) and + (alloc_fresh(intP_val_18_alloc_table, result0, integer_of_uint32(sz)) and + instanceof(intP_val_18_tag_table, result0, intP_tag)))) -> forall SparseArray_val_result_4_0:(SparseArray, - int_P pointer) memory. + intP pointer) memory. (SparseArray_val_result_4_0 = store(SparseArray_val_result_4, a_1_1, result0)) -> - forall result1:unsigned_int_P pointer. - forall unsigned_int_P_idx_20_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result1, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_idx_20_alloc_table0) and - (alloc_extends(unsigned_int_P_idx_20_alloc_table, - unsigned_int_P_idx_20_alloc_table0) and - (alloc_fresh(unsigned_int_P_idx_20_alloc_table, result1, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_idx_20_tag_table, - result1, unsigned_int_P_tag)))) -> + forall result1:unsigned_intP pointer. + forall unsigned_intP_idx_20_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result1, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_idx_20_alloc_table0) and + (alloc_extends(unsigned_intP_idx_20_alloc_table, + unsigned_intP_idx_20_alloc_table0) and + (alloc_fresh(unsigned_intP_idx_20_alloc_table, result1, + integer_of_uint32(sz)) and instanceof(unsigned_intP_idx_20_tag_table, + result1, unsigned_intP_tag)))) -> forall SparseArray_idx_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_idx_result_4_0 = store(SparseArray_idx_result_4, a_1_1, result1)) -> - forall result2:unsigned_int_P pointer. - forall unsigned_int_P_back_22_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_back_22_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result2, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_back_22_alloc_table0) and - (alloc_extends(unsigned_int_P_back_22_alloc_table, - unsigned_int_P_back_22_alloc_table0) and - (alloc_fresh(unsigned_int_P_back_22_alloc_table, result2, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_back_22_tag_table, - result2, unsigned_int_P_tag)))) -> + forall result2:unsigned_intP pointer. + forall unsigned_intP_back_22_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_back_22_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result2, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_back_22_alloc_table0) and + (alloc_extends(unsigned_intP_back_22_alloc_table, + unsigned_intP_back_22_alloc_table0) and + (alloc_fresh(unsigned_intP_back_22_alloc_table, result2, + integer_of_uint32(sz)) and instanceof(unsigned_intP_back_22_tag_table, + result2, unsigned_intP_tag)))) -> forall SparseArray_back_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_back_result_4_0 = store(SparseArray_back_result_4, a_1_1, result2)) -> forall result3:uint32. @@ -6055,32 +5960,31 @@ (return = a_1_1) -> ("JC_25": ("JC_18": - ("JC_16": ("JC_16": (integer_of_uint32(select(SparseArray_sz_0_result_4_0, - return)) = integer_of_uint32(sz)))))) + return)) = integer_of_uint32(sz))))) goal create_ensures_default_po_3: forall sz:uint32. - forall unsigned_int_P_unsigned_int_M_idx_20:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_20:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_22:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_22:(unsigned_intP, uint32) memory. - forall int_P_int_M_val_18:(int_P, + forall intP_intM_val_18:(intP, int32) memory. forall SparseArray_back_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_result_4:(SparseArray, uint32) memory. forall SparseArray_result_4_alloc_table:SparseArray alloc_table. forall SparseArray_sz_0_result_4:(SparseArray, uint32) memory. forall SparseArray_val_result_4:(SparseArray, - int_P pointer) memory. - forall int_P_val_18_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_22_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_18_alloc_table:intP alloc_table. + forall unsigned_intP_back_22_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_alloc_table:unsigned_intP alloc_table. ("JC_13": (integer_of_uint32(sz) >= 0)) -> forall result:SparseArray pointer. forall SparseArray_result_4_alloc_table0:SparseArray alloc_table. @@ -6093,45 +5997,44 @@ instanceof(SparseArray_result_4_tag_table, result, SparseArray_tag)))) -> forall a_1_1:SparseArray pointer. (a_1_1 = result) -> - forall result0:int_P pointer. - forall int_P_val_18_alloc_table0:int_P alloc_table. - forall int_P_val_18_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result0, 0, (integer_of_uint32(sz) - 1), - int_P_val_18_alloc_table0) and - (alloc_extends(int_P_val_18_alloc_table, int_P_val_18_alloc_table0) and - (alloc_fresh(int_P_val_18_alloc_table, result0, - integer_of_uint32(sz)) and instanceof(int_P_val_18_tag_table, result0, - int_P_tag)))) -> + forall result0:intP pointer. + forall intP_val_18_alloc_table0:intP alloc_table. + forall intP_val_18_tag_table:intP tag_table. + (strict_valid_struct_intP(result0, 0, (integer_of_uint32(sz) - 1), + intP_val_18_alloc_table0) and + (alloc_extends(intP_val_18_alloc_table, intP_val_18_alloc_table0) and + (alloc_fresh(intP_val_18_alloc_table, result0, integer_of_uint32(sz)) and + instanceof(intP_val_18_tag_table, result0, intP_tag)))) -> forall SparseArray_val_result_4_0:(SparseArray, - int_P pointer) memory. + intP pointer) memory. (SparseArray_val_result_4_0 = store(SparseArray_val_result_4, a_1_1, result0)) -> - forall result1:unsigned_int_P pointer. - forall unsigned_int_P_idx_20_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result1, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_idx_20_alloc_table0) and - (alloc_extends(unsigned_int_P_idx_20_alloc_table, - unsigned_int_P_idx_20_alloc_table0) and - (alloc_fresh(unsigned_int_P_idx_20_alloc_table, result1, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_idx_20_tag_table, - result1, unsigned_int_P_tag)))) -> + forall result1:unsigned_intP pointer. + forall unsigned_intP_idx_20_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result1, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_idx_20_alloc_table0) and + (alloc_extends(unsigned_intP_idx_20_alloc_table, + unsigned_intP_idx_20_alloc_table0) and + (alloc_fresh(unsigned_intP_idx_20_alloc_table, result1, + integer_of_uint32(sz)) and instanceof(unsigned_intP_idx_20_tag_table, + result1, unsigned_intP_tag)))) -> forall SparseArray_idx_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_idx_result_4_0 = store(SparseArray_idx_result_4, a_1_1, result1)) -> - forall result2:unsigned_int_P pointer. - forall unsigned_int_P_back_22_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_back_22_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result2, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_back_22_alloc_table0) and - (alloc_extends(unsigned_int_P_back_22_alloc_table, - unsigned_int_P_back_22_alloc_table0) and - (alloc_fresh(unsigned_int_P_back_22_alloc_table, result2, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_back_22_tag_table, - result2, unsigned_int_P_tag)))) -> + forall result2:unsigned_intP pointer. + forall unsigned_intP_back_22_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_back_22_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result2, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_back_22_alloc_table0) and + (alloc_extends(unsigned_intP_back_22_alloc_table, + unsigned_intP_back_22_alloc_table0) and + (alloc_fresh(unsigned_intP_back_22_alloc_table, result2, + integer_of_uint32(sz)) and instanceof(unsigned_intP_back_22_tag_table, + result2, unsigned_intP_tag)))) -> forall SparseArray_back_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_back_result_4_0 = store(SparseArray_back_result_4, a_1_1, result2)) -> forall result3:uint32. @@ -6146,32 +6049,31 @@ sz)) -> forall return:SparseArray pointer. (return = a_1_1) -> + forall i_4:int. ("JC_25": ("JC_18": - ("JC_17": - ("JC_17": - (forall i_4:int. (model(return, i_4, SparseArray_n_result_4_0, - SparseArray_back_result_4_0, SparseArray_idx_result_4_0, - SparseArray_val_result_4_0, int_P_int_M_val_18, - unsigned_int_P_unsigned_int_M_idx_20, - unsigned_int_P_unsigned_int_M_back_22) = 0)))))) + ("JC_17": (model(return, i_4, SparseArray_n_result_4_0, + SparseArray_back_result_4_0, SparseArray_idx_result_4_0, + SparseArray_val_result_4_0, intP_intM_val_18, + unsigned_intP_unsigned_intM_idx_20, + unsigned_intP_unsigned_intM_back_22) = 0)))) goal create_ensures_default_po_4: forall sz:uint32. forall SparseArray_back_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_result_4:(SparseArray, uint32) memory. forall SparseArray_result_4_alloc_table:SparseArray alloc_table. forall SparseArray_sz_0_result_4:(SparseArray, uint32) memory. forall SparseArray_val_result_4:(SparseArray, - int_P pointer) memory. - forall int_P_val_18_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_22_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_18_alloc_table:intP alloc_table. + forall unsigned_intP_back_22_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_alloc_table:unsigned_intP alloc_table. ("JC_13": (integer_of_uint32(sz) >= 0)) -> forall result:SparseArray pointer. forall SparseArray_result_4_alloc_table0:SparseArray alloc_table. @@ -6184,45 +6086,44 @@ instanceof(SparseArray_result_4_tag_table, result, SparseArray_tag)))) -> forall a_1_1:SparseArray pointer. (a_1_1 = result) -> - forall result0:int_P pointer. - forall int_P_val_18_alloc_table0:int_P alloc_table. - forall int_P_val_18_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result0, 0, (integer_of_uint32(sz) - 1), - int_P_val_18_alloc_table0) and - (alloc_extends(int_P_val_18_alloc_table, int_P_val_18_alloc_table0) and - (alloc_fresh(int_P_val_18_alloc_table, result0, - integer_of_uint32(sz)) and instanceof(int_P_val_18_tag_table, result0, - int_P_tag)))) -> + forall result0:intP pointer. + forall intP_val_18_alloc_table0:intP alloc_table. + forall intP_val_18_tag_table:intP tag_table. + (strict_valid_struct_intP(result0, 0, (integer_of_uint32(sz) - 1), + intP_val_18_alloc_table0) and + (alloc_extends(intP_val_18_alloc_table, intP_val_18_alloc_table0) and + (alloc_fresh(intP_val_18_alloc_table, result0, integer_of_uint32(sz)) and + instanceof(intP_val_18_tag_table, result0, intP_tag)))) -> forall SparseArray_val_result_4_0:(SparseArray, - int_P pointer) memory. + intP pointer) memory. (SparseArray_val_result_4_0 = store(SparseArray_val_result_4, a_1_1, result0)) -> - forall result1:unsigned_int_P pointer. - forall unsigned_int_P_idx_20_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result1, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_idx_20_alloc_table0) and - (alloc_extends(unsigned_int_P_idx_20_alloc_table, - unsigned_int_P_idx_20_alloc_table0) and - (alloc_fresh(unsigned_int_P_idx_20_alloc_table, result1, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_idx_20_tag_table, - result1, unsigned_int_P_tag)))) -> + forall result1:unsigned_intP pointer. + forall unsigned_intP_idx_20_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result1, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_idx_20_alloc_table0) and + (alloc_extends(unsigned_intP_idx_20_alloc_table, + unsigned_intP_idx_20_alloc_table0) and + (alloc_fresh(unsigned_intP_idx_20_alloc_table, result1, + integer_of_uint32(sz)) and instanceof(unsigned_intP_idx_20_tag_table, + result1, unsigned_intP_tag)))) -> forall SparseArray_idx_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_idx_result_4_0 = store(SparseArray_idx_result_4, a_1_1, result1)) -> - forall result2:unsigned_int_P pointer. - forall unsigned_int_P_back_22_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_back_22_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result2, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_back_22_alloc_table0) and - (alloc_extends(unsigned_int_P_back_22_alloc_table, - unsigned_int_P_back_22_alloc_table0) and - (alloc_fresh(unsigned_int_P_back_22_alloc_table, result2, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_back_22_tag_table, - result2, unsigned_int_P_tag)))) -> + forall result2:unsigned_intP pointer. + forall unsigned_intP_back_22_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_back_22_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result2, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_back_22_alloc_table0) and + (alloc_extends(unsigned_intP_back_22_alloc_table, + unsigned_intP_back_22_alloc_table0) and + (alloc_fresh(unsigned_intP_back_22_alloc_table, result2, + integer_of_uint32(sz)) and instanceof(unsigned_intP_back_22_tag_table, + result2, unsigned_intP_tag)))) -> forall SparseArray_back_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_back_result_4_0 = store(SparseArray_back_result_4, a_1_1, result2)) -> forall result3:uint32. @@ -6239,26 +6140,25 @@ (return = a_1_1) -> ("JC_25": ("JC_24": - ("JC_19": ("JC_19": not_assigns(SparseArray_result_4_alloc_table, - SparseArray_val_result_4, SparseArray_val_result_4_0, pset_empty))))) + SparseArray_val_result_4, SparseArray_val_result_4_0, pset_empty)))) goal create_ensures_default_po_5: forall sz:uint32. forall SparseArray_back_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_result_4:(SparseArray, uint32) memory. forall SparseArray_result_4_alloc_table:SparseArray alloc_table. forall SparseArray_sz_0_result_4:(SparseArray, uint32) memory. forall SparseArray_val_result_4:(SparseArray, - int_P pointer) memory. - forall int_P_val_18_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_22_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_18_alloc_table:intP alloc_table. + forall unsigned_intP_back_22_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_alloc_table:unsigned_intP alloc_table. ("JC_13": (integer_of_uint32(sz) >= 0)) -> forall result:SparseArray pointer. forall SparseArray_result_4_alloc_table0:SparseArray alloc_table. @@ -6271,45 +6171,44 @@ instanceof(SparseArray_result_4_tag_table, result, SparseArray_tag)))) -> forall a_1_1:SparseArray pointer. (a_1_1 = result) -> - forall result0:int_P pointer. - forall int_P_val_18_alloc_table0:int_P alloc_table. - forall int_P_val_18_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result0, 0, (integer_of_uint32(sz) - 1), - int_P_val_18_alloc_table0) and - (alloc_extends(int_P_val_18_alloc_table, int_P_val_18_alloc_table0) and - (alloc_fresh(int_P_val_18_alloc_table, result0, - integer_of_uint32(sz)) and instanceof(int_P_val_18_tag_table, result0, - int_P_tag)))) -> + forall result0:intP pointer. + forall intP_val_18_alloc_table0:intP alloc_table. + forall intP_val_18_tag_table:intP tag_table. + (strict_valid_struct_intP(result0, 0, (integer_of_uint32(sz) - 1), + intP_val_18_alloc_table0) and + (alloc_extends(intP_val_18_alloc_table, intP_val_18_alloc_table0) and + (alloc_fresh(intP_val_18_alloc_table, result0, integer_of_uint32(sz)) and + instanceof(intP_val_18_tag_table, result0, intP_tag)))) -> forall SparseArray_val_result_4_0:(SparseArray, - int_P pointer) memory. + intP pointer) memory. (SparseArray_val_result_4_0 = store(SparseArray_val_result_4, a_1_1, result0)) -> - forall result1:unsigned_int_P pointer. - forall unsigned_int_P_idx_20_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result1, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_idx_20_alloc_table0) and - (alloc_extends(unsigned_int_P_idx_20_alloc_table, - unsigned_int_P_idx_20_alloc_table0) and - (alloc_fresh(unsigned_int_P_idx_20_alloc_table, result1, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_idx_20_tag_table, - result1, unsigned_int_P_tag)))) -> + forall result1:unsigned_intP pointer. + forall unsigned_intP_idx_20_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result1, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_idx_20_alloc_table0) and + (alloc_extends(unsigned_intP_idx_20_alloc_table, + unsigned_intP_idx_20_alloc_table0) and + (alloc_fresh(unsigned_intP_idx_20_alloc_table, result1, + integer_of_uint32(sz)) and instanceof(unsigned_intP_idx_20_tag_table, + result1, unsigned_intP_tag)))) -> forall SparseArray_idx_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_idx_result_4_0 = store(SparseArray_idx_result_4, a_1_1, result1)) -> - forall result2:unsigned_int_P pointer. - forall unsigned_int_P_back_22_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_back_22_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result2, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_back_22_alloc_table0) and - (alloc_extends(unsigned_int_P_back_22_alloc_table, - unsigned_int_P_back_22_alloc_table0) and - (alloc_fresh(unsigned_int_P_back_22_alloc_table, result2, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_back_22_tag_table, - result2, unsigned_int_P_tag)))) -> + forall result2:unsigned_intP pointer. + forall unsigned_intP_back_22_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_back_22_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result2, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_back_22_alloc_table0) and + (alloc_extends(unsigned_intP_back_22_alloc_table, + unsigned_intP_back_22_alloc_table0) and + (alloc_fresh(unsigned_intP_back_22_alloc_table, result2, + integer_of_uint32(sz)) and instanceof(unsigned_intP_back_22_tag_table, + result2, unsigned_intP_tag)))) -> forall SparseArray_back_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_back_result_4_0 = store(SparseArray_back_result_4, a_1_1, result2)) -> forall result3:uint32. @@ -6326,26 +6225,25 @@ (return = a_1_1) -> ("JC_25": ("JC_24": - ("JC_20": ("JC_20": not_assigns(SparseArray_result_4_alloc_table, - SparseArray_idx_result_4, SparseArray_idx_result_4_0, pset_empty))))) + SparseArray_idx_result_4, SparseArray_idx_result_4_0, pset_empty)))) goal create_ensures_default_po_6: forall sz:uint32. forall SparseArray_back_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_result_4:(SparseArray, uint32) memory. forall SparseArray_result_4_alloc_table:SparseArray alloc_table. forall SparseArray_sz_0_result_4:(SparseArray, uint32) memory. forall SparseArray_val_result_4:(SparseArray, - int_P pointer) memory. - forall int_P_val_18_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_22_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_18_alloc_table:intP alloc_table. + forall unsigned_intP_back_22_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_alloc_table:unsigned_intP alloc_table. ("JC_13": (integer_of_uint32(sz) >= 0)) -> forall result:SparseArray pointer. forall SparseArray_result_4_alloc_table0:SparseArray alloc_table. @@ -6358,45 +6256,44 @@ instanceof(SparseArray_result_4_tag_table, result, SparseArray_tag)))) -> forall a_1_1:SparseArray pointer. (a_1_1 = result) -> - forall result0:int_P pointer. - forall int_P_val_18_alloc_table0:int_P alloc_table. - forall int_P_val_18_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result0, 0, (integer_of_uint32(sz) - 1), - int_P_val_18_alloc_table0) and - (alloc_extends(int_P_val_18_alloc_table, int_P_val_18_alloc_table0) and - (alloc_fresh(int_P_val_18_alloc_table, result0, - integer_of_uint32(sz)) and instanceof(int_P_val_18_tag_table, result0, - int_P_tag)))) -> + forall result0:intP pointer. + forall intP_val_18_alloc_table0:intP alloc_table. + forall intP_val_18_tag_table:intP tag_table. + (strict_valid_struct_intP(result0, 0, (integer_of_uint32(sz) - 1), + intP_val_18_alloc_table0) and + (alloc_extends(intP_val_18_alloc_table, intP_val_18_alloc_table0) and + (alloc_fresh(intP_val_18_alloc_table, result0, integer_of_uint32(sz)) and + instanceof(intP_val_18_tag_table, result0, intP_tag)))) -> forall SparseArray_val_result_4_0:(SparseArray, - int_P pointer) memory. + intP pointer) memory. (SparseArray_val_result_4_0 = store(SparseArray_val_result_4, a_1_1, result0)) -> - forall result1:unsigned_int_P pointer. - forall unsigned_int_P_idx_20_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result1, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_idx_20_alloc_table0) and - (alloc_extends(unsigned_int_P_idx_20_alloc_table, - unsigned_int_P_idx_20_alloc_table0) and - (alloc_fresh(unsigned_int_P_idx_20_alloc_table, result1, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_idx_20_tag_table, - result1, unsigned_int_P_tag)))) -> + forall result1:unsigned_intP pointer. + forall unsigned_intP_idx_20_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result1, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_idx_20_alloc_table0) and + (alloc_extends(unsigned_intP_idx_20_alloc_table, + unsigned_intP_idx_20_alloc_table0) and + (alloc_fresh(unsigned_intP_idx_20_alloc_table, result1, + integer_of_uint32(sz)) and instanceof(unsigned_intP_idx_20_tag_table, + result1, unsigned_intP_tag)))) -> forall SparseArray_idx_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_idx_result_4_0 = store(SparseArray_idx_result_4, a_1_1, result1)) -> - forall result2:unsigned_int_P pointer. - forall unsigned_int_P_back_22_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_back_22_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result2, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_back_22_alloc_table0) and - (alloc_extends(unsigned_int_P_back_22_alloc_table, - unsigned_int_P_back_22_alloc_table0) and - (alloc_fresh(unsigned_int_P_back_22_alloc_table, result2, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_back_22_tag_table, - result2, unsigned_int_P_tag)))) -> + forall result2:unsigned_intP pointer. + forall unsigned_intP_back_22_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_back_22_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result2, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_back_22_alloc_table0) and + (alloc_extends(unsigned_intP_back_22_alloc_table, + unsigned_intP_back_22_alloc_table0) and + (alloc_fresh(unsigned_intP_back_22_alloc_table, result2, + integer_of_uint32(sz)) and instanceof(unsigned_intP_back_22_tag_table, + result2, unsigned_intP_tag)))) -> forall SparseArray_back_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_back_result_4_0 = store(SparseArray_back_result_4, a_1_1, result2)) -> forall result3:uint32. @@ -6413,26 +6310,25 @@ (return = a_1_1) -> ("JC_25": ("JC_24": - ("JC_21": ("JC_21": not_assigns(SparseArray_result_4_alloc_table, - SparseArray_back_result_4, SparseArray_back_result_4_0, pset_empty))))) + SparseArray_back_result_4, SparseArray_back_result_4_0, pset_empty)))) goal create_ensures_default_po_7: forall sz:uint32. forall SparseArray_back_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_result_4:(SparseArray, uint32) memory. forall SparseArray_result_4_alloc_table:SparseArray alloc_table. forall SparseArray_sz_0_result_4:(SparseArray, uint32) memory. forall SparseArray_val_result_4:(SparseArray, - int_P pointer) memory. - forall int_P_val_18_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_22_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_18_alloc_table:intP alloc_table. + forall unsigned_intP_back_22_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_alloc_table:unsigned_intP alloc_table. ("JC_13": (integer_of_uint32(sz) >= 0)) -> forall result:SparseArray pointer. forall SparseArray_result_4_alloc_table0:SparseArray alloc_table. @@ -6445,45 +6341,44 @@ instanceof(SparseArray_result_4_tag_table, result, SparseArray_tag)))) -> forall a_1_1:SparseArray pointer. (a_1_1 = result) -> - forall result0:int_P pointer. - forall int_P_val_18_alloc_table0:int_P alloc_table. - forall int_P_val_18_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result0, 0, (integer_of_uint32(sz) - 1), - int_P_val_18_alloc_table0) and - (alloc_extends(int_P_val_18_alloc_table, int_P_val_18_alloc_table0) and - (alloc_fresh(int_P_val_18_alloc_table, result0, - integer_of_uint32(sz)) and instanceof(int_P_val_18_tag_table, result0, - int_P_tag)))) -> + forall result0:intP pointer. + forall intP_val_18_alloc_table0:intP alloc_table. + forall intP_val_18_tag_table:intP tag_table. + (strict_valid_struct_intP(result0, 0, (integer_of_uint32(sz) - 1), + intP_val_18_alloc_table0) and + (alloc_extends(intP_val_18_alloc_table, intP_val_18_alloc_table0) and + (alloc_fresh(intP_val_18_alloc_table, result0, integer_of_uint32(sz)) and + instanceof(intP_val_18_tag_table, result0, intP_tag)))) -> forall SparseArray_val_result_4_0:(SparseArray, - int_P pointer) memory. + intP pointer) memory. (SparseArray_val_result_4_0 = store(SparseArray_val_result_4, a_1_1, result0)) -> - forall result1:unsigned_int_P pointer. - forall unsigned_int_P_idx_20_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result1, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_idx_20_alloc_table0) and - (alloc_extends(unsigned_int_P_idx_20_alloc_table, - unsigned_int_P_idx_20_alloc_table0) and - (alloc_fresh(unsigned_int_P_idx_20_alloc_table, result1, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_idx_20_tag_table, - result1, unsigned_int_P_tag)))) -> + forall result1:unsigned_intP pointer. + forall unsigned_intP_idx_20_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result1, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_idx_20_alloc_table0) and + (alloc_extends(unsigned_intP_idx_20_alloc_table, + unsigned_intP_idx_20_alloc_table0) and + (alloc_fresh(unsigned_intP_idx_20_alloc_table, result1, + integer_of_uint32(sz)) and instanceof(unsigned_intP_idx_20_tag_table, + result1, unsigned_intP_tag)))) -> forall SparseArray_idx_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_idx_result_4_0 = store(SparseArray_idx_result_4, a_1_1, result1)) -> - forall result2:unsigned_int_P pointer. - forall unsigned_int_P_back_22_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_back_22_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result2, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_back_22_alloc_table0) and - (alloc_extends(unsigned_int_P_back_22_alloc_table, - unsigned_int_P_back_22_alloc_table0) and - (alloc_fresh(unsigned_int_P_back_22_alloc_table, result2, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_back_22_tag_table, - result2, unsigned_int_P_tag)))) -> + forall result2:unsigned_intP pointer. + forall unsigned_intP_back_22_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_back_22_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result2, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_back_22_alloc_table0) and + (alloc_extends(unsigned_intP_back_22_alloc_table, + unsigned_intP_back_22_alloc_table0) and + (alloc_fresh(unsigned_intP_back_22_alloc_table, result2, + integer_of_uint32(sz)) and instanceof(unsigned_intP_back_22_tag_table, + result2, unsigned_intP_tag)))) -> forall SparseArray_back_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_back_result_4_0 = store(SparseArray_back_result_4, a_1_1, result2)) -> forall result3:uint32. @@ -6500,26 +6395,25 @@ (return = a_1_1) -> ("JC_25": ("JC_24": - ("JC_22": ("JC_22": not_assigns(SparseArray_result_4_alloc_table, - SparseArray_n_result_4, SparseArray_n_result_4_0, pset_empty))))) + SparseArray_n_result_4, SparseArray_n_result_4_0, pset_empty)))) goal create_ensures_default_po_8: forall sz:uint32. forall SparseArray_back_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_result_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_result_4:(SparseArray, uint32) memory. forall SparseArray_result_4_alloc_table:SparseArray alloc_table. forall SparseArray_sz_0_result_4:(SparseArray, uint32) memory. forall SparseArray_val_result_4:(SparseArray, - int_P pointer) memory. - forall int_P_val_18_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_22_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_18_alloc_table:intP alloc_table. + forall unsigned_intP_back_22_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_alloc_table:unsigned_intP alloc_table. ("JC_13": (integer_of_uint32(sz) >= 0)) -> forall result:SparseArray pointer. forall SparseArray_result_4_alloc_table0:SparseArray alloc_table. @@ -6532,45 +6426,44 @@ instanceof(SparseArray_result_4_tag_table, result, SparseArray_tag)))) -> forall a_1_1:SparseArray pointer. (a_1_1 = result) -> - forall result0:int_P pointer. - forall int_P_val_18_alloc_table0:int_P alloc_table. - forall int_P_val_18_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result0, 0, (integer_of_uint32(sz) - 1), - int_P_val_18_alloc_table0) and - (alloc_extends(int_P_val_18_alloc_table, int_P_val_18_alloc_table0) and - (alloc_fresh(int_P_val_18_alloc_table, result0, - integer_of_uint32(sz)) and instanceof(int_P_val_18_tag_table, result0, - int_P_tag)))) -> + forall result0:intP pointer. + forall intP_val_18_alloc_table0:intP alloc_table. + forall intP_val_18_tag_table:intP tag_table. + (strict_valid_struct_intP(result0, 0, (integer_of_uint32(sz) - 1), + intP_val_18_alloc_table0) and + (alloc_extends(intP_val_18_alloc_table, intP_val_18_alloc_table0) and + (alloc_fresh(intP_val_18_alloc_table, result0, integer_of_uint32(sz)) and + instanceof(intP_val_18_tag_table, result0, intP_tag)))) -> forall SparseArray_val_result_4_0:(SparseArray, - int_P pointer) memory. + intP pointer) memory. (SparseArray_val_result_4_0 = store(SparseArray_val_result_4, a_1_1, result0)) -> - forall result1:unsigned_int_P pointer. - forall unsigned_int_P_idx_20_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_20_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result1, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_idx_20_alloc_table0) and - (alloc_extends(unsigned_int_P_idx_20_alloc_table, - unsigned_int_P_idx_20_alloc_table0) and - (alloc_fresh(unsigned_int_P_idx_20_alloc_table, result1, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_idx_20_tag_table, - result1, unsigned_int_P_tag)))) -> + forall result1:unsigned_intP pointer. + forall unsigned_intP_idx_20_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_idx_20_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result1, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_idx_20_alloc_table0) and + (alloc_extends(unsigned_intP_idx_20_alloc_table, + unsigned_intP_idx_20_alloc_table0) and + (alloc_fresh(unsigned_intP_idx_20_alloc_table, result1, + integer_of_uint32(sz)) and instanceof(unsigned_intP_idx_20_tag_table, + result1, unsigned_intP_tag)))) -> forall SparseArray_idx_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_idx_result_4_0 = store(SparseArray_idx_result_4, a_1_1, result1)) -> - forall result2:unsigned_int_P pointer. - forall unsigned_int_P_back_22_alloc_table0:unsigned_int_P alloc_table. - forall unsigned_int_P_back_22_tag_table:unsigned_int_P tag_table. - (strict_valid_struct_unsigned_int_P(result2, 0, - (integer_of_uint32(sz) - 1), unsigned_int_P_back_22_alloc_table0) and - (alloc_extends(unsigned_int_P_back_22_alloc_table, - unsigned_int_P_back_22_alloc_table0) and - (alloc_fresh(unsigned_int_P_back_22_alloc_table, result2, - integer_of_uint32(sz)) and instanceof(unsigned_int_P_back_22_tag_table, - result2, unsigned_int_P_tag)))) -> + forall result2:unsigned_intP pointer. + forall unsigned_intP_back_22_alloc_table0:unsigned_intP alloc_table. + forall unsigned_intP_back_22_tag_table:unsigned_intP tag_table. + (strict_valid_struct_unsigned_intP(result2, 0, (integer_of_uint32(sz) - 1), + unsigned_intP_back_22_alloc_table0) and + (alloc_extends(unsigned_intP_back_22_alloc_table, + unsigned_intP_back_22_alloc_table0) and + (alloc_fresh(unsigned_intP_back_22_alloc_table, result2, + integer_of_uint32(sz)) and instanceof(unsigned_intP_back_22_tag_table, + result2, unsigned_intP_tag)))) -> forall SparseArray_back_result_4_0:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. (SparseArray_back_result_4_0 = store(SparseArray_back_result_4, a_1_1, result2)) -> forall result3:uint32. @@ -6587,9 +6480,8 @@ (return = a_1_1) -> ("JC_25": ("JC_24": - ("JC_23": ("JC_23": not_assigns(SparseArray_result_4_alloc_table, - SparseArray_sz_0_result_4, SparseArray_sz_0_result_4_0, pset_empty))))) + SparseArray_sz_0_result_4, SparseArray_sz_0_result_4_0, pset_empty)))) goal create_safety_po_1: forall sz:uint32. @@ -6599,7 +6491,7 @@ goal create_safety_po_2: forall sz:uint32. forall SparseArray_result_4_alloc_table:SparseArray alloc_table. - forall int_P_val_18_alloc_table:int_P alloc_table. + forall intP_val_18_alloc_table:intP alloc_table. ("JC_13": (integer_of_uint32(sz) >= 0)) -> (1 >= 0) -> forall result:SparseArray pointer. @@ -6614,21 +6506,20 @@ forall a_1_1:SparseArray pointer. (a_1_1 = result) -> (integer_of_uint32(sz) >= 0) -> - forall result0:int_P pointer. - forall int_P_val_18_alloc_table0:int_P alloc_table. - forall int_P_val_18_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result0, 0, (integer_of_uint32(sz) - 1), - int_P_val_18_alloc_table0) and - (alloc_extends(int_P_val_18_alloc_table, int_P_val_18_alloc_table0) and - (alloc_fresh(int_P_val_18_alloc_table, result0, - integer_of_uint32(sz)) and instanceof(int_P_val_18_tag_table, result0, - int_P_tag)))) -> + forall result0:intP pointer. + forall intP_val_18_alloc_table0:intP alloc_table. + forall intP_val_18_tag_table:intP tag_table. + (strict_valid_struct_intP(result0, 0, (integer_of_uint32(sz) - 1), + intP_val_18_alloc_table0) and + (alloc_extends(intP_val_18_alloc_table, intP_val_18_alloc_table0) and + (alloc_fresh(intP_val_18_alloc_table, result0, integer_of_uint32(sz)) and + instanceof(intP_val_18_tag_table, result0, intP_tag)))) -> (offset_min(SparseArray_result_4_alloc_table0, a_1_1) <= 0) goal create_safety_po_3: forall sz:uint32. forall SparseArray_result_4_alloc_table:SparseArray alloc_table. - forall int_P_val_18_alloc_table:int_P alloc_table. + forall intP_val_18_alloc_table:intP alloc_table. ("JC_13": (integer_of_uint32(sz) >= 0)) -> (1 >= 0) -> forall result:SparseArray pointer. @@ -6643,34 +6534,33 @@ forall a_1_1:SparseArray pointer. (a_1_1 = result) -> (integer_of_uint32(sz) >= 0) -> - forall result0:int_P pointer. - forall int_P_val_18_alloc_table0:int_P alloc_table. - forall int_P_val_18_tag_table:int_P tag_table. - (strict_valid_struct_int_P(result0, 0, (integer_of_uint32(sz) - 1), - int_P_val_18_alloc_table0) and - (alloc_extends(int_P_val_18_alloc_table, int_P_val_18_alloc_table0) and - (alloc_fresh(int_P_val_18_alloc_table, result0, - integer_of_uint32(sz)) and instanceof(int_P_val_18_tag_table, result0, - int_P_tag)))) -> + forall result0:intP pointer. + forall intP_val_18_alloc_table0:intP alloc_table. + forall intP_val_18_tag_table:intP tag_table. + (strict_valid_struct_intP(result0, 0, (integer_of_uint32(sz) - 1), + intP_val_18_alloc_table0) and + (alloc_extends(intP_val_18_alloc_table, intP_val_18_alloc_table0) and + (alloc_fresh(intP_val_18_alloc_table, result0, integer_of_uint32(sz)) and + instanceof(intP_val_18_tag_table, result0, intP_tag)))) -> (0 <= offset_max(SparseArray_result_4_alloc_table0, a_1_1)) goal get_ensures_default_po_1: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -6678,39 +6568,38 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_80": - ("JC_80": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, - shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1))))))) + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, + shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) goal get_ensures_default_po_2: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. - forall int_P_int_M_val_26:(int_P, + forall intP_intM_val_26:(intP, int32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -6718,41 +6607,41 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_80": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_idx_24, shift(result, integer_of_uint32(i_1)))) -> forall result1:uint32. (result1 = select(SparseArray_n_a_6, a_1)) -> (integer_of_uint32(result0) < integer_of_uint32(result1)) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_6, a_1)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_6, a_1)) -> forall result4:uint32. - (result4 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result3, + (result4 = select(unsigned_intP_unsigned_intM_idx_24, shift(result3, integer_of_uint32(i_1)))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_back_25, shift(result2, + (result5 = select(unsigned_intP_unsigned_intM_back_25, shift(result2, integer_of_uint32(result4)))) -> (integer_of_uint32(result5) = integer_of_uint32(i_1)) -> - forall result6:int_P pointer. + forall result6:intP pointer. (result6 = select(SparseArray_val_a_6, a_1)) -> forall result7:int32. - (result7 = select(int_P_int_M_val_26, shift(result6, + (result7 = select(intP_intM_val_26, shift(result6, integer_of_uint32(i_1)))) -> forall __retres:int32. (__retres = result7) -> @@ -6760,29 +6649,28 @@ (return = __retres) -> ("JC_64": (integer_of_int32(return) = model(a_1, integer_of_uint32(i_1), SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, - SparseArray_val_a_6, int_P_int_M_val_26, - unsigned_int_P_unsigned_int_M_idx_24, - unsigned_int_P_unsigned_int_M_back_25))) + SparseArray_val_a_6, intP_intM_val_26, unsigned_intP_unsigned_intM_idx_24, + unsigned_intP_unsigned_intM_back_25))) goal get_ensures_default_po_3: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. - forall int_P_int_M_val_26:(int_P, + forall intP_intM_val_26:(intP, int32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -6790,35 +6678,35 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_80": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_idx_24, shift(result, integer_of_uint32(i_1)))) -> forall result1:uint32. (result1 = select(SparseArray_n_a_6, a_1)) -> (integer_of_uint32(result0) < integer_of_uint32(result1)) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_6, a_1)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_6, a_1)) -> forall result4:uint32. - (result4 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result3, + (result4 = select(unsigned_intP_unsigned_intM_idx_24, shift(result3, integer_of_uint32(i_1)))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_back_25, shift(result2, + (result5 = select(unsigned_intP_unsigned_intM_back_25, shift(result2, integer_of_uint32(result4)))) -> (integer_of_uint32(result5) <> integer_of_uint32(i_1)) -> forall result6:int32. @@ -6829,29 +6717,28 @@ (return = __retres) -> ("JC_64": (integer_of_int32(return) = model(a_1, integer_of_uint32(i_1), SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, - SparseArray_val_a_6, int_P_int_M_val_26, - unsigned_int_P_unsigned_int_M_idx_24, - unsigned_int_P_unsigned_int_M_back_25))) + SparseArray_val_a_6, intP_intM_val_26, unsigned_intP_unsigned_intM_idx_24, + unsigned_intP_unsigned_intM_back_25))) goal get_ensures_default_po_4: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. - forall int_P_int_M_val_26:(int_P, + forall intP_intM_val_26:(intP, int32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -6859,22 +6746,22 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_80": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_idx_24, shift(result, integer_of_uint32(i_1)))) -> forall result1:uint32. (result1 = select(SparseArray_n_a_6, a_1)) -> @@ -6887,27 +6774,26 @@ (return = __retres) -> ("JC_64": (integer_of_int32(return) = model(a_1, integer_of_uint32(i_1), SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, - SparseArray_val_a_6, int_P_int_M_val_26, - unsigned_int_P_unsigned_int_M_idx_24, - unsigned_int_P_unsigned_int_M_back_25))) + SparseArray_val_a_6, intP_intM_val_26, unsigned_intP_unsigned_intM_idx_24, + unsigned_intP_unsigned_intM_back_25))) goal get_safety_po_1: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -6915,17 +6801,17 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_70": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> (0 <= offset_max(SparseArray_a_6_alloc_table, a_1)) @@ -6933,19 +6819,19 @@ forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -6953,42 +6839,42 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_70": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> - (offset_min(unsigned_int_P_idx_24_alloc_table, + (offset_min(unsigned_intP_idx_24_alloc_table, result) <= integer_of_uint32(i_1)) goal get_safety_po_3: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -6996,42 +6882,42 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_70": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result)) goal get_safety_po_4: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -7039,28 +6925,28 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_70": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> - ((offset_min(unsigned_int_P_idx_24_alloc_table, + ((offset_min(unsigned_intP_idx_24_alloc_table, result) <= integer_of_uint32(i_1)) and - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_idx_24, shift(result, integer_of_uint32(i_1)))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> @@ -7069,32 +6955,32 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_6, a_1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_6, a_1)) -> - (offset_min(unsigned_int_P_idx_24_alloc_table, + (offset_min(unsigned_intP_idx_24_alloc_table, result3) <= integer_of_uint32(i_1)) goal get_safety_po_5: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -7102,28 +6988,28 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_70": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> - ((offset_min(unsigned_int_P_idx_24_alloc_table, + ((offset_min(unsigned_intP_idx_24_alloc_table, result) <= integer_of_uint32(i_1)) and - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_idx_24, shift(result, integer_of_uint32(i_1)))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> @@ -7132,32 +7018,32 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_6, a_1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_6, a_1)) -> - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result3)) goal get_safety_po_6: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -7165,28 +7051,28 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_70": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> - ((offset_min(unsigned_int_P_idx_24_alloc_table, + ((offset_min(unsigned_intP_idx_24_alloc_table, result) <= integer_of_uint32(i_1)) and - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_idx_24, shift(result, integer_of_uint32(i_1)))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> @@ -7195,39 +7081,39 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_6, a_1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_6, a_1)) -> - ((offset_min(unsigned_int_P_idx_24_alloc_table, + ((offset_min(unsigned_intP_idx_24_alloc_table, result3) <= integer_of_uint32(i_1)) and - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result3))) -> forall result4:uint32. - (result4 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result3, + (result4 = select(unsigned_intP_unsigned_intM_idx_24, shift(result3, integer_of_uint32(i_1)))) -> - (offset_min(unsigned_int_P_back_25_alloc_table, + (offset_min(unsigned_intP_back_25_alloc_table, result2) <= integer_of_uint32(result4)) goal get_safety_po_7: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -7235,28 +7121,28 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_70": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> - ((offset_min(unsigned_int_P_idx_24_alloc_table, + ((offset_min(unsigned_intP_idx_24_alloc_table, result) <= integer_of_uint32(i_1)) and - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_idx_24, shift(result, integer_of_uint32(i_1)))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> @@ -7265,39 +7151,39 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_6, a_1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_6, a_1)) -> - ((offset_min(unsigned_int_P_idx_24_alloc_table, + ((offset_min(unsigned_intP_idx_24_alloc_table, result3) <= integer_of_uint32(i_1)) and - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result3))) -> forall result4:uint32. - (result4 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result3, + (result4 = select(unsigned_intP_unsigned_intM_idx_24, shift(result3, integer_of_uint32(i_1)))) -> - (integer_of_uint32(result4) <= offset_max(unsigned_int_P_back_25_alloc_table, + (integer_of_uint32(result4) <= offset_max(unsigned_intP_back_25_alloc_table, result2)) goal get_safety_po_8: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -7305,28 +7191,28 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_70": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> - ((offset_min(unsigned_int_P_idx_24_alloc_table, + ((offset_min(unsigned_intP_idx_24_alloc_table, result) <= integer_of_uint32(i_1)) and - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_idx_24, shift(result, integer_of_uint32(i_1)))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> @@ -7335,50 +7221,50 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_6, a_1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_6, a_1)) -> - ((offset_min(unsigned_int_P_idx_24_alloc_table, + ((offset_min(unsigned_intP_idx_24_alloc_table, result3) <= integer_of_uint32(i_1)) and - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result3))) -> forall result4:uint32. - (result4 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result3, + (result4 = select(unsigned_intP_unsigned_intM_idx_24, shift(result3, integer_of_uint32(i_1)))) -> - ((offset_min(unsigned_int_P_back_25_alloc_table, + ((offset_min(unsigned_intP_back_25_alloc_table, result2) <= integer_of_uint32(result4)) and - (integer_of_uint32(result4) <= offset_max(unsigned_int_P_back_25_alloc_table, + (integer_of_uint32(result4) <= offset_max(unsigned_intP_back_25_alloc_table, result2))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_back_25, shift(result2, + (result5 = select(unsigned_intP_unsigned_intM_back_25, shift(result2, integer_of_uint32(result4)))) -> (integer_of_uint32(result5) = integer_of_uint32(i_1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result6:int_P pointer. + forall result6:intP pointer. (result6 = select(SparseArray_val_a_6, a_1)) -> - (offset_min(int_P_val_26_alloc_table, result6) <= integer_of_uint32(i_1)) + (offset_min(intP_val_26_alloc_table, result6) <= integer_of_uint32(i_1)) goal get_safety_po_9: forall a_1:SparseArray pointer. forall i_1:uint32. forall SparseArray_a_6_alloc_table:SparseArray alloc_table. - forall int_P_val_26_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_24_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_25_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_idx_24:(unsigned_int_P, + forall intP_val_26_alloc_table:intP alloc_table. + forall unsigned_intP_idx_24_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_25_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_idx_24:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_25:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_25:(unsigned_intP, uint32) memory. forall SparseArray_val_a_6:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_6:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_6:(SparseArray, @@ -7386,28 +7272,28 @@ ("JC_62": (("JC_58": (offset_min(SparseArray_a_6_alloc_table, a_1) <= 0)) and (("JC_59": (offset_max(SparseArray_a_6_alloc_table, a_1) >= 0)) and - (("JC_60": inv(a_1, unsigned_int_P_back_25_alloc_table, - unsigned_int_P_idx_24_alloc_table, int_P_val_26_alloc_table, + (("JC_60": inv(a_1, unsigned_intP_back_25_alloc_table, + unsigned_intP_idx_24_alloc_table, intP_val_26_alloc_table, SparseArray_a_6_alloc_table, SparseArray_sz_0_a_6, SparseArray_n_a_6, SparseArray_back_a_6, SparseArray_idx_a_6, SparseArray_val_a_6, - unsigned_int_P_unsigned_int_M_back_25, - unsigned_int_P_unsigned_int_M_idx_24)) and + unsigned_intP_unsigned_intM_back_25, + unsigned_intP_unsigned_intM_idx_24)) and ("JC_61": (integer_of_uint32(i_1) <= (integer_of_uint32(select(SparseArray_sz_0_a_6, a_1)) - 1))))))) -> ("JC_70": - (0 <= integer_of_uint32(select(unsigned_int_P_unsigned_int_M_idx_24, + (0 <= integer_of_uint32(select(unsigned_intP_unsigned_intM_idx_24, shift(select(SparseArray_idx_a_6, a_1), integer_of_uint32(i_1)))))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_6, a_1)) -> - ((offset_min(unsigned_int_P_idx_24_alloc_table, + ((offset_min(unsigned_intP_idx_24_alloc_table, result) <= integer_of_uint32(i_1)) and - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_idx_24, shift(result, integer_of_uint32(i_1)))) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> @@ -7416,32 +7302,32 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_6, a_1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_6, a_1)) -> - ((offset_min(unsigned_int_P_idx_24_alloc_table, + ((offset_min(unsigned_intP_idx_24_alloc_table, result3) <= integer_of_uint32(i_1)) and - (integer_of_uint32(i_1) <= offset_max(unsigned_int_P_idx_24_alloc_table, + (integer_of_uint32(i_1) <= offset_max(unsigned_intP_idx_24_alloc_table, result3))) -> forall result4:uint32. - (result4 = select(unsigned_int_P_unsigned_int_M_idx_24, shift(result3, + (result4 = select(unsigned_intP_unsigned_intM_idx_24, shift(result3, integer_of_uint32(i_1)))) -> - ((offset_min(unsigned_int_P_back_25_alloc_table, + ((offset_min(unsigned_intP_back_25_alloc_table, result2) <= integer_of_uint32(result4)) and - (integer_of_uint32(result4) <= offset_max(unsigned_int_P_back_25_alloc_table, + (integer_of_uint32(result4) <= offset_max(unsigned_intP_back_25_alloc_table, result2))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_back_25, shift(result2, + (result5 = select(unsigned_intP_unsigned_intM_back_25, shift(result2, integer_of_uint32(result4)))) -> (integer_of_uint32(result5) = integer_of_uint32(i_1)) -> ((offset_min(SparseArray_a_6_alloc_table, a_1) <= 0) and (0 <= offset_max(SparseArray_a_6_alloc_table, a_1))) -> - forall result6:int_P pointer. + forall result6:intP pointer. (result6 = select(SparseArray_val_a_6, a_1)) -> - (integer_of_uint32(i_1) <= offset_max(int_P_val_26_alloc_table, result6)) + (integer_of_uint32(i_1) <= offset_max(intP_val_26_alloc_table, result6)) goal main_ensures_default_po_1: ("JC_138": true) -> @@ -7450,25 +7336,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -7477,22 +7363,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -7520,22 +7406,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -7575,7 +7461,7 @@ SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11))) -> forall y:int32. (y = result24) -> - ("JC_168": ("JC_166": ("JC_166": (integer_of_int32(x_0) = 0)))) + ("JC_168": ("JC_166": (integer_of_int32(x_0) = 0))) goal main_ensures_default_po_2: ("JC_138": true) -> @@ -7584,25 +7470,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -7611,22 +7497,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -7654,22 +7540,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -7709,7 +7595,7 @@ SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11))) -> forall y:int32. (y = result24) -> - ("JC_168": ("JC_167": ("JC_167": (integer_of_int32(y) = 0)))) + ("JC_168": ("JC_167": (integer_of_int32(y) = 0))) goal main_ensures_default_po_3: ("JC_138": true) -> @@ -7718,25 +7604,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -7745,22 +7631,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -7788,22 +7674,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -7852,44 +7738,44 @@ (integer_of_int32(result26) = 1) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -7900,42 +7786,42 @@ (integer_of_int32(result28) = 2) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -7946,8 +7832,8 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. @@ -7955,12 +7841,12 @@ forall result32:int32. ("JC_66": (integer_of_int32(result32) = model(b, integer_of_uint32(result31), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y0:int32. (y0 = result32) -> - ("JC_175": ("JC_173": ("JC_173": (integer_of_int32(x_0_0) = 1)))) + ("JC_175": ("JC_173": (integer_of_int32(x_0_0) = 1))) goal main_ensures_default_po_4: ("JC_138": true) -> @@ -7969,25 +7855,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -7996,22 +7882,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -8039,22 +7925,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -8103,44 +7989,44 @@ (integer_of_int32(result26) = 1) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -8151,42 +8037,42 @@ (integer_of_int32(result28) = 2) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -8197,8 +8083,8 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. @@ -8206,12 +8092,12 @@ forall result32:int32. ("JC_66": (integer_of_int32(result32) = model(b, integer_of_uint32(result31), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y0:int32. (y0 = result32) -> - ("JC_175": ("JC_174": ("JC_174": (integer_of_int32(y0) = 2)))) + ("JC_175": ("JC_174": (integer_of_int32(y0) = 2))) goal main_ensures_default_po_5: ("JC_138": true) -> @@ -8220,25 +8106,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -8247,22 +8133,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -8290,22 +8176,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -8354,44 +8240,44 @@ (integer_of_int32(result26) = 1) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -8402,42 +8288,42 @@ (integer_of_int32(result28) = 2) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -8448,8 +8334,8 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. @@ -8457,9 +8343,9 @@ forall result32:int32. ("JC_66": (integer_of_int32(result32) = model(b, integer_of_uint32(result31), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y0:int32. (y0 = result32) -> ("JC_175": @@ -8471,8 +8357,8 @@ ("JC_66": (integer_of_int32(result34) = model(a_2_0, integer_of_uint32(result33), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_1:int32. (x_0_1 = result34) -> forall result35:uint32. @@ -8480,12 +8366,12 @@ forall result36:int32. ("JC_66": (integer_of_int32(result36) = model(b, integer_of_uint32(result35), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y1:int32. (y1 = result36) -> - ("JC_180": ("JC_178": ("JC_178": (integer_of_int32(x_0_1) = 0)))) + ("JC_180": ("JC_178": (integer_of_int32(x_0_1) = 0))) goal main_ensures_default_po_6: ("JC_138": true) -> @@ -8494,25 +8380,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -8521,22 +8407,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -8564,22 +8450,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -8628,44 +8514,44 @@ (integer_of_int32(result26) = 1) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -8676,42 +8562,42 @@ (integer_of_int32(result28) = 2) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -8722,8 +8608,8 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. @@ -8731,9 +8617,9 @@ forall result32:int32. ("JC_66": (integer_of_int32(result32) = model(b, integer_of_uint32(result31), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y0:int32. (y0 = result32) -> ("JC_175": @@ -8745,8 +8631,8 @@ ("JC_66": (integer_of_int32(result34) = model(a_2_0, integer_of_uint32(result33), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_1:int32. (x_0_1 = result34) -> forall result35:uint32. @@ -8754,32 +8640,32 @@ forall result36:int32. ("JC_66": (integer_of_int32(result36) = model(b, integer_of_uint32(result35), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y1:int32. (y1 = result36) -> - ("JC_180": ("JC_179": ("JC_179": (integer_of_int32(y1) = 0)))) + ("JC_180": ("JC_179": (integer_of_int32(y1) = 0))) goal main_safety_po_1: ("JC_138": true) -> forall result17:uint32. (integer_of_uint32(result17) = 10) -> - ("JC_11": ("JC_11": (integer_of_uint32(result17) >= 0))) + ("JC_11": (integer_of_uint32(result17) >= 0)) goal main_safety_po_2: ("JC_138": true) -> forall result0:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result10:(int_P, int32) memory. - forall result13:(unsigned_int_P, + unsigned_intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result10:(intP, int32) memory. + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result16:SparseArray alloc_table. forall result17:uint32. @@ -8788,22 +8674,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -8828,7 +8714,7 @@ (a_2_0 = result18) -> forall result19:uint32. (integer_of_uint32(result19) = 20) -> - ("JC_11": ("JC_11": (integer_of_uint32(result19) >= 0))) + ("JC_11": (integer_of_uint32(result19) >= 0)) goal main_safety_po_3: ("JC_138": true) -> @@ -8837,25 +8723,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -8865,22 +8751,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -8909,22 +8795,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -8950,8 +8836,7 @@ forall result21:uint32. (integer_of_uint32(result21) = 5) -> ("JC_56": - ("JC_52": - ("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)))) + ("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0))) goal main_safety_po_4: ("JC_138": true) -> @@ -8960,25 +8845,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -8988,22 +8873,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9032,22 +8917,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -9073,8 +8958,7 @@ forall result21:uint32. (integer_of_uint32(result21) = 5) -> ("JC_56": - ("JC_53": - ("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)))) + ("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0))) goal main_safety_po_5: ("JC_138": true) -> @@ -9083,25 +8967,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -9111,22 +8995,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9155,22 +9039,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -9196,12 +9080,11 @@ forall result21:uint32. (integer_of_uint32(result21) = 5) -> ("JC_56": - ("JC_54": - ("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + ("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, result13, result14)))) + SparseArray_val_a_2_30, result13, result14))) goal main_safety_po_6: ("JC_138": true) -> @@ -9210,25 +9093,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -9238,22 +9121,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9282,22 +9165,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -9324,9 +9207,8 @@ (integer_of_uint32(result21) = 5) -> ("JC_56": ("JC_55": - ("JC_55": (integer_of_uint32(result21) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, - a_2_0)) - 1))))) + a_2_0)) - 1)))) goal main_safety_po_7: ("JC_138": true) -> @@ -9335,25 +9217,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -9363,22 +9245,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9407,22 +9289,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -9450,8 +9332,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9467,8 +9349,7 @@ (x_0 = result22) -> forall result23:uint32. (integer_of_uint32(result23) = 7) -> - ("JC_56": - ("JC_52": ("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)))) + ("JC_56": ("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0))) goal main_safety_po_8: ("JC_138": true) -> @@ -9477,25 +9358,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -9505,22 +9386,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9549,22 +9430,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -9592,8 +9473,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9609,8 +9490,7 @@ (x_0 = result22) -> forall result23:uint32. (integer_of_uint32(result23) = 7) -> - ("JC_56": - ("JC_53": ("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)))) + ("JC_56": ("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0))) goal main_safety_po_9: ("JC_138": true) -> @@ -9619,25 +9499,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -9647,22 +9527,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9691,22 +9571,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -9734,8 +9614,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9752,12 +9632,11 @@ forall result23:uint32. (integer_of_uint32(result23) = 7) -> ("JC_56": - ("JC_54": - ("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + ("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - result11, result12)))) + result11, result12))) goal main_safety_po_10: ("JC_138": true) -> @@ -9766,25 +9645,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -9794,22 +9673,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9838,22 +9717,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -9881,8 +9760,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9900,9 +9779,8 @@ (integer_of_uint32(result23) = 7) -> ("JC_56": ("JC_55": - ("JC_55": (integer_of_uint32(result23) <= (integer_of_uint32(select(SparseArray_sz_0_b_31, - b)) - 1))))) + b)) - 1)))) goal main_safety_po_11: ("JC_138": true) -> @@ -9911,25 +9789,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -9939,22 +9817,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -9983,22 +9861,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10026,8 +9904,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10046,8 +9924,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10068,8 +9946,7 @@ forall result26:int32. (integer_of_int32(result26) = 1) -> ("JC_85": - ("JC_82": - ("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)))) + ("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0))) goal main_safety_po_12: ("JC_138": true) -> @@ -10078,25 +9955,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -10106,22 +9983,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10150,22 +10027,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10193,8 +10070,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10213,8 +10090,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10235,12 +10112,11 @@ forall result26:int32. (integer_of_int32(result26) = 1) -> ("JC_85": - ("JC_83": - ("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + ("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, result13, result14)))) + SparseArray_val_a_2_30, result13, result14))) goal main_safety_po_13: ("JC_138": true) -> @@ -10249,25 +10125,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -10277,22 +10153,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10321,22 +10197,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10364,8 +10240,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10384,8 +10260,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10407,9 +10283,8 @@ (integer_of_int32(result26) = 1) -> ("JC_85": ("JC_84": - ("JC_84": (integer_of_uint32(result25) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, - a_2_0)) - 1))))) + a_2_0)) - 1)))) goal main_safety_po_14: ("JC_138": true) -> @@ -10418,25 +10293,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -10446,22 +10321,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10490,22 +10365,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10533,8 +10408,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10553,8 +10428,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10577,8 +10452,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10587,44 +10462,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -10633,8 +10508,7 @@ (integer_of_uint32(result27) = 7) -> forall result28:int32. (integer_of_int32(result28) = 2) -> - ("JC_85": - ("JC_82": ("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)))) + ("JC_85": ("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0))) goal main_safety_po_15: ("JC_138": true) -> @@ -10643,25 +10517,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -10671,22 +10545,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10715,22 +10589,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10758,8 +10632,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10778,8 +10652,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10802,8 +10676,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10812,44 +10686,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -10859,12 +10733,11 @@ forall result28:int32. (integer_of_int32(result28) = 2) -> ("JC_85": - ("JC_83": - ("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + ("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - result11, result12)))) + result11, result12))) goal main_safety_po_16: ("JC_138": true) -> @@ -10873,25 +10746,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -10901,22 +10774,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -10945,22 +10818,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -10988,8 +10861,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11008,8 +10881,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -11032,8 +10905,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11042,44 +10915,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -11090,9 +10963,8 @@ (integer_of_int32(result28) = 2) -> ("JC_85": ("JC_84": - ("JC_84": (integer_of_uint32(result27) <= (integer_of_uint32(select(SparseArray_sz_0_b_31, - b)) - 1))))) + b)) - 1)))) goal main_safety_po_17: ("JC_138": true) -> @@ -11101,25 +10973,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -11129,22 +11001,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11173,22 +11045,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -11216,8 +11088,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11236,8 +11108,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -11260,8 +11132,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11270,44 +11142,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -11319,8 +11191,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -11329,42 +11201,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -11372,8 +11244,7 @@ forall result29:uint32. (integer_of_uint32(result29) = 5) -> ("JC_56": - ("JC_53": - ("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)))) + ("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0))) goal main_safety_po_18: ("JC_138": true) -> @@ -11382,25 +11253,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -11410,22 +11281,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11454,22 +11325,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -11497,8 +11368,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11517,8 +11388,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -11541,8 +11412,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11551,44 +11422,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -11600,8 +11471,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -11610,42 +11481,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -11653,13 +11524,12 @@ forall result29:uint32. (integer_of_uint32(result29) = 5) -> ("JC_56": - ("JC_54": - ("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + ("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)))) + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140))) goal main_safety_po_19: ("JC_138": true) -> @@ -11668,25 +11538,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -11696,22 +11566,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11740,22 +11610,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -11783,8 +11653,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11803,8 +11673,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -11827,8 +11697,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -11837,44 +11707,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -11886,8 +11756,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -11896,42 +11766,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -11940,9 +11810,8 @@ (integer_of_uint32(result29) = 5) -> ("JC_56": ("JC_55": - ("JC_55": (integer_of_uint32(result29) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, - a_2_0)) - 1))))) + a_2_0)) - 1)))) goal main_safety_po_20: ("JC_138": true) -> @@ -11951,25 +11820,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -11979,22 +11848,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -12023,22 +11892,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -12066,8 +11935,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -12086,8 +11955,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -12110,8 +11979,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -12120,44 +11989,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -12169,8 +12038,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -12179,42 +12048,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -12224,12 +12093,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result29) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -12237,14 +12106,13 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. (integer_of_uint32(result31) = 7) -> - ("JC_56": - ("JC_53": ("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)))) + ("JC_56": ("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0))) goal main_safety_po_21: ("JC_138": true) -> @@ -12253,25 +12121,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -12281,22 +12149,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -12325,22 +12193,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -12368,8 +12236,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -12388,8 +12256,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -12412,8 +12280,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -12422,44 +12290,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -12471,8 +12339,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -12481,42 +12349,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -12526,12 +12394,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result29) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -12539,20 +12407,18 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. (integer_of_uint32(result31) = 7) -> ("JC_56": - ("JC_54": - ("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + ("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)))) + unsigned_intP_unsigned_intM_back_146, unsigned_intP_unsigned_intM_idx_144))) goal main_safety_po_22: ("JC_138": true) -> @@ -12561,25 +12427,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -12589,22 +12455,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -12633,22 +12499,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -12676,8 +12542,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -12696,8 +12562,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -12720,8 +12586,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -12730,44 +12596,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -12779,8 +12645,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -12789,42 +12655,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -12834,12 +12700,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result29) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -12847,17 +12713,16 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. (integer_of_uint32(result31) = 7) -> ("JC_56": ("JC_55": - ("JC_55": (integer_of_uint32(result31) <= (integer_of_uint32(select(SparseArray_sz_0_b_31, - b)) - 1))))) + b)) - 1)))) goal main_safety_po_23: ("JC_138": true) -> @@ -12866,25 +12731,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -12894,22 +12759,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -12938,22 +12803,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -12981,8 +12846,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -13001,8 +12866,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -13025,8 +12890,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -13035,44 +12900,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -13084,8 +12949,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -13094,42 +12959,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -13139,12 +13004,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result29) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -13152,8 +13017,8 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. @@ -13161,21 +13026,21 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and ("JC_55": (integer_of_uint32(result31) <= (integer_of_uint32(select(SparseArray_sz_0_b_31, b)) - 1))))))) -> forall result32:int32. ("JC_66": (integer_of_int32(result32) = model(b, integer_of_uint32(result31), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y0:int32. (y0 = result32) -> ("JC_156": @@ -13184,8 +13049,7 @@ forall result33:uint32. (integer_of_uint32(result33) = 0) -> ("JC_56": - ("JC_53": - ("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)))) + ("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0))) goal main_safety_po_24: ("JC_138": true) -> @@ -13194,25 +13058,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -13222,22 +13086,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -13266,22 +13130,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -13309,8 +13173,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -13329,8 +13193,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -13353,8 +13217,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -13363,44 +13227,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -13412,8 +13276,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -13422,42 +13286,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -13467,12 +13331,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result29) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -13480,8 +13344,8 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. @@ -13489,21 +13353,21 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and ("JC_55": (integer_of_uint32(result31) <= (integer_of_uint32(select(SparseArray_sz_0_b_31, b)) - 1))))))) -> forall result32:int32. ("JC_66": (integer_of_int32(result32) = model(b, integer_of_uint32(result31), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y0:int32. (y0 = result32) -> ("JC_156": @@ -13512,13 +13376,12 @@ forall result33:uint32. (integer_of_uint32(result33) = 0) -> ("JC_56": - ("JC_54": - ("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + ("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)))) + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140))) goal main_safety_po_25: ("JC_138": true) -> @@ -13527,25 +13390,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -13555,22 +13418,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -13599,22 +13462,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -13642,8 +13505,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -13662,8 +13525,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -13686,8 +13549,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -13696,44 +13559,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -13745,8 +13608,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -13755,42 +13618,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -13800,12 +13663,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result29) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -13813,8 +13676,8 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. @@ -13822,21 +13685,21 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and ("JC_55": (integer_of_uint32(result31) <= (integer_of_uint32(select(SparseArray_sz_0_b_31, b)) - 1))))))) -> forall result32:int32. ("JC_66": (integer_of_int32(result32) = model(b, integer_of_uint32(result31), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y0:int32. (y0 = result32) -> ("JC_156": @@ -13846,9 +13709,8 @@ (integer_of_uint32(result33) = 0) -> ("JC_56": ("JC_55": - ("JC_55": (integer_of_uint32(result33) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, - a_2_0)) - 1))))) + a_2_0)) - 1)))) goal main_safety_po_26: ("JC_138": true) -> @@ -13857,25 +13719,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -13885,22 +13747,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -13929,22 +13791,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -13972,8 +13834,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -13992,8 +13854,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -14016,8 +13878,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -14026,44 +13888,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -14075,8 +13937,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -14085,42 +13947,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -14130,12 +13992,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result29) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -14143,8 +14005,8 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. @@ -14152,21 +14014,21 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and ("JC_55": (integer_of_uint32(result31) <= (integer_of_uint32(select(SparseArray_sz_0_b_31, b)) - 1))))))) -> forall result32:int32. ("JC_66": (integer_of_int32(result32) = model(b, integer_of_uint32(result31), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y0:int32. (y0 = result32) -> ("JC_156": @@ -14177,12 +14039,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result33) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -14190,14 +14052,13 @@ ("JC_66": (integer_of_int32(result34) = model(a_2_0, integer_of_uint32(result33), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_1:int32. (x_0_1 = result34) -> forall result35:uint32. (integer_of_uint32(result35) = 0) -> - ("JC_56": - ("JC_53": ("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)))) + ("JC_56": ("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0))) goal main_safety_po_27: ("JC_138": true) -> @@ -14206,25 +14067,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -14234,22 +14095,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -14278,22 +14139,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -14321,8 +14182,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -14341,8 +14202,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -14365,8 +14226,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -14375,44 +14236,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -14424,8 +14285,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -14434,42 +14295,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -14479,12 +14340,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result29) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -14492,8 +14353,8 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. @@ -14501,21 +14362,21 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and ("JC_55": (integer_of_uint32(result31) <= (integer_of_uint32(select(SparseArray_sz_0_b_31, b)) - 1))))))) -> forall result32:int32. ("JC_66": (integer_of_int32(result32) = model(b, integer_of_uint32(result31), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y0:int32. (y0 = result32) -> ("JC_156": @@ -14526,12 +14387,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result33) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -14539,20 +14400,18 @@ ("JC_66": (integer_of_int32(result34) = model(a_2_0, integer_of_uint32(result33), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_1:int32. (x_0_1 = result34) -> forall result35:uint32. (integer_of_uint32(result35) = 0) -> ("JC_56": - ("JC_54": - ("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + ("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)))) + unsigned_intP_unsigned_intM_back_146, unsigned_intP_unsigned_intM_idx_144))) goal main_safety_po_28: ("JC_138": true) -> @@ -14561,25 +14420,25 @@ forall result1:(SparseArray, uint32) memory. forall result2:(SparseArray, uint32) memory. forall result3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result5:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result6:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall result7:(SparseArray, - int_P pointer) memory. - forall result8:(SparseArray, int_P pointer) memory. - forall result9:(int_P, int32) memory. - forall result10:(int_P, int32) memory. - forall result11:(unsigned_int_P, + intP pointer) memory. + forall result8:(SparseArray, intP pointer) memory. + forall result9:(intP, int32) memory. + forall result10:(intP, int32) memory. + forall result11:(unsigned_intP, uint32) memory. - forall result12:(unsigned_int_P, + forall result12:(unsigned_intP, uint32) memory. - forall result13:(unsigned_int_P, + forall result13:(unsigned_intP, uint32) memory. - forall result14:(unsigned_int_P, + forall result14:(unsigned_intP, uint32) memory. forall result15:SparseArray alloc_table. forall result16:SparseArray alloc_table. @@ -14589,22 +14448,22 @@ forall result18:SparseArray pointer. forall SparseArray_a_2_30_alloc_table:SparseArray alloc_table. forall SparseArray_back_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_a_2_30:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_2_30:(SparseArray, uint32) memory. forall SparseArray_sz_0_a_2_30:(SparseArray, uint32) memory. forall SparseArray_val_a_2_30:(SparseArray, - int_P pointer) memory. - forall int_P_val_141_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_142_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_140_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_141_alloc_table:intP alloc_table. + forall unsigned_intP_back_142_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_140_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result18, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_26": inv(result18, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -14633,22 +14492,22 @@ forall result20:SparseArray pointer. forall SparseArray_b_31_alloc_table:SparseArray alloc_table. forall SparseArray_back_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_idx_b_31:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_b_31:(SparseArray, uint32) memory. forall SparseArray_sz_0_b_31:(SparseArray, uint32) memory. forall SparseArray_val_b_31:(SparseArray, - int_P pointer) memory. - forall int_P_val_145_alloc_table:int_P alloc_table. - forall unsigned_int_P_back_146_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_idx_144_alloc_table:unsigned_int_P alloc_table. + intP pointer) memory. + forall intP_val_145_alloc_table:intP alloc_table. + forall unsigned_intP_back_146_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_idx_144_alloc_table:unsigned_intP alloc_table. ("JC_36": (("JC_29": - (("JC_26": inv(result20, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_26": inv(result20, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -14676,8 +14535,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -14696,8 +14555,8 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -14720,8 +14579,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_82": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_83": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_83": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result13, result14)) and @@ -14730,44 +14589,44 @@ a_2_0)) - 1))))))) -> forall SparseArray_n_a_2_30_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_141:(int_P, + forall intP_intM_val_141:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_142:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_142:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_140:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_140:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_103": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and (("JC_104": (model(a_2_0, integer_of_uint32(result25), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = integer_of_int32(result26))) and + SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = integer_of_int32(result26))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result25)) -> (model(a_2_0, j, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, - SparseArray_idx_a_2_30, SparseArray_val_a_2_30, int_P_int_M_val_141, - unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142) = model(a_2_0, j, + SparseArray_idx_a_2_30, SparseArray_val_a_2_30, intP_intM_val_141, + unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142) = model(a_2_0, j, SparseArray_n_a_2_30, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, result10, result14, result13)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_140_alloc_table, result14, - unsigned_int_P_unsigned_int_M_idx_140, + (((("JC_107": not_assigns(unsigned_intP_idx_140_alloc_table, result14, + unsigned_intP_unsigned_intM_idx_140, pset_all(pset_deref(SparseArray_idx_a_2_30, pset_singleton(a_2_0))))) and - ("JC_108": not_assigns(unsigned_int_P_back_142_alloc_table, result13, - unsigned_int_P_unsigned_int_M_back_142, + ("JC_108": not_assigns(unsigned_intP_back_142_alloc_table, result13, + unsigned_intP_unsigned_intM_back_142, pset_all(pset_deref(SparseArray_back_a_2_30, pset_singleton(a_2_0)))))) and - ("JC_109": not_assigns(int_P_val_141_alloc_table, result10, - int_P_int_M_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, + ("JC_109": not_assigns(intP_val_141_alloc_table, result10, + intP_intM_val_141, pset_range(pset_deref(SparseArray_val_a_2_30, pset_singleton(a_2_0)), integer_of_uint32(result25), integer_of_uint32(result25))))) and ("JC_110": not_assigns(SparseArray_a_2_30_alloc_table, @@ -14779,8 +14638,8 @@ ("JC_85": (("JC_81": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_82": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_83": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_83": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result11, result12)) and @@ -14789,42 +14648,42 @@ b)) - 1))))))) -> forall SparseArray_n_b_31_0:(SparseArray, uint32) memory. - forall int_P_int_M_val_145:(int_P, + forall intP_intM_val_145:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_146:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_146:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_144:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_144:(unsigned_intP, uint32) memory. ("JC_112": (("JC_106": - (("JC_103": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_103": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and (("JC_104": (model(b, integer_of_uint32(result27), SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, - int_P_int_M_val_145, unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = integer_of_int32(result28))) and + intP_intM_val_145, unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = integer_of_int32(result28))) and ("JC_105": (forall j:int. ((j <> integer_of_uint32(result27)) -> (model(b, j, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146) = model(b, j, + SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146) = model(b, j, SparseArray_n_b_31, SparseArray_back_b_31, SparseArray_idx_b_31, SparseArray_val_b_31, result9, result12, result11)))))))) and ("JC_111": - (((("JC_107": not_assigns(unsigned_int_P_idx_144_alloc_table, result12, - unsigned_int_P_unsigned_int_M_idx_144, + (((("JC_107": not_assigns(unsigned_intP_idx_144_alloc_table, result12, + unsigned_intP_unsigned_intM_idx_144, pset_all(pset_deref(SparseArray_idx_b_31, pset_singleton(b))))) and - ("JC_108": not_assigns(unsigned_int_P_back_146_alloc_table, result11, - unsigned_int_P_unsigned_int_M_back_146, + ("JC_108": not_assigns(unsigned_intP_back_146_alloc_table, result11, + unsigned_intP_unsigned_intM_back_146, pset_all(pset_deref(SparseArray_back_b_31, pset_singleton(b)))))) and - ("JC_109": not_assigns(int_P_val_145_alloc_table, result9, - int_P_int_M_val_145, pset_range(pset_deref(SparseArray_val_b_31, + ("JC_109": not_assigns(intP_val_145_alloc_table, result9, + intP_intM_val_145, pset_range(pset_deref(SparseArray_val_b_31, pset_singleton(b)), integer_of_uint32(result27), integer_of_uint32(result27))))) and ("JC_110": not_assigns(SparseArray_b_31_alloc_table, SparseArray_n_b_31, @@ -14834,12 +14693,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result29) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -14847,8 +14706,8 @@ ("JC_66": (integer_of_int32(result30) = model(a_2_0, integer_of_uint32(result29), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_0:int32. (x_0_0 = result30) -> forall result31:uint32. @@ -14856,21 +14715,21 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_b_31_alloc_table, b) <= 0)) and (("JC_53": (offset_max(SparseArray_b_31_alloc_table, b) >= 0)) and - (("JC_54": inv(b, unsigned_int_P_back_146_alloc_table, - unsigned_int_P_idx_144_alloc_table, int_P_val_145_alloc_table, + (("JC_54": inv(b, unsigned_intP_back_146_alloc_table, + unsigned_intP_idx_144_alloc_table, intP_val_145_alloc_table, SparseArray_b_31_alloc_table, SparseArray_sz_0_b_31, SparseArray_n_b_31_0, SparseArray_back_b_31, SparseArray_idx_b_31, - SparseArray_val_b_31, unsigned_int_P_unsigned_int_M_back_146, - unsigned_int_P_unsigned_int_M_idx_144)) and + SparseArray_val_b_31, unsigned_intP_unsigned_intM_back_146, + unsigned_intP_unsigned_intM_idx_144)) and ("JC_55": (integer_of_uint32(result31) <= (integer_of_uint32(select(SparseArray_sz_0_b_31, b)) - 1))))))) -> forall result32:int32. ("JC_66": (integer_of_int32(result32) = model(b, integer_of_uint32(result31), SparseArray_n_b_31_0, SparseArray_back_b_31, - SparseArray_idx_b_31, SparseArray_val_b_31, int_P_int_M_val_145, - unsigned_int_P_unsigned_int_M_idx_144, - unsigned_int_P_unsigned_int_M_back_146))) -> + SparseArray_idx_b_31, SparseArray_val_b_31, intP_intM_val_145, + unsigned_intP_unsigned_intM_idx_144, + unsigned_intP_unsigned_intM_back_146))) -> forall y0:int32. (y0 = result32) -> ("JC_156": @@ -14881,12 +14740,12 @@ ("JC_56": (("JC_52": (offset_min(SparseArray_a_2_30_alloc_table, a_2_0) <= 0)) and (("JC_53": (offset_max(SparseArray_a_2_30_alloc_table, a_2_0) >= 0)) and - (("JC_54": inv(a_2_0, unsigned_int_P_back_142_alloc_table, - unsigned_int_P_idx_140_alloc_table, int_P_val_141_alloc_table, + (("JC_54": inv(a_2_0, unsigned_intP_back_142_alloc_table, + unsigned_intP_idx_140_alloc_table, intP_val_141_alloc_table, SparseArray_a_2_30_alloc_table, SparseArray_sz_0_a_2_30, SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, - SparseArray_val_a_2_30, unsigned_int_P_unsigned_int_M_back_142, - unsigned_int_P_unsigned_int_M_idx_140)) and + SparseArray_val_a_2_30, unsigned_intP_unsigned_intM_back_142, + unsigned_intP_unsigned_intM_idx_140)) and ("JC_55": (integer_of_uint32(result33) <= (integer_of_uint32(select(SparseArray_sz_0_a_2_30, a_2_0)) - 1))))))) -> @@ -14894,649 +14753,637 @@ ("JC_66": (integer_of_int32(result34) = model(a_2_0, integer_of_uint32(result33), SparseArray_n_a_2_30_0, SparseArray_back_a_2_30, SparseArray_idx_a_2_30, SparseArray_val_a_2_30, - int_P_int_M_val_141, unsigned_int_P_unsigned_int_M_idx_140, - unsigned_int_P_unsigned_int_M_back_142))) -> + intP_intM_val_141, unsigned_intP_unsigned_intM_idx_140, + unsigned_intP_unsigned_intM_back_142))) -> forall x_0_1:int32. (x_0_1 = result34) -> forall result35:uint32. (integer_of_uint32(result35) = 0) -> ("JC_56": ("JC_55": - ("JC_55": (integer_of_uint32(result35) <= (integer_of_uint32(select(SparseArray_sz_0_b_31, - b)) - 1))))) + b)) - 1)))) goal set_ensures_default_po_1: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) = integer_of_uint32(i_0_0)) -> ("JC_102": ("JC_96": - ("JC_93": - ("JC_93": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + ("JC_93": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28))))) + unsigned_intP_unsigned_intM_back_29, unsigned_intP_unsigned_intM_idx_28)))) goal set_ensures_default_po_2: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) = integer_of_uint32(i_0_0)) -> ("JC_102": ("JC_96": - ("JC_94": ("JC_94": (model(a_0_0, integer_of_uint32(i_0_0), SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - int_P_int_M_val_27_0, unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29) = integer_of_int32(v)))))) + intP_intM_val_27_0, unsigned_intP_unsigned_intM_idx_28, + unsigned_intP_unsigned_intM_back_29) = integer_of_int32(v))))) goal set_ensures_default_po_3: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) = integer_of_uint32(i_0_0)) -> + forall j:int. + (j <> integer_of_uint32(i_0_0)) -> ("JC_102": ("JC_96": - ("JC_95": - ("JC_95": - (forall j:int. - ((j <> integer_of_uint32(i_0_0)) -> (model(a_0_0, j, SparseArray_n_a_0_7, - SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - int_P_int_M_val_27_0, unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29) = model(a_0_0, j, - SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, int_P_int_M_val_27, - unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29)))))))) + ("JC_95": (model(a_0_0, j, SparseArray_n_a_0_7, SparseArray_back_a_0_7, + SparseArray_idx_a_0_7, SparseArray_val_a_0_7, intP_intM_val_27_0, + unsigned_intP_unsigned_intM_idx_28, + unsigned_intP_unsigned_intM_back_29) = model(a_0_0, j, SparseArray_n_a_0_7, + SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, + intP_intM_val_27, unsigned_intP_unsigned_intM_idx_28, + unsigned_intP_unsigned_intM_back_29))))) goal set_ensures_default_po_4: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) = integer_of_uint32(i_0_0)) -> ("JC_102": ("JC_101": - ("JC_97": - ("JC_97": not_assigns(unsigned_int_P_idx_28_alloc_table, - unsigned_int_P_unsigned_int_M_idx_28, unsigned_int_P_unsigned_int_M_idx_28, - pset_all(pset_deref(SparseArray_idx_a_0_7, pset_singleton(a_0_0)))))))) + ("JC_97": not_assigns(unsigned_intP_idx_28_alloc_table, + unsigned_intP_unsigned_intM_idx_28, unsigned_intP_unsigned_intM_idx_28, + pset_all(pset_deref(SparseArray_idx_a_0_7, pset_singleton(a_0_0))))))) goal set_ensures_default_po_5: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) = integer_of_uint32(i_0_0)) -> ("JC_102": ("JC_101": - ("JC_98": - ("JC_98": not_assigns(unsigned_int_P_back_29_alloc_table, - unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_back_29, - pset_all(pset_deref(SparseArray_back_a_0_7, pset_singleton(a_0_0)))))))) + ("JC_98": not_assigns(unsigned_intP_back_29_alloc_table, + unsigned_intP_unsigned_intM_back_29, unsigned_intP_unsigned_intM_back_29, + pset_all(pset_deref(SparseArray_back_a_0_7, pset_singleton(a_0_0))))))) goal set_ensures_default_po_6: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) = integer_of_uint32(i_0_0)) -> ("JC_102": ("JC_101": - ("JC_99": - ("JC_99": not_assigns(int_P_val_27_alloc_table, int_P_int_M_val_27, - int_P_int_M_val_27_0, pset_range(pset_deref(SparseArray_val_a_0_7, + ("JC_99": not_assigns(intP_val_27_alloc_table, intP_intM_val_27, + intP_intM_val_27_0, pset_range(pset_deref(SparseArray_val_a_0_7, pset_singleton(a_0_0)), integer_of_uint32(i_0_0), - integer_of_uint32(i_0_0))))))) + integer_of_uint32(i_0_0)))))) goal set_ensures_default_po_7: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) = integer_of_uint32(i_0_0)) -> ("JC_102": ("JC_101": - ("JC_100": ("JC_100": not_assigns(SparseArray_a_0_7_alloc_table, SparseArray_n_a_0_7, - SparseArray_n_a_0_7, pset_singleton(a_0_0)))))) + SparseArray_n_a_0_7, pset_singleton(a_0_0))))) goal set_ensures_default_po_8: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> - ("JC_134": ("JC_134": (integer_of_uint32(select(SparseArray_n_a_0_7, - a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0))))) + a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) goal set_ensures_default_po_9: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_134": (integer_of_uint32(select(SparseArray_n_a_0_7, a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result9, integer_of_uint32(result10)), i_0_0)) -> forall result11:uint32. (result11 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -15547,92 +15394,91 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result12)) -> ("JC_102": ("JC_96": - ("JC_93": - ("JC_93": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + ("JC_93": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7_0, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29_0, - unsigned_int_P_unsigned_int_M_idx_28_0))))) + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29_0, + unsigned_intP_unsigned_intM_idx_28_0)))) goal set_ensures_default_po_10: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_134": (integer_of_uint32(select(SparseArray_n_a_0_7, a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result9, integer_of_uint32(result10)), i_0_0)) -> forall result11:uint32. (result11 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -15643,90 +15489,89 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result12)) -> ("JC_102": ("JC_96": - ("JC_94": ("JC_94": (model(a_0_0, integer_of_uint32(i_0_0), SparseArray_n_a_0_7_0, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - int_P_int_M_val_27_0, unsigned_int_P_unsigned_int_M_idx_28_0, - unsigned_int_P_unsigned_int_M_back_29_0) = integer_of_int32(v)))))) + intP_intM_val_27_0, unsigned_intP_unsigned_intM_idx_28_0, + unsigned_intP_unsigned_intM_back_29_0) = integer_of_int32(v))))) goal set_ensures_default_po_11: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_134": (integer_of_uint32(select(SparseArray_n_a_0_7, a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result9, integer_of_uint32(result10)), i_0_0)) -> forall result11:uint32. (result11 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -15735,99 +15580,96 @@ forall SparseArray_n_a_0_7_0:(SparseArray, uint32) memory. (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result12)) -> + forall j:int. + (j <> integer_of_uint32(i_0_0)) -> ("JC_102": ("JC_96": - ("JC_95": - ("JC_95": - (forall j:int. - ((j <> integer_of_uint32(i_0_0)) -> (model(a_0_0, j, - SparseArray_n_a_0_7_0, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, int_P_int_M_val_27_0, - unsigned_int_P_unsigned_int_M_idx_28_0, - unsigned_int_P_unsigned_int_M_back_29_0) = model(a_0_0, j, - SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, int_P_int_M_val_27, - unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29)))))))) + ("JC_95": (model(a_0_0, j, SparseArray_n_a_0_7_0, SparseArray_back_a_0_7, + SparseArray_idx_a_0_7, SparseArray_val_a_0_7, intP_intM_val_27_0, + unsigned_intP_unsigned_intM_idx_28_0, + unsigned_intP_unsigned_intM_back_29_0) = model(a_0_0, j, + SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, + SparseArray_val_a_0_7, intP_intM_val_27, + unsigned_intP_unsigned_intM_idx_28, unsigned_intP_unsigned_intM_back_29))))) goal set_ensures_default_po_12: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_134": (integer_of_uint32(select(SparseArray_n_a_0_7, a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result9, integer_of_uint32(result10)), i_0_0)) -> forall result11:uint32. (result11 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -15838,90 +15680,88 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result12)) -> ("JC_102": ("JC_101": - ("JC_97": - ("JC_97": not_assigns(unsigned_int_P_idx_28_alloc_table, - unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_idx_28_0, - pset_all(pset_deref(SparseArray_idx_a_0_7, pset_singleton(a_0_0)))))))) + ("JC_97": not_assigns(unsigned_intP_idx_28_alloc_table, + unsigned_intP_unsigned_intM_idx_28, unsigned_intP_unsigned_intM_idx_28_0, + pset_all(pset_deref(SparseArray_idx_a_0_7, pset_singleton(a_0_0))))))) goal set_ensures_default_po_13: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_134": (integer_of_uint32(select(SparseArray_n_a_0_7, a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result9, integer_of_uint32(result10)), i_0_0)) -> forall result11:uint32. (result11 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -15932,90 +15772,88 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result12)) -> ("JC_102": ("JC_101": - ("JC_98": - ("JC_98": not_assigns(unsigned_int_P_back_29_alloc_table, - unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_back_29_0, - pset_all(pset_deref(SparseArray_back_a_0_7, pset_singleton(a_0_0)))))))) + ("JC_98": not_assigns(unsigned_intP_back_29_alloc_table, + unsigned_intP_unsigned_intM_back_29, unsigned_intP_unsigned_intM_back_29_0, + pset_all(pset_deref(SparseArray_back_a_0_7, pset_singleton(a_0_0))))))) goal set_ensures_default_po_14: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_134": (integer_of_uint32(select(SparseArray_n_a_0_7, a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result9, integer_of_uint32(result10)), i_0_0)) -> forall result11:uint32. (result11 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16026,90 +15864,89 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result12)) -> ("JC_102": ("JC_101": - ("JC_99": - ("JC_99": not_assigns(int_P_val_27_alloc_table, int_P_int_M_val_27, - int_P_int_M_val_27_0, pset_range(pset_deref(SparseArray_val_a_0_7, + ("JC_99": not_assigns(intP_val_27_alloc_table, intP_intM_val_27, + intP_intM_val_27_0, pset_range(pset_deref(SparseArray_val_a_0_7, pset_singleton(a_0_0)), integer_of_uint32(i_0_0), - integer_of_uint32(i_0_0))))))) + integer_of_uint32(i_0_0)))))) goal set_ensures_default_po_15: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_134": (integer_of_uint32(select(SparseArray_n_a_0_7, a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result9, integer_of_uint32(result10)), i_0_0)) -> forall result11:uint32. (result11 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16120,110 +15957,108 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result12)) -> ("JC_102": ("JC_101": - ("JC_100": ("JC_100": not_assigns(SparseArray_a_0_7_alloc_table, SparseArray_n_a_0_7, - SparseArray_n_a_0_7_0, pset_singleton(a_0_0)))))) + SparseArray_n_a_0_7_0, pset_singleton(a_0_0))))) goal set_ensures_default_po_16: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> (integer_of_uint32(result1) >= integer_of_uint32(result2)) -> - ("JC_134": ("JC_134": (integer_of_uint32(select(SparseArray_n_a_0_7, - a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0))))) + a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) goal set_ensures_default_po_17: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16232,19 +16067,19 @@ a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result3:uint32. (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result5, integer_of_uint32(result6)), i_0_0)) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16255,60 +16090,59 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result8)) -> ("JC_102": ("JC_96": - ("JC_93": - ("JC_93": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + ("JC_93": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7_0, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29_0, - unsigned_int_P_unsigned_int_M_idx_28_0))))) + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29_0, + unsigned_intP_unsigned_intM_idx_28_0)))) goal set_ensures_default_po_18: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16317,19 +16151,19 @@ a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result3:uint32. (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result5, integer_of_uint32(result6)), i_0_0)) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16340,58 +16174,57 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result8)) -> ("JC_102": ("JC_96": - ("JC_94": ("JC_94": (model(a_0_0, integer_of_uint32(i_0_0), SparseArray_n_a_0_7_0, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, SparseArray_val_a_0_7, - int_P_int_M_val_27_0, unsigned_int_P_unsigned_int_M_idx_28_0, - unsigned_int_P_unsigned_int_M_back_29_0) = integer_of_int32(v)))))) + intP_intM_val_27_0, unsigned_intP_unsigned_intM_idx_28_0, + unsigned_intP_unsigned_intM_back_29_0) = integer_of_int32(v))))) goal set_ensures_default_po_19: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16400,19 +16233,19 @@ a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result3:uint32. (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result5, integer_of_uint32(result6)), i_0_0)) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16421,67 +16254,64 @@ forall SparseArray_n_a_0_7_0:(SparseArray, uint32) memory. (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result8)) -> + forall j:int. + (j <> integer_of_uint32(i_0_0)) -> ("JC_102": ("JC_96": - ("JC_95": - ("JC_95": - (forall j:int. - ((j <> integer_of_uint32(i_0_0)) -> (model(a_0_0, j, - SparseArray_n_a_0_7_0, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, int_P_int_M_val_27_0, - unsigned_int_P_unsigned_int_M_idx_28_0, - unsigned_int_P_unsigned_int_M_back_29_0) = model(a_0_0, j, - SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, int_P_int_M_val_27, - unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_back_29)))))))) + ("JC_95": (model(a_0_0, j, SparseArray_n_a_0_7_0, SparseArray_back_a_0_7, + SparseArray_idx_a_0_7, SparseArray_val_a_0_7, intP_intM_val_27_0, + unsigned_intP_unsigned_intM_idx_28_0, + unsigned_intP_unsigned_intM_back_29_0) = model(a_0_0, j, + SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, + SparseArray_val_a_0_7, intP_intM_val_27, + unsigned_intP_unsigned_intM_idx_28, unsigned_intP_unsigned_intM_back_29))))) goal set_ensures_default_po_20: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16490,19 +16320,19 @@ a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result3:uint32. (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result5, integer_of_uint32(result6)), i_0_0)) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16513,58 +16343,56 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result8)) -> ("JC_102": ("JC_101": - ("JC_97": - ("JC_97": not_assigns(unsigned_int_P_idx_28_alloc_table, - unsigned_int_P_unsigned_int_M_idx_28, - unsigned_int_P_unsigned_int_M_idx_28_0, - pset_all(pset_deref(SparseArray_idx_a_0_7, pset_singleton(a_0_0)))))))) + ("JC_97": not_assigns(unsigned_intP_idx_28_alloc_table, + unsigned_intP_unsigned_intM_idx_28, unsigned_intP_unsigned_intM_idx_28_0, + pset_all(pset_deref(SparseArray_idx_a_0_7, pset_singleton(a_0_0))))))) goal set_ensures_default_po_21: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16573,19 +16401,19 @@ a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result3:uint32. (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result5, integer_of_uint32(result6)), i_0_0)) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16596,58 +16424,56 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result8)) -> ("JC_102": ("JC_101": - ("JC_98": - ("JC_98": not_assigns(unsigned_int_P_back_29_alloc_table, - unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_back_29_0, - pset_all(pset_deref(SparseArray_back_a_0_7, pset_singleton(a_0_0)))))))) + ("JC_98": not_assigns(unsigned_intP_back_29_alloc_table, + unsigned_intP_unsigned_intM_back_29, unsigned_intP_unsigned_intM_back_29_0, + pset_all(pset_deref(SparseArray_back_a_0_7, pset_singleton(a_0_0))))))) goal set_ensures_default_po_22: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16656,19 +16482,19 @@ a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result3:uint32. (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result5, integer_of_uint32(result6)), i_0_0)) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16679,58 +16505,57 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result8)) -> ("JC_102": ("JC_101": - ("JC_99": - ("JC_99": not_assigns(int_P_val_27_alloc_table, int_P_int_M_val_27, - int_P_int_M_val_27_0, pset_range(pset_deref(SparseArray_val_a_0_7, + ("JC_99": not_assigns(intP_val_27_alloc_table, intP_intM_val_27, + intP_intM_val_27_0, pset_range(pset_deref(SparseArray_val_a_0_7, pset_singleton(a_0_0)), integer_of_uint32(i_0_0), - integer_of_uint32(i_0_0))))))) + integer_of_uint32(i_0_0)))))) goal set_ensures_default_po_23: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - forall int_P_int_M_val_27_0:(int_P, + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16739,19 +16564,19 @@ a_0_0)) < integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)))) -> forall result3:uint32. (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result5, integer_of_uint32(result6)), i_0_0)) -> forall result7:uint32. (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> @@ -16762,40 +16587,39 @@ (SparseArray_n_a_0_7_0 = store(SparseArray_n_a_0_7, a_0_0, result8)) -> ("JC_102": ("JC_101": - ("JC_100": ("JC_100": not_assigns(SparseArray_a_0_7_alloc_table, SparseArray_n_a_0_7, - SparseArray_n_a_0_7_0, pset_singleton(a_0_0)))))) + SparseArray_n_a_0_7_0, pset_singleton(a_0_0))))) goal set_safety_po_1: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> @@ -16805,132 +16629,132 @@ forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - (offset_min(int_P_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) + (offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) goal set_safety_po_3: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result)) + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result)) goal set_safety_po_4: forall a_0_0:SparseArray pointer. forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - (offset_min(unsigned_int_P_idx_28_alloc_table, + (offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) goal set_safety_po_5: @@ -16938,53 +16762,53 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0)) goal set_safety_po_6: @@ -16992,58 +16816,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17052,13 +16876,13 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - (offset_min(unsigned_int_P_idx_28_alloc_table, + (offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) goal set_safety_po_7: @@ -17066,58 +16890,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17126,13 +16950,13 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4)) goal set_safety_po_8: @@ -17140,58 +16964,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17200,20 +17024,20 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> - (offset_min(unsigned_int_P_back_29_alloc_table, + (offset_min(unsigned_intP_back_29_alloc_table, result3) <= integer_of_uint32(result5)) goal set_safety_po_9: @@ -17221,58 +17045,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17281,20 +17105,20 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_back_29_alloc_table, result3)) goal set_safety_po_10: @@ -17302,58 +17126,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17362,25 +17186,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> - ((offset_min(unsigned_int_P_back_29_alloc_table, + ((offset_min(unsigned_intP_back_29_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_back_29_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_124": (integer_of_uint32(select(SparseArray_n_a_0_7, @@ -17391,9 +17215,9 @@ (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - (offset_min(unsigned_int_P_idx_28_alloc_table, + (offset_min(unsigned_intP_idx_28_alloc_table, result8) <= integer_of_uint32(i_0_0)) goal set_safety_po_11: @@ -17401,58 +17225,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17461,25 +17285,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> - ((offset_min(unsigned_int_P_back_29_alloc_table, + ((offset_min(unsigned_intP_back_29_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_back_29_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_124": (integer_of_uint32(select(SparseArray_n_a_0_7, @@ -17490,9 +17314,9 @@ (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result8)) goal set_safety_po_12: @@ -17500,58 +17324,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17560,25 +17384,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> - ((offset_min(unsigned_int_P_back_29_alloc_table, + ((offset_min(unsigned_intP_back_29_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_back_29_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_124": (integer_of_uint32(select(SparseArray_n_a_0_7, @@ -17589,25 +17413,25 @@ (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result8) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result8))) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - (offset_min(unsigned_int_P_back_29_alloc_table, + (offset_min(unsigned_intP_back_29_alloc_table, result9) <= integer_of_uint32(result10)) goal set_safety_po_13: @@ -17615,58 +17439,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17675,25 +17499,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> - ((offset_min(unsigned_int_P_back_29_alloc_table, + ((offset_min(unsigned_intP_back_29_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_back_29_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_124": (integer_of_uint32(select(SparseArray_n_a_0_7, @@ -17704,25 +17528,25 @@ (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result8) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result8))) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - (integer_of_uint32(result10) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result10) <= offset_max(unsigned_intP_back_29_alloc_table, result9)) goal set_safety_po_14: @@ -17730,58 +17554,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17790,25 +17614,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> - ((offset_min(unsigned_int_P_back_29_alloc_table, + ((offset_min(unsigned_intP_back_29_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_back_29_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_124": (integer_of_uint32(select(SparseArray_n_a_0_7, @@ -17819,31 +17643,31 @@ (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result8) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result8))) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_back_29_alloc_table, + ((offset_min(unsigned_intP_back_29_alloc_table, result9) <= integer_of_uint32(result10)) and - (integer_of_uint32(result10) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result10) <= offset_max(unsigned_intP_back_29_alloc_table, result9))) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result9, integer_of_uint32(result10)), i_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17856,58 +17680,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17916,25 +17740,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)))) -> - ((offset_min(unsigned_int_P_back_29_alloc_table, + ((offset_min(unsigned_intP_back_29_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_back_29_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_back_29, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_back_29, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0_0)) -> ("JC_124": (integer_of_uint32(select(SparseArray_n_a_0_7, @@ -17945,31 +17769,31 @@ (result7 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result8) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result8))) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result8, integer_of_uint32(i_0_0)), result7)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_back_29_alloc_table, + ((offset_min(unsigned_intP_back_29_alloc_table, result9) <= integer_of_uint32(result10)) and - (integer_of_uint32(result10) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result10) <= offset_max(unsigned_intP_back_29_alloc_table, result9))) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result9, integer_of_uint32(result10)), i_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -17982,58 +17806,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -18048,9 +17872,9 @@ (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - (offset_min(unsigned_int_P_idx_28_alloc_table, + (offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) goal set_safety_po_17: @@ -18058,58 +17882,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -18124,9 +17948,9 @@ (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4)) goal set_safety_po_18: @@ -18134,58 +17958,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -18200,25 +18024,25 @@ (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - (offset_min(unsigned_int_P_back_29_alloc_table, + (offset_min(unsigned_intP_back_29_alloc_table, result5) <= integer_of_uint32(result6)) goal set_safety_po_19: @@ -18226,58 +18050,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -18292,25 +18116,25 @@ (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - (integer_of_uint32(result6) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result6) <= offset_max(unsigned_intP_back_29_alloc_table, result5)) goal set_safety_po_20: @@ -18318,58 +18142,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -18384,31 +18208,31 @@ (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_back_29_alloc_table, + ((offset_min(unsigned_intP_back_29_alloc_table, result5) <= integer_of_uint32(result6)) and - (integer_of_uint32(result6) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result6) <= offset_max(unsigned_intP_back_29_alloc_table, result5))) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result5, integer_of_uint32(result6)), i_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -18421,58 +18245,58 @@ forall i_0_0:uint32. forall v:int32. forall SparseArray_a_0_7_alloc_table:SparseArray alloc_table. - forall int_P_val_27_alloc_table:int_P alloc_table. - forall unsigned_int_P_idx_28_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_back_29_alloc_table:unsigned_int_P alloc_table. + forall intP_val_27_alloc_table:intP alloc_table. + forall unsigned_intP_idx_28_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_back_29_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_7:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_7:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_sz_0_a_0_7:(SparseArray, uint32) memory. forall SparseArray_n_a_0_7:(SparseArray, uint32) memory. - forall int_P_int_M_val_27:(int_P, + forall intP_intM_val_27:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_back_29:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29:(unsigned_intP, uint32) memory. - forall unsigned_int_P_unsigned_int_M_idx_28:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28:(unsigned_intP, uint32) memory. ("JC_91": (("JC_87": (offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0)) and (("JC_88": (offset_max(SparseArray_a_0_7_alloc_table, a_0_0) >= 0)) and - (("JC_89": inv(a_0_0, unsigned_int_P_back_29_alloc_table, - unsigned_int_P_idx_28_alloc_table, int_P_val_27_alloc_table, + (("JC_89": inv(a_0_0, unsigned_intP_back_29_alloc_table, + unsigned_intP_idx_28_alloc_table, intP_val_27_alloc_table, SparseArray_a_0_7_alloc_table, SparseArray_sz_0_a_0_7, SparseArray_n_a_0_7, SparseArray_back_a_0_7, SparseArray_idx_a_0_7, - SparseArray_val_a_0_7, unsigned_int_P_unsigned_int_M_back_29, - unsigned_int_P_unsigned_int_M_idx_28)) and + SparseArray_val_a_0_7, unsigned_intP_unsigned_intM_back_29, + unsigned_intP_unsigned_intM_idx_28)) and ("JC_90": (integer_of_uint32(i_0_0) <= (integer_of_uint32(select(SparseArray_sz_0_a_0_7, a_0_0)) - 1))))))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_7, a_0_0)) -> - ((offset_min(int_P_val_27_alloc_table, + ((offset_min(intP_val_27_alloc_table, result) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(int_P_val_27_alloc_table, result))) -> - forall int_P_int_M_val_27_0:(int_P, + (integer_of_uint32(i_0_0) <= offset_max(intP_val_27_alloc_table, result))) -> + forall intP_intM_val_27_0:(intP, int32) memory. - (int_P_int_M_val_27_0 = store(int_P_int_M_val_27, shift(result, + (intP_intM_val_27_0 = store(intP_intM_val_27, shift(result, integer_of_uint32(i_0_0)), v)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result0) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_idx_28, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_idx_28, shift(result0, integer_of_uint32(i_0_0)))) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -18487,31 +18311,31 @@ (result3 = select(SparseArray_n_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_idx_28_alloc_table, + ((offset_min(unsigned_intP_idx_28_alloc_table, result4) <= integer_of_uint32(i_0_0)) and - (integer_of_uint32(i_0_0) <= offset_max(unsigned_int_P_idx_28_alloc_table, + (integer_of_uint32(i_0_0) <= offset_max(unsigned_intP_idx_28_alloc_table, result4))) -> - forall unsigned_int_P_unsigned_int_M_idx_28_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_idx_28_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_idx_28_0 = store(unsigned_int_P_unsigned_int_M_idx_28, + (unsigned_intP_unsigned_intM_idx_28_0 = store(unsigned_intP_unsigned_intM_idx_28, shift(result4, integer_of_uint32(i_0_0)), result3)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_7, a_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_7, a_0_0)) -> - ((offset_min(unsigned_int_P_back_29_alloc_table, + ((offset_min(unsigned_intP_back_29_alloc_table, result5) <= integer_of_uint32(result6)) and - (integer_of_uint32(result6) <= offset_max(unsigned_int_P_back_29_alloc_table, + (integer_of_uint32(result6) <= offset_max(unsigned_intP_back_29_alloc_table, result5))) -> - forall unsigned_int_P_unsigned_int_M_back_29_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_back_29_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_back_29_0 = store(unsigned_int_P_unsigned_int_M_back_29, + (unsigned_intP_unsigned_intM_back_29_0 = store(unsigned_intP_unsigned_intM_back_29, shift(result5, integer_of_uint32(result6)), i_0_0)) -> ((offset_min(SparseArray_a_0_7_alloc_table, a_0_0) <= 0) and (0 <= offset_max(SparseArray_a_0_7_alloc_table, a_0_0))) -> @@ -18522,10 +18346,10 @@ ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/sparse_array2_why.why : #..#####....###.#.....#.##..##..##..##.....................##..#.#######.#######..#.#..........#.....# (62/0/0/40/0) +why/sparse_array2_why.why : ...#####....................##.................................#.??.####.??.####...................... (82/0/4/16/0) total : 102 -valid : 62 ( 61%) +valid : 82 ( 80%) invalid : 0 ( 0%) -unknown : 0 ( 0%) -timeout : 40 ( 39%) +unknown : 4 ( 4%) +timeout : 16 ( 16%) failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/sparse_array.res.oracle why-2.30+dfsg/tests/c/oracle/sparse_array.res.oracle --- why-2.29+dfsg/tests/c/oracle/sparse_array.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/sparse_array.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/c/sparse_array.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ typedef unsigned int uint; @@ -56,10 +86,18 @@ + +/* +Local Variables: +compile-command: "make sparse_array.why3ml" +End: +*/ + + ========== frama-c -jessie execution ========== [kernel] preprocessing with "gcc -C -E -I. -dD tests/c/sparse_array.c" [jessie] Starting Jessie translation -[kernel] No code for function malloc, default assigns generated +[kernel] warning: No code for function malloc, default assigns generated for default behavior [jessie] Producing Jessie files in subdir tests/c/sparse_array.jessie [jessie] File tests/c/sparse_array.jessie/sparse_array.jc written. [jessie] File tests/c/sparse_array.jessie/sparse_array.cloc written. @@ -82,33 +120,33 @@ type int8 = -128..127 -tag unsigned_int_P = { - uint32 unsigned_int_M: 32; +tag unsigned_intP = { + uint32 unsigned_intM: 32; } -type unsigned_int_P = [unsigned_int_P] +type unsigned_intP = [unsigned_intP] -tag int_P = { - int32 int_M: 32; +tag intP = { + int32 intM: 32; } -type int_P = [int_P] +type intP = [intP] -tag char_P = { - int8 char_M: 8; +tag charP = { + int8 charM: 8; } -type char_P = [char_P] +type charP = [charP] -tag void_P = { +tag voidP = { } -type void_P = [void_P] +type voidP = [voidP] tag SparseArray = { - int_P[0..999] val: 32000; - unsigned_int_P[0..999] idx: 32000; - unsigned_int_P[0..999] back: 32000; + intP[0..999] val: 32000; + unsigned_intP[0..999] idx: 32000; + unsigned_intP[0..999] back: 32000; uint32 n: 32; uint32 sz_0: 32; } @@ -138,11 +176,11 @@ { (var int32 __retres); - { (if ((C_20 : ((C_19 : a.idx) + i).unsigned_int_M) < (C_18 : a.n)) then + { (if ((C_20 : ((C_19 : a.idx) + i).unsigned_intM) < (C_18 : a.n)) then (if ((C_17 : ((C_16 : a.back) + - (C_15 : ((C_14 : a.idx) + i).unsigned_int_M)).unsigned_int_M) == + (C_15 : ((C_14 : a.idx) + i).unsigned_intM)).unsigned_intM) == i) then - { (C_13 : (__retres = (C_12 : ((C_11 : a.val) + i).int_M))); + { (C_13 : (__retres = (C_12 : ((C_11 : a.val) + i).intM))); (goto return_label) } else @@ -165,10 +203,10 @@ behavior default: ensures (C_49 : true); { - { (C_27 : ((C_26 : ((C_25 : a_0.val) + i_0).int_M) = v)); - (if ((C_34 : ((C_33 : a_0.idx) + i_0).unsigned_int_M) < (C_32 : a_0.n)) then + { (C_27 : ((C_26 : ((C_25 : a_0.val) + i_0).intM) = v)); + (if ((C_34 : ((C_33 : a_0.idx) + i_0).unsigned_intM) < (C_32 : a_0.n)) then (if ((C_31 : ((C_30 : a_0.back) + - (C_29 : ((C_28 : a_0.idx) + i_0).unsigned_int_M)).unsigned_int_M) == + (C_29 : ((C_28 : a_0.idx) + i_0).unsigned_intM)).unsigned_intM) == i_0) then () else (goto _LAND)) else (goto _LAND)); @@ -180,9 +218,8 @@ (assert for default: (C_35 : (a_0.n < 1000))); () }; - (C_39 : ((C_38 : ((C_37 : a_0.idx) + i_0).unsigned_int_M) = - (C_36 : a_0.n))); - (C_43 : ((C_42 : ((C_41 : a_0.back) + (C_40 : a_0.n)).unsigned_int_M) = i_0)); + (C_39 : ((C_38 : ((C_37 : a_0.idx) + i_0).unsigned_intM) = (C_36 : a_0.n))); + (C_43 : ((C_42 : ((C_41 : a_0.back) + (C_40 : a_0.n)).unsigned_intM) = i_0)); (C_48 : ((C_47 : a_0.n) = (C_46 : ((C_45 : ((C_44 : a_0.n) + 1)) :> uint32)))) }); (_LAND_0 : ()); @@ -241,255 +278,255 @@ ========== file tests/c/sparse_array.jessie/sparse_array.cloc ========== [C_50] file = "HOME/tests/c/sparse_array.c" -line = 30 +line = 60 begin = 13 end = 22 [C_51] file = "HOME/tests/c/sparse_array.c" -line = 30 +line = 60 begin = 13 end = 22 [C_52] file = "HOME/tests/c/sparse_array.c" -line = 30 +line = 60 begin = 13 end = 22 [C_53] file = "HOME/tests/c/sparse_array.c" -line = 43 +line = 73 begin = 19 end = 29 [C_54] file = "HOME/tests/c/sparse_array.c" -line = 43 +line = 73 begin = 19 end = 29 [C_55] file = "HOME/tests/c/sparse_array.c" -line = 43 +line = 73 begin = 35 end = 45 [C_56] file = "HOME/tests/c/sparse_array.c" -line = 43 +line = 73 begin = 35 end = 45 [C_57] file = "HOME/tests/c/sparse_array.c" -line = 45 +line = 75 begin = 6 end = 14 [C_58] file = "HOME/tests/c/sparse_array.c" -line = 45 +line = 75 begin = 6 end = 14 [C_59] file = "HOME/tests/c/sparse_array.c" -line = 45 +line = 75 begin = 20 end = 28 [main] name = "Function main" file = "HOME/tests/c/sparse_array.c" -line = 42 +line = 72 begin = 4 end = 8 [C_60] file = "HOME/tests/c/sparse_array.c" -line = 45 +line = 75 begin = 20 end = 28 [C_61] file = "HOME/tests/c/sparse_array.c" -line = 46 +line = 76 begin = 13 end = 29 [C_62] file = "HOME/tests/c/sparse_array.c" -line = 46 +line = 76 begin = 13 end = 19 [get] name = "Function get" file = "HOME/tests/c/sparse_array.c" -line = 25 +line = 55 begin = 4 end = 7 [C_10] file = "HOME/tests/c/sparse_array.c" -line = 27 +line = 57 begin = 7 end = 16 [C_63] file = "HOME/tests/c/sparse_array.c" -line = 46 +line = 76 begin = 23 end = 29 [C_11] file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 59 end = 68 [C_64] file = "HOME/tests/c/sparse_array.c" -line = 47 +line = 77 begin = 2 end = 12 [C_12] file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 59 end = 68 [C_65] file = "HOME/tests/c/sparse_array.c" -line = 47 +line = 77 begin = 14 end = 24 [C_13] file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 52 end = 69 [C_66] file = "HOME/tests/c/sparse_array.c" -line = 48 +line = 78 begin = 6 end = 14 [C_14] file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 35 end = 44 [C_67] file = "HOME/tests/c/sparse_array.c" -line = 48 +line = 78 begin = 6 end = 14 [C_15] file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 35 end = 44 [C_68] file = "HOME/tests/c/sparse_array.c" -line = 48 +line = 78 begin = 20 end = 28 [C_16] file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 26 end = 45 [C_69] file = "HOME/tests/c/sparse_array.c" -line = 48 +line = 78 begin = 20 end = 28 [C_17] file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 26 end = 45 [C_18] file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 18 end = 22 [C_19] file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 6 end = 15 [C_1] file = "HOME/tests/c/sparse_array.c" -line = 17 +line = 47 begin = 33 end = 67 [C_2] file = "HOME/tests/c/sparse_array.c" -line = 17 +line = 47 begin = 33 end = 67 [C_70] file = "HOME/tests/c/sparse_array.c" -line = 49 +line = 79 begin = 13 end = 29 [C_3] file = "HOME/tests/c/sparse_array.c" -line = 18 +line = 48 begin = 9 end = 10 [C_71] file = "HOME/tests/c/sparse_array.c" -line = 49 +line = 79 begin = 13 end = 19 [C_4] file = "HOME/tests/c/sparse_array.c" -line = 18 +line = 48 begin = 9 end = 10 [C_72] file = "HOME/tests/c/sparse_array.c" -line = 49 +line = 79 begin = 23 end = 29 [C_20] file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 6 end = 15 [C_5] file = "HOME/tests/c/sparse_array.c" -line = 19 +line = 49 begin = 10 end = 12 [C_73] file = "HOME/tests/c/sparse_array.c" -line = 50 +line = 80 begin = 6 end = 14 @@ -501,19 +538,19 @@ [C_6] file = "HOME/tests/c/sparse_array.c" -line = 19 +line = 49 begin = 10 end = 12 [C_74] file = "HOME/tests/c/sparse_array.c" -line = 50 +line = 80 begin = 6 end = 14 [C_22] file = "HOME/tests/c/sparse_array.c" -line = 23 +line = 53 begin = 13 end = 22 @@ -525,91 +562,91 @@ [C_75] file = "HOME/tests/c/sparse_array.c" -line = 50 +line = 80 begin = 20 end = 28 [C_23] file = "HOME/tests/c/sparse_array.c" -line = 23 +line = 53 begin = 13 end = 22 [C_8] file = "HOME/tests/c/sparse_array.c" -line = 13 +line = 43 begin = 13 end = 23 [C_76] file = "HOME/tests/c/sparse_array.c" -line = 50 +line = 80 begin = 20 end = 28 [C_24] file = "HOME/tests/c/sparse_array.c" -line = 23 +line = 53 begin = 13 end = 22 [C_9] file = "HOME/tests/c/sparse_array.c" -line = 27 +line = 57 begin = 7 end = 16 [C_77] file = "HOME/tests/c/sparse_array.c" -line = 51 +line = 81 begin = 13 end = 29 [C_25] file = "HOME/tests/c/sparse_array.c" -line = 33 +line = 63 begin = 14 end = 15 [C_78] file = "HOME/tests/c/sparse_array.c" -line = 51 +line = 81 begin = 13 end = 19 [C_26] file = "HOME/tests/c/sparse_array.c" -line = 33 +line = 63 begin = 14 end = 15 [C_79] file = "HOME/tests/c/sparse_array.c" -line = 51 +line = 81 begin = 23 end = 29 [C_27] file = "HOME/tests/c/sparse_array.c" -line = 33 +line = 63 begin = 14 end = 15 [C_28] file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 37 end = 46 [C_29] file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 37 end = 46 [C_80] file = "HOME/tests/c/sparse_array.c" -line = 52 +line = 82 begin = 2 end = 11 @@ -621,129 +658,129 @@ [C_30] file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 28 end = 47 [C_31] file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 28 end = 47 [C_32] file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 20 end = 24 [C_33] file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 8 end = 17 [C_34] file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 8 end = 17 [C_35] file = "HOME/tests/c/sparse_array.c" -line = 35 +line = 65 begin = 15 end = 26 [C_36] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 16 end = 20 [C_37] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 16 end = 20 [C_38] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 16 end = 20 [C_39] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 16 end = 20 [C_40] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 30 end = 34 [C_41] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 38 end = 39 [C_42] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 38 end = 39 [C_43] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 38 end = 39 [C_44] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 41 end = 45 [C_45] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 41 end = 47 [C_46] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 41 end = 47 [create] name = "Function create" file = "HOME/tests/c/sparse_array.c" -line = 16 +line = 46 begin = 13 end = 19 [set] name = "Function set" file = "HOME/tests/c/sparse_array.c" -line = 32 +line = 62 begin = 5 end = 8 [C_47] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 41 end = 47 [C_48] file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 41 end = 47 @@ -773,10 +810,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs sparse_array.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/sparse_array_why.sx @@ -837,6 +875,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/sparse_array_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/sparse_array_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -909,6 +954,9 @@ why3ide: why/sparse_array_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: sparse_array.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include sparse_array.depend depend: coq/sparse_array_why.v @@ -920,40 +968,40 @@ ========== file tests/c/sparse_array.jessie/sparse_array.loc ========== [JC_90] file = "HOME/tests/c/sparse_array.c" -line = 51 +line = 81 begin = 13 end = 19 [main_ensures_default] name = "Function main" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/sparse_array.c" -line = 42 +line = 72 begin = 4 end = 8 [JC_91] file = "HOME/tests/c/sparse_array.c" -line = 51 +line = 81 begin = 23 end = 29 [JC_92] file = "HOME/tests/c/sparse_array.c" -line = 51 +line = 81 begin = 13 end = 29 [JC_40] file = "HOME/tests/c/sparse_array.c" -line = 30 +line = 60 begin = 13 end = 22 [JC_93] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 43 +line = 73 begin = 19 end = 29 @@ -966,7 +1014,7 @@ [JC_94] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 43 +line = 73 begin = 35 end = 45 @@ -979,7 +1027,7 @@ [JC_95] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 45 +line = 75 begin = 6 end = 14 @@ -992,7 +1040,7 @@ [JC_96] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 45 +line = 75 begin = 20 end = 28 @@ -1004,7 +1052,7 @@ [JC_97] file = "HOME/tests/c/sparse_array.c" -line = 46 +line = 76 begin = 13 end = 19 @@ -1016,33 +1064,33 @@ [JC_98] file = "HOME/tests/c/sparse_array.c" -line = 46 +line = 76 begin = 23 end = 29 [JC_46] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 33 +line = 63 begin = 14 end = 15 [JC_1] file = "HOME/tests/c/sparse_array.c" -line = 13 +line = 43 begin = 13 end = 23 [JC_100] kind = UserCall file = "HOME/tests/c/sparse_array.jessie/sparse_array.jc" -line = 152 +line = 151 begin = 14 end = 28 [JC_99] file = "HOME/tests/c/sparse_array.c" -line = 46 +line = 76 begin = 13 end = 29 @@ -1051,7 +1099,7 @@ file = "HOME/tests/c/sparse_array.jessie/sparse_array.jc" line = 102 begin = 15 -end = 58 +end = 57 [JC_2] file = "HOME/" @@ -1062,34 +1110,34 @@ [JC_101] kind = UserCall file = "HOME/tests/c/sparse_array.jessie/sparse_array.jc" -line = 153 +line = 152 begin = 14 end = 26 [JC_48] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 8 end = 17 [JC_3] file = "HOME/tests/c/sparse_array.c" -line = 13 +line = 43 begin = 13 end = 23 [JC_102] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 48 +line = 78 begin = 6 end = 14 [JC_49] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 8 end = 17 @@ -1097,7 +1145,7 @@ name = "Function get" behavior = "Safety" file = "HOME/tests/c/sparse_array.c" -line = 25 +line = 55 begin = 4 end = 7 @@ -1110,7 +1158,7 @@ [JC_103] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 48 +line = 78 begin = 20 end = 28 @@ -1122,7 +1170,7 @@ [JC_104] file = "HOME/tests/c/sparse_array.c" -line = 49 +line = 79 begin = 13 end = 19 @@ -1134,7 +1182,7 @@ [JC_105] file = "HOME/tests/c/sparse_array.c" -line = 49 +line = 79 begin = 23 end = 29 @@ -1146,7 +1194,7 @@ [JC_106] file = "HOME/tests/c/sparse_array.c" -line = 49 +line = 79 begin = 13 end = 29 @@ -1159,76 +1207,76 @@ [JC_107] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 50 +line = 80 begin = 6 end = 14 [JC_9] kind = AllocSize file = "HOME/tests/c/sparse_array.c" -line = 17 +line = 47 begin = 33 end = 67 [JC_108] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 50 +line = 80 begin = 20 end = 28 [JC_109] file = "HOME/tests/c/sparse_array.c" -line = 51 +line = 81 begin = 13 end = 19 [JC_50] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 20 end = 24 [JC_51] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 37 end = 46 [JC_52] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 37 end = 46 [JC_53] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 28 end = 47 [JC_54] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 34 +line = 64 begin = 28 end = 47 [JC_55] file = "HOME/tests/c/sparse_array.c" -line = 35 +line = 65 begin = 15 end = 26 [create_ensures_default] name = "Function create" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/sparse_array.c" -line = 16 +line = 46 begin = 13 end = 19 @@ -1236,33 +1284,33 @@ name = "Function set" behavior = "Safety" file = "HOME/tests/c/sparse_array.c" -line = 32 +line = 62 begin = 5 end = 8 [JC_56] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 16 end = 20 [JC_110] file = "HOME/tests/c/sparse_array.c" -line = 51 +line = 81 begin = 23 end = 29 [JC_57] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 16 end = 20 [JC_111] file = "HOME/tests/c/sparse_array.c" -line = 51 +line = 81 begin = 13 end = 29 @@ -1271,33 +1319,33 @@ file = "HOME/tests/c/sparse_array.jessie/sparse_array.jc" line = 117 begin = 18 -end = 93 +end = 82 [JC_59] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 38 end = 39 [JC_60] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 30 end = 34 [JC_61] kind = PointerDeref file = "HOME/tests/c/sparse_array.jessie/sparse_array.jc" -line = 119 +line = 118 begin = 18 -end = 84 +end = 83 [JC_62] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 41 end = 45 @@ -1311,7 +1359,7 @@ [JC_63] kind = ArithOverflow file = "HOME/tests/c/sparse_array.c" -line = 36 +line = 66 begin = 41 end = 47 @@ -1325,38 +1373,38 @@ [JC_64] kind = PointerDeref file = "HOME/tests/c/sparse_array.jessie/sparse_array.jc" -line = 120 +line = 119 begin = 18 end = 85 [JC_12] kind = AllocSize file = "HOME/tests/c/sparse_array.c" -line = 17 +line = 47 begin = 33 end = 67 [JC_65] file = "HOME/tests/c/sparse_array.c" -line = 35 +line = 65 begin = 15 end = 26 [JC_13] file = "HOME/tests/c/sparse_array.c" -line = 23 +line = 53 begin = 13 end = 22 [JC_66] file = "HOME/tests/c/sparse_array.c" -line = 42 +line = 72 begin = 4 end = 8 [JC_14] file = "HOME/tests/c/sparse_array.c" -line = 23 +line = 53 begin = 13 end = 22 @@ -1368,13 +1416,13 @@ [JC_15] file = "HOME/tests/c/sparse_array.c" -line = 23 +line = 53 begin = 13 end = 22 [JC_68] file = "HOME/tests/c/sparse_array.c" -line = 42 +line = 72 begin = 4 end = 8 @@ -1392,19 +1440,19 @@ [JC_17] file = "HOME/tests/c/sparse_array.c" -line = 23 +line = 53 begin = 13 end = 22 [JC_18] file = "HOME/tests/c/sparse_array.c" -line = 23 +line = 53 begin = 13 end = 22 [JC_19] file = "HOME/tests/c/sparse_array.c" -line = 23 +line = 53 begin = 13 end = 22 @@ -1436,7 +1484,7 @@ name = "Function create" behavior = "Safety" file = "HOME/tests/c/sparse_array.c" -line = 16 +line = 46 begin = 13 end = 19 @@ -1455,7 +1503,7 @@ [JC_74] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 43 +line = 73 begin = 19 end = 29 @@ -1468,7 +1516,7 @@ [JC_75] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 43 +line = 73 begin = 35 end = 45 @@ -1481,7 +1529,7 @@ [JC_76] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 45 +line = 75 begin = 6 end = 14 @@ -1494,150 +1542,150 @@ [JC_77] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 45 +line = 75 begin = 20 end = 28 [JC_25] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 6 end = 15 [JC_78] file = "HOME/tests/c/sparse_array.c" -line = 46 +line = 76 begin = 13 end = 19 [JC_26] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 6 end = 15 [JC_79] file = "HOME/tests/c/sparse_array.c" -line = 46 +line = 76 begin = 23 end = 29 [JC_27] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 18 end = 22 [JC_28] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 35 end = 44 [JC_29] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 35 end = 44 [set_ensures_default] name = "Function set" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/sparse_array.c" -line = 32 +line = 62 begin = 5 end = 8 [JC_80] file = "HOME/tests/c/sparse_array.c" -line = 46 +line = 76 begin = 13 end = 29 [JC_81] kind = UserCall file = "HOME/tests/c/sparse_array.jessie/sparse_array.jc" -line = 152 +line = 151 begin = 14 end = 28 [JC_82] kind = UserCall file = "HOME/tests/c/sparse_array.jessie/sparse_array.jc" -line = 153 +line = 152 begin = 14 end = 26 [JC_30] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 26 end = 45 [JC_83] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 48 +line = 78 begin = 6 end = 14 [JC_31] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 26 end = 45 [JC_84] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 48 +line = 78 begin = 20 end = 28 [JC_32] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 59 end = 68 [JC_85] file = "HOME/tests/c/sparse_array.c" -line = 49 +line = 79 begin = 13 end = 19 [JC_33] kind = PointerDeref file = "HOME/tests/c/sparse_array.c" -line = 26 +line = 56 begin = 59 end = 68 [JC_86] file = "HOME/tests/c/sparse_array.c" -line = 49 +line = 79 begin = 23 end = 29 [JC_34] file = "HOME/tests/c/sparse_array.c" -line = 30 +line = 60 begin = 13 end = 22 [get_ensures_default] name = "Function get" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/sparse_array.c" -line = 25 +line = 55 begin = 4 end = 7 @@ -1645,39 +1693,39 @@ name = "Function main" behavior = "Safety" file = "HOME/tests/c/sparse_array.c" -line = 42 +line = 72 begin = 4 end = 8 [JC_87] file = "HOME/tests/c/sparse_array.c" -line = 49 +line = 79 begin = 13 end = 29 [JC_35] file = "HOME/tests/c/sparse_array.c" -line = 30 +line = 60 begin = 13 end = 22 [JC_88] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 50 +line = 80 begin = 6 end = 14 [JC_36] file = "HOME/tests/c/sparse_array.c" -line = 30 +line = 60 begin = 13 end = 22 [JC_89] kind = UserCall file = "HOME/tests/c/sparse_array.c" -line = 50 +line = 80 begin = 20 end = 28 @@ -1689,44 +1737,34 @@ [JC_38] file = "HOME/tests/c/sparse_array.c" -line = 30 +line = 60 begin = 13 end = 22 [JC_39] file = "HOME/tests/c/sparse_array.c" -line = 30 +line = 60 begin = 13 end = 22 ========== file tests/c/sparse_array.jessie/why/sparse_array.why ========== type SparseArray -type char_P +type charP type int32 type int8 -type int_P +type intP type padding type uint32 -type unsigned_int_P - -type void_P - -exception Goto__LAND_0_exc of unit - -exception Goto__LAND_exc of unit - -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit +type unsigned_intP -exception Return_label_exc of unit +type voidP logic SparseArray_tag: -> SparseArray tag_id @@ -1745,22 +1783,21 @@ (forall SparseArray_tag_table:SparseArray tag_table. instanceof(SparseArray_tag_table, x, SparseArray_tag))) -logic char_P_tag: -> char_P tag_id +logic charP_tag: -> charP tag_id -axiom char_P_int : (int_of_tag(char_P_tag) = (1)) +axiom charP_int : (int_of_tag(charP_tag) = (1)) -logic char_P_of_pointer_address: unit pointer -> char_P pointer +logic charP_of_pointer_address: unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr : - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom : parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) -axiom char_P_tags : - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. - instanceof(char_P_tag_table, x, char_P_tag))) +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) logic integer_of_int32: int32 -> int @@ -1784,6 +1821,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -1796,170 +1838,173 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_int8(int8_of_integer(x)), x))) +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + axiom int8_range : (forall x:int8. (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) -logic int_P_tag: -> int_P tag_id +logic intP_tag: -> intP tag_id -axiom int_P_int : (int_of_tag(int_P_tag) = (1)) +axiom intP_int : (int_of_tag(intP_tag) = (1)) -logic int_P_of_pointer_address: unit pointer -> int_P pointer +logic intP_of_pointer_address: unit pointer -> intP pointer -axiom int_P_of_pointer_address_of_pointer_addr : - (forall p:int_P pointer. (p = int_P_of_pointer_address(pointer_address(p)))) +axiom intP_of_pointer_address_of_pointer_addr : + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) -axiom int_P_parenttag_bottom : parenttag(int_P_tag, bottom_tag) +axiom intP_parenttag_bottom : parenttag(intP_tag, bottom_tag) -axiom int_P_tags : - (forall x:int_P pointer. - (forall int_P_tag_table:int_P tag_table. - instanceof(int_P_tag_table, x, int_P_tag))) +axiom intP_tags : + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. + instanceof(intP_tag_table, x, intP_tag))) -predicate left_valid_struct_int_P(p:int_P pointer, a:int, - int_P_alloc_table:int_P alloc_table) = - (offset_min(int_P_alloc_table, p) <= a) +predicate left_valid_struct_intP(p:intP pointer, a:int, + intP_alloc_table:intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) -predicate left_valid_struct_unsigned_int_P(p:unsigned_int_P pointer, a:int, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - (offset_min(unsigned_int_P_alloc_table, p) <= a) +predicate left_valid_struct_unsigned_intP(p:unsigned_intP pointer, a:int, + unsigned_intP_alloc_table:unsigned_intP alloc_table) = + (offset_min(unsigned_intP_alloc_table, p) <= a) predicate left_valid_struct_SparseArray(p:SparseArray pointer, a:int, SparseArray_alloc_table:SparseArray alloc_table, - int_P_alloc_table:int_P alloc_table, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table, - SparseArray_back:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_val:(SparseArray, int_P pointer) memory) = + intP_alloc_table:intP alloc_table, + unsigned_intP_alloc_table:unsigned_intP alloc_table, + SparseArray_back:(SparseArray, unsigned_intP pointer) memory, + SparseArray_idx:(SparseArray, unsigned_intP pointer) memory, + SparseArray_val:(SparseArray, intP pointer) memory) = ((offset_min(SparseArray_alloc_table, p) <= a) - and (left_valid_struct_int_P(select(SparseArray_val, p), (0), - int_P_alloc_table) - and (left_valid_struct_unsigned_int_P(select(SparseArray_idx, p), (0), - unsigned_int_P_alloc_table) - and left_valid_struct_unsigned_int_P(select(SparseArray_back, p), - (0), unsigned_int_P_alloc_table)))) - -predicate left_valid_struct_char_P(p:char_P pointer, a:int, - char_P_alloc_table:char_P alloc_table) = - (offset_min(char_P_alloc_table, p) <= a) - -predicate left_valid_struct_void_P(p:void_P pointer, a:int, - void_P_alloc_table:void_P alloc_table) = - (offset_min(void_P_alloc_table, p) <= a) + and (left_valid_struct_intP(select(SparseArray_val, p), (0), + intP_alloc_table) + and (left_valid_struct_unsigned_intP(select(SparseArray_idx, p), (0), + unsigned_intP_alloc_table) + and left_valid_struct_unsigned_intP(select(SparseArray_back, p), + (0), unsigned_intP_alloc_table)))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) axiom pointer_addr_of_SparseArray_of_pointer_address : (forall p:unit pointer. (p = pointer_address(SparseArray_of_pointer_address(p)))) -axiom pointer_addr_of_char_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(char_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) -axiom pointer_addr_of_int_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(int_P_of_pointer_address(p)))) +axiom pointer_addr_of_intP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) -logic unsigned_int_P_of_pointer_address: unit pointer -> unsigned_int_P pointer +logic unsigned_intP_of_pointer_address: unit pointer -> unsigned_intP pointer -axiom pointer_addr_of_unsigned_int_P_of_pointer_address : +axiom pointer_addr_of_unsigned_intP_of_pointer_address : (forall p:unit pointer. - (p = pointer_address(unsigned_int_P_of_pointer_address(p)))) + (p = pointer_address(unsigned_intP_of_pointer_address(p)))) -logic void_P_of_pointer_address: unit pointer -> void_P pointer +logic voidP_of_pointer_address: unit pointer -> voidP pointer -axiom pointer_addr_of_void_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) -predicate right_valid_struct_int_P(p:int_P pointer, b:int, - int_P_alloc_table:int_P alloc_table) = - (offset_max(int_P_alloc_table, p) >= b) +predicate right_valid_struct_intP(p:intP pointer, b:int, + intP_alloc_table:intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) -predicate right_valid_struct_unsigned_int_P(p:unsigned_int_P pointer, b:int, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - (offset_max(unsigned_int_P_alloc_table, p) >= b) +predicate right_valid_struct_unsigned_intP(p:unsigned_intP pointer, b:int, + unsigned_intP_alloc_table:unsigned_intP alloc_table) = + (offset_max(unsigned_intP_alloc_table, p) >= b) predicate right_valid_struct_SparseArray(p:SparseArray pointer, b:int, SparseArray_alloc_table:SparseArray alloc_table, - int_P_alloc_table:int_P alloc_table, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table, - SparseArray_back:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_val:(SparseArray, int_P pointer) memory) = + intP_alloc_table:intP alloc_table, + unsigned_intP_alloc_table:unsigned_intP alloc_table, + SparseArray_back:(SparseArray, unsigned_intP pointer) memory, + SparseArray_idx:(SparseArray, unsigned_intP pointer) memory, + SparseArray_val:(SparseArray, intP pointer) memory) = ((offset_max(SparseArray_alloc_table, p) >= b) - and (right_valid_struct_int_P(select(SparseArray_val, p), (999), - int_P_alloc_table) - and (right_valid_struct_unsigned_int_P(select(SparseArray_idx, p), - (999), unsigned_int_P_alloc_table) - and right_valid_struct_unsigned_int_P(select(SparseArray_back, p), - (999), unsigned_int_P_alloc_table)))) - -predicate right_valid_struct_char_P(p:char_P pointer, b:int, - char_P_alloc_table:char_P alloc_table) = - (offset_max(char_P_alloc_table, p) >= b) - -predicate right_valid_struct_void_P(p:void_P pointer, b:int, - void_P_alloc_table:void_P alloc_table) = - (offset_max(void_P_alloc_table, p) >= b) + and (right_valid_struct_intP(select(SparseArray_val, p), (999), + intP_alloc_table) + and (right_valid_struct_unsigned_intP(select(SparseArray_idx, p), (999), + unsigned_intP_alloc_table) + and right_valid_struct_unsigned_intP(select(SparseArray_back, p), + (999), unsigned_intP_alloc_table)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) predicate strict_valid_root_SparseArray(p:SparseArray pointer, a:int, b:int, SparseArray_alloc_table:SparseArray alloc_table) = ((offset_min(SparseArray_alloc_table, p) = a) and (offset_max(SparseArray_alloc_table, p) = b)) -predicate strict_valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) - and (offset_max(int_P_alloc_table, p) = b)) - -predicate strict_valid_root_unsigned_int_P(p:unsigned_int_P pointer, a:int, - b:int, unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) = a) - and (offset_max(unsigned_int_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) - and (offset_max(int_P_alloc_table, p) = b)) - -predicate strict_valid_struct_unsigned_int_P(p:unsigned_int_P pointer, a:int, - b:int, unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) = a) - and (offset_max(unsigned_int_P_alloc_table, p) = b)) +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_root_unsigned_intP(p:unsigned_intP pointer, a:int, + b:int, unsigned_intP_alloc_table:unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) = a) + and (offset_max(unsigned_intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) + and (offset_max(intP_alloc_table, p) = b)) + +predicate strict_valid_struct_unsigned_intP(p:unsigned_intP pointer, a:int, + b:int, unsigned_intP_alloc_table:unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) = a) + and (offset_max(unsigned_intP_alloc_table, p) = b)) predicate strict_valid_struct_SparseArray(p:SparseArray pointer, a:int, b:int, SparseArray_alloc_table:SparseArray alloc_table, - int_P_alloc_table:int_P alloc_table, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table, - SparseArray_back:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_val:(SparseArray, int_P pointer) memory) = + intP_alloc_table:intP alloc_table, + unsigned_intP_alloc_table:unsigned_intP alloc_table, + SparseArray_back:(SparseArray, unsigned_intP pointer) memory, + SparseArray_idx:(SparseArray, unsigned_intP pointer) memory, + SparseArray_val:(SparseArray, intP pointer) memory) = ((offset_min(SparseArray_alloc_table, p) = a) and ((offset_max(SparseArray_alloc_table, p) = b) - and (strict_valid_struct_int_P(select(SparseArray_val, p), (0), (999), - int_P_alloc_table) - and (strict_valid_struct_unsigned_int_P(select(SparseArray_idx, p), - (0), (999), unsigned_int_P_alloc_table) - and strict_valid_struct_unsigned_int_P(select(SparseArray_back, - p), - (0), (999), unsigned_int_P_alloc_table))))) - -predicate strict_valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) + and (strict_valid_struct_intP(select(SparseArray_val, p), (0), (999), + intP_alloc_table) + and (strict_valid_struct_unsigned_intP(select(SparseArray_idx, p), + (0), (999), unsigned_intP_alloc_table) + and strict_valid_struct_unsigned_intP(select(SparseArray_back, + p), + (0), (999), unsigned_intP_alloc_table))))) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) logic uint32_of_integer: int -> uint32 @@ -1968,240 +2013,139 @@ ((le_int((0), x) and le_int(x, (4294967295))) -> eq_int(integer_of_uint32(uint32_of_integer(x)), x))) +axiom uint32_extensionality : + (forall x:uint32. + (forall y:uint32. + (eq_int(integer_of_uint32(x), integer_of_uint32(y)) -> (x = y)))) + axiom uint32_range : (forall x:uint32. (le_int((0), integer_of_uint32(x)) and le_int(integer_of_uint32(x), (4294967295)))) -logic unsigned_int_P_tag: -> unsigned_int_P tag_id +logic unsigned_intP_tag: -> unsigned_intP tag_id + +axiom unsigned_intP_int : (int_of_tag(unsigned_intP_tag) = (1)) -axiom unsigned_int_P_int : (int_of_tag(unsigned_int_P_tag) = (1)) +axiom unsigned_intP_of_pointer_address_of_pointer_addr : + (forall p:unsigned_intP pointer. + (p = unsigned_intP_of_pointer_address(pointer_address(p)))) -axiom unsigned_int_P_of_pointer_address_of_pointer_addr : - (forall p:unsigned_int_P pointer. - (p = unsigned_int_P_of_pointer_address(pointer_address(p)))) - -axiom unsigned_int_P_parenttag_bottom : - parenttag(unsigned_int_P_tag, bottom_tag) - -axiom unsigned_int_P_tags : - (forall x:unsigned_int_P pointer. - (forall unsigned_int_P_tag_table:unsigned_int_P tag_table. - instanceof(unsigned_int_P_tag_table, x, unsigned_int_P_tag))) - -predicate valid_bitvector_struct_SparseArray(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_int_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_unsigned_int_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) +axiom unsigned_intP_parenttag_bottom : + parenttag(unsigned_intP_tag, bottom_tag) + +axiom unsigned_intP_tags : + (forall x:unsigned_intP pointer. + (forall unsigned_intP_tag_table:unsigned_intP tag_table. + instanceof(unsigned_intP_tag_table, x, unsigned_intP_tag))) predicate valid_root_SparseArray(p:SparseArray pointer, a:int, b:int, SparseArray_alloc_table:SparseArray alloc_table) = ((offset_min(SparseArray_alloc_table, p) <= a) and (offset_max(SparseArray_alloc_table, p) >= b)) -predicate valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) - and (offset_max(int_P_alloc_table, p) >= b)) - -predicate valid_root_unsigned_int_P(p:unsigned_int_P pointer, a:int, b:int, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) <= a) - and (offset_max(unsigned_int_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_int_P(p:int_P pointer, a:int, b:int, - int_P_alloc_table:int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) - and (offset_max(int_P_alloc_table, p) >= b)) - -predicate valid_struct_unsigned_int_P(p:unsigned_int_P pointer, a:int, b:int, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) <= a) - and (offset_max(unsigned_int_P_alloc_table, p) >= b)) +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_root_unsigned_intP(p:unsigned_intP pointer, a:int, b:int, + unsigned_intP_alloc_table:unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) <= a) + and (offset_max(unsigned_intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_intP(p:intP pointer, a:int, b:int, + intP_alloc_table:intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) + and (offset_max(intP_alloc_table, p) >= b)) + +predicate valid_struct_unsigned_intP(p:unsigned_intP pointer, a:int, b:int, + unsigned_intP_alloc_table:unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) <= a) + and (offset_max(unsigned_intP_alloc_table, p) >= b)) predicate valid_struct_SparseArray(p:SparseArray pointer, a:int, b:int, SparseArray_alloc_table:SparseArray alloc_table, - int_P_alloc_table:int_P alloc_table, - unsigned_int_P_alloc_table:unsigned_int_P alloc_table, - SparseArray_back:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx:(SparseArray, unsigned_int_P pointer) memory, - SparseArray_val:(SparseArray, int_P pointer) memory) = + intP_alloc_table:intP alloc_table, + unsigned_intP_alloc_table:unsigned_intP alloc_table, + SparseArray_back:(SparseArray, unsigned_intP pointer) memory, + SparseArray_idx:(SparseArray, unsigned_intP pointer) memory, + SparseArray_val:(SparseArray, intP pointer) memory) = ((offset_min(SparseArray_alloc_table, p) <= a) and ((offset_max(SparseArray_alloc_table, p) >= b) - and (valid_struct_int_P(select(SparseArray_val, p), (0), (999), - int_P_alloc_table) - and (valid_struct_unsigned_int_P(select(SparseArray_idx, p), (0), - (999), unsigned_int_P_alloc_table) - and valid_struct_unsigned_int_P(select(SparseArray_back, p), - (0), (999), unsigned_int_P_alloc_table))))) - -predicate valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag: -> void_P tag_id - -axiom void_P_int : (int_of_tag(void_P_tag) = (1)) - -axiom void_P_of_pointer_address_of_pointer_addr : - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom : parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags : - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. - instanceof(void_P_tag_table, x, void_P_tag))) - -parameter SparseArray_alloc_table : SparseArray alloc_table ref - -parameter SparseArray_tag_table : SparseArray tag_table ref + and (valid_struct_intP(select(SparseArray_val, p), (0), (999), + intP_alloc_table) + and (valid_struct_unsigned_intP(select(SparseArray_idx, p), (0), + (999), unsigned_intP_alloc_table) + and valid_struct_unsigned_intP(select(SparseArray_back, p), (0), + (999), unsigned_intP_alloc_table))))) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) -parameter alloc_bitvector_struct_SparseArray : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_SparseArray(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_SparseArray_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_SparseArray(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_char_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_char_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Goto__LAND_0_exc of unit -parameter alloc_bitvector_struct_int_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Goto__LAND_exc of unit -parameter alloc_bitvector_struct_int_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_unsigned_int_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_unsigned_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_unsigned_int_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_unsigned_int_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_void_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter SparseArray_alloc_table : SparseArray alloc_table ref -parameter alloc_bitvector_struct_void_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter SparseArray_tag_table : SparseArray tag_table ref -parameter int_P_alloc_table : int_P alloc_table ref +parameter intP_alloc_table : intP alloc_table ref -parameter unsigned_int_P_alloc_table : unsigned_int_P alloc_table ref +parameter unsigned_intP_alloc_table : unsigned_intP alloc_table ref parameter alloc_struct_SparseArray : n:int -> SparseArray_alloc_table:SparseArray alloc_table ref -> - int_P_alloc_table:int_P alloc_table ref -> - unsigned_int_P_alloc_table:unsigned_int_P alloc_table ref -> + intP_alloc_table:intP alloc_table ref -> + unsigned_intP_alloc_table:unsigned_intP alloc_table ref -> SparseArray_tag_table:SparseArray tag_table ref -> - SparseArray_back:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_idx:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_val:(SparseArray, int_P pointer) memory -> + SparseArray_back:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_idx:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_val:(SparseArray, intP pointer) memory -> { } SparseArray pointer - writes SparseArray_alloc_table,SparseArray_tag_table,int_P_alloc_table,unsigned_int_P_alloc_table + writes SparseArray_alloc_table,SparseArray_tag_table,intP_alloc_table,unsigned_intP_alloc_table { (strict_valid_struct_SparseArray(result, (0), sub_int(n, (1)), - SparseArray_alloc_table, int_P_alloc_table, - unsigned_int_P_alloc_table, SparseArray_back, SparseArray_idx, + SparseArray_alloc_table, intP_alloc_table, + unsigned_intP_alloc_table, SparseArray_back, SparseArray_idx, SparseArray_val) and (alloc_extends(SparseArray_alloc_table@, SparseArray_alloc_table) @@ -2212,17 +2156,17 @@ parameter alloc_struct_SparseArray_requires : n:int -> SparseArray_alloc_table:SparseArray alloc_table ref -> - int_P_alloc_table:int_P alloc_table ref -> - unsigned_int_P_alloc_table:unsigned_int_P alloc_table ref -> + intP_alloc_table:intP alloc_table ref -> + unsigned_intP_alloc_table:unsigned_intP alloc_table ref -> SparseArray_tag_table:SparseArray tag_table ref -> - SparseArray_back:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_idx:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_val:(SparseArray, int_P pointer) memory -> + SparseArray_back:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_idx:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_val:(SparseArray, intP pointer) memory -> { ge_int(n, (0))} SparseArray pointer - writes SparseArray_alloc_table,SparseArray_tag_table,int_P_alloc_table,unsigned_int_P_alloc_table + writes SparseArray_alloc_table,SparseArray_tag_table,intP_alloc_table,unsigned_intP_alloc_table { (strict_valid_struct_SparseArray(result, (0), sub_int(n, (1)), - SparseArray_alloc_table, int_P_alloc_table, - unsigned_int_P_alloc_table, SparseArray_back, SparseArray_idx, + SparseArray_alloc_table, intP_alloc_table, + unsigned_intP_alloc_table, SparseArray_back, SparseArray_idx, SparseArray_val) and (alloc_extends(SparseArray_alloc_table@, SparseArray_alloc_table) @@ -2230,113 +2174,111 @@ and instanceof(SparseArray_tag_table, result, SparseArray_tag)))) } -parameter char_P_alloc_table : char_P alloc_table ref +parameter charP_alloc_table : charP alloc_table ref -parameter char_P_tag_table : char_P tag_table ref +parameter charP_tag_table : charP tag_table ref -parameter alloc_struct_char_P : +parameter alloc_struct_charP : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { } char_P pointer writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter alloc_struct_char_P_requires : +parameter alloc_struct_charP_requires : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { ge_int(n, (0))} char_P pointer - writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter int_P_tag_table : int_P tag_table ref +parameter intP_tag_table : intP tag_table ref -parameter alloc_struct_int_P : +parameter alloc_struct_intP : n:int -> - int_P_alloc_table:int_P alloc_table ref -> - int_P_tag_table:int_P tag_table ref -> - { } int_P pointer writes int_P_alloc_table,int_P_tag_table - { (strict_valid_struct_int_P(result, (0), sub_int(n, (1)), - int_P_alloc_table) - and (alloc_extends(int_P_alloc_table@, int_P_alloc_table) - and (alloc_fresh(int_P_alloc_table@, result, n) - and instanceof(int_P_tag_table, result, int_P_tag)))) } + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { } intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } -parameter alloc_struct_int_P_requires : +parameter alloc_struct_intP_requires : n:int -> - int_P_alloc_table:int_P alloc_table ref -> - int_P_tag_table:int_P tag_table ref -> - { ge_int(n, (0))} int_P pointer writes int_P_alloc_table,int_P_tag_table - { (strict_valid_struct_int_P(result, (0), sub_int(n, (1)), - int_P_alloc_table) - and (alloc_extends(int_P_alloc_table@, int_P_alloc_table) - and (alloc_fresh(int_P_alloc_table@, result, n) - and instanceof(int_P_tag_table, result, int_P_tag)))) } + intP_alloc_table:intP alloc_table ref -> + intP_tag_table:intP tag_table ref -> + { ge_int(n, (0))} intP pointer writes intP_alloc_table,intP_tag_table + { (strict_valid_struct_intP(result, (0), sub_int(n, (1)), + intP_alloc_table) + and (alloc_extends(intP_alloc_table@, intP_alloc_table) + and (alloc_fresh(intP_alloc_table@, result, n) + and instanceof(intP_tag_table, result, intP_tag)))) } -parameter unsigned_int_P_tag_table : unsigned_int_P tag_table ref +parameter unsigned_intP_tag_table : unsigned_intP tag_table ref -parameter alloc_struct_unsigned_int_P : +parameter alloc_struct_unsigned_intP : n:int -> - unsigned_int_P_alloc_table:unsigned_int_P alloc_table ref -> - unsigned_int_P_tag_table:unsigned_int_P tag_table ref -> - { } unsigned_int_P pointer - writes unsigned_int_P_alloc_table,unsigned_int_P_tag_table - { (strict_valid_struct_unsigned_int_P(result, (0), sub_int(n, (1)), - unsigned_int_P_alloc_table) - and (alloc_extends(unsigned_int_P_alloc_table@, - unsigned_int_P_alloc_table) - and (alloc_fresh(unsigned_int_P_alloc_table@, result, n) - and instanceof(unsigned_int_P_tag_table, result, - unsigned_int_P_tag)))) } + unsigned_intP_alloc_table:unsigned_intP alloc_table ref -> + unsigned_intP_tag_table:unsigned_intP tag_table ref -> + { } unsigned_intP pointer + writes unsigned_intP_alloc_table,unsigned_intP_tag_table + { (strict_valid_struct_unsigned_intP(result, (0), sub_int(n, (1)), + unsigned_intP_alloc_table) + and (alloc_extends(unsigned_intP_alloc_table@, + unsigned_intP_alloc_table) + and (alloc_fresh(unsigned_intP_alloc_table@, result, n) + and instanceof(unsigned_intP_tag_table, result, + unsigned_intP_tag)))) } -parameter alloc_struct_unsigned_int_P_requires : +parameter alloc_struct_unsigned_intP_requires : n:int -> - unsigned_int_P_alloc_table:unsigned_int_P alloc_table ref -> - unsigned_int_P_tag_table:unsigned_int_P tag_table ref -> - { ge_int(n, (0))} unsigned_int_P pointer - writes unsigned_int_P_alloc_table,unsigned_int_P_tag_table - { (strict_valid_struct_unsigned_int_P(result, (0), sub_int(n, (1)), - unsigned_int_P_alloc_table) - and (alloc_extends(unsigned_int_P_alloc_table@, - unsigned_int_P_alloc_table) - and (alloc_fresh(unsigned_int_P_alloc_table@, result, n) - and instanceof(unsigned_int_P_tag_table, result, - unsigned_int_P_tag)))) } + unsigned_intP_alloc_table:unsigned_intP alloc_table ref -> + unsigned_intP_tag_table:unsigned_intP tag_table ref -> + { ge_int(n, (0))} unsigned_intP pointer + writes unsigned_intP_alloc_table,unsigned_intP_tag_table + { (strict_valid_struct_unsigned_intP(result, (0), sub_int(n, (1)), + unsigned_intP_alloc_table) + and (alloc_extends(unsigned_intP_alloc_table@, + unsigned_intP_alloc_table) + and (alloc_fresh(unsigned_intP_alloc_table@, result, n) + and instanceof(unsigned_intP_tag_table, result, + unsigned_intP_tag)))) } -parameter void_P_alloc_table : void_P alloc_table ref +parameter voidP_alloc_table : voidP alloc_table ref -parameter void_P_tag_table : void_P tag_table ref +parameter voidP_tag_table : voidP tag_table ref -parameter alloc_struct_void_P : +parameter alloc_struct_voidP : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { } void_P pointer writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } -parameter alloc_struct_void_P_requires : +parameter alloc_struct_voidP_requires : n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { ge_int(n, (0))} void_P pointer - writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } parameter any_int32 : unit -> { } int32 { true } @@ -2346,65 +2288,65 @@ parameter create : sz:uint32 -> - unsigned_int_P_create_2_alloc_table:unsigned_int_P alloc_table ref -> - int_P_create_2_alloc_table:int_P alloc_table ref -> + unsigned_intP_create_2_alloc_table:unsigned_intP alloc_table ref -> + intP_create_2_alloc_table:intP alloc_table ref -> SparseArray_create_2_alloc_table:SparseArray alloc_table ref -> - unsigned_int_P_create_2_tag_table:unsigned_int_P tag_table ref -> - int_P_create_2_tag_table:int_P tag_table ref -> + unsigned_intP_create_2_tag_table:unsigned_intP tag_table ref -> + intP_create_2_tag_table:intP tag_table ref -> SparseArray_create_2_tag_table:SparseArray tag_table ref -> SparseArray_sz_0_create_2:(SparseArray, uint32) memory ref -> SparseArray_n_create_2:(SparseArray, uint32) memory ref -> - SparseArray_back_create_2:(SparseArray, unsigned_int_P pointer) memory ref -> - SparseArray_idx_create_2:(SparseArray, unsigned_int_P pointer) memory ref -> - SparseArray_val_create_2:(SparseArray, int_P pointer) memory ref -> + SparseArray_back_create_2:(SparseArray, unsigned_intP pointer) memory ref -> + SparseArray_idx_create_2:(SparseArray, unsigned_intP pointer) memory ref -> + SparseArray_val_create_2:(SparseArray, intP pointer) memory ref -> { } SparseArray pointer reads SparseArray_create_2_alloc_table - writes SparseArray_back_create_2,SparseArray_create_2_alloc_table,SparseArray_create_2_tag_table,SparseArray_idx_create_2,SparseArray_n_create_2,SparseArray_sz_0_create_2,SparseArray_val_create_2,int_P_create_2_alloc_table,int_P_create_2_tag_table,unsigned_int_P_create_2_alloc_table,unsigned_int_P_create_2_tag_table + writes SparseArray_back_create_2,SparseArray_create_2_alloc_table,SparseArray_create_2_tag_table,SparseArray_idx_create_2,SparseArray_n_create_2,SparseArray_sz_0_create_2,SparseArray_val_create_2,intP_create_2_alloc_table,intP_create_2_tag_table,unsigned_intP_create_2_alloc_table,unsigned_intP_create_2_tag_table { true } parameter create_requires : sz:uint32 -> - unsigned_int_P_create_2_alloc_table:unsigned_int_P alloc_table ref -> - int_P_create_2_alloc_table:int_P alloc_table ref -> + unsigned_intP_create_2_alloc_table:unsigned_intP alloc_table ref -> + intP_create_2_alloc_table:intP alloc_table ref -> SparseArray_create_2_alloc_table:SparseArray alloc_table ref -> - unsigned_int_P_create_2_tag_table:unsigned_int_P tag_table ref -> - int_P_create_2_tag_table:int_P tag_table ref -> + unsigned_intP_create_2_tag_table:unsigned_intP tag_table ref -> + intP_create_2_tag_table:intP tag_table ref -> SparseArray_create_2_tag_table:SparseArray tag_table ref -> SparseArray_sz_0_create_2:(SparseArray, uint32) memory ref -> SparseArray_n_create_2:(SparseArray, uint32) memory ref -> - SparseArray_back_create_2:(SparseArray, unsigned_int_P pointer) memory ref -> - SparseArray_idx_create_2:(SparseArray, unsigned_int_P pointer) memory ref -> - SparseArray_val_create_2:(SparseArray, int_P pointer) memory ref -> + SparseArray_back_create_2:(SparseArray, unsigned_intP pointer) memory ref -> + SparseArray_idx_create_2:(SparseArray, unsigned_intP pointer) memory ref -> + SparseArray_val_create_2:(SparseArray, intP pointer) memory ref -> { (JC_1: le_int(integer_of_uint32(sz), (1000)))} SparseArray pointer reads SparseArray_create_2_alloc_table - writes SparseArray_back_create_2,SparseArray_create_2_alloc_table,SparseArray_create_2_tag_table,SparseArray_idx_create_2,SparseArray_n_create_2,SparseArray_sz_0_create_2,SparseArray_val_create_2,int_P_create_2_alloc_table,int_P_create_2_tag_table,unsigned_int_P_create_2_alloc_table,unsigned_int_P_create_2_tag_table + writes SparseArray_back_create_2,SparseArray_create_2_alloc_table,SparseArray_create_2_tag_table,SparseArray_idx_create_2,SparseArray_n_create_2,SparseArray_sz_0_create_2,SparseArray_val_create_2,intP_create_2_alloc_table,intP_create_2_tag_table,unsigned_intP_create_2_alloc_table,unsigned_intP_create_2_tag_table { true } parameter get : a:SparseArray pointer -> i:uint32 -> - unsigned_int_P_a_3_alloc_table:unsigned_int_P alloc_table -> - int_P_a_3_alloc_table:int_P alloc_table -> + unsigned_intP_a_3_alloc_table:unsigned_intP alloc_table -> + intP_a_3_alloc_table:intP alloc_table -> SparseArray_a_3_alloc_table:SparseArray alloc_table -> SparseArray_n_a_3:(SparseArray, uint32) memory -> - SparseArray_back_a_3:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_idx_a_3:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_val_a_3:(SparseArray, int_P pointer) memory -> - int_P_int_M_a_3:(int_P, int32) memory -> - unsigned_int_P_unsigned_int_M_a_3:(unsigned_int_P, uint32) memory -> + SparseArray_back_a_3:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_idx_a_3:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_val_a_3:(SparseArray, intP pointer) memory -> + intP_intM_a_3:(intP, int32) memory -> + unsigned_intP_unsigned_intM_a_3:(unsigned_intP, uint32) memory -> { } int32 { true } parameter get_requires : a:SparseArray pointer -> i:uint32 -> - unsigned_int_P_a_3_alloc_table:unsigned_int_P alloc_table -> - int_P_a_3_alloc_table:int_P alloc_table -> + unsigned_intP_a_3_alloc_table:unsigned_intP alloc_table -> + intP_a_3_alloc_table:intP alloc_table -> SparseArray_a_3_alloc_table:SparseArray alloc_table -> SparseArray_n_a_3:(SparseArray, uint32) memory -> - SparseArray_back_a_3:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_idx_a_3:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_val_a_3:(SparseArray, int_P pointer) memory -> - int_P_int_M_a_3:(int_P, int32) memory -> - unsigned_int_P_unsigned_int_M_a_3:(unsigned_int_P, uint32) memory -> + SparseArray_back_a_3:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_idx_a_3:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_val_a_3:(SparseArray, intP pointer) memory -> + intP_intM_a_3:(intP, int32) memory -> + unsigned_intP_unsigned_intM_a_3:(unsigned_intP, uint32) memory -> { (JC_15: ((JC_13: le_int(offset_min(SparseArray_a_3_alloc_table, a), (0))) @@ -2440,17 +2382,17 @@ i_0:uint32 -> v:int32 -> SparseArray_n_a_0_4:(SparseArray, uint32) memory ref -> - int_P_int_M_a_0_4:(int_P, int32) memory ref -> - unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, uint32) memory ref -> - unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table -> - int_P_a_0_4_alloc_table:int_P alloc_table -> + intP_intM_a_0_4:(intP, int32) memory ref -> + unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory ref -> + unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table -> + intP_a_0_4_alloc_table:intP alloc_table -> SparseArray_a_0_4_alloc_table:SparseArray alloc_table -> - SparseArray_back_a_0_4:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_idx_a_0_4:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_val_a_0_4:(SparseArray, int_P pointer) memory -> + SparseArray_back_a_0_4:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_idx_a_0_4:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_val_a_0_4:(SparseArray, intP pointer) memory -> { } unit - reads SparseArray_n_a_0_4,unsigned_int_P_unsigned_int_M_a_0_4 - writes SparseArray_n_a_0_4,int_P_int_M_a_0_4,unsigned_int_P_unsigned_int_M_a_0_4 + reads SparseArray_n_a_0_4,unsigned_intP_unsigned_intM_a_0_4 + writes SparseArray_n_a_0_4,intP_intM_a_0_4,unsigned_intP_unsigned_intM_a_0_4 { true } parameter set_requires : @@ -2458,23 +2400,22 @@ i_0:uint32 -> v:int32 -> SparseArray_n_a_0_4:(SparseArray, uint32) memory ref -> - int_P_int_M_a_0_4:(int_P, int32) memory ref -> - unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, uint32) memory ref -> - unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table -> - int_P_a_0_4_alloc_table:int_P alloc_table -> + intP_intM_a_0_4:(intP, int32) memory ref -> + unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory ref -> + unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table -> + intP_a_0_4_alloc_table:intP alloc_table -> SparseArray_a_0_4_alloc_table:SparseArray alloc_table -> - SparseArray_back_a_0_4:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_idx_a_0_4:(SparseArray, unsigned_int_P pointer) memory -> - SparseArray_val_a_0_4:(SparseArray, int_P pointer) memory -> + SparseArray_back_a_0_4:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_idx_a_0_4:(SparseArray, unsigned_intP pointer) memory -> + SparseArray_val_a_0_4:(SparseArray, intP pointer) memory -> { (JC_36: ((JC_34: le_int(offset_min(SparseArray_a_0_4_alloc_table, a_0), (0))) and (JC_35: ge_int(offset_max(SparseArray_a_0_4_alloc_table, a_0), (0)))))} - unit - reads SparseArray_n_a_0_4,unsigned_int_P_unsigned_int_M_a_0_4 - writes SparseArray_n_a_0_4,int_P_int_M_a_0_4,unsigned_int_P_unsigned_int_M_a_0_4 + unit reads SparseArray_n_a_0_4,unsigned_intP_unsigned_intM_a_0_4 + writes SparseArray_n_a_0_4,intP_intM_a_0_4,unsigned_intP_unsigned_intM_a_0_4 { true } parameter uint32_of_integer_ : @@ -2483,7 +2424,7 @@ { eq_int(integer_of_uint32(result), x) } let create_ensures_default = - fun (sz : uint32) (SparseArray_create_2_alloc_table : SparseArray alloc_table ref) (int_P_create_2_alloc_table : int_P alloc_table ref) (unsigned_int_P_create_2_alloc_table : unsigned_int_P alloc_table ref) (unsigned_int_P_create_2_tag_table : unsigned_int_P tag_table ref) (int_P_create_2_tag_table : int_P tag_table ref) (SparseArray_create_2_tag_table : SparseArray tag_table ref) (SparseArray_val_create_2 : (SparseArray, int_P pointer) memory ref) (SparseArray_idx_create_2 : (SparseArray, unsigned_int_P pointer) memory ref) (SparseArray_back_create_2 : (SparseArray, unsigned_int_P pointer) memory ref) (SparseArray_n_create_2 : (SparseArray, uint32) memory ref) (SparseArray_sz_0_create_2 : (SparseArray, uint32) memory ref) -> + fun (sz : uint32) (SparseArray_create_2_alloc_table : SparseArray alloc_table ref) (intP_create_2_alloc_table : intP alloc_table ref) (unsigned_intP_create_2_alloc_table : unsigned_intP alloc_table ref) (unsigned_intP_create_2_tag_table : unsigned_intP tag_table ref) (intP_create_2_tag_table : intP tag_table ref) (SparseArray_create_2_tag_table : SparseArray tag_table ref) (SparseArray_val_create_2 : (SparseArray, intP pointer) memory ref) (SparseArray_idx_create_2 : (SparseArray, unsigned_intP pointer) memory ref) (SparseArray_back_create_2 : (SparseArray, unsigned_intP pointer) memory ref) (SparseArray_n_create_2 : (SparseArray, uint32) memory ref) (SparseArray_sz_0_create_2 : (SparseArray, uint32) memory ref) -> { (JC_3: le_int(integer_of_uint32(sz), (1000))) } (init: (let return = ref (any_pointer void) in @@ -2497,7 +2438,7 @@ (let jessie_ = (a_1 := (C_1: (JC_12: - ((((((((alloc_struct_SparseArray (1)) SparseArray_create_2_alloc_table) int_P_create_2_alloc_table) unsigned_int_P_create_2_alloc_table) SparseArray_create_2_tag_table) !SparseArray_back_create_2) !SparseArray_idx_create_2) !SparseArray_val_create_2)))) in + ((((((((alloc_struct_SparseArray (1)) SparseArray_create_2_alloc_table) intP_create_2_alloc_table) unsigned_intP_create_2_alloc_table) SparseArray_create_2_tag_table) !SparseArray_back_create_2) !SparseArray_idx_create_2) !SparseArray_val_create_2)))) in void); (let jessie_ = (safe_uint32_of_integer_ (0)) in (let jessie_ = !a_1 in @@ -2509,7 +2450,7 @@ !return end)) { (JC_5: true) } let create_safety = - fun (sz : uint32) (SparseArray_create_2_alloc_table : SparseArray alloc_table ref) (int_P_create_2_alloc_table : int_P alloc_table ref) (unsigned_int_P_create_2_alloc_table : unsigned_int_P alloc_table ref) (unsigned_int_P_create_2_tag_table : unsigned_int_P tag_table ref) (int_P_create_2_tag_table : int_P tag_table ref) (SparseArray_create_2_tag_table : SparseArray tag_table ref) (SparseArray_val_create_2 : (SparseArray, int_P pointer) memory ref) (SparseArray_idx_create_2 : (SparseArray, unsigned_int_P pointer) memory ref) (SparseArray_back_create_2 : (SparseArray, unsigned_int_P pointer) memory ref) (SparseArray_n_create_2 : (SparseArray, uint32) memory ref) (SparseArray_sz_0_create_2 : (SparseArray, uint32) memory ref) -> + fun (sz : uint32) (SparseArray_create_2_alloc_table : SparseArray alloc_table ref) (intP_create_2_alloc_table : intP alloc_table ref) (unsigned_intP_create_2_alloc_table : unsigned_intP alloc_table ref) (unsigned_intP_create_2_tag_table : unsigned_intP tag_table ref) (intP_create_2_tag_table : intP tag_table ref) (SparseArray_create_2_tag_table : SparseArray tag_table ref) (SparseArray_val_create_2 : (SparseArray, intP pointer) memory ref) (SparseArray_idx_create_2 : (SparseArray, unsigned_intP pointer) memory ref) (SparseArray_back_create_2 : (SparseArray, unsigned_intP pointer) memory ref) (SparseArray_n_create_2 : (SparseArray, uint32) memory ref) (SparseArray_sz_0_create_2 : (SparseArray, uint32) memory ref) -> { (JC_3: le_int(integer_of_uint32(sz), (1000))) } (init: (let return = ref (any_pointer void) in @@ -2523,7 +2464,7 @@ (let jessie_ = (a_1 := (C_1: (JC_9: - ((((((((alloc_struct_SparseArray_requires (1)) SparseArray_create_2_alloc_table) int_P_create_2_alloc_table) unsigned_int_P_create_2_alloc_table) SparseArray_create_2_tag_table) !SparseArray_back_create_2) !SparseArray_idx_create_2) !SparseArray_val_create_2)))) in + ((((((((alloc_struct_SparseArray_requires (1)) SparseArray_create_2_alloc_table) intP_create_2_alloc_table) unsigned_intP_create_2_alloc_table) SparseArray_create_2_tag_table) !SparseArray_back_create_2) !SparseArray_idx_create_2) !SparseArray_val_create_2)))) in void); (let jessie_ = (safe_uint32_of_integer_ (0)) in (let jessie_ = !a_1 in @@ -2537,7 +2478,7 @@ !return end)) { true } let get_ensures_default = - fun (a : SparseArray pointer) (i : uint32) (SparseArray_a_3_alloc_table : SparseArray alloc_table) (int_P_a_3_alloc_table : int_P alloc_table) (unsigned_int_P_a_3_alloc_table : unsigned_int_P alloc_table) (unsigned_int_P_unsigned_int_M_a_3 : (unsigned_int_P, uint32) memory) (int_P_int_M_a_3 : (int_P, int32) memory) (SparseArray_val_a_3 : (SparseArray, int_P pointer) memory) (SparseArray_idx_a_3 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_back_a_3 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_n_a_3 : (SparseArray, uint32) memory) -> + fun (a : SparseArray pointer) (i : uint32) (SparseArray_a_3_alloc_table : SparseArray alloc_table) (intP_a_3_alloc_table : intP alloc_table) (unsigned_intP_a_3_alloc_table : unsigned_intP alloc_table) (unsigned_intP_unsigned_intM_a_3 : (unsigned_intP, uint32) memory) (intP_intM_a_3 : (intP, int32) memory) (SparseArray_val_a_3 : (SparseArray, intP pointer) memory) (SparseArray_idx_a_3 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_back_a_3 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_n_a_3 : (SparseArray, uint32) memory) -> { (JC_19: ((JC_17: le_int(offset_min(SparseArray_a_3_alloc_table, a), (0))) and (JC_18: ge_int(offset_max(SparseArray_a_3_alloc_table, a), (0))))) } @@ -2547,55 +2488,50 @@ begin (let __retres = ref (any_int32 void) in try - (let jessie_ = begin (if ((lt_int_ (integer_of_uint32 (C_20: - ((safe_acc_ unsigned_int_P_unsigned_int_M_a_3) + ((safe_acc_ unsigned_intP_unsigned_intM_a_3) ((shift (C_19: ((safe_acc_ SparseArray_idx_a_3) a))) (integer_of_uint32 i)))))) (integer_of_uint32 (C_18: ((safe_acc_ SparseArray_n_a_3) a)))) then (if ((eq_int_ (integer_of_uint32 (C_17: - ((safe_acc_ unsigned_int_P_unsigned_int_M_a_3) + ((safe_acc_ unsigned_intP_unsigned_intM_a_3) ((shift (C_16: ((safe_acc_ SparseArray_back_a_3) a))) (integer_of_uint32 (C_15: - ((safe_acc_ unsigned_int_P_unsigned_int_M_a_3) + ((safe_acc_ unsigned_intP_unsigned_intM_a_3) ((shift (C_14: ((safe_acc_ SparseArray_idx_a_3) a))) (integer_of_uint32 i)))))))))) (integer_of_uint32 i)) then - (let jessie_ = (C_13: begin (let jessie_ = (__retres := (C_12: - ((safe_acc_ int_P_int_M_a_3) ((shift (C_11: - ((safe_acc_ SparseArray_val_a_3) a))) - (integer_of_uint32 i))))) in - void); (raise (Return_label_exc void)) end) in void) + ((safe_acc_ intP_intM_a_3) ((shift (C_11: + ((safe_acc_ SparseArray_val_a_3) a))) + (integer_of_uint32 i))))) in + void); (raise (Return_label_exc void)) end) else - (let jessie_ = (C_10: begin (let jessie_ = (__retres := (safe_int32_of_integer_ (0))) in - void); (raise (Return_label_exc void)) end) in void)) + void); (raise (Return_label_exc void)) end)) else - (let jessie_ = (C_9: begin (let jessie_ = (__retres := (safe_int32_of_integer_ (0))) in - void); (raise (Return_label_exc void)) end) in void)); - (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> + void); (raise (Return_label_exc void)) end)); + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end); absurd end with Return -> !return end)) { (JC_21: true) } let get_safety = - fun (a : SparseArray pointer) (i : uint32) (SparseArray_a_3_alloc_table : SparseArray alloc_table) (int_P_a_3_alloc_table : int_P alloc_table) (unsigned_int_P_a_3_alloc_table : unsigned_int_P alloc_table) (unsigned_int_P_unsigned_int_M_a_3 : (unsigned_int_P, uint32) memory) (int_P_int_M_a_3 : (int_P, int32) memory) (SparseArray_val_a_3 : (SparseArray, int_P pointer) memory) (SparseArray_idx_a_3 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_back_a_3 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_n_a_3 : (SparseArray, uint32) memory) -> + fun (a : SparseArray pointer) (i : uint32) (SparseArray_a_3_alloc_table : SparseArray alloc_table) (intP_a_3_alloc_table : intP alloc_table) (unsigned_intP_a_3_alloc_table : unsigned_intP alloc_table) (unsigned_intP_unsigned_intM_a_3 : (unsigned_intP, uint32) memory) (intP_intM_a_3 : (intP, int32) memory) (SparseArray_val_a_3 : (SparseArray, intP pointer) memory) (SparseArray_idx_a_3 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_back_a_3 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_n_a_3 : (SparseArray, uint32) memory) -> { (JC_19: ((JC_17: le_int(offset_min(SparseArray_a_3_alloc_table, a), (0))) and (JC_18: ge_int(offset_max(SparseArray_a_3_alloc_table, a), (0))))) } @@ -2605,11 +2541,10 @@ begin (let __retres = ref (any_int32 void) in try - (let jessie_ = begin (if ((lt_int_ (integer_of_uint32 (C_20: (JC_26: - ((((offset_acc_ unsigned_int_P_a_3_alloc_table) unsigned_int_P_unsigned_int_M_a_3) + ((((offset_acc_ unsigned_intP_a_3_alloc_table) unsigned_intP_unsigned_intM_a_3) (C_19: (JC_25: (((acc_ SparseArray_a_3_alloc_table) SparseArray_idx_a_3) a)))) @@ -2620,45 +2555,41 @@ then (if ((eq_int_ (integer_of_uint32 (C_17: (JC_31: - ((((offset_acc_ unsigned_int_P_a_3_alloc_table) unsigned_int_P_unsigned_int_M_a_3) + ((((offset_acc_ unsigned_intP_a_3_alloc_table) unsigned_intP_unsigned_intM_a_3) (C_16: (JC_30: (((acc_ SparseArray_a_3_alloc_table) SparseArray_back_a_3) a)))) (integer_of_uint32 (C_15: (JC_29: - ((((offset_acc_ unsigned_int_P_a_3_alloc_table) unsigned_int_P_unsigned_int_M_a_3) + ((((offset_acc_ unsigned_intP_a_3_alloc_table) unsigned_intP_unsigned_intM_a_3) (C_14: (JC_28: (((acc_ SparseArray_a_3_alloc_table) SparseArray_idx_a_3) a)))) (integer_of_uint32 i)))))))))) (integer_of_uint32 i)) then - (let jessie_ = (C_13: begin (let jessie_ = (__retres := (C_12: (JC_33: - ((((offset_acc_ int_P_a_3_alloc_table) int_P_int_M_a_3) + ((((offset_acc_ intP_a_3_alloc_table) intP_intM_a_3) (C_11: (JC_32: (((acc_ SparseArray_a_3_alloc_table) SparseArray_val_a_3) a)))) (integer_of_uint32 i))))) in void); - (raise (Return_label_exc void)) end) in void) + (raise (Return_label_exc void)) end) else - (let jessie_ = (C_10: begin (let jessie_ = (__retres := (safe_int32_of_integer_ (0))) in - void); (raise (Return_label_exc void)) end) in void)) + void); (raise (Return_label_exc void)) end)) else - (let jessie_ = (C_9: begin (let jessie_ = (__retres := (safe_int32_of_integer_ (0))) in - void); (raise (Return_label_exc void)) end) in void)); - (raise (Return_label_exc void)) end in void) with - Return_label_exc jessie_ -> + void); (raise (Return_label_exc void)) end)); + (raise (Return_label_exc void)) end with Return_label_exc jessie_ -> (return_label: begin (return := !__retres); (raise Return) end) end); absurd end with Return -> !return end)) { true } @@ -2679,20 +2610,20 @@ (let SparseArray_idx_a_2_7 = ref (any_memory void) in (let SparseArray_val_b_8 = ref (any_memory void) in (let SparseArray_val_a_2_7 = ref (any_memory void) in - (let int_P_int_M_b_8 = ref (any_memory void) in - (let int_P_int_M_a_2_7 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_b_8 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_a_2_7 = ref (any_memory void) in + (let intP_intM_b_8 = ref (any_memory void) in + (let intP_intM_a_2_7 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_b_8 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_a_2_7 = ref (any_memory void) in (let SparseArray_a_2_7_tag_table = ref (any_tag_table void) in (let SparseArray_b_8_tag_table = ref (any_tag_table void) in - (let int_P_a_2_7_tag_table = ref (any_tag_table void) in - (let int_P_b_8_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_a_2_7_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_b_8_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_b_8_alloc_table = ref (any_alloc_table void) in - (let unsigned_int_P_a_2_7_alloc_table = ref (any_alloc_table void) in - (let int_P_b_8_alloc_table = ref (any_alloc_table void) in - (let int_P_a_2_7_alloc_table = ref (any_alloc_table void) in + (let intP_a_2_7_tag_table = ref (any_tag_table void) in + (let intP_b_8_tag_table = ref (any_tag_table void) in + (let unsigned_intP_a_2_7_tag_table = ref (any_tag_table void) in + (let unsigned_intP_b_8_tag_table = ref (any_tag_table void) in + (let unsigned_intP_b_8_alloc_table = ref (any_alloc_table void) in + (let unsigned_intP_a_2_7_alloc_table = ref (any_alloc_table void) in + (let intP_b_8_alloc_table = ref (any_alloc_table void) in + (let intP_a_2_7_alloc_table = ref (any_alloc_table void) in (let SparseArray_b_8_alloc_table = ref (any_alloc_table void) in (let SparseArray_a_2_7_alloc_table = ref (any_alloc_table void) in (let a_2 = ref (any_pointer void) in @@ -2716,78 +2647,78 @@ (a_2 := (C_53: (let jessie_ = (safe_uint32_of_integer_ (10)) in (JC_93: - ((((((((((((create jessie_) unsigned_int_P_a_2_7_alloc_table) int_P_a_2_7_alloc_table) SparseArray_a_2_7_alloc_table) unsigned_int_P_a_2_7_tag_table) int_P_a_2_7_tag_table) SparseArray_a_2_7_tag_table) SparseArray_sz_0_a_2_7) SparseArray_n_a_2_7) SparseArray_back_a_2_7) SparseArray_idx_a_2_7) SparseArray_val_a_2_7))))) in + ((((((((((((create jessie_) unsigned_intP_a_2_7_alloc_table) intP_a_2_7_alloc_table) SparseArray_a_2_7_alloc_table) unsigned_intP_a_2_7_tag_table) intP_a_2_7_tag_table) SparseArray_a_2_7_tag_table) SparseArray_sz_0_a_2_7) SparseArray_n_a_2_7) SparseArray_back_a_2_7) SparseArray_idx_a_2_7) SparseArray_val_a_2_7))))) in void); (let jessie_ = (b := (C_55: (let jessie_ = (safe_uint32_of_integer_ (20)) in (JC_94: - ((((((((((((create jessie_) unsigned_int_P_b_8_alloc_table) int_P_b_8_alloc_table) SparseArray_b_8_alloc_table) unsigned_int_P_b_8_tag_table) int_P_b_8_tag_table) SparseArray_b_8_tag_table) SparseArray_sz_0_b_8) SparseArray_n_b_8) SparseArray_back_b_8) SparseArray_idx_b_8) SparseArray_val_b_8))))) in + ((((((((((((create jessie_) unsigned_intP_b_8_alloc_table) intP_b_8_alloc_table) SparseArray_b_8_alloc_table) unsigned_intP_b_8_tag_table) intP_b_8_tag_table) SparseArray_b_8_tag_table) SparseArray_sz_0_b_8) SparseArray_n_b_8) SparseArray_back_b_8) SparseArray_idx_b_8) SparseArray_val_b_8))))) in void); (let jessie_ = (x_0 := (C_57: (let jessie_ = !a_2 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (JC_95: - (((((((((((get jessie_) jessie_) !unsigned_int_P_a_2_7_alloc_table) !int_P_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !int_P_int_M_a_2_7) !unsigned_int_P_unsigned_int_M_a_2_7)))))) in + (((((((((((get jessie_) jessie_) !unsigned_intP_a_2_7_alloc_table) !intP_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !intP_intM_a_2_7) !unsigned_intP_unsigned_intM_a_2_7)))))) in void); (let jessie_ = (y := (C_59: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (JC_96: - (((((((((((get jessie_) jessie_) !unsigned_int_P_b_8_alloc_table) !int_P_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !int_P_int_M_b_8) !unsigned_int_P_unsigned_int_M_b_8)))))) in + (((((((((((get jessie_) jessie_) !unsigned_intP_b_8_alloc_table) !intP_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !intP_intM_b_8) !unsigned_intP_unsigned_intM_b_8)))))) in void); (assert { (JC_99: - ((JC_97: eq_int(integer_of_int32(x_0), (0))) - and (JC_98: eq_int(integer_of_int32(y), (0))))) }; void); void; + ((JC_97: (integer_of_int32(x_0) = (0))) + and (JC_98: (integer_of_int32(y) = (0))))) }; void); void; (let jessie_ = !a_2 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (let jessie_ = (safe_int32_of_integer_ (1)) in (JC_100: - ((((((((((((set jessie_) jessie_) jessie_) SparseArray_n_a_2_7) int_P_int_M_a_2_7) unsigned_int_P_unsigned_int_M_a_2_7) !unsigned_int_P_a_2_7_alloc_table) !int_P_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7))))); + ((((((((((((set jessie_) jessie_) jessie_) SparseArray_n_a_2_7) intP_intM_a_2_7) unsigned_intP_unsigned_intM_a_2_7) !unsigned_intP_a_2_7_alloc_table) !intP_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7))))); (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (let jessie_ = (safe_int32_of_integer_ (2)) in (JC_101: - ((((((((((((set jessie_) jessie_) jessie_) SparseArray_n_b_8) int_P_int_M_b_8) unsigned_int_P_unsigned_int_M_b_8) !unsigned_int_P_b_8_alloc_table) !int_P_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8))))); + ((((((((((((set jessie_) jessie_) jessie_) SparseArray_n_b_8) intP_intM_b_8) unsigned_intP_unsigned_intM_b_8) !unsigned_intP_b_8_alloc_table) !intP_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8))))); (let jessie_ = (x_0 := (C_66: (let jessie_ = !a_2 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (JC_102: - (((((((((((get jessie_) jessie_) !unsigned_int_P_a_2_7_alloc_table) !int_P_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !int_P_int_M_a_2_7) !unsigned_int_P_unsigned_int_M_a_2_7)))))) in + (((((((((((get jessie_) jessie_) !unsigned_intP_a_2_7_alloc_table) !intP_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !intP_intM_a_2_7) !unsigned_intP_unsigned_intM_a_2_7)))))) in void); (let jessie_ = (y := (C_68: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (JC_103: - (((((((((((get jessie_) jessie_) !unsigned_int_P_b_8_alloc_table) !int_P_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !int_P_int_M_b_8) !unsigned_int_P_unsigned_int_M_b_8)))))) in + (((((((((((get jessie_) jessie_) !unsigned_intP_b_8_alloc_table) !intP_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !intP_intM_b_8) !unsigned_intP_unsigned_intM_b_8)))))) in void); (assert { (JC_106: - ((JC_104: eq_int(integer_of_int32(x_0), (1))) - and (JC_105: eq_int(integer_of_int32(y), (2))))) }; void); void; + ((JC_104: (integer_of_int32(x_0) = (1))) + and (JC_105: (integer_of_int32(y) = (2))))) }; void); void; (let jessie_ = (x_0 := (C_73: (let jessie_ = !a_2 in (let jessie_ = (safe_uint32_of_integer_ (0)) in (JC_107: - (((((((((((get jessie_) jessie_) !unsigned_int_P_a_2_7_alloc_table) !int_P_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !int_P_int_M_a_2_7) !unsigned_int_P_unsigned_int_M_a_2_7)))))) in + (((((((((((get jessie_) jessie_) !unsigned_intP_a_2_7_alloc_table) !intP_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !intP_intM_a_2_7) !unsigned_intP_unsigned_intM_a_2_7)))))) in void); (let jessie_ = (y := (C_75: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (0)) in (JC_108: - (((((((((((get jessie_) jessie_) !unsigned_int_P_b_8_alloc_table) !int_P_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !int_P_int_M_b_8) !unsigned_int_P_unsigned_int_M_b_8)))))) in + (((((((((((get jessie_) jessie_) !unsigned_intP_b_8_alloc_table) !intP_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !intP_intM_b_8) !unsigned_intP_unsigned_intM_b_8)))))) in void); (assert { (JC_111: - ((JC_109: eq_int(integer_of_int32(x_0), (0))) - and (JC_110: eq_int(integer_of_int32(y), (0))))) }; void); void; + ((JC_109: (integer_of_int32(x_0) = (0))) + and (JC_110: (integer_of_int32(y) = (0))))) }; void); void; (let jessie_ = (__retres_0 := (safe_int32_of_integer_ (0))) in void); (return := !__retres_0); (raise Return) end)))))))))))))))))))))))))))))))))))))))))); absurd end with Return -> !return end)) { (JC_70: true) } @@ -2809,20 +2740,20 @@ (let SparseArray_idx_a_2_7 = ref (any_memory void) in (let SparseArray_val_b_8 = ref (any_memory void) in (let SparseArray_val_a_2_7 = ref (any_memory void) in - (let int_P_int_M_b_8 = ref (any_memory void) in - (let int_P_int_M_a_2_7 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_b_8 = ref (any_memory void) in - (let unsigned_int_P_unsigned_int_M_a_2_7 = ref (any_memory void) in + (let intP_intM_b_8 = ref (any_memory void) in + (let intP_intM_a_2_7 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_b_8 = ref (any_memory void) in + (let unsigned_intP_unsigned_intM_a_2_7 = ref (any_memory void) in (let SparseArray_a_2_7_tag_table = ref (any_tag_table void) in (let SparseArray_b_8_tag_table = ref (any_tag_table void) in - (let int_P_a_2_7_tag_table = ref (any_tag_table void) in - (let int_P_b_8_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_a_2_7_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_b_8_tag_table = ref (any_tag_table void) in - (let unsigned_int_P_b_8_alloc_table = ref (any_alloc_table void) in - (let unsigned_int_P_a_2_7_alloc_table = ref (any_alloc_table void) in - (let int_P_b_8_alloc_table = ref (any_alloc_table void) in - (let int_P_a_2_7_alloc_table = ref (any_alloc_table void) in + (let intP_a_2_7_tag_table = ref (any_tag_table void) in + (let intP_b_8_tag_table = ref (any_tag_table void) in + (let unsigned_intP_a_2_7_tag_table = ref (any_tag_table void) in + (let unsigned_intP_b_8_tag_table = ref (any_tag_table void) in + (let unsigned_intP_b_8_alloc_table = ref (any_alloc_table void) in + (let unsigned_intP_a_2_7_alloc_table = ref (any_alloc_table void) in + (let intP_b_8_alloc_table = ref (any_alloc_table void) in + (let intP_a_2_7_alloc_table = ref (any_alloc_table void) in (let SparseArray_b_8_alloc_table = ref (any_alloc_table void) in (let SparseArray_a_2_7_alloc_table = ref (any_alloc_table void) in (let a_2 = ref (any_pointer void) in @@ -2846,84 +2777,84 @@ (a_2 := (C_53: (let jessie_ = (safe_uint32_of_integer_ (10)) in (JC_74: - ((((((((((((create_requires jessie_) unsigned_int_P_a_2_7_alloc_table) int_P_a_2_7_alloc_table) SparseArray_a_2_7_alloc_table) unsigned_int_P_a_2_7_tag_table) int_P_a_2_7_tag_table) SparseArray_a_2_7_tag_table) SparseArray_sz_0_a_2_7) SparseArray_n_a_2_7) SparseArray_back_a_2_7) SparseArray_idx_a_2_7) SparseArray_val_a_2_7))))) in + ((((((((((((create_requires jessie_) unsigned_intP_a_2_7_alloc_table) intP_a_2_7_alloc_table) SparseArray_a_2_7_alloc_table) unsigned_intP_a_2_7_tag_table) intP_a_2_7_tag_table) SparseArray_a_2_7_tag_table) SparseArray_sz_0_a_2_7) SparseArray_n_a_2_7) SparseArray_back_a_2_7) SparseArray_idx_a_2_7) SparseArray_val_a_2_7))))) in void); (let jessie_ = (b := (C_55: (let jessie_ = (safe_uint32_of_integer_ (20)) in (JC_75: - ((((((((((((create_requires jessie_) unsigned_int_P_b_8_alloc_table) int_P_b_8_alloc_table) SparseArray_b_8_alloc_table) unsigned_int_P_b_8_tag_table) int_P_b_8_tag_table) SparseArray_b_8_tag_table) SparseArray_sz_0_b_8) SparseArray_n_b_8) SparseArray_back_b_8) SparseArray_idx_b_8) SparseArray_val_b_8))))) in + ((((((((((((create_requires jessie_) unsigned_intP_b_8_alloc_table) intP_b_8_alloc_table) SparseArray_b_8_alloc_table) unsigned_intP_b_8_tag_table) intP_b_8_tag_table) SparseArray_b_8_tag_table) SparseArray_sz_0_b_8) SparseArray_n_b_8) SparseArray_back_b_8) SparseArray_idx_b_8) SparseArray_val_b_8))))) in void); (let jessie_ = (x_0 := (C_57: (let jessie_ = !a_2 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (JC_76: - (((((((((((get_requires jessie_) jessie_) !unsigned_int_P_a_2_7_alloc_table) !int_P_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !int_P_int_M_a_2_7) !unsigned_int_P_unsigned_int_M_a_2_7)))))) in + (((((((((((get_requires jessie_) jessie_) !unsigned_intP_a_2_7_alloc_table) !intP_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !intP_intM_a_2_7) !unsigned_intP_unsigned_intM_a_2_7)))))) in void); (let jessie_ = (y := (C_59: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (JC_77: - (((((((((((get_requires jessie_) jessie_) !unsigned_int_P_b_8_alloc_table) !int_P_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !int_P_int_M_b_8) !unsigned_int_P_unsigned_int_M_b_8)))))) in + (((((((((((get_requires jessie_) jessie_) !unsigned_intP_b_8_alloc_table) !intP_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !intP_intM_b_8) !unsigned_intP_unsigned_intM_b_8)))))) in void); [ { } unit reads x_0,y { (JC_80: - ((JC_78: eq_int(integer_of_int32(x_0), (0))) - and (JC_79: eq_int(integer_of_int32(y), (0))))) } ]; void; + ((JC_78: (integer_of_int32(x_0) = (0))) + and (JC_79: (integer_of_int32(y) = (0))))) } ]; void; (let jessie_ = !a_2 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (let jessie_ = (safe_int32_of_integer_ (1)) in (JC_81: - ((((((((((((set_requires jessie_) jessie_) jessie_) SparseArray_n_a_2_7) int_P_int_M_a_2_7) unsigned_int_P_unsigned_int_M_a_2_7) !unsigned_int_P_a_2_7_alloc_table) !int_P_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7))))); + ((((((((((((set_requires jessie_) jessie_) jessie_) SparseArray_n_a_2_7) intP_intM_a_2_7) unsigned_intP_unsigned_intM_a_2_7) !unsigned_intP_a_2_7_alloc_table) !intP_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7))))); (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (let jessie_ = (safe_int32_of_integer_ (2)) in (JC_82: - ((((((((((((set_requires jessie_) jessie_) jessie_) SparseArray_n_b_8) int_P_int_M_b_8) unsigned_int_P_unsigned_int_M_b_8) !unsigned_int_P_b_8_alloc_table) !int_P_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8))))); + ((((((((((((set_requires jessie_) jessie_) jessie_) SparseArray_n_b_8) intP_intM_b_8) unsigned_intP_unsigned_intM_b_8) !unsigned_intP_b_8_alloc_table) !intP_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8))))); (let jessie_ = (x_0 := (C_66: (let jessie_ = !a_2 in (let jessie_ = (safe_uint32_of_integer_ (5)) in (JC_83: - (((((((((((get_requires jessie_) jessie_) !unsigned_int_P_a_2_7_alloc_table) !int_P_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !int_P_int_M_a_2_7) !unsigned_int_P_unsigned_int_M_a_2_7)))))) in + (((((((((((get_requires jessie_) jessie_) !unsigned_intP_a_2_7_alloc_table) !intP_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !intP_intM_a_2_7) !unsigned_intP_unsigned_intM_a_2_7)))))) in void); (let jessie_ = (y := (C_68: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (7)) in (JC_84: - (((((((((((get_requires jessie_) jessie_) !unsigned_int_P_b_8_alloc_table) !int_P_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !int_P_int_M_b_8) !unsigned_int_P_unsigned_int_M_b_8)))))) in + (((((((((((get_requires jessie_) jessie_) !unsigned_intP_b_8_alloc_table) !intP_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !intP_intM_b_8) !unsigned_intP_unsigned_intM_b_8)))))) in void); [ { } unit reads x_0,y { (JC_87: - ((JC_85: eq_int(integer_of_int32(x_0), (1))) - and (JC_86: eq_int(integer_of_int32(y), (2))))) } ]; void; + ((JC_85: (integer_of_int32(x_0) = (1))) + and (JC_86: (integer_of_int32(y) = (2))))) } ]; void; (let jessie_ = (x_0 := (C_73: (let jessie_ = !a_2 in (let jessie_ = (safe_uint32_of_integer_ (0)) in (JC_88: - (((((((((((get_requires jessie_) jessie_) !unsigned_int_P_a_2_7_alloc_table) !int_P_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !int_P_int_M_a_2_7) !unsigned_int_P_unsigned_int_M_a_2_7)))))) in + (((((((((((get_requires jessie_) jessie_) !unsigned_intP_a_2_7_alloc_table) !intP_a_2_7_alloc_table) !SparseArray_a_2_7_alloc_table) !SparseArray_n_a_2_7) !SparseArray_back_a_2_7) !SparseArray_idx_a_2_7) !SparseArray_val_a_2_7) !intP_intM_a_2_7) !unsigned_intP_unsigned_intM_a_2_7)))))) in void); (let jessie_ = (y := (C_75: (let jessie_ = !b in (let jessie_ = (safe_uint32_of_integer_ (0)) in (JC_89: - (((((((((((get_requires jessie_) jessie_) !unsigned_int_P_b_8_alloc_table) !int_P_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !int_P_int_M_b_8) !unsigned_int_P_unsigned_int_M_b_8)))))) in + (((((((((((get_requires jessie_) jessie_) !unsigned_intP_b_8_alloc_table) !intP_b_8_alloc_table) !SparseArray_b_8_alloc_table) !SparseArray_n_b_8) !SparseArray_back_b_8) !SparseArray_idx_b_8) !SparseArray_val_b_8) !intP_intM_b_8) !unsigned_intP_unsigned_intM_b_8)))))) in void); [ { } unit reads x_0,y { (JC_92: - ((JC_90: eq_int(integer_of_int32(x_0), (0))) - and (JC_91: eq_int(integer_of_int32(y), (0))))) } ]; void; + ((JC_90: (integer_of_int32(x_0) = (0))) + and (JC_91: (integer_of_int32(y) = (0))))) } ]; void; (let jessie_ = (__retres_0 := (safe_int32_of_integer_ (0))) in void); (return := !__retres_0); (raise Return) end)))))))))))))))))))))))))))))))))))))))))); absurd end with Return -> !return end)) { true } let set_ensures_default = - fun (a_0 : SparseArray pointer) (i_0 : uint32) (v : int32) (unsigned_int_P_unsigned_int_M_a_0_4 : (unsigned_int_P, uint32) memory ref) (int_P_int_M_a_0_4 : (int_P, int32) memory ref) (SparseArray_n_a_0_4 : (SparseArray, uint32) memory ref) (SparseArray_a_0_4_alloc_table : SparseArray alloc_table) (int_P_a_0_4_alloc_table : int_P alloc_table) (unsigned_int_P_a_0_4_alloc_table : unsigned_int_P alloc_table) (SparseArray_val_a_0_4 : (SparseArray, int_P pointer) memory) (SparseArray_idx_a_0_4 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_back_a_0_4 : (SparseArray, unsigned_int_P pointer) memory) -> + fun (a_0 : SparseArray pointer) (i_0 : uint32) (v : int32) (unsigned_intP_unsigned_intM_a_0_4 : (unsigned_intP, uint32) memory ref) (intP_intM_a_0_4 : (intP, int32) memory ref) (SparseArray_n_a_0_4 : (SparseArray, uint32) memory ref) (SparseArray_a_0_4_alloc_table : SparseArray alloc_table) (intP_a_0_4_alloc_table : intP alloc_table) (unsigned_intP_a_0_4_alloc_table : unsigned_intP alloc_table) (SparseArray_val_a_0_4 : (SparseArray, intP pointer) memory) (SparseArray_idx_a_0_4 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_back_a_0_4 : (SparseArray, unsigned_intP pointer) memory) -> { (JC_40: ((JC_38: le_int(offset_min(SparseArray_a_0_4_alloc_table, a_0), (0))) and (JC_39: ge_int(offset_max(SparseArray_a_0_4_alloc_table, a_0), (0))))) } @@ -2931,10 +2862,8 @@ try begin try - (let jessie_ = begin try - (let jessie_ = (C_27: begin (let jessie_ = @@ -2943,9 +2872,9 @@ (C_25: ((safe_acc_ SparseArray_val_a_0_4) a_0)) in (let jessie_ = (integer_of_uint32 i_0) in (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ int_P_int_M_a_0_4) jessie_) jessie_))))) in void); + (((safe_upd_ intP_intM_a_0_4) jessie_) jessie_))))) in void); (if ((lt_int_ (integer_of_uint32 (C_34: - ((safe_acc_ !unsigned_int_P_unsigned_int_M_a_0_4) + ((safe_acc_ !unsigned_intP_unsigned_intM_a_0_4) ((shift (C_33: ((safe_acc_ SparseArray_idx_a_0_4) a_0))) (integer_of_uint32 i_0)))))) @@ -2953,21 +2882,20 @@ ((safe_acc_ !SparseArray_n_a_0_4) a_0)))) then (if ((eq_int_ (integer_of_uint32 (C_31: - ((safe_acc_ !unsigned_int_P_unsigned_int_M_a_0_4) + ((safe_acc_ !unsigned_intP_unsigned_intM_a_0_4) ((shift (C_30: ((safe_acc_ SparseArray_back_a_0_4) a_0))) (integer_of_uint32 (C_29: - ((safe_acc_ !unsigned_int_P_unsigned_int_M_a_0_4) + ((safe_acc_ !unsigned_intP_unsigned_intM_a_0_4) ((shift (C_28: ((safe_acc_ SparseArray_idx_a_0_4) a_0))) (integer_of_uint32 i_0)))))))))) (integer_of_uint32 i_0)) then void - else (let jessie_ = (raise (Goto__LAND_exc void)) in void)) - else (let jessie_ = (raise (Goto__LAND_exc void)) in void)); - (let jessie_ = (raise (Goto__LAND_0_exc void)) in void); - (raise (Goto__LAND_exc void)) end) in void) with - Goto__LAND_exc jessie_ -> + else (raise (Goto__LAND_exc void))) + else (raise (Goto__LAND_exc void))); + (raise (Goto__LAND_0_exc void)); (raise (Goto__LAND_exc void)) end) + with Goto__LAND_exc jessie_ -> (let jessie_ = (_LAND: (C_39: @@ -2982,7 +2910,7 @@ (let jessie_ = (C_37: ((safe_acc_ SparseArray_idx_a_0_4) a_0)) in (let jessie_ = (integer_of_uint32 i_0) in (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ unsigned_int_P_unsigned_int_M_a_0_4) jessie_) jessie_))))) in + (((safe_upd_ unsigned_intP_unsigned_intM_a_0_4) jessie_) jessie_))))) in void); (let jessie_ = (let jessie_ = i_0 in @@ -2991,7 +2919,7 @@ (let jessie_ = (integer_of_uint32 (C_40: ((safe_acc_ !SparseArray_n_a_0_4) a_0))) in (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ unsigned_int_P_unsigned_int_M_a_0_4) jessie_) jessie_))))) in + (((safe_upd_ unsigned_intP_unsigned_intM_a_0_4) jessie_) jessie_))))) in void); (C_48: (let jessie_ = @@ -3003,13 +2931,12 @@ (let jessie_ = a_0 in (((safe_upd_ SparseArray_n_a_0_4) jessie_) jessie_)); jessie_ end)) end))) in void) end; - (raise (Goto__LAND_0_exc void)) end in void) with - Goto__LAND_0_exc jessie_ -> + (raise (Goto__LAND_0_exc void)) end with Goto__LAND_0_exc jessie_ -> (_LAND_0: begin void; (raise Return) end) end; (raise Return) end with Return -> void end) { (JC_42: true) } let set_safety = - fun (a_0 : SparseArray pointer) (i_0 : uint32) (v : int32) (unsigned_int_P_unsigned_int_M_a_0_4 : (unsigned_int_P, uint32) memory ref) (int_P_int_M_a_0_4 : (int_P, int32) memory ref) (SparseArray_n_a_0_4 : (SparseArray, uint32) memory ref) (SparseArray_a_0_4_alloc_table : SparseArray alloc_table) (int_P_a_0_4_alloc_table : int_P alloc_table) (unsigned_int_P_a_0_4_alloc_table : unsigned_int_P alloc_table) (SparseArray_val_a_0_4 : (SparseArray, int_P pointer) memory) (SparseArray_idx_a_0_4 : (SparseArray, unsigned_int_P pointer) memory) (SparseArray_back_a_0_4 : (SparseArray, unsigned_int_P pointer) memory) -> + fun (a_0 : SparseArray pointer) (i_0 : uint32) (v : int32) (unsigned_intP_unsigned_intM_a_0_4 : (unsigned_intP, uint32) memory ref) (intP_intM_a_0_4 : (intP, int32) memory ref) (SparseArray_n_a_0_4 : (SparseArray, uint32) memory ref) (SparseArray_a_0_4_alloc_table : SparseArray alloc_table) (intP_a_0_4_alloc_table : intP alloc_table) (unsigned_intP_a_0_4_alloc_table : unsigned_intP alloc_table) (SparseArray_val_a_0_4 : (SparseArray, intP pointer) memory) (SparseArray_idx_a_0_4 : (SparseArray, unsigned_intP pointer) memory) (SparseArray_back_a_0_4 : (SparseArray, unsigned_intP pointer) memory) -> { (JC_40: ((JC_38: le_int(offset_min(SparseArray_a_0_4_alloc_table, a_0), (0))) and (JC_39: ge_int(offset_max(SparseArray_a_0_4_alloc_table, a_0), (0))))) } @@ -3017,10 +2944,8 @@ try begin try - (let jessie_ = begin try - (let jessie_ = (C_27: begin (let jessie_ = @@ -3032,11 +2957,11 @@ (let jessie_ = (integer_of_uint32 i_0) in (let jessie_ = ((shift jessie_) jessie_) in (JC_47: - (((((offset_upd_ int_P_a_0_4_alloc_table) int_P_int_M_a_0_4) jessie_) jessie_) jessie_)))))) in + (((((offset_upd_ intP_a_0_4_alloc_table) intP_intM_a_0_4) jessie_) jessie_) jessie_)))))) in void); (if ((lt_int_ (integer_of_uint32 (C_34: (JC_49: - ((((offset_acc_ unsigned_int_P_a_0_4_alloc_table) !unsigned_int_P_unsigned_int_M_a_0_4) + ((((offset_acc_ unsigned_intP_a_0_4_alloc_table) !unsigned_intP_unsigned_intM_a_0_4) (C_33: (JC_48: (((acc_ SparseArray_a_0_4_alloc_table) SparseArray_idx_a_0_4) a_0)))) @@ -3047,23 +2972,22 @@ then (if ((eq_int_ (integer_of_uint32 (C_31: (JC_54: - ((((offset_acc_ unsigned_int_P_a_0_4_alloc_table) !unsigned_int_P_unsigned_int_M_a_0_4) + ((((offset_acc_ unsigned_intP_a_0_4_alloc_table) !unsigned_intP_unsigned_intM_a_0_4) (C_30: (JC_53: (((acc_ SparseArray_a_0_4_alloc_table) SparseArray_back_a_0_4) a_0)))) (integer_of_uint32 (C_29: (JC_52: - ((((offset_acc_ unsigned_int_P_a_0_4_alloc_table) !unsigned_int_P_unsigned_int_M_a_0_4) + ((((offset_acc_ unsigned_intP_a_0_4_alloc_table) !unsigned_intP_unsigned_intM_a_0_4) (C_28: (JC_51: (((acc_ SparseArray_a_0_4_alloc_table) SparseArray_idx_a_0_4) a_0)))) (integer_of_uint32 i_0)))))))))) (integer_of_uint32 i_0)) then void - else (let jessie_ = (raise (Goto__LAND_exc void)) in void)) - else (let jessie_ = (raise (Goto__LAND_exc void)) in void)); - (let jessie_ = (raise (Goto__LAND_0_exc void)) in void); - (raise (Goto__LAND_exc void)) end) in void) with - Goto__LAND_exc jessie_ -> + else (raise (Goto__LAND_exc void))) + else (raise (Goto__LAND_exc void))); + (raise (Goto__LAND_0_exc void)); (raise (Goto__LAND_exc void)) end) + with Goto__LAND_exc jessie_ -> (let jessie_ = (_LAND: (C_39: @@ -3085,7 +3009,7 @@ (let jessie_ = (integer_of_uint32 i_0) in (let jessie_ = ((shift jessie_) jessie_) in (JC_58: - (((((offset_upd_ unsigned_int_P_a_0_4_alloc_table) unsigned_int_P_unsigned_int_M_a_0_4) jessie_) jessie_) jessie_)))))) in + (((((offset_upd_ unsigned_intP_a_0_4_alloc_table) unsigned_intP_unsigned_intM_a_0_4) jessie_) jessie_) jessie_)))))) in void); (let jessie_ = (let jessie_ = i_0 in @@ -3099,7 +3023,7 @@ (((acc_ SparseArray_a_0_4_alloc_table) !SparseArray_n_a_0_4) a_0)))) in (let jessie_ = ((shift jessie_) jessie_) in (JC_61: - (((((offset_upd_ unsigned_int_P_a_0_4_alloc_table) unsigned_int_P_unsigned_int_M_a_0_4) jessie_) jessie_) jessie_)))))) in + (((((offset_upd_ unsigned_intP_a_0_4_alloc_table) unsigned_intP_unsigned_intM_a_0_4) jessie_) jessie_) jessie_)))))) in void); (C_48: (let jessie_ = @@ -3114,8 +3038,7 @@ (JC_64: ((((upd_ SparseArray_a_0_4_alloc_table) SparseArray_n_a_0_4) jessie_) jessie_))); jessie_ end)) end))) in void) end; - (raise (Goto__LAND_0_exc void)) end in void) with - Goto__LAND_0_exc jessie_ -> + (raise (Goto__LAND_0_exc void)) end with Goto__LAND_0_exc jessie_ -> (_LAND_0: begin void; (raise Return) end) end; (raise Return) end with Return -> void end) { true } @@ -4054,21 +3977,21 @@ type SparseArray -type char_P +type charP type int32 type int8 -type int_P +type intP type padding type uint32 -type unsigned_int_P +type unsigned_intP -type void_P +type voidP logic SparseArray_tag : SparseArray tag_id @@ -4087,22 +4010,22 @@ (forall SparseArray_tag_table:SparseArray tag_table. instanceof(SparseArray_tag_table, x, SparseArray_tag))) -logic char_P_tag : char_P tag_id +logic charP_tag : charP tag_id -axiom char_P_int: (int_of_tag(char_P_tag) = 1) +axiom charP_int: (int_of_tag(charP_tag) = 1) -logic char_P_of_pointer_address : unit pointer -> char_P pointer +logic charP_of_pointer_address : unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr: - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom: parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) -axiom char_P_tags: - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. instanceof(char_P_tag_table, - x, char_P_tag))) +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) logic integer_of_int32 : int32 -> int @@ -4126,6 +4049,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -4138,110 +4066,111 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_int8(int8_of_integer(x)) = x))) +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + axiom int8_range: (forall x:int8. (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) -logic int_P_tag : int_P tag_id +logic intP_tag : intP tag_id -axiom int_P_int: (int_of_tag(int_P_tag) = 1) +axiom intP_int: (int_of_tag(intP_tag) = 1) -logic int_P_of_pointer_address : unit pointer -> int_P pointer +logic intP_of_pointer_address : unit pointer -> intP pointer -axiom int_P_of_pointer_address_of_pointer_addr: - (forall p:int_P pointer. - (p = int_P_of_pointer_address(pointer_address(p)))) +axiom intP_of_pointer_address_of_pointer_addr: + (forall p:intP pointer. (p = intP_of_pointer_address(pointer_address(p)))) -axiom int_P_parenttag_bottom: parenttag(int_P_tag, bottom_tag) +axiom intP_parenttag_bottom: parenttag(intP_tag, bottom_tag) -axiom int_P_tags: - (forall x:int_P pointer. - (forall int_P_tag_table:int_P tag_table. instanceof(int_P_tag_table, x, - int_P_tag))) +axiom intP_tags: + (forall x:intP pointer. + (forall intP_tag_table:intP tag_table. instanceof(intP_tag_table, x, + intP_tag))) -predicate left_valid_struct_int_P(p: int_P pointer, a: int, - int_P_alloc_table: int_P alloc_table) = (offset_min(int_P_alloc_table, +predicate left_valid_struct_intP(p: intP pointer, a: int, + intP_alloc_table: intP alloc_table) = (offset_min(intP_alloc_table, p) <= a) -predicate left_valid_struct_unsigned_int_P(p: unsigned_int_P pointer, a: int, - unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - (offset_min(unsigned_int_P_alloc_table, p) <= a) +predicate left_valid_struct_unsigned_intP(p: unsigned_intP pointer, a: int, + unsigned_intP_alloc_table: unsigned_intP alloc_table) = + (offset_min(unsigned_intP_alloc_table, p) <= a) predicate left_valid_struct_SparseArray(p: SparseArray pointer, a: int, SparseArray_alloc_table: SparseArray alloc_table, - int_P_alloc_table: int_P alloc_table, - unsigned_int_P_alloc_table: unsigned_int_P alloc_table, - SparseArray_back: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_val: (SparseArray, int_P pointer) memory) = + intP_alloc_table: intP alloc_table, + unsigned_intP_alloc_table: unsigned_intP alloc_table, + SparseArray_back: (SparseArray, unsigned_intP pointer) memory, + SparseArray_idx: (SparseArray, unsigned_intP pointer) memory, + SparseArray_val: (SparseArray, intP pointer) memory) = ((offset_min(SparseArray_alloc_table, p) <= a) and - (left_valid_struct_int_P(select(SparseArray_val, p), 0, - int_P_alloc_table) and - (left_valid_struct_unsigned_int_P(select(SparseArray_idx, p), 0, - unsigned_int_P_alloc_table) and - left_valid_struct_unsigned_int_P(select(SparseArray_back, p), 0, - unsigned_int_P_alloc_table)))) + (left_valid_struct_intP(select(SparseArray_val, p), 0, + intP_alloc_table) and + (left_valid_struct_unsigned_intP(select(SparseArray_idx, p), 0, + unsigned_intP_alloc_table) and + left_valid_struct_unsigned_intP(select(SparseArray_back, p), 0, + unsigned_intP_alloc_table)))) -predicate left_valid_struct_char_P(p: char_P pointer, a: int, - char_P_alloc_table: char_P alloc_table) = (offset_min(char_P_alloc_table, +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, p) <= a) -predicate left_valid_struct_void_P(p: void_P pointer, a: int, - void_P_alloc_table: void_P alloc_table) = (offset_min(void_P_alloc_table, +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, p) <= a) axiom pointer_addr_of_SparseArray_of_pointer_address: (forall p:unit pointer. (p = pointer_address(SparseArray_of_pointer_address(p)))) -axiom pointer_addr_of_char_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(char_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) -axiom pointer_addr_of_int_P_of_pointer_address: - (forall p:unit pointer. (p = pointer_address(int_P_of_pointer_address(p)))) +axiom pointer_addr_of_intP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(intP_of_pointer_address(p)))) -logic unsigned_int_P_of_pointer_address : unit pointer -> unsigned_int_P pointer +logic unsigned_intP_of_pointer_address : unit pointer -> unsigned_intP pointer -axiom pointer_addr_of_unsigned_int_P_of_pointer_address: +axiom pointer_addr_of_unsigned_intP_of_pointer_address: (forall p:unit pointer. - (p = pointer_address(unsigned_int_P_of_pointer_address(p)))) + (p = pointer_address(unsigned_intP_of_pointer_address(p)))) -logic void_P_of_pointer_address : unit pointer -> void_P pointer +logic voidP_of_pointer_address : unit pointer -> voidP pointer -axiom pointer_addr_of_void_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) -predicate right_valid_struct_int_P(p: int_P pointer, b: int, - int_P_alloc_table: int_P alloc_table) = (offset_max(int_P_alloc_table, +predicate right_valid_struct_intP(p: intP pointer, b: int, + intP_alloc_table: intP alloc_table) = (offset_max(intP_alloc_table, p) >= b) -predicate right_valid_struct_unsigned_int_P(p: unsigned_int_P pointer, - b: int, unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - (offset_max(unsigned_int_P_alloc_table, p) >= b) +predicate right_valid_struct_unsigned_intP(p: unsigned_intP pointer, b: int, + unsigned_intP_alloc_table: unsigned_intP alloc_table) = + (offset_max(unsigned_intP_alloc_table, p) >= b) predicate right_valid_struct_SparseArray(p: SparseArray pointer, b: int, SparseArray_alloc_table: SparseArray alloc_table, - int_P_alloc_table: int_P alloc_table, - unsigned_int_P_alloc_table: unsigned_int_P alloc_table, - SparseArray_back: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_val: (SparseArray, int_P pointer) memory) = + intP_alloc_table: intP alloc_table, + unsigned_intP_alloc_table: unsigned_intP alloc_table, + SparseArray_back: (SparseArray, unsigned_intP pointer) memory, + SparseArray_idx: (SparseArray, unsigned_intP pointer) memory, + SparseArray_val: (SparseArray, intP pointer) memory) = ((offset_max(SparseArray_alloc_table, p) >= b) and - (right_valid_struct_int_P(select(SparseArray_val, p), 999, - int_P_alloc_table) and - (right_valid_struct_unsigned_int_P(select(SparseArray_idx, p), 999, - unsigned_int_P_alloc_table) and - right_valid_struct_unsigned_int_P(select(SparseArray_back, p), 999, - unsigned_int_P_alloc_table)))) + (right_valid_struct_intP(select(SparseArray_val, p), 999, + intP_alloc_table) and + (right_valid_struct_unsigned_intP(select(SparseArray_idx, p), 999, + unsigned_intP_alloc_table) and + right_valid_struct_unsigned_intP(select(SparseArray_back, p), 999, + unsigned_intP_alloc_table)))) -predicate right_valid_struct_char_P(p: char_P pointer, b: int, - char_P_alloc_table: char_P alloc_table) = (offset_max(char_P_alloc_table, +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, p) >= b) -predicate right_valid_struct_void_P(p: void_P pointer, b: int, - void_P_alloc_table: void_P alloc_table) = (offset_max(void_P_alloc_table, +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, p) >= b) predicate strict_valid_root_SparseArray(p: SparseArray pointer, a: int, @@ -4249,61 +4178,61 @@ ((offset_min(SparseArray_alloc_table, p) = a) and (offset_max(SparseArray_alloc_table, p) = b)) -predicate strict_valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) and (offset_max(int_P_alloc_table, +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, + p) = b)) + +predicate strict_valid_root_unsigned_intP(p: unsigned_intP pointer, a: int, + b: int, unsigned_intP_alloc_table: unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) = a) and + (offset_max(unsigned_intP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, p) = b)) -predicate strict_valid_root_unsigned_int_P(p: unsigned_int_P pointer, a: int, - b: int, unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) = a) and - (offset_max(unsigned_int_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) = a) and (offset_max(int_P_alloc_table, +predicate strict_valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) = a) and (offset_max(intP_alloc_table, p) = b)) -predicate strict_valid_struct_unsigned_int_P(p: unsigned_int_P pointer, - a: int, b: int, unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) = a) and - (offset_max(unsigned_int_P_alloc_table, p) = b)) +predicate strict_valid_struct_unsigned_intP(p: unsigned_intP pointer, a: int, + b: int, unsigned_intP_alloc_table: unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) = a) and + (offset_max(unsigned_intP_alloc_table, p) = b)) predicate strict_valid_struct_SparseArray(p: SparseArray pointer, a: int, b: int, SparseArray_alloc_table: SparseArray alloc_table, - int_P_alloc_table: int_P alloc_table, - unsigned_int_P_alloc_table: unsigned_int_P alloc_table, - SparseArray_back: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_val: (SparseArray, int_P pointer) memory) = + intP_alloc_table: intP alloc_table, + unsigned_intP_alloc_table: unsigned_intP alloc_table, + SparseArray_back: (SparseArray, unsigned_intP pointer) memory, + SparseArray_idx: (SparseArray, unsigned_intP pointer) memory, + SparseArray_val: (SparseArray, intP pointer) memory) = ((offset_min(SparseArray_alloc_table, p) = a) and ((offset_max(SparseArray_alloc_table, p) = b) and - (strict_valid_struct_int_P(select(SparseArray_val, p), 0, 999, - int_P_alloc_table) and - (strict_valid_struct_unsigned_int_P(select(SparseArray_idx, p), 0, 999, - unsigned_int_P_alloc_table) and - strict_valid_struct_unsigned_int_P(select(SparseArray_back, p), 0, 999, - unsigned_int_P_alloc_table))))) - -predicate strict_valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) + (strict_valid_struct_intP(select(SparseArray_val, p), 0, 999, + intP_alloc_table) and + (strict_valid_struct_unsigned_intP(select(SparseArray_idx, p), 0, 999, + unsigned_intP_alloc_table) and + strict_valid_struct_unsigned_intP(select(SparseArray_back, p), 0, 999, + unsigned_intP_alloc_table))))) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) logic uint32_of_integer : int -> uint32 @@ -4312,126 +4241,106 @@ (((0 <= x) and (x <= 4294967295)) -> (integer_of_uint32(uint32_of_integer(x)) = x))) +axiom uint32_extensionality: + (forall x:uint32. + (forall y:uint32. + ((integer_of_uint32(x) = integer_of_uint32(y)) -> (x = y)))) + axiom uint32_range: (forall x:uint32. ((0 <= integer_of_uint32(x)) and (integer_of_uint32(x) <= 4294967295))) -logic unsigned_int_P_tag : unsigned_int_P tag_id +logic unsigned_intP_tag : unsigned_intP tag_id -axiom unsigned_int_P_int: (int_of_tag(unsigned_int_P_tag) = 1) +axiom unsigned_intP_int: (int_of_tag(unsigned_intP_tag) = 1) -axiom unsigned_int_P_of_pointer_address_of_pointer_addr: - (forall p:unsigned_int_P pointer. - (p = unsigned_int_P_of_pointer_address(pointer_address(p)))) +axiom unsigned_intP_of_pointer_address_of_pointer_addr: + (forall p:unsigned_intP pointer. + (p = unsigned_intP_of_pointer_address(pointer_address(p)))) -axiom unsigned_int_P_parenttag_bottom: parenttag(unsigned_int_P_tag, +axiom unsigned_intP_parenttag_bottom: parenttag(unsigned_intP_tag, bottom_tag) -axiom unsigned_int_P_tags: - (forall x:unsigned_int_P pointer. - (forall unsigned_int_P_tag_table:unsigned_int_P tag_table. - instanceof(unsigned_int_P_tag_table, x, unsigned_int_P_tag))) - -predicate valid_bitvector_struct_SparseArray(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_int_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_unsigned_int_P(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) +axiom unsigned_intP_tags: + (forall x:unsigned_intP pointer. + (forall unsigned_intP_tag_table:unsigned_intP tag_table. + instanceof(unsigned_intP_tag_table, x, unsigned_intP_tag))) predicate valid_root_SparseArray(p: SparseArray pointer, a: int, b: int, SparseArray_alloc_table: SparseArray alloc_table) = ((offset_min(SparseArray_alloc_table, p) <= a) and (offset_max(SparseArray_alloc_table, p) >= b)) -predicate valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) and (offset_max(int_P_alloc_table, +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, p) >= b)) -predicate valid_root_unsigned_int_P(p: unsigned_int_P pointer, a: int, - b: int, unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) <= a) and - (offset_max(unsigned_int_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_int_P(p: int_P pointer, a: int, b: int, - int_P_alloc_table: int_P alloc_table) = - ((offset_min(int_P_alloc_table, p) <= a) and (offset_max(int_P_alloc_table, +predicate valid_root_unsigned_intP(p: unsigned_intP pointer, a: int, b: int, + unsigned_intP_alloc_table: unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) <= a) and + (offset_max(unsigned_intP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, p) >= b)) -predicate valid_struct_unsigned_int_P(p: unsigned_int_P pointer, a: int, - b: int, unsigned_int_P_alloc_table: unsigned_int_P alloc_table) = - ((offset_min(unsigned_int_P_alloc_table, p) <= a) and - (offset_max(unsigned_int_P_alloc_table, p) >= b)) +predicate valid_struct_intP(p: intP pointer, a: int, b: int, + intP_alloc_table: intP alloc_table) = + ((offset_min(intP_alloc_table, p) <= a) and (offset_max(intP_alloc_table, + p) >= b)) + +predicate valid_struct_unsigned_intP(p: unsigned_intP pointer, a: int, + b: int, unsigned_intP_alloc_table: unsigned_intP alloc_table) = + ((offset_min(unsigned_intP_alloc_table, p) <= a) and + (offset_max(unsigned_intP_alloc_table, p) >= b)) predicate valid_struct_SparseArray(p: SparseArray pointer, a: int, b: int, SparseArray_alloc_table: SparseArray alloc_table, - int_P_alloc_table: int_P alloc_table, - unsigned_int_P_alloc_table: unsigned_int_P alloc_table, - SparseArray_back: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_idx: (SparseArray, unsigned_int_P pointer) memory, - SparseArray_val: (SparseArray, int_P pointer) memory) = + intP_alloc_table: intP alloc_table, + unsigned_intP_alloc_table: unsigned_intP alloc_table, + SparseArray_back: (SparseArray, unsigned_intP pointer) memory, + SparseArray_idx: (SparseArray, unsigned_intP pointer) memory, + SparseArray_val: (SparseArray, intP pointer) memory) = ((offset_min(SparseArray_alloc_table, p) <= a) and ((offset_max(SparseArray_alloc_table, p) >= b) and - (valid_struct_int_P(select(SparseArray_val, p), 0, 999, - int_P_alloc_table) and - (valid_struct_unsigned_int_P(select(SparseArray_idx, p), 0, 999, - unsigned_int_P_alloc_table) and - valid_struct_unsigned_int_P(select(SparseArray_back, p), 0, 999, - unsigned_int_P_alloc_table))))) - -predicate valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag : void_P tag_id - -axiom void_P_int: (int_of_tag(void_P_tag) = 1) - -axiom void_P_of_pointer_address_of_pointer_addr: - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom: parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags: - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. instanceof(void_P_tag_table, - x, void_P_tag))) + (valid_struct_intP(select(SparseArray_val, p), 0, 999, + intP_alloc_table) and + (valid_struct_unsigned_intP(select(SparseArray_idx, p), 0, 999, + unsigned_intP_alloc_table) and + valid_struct_unsigned_intP(select(SparseArray_back, p), 0, 999, + unsigned_intP_alloc_table))))) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) goal create_safety_po_1: forall sz:uint32. @@ -4441,22 +4350,22 @@ goal create_safety_po_2: forall sz:uint32. forall SparseArray_back_create_2:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_create_2_alloc_table:SparseArray alloc_table. forall SparseArray_idx_create_2:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_val_create_2:(SparseArray, - int_P pointer) memory. + intP pointer) memory. ("JC_3": (integer_of_uint32(sz) <= 1000)) -> (1 >= 0) -> forall result:SparseArray pointer. forall SparseArray_create_2_alloc_table0:SparseArray alloc_table. forall SparseArray_create_2_tag_table:SparseArray tag_table. - forall int_P_create_2_alloc_table:int_P alloc_table. - forall unsigned_int_P_create_2_alloc_table:unsigned_int_P alloc_table. + forall intP_create_2_alloc_table:intP alloc_table. + forall unsigned_intP_create_2_alloc_table:unsigned_intP alloc_table. (strict_valid_struct_SparseArray(result, 0, (1 - 1), - SparseArray_create_2_alloc_table0, int_P_create_2_alloc_table, - unsigned_int_P_create_2_alloc_table, SparseArray_back_create_2, + SparseArray_create_2_alloc_table0, intP_create_2_alloc_table, + unsigned_intP_create_2_alloc_table, SparseArray_back_create_2, SparseArray_idx_create_2, SparseArray_val_create_2) and (alloc_extends(SparseArray_create_2_alloc_table, SparseArray_create_2_alloc_table0) and @@ -4471,22 +4380,22 @@ goal create_safety_po_3: forall sz:uint32. forall SparseArray_back_create_2:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_create_2_alloc_table:SparseArray alloc_table. forall SparseArray_idx_create_2:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_val_create_2:(SparseArray, - int_P pointer) memory. + intP pointer) memory. ("JC_3": (integer_of_uint32(sz) <= 1000)) -> (1 >= 0) -> forall result:SparseArray pointer. forall SparseArray_create_2_alloc_table0:SparseArray alloc_table. forall SparseArray_create_2_tag_table:SparseArray tag_table. - forall int_P_create_2_alloc_table:int_P alloc_table. - forall unsigned_int_P_create_2_alloc_table:unsigned_int_P alloc_table. + forall intP_create_2_alloc_table:intP alloc_table. + forall unsigned_intP_create_2_alloc_table:unsigned_intP alloc_table. (strict_valid_struct_SparseArray(result, 0, (1 - 1), - SparseArray_create_2_alloc_table0, int_P_create_2_alloc_table, - unsigned_int_P_create_2_alloc_table, SparseArray_back_create_2, + SparseArray_create_2_alloc_table0, intP_create_2_alloc_table, + unsigned_intP_create_2_alloc_table, SparseArray_back_create_2, SparseArray_idx_create_2, SparseArray_val_create_2) and (alloc_extends(SparseArray_create_2_alloc_table, SparseArray_create_2_alloc_table0) and @@ -4510,47 +4419,45 @@ forall a:SparseArray pointer. forall i:uint32. forall SparseArray_a_3_alloc_table:SparseArray alloc_table. - forall unsigned_int_P_a_3_alloc_table:unsigned_int_P alloc_table. + forall unsigned_intP_a_3_alloc_table:unsigned_intP alloc_table. forall SparseArray_idx_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. ("JC_19": (("JC_17": (offset_min(SparseArray_a_3_alloc_table, a) <= 0)) and ("JC_18": (offset_max(SparseArray_a_3_alloc_table, a) >= 0)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_3, a)) -> - (offset_min(unsigned_int_P_a_3_alloc_table, - result) <= integer_of_uint32(i)) + (offset_min(unsigned_intP_a_3_alloc_table, result) <= integer_of_uint32(i)) goal get_safety_po_3: forall a:SparseArray pointer. forall i:uint32. forall SparseArray_a_3_alloc_table:SparseArray alloc_table. - forall unsigned_int_P_a_3_alloc_table:unsigned_int_P alloc_table. + forall unsigned_intP_a_3_alloc_table:unsigned_intP alloc_table. forall SparseArray_idx_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. ("JC_19": (("JC_17": (offset_min(SparseArray_a_3_alloc_table, a) <= 0)) and ("JC_18": (offset_max(SparseArray_a_3_alloc_table, a) >= 0)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_3, a)) -> - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, - result)) + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result)) goal get_safety_po_4: forall a:SparseArray pointer. forall i:uint32. forall SparseArray_a_3_alloc_table:SparseArray alloc_table. - forall unsigned_int_P_a_3_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_a_3:(unsigned_int_P, + forall unsigned_intP_a_3_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_a_3:(unsigned_intP, uint32) memory. forall SparseArray_idx_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_3:(SparseArray, uint32) memory. ("JC_19": @@ -4558,14 +4465,14 @@ ("JC_18": (offset_max(SparseArray_a_3_alloc_table, a) >= 0)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_3, a)) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result) <= integer_of_uint32(i)) and - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_a_3, shift(result, integer_of_uint32(i)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> @@ -4574,26 +4481,26 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_3, a)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_3, a)) -> - (offset_min(unsigned_int_P_a_3_alloc_table, + (offset_min(unsigned_intP_a_3_alloc_table, result3) <= integer_of_uint32(i)) goal get_safety_po_5: forall a:SparseArray pointer. forall i:uint32. forall SparseArray_a_3_alloc_table:SparseArray alloc_table. - forall unsigned_int_P_a_3_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_a_3:(unsigned_int_P, + forall unsigned_intP_a_3_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_a_3:(unsigned_intP, uint32) memory. forall SparseArray_idx_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_3:(SparseArray, uint32) memory. ("JC_19": @@ -4601,14 +4508,14 @@ ("JC_18": (offset_max(SparseArray_a_3_alloc_table, a) >= 0)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_3, a)) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result) <= integer_of_uint32(i)) and - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_a_3, shift(result, integer_of_uint32(i)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> @@ -4617,26 +4524,26 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_3, a)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_3, a)) -> - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result3)) goal get_safety_po_6: forall a:SparseArray pointer. forall i:uint32. forall SparseArray_a_3_alloc_table:SparseArray alloc_table. - forall unsigned_int_P_a_3_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_a_3:(unsigned_int_P, + forall unsigned_intP_a_3_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_a_3:(unsigned_intP, uint32) memory. forall SparseArray_idx_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_3:(SparseArray, uint32) memory. ("JC_19": @@ -4644,14 +4551,14 @@ ("JC_18": (offset_max(SparseArray_a_3_alloc_table, a) >= 0)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_3, a)) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result) <= integer_of_uint32(i)) and - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_a_3, shift(result, integer_of_uint32(i)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> @@ -4660,33 +4567,33 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_3, a)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_3, a)) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result3) <= integer_of_uint32(i)) and - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result3))) -> forall result4:uint32. - (result4 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result3, + (result4 = select(unsigned_intP_unsigned_intM_a_3, shift(result3, integer_of_uint32(i)))) -> - (offset_min(unsigned_int_P_a_3_alloc_table, + (offset_min(unsigned_intP_a_3_alloc_table, result2) <= integer_of_uint32(result4)) goal get_safety_po_7: forall a:SparseArray pointer. forall i:uint32. forall SparseArray_a_3_alloc_table:SparseArray alloc_table. - forall unsigned_int_P_a_3_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_a_3:(unsigned_int_P, + forall unsigned_intP_a_3_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_a_3:(unsigned_intP, uint32) memory. forall SparseArray_idx_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_3:(SparseArray, uint32) memory. ("JC_19": @@ -4694,14 +4601,14 @@ ("JC_18": (offset_max(SparseArray_a_3_alloc_table, a) >= 0)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_3, a)) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result) <= integer_of_uint32(i)) and - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_a_3, shift(result, integer_of_uint32(i)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> @@ -4710,36 +4617,36 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_3, a)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_3, a)) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result3) <= integer_of_uint32(i)) and - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result3))) -> forall result4:uint32. - (result4 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result3, + (result4 = select(unsigned_intP_unsigned_intM_a_3, shift(result3, integer_of_uint32(i)))) -> - (integer_of_uint32(result4) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(result4) <= offset_max(unsigned_intP_a_3_alloc_table, result2)) goal get_safety_po_8: forall a:SparseArray pointer. forall i:uint32. forall SparseArray_a_3_alloc_table:SparseArray alloc_table. - forall int_P_a_3_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_3_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_a_3:(unsigned_int_P, + forall intP_a_3_alloc_table:intP alloc_table. + forall unsigned_intP_a_3_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_a_3:(unsigned_intP, uint32) memory. forall SparseArray_val_a_3:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_3:(SparseArray, uint32) memory. ("JC_19": @@ -4747,14 +4654,14 @@ ("JC_18": (offset_max(SparseArray_a_3_alloc_table, a) >= 0)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_3, a)) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result) <= integer_of_uint32(i)) and - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_a_3, shift(result, integer_of_uint32(i)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> @@ -4763,47 +4670,47 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_3, a)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_3, a)) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result3) <= integer_of_uint32(i)) and - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result3))) -> forall result4:uint32. - (result4 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result3, + (result4 = select(unsigned_intP_unsigned_intM_a_3, shift(result3, integer_of_uint32(i)))) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result2) <= integer_of_uint32(result4)) and - (integer_of_uint32(result4) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(result4) <= offset_max(unsigned_intP_a_3_alloc_table, result2))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result2, + (result5 = select(unsigned_intP_unsigned_intM_a_3, shift(result2, integer_of_uint32(result4)))) -> (integer_of_uint32(result5) = integer_of_uint32(i)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result6:int_P pointer. + forall result6:intP pointer. (result6 = select(SparseArray_val_a_3, a)) -> - (offset_min(int_P_a_3_alloc_table, result6) <= integer_of_uint32(i)) + (offset_min(intP_a_3_alloc_table, result6) <= integer_of_uint32(i)) goal get_safety_po_9: forall a:SparseArray pointer. forall i:uint32. forall SparseArray_a_3_alloc_table:SparseArray alloc_table. - forall int_P_a_3_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_3_alloc_table:unsigned_int_P alloc_table. - forall unsigned_int_P_unsigned_int_M_a_3:(unsigned_int_P, + forall intP_a_3_alloc_table:intP alloc_table. + forall unsigned_intP_a_3_alloc_table:unsigned_intP alloc_table. + forall unsigned_intP_unsigned_intM_a_3:(unsigned_intP, uint32) memory. forall SparseArray_val_a_3:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_3:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_3:(SparseArray, uint32) memory. ("JC_19": @@ -4811,14 +4718,14 @@ ("JC_18": (offset_max(SparseArray_a_3_alloc_table, a) >= 0)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result:unsigned_int_P pointer. + forall result:unsigned_intP pointer. (result = select(SparseArray_idx_a_3, a)) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result) <= integer_of_uint32(i)) and - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result))) -> forall result0:uint32. - (result0 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result, + (result0 = select(unsigned_intP_unsigned_intM_a_3, shift(result, integer_of_uint32(i)))) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> @@ -4827,32 +4734,32 @@ (integer_of_uint32(result0) < integer_of_uint32(result1)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result2:unsigned_int_P pointer. + forall result2:unsigned_intP pointer. (result2 = select(SparseArray_back_a_3, a)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_idx_a_3, a)) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result3) <= integer_of_uint32(i)) and - (integer_of_uint32(i) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(i) <= offset_max(unsigned_intP_a_3_alloc_table, result3))) -> forall result4:uint32. - (result4 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result3, + (result4 = select(unsigned_intP_unsigned_intM_a_3, shift(result3, integer_of_uint32(i)))) -> - ((offset_min(unsigned_int_P_a_3_alloc_table, + ((offset_min(unsigned_intP_a_3_alloc_table, result2) <= integer_of_uint32(result4)) and - (integer_of_uint32(result4) <= offset_max(unsigned_int_P_a_3_alloc_table, + (integer_of_uint32(result4) <= offset_max(unsigned_intP_a_3_alloc_table, result2))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_3, shift(result2, + (result5 = select(unsigned_intP_unsigned_intM_a_3, shift(result2, integer_of_uint32(result4)))) -> (integer_of_uint32(result5) = integer_of_uint32(i)) -> ((offset_min(SparseArray_a_3_alloc_table, a) <= 0) and (0 <= offset_max(SparseArray_a_3_alloc_table, a))) -> - forall result6:int_P pointer. + forall result6:intP pointer. (result6 = select(SparseArray_val_a_3, a)) -> - (integer_of_uint32(i) <= offset_max(int_P_a_3_alloc_table, result6)) + (integer_of_uint32(i) <= offset_max(intP_a_3_alloc_table, result6)) goal main_ensures_default_po_1: ("JC_69": true) -> @@ -4876,7 +4783,7 @@ forall result6:int32. forall y:int32. (y = result6) -> - ("JC_99": ("JC_97": ("JC_97": (integer_of_int32(x_0) = 0)))) + ("JC_99": ("JC_97": (integer_of_int32(x_0) = 0))) goal main_ensures_default_po_2: ("JC_69": true) -> @@ -4900,7 +4807,7 @@ forall result6:int32. forall y:int32. (y = result6) -> - ("JC_99": ("JC_98": ("JC_98": (integer_of_int32(y) = 0)))) + ("JC_99": ("JC_98": (integer_of_int32(y) = 0))) goal main_ensures_default_po_3: ("JC_69": true) -> @@ -4945,7 +4852,7 @@ forall result14:int32. forall y0:int32. (y0 = result14) -> - ("JC_106": ("JC_104": ("JC_104": (integer_of_int32(x_0_0) = 1)))) + ("JC_106": ("JC_104": (integer_of_int32(x_0_0) = 1))) goal main_ensures_default_po_4: ("JC_69": true) -> @@ -4990,7 +4897,7 @@ forall result14:int32. forall y0:int32. (y0 = result14) -> - ("JC_106": ("JC_105": ("JC_105": (integer_of_int32(y0) = 2)))) + ("JC_106": ("JC_105": (integer_of_int32(y0) = 2))) goal main_ensures_default_po_5: ("JC_69": true) -> @@ -5048,7 +4955,7 @@ forall result18:int32. forall y1:int32. (y1 = result18) -> - ("JC_111": ("JC_109": ("JC_109": (integer_of_int32(x_0_1) = 0)))) + ("JC_111": ("JC_109": (integer_of_int32(x_0_1) = 0))) goal main_ensures_default_po_6: ("JC_69": true) -> @@ -5106,13 +5013,13 @@ forall result18:int32. forall y1:int32. (y1 = result18) -> - ("JC_111": ("JC_110": ("JC_110": (integer_of_int32(y1) = 0)))) + ("JC_111": ("JC_110": (integer_of_int32(y1) = 0))) goal main_safety_po_1: ("JC_69": true) -> forall result:uint32. (integer_of_uint32(result) = 10) -> - ("JC_1": ("JC_1": (integer_of_uint32(result) <= 1000))) + ("JC_1": (integer_of_uint32(result) <= 1000)) goal main_safety_po_2: ("JC_69": true) -> @@ -5124,7 +5031,7 @@ (a_2 = result0) -> forall result1:uint32. (integer_of_uint32(result1) = 20) -> - ("JC_1": ("JC_1": (integer_of_uint32(result1) <= 1000))) + ("JC_1": (integer_of_uint32(result1) <= 1000)) goal main_safety_po_3: ("JC_69": true) -> @@ -5143,8 +5050,7 @@ (b = result2) -> forall result3:uint32. (integer_of_uint32(result3) = 5) -> - ("JC_15": - ("JC_13": ("JC_13": (offset_min(SparseArray_a_2_7_alloc_table, a_2) <= 0)))) + ("JC_15": ("JC_13": (offset_min(SparseArray_a_2_7_alloc_table, a_2) <= 0))) goal main_safety_po_4: ("JC_69": true) -> @@ -5163,8 +5069,7 @@ (b = result2) -> forall result3:uint32. (integer_of_uint32(result3) = 5) -> - ("JC_15": - ("JC_14": ("JC_14": (offset_max(SparseArray_a_2_7_alloc_table, a_2) >= 0)))) + ("JC_15": ("JC_14": (offset_max(SparseArray_a_2_7_alloc_table, a_2) >= 0))) goal main_safety_po_5: ("JC_69": true) -> @@ -5192,8 +5097,7 @@ (x_0 = result4) -> forall result5:uint32. (integer_of_uint32(result5) = 7) -> - ("JC_15": - ("JC_13": ("JC_13": (offset_min(SparseArray_b_8_alloc_table, b) <= 0)))) + ("JC_15": ("JC_13": (offset_min(SparseArray_b_8_alloc_table, b) <= 0))) goal main_safety_po_6: ("JC_69": true) -> @@ -5221,8 +5125,7 @@ (x_0 = result4) -> forall result5:uint32. (integer_of_uint32(result5) = 7) -> - ("JC_15": - ("JC_14": ("JC_14": (offset_max(SparseArray_b_8_alloc_table, b) >= 0)))) + ("JC_15": ("JC_14": (offset_max(SparseArray_b_8_alloc_table, b) >= 0))) goal set_ensures_default_po_1: forall a_0:SparseArray pointer. @@ -5230,47 +5133,46 @@ forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - forall int_P_int_M_a_0_4_0:(int_P, + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_4, a_0)) -> (integer_of_uint32(result1) < integer_of_uint32(result2)) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0)) -> - ("JC_65": - ("JC_65": (integer_of_uint32(select(SparseArray_n_a_0_4, a_0)) < 1000))) + ("JC_65": (integer_of_uint32(select(SparseArray_n_a_0_4, a_0)) < 1000)) goal set_ensures_default_po_2: forall a_0:SparseArray pointer. @@ -5278,34 +5180,33 @@ forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - forall int_P_int_M_a_0_4_0:(int_P, + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> forall result2:uint32. (result2 = select(SparseArray_n_a_0_4, a_0)) -> (integer_of_uint32(result1) >= integer_of_uint32(result2)) -> - ("JC_65": - ("JC_65": (integer_of_uint32(select(SparseArray_n_a_0_4, a_0)) < 1000))) + ("JC_65": (integer_of_uint32(select(SparseArray_n_a_0_4, a_0)) < 1000)) goal set_safety_po_1: forall a_0:SparseArray pointer. @@ -5319,66 +5220,65 @@ forall a_0:SparseArray pointer. forall i_0:uint32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - (offset_min(int_P_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) + (offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) goal set_safety_po_3: forall a_0:SparseArray pointer. forall i_0:uint32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result)) + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result)) goal set_safety_po_4: forall a_0:SparseArray pointer. forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. - forall int_P_int_M_a_0_4:(int_P, + unsigned_intP pointer) memory. + forall intP_intM_a_0_4:(intP, int32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - (offset_min(unsigned_int_P_a_0_4_alloc_table, + (offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) goal set_safety_po_5: @@ -5386,33 +5286,32 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. - forall int_P_int_M_a_0_4:(int_P, + unsigned_intP pointer) memory. + forall intP_intM_a_0_4:(intP, int32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0)) goal set_safety_po_6: @@ -5420,44 +5319,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -5466,13 +5364,13 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - (offset_min(unsigned_int_P_a_0_4_alloc_table, + (offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) goal set_safety_po_7: @@ -5480,44 +5378,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -5526,13 +5423,13 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4)) goal set_safety_po_8: @@ -5540,44 +5437,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -5586,20 +5482,20 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)))) -> - (offset_min(unsigned_int_P_a_0_4_alloc_table, + (offset_min(unsigned_intP_a_0_4_alloc_table, result3) <= integer_of_uint32(result5)) goal set_safety_po_9: @@ -5607,44 +5503,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -5653,20 +5548,20 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)))) -> - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_a_0_4_alloc_table, result3)) goal set_safety_po_10: @@ -5674,44 +5569,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -5720,25 +5614,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)))) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_a_0_4_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0)) -> ("JC_55": (integer_of_uint32(select(SparseArray_n_a_0_4, a_0)) < 1000)) -> @@ -5748,9 +5642,9 @@ (result7 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_4, a_0)) -> - (offset_min(unsigned_int_P_a_0_4_alloc_table, + (offset_min(unsigned_intP_a_0_4_alloc_table, result8) <= integer_of_uint32(i_0)) goal set_safety_po_11: @@ -5758,44 +5652,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -5804,25 +5697,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)))) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_a_0_4_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0)) -> ("JC_55": (integer_of_uint32(select(SparseArray_n_a_0_4, a_0)) < 1000)) -> @@ -5832,9 +5725,9 @@ (result7 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_4, a_0)) -> - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result8)) goal set_safety_po_12: @@ -5842,44 +5735,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -5888,25 +5780,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)))) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_a_0_4_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0)) -> ("JC_55": (integer_of_uint32(select(SparseArray_n_a_0_4, a_0)) < 1000)) -> @@ -5916,25 +5808,25 @@ (result7 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result8) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result8))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_0 = store(unsigned_int_P_unsigned_int_M_a_0_4, + (unsigned_intP_unsigned_intM_a_0_4_0 = store(unsigned_intP_unsigned_intM_a_0_4, shift(result8, integer_of_uint32(i_0)), result7)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_4, a_0)) -> - (offset_min(unsigned_int_P_a_0_4_alloc_table, + (offset_min(unsigned_intP_a_0_4_alloc_table, result9) <= integer_of_uint32(result10)) goal set_safety_po_13: @@ -5942,44 +5834,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -5988,25 +5879,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)))) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_a_0_4_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0)) -> ("JC_55": (integer_of_uint32(select(SparseArray_n_a_0_4, a_0)) < 1000)) -> @@ -6016,25 +5907,25 @@ (result7 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result8) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result8))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_0 = store(unsigned_int_P_unsigned_int_M_a_0_4, + (unsigned_intP_unsigned_intM_a_0_4_0 = store(unsigned_intP_unsigned_intM_a_0_4, shift(result8, integer_of_uint32(i_0)), result7)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_4, a_0)) -> - (integer_of_uint32(result10) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result10) <= offset_max(unsigned_intP_a_0_4_alloc_table, result9)) goal set_safety_po_14: @@ -6042,44 +5933,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6088,25 +5978,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)))) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_a_0_4_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0)) -> ("JC_55": (integer_of_uint32(select(SparseArray_n_a_0_4, a_0)) < 1000)) -> @@ -6116,31 +6006,31 @@ (result7 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result8) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result8))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_0 = store(unsigned_int_P_unsigned_int_M_a_0_4, + (unsigned_intP_unsigned_intM_a_0_4_0 = store(unsigned_intP_unsigned_intM_a_0_4, shift(result8, integer_of_uint32(i_0)), result7)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result9) <= integer_of_uint32(result10)) and - (integer_of_uint32(result10) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result10) <= offset_max(unsigned_intP_a_0_4_alloc_table, result9))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_1:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_1:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_1 = store(unsigned_int_P_unsigned_int_M_a_0_4_0, + (unsigned_intP_unsigned_intM_a_0_4_1 = store(unsigned_intP_unsigned_intM_a_0_4_0, shift(result9, integer_of_uint32(result10)), i_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6153,44 +6043,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6199,25 +6088,25 @@ (integer_of_uint32(result1) < integer_of_uint32(result2)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result3:unsigned_int_P pointer. + forall result3:unsigned_intP pointer. (result3 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> forall result5:uint32. - (result5 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result4, + (result5 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)))) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result3) <= integer_of_uint32(result5)) and - (integer_of_uint32(result5) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result5) <= offset_max(unsigned_intP_a_0_4_alloc_table, result3))) -> forall result6:uint32. - (result6 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result3, + (result6 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result3, integer_of_uint32(result5)))) -> (integer_of_uint32(result6) <> integer_of_uint32(i_0)) -> ("JC_55": (integer_of_uint32(select(SparseArray_n_a_0_4, a_0)) < 1000)) -> @@ -6227,31 +6116,31 @@ (result7 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result8:unsigned_int_P pointer. + forall result8:unsigned_intP pointer. (result8 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result8) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result8))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_0 = store(unsigned_int_P_unsigned_int_M_a_0_4, + (unsigned_intP_unsigned_intM_a_0_4_0 = store(unsigned_intP_unsigned_intM_a_0_4, shift(result8, integer_of_uint32(i_0)), result7)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result9:unsigned_int_P pointer. + forall result9:unsigned_intP pointer. (result9 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> forall result10:uint32. (result10 = select(SparseArray_n_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result9) <= integer_of_uint32(result10)) and - (integer_of_uint32(result10) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result10) <= offset_max(unsigned_intP_a_0_4_alloc_table, result9))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_1:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_1:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_1 = store(unsigned_int_P_unsigned_int_M_a_0_4_0, + (unsigned_intP_unsigned_intM_a_0_4_1 = store(unsigned_intP_unsigned_intM_a_0_4_0, shift(result9, integer_of_uint32(result10)), i_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6264,42 +6153,41 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6313,9 +6201,9 @@ (result3 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - (offset_min(unsigned_int_P_a_0_4_alloc_table, + (offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) goal set_safety_po_17: @@ -6323,42 +6211,41 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6372,9 +6259,9 @@ (result3 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4)) goal set_safety_po_18: @@ -6382,44 +6269,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6433,25 +6319,25 @@ (result3 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_0 = store(unsigned_int_P_unsigned_int_M_a_0_4, + (unsigned_intP_unsigned_intM_a_0_4_0 = store(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)), result3)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_4, a_0)) -> - (offset_min(unsigned_int_P_a_0_4_alloc_table, + (offset_min(unsigned_intP_a_0_4_alloc_table, result5) <= integer_of_uint32(result6)) goal set_safety_po_19: @@ -6459,44 +6345,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6510,25 +6395,25 @@ (result3 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_0 = store(unsigned_int_P_unsigned_int_M_a_0_4, + (unsigned_intP_unsigned_intM_a_0_4_0 = store(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)), result3)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_4, a_0)) -> - (integer_of_uint32(result6) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result6) <= offset_max(unsigned_intP_a_0_4_alloc_table, result5)) goal set_safety_po_20: @@ -6536,44 +6421,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6587,31 +6471,31 @@ (result3 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_0 = store(unsigned_int_P_unsigned_int_M_a_0_4, + (unsigned_intP_unsigned_intM_a_0_4_0 = store(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)), result3)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result5) <= integer_of_uint32(result6)) and - (integer_of_uint32(result6) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result6) <= offset_max(unsigned_intP_a_0_4_alloc_table, result5))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_1:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_1:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_1 = store(unsigned_int_P_unsigned_int_M_a_0_4_0, + (unsigned_intP_unsigned_intM_a_0_4_1 = store(unsigned_intP_unsigned_intM_a_0_4_0, shift(result5, integer_of_uint32(result6)), i_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6624,44 +6508,43 @@ forall i_0:uint32. forall v:int32. forall SparseArray_a_0_4_alloc_table:SparseArray alloc_table. - forall int_P_a_0_4_alloc_table:int_P alloc_table. - forall unsigned_int_P_a_0_4_alloc_table:unsigned_int_P alloc_table. + forall intP_a_0_4_alloc_table:intP alloc_table. + forall unsigned_intP_a_0_4_alloc_table:unsigned_intP alloc_table. forall SparseArray_val_a_0_4:(SparseArray, - int_P pointer) memory. + intP pointer) memory. forall SparseArray_idx_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_back_a_0_4:(SparseArray, - unsigned_int_P pointer) memory. + unsigned_intP pointer) memory. forall SparseArray_n_a_0_4:(SparseArray, uint32) memory. - forall int_P_int_M_a_0_4:(int_P, + forall intP_intM_a_0_4:(intP, int32) memory. - forall unsigned_int_P_unsigned_int_M_a_0_4:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4:(unsigned_intP, uint32) memory. ("JC_40": (("JC_38": (offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0)) and ("JC_39": (offset_max(SparseArray_a_0_4_alloc_table, a_0) >= 0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result:int_P pointer. + forall result:intP pointer. (result = select(SparseArray_val_a_0_4, a_0)) -> - ((offset_min(int_P_a_0_4_alloc_table, - result) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(int_P_a_0_4_alloc_table, result))) -> - forall int_P_int_M_a_0_4_0:(int_P, + ((offset_min(intP_a_0_4_alloc_table, result) <= integer_of_uint32(i_0)) and + (integer_of_uint32(i_0) <= offset_max(intP_a_0_4_alloc_table, result))) -> + forall intP_intM_a_0_4_0:(intP, int32) memory. - (int_P_int_M_a_0_4_0 = store(int_P_int_M_a_0_4, shift(result, + (intP_intM_a_0_4_0 = store(intP_intM_a_0_4, shift(result, integer_of_uint32(i_0)), v)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result0:unsigned_int_P pointer. + forall result0:unsigned_intP pointer. (result0 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result0) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result0))) -> forall result1:uint32. - (result1 = select(unsigned_int_P_unsigned_int_M_a_0_4, shift(result0, + (result1 = select(unsigned_intP_unsigned_intM_a_0_4, shift(result0, integer_of_uint32(i_0)))) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> @@ -6675,31 +6558,31 @@ (result3 = select(SparseArray_n_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result4:unsigned_int_P pointer. + forall result4:unsigned_intP pointer. (result4 = select(SparseArray_idx_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result4) <= integer_of_uint32(i_0)) and - (integer_of_uint32(i_0) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(i_0) <= offset_max(unsigned_intP_a_0_4_alloc_table, result4))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_0:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_0:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_0 = store(unsigned_int_P_unsigned_int_M_a_0_4, + (unsigned_intP_unsigned_intM_a_0_4_0 = store(unsigned_intP_unsigned_intM_a_0_4, shift(result4, integer_of_uint32(i_0)), result3)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> - forall result5:unsigned_int_P pointer. + forall result5:unsigned_intP pointer. (result5 = select(SparseArray_back_a_0_4, a_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> forall result6:uint32. (result6 = select(SparseArray_n_a_0_4, a_0)) -> - ((offset_min(unsigned_int_P_a_0_4_alloc_table, + ((offset_min(unsigned_intP_a_0_4_alloc_table, result5) <= integer_of_uint32(result6)) and - (integer_of_uint32(result6) <= offset_max(unsigned_int_P_a_0_4_alloc_table, + (integer_of_uint32(result6) <= offset_max(unsigned_intP_a_0_4_alloc_table, result5))) -> - forall unsigned_int_P_unsigned_int_M_a_0_4_1:(unsigned_int_P, + forall unsigned_intP_unsigned_intM_a_0_4_1:(unsigned_intP, uint32) memory. - (unsigned_int_P_unsigned_int_M_a_0_4_1 = store(unsigned_int_P_unsigned_int_M_a_0_4_0, + (unsigned_intP_unsigned_intM_a_0_4_1 = store(unsigned_intP_unsigned_intM_a_0_4_0, shift(result5, integer_of_uint32(result6)), i_0)) -> ((offset_min(SparseArray_a_0_4_alloc_table, a_0) <= 0) and (0 <= offset_max(SparseArray_a_0_4_alloc_table, a_0))) -> diff -Nru why-2.29+dfsg/tests/c/oracle/Sterbenz.res.oracle why-2.30+dfsg/tests/c/oracle/Sterbenz.res.oracle --- why-2.29+dfsg/tests/c/oracle/Sterbenz.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/Sterbenz.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,35 @@ ========== file tests/c/Sterbenz.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // RUNCOQ: will ask regtests to check Coq proofs of this program /*@ requires y / 2.0 <= x <= 2.0 * y; @@ -13,7 +44,7 @@ /* Local Variables: -compile-command: "frama-c -jessie -jessie-atp coq Sterbenz.c" +compile-command: "make Sterbenz.why3ml" End: */ ========== frama-c -jessie execution ========== @@ -37,16 +68,16 @@ type int8 = -128..127 -tag char_P = { - int8 char_M: 8; +tag charP = { + int8 charM: 8; } -type char_P = [char_P] +type charP = [charP] -tag void_P = { +tag voidP = { } -type void_P = [void_P] +type voidP = [voidP] float Sterbenz(float x, float y) requires (C_6 : ((C_7 : (((y :> real) / 2.0) <= (x :> real))) && @@ -75,56 +106,56 @@ ========== file tests/c/Sterbenz.jessie/Sterbenz.cloc ========== [C_1] file = "HOME/tests/c/Sterbenz.c" -line = 7 +line = 38 begin = 13 end = 21 [C_2] file = "HOME/tests/c/Sterbenz.c" -line = 8 +line = 39 begin = 13 end = 21 [C_3] file = "HOME/tests/c/Sterbenz.c" -line = 9 +line = 40 begin = 9 end = 12 [C_4] file = "HOME/tests/c/Sterbenz.c" -line = 9 +line = 40 begin = 2 end = 13 [C_5] file = "HOME/tests/c/Sterbenz.c" -line = 4 +line = 35 begin = 12 end = 28 [C_6] file = "HOME/tests/c/Sterbenz.c" -line = 3 +line = 34 begin = 13 end = 36 [C_7] file = "HOME/tests/c/Sterbenz.c" -line = 3 +line = 34 begin = 13 end = 25 [C_8] file = "HOME/tests/c/Sterbenz.c" -line = 3 +line = 34 begin = 24 end = 36 [Sterbenz] name = "Function Sterbenz" file = "HOME/tests/c/Sterbenz.c" -line = 6 +line = 37 begin = 6 end = 14 @@ -145,10 +176,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Sterbenz.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why $(WHYLIB)/why/floats_strict.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Sterbenz_why.sx @@ -209,6 +241,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Sterbenz_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Sterbenz_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -281,6 +320,9 @@ why3ide: why/Sterbenz_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Sterbenz.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Sterbenz.depend depend: coq/Sterbenz_why.v @@ -292,19 +334,19 @@ ========== file tests/c/Sterbenz.jessie/Sterbenz.loc ========== [JC_1] file = "HOME/tests/c/Sterbenz.c" -line = 3 +line = 34 begin = 13 end = 25 [JC_2] file = "HOME/tests/c/Sterbenz.c" -line = 3 +line = 34 begin = 24 end = 36 [JC_3] file = "HOME/tests/c/Sterbenz.c" -line = 3 +line = 34 begin = 13 end = 36 @@ -316,19 +358,19 @@ [JC_5] file = "HOME/tests/c/Sterbenz.c" -line = 3 +line = 34 begin = 13 end = 25 [JC_6] file = "HOME/tests/c/Sterbenz.c" -line = 3 +line = 34 begin = 24 end = 36 [JC_7] file = "HOME/tests/c/Sterbenz.c" -line = 3 +line = 34 begin = 13 end = 36 @@ -340,21 +382,21 @@ [JC_9] file = "HOME/tests/c/Sterbenz.c" -line = 4 +line = 35 begin = 12 end = 28 [Sterbenz_ensures_default] name = "Function Sterbenz" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/c/Sterbenz.c" -line = 6 +line = 37 begin = 6 end = 14 [JC_10] file = "HOME/tests/c/Sterbenz.c" -line = 4 +line = 35 begin = 12 end = 28 @@ -372,39 +414,39 @@ [JC_13] file = "HOME/tests/c/Sterbenz.c" -line = 7 +line = 38 begin = 13 end = 21 [JC_14] file = "HOME/tests/c/Sterbenz.c" -line = 8 +line = 39 begin = 13 end = 21 [JC_15] kind = FPOverflow file = "HOME/tests/c/Sterbenz.c" -line = 9 +line = 40 begin = 9 end = 12 [JC_16] file = "HOME/tests/c/Sterbenz.c" -line = 7 +line = 38 begin = 13 end = 21 [JC_17] file = "HOME/tests/c/Sterbenz.c" -line = 8 +line = 39 begin = 13 end = 21 [JC_18] kind = FPOverflow file = "HOME/tests/c/Sterbenz.c" -line = 9 +line = 40 begin = 9 end = 12 @@ -412,41 +454,34 @@ name = "Function Sterbenz" behavior = "Safety" file = "HOME/tests/c/Sterbenz.c" -line = 6 +line = 37 begin = 6 end = 14 ========== file tests/c/Sterbenz.jessie/why/Sterbenz.why ========== -type char_P +type charP type int8 type padding -type void_P +type voidP -exception Loop_continue_exc of unit +logic charP_tag: -> charP tag_id -exception Loop_exit_exc of unit +axiom charP_int : (int_of_tag(charP_tag) = (1)) -exception Return_label_exc of unit - -logic char_P_tag: -> char_P tag_id - -axiom char_P_int : (int_of_tag(char_P_tag) = (1)) +logic charP_of_pointer_address: unit pointer -> charP pointer -logic char_P_of_pointer_address: unit pointer -> char_P pointer +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_of_pointer_address_of_pointer_addr : - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) -axiom char_P_parenttag_bottom : parenttag(char_P_tag, bottom_tag) - -axiom char_P_tags : - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. - instanceof(char_P_tag_table, x, char_P_tag))) +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) logic integer_of_int8: int8 -> int @@ -460,106 +495,105 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_int8(int8_of_integer(x)), x))) +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + axiom int8_range : (forall x:int8. (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) -predicate left_valid_struct_char_P(p:char_P pointer, a:int, - char_P_alloc_table:char_P alloc_table) = - (offset_min(char_P_alloc_table, p) <= a) - -predicate left_valid_struct_void_P(p:void_P pointer, a:int, - void_P_alloc_table:void_P alloc_table) = - (offset_min(void_P_alloc_table, p) <= a) - -axiom pointer_addr_of_char_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(char_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address: unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address : - (forall p:unit pointer. (p = pointer_address(void_P_of_pointer_address(p)))) - -predicate right_valid_struct_char_P(p:char_P pointer, b:int, - char_P_alloc_table:char_P alloc_table) = - (offset_max(char_P_alloc_table, p) >= b) - -predicate right_valid_struct_void_P(p:void_P pointer, b:int, - void_P_alloc_table:void_P alloc_table) = - (offset_max(void_P_alloc_table, p) >= b) - -predicate strict_valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) - and (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) - and (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p:char_P pointer, a:int, b:int, - char_P_alloc_table:char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) - and (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p:void_P pointer, a:int, b:int, - void_P_alloc_table:void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) - and (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag: -> void_P tag_id - -axiom void_P_int : (int_of_tag(void_P_tag) = (1)) - -axiom void_P_of_pointer_address_of_pointer_addr : - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom : parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags : - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. - instanceof(void_P_tag_table, x, void_P_tag))) +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit parameter Sterbenz : x_0:single -> y:single -> { } single { (JC_10: - eq_real(single_value(result), - sub_real(single_value(x_0@), single_value(y@)))) } + (single_value(result) = sub_real(single_value(x_0), single_value(y)))) } parameter Sterbenz_requires : x_0:single -> @@ -569,98 +603,59 @@ and (JC_2: le_real(single_value(x_0), mul_real(2.0, single_value(y))))))} single { (JC_10: - eq_real(single_value(result), - sub_real(single_value(x_0@), single_value(y@)))) } + (single_value(result) = sub_real(single_value(x_0), single_value(y)))) } -parameter alloc_bitvector_struct_char_P : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter charP_alloc_table : charP alloc_table ref -parameter alloc_bitvector_struct_char_P_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_char_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter charP_tag_table : charP tag_table ref -parameter alloc_bitvector_struct_void_P : +parameter alloc_struct_charP : n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter alloc_bitvector_struct_void_P_requires : +parameter alloc_struct_charP_requires : n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_void_P(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } -parameter char_P_alloc_table : char_P alloc_table ref +parameter voidP_alloc_table : voidP alloc_table ref -parameter char_P_tag_table : char_P tag_table ref +parameter voidP_tag_table : voidP tag_table ref -parameter alloc_struct_char_P : +parameter alloc_struct_voidP : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { } char_P pointer writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } -parameter alloc_struct_char_P_requires : +parameter alloc_struct_voidP_requires : n:int -> - char_P_alloc_table:char_P alloc_table ref -> - char_P_tag_table:char_P tag_table ref -> - { ge_int(n, (0))} char_P pointer - writes char_P_alloc_table,char_P_tag_table - { (strict_valid_struct_char_P(result, (0), sub_int(n, (1)), - char_P_alloc_table) - and (alloc_extends(char_P_alloc_table@, char_P_alloc_table) - and (alloc_fresh(char_P_alloc_table@, result, n) - and instanceof(char_P_tag_table, result, char_P_tag)))) } - -parameter void_P_alloc_table : void_P alloc_table ref - -parameter void_P_tag_table : void_P tag_table ref - -parameter alloc_struct_void_P : - n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { } void_P pointer writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } - -parameter alloc_struct_void_P_requires : - n:int -> - void_P_alloc_table:void_P alloc_table ref -> - void_P_tag_table:void_P tag_table ref -> - { ge_int(n, (0))} void_P pointer - writes void_P_alloc_table,void_P_tag_table - { (strict_valid_struct_void_P(result, (0), sub_int(n, (1)), - void_P_alloc_table) - and (alloc_extends(void_P_alloc_table@, void_P_alloc_table) - and (alloc_fresh(void_P_alloc_table@, result, n) - and instanceof(void_P_tag_table, result, void_P_tag)))) } + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } parameter any_int8 : unit -> { } int8 { true } @@ -691,8 +686,7 @@ void); (return := !__retres); (raise Return) end)); absurd end with Return -> !return end)) { (JC_9: - eq_real(single_value(result), - sub_real(single_value(x_0@), single_value(y@)))) } + (single_value(result) = sub_real(single_value(x_0), single_value(y)))) } let Sterbenz_safety = fun (x_0 : single) (y : single) -> @@ -1763,6 +1757,10 @@ ((((-9007199254740992) <= i) and (i <= 9007199254740992)) -> (round_double(m, real_of_int(i)) = real_of_int(i))))) +axiom exact_round_double_for_doubles: + (forall x:double. + (forall m:mode. (round_double(m, double_value(x)) = double_value(x)))) + axiom round_double_idempotent: (forall m1:mode. (forall m2:mode. @@ -1819,6 +1817,10 @@ ((((-16777216) <= i) and (i <= 16777216)) -> (round_single(m, real_of_int(i)) = real_of_int(i))))) +axiom exact_round_single_for_singles: + (forall x:single. + (forall m:mode. (round_single(m, single_value(x)) = single_value(x)))) + axiom round_single_idempotent: (forall m1:mode. (forall m2:mode. @@ -1835,22 +1837,21 @@ axiom round_up_single_ge: (forall x:real. (round_single(up, x) >= x)) -logic single_to_double : single -> double +axiom single_value_is_bounded: + (forall x:single. (abs_real(single_value(x)) <= max_single)) -logic double_to_single : mode, double -> single - -axiom single_to_double_val: - (forall s:single. (double_value(single_to_double(s)) = single_value(s))) - -axiom double_to_single_val: - (forall m:mode. - (forall d:double. (single_value(double_to_single(m, d)) = round_single(m, - double_value(d))))) +axiom double_value_is_bounded: + (forall x:double. (abs_real(double_value(x)) <= max_double)) predicate single_of_real_post(m: mode, x: real, res: single) = ((single_value(res) = round_single(m, x)) and ((single_exact(res) = x) and (single_model(res) = x))) +predicate single_of_double_post(m: mode, x: double, res: single) = + ((single_value(res) = round_single(m, double_value(x))) and + ((single_exact(res) = double_exact(x)) and + (single_model(res) = double_model(x)))) + predicate add_single_post(m: mode, x: single, y: single, res: single) = ((single_value(res) = round_single(m, (single_value(x) + single_value(y)))) and @@ -1894,6 +1895,11 @@ ((double_value(res) = round_double(m, x)) and ((double_exact(res) = x) and (double_model(res) = x))) +predicate double_of_single_post(x: single, res: double) = + ((double_value(res) = single_value(x)) and + ((double_exact(res) = single_exact(x)) and + (double_model(res) = single_model(x)))) + predicate add_double_post(m: mode, x: double, y: double, res: double) = ((double_value(res) = round_double(m, (double_value(x) + double_value(y)))) and @@ -1933,30 +1939,30 @@ ((double_exact(res) = abs_real(double_exact(x))) and (double_model(res) = abs_real(double_model(x))))) -type char_P +type charP type int8 type padding -type void_P +type voidP -logic char_P_tag : char_P tag_id +logic charP_tag : charP tag_id -axiom char_P_int: (int_of_tag(char_P_tag) = 1) +axiom charP_int: (int_of_tag(charP_tag) = 1) -logic char_P_of_pointer_address : unit pointer -> char_P pointer +logic charP_of_pointer_address : unit pointer -> charP pointer -axiom char_P_of_pointer_address_of_pointer_addr: - (forall p:char_P pointer. - (p = char_P_of_pointer_address(pointer_address(p)))) +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) -axiom char_P_parenttag_bottom: parenttag(char_P_tag, bottom_tag) +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) -axiom char_P_tags: - (forall x:char_P pointer. - (forall char_P_tag_table:char_P tag_table. instanceof(char_P_tag_table, - x, char_P_tag))) +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) logic integer_of_int8 : int8 -> int @@ -1970,100 +1976,92 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_int8(int8_of_integer(x)) = x))) +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + axiom int8_range: (forall x:int8. (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) -predicate left_valid_struct_char_P(p: char_P pointer, a: int, - char_P_alloc_table: char_P alloc_table) = (offset_min(char_P_alloc_table, +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, p) <= a) -predicate left_valid_struct_void_P(p: void_P pointer, a: int, - void_P_alloc_table: void_P alloc_table) = (offset_min(void_P_alloc_table, +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, p) <= a) -axiom pointer_addr_of_char_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(char_P_of_pointer_address(p)))) - -logic void_P_of_pointer_address : unit pointer -> void_P pointer - -axiom pointer_addr_of_void_P_of_pointer_address: - (forall p:unit pointer. - (p = pointer_address(void_P_of_pointer_address(p)))) +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer -predicate right_valid_struct_char_P(p: char_P pointer, b: int, - char_P_alloc_table: char_P alloc_table) = (offset_max(char_P_alloc_table, +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, p) >= b) -predicate right_valid_struct_void_P(p: void_P pointer, b: int, - void_P_alloc_table: void_P alloc_table) = (offset_max(void_P_alloc_table, +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, p) >= b) -predicate strict_valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate strict_valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) = a) and - (offset_max(char_P_alloc_table, p) = b)) - -predicate strict_valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) = a) and - (offset_max(void_P_alloc_table, p) = b)) - -predicate valid_bitvector_struct_char_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_void_P(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_root_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_root_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -predicate valid_struct_char_P(p: char_P pointer, a: int, b: int, - char_P_alloc_table: char_P alloc_table) = - ((offset_min(char_P_alloc_table, p) <= a) and - (offset_max(char_P_alloc_table, p) >= b)) - -predicate valid_struct_void_P(p: void_P pointer, a: int, b: int, - void_P_alloc_table: void_P alloc_table) = - ((offset_min(void_P_alloc_table, p) <= a) and - (offset_max(void_P_alloc_table, p) >= b)) - -logic void_P_tag : void_P tag_id - -axiom void_P_int: (int_of_tag(void_P_tag) = 1) - -axiom void_P_of_pointer_address_of_pointer_addr: - (forall p:void_P pointer. - (p = void_P_of_pointer_address(pointer_address(p)))) - -axiom void_P_parenttag_bottom: parenttag(void_P_tag, bottom_tag) - -axiom void_P_tags: - (forall x:void_P pointer. - (forall void_P_tag_table:void_P tag_table. instanceof(void_P_tag_table, - x, void_P_tag))) +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) goal Sterbenz_ensures_default_po_1: forall x_0:single. @@ -2071,7 +2069,7 @@ ("JC_7": (("JC_5": (div_real(single_value(y), 2.0) <= single_value(x_0))) and ("JC_6": (single_value(x_0) <= (2.0 * single_value(y)))))) -> - ("JC_16": ("JC_16": (0.0 <= single_value(y)))) + ("JC_16": (0.0 <= single_value(y))) goal Sterbenz_ensures_default_po_2: forall x_0:single. @@ -2080,7 +2078,7 @@ (("JC_5": (div_real(single_value(y), 2.0) <= single_value(x_0))) and ("JC_6": (single_value(x_0) <= (2.0 * single_value(y)))))) -> ("JC_16": (0.0 <= single_value(y))) -> - ("JC_17": ("JC_17": (0.0 <= single_value(x_0)))) + ("JC_17": (0.0 <= single_value(x_0))) goal Sterbenz_ensures_default_po_3: forall x_0:single. @@ -2091,9 +2089,7 @@ ("JC_16": (0.0 <= single_value(y))) -> ("JC_17": (0.0 <= single_value(x_0))) -> forall result:single. - (no_overflow_single(nearest_even, - (single_value(x_0) - single_value(y))) and sub_single_post(nearest_even, - x_0, y, result)) -> + sub_single_post(nearest_even, x_0, y, result) -> forall __retres:single. (__retres = result) -> forall return:single. @@ -2113,12 +2109,12 @@ ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/Sterbenz_why.why : ???? (0/0/4/0/0) +why/Sterbenz_why.why : ?#?. (1/0/2/1/0) total : 4 -valid : 0 ( 0%) +valid : 1 ( 25%) invalid : 0 ( 0%) -unknown : 4 (100%) -timeout : 0 ( 0%) +unknown : 2 ( 50%) +timeout : 1 ( 25%) failure : 0 ( 0%) // RUNCOQ: will ask regtests to check Coq proofs of this program ========== generation of Coq VC output ========== @@ -2127,9 +2123,9 @@ (* This file was originally generated by why. It can be modified; only the generated parts will be overwritten. *) Require Export jessie_why. -Require Export floats_strict. +Require Export WhyFloatsStrictLegacy. -(*Why type*) Definition char_P: Set. +(*Why type*) Definition charP: Set. Admitted. (*Why type*) Definition int8: Set. @@ -2138,33 +2134,37 @@ (*Why type*) Definition padding: Set. Admitted. -(*Why type*) Definition void_P: Set. +(*Why type*) Definition voidP: Set. Admitted. -(*Why logic*) Definition char_P_tag : (tag_id char_P). +(*Why logic*) Definition charP_tag : (tag_id charP). Admitted. -(*Why axiom*) Lemma char_P_int : (int_of_tag char_P_tag) = 1. +(*Why axiom*) Lemma charP_int : (int_of_tag charP_tag) = 1. Admitted. +Dp_hint charP_int. -(*Why logic*) Definition char_P_of_pointer_address : - (pointer unit) -> (pointer char_P). +(*Why logic*) Definition charP_of_pointer_address : + (pointer unit) -> (pointer charP). Admitted. -(*Why axiom*) Lemma char_P_of_pointer_address_of_pointer_addr : - (forall (p:(pointer char_P)), - p = (char_P_of_pointer_address (pointer_address p))). +(*Why axiom*) Lemma charP_of_pointer_address_of_pointer_addr : + (forall (p:(pointer charP)), + p = (charP_of_pointer_address (pointer_address p))). Admitted. +Dp_hint charP_of_pointer_address_of_pointer_addr. -(*Why axiom*) Lemma char_P_parenttag_bottom : - (parenttag char_P_tag (@bottom_tag char_P)). +(*Why axiom*) Lemma charP_parenttag_bottom : + (parenttag charP_tag (@bottom_tag charP)). Admitted. +Dp_hint charP_parenttag_bottom. -(*Why axiom*) Lemma char_P_tags : - (forall (x:(pointer char_P)), - (forall (char_P_tag_table:(tag_table char_P)), - (instanceof char_P_tag_table x char_P_tag))). +(*Why axiom*) Lemma charP_tags : + (forall (x:(pointer charP)), + (forall (charP_tag_table:(tag_table charP)), + (instanceof charP_tag_table x charP_tag))). Admitted. +Dp_hint charP_tags. (*Why logic*) Definition integer_of_int8 : int8 -> Z. Admitted. @@ -2180,99 +2180,105 @@ ((-128) <= x /\ x <= 127 -> (integer_of_int8 (int8_of_integer x)) = x)). Admitted. +(*Why axiom*) Lemma int8_extensionality : + (forall (x:int8), + (forall (y:int8), ((integer_of_int8 x) = (integer_of_int8 y) -> x = y))). +Admitted. +Dp_hint int8_extensionality. + (*Why axiom*) Lemma int8_range : (forall (x:int8), (-128) <= (integer_of_int8 x) /\ (integer_of_int8 x) <= 127). Admitted. -(*Why predicate*) Definition left_valid_struct_char_P (p:(pointer char_P)) (a:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a. -(*Why predicate*) Definition left_valid_struct_void_P (p:(pointer void_P)) (a:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a. -(*Why axiom*) Lemma pointer_addr_of_char_P_of_pointer_address : +(*Why predicate*) Definition left_valid_struct_charP (p:(pointer charP)) (a:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a. + +(*Why predicate*) Definition left_valid_struct_voidP (p:(pointer voidP)) (a:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a. + +(*Why axiom*) Lemma pointer_addr_of_charP_of_pointer_address : (forall (p:(pointer unit)), - p = (pointer_address (char_P_of_pointer_address p))). + p = (pointer_address (charP_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_charP_of_pointer_address. -(*Why logic*) Definition void_P_of_pointer_address : - (pointer unit) -> (pointer void_P). +(*Why logic*) Definition voidP_of_pointer_address : + (pointer unit) -> (pointer voidP). Admitted. -(*Why axiom*) Lemma pointer_addr_of_void_P_of_pointer_address : +(*Why axiom*) Lemma pointer_addr_of_voidP_of_pointer_address : (forall (p:(pointer unit)), - p = (pointer_address (void_P_of_pointer_address p))). + p = (pointer_address (voidP_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_voidP_of_pointer_address. -(*Why predicate*) Definition right_valid_struct_char_P (p:(pointer char_P)) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_max char_P_alloc_table p) >= b. - -(*Why predicate*) Definition right_valid_struct_void_P (p:(pointer void_P)) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_max void_P_alloc_table p) >= b. - -(*Why predicate*) Definition strict_valid_root_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) = a /\ - (offset_max char_P_alloc_table p) = b. +(*Why predicate*) Definition right_valid_struct_charP (p:(pointer charP)) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition strict_valid_root_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) = a /\ - (offset_max void_P_alloc_table p) = b. +(*Why predicate*) Definition right_valid_struct_voidP (p:(pointer voidP)) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_max voidP_alloc_table p) >= b. -(*Why predicate*) Definition strict_valid_struct_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) = a /\ - (offset_max char_P_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_root_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) = a /\ + (offset_max charP_alloc_table p) = b. -(*Why predicate*) Definition strict_valid_struct_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) = a /\ - (offset_max void_P_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_root_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) = a /\ + (offset_max voidP_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_char_P (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_struct_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) = a /\ + (offset_max charP_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_void_P (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_struct_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) = a /\ + (offset_max voidP_alloc_table p) = b. -(*Why predicate*) Definition valid_root_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a /\ - (offset_max char_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_root_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a /\ + (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition valid_root_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a /\ - (offset_max void_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_root_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a /\ + (offset_max voidP_alloc_table p) >= b. -(*Why predicate*) Definition valid_struct_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a /\ - (offset_max char_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_struct_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a /\ + (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition valid_struct_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a /\ - (offset_max void_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_struct_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a /\ + (offset_max voidP_alloc_table p) >= b. -(*Why logic*) Definition void_P_tag : (tag_id void_P). +(*Why logic*) Definition voidP_tag : (tag_id voidP). Admitted. -(*Why axiom*) Lemma void_P_int : (int_of_tag void_P_tag) = 1. +(*Why axiom*) Lemma voidP_int : (int_of_tag voidP_tag) = 1. Admitted. +Dp_hint voidP_int. -(*Why axiom*) Lemma void_P_of_pointer_address_of_pointer_addr : - (forall (p:(pointer void_P)), - p = (void_P_of_pointer_address (pointer_address p))). +(*Why axiom*) Lemma voidP_of_pointer_address_of_pointer_addr : + (forall (p:(pointer voidP)), + p = (voidP_of_pointer_address (pointer_address p))). Admitted. +Dp_hint voidP_of_pointer_address_of_pointer_addr. -(*Why axiom*) Lemma void_P_parenttag_bottom : - (parenttag void_P_tag (@bottom_tag void_P)). +(*Why axiom*) Lemma voidP_parenttag_bottom : + (parenttag voidP_tag (@bottom_tag voidP)). Admitted. +Dp_hint voidP_parenttag_bottom. -(*Why axiom*) Lemma void_P_tags : - (forall (x:(pointer void_P)), - (forall (void_P_tag_table:(tag_table void_P)), - (instanceof void_P_tag_table x void_P_tag))). +(*Why axiom*) Lemma voidP_tags : + (forall (x:(pointer voidP)), + (forall (voidP_tag_table:(tag_table voidP)), + (instanceof voidP_tag_table x voidP_tag))). Admitted. +Dp_hint voidP_tags. -(* Why obligation from file "Sterbenz.c", line 7, characters 13-21: *) +(* Why obligation from file "Sterbenz.c", line 38, characters 13-21: *) (*Why goal*) Lemma Sterbenz_ensures_default_po_1 : forall (x_0: single), forall (y: single), @@ -2281,7 +2287,7 @@ (Rle (Rdiv (single_value y) (2)%R) (single_value x_0)) /\ (* JC_6 *) (Rle (single_value x_0) (Rmult (2)%R (single_value y))))), - (* JC_16 *) (* JC_16 *) (Rle (0)%R (single_value y)). + (* JC_16 *) (Rle (0)%R (single_value y)). Proof. intros x y (h1,h2). apply Rmult_le_reg_l with 3%R. @@ -2293,7 +2299,7 @@ apply Rle_trans with (2 * single_value y)%R; [ apply h2 | right; field]. Qed. -(* Why obligation from file "Sterbenz.c", line 8, characters 13-21: *) +(* Why obligation from file "Sterbenz.c", line 39, characters 13-21: *) (*Why goal*) Lemma Sterbenz_ensures_default_po_2 : forall (x_0: single), forall (y: single), @@ -2303,14 +2309,14 @@ (* JC_6 *) (Rle (single_value x_0) (Rmult (2)%R (single_value y))))), forall (HW_4: (* JC_16 *) (Rle (0)%R (single_value y))), - (* JC_17 *) (* JC_17 *) (Rle (0)%R (single_value x_0)). + (* JC_17 *) (Rle (0)%R (single_value x_0)). Proof. intros x y (h1,h2) y_pos. apply Rle_trans with (single_value y / 2)%R; [idtac|apply h1]. unfold Rdiv; apply Rmult_le_pos; auto with real. Save. -(* Why obligation from file "Sterbenz.c", line 4, characters 12-28: *) +(* Why obligation from file "Sterbenz.c", line 35, characters 12-28: *) (*Why goal*) Lemma Sterbenz_ensures_default_po_3 : forall (x_0: single), forall (y: single), @@ -2322,9 +2328,7 @@ forall (HW_4: (* JC_16 *) (Rle (0)%R (single_value y))), forall (HW_5: (* JC_17 *) (Rle (0)%R (single_value x_0))), forall (result: single), - forall (HW_6: (no_overflow_single - nearest_even (Rminus (single_value x_0) (single_value y))) /\ - (sub_single_post nearest_even x_0 y result)), + forall (HW_6: (sub_single_post nearest_even x_0 y result)), forall (__retres: single), forall (HW_7: __retres = result), forall (why__return: single), @@ -2333,7 +2337,7 @@ (eq (single_value why__return) (Rminus (single_value x_0) (single_value y))). Proof. intros x y (H1,H2) _ _ r (H4,(H5a,H5b)) r' H6 r'' H7. -rewrite H7,H6,H5a; unfold single_value in *. +rewrite H7,H6,H4; unfold single_value in *. unfold FtoRradix; rewrite <- Fminus_correct; auto with zarith. elim (mode_single_RoundingMode nearest_even); intros P (H8,H9). apply sym_eq; apply RoundedModeProjectorIdemEq with bsingle 24%nat P; try apply psGivesBound; auto with zarith. @@ -2341,7 +2345,7 @@ fold FtoRradix; apply Rle_trans with (2:=H1); unfold Rdiv; simpl; right; ring. Save. -(* Why obligation from file "Sterbenz.c", line 9, characters 9-12: *) +(* Why obligation from file "Sterbenz.c", line 40, characters 9-12: *) (*Why goal*) Lemma Sterbenz_safety_po_1 : forall (x_0: single), forall (y: single), diff -Nru why-2.29+dfsg/tests/c/oracle/swap.res.oracle why-2.30+dfsg/tests/c/oracle/swap.res.oracle --- why-2.29+dfsg/tests/c/oracle/swap.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/swap.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,1792 @@ +========== file tests/c/swap.c ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +int a; +int b; + +/*@ ensures a == \old(b) && b == \old(a); + @*/ +void swap() { + int tmp = a; + a = b; + b = tmp; +} +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/swap.c" +[jessie] Starting Jessie translation +[jessie] Producing Jessie files in subdir tests/c/swap.jessie +[jessie] File tests/c/swap.jessie/swap.jc written. +[jessie] File tests/c/swap.jessie/swap.cloc written. +========== file tests/c/swap.jessie/swap.jc ========== +# IntModel = bounded +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol + +axiomatic Padding { + + logic type padding + +} + +type int8 = -128..127 + +type int32 = -2147483648..2147483647 + +tag charP = { + int8 charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +int32 a; + +int32 b; + +unit swap() +behavior default: + ensures (C_4 : ((C_5 : (a == \at(b,Old))) && (C_6 : (b == \at(a,Old))))); +{ + (var int32 tmp); + + { (C_1 : (tmp = a)); + (C_2 : (a = b)); + (C_3 : (b = tmp)); + + (return ()) + } +} +========== file tests/c/swap.jessie/swap.cloc ========== +[C_1] +file = "HOME/tests/c/swap.c" +line = 38 +begin = 2 +end = 5 + +[C_2] +file = "HOME/tests/c/swap.c" +line = 39 +begin = 6 +end = 7 + +[C_3] +file = "HOME/tests/c/swap.c" +line = 40 +begin = 6 +end = 9 + +[C_4] +file = "HOME/tests/c/swap.c" +line = 35 +begin = 12 +end = 40 + +[C_5] +file = "HOME/tests/c/swap.c" +line = 35 +begin = 12 +end = 24 + +[C_6] +file = "HOME/tests/c/swap.c" +line = 35 +begin = 28 +end = 40 + +[swap] +name = "Function swap" +file = "HOME/tests/c/swap.c" +line = 37 +begin = 5 +end = 9 + +========== jessie execution ========== +Generating Why function swap +========== file tests/c/swap.jessie/swap.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs swap.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs swap.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/swap_why.sx + +project: why/swap.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/swap_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/swap_why.vo + +coq/swap_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/swap_why.v: why/swap.why + @echo 'why -coq [...] why/swap.why' && $(WHY) $(JESSIELIBFILES) why/swap.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/swap_ctx_why.vo + for f in why/*_po*.why; do make -f swap.makefile coq/`basename $$f .why`_why.v ; done + +coq/swap_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/swap_ctx_why.v: why/swap_ctx.why + @echo 'why -coq [...] why/swap_ctx.why' && $(WHY) why/swap_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export swap_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/swap_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/swap_ctx_why.vo + +pvs: pvs/swap_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/swap_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/swap_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/swap_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/swap_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/swap_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/swap_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/swap_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/swap_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/swap_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/swap_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/swap_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/swap_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/swap_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/swap_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: swap.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/swap_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/swap_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: swap.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include swap.depend + +depend: coq/swap_why.v + -$(COQDEP) -I coq coq/swap*_why.v > swap.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/swap.jessie/swap.loc ========== +[JC_1] +file = "HOME/tests/c/swap.c" +line = 37 +begin = 5 +end = 9 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_3] +file = "HOME/tests/c/swap.c" +line = 37 +begin = 5 +end = 9 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/tests/c/swap.c" +line = 35 +begin = 12 +end = 24 + +[JC_6] +file = "HOME/tests/c/swap.c" +line = 35 +begin = 28 +end = 40 + +[JC_7] +file = "HOME/tests/c/swap.c" +line = 35 +begin = 12 +end = 40 + +[JC_8] +file = "HOME/tests/c/swap.c" +line = 35 +begin = 12 +end = 24 + +[JC_9] +file = "HOME/tests/c/swap.c" +line = 35 +begin = 28 +end = 40 + +[swap_safety] +name = "Function swap" +behavior = "Safety" +file = "HOME/tests/c/swap.c" +line = 37 +begin = 5 +end = 9 + +[JC_10] +file = "HOME/tests/c/swap.c" +line = 35 +begin = 12 +end = 40 + +[JC_11] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[swap_ensures_default] +name = "Function swap" +behavior = "default behavior" +file = "HOME/tests/c/swap.c" +line = 37 +begin = 5 +end = 9 + +========== file tests/c/swap.jessie/why/swap.why ========== +type charP + +type int32 + +type int8 + +type padding + +type voidP + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_int8: int8 -> int + +predicate eq_int8(x:int8, y:int8) = + eq_int(integer_of_int8(x), integer_of_int8(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic int8_of_integer: int -> int8 + +axiom int8_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_int8(int8_of_integer(x)), x))) + +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + +axiom int8_range : + (forall x:int8. + (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter a : int32 ref + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_int8 : unit -> { } int8 { true } + +parameter b : int32 ref + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter int8_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} int8 + { eq_int(integer_of_int8(result), x) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_int8_of_integer_ : + x:int -> { } int8 { eq_int(integer_of_int8(result), x) } + +parameter swap : + tt:unit -> + { } unit reads a,b writes a,b + { (JC_10: + ((JC_8: (integer_of_int32(a) = integer_of_int32(b@))) + and (JC_9: (integer_of_int32(b) = integer_of_int32(a@))))) } + +parameter swap_requires : + tt:unit -> + { } unit reads a,b writes a,b + { (JC_10: + ((JC_8: (integer_of_int32(a) = integer_of_int32(b@))) + and (JC_9: (integer_of_int32(b) = integer_of_int32(a@))))) } + +let swap_ensures_default = + fun (tt : unit) -> + { (JC_4: true) } + (init: + try + begin + (let tmp = ref (any_int32 void) in + (C_1: + (C_2: + (C_3: + begin + (let jessie_ = (tmp := !a) in void); + (let jessie_ = (a := !b) in void); + (let jessie_ = (b := !tmp) in void); (raise Return) end)))); + (raise Return) end with Return -> void end) + { (JC_7: + ((JC_5: (integer_of_int32(a) = integer_of_int32(b@))) + and (JC_6: (integer_of_int32(b) = integer_of_int32(a@))))) } + +let swap_safety = + fun (tt : unit) -> + { (JC_4: true) } + (init: + try + begin + (let tmp = ref (any_int32 void) in + (C_1: + (C_2: + (C_3: + begin + (let jessie_ = (tmp := !a) in void); + (let jessie_ = (a := !b) in void); + (let jessie_ = (b := !tmp) in void); (raise Return) end)))); + (raise Return) end with Return -> void end) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/swap.why +========== file tests/c/swap.jessie/why/swap_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type charP + +type int32 + +type int8 + +type padding + +type voidP + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_int8 : int8 -> int + +predicate eq_int8(x: int8, y: int8) = + (integer_of_int8(x) = integer_of_int8(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic int8_of_integer : int -> int8 + +axiom int8_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_int8(int8_of_integer(x)) = x))) + +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + +axiom int8_range: + (forall x:int8. + (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +goal swap_ensures_default_po_1: + forall a:int32. + forall b:int32. + ("JC_4": true) -> + forall tmp:int32. + (tmp = a) -> + forall a0:int32. + (a0 = b) -> + forall b0:int32. + (b0 = tmp) -> + ("JC_7": ("JC_5": (integer_of_int32(a0) = integer_of_int32(b)))) + +goal swap_ensures_default_po_2: + forall a:int32. + forall b:int32. + ("JC_4": true) -> + forall tmp:int32. + (tmp = a) -> + forall a0:int32. + (a0 = b) -> + forall b0:int32. + (b0 = tmp) -> + ("JC_7": ("JC_6": (integer_of_int32(b0) = integer_of_int32(a)))) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/swap_why.why : .. (2/0/0/0/0) +total : 2 +valid : 2 (100%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 0 ( 0%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/oracle/tree_max.res.oracle why-2.30+dfsg/tests/c/oracle/tree_max.res.oracle --- why-2.29+dfsg/tests/c/oracle/tree_max.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/oracle/tree_max.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,3573 @@ +========== file tests/c/tree_max.c ========== + +#pragma JessieTerminationPolicy(user) + +#define NULL (void*)0 + +//@ ensures \result == \max(x,y); +int max(int x, int y); + +typedef struct Tree *tree; +struct Tree { + int value; + tree left; + tree right; +}; + +/* not accepted by Why3 (termination not proved) + @ predicate mem(int x, tree t) = + @ (t==\null) ? \false : (x==t->value) || mem(x,t->left) || mem(x,t->right); + @*/ + +/*@ axiomatic Mem { + @ predicate mem{L}(int x, tree t); + @ axiom mem_null{L}: \forall int x; ! mem(x,\null); + @ axiom mem_root{L}: \forall tree t; t != \null ==> + @ mem(t->value,t); + @ axiom mem_root_eq{L}: \forall int x, tree t; t != \null ==> + @ x==t->value ==> mem(x,t); + @ axiom mem_left{L}: \forall int x, tree t; t != \null ==> + @ mem(x,t->left) ==> mem(x,t); + @ axiom mem_right{L}: \forall int x, tree t; t != \null ==> + @ mem(x,t->right) ==> mem(x,t); + @ axiom mem_inversion{L}: \forall int x, tree t; + @ mem(x,t) ==> t != \null && + @ (x==t->value || mem(x,t->left) || mem(x,t->right)); + @ } + @*/ + +/*@ axiomatic WellFormedTree { + @ predicate has_size{L}(tree t, integer s); + @ axiom has_size_null{L}: has_size(\null,0); + @ axiom has_size_non_null{L}: \forall tree t; \valid(t) ==> + @ \forall integer s1,s2; + @ has_size(t->left,s1) && has_size(t->right,s2) ==> + @ has_size(t,s1+s2+1) ; + @ axiom has_size_inversion{L}: \forall tree t, integer s; + @ has_size(t,s) ==> + @ (t == \null && s == 0) || + @ (\valid(t) && \exists integer s1,s2; + @ has_size(t->left,s1) && has_size(t->right,s2) && + @ 0 <= s1 && 0 <= s2 && s == s1+s2+1) ; + @ predicate size_decreases{L}(tree t1, tree t2) = + @ \exists integer s1,s2; has_size(t1,s1) && has_size(t2,s2) && s1 > s2; + @ predicate valid_tree{L}(tree t) = + @ \exists integer s; has_size(t,s); + @ } + @*/ + +/*@ requires t != \null && valid_tree(t); + @ // decreases t for size_decreases; + @ ensures mem(\result,t) && \forall int x; mem(x,t) ==> \result >= x; + @*/ +int tree_max(tree t) { + int m = t->value; + if (t->left != NULL) m = max(m,tree_max(t->left)); + if (t->right != NULL) m = max(m,tree_max(t->right)); + return m; + } +========== frama-c -jessie execution ========== +[kernel] preprocessing with "gcc -C -E -I. -dD tests/c/tree_max.c" +[jessie] Starting Jessie translation +[kernel] warning: No code for function max, default assigns generated for default behavior +[jessie] Producing Jessie files in subdir tests/c/tree_max.jessie +[jessie] File tests/c/tree_max.jessie/tree_max.jc written. +[jessie] File tests/c/tree_max.jessie/tree_max.cloc written. +========== file tests/c/tree_max.jessie/tree_max.jc ========== +# IntModel = bounded +# InvariantPolicy = Arguments +# SeparationPolicy = Regions +# AnnotationPolicy = None +# AbstractDomain = Pol +# TerminationPolicy = user + +axiomatic Padding { + + logic type padding + +} + +type int8 = -128..127 + +type int32 = -2147483648..2147483647 + +tag charP = { + int8 charM: 8; +} + +type charP = [charP] + +tag voidP = { +} + +type voidP = [voidP] + +tag Tree = { + int32 value: 32; + Tree[..] left: 32; + Tree[..] right: 32; +} + +type Tree = [Tree] + +int32 max(int32 x, int32 y) +behavior default: + assigns \nothing; + ensures (C_1 : (\result == \integer_max(\at(x,Old), \at(y,Old)))); +; + +axiomatic Mem { + + predicate mem{L}(int32 x, Tree[..] t) + + axiom mem_null{L} : + (\forall int32 x_0; + (! mem{L}(x_0, null))) + + axiom mem_root{L} : + (\forall Tree[..] t_0; + ((t_0 != null) ==> mem{L}(t_0.value, t_0))) + + axiom mem_root_eq{L} : + (\forall int32 x_1; + (\forall Tree[..] t_1; + ((t_1 != null) ==> ((x_1 == t_1.value) ==> mem{L}(x_1, t_1))))) + + axiom mem_left{L} : + (\forall int32 x_2; + (\forall Tree[..] t_2; + ((t_2 != null) ==> (mem{L}(x_2, t_2.left) ==> mem{L}(x_2, t_2))))) + + axiom mem_right{L} : + (\forall int32 x_3; + (\forall Tree[..] t_3; + ((t_3 != null) ==> (mem{L}(x_3, t_3.right) ==> mem{L}(x_3, t_3))))) + + axiom mem_inversion{L} : + (\forall int32 x_4; + (\forall Tree[..] t_4; + (mem{L}(x_4, t_4) ==> + ((t_4 != null) && + (((x_4 == t_4.value) || mem{L}(x_4, t_4.left)) || + mem{L}(x_4, t_4.right)))))) + +} + +axiomatic WellFormedTree { + + predicate has_size{L}(Tree[..] t_5, integer s) + + axiom has_size_null{L} : + has_size{L}(null, 0) + + axiom has_size_non_null{L} : + (\forall Tree[..] t_6; + (((\offset_min(t_6) <= 0) && (\offset_max(t_6) >= 0)) ==> + (\forall integer s1; + (\forall integer s2; + ((has_size{L}(t_6.left, s1) && has_size{L}(t_6.right, s2)) ==> + has_size{L}(t_6, ((s1 + s2) + 1))))))) + + axiom has_size_inversion{L} : + (\forall Tree[..] t_7; + (\forall integer s_0; + (has_size{L}(t_7, s_0) ==> + (((t_7 == null) && (s_0 == 0)) || + (((\offset_min(t_7) <= 0) && (\offset_max(t_7) >= 0)) && + (\exists integer s1_0; + (\exists integer s2_0; + ((((has_size{L}(t_7.left, s1_0) && + has_size{L}(t_7.right, s2_0)) && + (0 <= s1_0)) && + (0 <= s2_0)) && + (s_0 == ((s1_0 + s2_0) + 1)))))))))) + + predicate size_decreases{L}(Tree[..] t1, Tree[..] t2) = + (\exists integer s1_1; + (\exists integer s2_1; + ((has_size{L}(t1, s1_1) && has_size{L}(t2, s2_1)) && (s1_1 > s2_1)))) + + predicate valid_tree{L}(Tree[..] t_8) = + (\exists integer s_1; + has_size{L}(t_8, s_1)) + +} + +int32 tree_max(Tree[..] t) + requires (C_19 : ((C_20 : (t != null)) && (C_21 : valid_tree{Here}(t)))); +behavior default: + ensures (C_16 : ((C_17 : mem{Here}(\result, \at(t,Old))) && + (C_18 : (\forall int32 x_5; + (mem{Here}(x_5, \at(t,Old)) ==> + (\result >= x_5)))))); +{ + (var int32 m); + + (var int32 tmp); + + (var int32 tmp_0); + + { (C_3 : (m = (C_2 : t.value))); + (if ((C_9 : t.left) != null) then + { (C_6 : (tmp = (C_5 : tree_max((C_4 : t.left))))); + (C_8 : (m = (C_7 : max(m, tmp)))) + } else ()); + (if ((C_15 : t.right) != null) then + { (C_12 : (tmp_0 = (C_11 : tree_max((C_10 : t.right))))); + (C_14 : (m = (C_13 : max(m, tmp_0)))) + } else ()); + + (return m) + } +} +========== file tests/c/tree_max.jessie/tree_max.cloc ========== +[mem_left] +name = "Lemma mem_left" +file = "HOME/tests/c/tree_max.c" +line = 28 +begin = 6 +end = 99 + +[mem_null] +name = "Lemma mem_null" +file = "HOME/tests/c/tree_max.c" +line = 23 +begin = 6 +end = 55 + +[C_10] +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 47 +end = 55 + +[C_11] +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 38 +end = 56 + +[C_12] +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 38 +end = 56 + +[C_13] +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 32 +end = 57 + +[has_size_inversion] +name = "Lemma has_size_inversion" +file = "HOME/tests/c/tree_max.c" +line = 45 +begin = 6 +end = 287 + +[C_14] +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 32 +end = 57 + +[C_15] +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 6 +end = 14 + +[C_16] +file = "HOME/tests/c/tree_max.c" +line = 60 +begin = 12 +end = 70 + +[C_17] +file = "HOME/tests/c/tree_max.c" +line = 60 +begin = 12 +end = 26 + +[C_18] +file = "HOME/tests/c/tree_max.c" +line = 60 +begin = 30 +end = 70 + +[C_19] +file = "HOME/tests/c/tree_max.c" +line = 58 +begin = 13 +end = 40 + +[mem_root] +name = "Lemma mem_root" +file = "HOME/tests/c/tree_max.c" +line = 24 +begin = 6 +end = 80 + +[C_1] +file = "HOME/tests/c/tree_max.c" +line = 6 +begin = 12 +end = 32 + +[C_2] +file = "HOME/tests/c/tree_max.c" +line = 63 +begin = 10 +end = 18 + +[C_3] +file = "HOME/tests/c/tree_max.c" +line = 63 +begin = 2 +end = 5 + +[C_4] +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 46 +end = 53 + +[C_20] +file = "HOME/tests/c/tree_max.c" +line = 58 +begin = 13 +end = 23 + +[C_5] +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 37 +end = 54 + +[mem_right] +name = "Lemma mem_right" +file = "HOME/tests/c/tree_max.c" +line = 30 +begin = 6 +end = 101 + +[C_21] +file = "HOME/tests/c/tree_max.c" +line = 58 +begin = 27 +end = 40 + +[C_6] +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 37 +end = 54 + +[tree_max] +name = "Function tree_max" +file = "HOME/tests/c/tree_max.c" +line = 62 +begin = 4 +end = 12 + +[C_7] +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 31 +end = 55 + +[C_8] +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 31 +end = 55 + +[C_9] +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 6 +end = 13 + +[has_size_non_null] +name = "Lemma has_size_non_null" +file = "HOME/tests/c/tree_max.c" +line = 41 +begin = 6 +end = 182 + +[mem_root_eq] +name = "Lemma mem_root_eq" +file = "HOME/tests/c/tree_max.c" +line = 26 +begin = 6 +end = 99 + +[mem_inversion] +name = "Lemma mem_inversion" +file = "HOME/tests/c/tree_max.c" +line = 32 +begin = 6 +end = 149 + +[has_size_null] +name = "Lemma has_size_null" +file = "HOME/tests/c/tree_max.c" +line = 40 +begin = 6 +end = 48 + +========== jessie execution ========== +Generating Why function tree_max +========== file tests/c/tree_max.jessie/tree_max.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs tree_max.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs tree_max.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/tree_max_why.sx + +project: why/tree_max.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/tree_max_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/tree_max_why.vo + +coq/tree_max_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/tree_max_why.v: why/tree_max.why + @echo 'why -coq [...] why/tree_max.why' && $(WHY) $(JESSIELIBFILES) why/tree_max.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/tree_max_ctx_why.vo + for f in why/*_po*.why; do make -f tree_max.makefile coq/`basename $$f .why`_why.v ; done + +coq/tree_max_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/tree_max_ctx_why.v: why/tree_max_ctx.why + @echo 'why -coq [...] why/tree_max_ctx.why' && $(WHY) why/tree_max_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export tree_max_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/tree_max_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/tree_max_ctx_why.vo + +pvs: pvs/tree_max_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/tree_max_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/tree_max_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/tree_max_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/tree_max_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/tree_max_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/tree_max_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/tree_max_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/tree_max_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/tree_max_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/tree_max_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/tree_max_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/tree_max_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/tree_max_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/tree_max_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: tree_max.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/tree_max_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/tree_max_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: tree_max.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include tree_max.depend + +depend: coq/tree_max_why.v + -$(COQDEP) -I coq coq/tree_max*_why.v > tree_max.depend + +clean: + rm -f coq/*.vo + +========== file tests/c/tree_max.jessie/tree_max.loc ========== +[tree_max_safety] +name = "Function tree_max" +behavior = "Safety" +file = "HOME/tests/c/tree_max.c" +line = 62 +begin = 4 +end = 12 + +[JC_1] +file = "HOME/tests/c/tree_max.jessie/tree_max.jc" +line = 37 +begin = 6 +end = 9 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_3] +file = "HOME/tests/c/tree_max.jessie/tree_max.jc" +line = 37 +begin = 6 +end = 9 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/tests/c/tree_max.c" +line = 6 +begin = 12 +end = 32 + +[JC_6] +file = "HOME/tests/c/tree_max.jessie/tree_max.jc" +line = 39 +begin = 10 +end = 18 + +[JC_7] +file = "HOME/tests/c/tree_max.c" +line = 6 +begin = 12 +end = 32 + +[JC_8] +file = "HOME/tests/c/tree_max.jessie/tree_max.jc" +line = 39 +begin = 10 +end = 18 + +[JC_9] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[mem_left] +name = "Lemma mem_left" +behavior = "axiom" +file = "HOME/tests/c/tree_max.c" +line = 28 +begin = 6 +end = 99 + +[mem_null] +name = "Lemma mem_null" +behavior = "axiom" +file = "HOME/tests/c/tree_max.c" +line = 23 +begin = 6 +end = 55 + +[has_size_inversion] +name = "Lemma has_size_inversion" +behavior = "axiom" +file = "HOME/tests/c/tree_max.c" +line = 45 +begin = 6 +end = 287 + +[mem_root] +name = "Lemma mem_root" +behavior = "axiom" +file = "HOME/tests/c/tree_max.c" +line = 24 +begin = 6 +end = 80 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_11] +file = "HOME/tests/c/tree_max.c" +line = 58 +begin = 13 +end = 23 + +[JC_12] +file = "HOME/tests/c/tree_max.c" +line = 58 +begin = 27 +end = 40 + +[JC_13] +file = "HOME/tests/c/tree_max.c" +line = 58 +begin = 13 +end = 40 + +[JC_14] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_15] +file = "HOME/tests/c/tree_max.c" +line = 58 +begin = 13 +end = 23 + +[mem_right] +name = "Lemma mem_right" +behavior = "axiom" +file = "HOME/tests/c/tree_max.c" +line = 30 +begin = 6 +end = 101 + +[JC_16] +file = "HOME/tests/c/tree_max.c" +line = 58 +begin = 27 +end = 40 + +[JC_17] +file = "HOME/tests/c/tree_max.c" +line = 58 +begin = 13 +end = 40 + +[JC_18] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_19] +file = "HOME/tests/c/tree_max.c" +line = 60 +begin = 12 +end = 26 + +[JC_20] +file = "HOME/tests/c/tree_max.c" +line = 60 +begin = 30 +end = 70 + +[JC_21] +file = "HOME/tests/c/tree_max.c" +line = 60 +begin = 12 +end = 70 + +[JC_22] +file = "HOME/tests/c/tree_max.c" +line = 60 +begin = 12 +end = 26 + +[JC_23] +file = "HOME/tests/c/tree_max.c" +line = 60 +begin = 30 +end = 70 + +[JC_24] +file = "HOME/tests/c/tree_max.c" +line = 60 +begin = 12 +end = 70 + +[JC_25] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[has_size_non_null] +name = "Lemma has_size_non_null" +behavior = "axiom" +file = "HOME/tests/c/tree_max.c" +line = 41 +begin = 6 +end = 182 + +[JC_26] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_27] +kind = PointerDeref +file = "HOME/tests/c/tree_max.c" +line = 63 +begin = 10 +end = 18 + +[JC_28] +kind = PointerDeref +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 6 +end = 13 + +[JC_29] +kind = PointerDeref +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 46 +end = 53 + +[JC_30] +kind = UserCall +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 37 +end = 54 + +[mem_root_eq] +name = "Lemma mem_root_eq" +behavior = "axiom" +file = "HOME/tests/c/tree_max.c" +line = 26 +begin = 6 +end = 99 + +[JC_31] +kind = UserCall +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 31 +end = 55 + +[JC_32] +kind = PointerDeref +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 6 +end = 14 + +[tree_max_ensures_default] +name = "Function tree_max" +behavior = "default behavior" +file = "HOME/tests/c/tree_max.c" +line = 62 +begin = 4 +end = 12 + +[JC_33] +kind = PointerDeref +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 47 +end = 55 + +[JC_34] +kind = UserCall +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 38 +end = 56 + +[JC_35] +kind = UserCall +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 32 +end = 57 + +[JC_36] +kind = UserCall +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 37 +end = 54 + +[JC_37] +kind = UserCall +file = "HOME/tests/c/tree_max.c" +line = 64 +begin = 31 +end = 55 + +[JC_38] +kind = UserCall +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 38 +end = 56 + +[JC_39] +kind = UserCall +file = "HOME/tests/c/tree_max.c" +line = 65 +begin = 32 +end = 57 + +[mem_inversion] +name = "Lemma mem_inversion" +behavior = "axiom" +file = "HOME/tests/c/tree_max.c" +line = 32 +begin = 6 +end = 149 + +[has_size_null] +name = "Lemma has_size_null" +behavior = "axiom" +file = "HOME/tests/c/tree_max.c" +line = 40 +begin = 6 +end = 48 + +========== file tests/c/tree_max.jessie/why/tree_max.why ========== +type Tree + +type charP + +type int32 + +type int8 + +type padding + +type voidP + +logic Tree_tag: -> Tree tag_id + +axiom Tree_int : (int_of_tag(Tree_tag) = (1)) + +logic Tree_of_pointer_address: unit pointer -> Tree pointer + +axiom Tree_of_pointer_address_of_pointer_addr : + (forall p:Tree pointer. (p = Tree_of_pointer_address(pointer_address(p)))) + +axiom Tree_parenttag_bottom : parenttag(Tree_tag, bottom_tag) + +axiom Tree_tags : + (forall x:Tree pointer. + (forall Tree_tag_table:Tree tag_table. + instanceof(Tree_tag_table, x, Tree_tag))) + +logic charP_tag: -> charP tag_id + +axiom charP_int : (int_of_tag(charP_tag) = (1)) + +logic charP_of_pointer_address: unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr : + (forall p:charP pointer. (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom : parenttag(charP_tag, bottom_tag) + +axiom charP_tags : + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. + instanceof(charP_tag_table, x, charP_tag))) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_int8: int8 -> int + +predicate eq_int8(x:int8, y:int8) = + eq_int(integer_of_int8(x), integer_of_int8(y)) + +logic has_size: Tree pointer, int, Tree alloc_table, + (Tree, Tree pointer) memory, (Tree, Tree pointer) memory -> prop + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic int8_of_integer: int -> int8 + +axiom int8_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_int8(int8_of_integer(x)), x))) + +axiom int8_extensionality : + (forall x:int8. + (forall y:int8. + (eq_int(integer_of_int8(x), integer_of_int8(y)) -> (x = y)))) + +axiom int8_range : + (forall x:int8. + (le_int((-128), integer_of_int8(x)) and le_int(integer_of_int8(x), (127)))) + +predicate left_valid_struct_Tree(p:Tree pointer, a:int, + Tree_alloc_table:Tree alloc_table) = (offset_min(Tree_alloc_table, p) <= a) + +predicate left_valid_struct_charP(p:charP pointer, a:int, + charP_alloc_table:charP alloc_table) = + (offset_min(charP_alloc_table, p) <= a) + +predicate left_valid_struct_voidP(p:voidP pointer, a:int, + voidP_alloc_table:voidP alloc_table) = + (offset_min(voidP_alloc_table, p) <= a) + +logic mem: int32, Tree pointer, (Tree, Tree pointer) memory, + (Tree, Tree pointer) memory, (Tree, int32) memory -> prop + +axiom pointer_addr_of_Tree_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(Tree_of_pointer_address(p)))) + +axiom pointer_addr_of_charP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address: unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_Tree(p:Tree pointer, b:int, + Tree_alloc_table:Tree alloc_table) = (offset_max(Tree_alloc_table, p) >= b) + +predicate right_valid_struct_charP(p:charP pointer, b:int, + charP_alloc_table:charP alloc_table) = + (offset_max(charP_alloc_table, p) >= b) + +predicate right_valid_struct_voidP(p:voidP pointer, b:int, + voidP_alloc_table:voidP alloc_table) = + (offset_max(voidP_alloc_table, p) >= b) + +predicate size_decreases(t1:Tree pointer, t2:Tree pointer, + Tree_t2_4_alloc_table_at_L:Tree alloc_table, + Tree_t1_3_alloc_table_at_L:Tree alloc_table, + Tree_right_t2_4_at_L:(Tree, Tree pointer) memory, + Tree_right_t1_3_at_L:(Tree, Tree pointer) memory, + Tree_left_t2_4_at_L:(Tree, Tree pointer) memory, + Tree_left_t1_3_at_L:(Tree, Tree pointer) memory) = + (exists s1_1_0:int. + (exists s2_1_0:int. + (has_size(t1, s1_1_0, Tree_t1_3_alloc_table_at_L, Tree_right_t1_3_at_L, + Tree_left_t1_3_at_L) + and (has_size(t2, s2_1_0, Tree_t2_4_alloc_table_at_L, + Tree_right_t2_4_at_L, Tree_left_t2_4_at_L) + and gt_int(s1_1_0, s2_1_0))))) + +predicate strict_valid_root_Tree(p:Tree pointer, a:int, b:int, + Tree_alloc_table:Tree alloc_table) = + ((offset_min(Tree_alloc_table, p) = a) + and (offset_max(Tree_alloc_table, p) = b)) + +predicate strict_valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate strict_valid_struct_Tree(p:Tree pointer, a:int, b:int, + Tree_alloc_table:Tree alloc_table) = + ((offset_min(Tree_alloc_table, p) = a) + and (offset_max(Tree_alloc_table, p) = b)) + +predicate strict_valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) + and (offset_max(charP_alloc_table, p) = b)) + +predicate strict_valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) + and (offset_max(voidP_alloc_table, p) = b)) + +predicate valid_root_Tree(p:Tree pointer, a:int, b:int, + Tree_alloc_table:Tree alloc_table) = + ((offset_min(Tree_alloc_table, p) <= a) + and (offset_max(Tree_alloc_table, p) >= b)) + +predicate valid_root_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_root_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_struct_Tree(p:Tree pointer, a:int, b:int, + Tree_alloc_table:Tree alloc_table) = + ((offset_min(Tree_alloc_table, p) <= a) + and (offset_max(Tree_alloc_table, p) >= b)) + +predicate valid_struct_charP(p:charP pointer, a:int, b:int, + charP_alloc_table:charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) + and (offset_max(charP_alloc_table, p) >= b)) + +predicate valid_struct_voidP(p:voidP pointer, a:int, b:int, + voidP_alloc_table:voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) + and (offset_max(voidP_alloc_table, p) >= b)) + +predicate valid_tree(t_8:Tree pointer, + Tree_t_8_5_alloc_table_at_L:Tree alloc_table, + Tree_right_t_8_5_at_L:(Tree, Tree pointer) memory, + Tree_left_t_8_5_at_L:(Tree, Tree pointer) memory) = + (exists s_1:int. + has_size(t_8, s_1, Tree_t_8_5_alloc_table_at_L, Tree_right_t_8_5_at_L, + Tree_left_t_8_5_at_L)) + +logic voidP_tag: -> voidP tag_id + +axiom voidP_int : (int_of_tag(voidP_tag) = (1)) + +axiom voidP_of_pointer_address_of_pointer_addr : + (forall p:voidP pointer. (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom : parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags : + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. + instanceof(voidP_tag_table, x, voidP_tag))) + +axiom mem_null : + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall x_0_0:int32. + (not mem(x_0_0, null, Tree_right_t_1_at_L, Tree_left_t_1_at_L, + Tree_value_t_1_at_L)))))) + +axiom mem_root : + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall t_0_0:Tree pointer. + ((t_0_0 <> null) -> + mem(select(Tree_value_t_1_at_L, t_0_0), t_0_0, Tree_right_t_1_at_L, + Tree_left_t_1_at_L, Tree_value_t_1_at_L)))))) + +axiom mem_root_eq : + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall x_1_0:int32. + (forall t_1:Tree pointer. + ((t_1 <> null) -> + ((integer_of_int32(x_1_0) = integer_of_int32(select(Tree_value_t_1_at_L, + t_1))) -> + mem(x_1_0, t_1, Tree_right_t_1_at_L, Tree_left_t_1_at_L, + Tree_value_t_1_at_L)))))))) + +axiom mem_left : + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall x_2:int32. + (forall t_2:Tree pointer. + ((t_2 <> null) -> + (mem(x_2, select(Tree_left_t_1_at_L, t_2), Tree_right_t_1_at_L, + Tree_left_t_1_at_L, Tree_value_t_1_at_L) -> + mem(x_2, t_2, Tree_right_t_1_at_L, Tree_left_t_1_at_L, + Tree_value_t_1_at_L)))))))) + +axiom mem_right : + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall x_3:int32. + (forall t_3:Tree pointer. + ((t_3 <> null) -> + (mem(x_3, select(Tree_right_t_1_at_L, t_3), Tree_right_t_1_at_L, + Tree_left_t_1_at_L, Tree_value_t_1_at_L) -> + mem(x_3, t_3, Tree_right_t_1_at_L, Tree_left_t_1_at_L, + Tree_value_t_1_at_L)))))))) + +axiom mem_inversion : + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall x_4:int32. + (forall t_4:Tree pointer. + (mem(x_4, t_4, Tree_right_t_1_at_L, Tree_left_t_1_at_L, + Tree_value_t_1_at_L) -> + ((t_4 <> null) + and ((integer_of_int32(x_4) = integer_of_int32(select(Tree_value_t_1_at_L, + t_4))) + or (mem(x_4, select(Tree_left_t_1_at_L, t_4), Tree_right_t_1_at_L, + Tree_left_t_1_at_L, Tree_value_t_1_at_L) + or mem(x_4, select(Tree_right_t_1_at_L, t_4), + Tree_right_t_1_at_L, Tree_left_t_1_at_L, + Tree_value_t_1_at_L)))))))))) + +axiom has_size_null : + (forall Tree_t_5_2_alloc_table_at_L:Tree alloc_table. + (forall Tree_right_t_5_2_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_5_2_at_L:(Tree, Tree pointer) memory. + has_size(null, (0), Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L)))) + +axiom has_size_non_null : + (forall Tree_t_5_2_alloc_table_at_L:Tree alloc_table. + (forall Tree_right_t_5_2_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_5_2_at_L:(Tree, Tree pointer) memory. + (forall t_6:Tree pointer. + ((le_int(offset_min(Tree_t_5_2_alloc_table_at_L, t_6), (0)) + and ge_int(offset_max(Tree_t_5_2_alloc_table_at_L, t_6), (0))) -> + (forall s1_1:int. + (forall s2_1:int. + ((has_size(select(Tree_left_t_5_2_at_L, t_6), s1_1, + Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L) + and has_size(select(Tree_right_t_5_2_at_L, t_6), s2_1, + Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L)) -> + has_size(t_6, add_int(add_int(s1_1, s2_1), (1)), + Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L))))))))) + +axiom has_size_inversion : + (forall Tree_t_5_2_alloc_table_at_L:Tree alloc_table. + (forall Tree_right_t_5_2_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_5_2_at_L:(Tree, Tree pointer) memory. + (forall t_7:Tree pointer. + (forall s_0_0:int. + (has_size(t_7, s_0_0, Tree_t_5_2_alloc_table_at_L, + Tree_right_t_5_2_at_L, Tree_left_t_5_2_at_L) -> + (((t_7 = null) and (s_0_0 = (0))) + or (le_int(offset_min(Tree_t_5_2_alloc_table_at_L, t_7), (0)) + and (ge_int(offset_max(Tree_t_5_2_alloc_table_at_L, t_7), (0)) + and (exists s1_0_0:int. + (exists s2_0_0:int. + (has_size(select(Tree_left_t_5_2_at_L, t_7), s1_0_0, + Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L) + and (has_size(select(Tree_right_t_5_2_at_L, t_7), s2_0_0, + Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L) + and (le_int((0), s1_0_0) + and (le_int((0), s2_0_0) + and (s_0_0 = add_int(add_int(s1_0_0, s2_0_0), + (1)))))))))))))))))) + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception Return_label_exc of unit + +parameter Tree_alloc_table : Tree alloc_table ref + +parameter Tree_tag_table : Tree tag_table ref + +parameter alloc_struct_Tree : + n:int -> + Tree_alloc_table:Tree alloc_table ref -> + Tree_tag_table:Tree tag_table ref -> + { } Tree pointer writes Tree_alloc_table,Tree_tag_table + { (strict_valid_struct_Tree(result, (0), sub_int(n, (1)), + Tree_alloc_table) + and (alloc_extends(Tree_alloc_table@, Tree_alloc_table) + and (alloc_fresh(Tree_alloc_table@, result, n) + and instanceof(Tree_tag_table, result, Tree_tag)))) } + +parameter alloc_struct_Tree_requires : + n:int -> + Tree_alloc_table:Tree alloc_table ref -> + Tree_tag_table:Tree tag_table ref -> + { ge_int(n, (0))} Tree pointer writes Tree_alloc_table,Tree_tag_table + { (strict_valid_struct_Tree(result, (0), sub_int(n, (1)), + Tree_alloc_table) + and (alloc_extends(Tree_alloc_table@, Tree_alloc_table) + and (alloc_fresh(Tree_alloc_table@, result, n) + and instanceof(Tree_tag_table, result, Tree_tag)))) } + +parameter charP_alloc_table : charP alloc_table ref + +parameter charP_tag_table : charP tag_table ref + +parameter alloc_struct_charP : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { } charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter alloc_struct_charP_requires : + n:int -> + charP_alloc_table:charP alloc_table ref -> + charP_tag_table:charP tag_table ref -> + { ge_int(n, (0))} charP pointer writes charP_alloc_table,charP_tag_table + { (strict_valid_struct_charP(result, (0), sub_int(n, (1)), + charP_alloc_table) + and (alloc_extends(charP_alloc_table@, charP_alloc_table) + and (alloc_fresh(charP_alloc_table@, result, n) + and instanceof(charP_tag_table, result, charP_tag)))) } + +parameter voidP_alloc_table : voidP alloc_table ref + +parameter voidP_tag_table : voidP tag_table ref + +parameter alloc_struct_voidP : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { } voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter alloc_struct_voidP_requires : + n:int -> + voidP_alloc_table:voidP alloc_table ref -> + voidP_tag_table:voidP tag_table ref -> + { ge_int(n, (0))} voidP pointer writes voidP_alloc_table,voidP_tag_table + { (strict_valid_struct_voidP(result, (0), sub_int(n, (1)), + voidP_alloc_table) + and (alloc_extends(voidP_alloc_table@, voidP_alloc_table) + and (alloc_fresh(voidP_alloc_table@, result, n) + and instanceof(voidP_tag_table, result, voidP_tag)))) } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_int8 : unit -> { } int8 { true } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter int8_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} int8 + { eq_int(integer_of_int8(result), x) } + +parameter max : + x_0:int32 -> + y:int32 -> + { } int32 + { (JC_7: + (integer_of_int32(result) = int_max(integer_of_int32(x_0), + integer_of_int32(y)))) } + +parameter max_requires : + x_0:int32 -> + y:int32 -> + { } int32 + { (JC_7: + (integer_of_int32(result) = int_max(integer_of_int32(x_0), + integer_of_int32(y)))) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_int8_of_integer_ : + x:int -> { } int8 { eq_int(integer_of_int8(result), x) } + +parameter tree_max : + t_0:Tree pointer -> + Tree_t_6_alloc_table:Tree alloc_table -> + Tree_right_t_6:(Tree, Tree pointer) memory -> + Tree_left_t_6:(Tree, Tree pointer) memory -> + Tree_value_t_6:(Tree, int32) memory -> + { } int32 + { (JC_24: + ((JC_22: + mem(result, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6)) + and (JC_23: + (forall x_5:int32. + (mem(x_5, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + ge_int(integer_of_int32(result), integer_of_int32(x_5))))))) } + +parameter tree_max_requires : + t_0:Tree pointer -> + Tree_t_6_alloc_table:Tree alloc_table -> + Tree_right_t_6:(Tree, Tree pointer) memory -> + Tree_left_t_6:(Tree, Tree pointer) memory -> + Tree_value_t_6:(Tree, int32) memory -> + { (JC_13: + ((JC_11: (t_0 <> null)) + and (JC_12: + valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6))))} + int32 + { (JC_24: + ((JC_22: + mem(result, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6)) + and (JC_23: + (forall x_5:int32. + (mem(x_5, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + ge_int(integer_of_int32(result), integer_of_int32(x_5))))))) } + +let tree_max_ensures_default = + fun (t_0 : Tree pointer) (Tree_t_6_alloc_table : Tree alloc_table) (Tree_value_t_6 : (Tree, int32) memory) (Tree_left_t_6 : (Tree, Tree pointer) memory) (Tree_right_t_6 : (Tree, Tree pointer) memory) -> + { (JC_17: + ((JC_15: (t_0 <> null)) + and (JC_16: + valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, Tree_left_t_6)))) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let m = ref (any_int32 void) in + (let tmp = ref (any_int32 void) in + (let tmp_0 = ref (any_int32 void) in + (C_3: + begin + (let jessie_ = (m := (C_2: ((safe_acc_ Tree_value_t_6) t_0))) in + void); + (if ((safe_neq_pointer (C_9: ((safe_acc_ Tree_left_t_6) t_0))) null) + then + (let jessie_ = + (C_6: + (C_8: + begin + (let jessie_ = + (tmp := (C_5: + (let jessie_ = (C_4: ((safe_acc_ Tree_left_t_6) t_0)) in + (JC_36: + (((((tree_max jessie_) Tree_t_6_alloc_table) Tree_right_t_6) Tree_left_t_6) Tree_value_t_6))))) in + void); + (m := (C_7: + (let jessie_ = !m in + (let jessie_ = !tmp in (JC_37: ((max jessie_) jessie_)))))); + !m end)) in void) else void); + (if ((safe_neq_pointer (C_15: ((safe_acc_ Tree_right_t_6) t_0))) null) + then + (let jessie_ = + (C_12: + (C_14: + begin + (let jessie_ = + (tmp_0 := (C_11: + (let jessie_ = + (C_10: ((safe_acc_ Tree_right_t_6) t_0)) in + (JC_38: + (((((tree_max jessie_) Tree_t_6_alloc_table) Tree_right_t_6) Tree_left_t_6) Tree_value_t_6))))) in + void); + (m := (C_13: + (let jessie_ = !m in + (let jessie_ = !tmp_0 in + (JC_39: ((max jessie_) jessie_)))))); !m end)) in void) + else void); (return := !m); (raise Return) end)))); absurd end with + Return -> !return end)) + { (JC_21: + ((JC_19: mem(result, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6)) + and (JC_20: + (forall x_5:int32. + (mem(x_5, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + ge_int(integer_of_int32(result), integer_of_int32(x_5))))))) } + +let tree_max_safety = + fun (t_0 : Tree pointer) (Tree_t_6_alloc_table : Tree alloc_table) (Tree_value_t_6 : (Tree, int32) memory) (Tree_left_t_6 : (Tree, Tree pointer) memory) (Tree_right_t_6 : (Tree, Tree pointer) memory) -> + { (JC_17: + ((JC_15: (t_0 <> null)) + and (JC_16: + valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, Tree_left_t_6)))) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let m = ref (any_int32 void) in + (let tmp = ref (any_int32 void) in + (let tmp_0 = ref (any_int32 void) in + (C_3: + begin + (let jessie_ = + (m := (C_2: + (JC_27: (((acc_ Tree_t_6_alloc_table) Tree_value_t_6) t_0)))) in + void); + (if ((neq_pointer (C_9: + (JC_28: + (((acc_ Tree_t_6_alloc_table) Tree_left_t_6) t_0)))) null) + then + (let jessie_ = + (C_6: + (C_8: + begin + (let jessie_ = + (tmp := (C_5: + (let jessie_ = + (C_4: + (JC_29: (((acc_ Tree_t_6_alloc_table) Tree_left_t_6) t_0))) in + (JC_30: + (((((tree_max_requires jessie_) Tree_t_6_alloc_table) Tree_right_t_6) Tree_left_t_6) Tree_value_t_6))))) in + void); + (m := (C_7: + (let jessie_ = !m in + (let jessie_ = !tmp in + (JC_31: ((max_requires jessie_) jessie_)))))); !m end)) in + void) else void); + (if ((neq_pointer (C_15: + (JC_32: + (((acc_ Tree_t_6_alloc_table) Tree_right_t_6) t_0)))) null) + then + (let jessie_ = + (C_12: + (C_14: + begin + (let jessie_ = + (tmp_0 := (C_11: + (let jessie_ = + (C_10: + (JC_33: + (((acc_ Tree_t_6_alloc_table) Tree_right_t_6) t_0))) in + (JC_34: + (((((tree_max_requires jessie_) Tree_t_6_alloc_table) Tree_right_t_6) Tree_left_t_6) Tree_value_t_6))))) in + void); + (m := (C_13: + (let jessie_ = !m in + (let jessie_ = !tmp_0 in + (JC_35: ((max_requires jessie_) jessie_)))))); !m end)) in + void) else void); (return := !m); (raise Return) end)))); absurd end + with Return -> !return end)) { true } + + +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/tree_max.why +========== file tests/c/tree_max.jessie/why/tree_max_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Tree + +type charP + +type int32 + +type int8 + +type padding + +type voidP + +logic Tree_tag : Tree tag_id + +axiom Tree_int: (int_of_tag(Tree_tag) = 1) + +logic Tree_of_pointer_address : unit pointer -> Tree pointer + +axiom Tree_of_pointer_address_of_pointer_addr: + (forall p:Tree pointer. (p = Tree_of_pointer_address(pointer_address(p)))) + +axiom Tree_parenttag_bottom: parenttag(Tree_tag, bottom_tag) + +axiom Tree_tags: + (forall x:Tree pointer. + (forall Tree_tag_table:Tree tag_table. instanceof(Tree_tag_table, x, + Tree_tag))) + +logic charP_tag : charP tag_id + +axiom charP_int: (int_of_tag(charP_tag) = 1) + +logic charP_of_pointer_address : unit pointer -> charP pointer + +axiom charP_of_pointer_address_of_pointer_addr: + (forall p:charP pointer. + (p = charP_of_pointer_address(pointer_address(p)))) + +axiom charP_parenttag_bottom: parenttag(charP_tag, bottom_tag) + +axiom charP_tags: + (forall x:charP pointer. + (forall charP_tag_table:charP tag_table. instanceof(charP_tag_table, x, + charP_tag))) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_int8 : int8 -> int + +predicate eq_int8(x: int8, y: int8) = + (integer_of_int8(x) = integer_of_int8(y)) + +logic has_size : Tree pointer, int, Tree alloc_table, (Tree, +Tree pointer) memory, (Tree, Tree pointer) memory -> prop + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic int8_of_integer : int -> int8 + +axiom int8_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_int8(int8_of_integer(x)) = x))) + +axiom int8_extensionality: + (forall x:int8. + (forall y:int8. ((integer_of_int8(x) = integer_of_int8(y)) -> (x = y)))) + +axiom int8_range: + (forall x:int8. + (((-128) <= integer_of_int8(x)) and (integer_of_int8(x) <= 127))) + +predicate left_valid_struct_Tree(p: Tree pointer, a: int, + Tree_alloc_table: Tree alloc_table) = (offset_min(Tree_alloc_table, + p) <= a) + +predicate left_valid_struct_charP(p: charP pointer, a: int, + charP_alloc_table: charP alloc_table) = (offset_min(charP_alloc_table, + p) <= a) + +predicate left_valid_struct_voidP(p: voidP pointer, a: int, + voidP_alloc_table: voidP alloc_table) = (offset_min(voidP_alloc_table, + p) <= a) + +logic mem : int32, Tree pointer, (Tree, Tree pointer) memory, (Tree, +Tree pointer) memory, (Tree, int32) memory -> prop + +axiom pointer_addr_of_Tree_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(Tree_of_pointer_address(p)))) + +axiom pointer_addr_of_charP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(charP_of_pointer_address(p)))) + +logic voidP_of_pointer_address : unit pointer -> voidP pointer + +axiom pointer_addr_of_voidP_of_pointer_address: + (forall p:unit pointer. (p = pointer_address(voidP_of_pointer_address(p)))) + +predicate right_valid_struct_Tree(p: Tree pointer, b: int, + Tree_alloc_table: Tree alloc_table) = (offset_max(Tree_alloc_table, + p) >= b) + +predicate right_valid_struct_charP(p: charP pointer, b: int, + charP_alloc_table: charP alloc_table) = (offset_max(charP_alloc_table, + p) >= b) + +predicate right_valid_struct_voidP(p: voidP pointer, b: int, + voidP_alloc_table: voidP alloc_table) = (offset_max(voidP_alloc_table, + p) >= b) + +predicate size_decreases(t1: Tree pointer, t2: Tree pointer, + Tree_t2_4_alloc_table_at_L: Tree alloc_table, + Tree_t1_3_alloc_table_at_L: Tree alloc_table, Tree_right_t2_4_at_L: (Tree, + Tree pointer) memory, Tree_right_t1_3_at_L: (Tree, Tree pointer) memory, + Tree_left_t2_4_at_L: (Tree, Tree pointer) memory, + Tree_left_t1_3_at_L: (Tree, Tree pointer) memory) = + (exists s1_1_0:int. + (exists s2_1_0:int. + (has_size(t1, s1_1_0, Tree_t1_3_alloc_table_at_L, Tree_right_t1_3_at_L, + Tree_left_t1_3_at_L) and + (has_size(t2, s2_1_0, Tree_t2_4_alloc_table_at_L, + Tree_right_t2_4_at_L, Tree_left_t2_4_at_L) and (s1_1_0 > s2_1_0))))) + +predicate strict_valid_root_Tree(p: Tree pointer, a: int, b: int, + Tree_alloc_table: Tree alloc_table) = + ((offset_min(Tree_alloc_table, p) = a) and (offset_max(Tree_alloc_table, + p) = b)) + +predicate strict_valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate strict_valid_struct_Tree(p: Tree pointer, a: int, b: int, + Tree_alloc_table: Tree alloc_table) = + ((offset_min(Tree_alloc_table, p) = a) and (offset_max(Tree_alloc_table, + p) = b)) + +predicate strict_valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) = a) and (offset_max(charP_alloc_table, + p) = b)) + +predicate strict_valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) = a) and (offset_max(voidP_alloc_table, + p) = b)) + +predicate valid_root_Tree(p: Tree pointer, a: int, b: int, + Tree_alloc_table: Tree alloc_table) = + ((offset_min(Tree_alloc_table, p) <= a) and (offset_max(Tree_alloc_table, + p) >= b)) + +predicate valid_root_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_root_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_struct_Tree(p: Tree pointer, a: int, b: int, + Tree_alloc_table: Tree alloc_table) = + ((offset_min(Tree_alloc_table, p) <= a) and (offset_max(Tree_alloc_table, + p) >= b)) + +predicate valid_struct_charP(p: charP pointer, a: int, b: int, + charP_alloc_table: charP alloc_table) = + ((offset_min(charP_alloc_table, p) <= a) and (offset_max(charP_alloc_table, + p) >= b)) + +predicate valid_struct_voidP(p: voidP pointer, a: int, b: int, + voidP_alloc_table: voidP alloc_table) = + ((offset_min(voidP_alloc_table, p) <= a) and (offset_max(voidP_alloc_table, + p) >= b)) + +predicate valid_tree(t_8: Tree pointer, + Tree_t_8_5_alloc_table_at_L: Tree alloc_table, + Tree_right_t_8_5_at_L: (Tree, Tree pointer) memory, + Tree_left_t_8_5_at_L: (Tree, Tree pointer) memory) = + (exists s_1:int. has_size(t_8, s_1, Tree_t_8_5_alloc_table_at_L, + Tree_right_t_8_5_at_L, Tree_left_t_8_5_at_L)) + +logic voidP_tag : voidP tag_id + +axiom voidP_int: (int_of_tag(voidP_tag) = 1) + +axiom voidP_of_pointer_address_of_pointer_addr: + (forall p:voidP pointer. + (p = voidP_of_pointer_address(pointer_address(p)))) + +axiom voidP_parenttag_bottom: parenttag(voidP_tag, bottom_tag) + +axiom voidP_tags: + (forall x:voidP pointer. + (forall voidP_tag_table:voidP tag_table. instanceof(voidP_tag_table, x, + voidP_tag))) + +axiom mem_null: + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall x_0_0:int32. (not mem(x_0_0, null, Tree_right_t_1_at_L, + Tree_left_t_1_at_L, Tree_value_t_1_at_L)))))) + +axiom mem_root: + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall t_0_0:Tree pointer. + ((t_0_0 <> null) -> mem(select(Tree_value_t_1_at_L, t_0_0), t_0_0, + Tree_right_t_1_at_L, Tree_left_t_1_at_L, Tree_value_t_1_at_L)))))) + +axiom mem_root_eq: + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall x_1_0:int32. + (forall t_1:Tree pointer. + ((t_1 <> null) -> + ((integer_of_int32(x_1_0) = integer_of_int32(select(Tree_value_t_1_at_L, + t_1))) -> mem(x_1_0, t_1, Tree_right_t_1_at_L, + Tree_left_t_1_at_L, Tree_value_t_1_at_L)))))))) + +axiom mem_left: + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall x_2:int32. + (forall t_2:Tree pointer. + ((t_2 <> null) -> + (mem(x_2, select(Tree_left_t_1_at_L, t_2), Tree_right_t_1_at_L, + Tree_left_t_1_at_L, Tree_value_t_1_at_L) -> mem(x_2, t_2, + Tree_right_t_1_at_L, Tree_left_t_1_at_L, Tree_value_t_1_at_L)))))))) + +axiom mem_right: + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall x_3:int32. + (forall t_3:Tree pointer. + ((t_3 <> null) -> + (mem(x_3, select(Tree_right_t_1_at_L, t_3), Tree_right_t_1_at_L, + Tree_left_t_1_at_L, Tree_value_t_1_at_L) -> mem(x_3, t_3, + Tree_right_t_1_at_L, Tree_left_t_1_at_L, Tree_value_t_1_at_L)))))))) + +axiom mem_inversion: + (forall Tree_right_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_1_at_L:(Tree, Tree pointer) memory. + (forall Tree_value_t_1_at_L:(Tree, int32) memory. + (forall x_4:int32. + (forall t_4:Tree pointer. + (mem(x_4, t_4, Tree_right_t_1_at_L, Tree_left_t_1_at_L, + Tree_value_t_1_at_L) -> + ((t_4 <> null) and + ((integer_of_int32(x_4) = integer_of_int32(select(Tree_value_t_1_at_L, + t_4))) or + (mem(x_4, select(Tree_left_t_1_at_L, t_4), + Tree_right_t_1_at_L, Tree_left_t_1_at_L, + Tree_value_t_1_at_L) or mem(x_4, select(Tree_right_t_1_at_L, + t_4), Tree_right_t_1_at_L, Tree_left_t_1_at_L, + Tree_value_t_1_at_L)))))))))) + +axiom has_size_null: + (forall Tree_t_5_2_alloc_table_at_L:Tree alloc_table. + (forall Tree_right_t_5_2_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_5_2_at_L:(Tree, Tree pointer) memory. + has_size(null, 0, Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L)))) + +axiom has_size_non_null: + (forall Tree_t_5_2_alloc_table_at_L:Tree alloc_table. + (forall Tree_right_t_5_2_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_5_2_at_L:(Tree, Tree pointer) memory. + (forall t_6:Tree pointer. + (((offset_min(Tree_t_5_2_alloc_table_at_L, t_6) <= 0) and + (offset_max(Tree_t_5_2_alloc_table_at_L, t_6) >= 0)) -> + (forall s1_1:int. + (forall s2_1:int. + ((has_size(select(Tree_left_t_5_2_at_L, t_6), s1_1, + Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L) and + has_size(select(Tree_right_t_5_2_at_L, t_6), s2_1, + Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L)) -> + has_size(t_6, ((s1_1 + s2_1) + 1), + Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L))))))))) + +axiom has_size_inversion: + (forall Tree_t_5_2_alloc_table_at_L:Tree alloc_table. + (forall Tree_right_t_5_2_at_L:(Tree, Tree pointer) memory. + (forall Tree_left_t_5_2_at_L:(Tree, Tree pointer) memory. + (forall t_7:Tree pointer. + (forall s_0_0:int. + (has_size(t_7, s_0_0, Tree_t_5_2_alloc_table_at_L, + Tree_right_t_5_2_at_L, Tree_left_t_5_2_at_L) -> + (((t_7 = null) and (s_0_0 = 0)) or + ((offset_min(Tree_t_5_2_alloc_table_at_L, t_7) <= 0) and + ((offset_max(Tree_t_5_2_alloc_table_at_L, t_7) >= 0) and + (exists s1_0_0:int. + (exists s2_0_0:int. + (has_size(select(Tree_left_t_5_2_at_L, t_7), s1_0_0, + Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L) and + (has_size(select(Tree_right_t_5_2_at_L, t_7), s2_0_0, + Tree_t_5_2_alloc_table_at_L, Tree_right_t_5_2_at_L, + Tree_left_t_5_2_at_L) and + ((0 <= s1_0_0) and + ((0 <= s2_0_0) and (s_0_0 = ((s1_0_0 + s2_0_0) + 1))))))))))))))))) + +goal tree_max_ensures_default_po_1: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (result0 <> null) -> + forall result1:Tree pointer. + (result1 = select(Tree_left_t_6, t_0)) -> + forall result2:int32. + ("JC_24": + (("JC_22": mem(result2, result1, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result1, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result2) >= integer_of_int32(x_5))))))) -> + forall tmp:int32. + (tmp = result2) -> + forall result3:int32. + ("JC_7": (integer_of_int32(result3) = int_max(integer_of_int32(m), + integer_of_int32(tmp)))) -> + forall m0:int32. + (m0 = result3) -> + forall result4:Tree pointer. + (result4 = select(Tree_right_t_6, t_0)) -> + (result4 <> null) -> + forall result5:Tree pointer. + (result5 = select(Tree_right_t_6, t_0)) -> + forall result6:int32. + ("JC_24": + (("JC_22": mem(result6, result5, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result5, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result6) >= integer_of_int32(x_5))))))) -> + forall tmp_0:int32. + (tmp_0 = result6) -> + forall result7:int32. + ("JC_7": (integer_of_int32(result7) = int_max(integer_of_int32(m0), + integer_of_int32(tmp_0)))) -> + forall m1:int32. + (m1 = result7) -> + forall return:int32. + (return = m1) -> + ("JC_21": + ("JC_19": mem(return, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6))) + +goal tree_max_ensures_default_po_2: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (result0 <> null) -> + forall result1:Tree pointer. + (result1 = select(Tree_left_t_6, t_0)) -> + forall result2:int32. + ("JC_24": + (("JC_22": mem(result2, result1, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result1, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result2) >= integer_of_int32(x_5))))))) -> + forall tmp:int32. + (tmp = result2) -> + forall result3:int32. + ("JC_7": (integer_of_int32(result3) = int_max(integer_of_int32(m), + integer_of_int32(tmp)))) -> + forall m0:int32. + (m0 = result3) -> + forall result4:Tree pointer. + (result4 = select(Tree_right_t_6, t_0)) -> + (result4 <> null) -> + forall result5:Tree pointer. + (result5 = select(Tree_right_t_6, t_0)) -> + forall result6:int32. + ("JC_24": + (("JC_22": mem(result6, result5, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result5, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result6) >= integer_of_int32(x_5))))))) -> + forall tmp_0:int32. + (tmp_0 = result6) -> + forall result7:int32. + ("JC_7": (integer_of_int32(result7) = int_max(integer_of_int32(m0), + integer_of_int32(tmp_0)))) -> + forall m1:int32. + (m1 = result7) -> + forall return:int32. + (return = m1) -> + forall x_5:int32. + mem(x_5, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + ("JC_21": ("JC_20": (integer_of_int32(return) >= integer_of_int32(x_5)))) + +goal tree_max_ensures_default_po_3: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (result0 <> null) -> + forall result1:Tree pointer. + (result1 = select(Tree_left_t_6, t_0)) -> + forall result2:int32. + ("JC_24": + (("JC_22": mem(result2, result1, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result1, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result2) >= integer_of_int32(x_5))))))) -> + forall tmp:int32. + (tmp = result2) -> + forall result3:int32. + ("JC_7": (integer_of_int32(result3) = int_max(integer_of_int32(m), + integer_of_int32(tmp)))) -> + forall m0:int32. + (m0 = result3) -> + forall result4:Tree pointer. + (result4 = select(Tree_right_t_6, t_0)) -> + (result4 = null) -> + forall return:int32. + (return = m0) -> + ("JC_21": + ("JC_19": mem(return, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6))) + +goal tree_max_ensures_default_po_4: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (result0 <> null) -> + forall result1:Tree pointer. + (result1 = select(Tree_left_t_6, t_0)) -> + forall result2:int32. + ("JC_24": + (("JC_22": mem(result2, result1, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result1, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result2) >= integer_of_int32(x_5))))))) -> + forall tmp:int32. + (tmp = result2) -> + forall result3:int32. + ("JC_7": (integer_of_int32(result3) = int_max(integer_of_int32(m), + integer_of_int32(tmp)))) -> + forall m0:int32. + (m0 = result3) -> + forall result4:Tree pointer. + (result4 = select(Tree_right_t_6, t_0)) -> + (result4 = null) -> + forall return:int32. + (return = m0) -> + forall x_5:int32. + mem(x_5, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + ("JC_21": ("JC_20": (integer_of_int32(return) >= integer_of_int32(x_5)))) + +goal tree_max_ensures_default_po_5: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (result0 = null) -> + forall result1:Tree pointer. + (result1 = select(Tree_right_t_6, t_0)) -> + (result1 <> null) -> + forall result2:Tree pointer. + (result2 = select(Tree_right_t_6, t_0)) -> + forall result3:int32. + ("JC_24": + (("JC_22": mem(result3, result2, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result2, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result3) >= integer_of_int32(x_5))))))) -> + forall tmp_0:int32. + (tmp_0 = result3) -> + forall result4:int32. + ("JC_7": (integer_of_int32(result4) = int_max(integer_of_int32(m), + integer_of_int32(tmp_0)))) -> + forall m0:int32. + (m0 = result4) -> + forall return:int32. + (return = m0) -> + ("JC_21": + ("JC_19": mem(return, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6))) + +goal tree_max_ensures_default_po_6: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (result0 = null) -> + forall result1:Tree pointer. + (result1 = select(Tree_right_t_6, t_0)) -> + (result1 <> null) -> + forall result2:Tree pointer. + (result2 = select(Tree_right_t_6, t_0)) -> + forall result3:int32. + ("JC_24": + (("JC_22": mem(result3, result2, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result2, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result3) >= integer_of_int32(x_5))))))) -> + forall tmp_0:int32. + (tmp_0 = result3) -> + forall result4:int32. + ("JC_7": (integer_of_int32(result4) = int_max(integer_of_int32(m), + integer_of_int32(tmp_0)))) -> + forall m0:int32. + (m0 = result4) -> + forall return:int32. + (return = m0) -> + forall x_5:int32. + mem(x_5, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + ("JC_21": ("JC_20": (integer_of_int32(return) >= integer_of_int32(x_5)))) + +goal tree_max_ensures_default_po_7: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (result0 = null) -> + forall result1:Tree pointer. + (result1 = select(Tree_right_t_6, t_0)) -> + (result1 = null) -> + forall return:int32. + (return = m) -> + ("JC_21": + ("JC_19": mem(return, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6))) + +goal tree_max_ensures_default_po_8: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (result0 = null) -> + forall result1:Tree pointer. + (result1 = select(Tree_right_t_6, t_0)) -> + (result1 = null) -> + forall return:int32. + (return = m) -> + forall x_5:int32. + mem(x_5, t_0, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + ("JC_21": ("JC_20": (integer_of_int32(return) >= integer_of_int32(x_5)))) + +goal tree_max_safety_po_1: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + (offset_min(Tree_t_6_alloc_table, t_0) <= 0) + +goal tree_max_safety_po_2: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + (0 <= offset_max(Tree_t_6_alloc_table, t_0)) + +goal tree_max_safety_po_3: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (same_block(result0, null) or ((result0 = null) or (null = null))) + +goal tree_max_safety_po_4: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (same_block(result0, null) or ((result0 = null) or (null = null))) -> + (result0 <> null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result1:Tree pointer. + (result1 = select(Tree_left_t_6, t_0)) -> + ("JC_13": ("JC_11": (result1 <> null))) + +goal tree_max_safety_po_5: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (same_block(result0, null) or ((result0 = null) or (null = null))) -> + (result0 <> null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result1:Tree pointer. + (result1 = select(Tree_left_t_6, t_0)) -> + ("JC_13": + ("JC_12": valid_tree(result1, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6))) + +goal tree_max_safety_po_6: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (same_block(result0, null) or ((result0 = null) or (null = null))) -> + (result0 <> null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result1:Tree pointer. + (result1 = select(Tree_left_t_6, t_0)) -> + ("JC_13": + (("JC_11": (result1 <> null)) and + ("JC_12": valid_tree(result1, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result2:int32. + ("JC_24": + (("JC_22": mem(result2, result1, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result1, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result2) >= integer_of_int32(x_5))))))) -> + forall tmp:int32. + (tmp = result2) -> + forall result3:int32. + ("JC_7": (integer_of_int32(result3) = int_max(integer_of_int32(m), + integer_of_int32(tmp)))) -> + forall m0:int32. + (m0 = result3) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result4:Tree pointer. + (result4 = select(Tree_right_t_6, t_0)) -> + (same_block(result4, null) or ((result4 = null) or (null = null))) + +goal tree_max_safety_po_7: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (same_block(result0, null) or ((result0 = null) or (null = null))) -> + (result0 <> null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result1:Tree pointer. + (result1 = select(Tree_left_t_6, t_0)) -> + ("JC_13": + (("JC_11": (result1 <> null)) and + ("JC_12": valid_tree(result1, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result2:int32. + ("JC_24": + (("JC_22": mem(result2, result1, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result1, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result2) >= integer_of_int32(x_5))))))) -> + forall tmp:int32. + (tmp = result2) -> + forall result3:int32. + ("JC_7": (integer_of_int32(result3) = int_max(integer_of_int32(m), + integer_of_int32(tmp)))) -> + forall m0:int32. + (m0 = result3) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result4:Tree pointer. + (result4 = select(Tree_right_t_6, t_0)) -> + (same_block(result4, null) or ((result4 = null) or (null = null))) -> + (result4 <> null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result5:Tree pointer. + (result5 = select(Tree_right_t_6, t_0)) -> + ("JC_13": ("JC_11": (result5 <> null))) + +goal tree_max_safety_po_8: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (same_block(result0, null) or ((result0 = null) or (null = null))) -> + (result0 <> null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result1:Tree pointer. + (result1 = select(Tree_left_t_6, t_0)) -> + ("JC_13": + (("JC_11": (result1 <> null)) and + ("JC_12": valid_tree(result1, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + forall result2:int32. + ("JC_24": + (("JC_22": mem(result2, result1, Tree_right_t_6, Tree_left_t_6, + Tree_value_t_6)) and + ("JC_23": + (forall x_5:int32. + (mem(x_5, result1, Tree_right_t_6, Tree_left_t_6, Tree_value_t_6) -> + (integer_of_int32(result2) >= integer_of_int32(x_5))))))) -> + forall tmp:int32. + (tmp = result2) -> + forall result3:int32. + ("JC_7": (integer_of_int32(result3) = int_max(integer_of_int32(m), + integer_of_int32(tmp)))) -> + forall m0:int32. + (m0 = result3) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result4:Tree pointer. + (result4 = select(Tree_right_t_6, t_0)) -> + (same_block(result4, null) or ((result4 = null) or (null = null))) -> + (result4 <> null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result5:Tree pointer. + (result5 = select(Tree_right_t_6, t_0)) -> + ("JC_13": + ("JC_12": valid_tree(result5, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6))) + +goal tree_max_safety_po_9: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (same_block(result0, null) or ((result0 = null) or (null = null))) -> + (result0 = null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result1:Tree pointer. + (result1 = select(Tree_right_t_6, t_0)) -> + (same_block(result1, null) or ((result1 = null) or (null = null))) + +goal tree_max_safety_po_10: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (same_block(result0, null) or ((result0 = null) or (null = null))) -> + (result0 = null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result1:Tree pointer. + (result1 = select(Tree_right_t_6, t_0)) -> + (same_block(result1, null) or ((result1 = null) or (null = null))) -> + (result1 <> null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result2:Tree pointer. + (result2 = select(Tree_right_t_6, t_0)) -> + ("JC_13": ("JC_11": (result2 <> null))) + +goal tree_max_safety_po_11: + forall t_0:Tree pointer. + forall Tree_t_6_alloc_table:Tree alloc_table. + forall Tree_value_t_6:(Tree, int32) memory. + forall Tree_left_t_6:(Tree, + Tree pointer) memory. + forall Tree_right_t_6:(Tree, + Tree pointer) memory. + ("JC_17": + (("JC_15": (t_0 <> null)) and + ("JC_16": valid_tree(t_0, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6)))) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result:int32. + (result = select(Tree_value_t_6, t_0)) -> + forall m:int32. + (m = result) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result0:Tree pointer. + (result0 = select(Tree_left_t_6, t_0)) -> + (same_block(result0, null) or ((result0 = null) or (null = null))) -> + (result0 = null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result1:Tree pointer. + (result1 = select(Tree_right_t_6, t_0)) -> + (same_block(result1, null) or ((result1 = null) or (null = null))) -> + (result1 <> null) -> + ((offset_min(Tree_t_6_alloc_table, t_0) <= 0) and + (0 <= offset_max(Tree_t_6_alloc_table, t_0))) -> + forall result2:Tree pointer. + (result2 = select(Tree_right_t_6, t_0)) -> + ("JC_13": + ("JC_12": valid_tree(result2, Tree_t_6_alloc_table, Tree_right_t_6, + Tree_left_t_6))) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/tree_max_why.why : .#.....#........... (17/0/0/2/0) +total : 19 +valid : 17 ( 89%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 2 ( 11%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/c/quick_sort.c why-2.30+dfsg/tests/c/quick_sort.c --- why-2.29+dfsg/tests/c/quick_sort.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/quick_sort.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,100 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +// RUNSIMPLIFY: will ask regtests to run Simplify on this program + +#pragma JessieIntegerModel(math) + +#include "sorting.h" + +/*@ requires \valid(t+i) && \valid(t+j); + @ assigns t[i],t[j]; + @ ensures Swap{Old,Here}(t,i,j); + @*/ +void swap(int t[], int i, int j) { + int tmp = t[i]; + t[i] = t[j]; + t[j] = tmp; +} + +// quick_rec sorts t[l..r] +/*@ requires \valid_range(t,l,r); + @ decreases r-l; + @ assigns t[l..r]; + @ behavior sorted: + @ ensures Sorted(t,l,r+1); + @ behavior permutation: + @ ensures Permut{Old,Here}(t,l,r); + @*/ +void quick_rec(int t[], int l, int r) { + int v,m,i; + if (l >= r) return; + v = t[l]; + m = l; + /*@ loop invariant + @ \forall integer j; l < j <= m ==> t[j] < v; + @ loop invariant + @ \forall integer j; m < j < i ==> t[j] >= v; + @ loop invariant + @ Permut{Pre,Here}(t,l,r); + @ loop invariant t[l] == v && l <= m < i <= r+1; + @ loop variant r-i; + @*/ + for (i = l + 1; i <= r; i++) { + if (t[i] < v) { + L1: + swap(t,i,++m); + //@ assert Permut{L1,Here}(t,l,r); + } + } + //@ assert l <= m <= r; + L: swap(t,l,m); + //@ assert Permut{L,Here}(t,l,r); + quick_rec(t,l,m-1); + quick_rec(t,m+1,r); +} + +/*@ requires \valid_range(t,0,n-1); + @ behavior sorted: + @ ensures Sorted(t,0,n); + @ behavior permutation: + @ ensures Permut{Old,Here}(t,0,n-1); + @*/ +void quick_sort(int t[], int n) { + quick_rec(t,0,n-1); +} + + +/* +Local Variables: +compile-command: "make quick_sort.why3ml" +End: +*/ diff -Nru why-2.29+dfsg/tests/c/rec.c why-2.30+dfsg/tests/c/rec.c --- why-2.29+dfsg/tests/c/rec.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/rec.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,80 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +//@ logic integer sum_upto(integer n) = n*(n+1) / 2; + +/*@ lemma sum_rec: \forall integer n; n >=0 ==> + @ sum_upto(n+1) == sum_upto(n)+n+1; + @*/ + +/*@ requires x >= 0; + @ requires x <= 1000; + @ decreases x; + @ ensures \result == sum_upto(x); + @*/ +long sum(int x) { + if (x == 0) return 0; + else return x + sum (x-1); +} + + +/*@ ensures \result == 36; + @*/ +long main () { + long i = sum(8); + return i; +} + + + +/*@ decreases 101-n ; + @ behavior less_than_101: + @ assumes n <= 100; + @ ensures \result == 91; + @ behavior greater_than_100: + @ assumes n >= 101; + @ ensures \result == n - 10; + @*/ +int f91(int n) { + if (n <= 100) { + return f91(f91(n + 11)); + } + else + return n - 10; +} + +/* +Local Variables: +compile-command: "make rec.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/c/selection_sort.c why-2.30+dfsg/tests/c/selection_sort.c --- why-2.29+dfsg/tests/c/selection_sort.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/selection_sort.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,97 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +// RUNSIMPLIFY: will ask regtests to run Simplify on this program + +#pragma JessieIntegerModel(math) + +#include "sorting.h" + +/*@ requires \valid(t+i) && \valid(t+j); + @ assigns t[i],t[j]; + @ ensures Swap{Old,Here}(t,i,j); + @*/ +void swap(int t[], int i, int j) { + int tmp = t[i]; + t[i] = t[j]; + t[j] = tmp; +} + +/*@ requires \valid_range(t,0,n-1); + @ behavior sorted: + @ ensures Sorted(t,0,n); + @ behavior permutation: + @ ensures Permut{Old,Here}(t,0,n-1); + @*/ +void sel_sort(int t[], int n) { + int i,j; + int mi,mv; + if (n <= 0) return; + /*@ loop invariant 0 <= i < n; + @ for sorted: + @ loop invariant + @ Sorted(t,0,i) && + @ (\forall integer k1, k2 ; + @ 0 <= k1 < i <= k2 < n ==> t[k1] <= t[k2]) ; + @ for permutation: + @ loop invariant Permut{Pre,Here}(t,0,n-1); + @ loop variant n-i; + @*/ + for (i=0; i t[k] >= mv); + @ for permutation: + @ loop invariant + @ Permut{Pre,Here}(t,0,n-1); + @ loop variant n-j; + @*/ + for (j=i+1; j < n; j++) { + if (t[j] < mv) { + mi = j ; mv = t[j]; + } + } + L: + swap(t,i,mi); + //@ assert Permut{L,Here}(t,0,n-1); + } +} + + +/* +Local Variables: +compile-command: "frama-c -jessie selection_sort.c" +End: +*/ diff -Nru why-2.29+dfsg/tests/c/sparse_array2.c why-2.30+dfsg/tests/c/sparse_array2.c --- why-2.29+dfsg/tests/c/sparse_array2.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/sparse_array2.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ typedef unsigned int uint; @@ -102,3 +132,9 @@ + +/* +Local Variables: +compile-command: "make sparse_array2.why3ml" +End: +*/ diff -Nru why-2.29+dfsg/tests/c/sparse_array.c why-2.30+dfsg/tests/c/sparse_array.c --- why-2.29+dfsg/tests/c/sparse_array.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/sparse_array.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ typedef unsigned int uint; @@ -55,3 +85,11 @@ + +/* +Local Variables: +compile-command: "make sparse_array.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/c/Sterbenz.c why-2.30+dfsg/tests/c/Sterbenz.c --- why-2.29+dfsg/tests/c/Sterbenz.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/Sterbenz.c 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,34 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // RUNCOQ: will ask regtests to check Coq proofs of this program /*@ requires y / 2.0 <= x <= 2.0 * y; @@ -12,6 +43,6 @@ /* Local Variables: -compile-command: "frama-c -jessie -jessie-atp coq Sterbenz.c" +compile-command: "make Sterbenz.why3ml" End: */ diff -Nru why-2.29+dfsg/tests/c/Sterbenz.jessie/coq/floats_strict_why.v why-2.30+dfsg/tests/c/Sterbenz.jessie/coq/floats_strict_why.v --- why-2.29+dfsg/tests/c/Sterbenz.jessie/coq/floats_strict_why.v 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/Sterbenz.jessie/coq/floats_strict_why.v 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,289 @@ +(* This file was originally generated by why. + It can be modified; only the generated parts will be overwritten. *) +Require Export jessie_why. + +(*Why type*) Inductive mode : Set := + | nearest_even : mode + | to_zero : mode + | up : mode + | down : mode + | nearest_away : mode. + +(*Why type*) Definition double: Set. +Admitted. + +(*Why logic*) Definition round_double : mode -> R -> R. +Admitted. + +(*Why logic*) Definition round_double_logic : mode -> R -> double. +Admitted. + +(*Why logic*) Definition double_value : double -> R. +Admitted. + +(*Why logic*) Definition double_exact : double -> R. +Admitted. + +(*Why logic*) Definition double_model : double -> R. +Admitted. + +(*Why function*) Definition double_round_error (x:double) + := (Rabs (Rminus (double_value x) (double_exact x))). + +(*Why function*) Definition double_total_error (x:double) + := (Rabs (Rminus (double_value x) (double_model x))). + +(*Why function*) Definition max_double + := (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R. + +(*Why predicate*) Definition no_overflow_double (m:mode) (x:R) + := (Rle (Rabs (round_double m x)) max_double). + +(*Why axiom*) Lemma bounded_real_no_overflow_double : + (forall (m:mode), + (forall (x:R), ((Rle (Rabs x) max_double) -> (no_overflow_double m x)))). +Admitted. +Dp_hint bounded_real_no_overflow_double. + +(*Why axiom*) Lemma round_double_monotonic : + (forall (x:R), + (forall (y:R), + (forall (m:mode), + ((Rle x y) -> (Rle (round_double m x) (round_double m y)))))). +Admitted. +Dp_hint round_double_monotonic. + +(*Why axiom*) Lemma exact_round_double_for_integers : + (forall (i:Z), + (forall (m:mode), + ((-9007199254740992) <= i /\ i <= 9007199254740992 -> + (eq (round_double m (IZR i)) (IZR i))))). +Admitted. +Dp_hint exact_round_double_for_integers. + +(*Why axiom*) Lemma exact_round_double_for_doubles : + (forall (x:double), + (forall (m:mode), (eq (round_double m (double_value x)) (double_value x)))). +Admitted. +Dp_hint exact_round_double_for_doubles. + +(*Why axiom*) Lemma round_double_idempotent : + (forall (m1:mode), + (forall (m2:mode), + (forall (x:R), + (eq (round_double m1 (round_double m2 x)) (round_double m2 x))))). +Admitted. +Dp_hint round_double_idempotent. + +(*Why axiom*) Lemma round_down_double_neg : + (forall (x:R), (eq (round_double down (Ropp x)) (Ropp (round_double up x)))). +Admitted. +Dp_hint round_down_double_neg. + +(*Why axiom*) Lemma round_up_double_neg : + (forall (x:R), (eq (round_double up (Ropp x)) (Ropp (round_double down x)))). +Admitted. +Dp_hint round_up_double_neg. + +(*Why axiom*) Lemma round_double_down_le : + (forall (x:R), (Rle (round_double down x) x)). +Admitted. +Dp_hint round_double_down_le. + +(*Why axiom*) Lemma round_up_double_ge : + (forall (x:R), (Rge (round_double up x) x)). +Admitted. +Dp_hint round_up_double_ge. + +(*Why type*) Definition single: Set. +Admitted. + +(*Why logic*) Definition round_single : mode -> R -> R. +Admitted. + +(*Why logic*) Definition round_single_logic : mode -> R -> single. +Admitted. + +(*Why logic*) Definition single_value : single -> R. +Admitted. + +(*Why logic*) Definition single_exact : single -> R. +Admitted. + +(*Why logic*) Definition single_model : single -> R. +Admitted. + +(*Why function*) Definition single_round_error (x:single) + := (Rabs (Rminus (single_value x) (single_exact x))). + +(*Why function*) Definition single_total_error (x:single) + := (Rabs (Rminus (single_value x) (single_model x))). + +(*Why function*) Definition max_single + := (33554430 * 10141204801825835211973625643008)%R. + +(*Why predicate*) Definition no_overflow_single (m:mode) (x:R) + := (Rle (Rabs (round_single m x)) max_single). + +(*Why axiom*) Lemma bounded_real_no_overflow_single : + (forall (m:mode), + (forall (x:R), ((Rle (Rabs x) max_single) -> (no_overflow_single m x)))). +Admitted. +Dp_hint bounded_real_no_overflow_single. + +(*Why axiom*) Lemma round_single_monotonic : + (forall (x:R), + (forall (y:R), + (forall (m:mode), + ((Rle x y) -> (Rle (round_single m x) (round_single m y)))))). +Admitted. +Dp_hint round_single_monotonic. + +(*Why axiom*) Lemma exact_round_single_for_integers : + (forall (i:Z), + (forall (m:mode), + ((-16777216) <= i /\ i <= 16777216 -> + (eq (round_single m (IZR i)) (IZR i))))). +Admitted. +Dp_hint exact_round_single_for_integers. + +(*Why axiom*) Lemma exact_round_single_for_singles : + (forall (x:single), + (forall (m:mode), (eq (round_single m (single_value x)) (single_value x)))). +Admitted. +Dp_hint exact_round_single_for_singles. + +(*Why axiom*) Lemma round_single_idempotent : + (forall (m1:mode), + (forall (m2:mode), + (forall (x:R), + (eq (round_single m1 (round_single m2 x)) (round_single m2 x))))). +Admitted. +Dp_hint round_single_idempotent. + +(*Why axiom*) Lemma round_down_single_neg : + (forall (x:R), (eq (round_single down (Ropp x)) (Ropp (round_single up x)))). +Admitted. +Dp_hint round_down_single_neg. + +(*Why axiom*) Lemma round_up_single_neg : + (forall (x:R), (eq (round_single up (Ropp x)) (Ropp (round_single down x)))). +Admitted. +Dp_hint round_up_single_neg. + +(*Why axiom*) Lemma round_single_down_le : + (forall (x:R), (Rle (round_single down x) x)). +Admitted. +Dp_hint round_single_down_le. + +(*Why axiom*) Lemma round_up_single_ge : + (forall (x:R), (Rge (round_single up x) x)). +Admitted. +Dp_hint round_up_single_ge. + +(*Why axiom*) Lemma single_value_is_bounded : + (forall (x:single), (Rle (Rabs (single_value x)) max_single)). +Admitted. +Dp_hint single_value_is_bounded. + +(*Why axiom*) Lemma double_value_is_bounded : + (forall (x:double), (Rle (Rabs (double_value x)) max_double)). +Admitted. +Dp_hint double_value_is_bounded. + +(*Why predicate*) Definition single_of_real_post (m:mode) (x:R) (res:single) + := (eq (single_value res) (round_single m x)) /\ + (eq (single_exact res) x) /\ (eq (single_model res) x). + +(*Why predicate*) Definition single_of_double_post (m:mode) (x:double) (res:single) + := (eq (single_value res) (round_single m (double_value x))) /\ + (eq (single_exact res) (double_exact x)) /\ + (eq (single_model res) (double_model x)). + +(*Why predicate*) Definition add_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rplus (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rplus (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rplus (single_model x) (single_model y))). + +(*Why predicate*) Definition sub_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rminus (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rminus (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rminus (single_model x) (single_model y))). + +(*Why predicate*) Definition mul_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rmult (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rmult (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rmult (single_model x) (single_model y))). + +(*Why predicate*) Definition div_single_post (m:mode) (x:single) (y:single) (res:single) + := (eq (single_value res) (round_single + m (Rdiv (single_value x) (single_value y)))) /\ + (eq (single_exact res) (Rdiv (single_exact x) (single_exact y))) /\ + (eq (single_model res) (Rdiv (single_model x) (single_model y))). + +(*Why predicate*) Definition sqrt_single_post (m:mode) (x:single) (res:single) + := (eq (single_value res) (round_single m (sqrt (single_value x)))) /\ + (eq (single_exact res) (sqrt (single_exact x))) /\ + (eq (single_model res) (sqrt (single_model x))). + +(*Why predicate*) Definition neg_single_post (x:single) (res:single) + := (eq (single_value res) (Ropp (single_value x))) /\ + (eq (single_exact res) (Ropp (single_exact x))) /\ + (eq (single_model res) (Ropp (single_model x))). + +(*Why predicate*) Definition abs_single_post (x:single) (res:single) + := (eq (single_value res) (Rabs (single_value x))) /\ + (eq (single_exact res) (Rabs (single_exact x))) /\ + (eq (single_model res) (Rabs (single_model x))). + +(*Why predicate*) Definition double_of_real_post (m:mode) (x:R) (res:double) + := (eq (double_value res) (round_double m x)) /\ + (eq (double_exact res) x) /\ (eq (double_model res) x). + +(*Why predicate*) Definition double_of_single_post (x:single) (res:double) + := (eq (double_value res) (single_value x)) /\ + (eq (double_exact res) (single_exact x)) /\ + (eq (double_model res) (single_model x)). + +(*Why predicate*) Definition add_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rplus (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rplus (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rplus (double_model x) (double_model y))). + +(*Why predicate*) Definition sub_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rminus (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rminus (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rminus (double_model x) (double_model y))). + +(*Why predicate*) Definition mul_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rmult (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rmult (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rmult (double_model x) (double_model y))). + +(*Why predicate*) Definition div_double_post (m:mode) (x:double) (y:double) (res:double) + := (eq (double_value res) (round_double + m (Rdiv (double_value x) (double_value y)))) /\ + (eq (double_exact res) (Rdiv (double_exact x) (double_exact y))) /\ + (eq (double_model res) (Rdiv (double_model x) (double_model y))). + +(*Why predicate*) Definition sqrt_double_post (m:mode) (x:double) (res:double) + := (eq (double_value res) (round_double m (sqrt (double_value x)))) /\ + (eq (double_exact res) (sqrt (double_exact x))) /\ + (eq (double_model res) (sqrt (double_model x))). + +(*Why predicate*) Definition neg_double_post (x:double) (res:double) + := (eq (double_value res) (Ropp (double_value x))) /\ + (eq (double_exact res) (Ropp (double_exact x))) /\ + (eq (double_model res) (Ropp (double_model x))). + +(*Why predicate*) Definition abs_double_post (x:double) (res:double) + := (eq (double_value res) (Rabs (double_value x))) /\ + (eq (double_exact res) (Rabs (double_exact x))) /\ + (eq (double_model res) (Rabs (double_model x))). + diff -Nru why-2.29+dfsg/tests/c/Sterbenz.jessie/coq/Sterbenz_why.v why-2.30+dfsg/tests/c/Sterbenz.jessie/coq/Sterbenz_why.v --- why-2.29+dfsg/tests/c/Sterbenz.jessie/coq/Sterbenz_why.v 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/c/Sterbenz.jessie/coq/Sterbenz_why.v 2011-10-24 15:21:06.000000000 +0000 @@ -1,9 +1,9 @@ (* This file was originally generated by why. It can be modified; only the generated parts will be overwritten. *) Require Export jessie_why. -Require Export floats_strict. +Require Export WhyFloatsStrictLegacy. -(*Why type*) Definition char_P: Set. +(*Why type*) Definition charP: Set. Admitted. (*Why type*) Definition int8: Set. @@ -12,33 +12,37 @@ (*Why type*) Definition padding: Set. Admitted. -(*Why type*) Definition void_P: Set. +(*Why type*) Definition voidP: Set. Admitted. -(*Why logic*) Definition char_P_tag : (tag_id char_P). +(*Why logic*) Definition charP_tag : (tag_id charP). Admitted. -(*Why axiom*) Lemma char_P_int : (int_of_tag char_P_tag) = 1. +(*Why axiom*) Lemma charP_int : (int_of_tag charP_tag) = 1. Admitted. +Dp_hint charP_int. -(*Why logic*) Definition char_P_of_pointer_address : - (pointer unit) -> (pointer char_P). +(*Why logic*) Definition charP_of_pointer_address : + (pointer unit) -> (pointer charP). Admitted. -(*Why axiom*) Lemma char_P_of_pointer_address_of_pointer_addr : - (forall (p:(pointer char_P)), - p = (char_P_of_pointer_address (pointer_address p))). +(*Why axiom*) Lemma charP_of_pointer_address_of_pointer_addr : + (forall (p:(pointer charP)), + p = (charP_of_pointer_address (pointer_address p))). Admitted. +Dp_hint charP_of_pointer_address_of_pointer_addr. -(*Why axiom*) Lemma char_P_parenttag_bottom : - (parenttag char_P_tag (@bottom_tag char_P)). +(*Why axiom*) Lemma charP_parenttag_bottom : + (parenttag charP_tag (@bottom_tag charP)). Admitted. +Dp_hint charP_parenttag_bottom. -(*Why axiom*) Lemma char_P_tags : - (forall (x:(pointer char_P)), - (forall (char_P_tag_table:(tag_table char_P)), - (instanceof char_P_tag_table x char_P_tag))). +(*Why axiom*) Lemma charP_tags : + (forall (x:(pointer charP)), + (forall (charP_tag_table:(tag_table charP)), + (instanceof charP_tag_table x charP_tag))). Admitted. +Dp_hint charP_tags. (*Why logic*) Definition integer_of_int8 : int8 -> Z. Admitted. @@ -54,99 +58,105 @@ ((-128) <= x /\ x <= 127 -> (integer_of_int8 (int8_of_integer x)) = x)). Admitted. +(*Why axiom*) Lemma int8_extensionality : + (forall (x:int8), + (forall (y:int8), ((integer_of_int8 x) = (integer_of_int8 y) -> x = y))). +Admitted. +Dp_hint int8_extensionality. + (*Why axiom*) Lemma int8_range : (forall (x:int8), (-128) <= (integer_of_int8 x) /\ (integer_of_int8 x) <= 127). Admitted. -(*Why predicate*) Definition left_valid_struct_char_P (p:(pointer char_P)) (a:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a. -(*Why predicate*) Definition left_valid_struct_void_P (p:(pointer void_P)) (a:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a. -(*Why axiom*) Lemma pointer_addr_of_char_P_of_pointer_address : +(*Why predicate*) Definition left_valid_struct_charP (p:(pointer charP)) (a:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a. + +(*Why predicate*) Definition left_valid_struct_voidP (p:(pointer voidP)) (a:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a. + +(*Why axiom*) Lemma pointer_addr_of_charP_of_pointer_address : (forall (p:(pointer unit)), - p = (pointer_address (char_P_of_pointer_address p))). + p = (pointer_address (charP_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_charP_of_pointer_address. -(*Why logic*) Definition void_P_of_pointer_address : - (pointer unit) -> (pointer void_P). +(*Why logic*) Definition voidP_of_pointer_address : + (pointer unit) -> (pointer voidP). Admitted. -(*Why axiom*) Lemma pointer_addr_of_void_P_of_pointer_address : +(*Why axiom*) Lemma pointer_addr_of_voidP_of_pointer_address : (forall (p:(pointer unit)), - p = (pointer_address (void_P_of_pointer_address p))). + p = (pointer_address (voidP_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_voidP_of_pointer_address. -(*Why predicate*) Definition right_valid_struct_char_P (p:(pointer char_P)) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_max char_P_alloc_table p) >= b. - -(*Why predicate*) Definition right_valid_struct_void_P (p:(pointer void_P)) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_max void_P_alloc_table p) >= b. - -(*Why predicate*) Definition strict_valid_root_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) = a /\ - (offset_max char_P_alloc_table p) = b. +(*Why predicate*) Definition right_valid_struct_charP (p:(pointer charP)) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition strict_valid_root_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) = a /\ - (offset_max void_P_alloc_table p) = b. +(*Why predicate*) Definition right_valid_struct_voidP (p:(pointer voidP)) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_max voidP_alloc_table p) >= b. -(*Why predicate*) Definition strict_valid_struct_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) = a /\ - (offset_max char_P_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_root_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) = a /\ + (offset_max charP_alloc_table p) = b. -(*Why predicate*) Definition strict_valid_struct_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) = a /\ - (offset_max void_P_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_root_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) = a /\ + (offset_max voidP_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_char_P (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_struct_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) = a /\ + (offset_max charP_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_void_P (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. +(*Why predicate*) Definition strict_valid_struct_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) = a /\ + (offset_max voidP_alloc_table p) = b. -(*Why predicate*) Definition valid_root_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a /\ - (offset_max char_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_root_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a /\ + (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition valid_root_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a /\ - (offset_max void_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_root_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a /\ + (offset_max voidP_alloc_table p) >= b. -(*Why predicate*) Definition valid_struct_char_P (p:(pointer char_P)) (a:Z) (b:Z) (char_P_alloc_table:(alloc_table char_P)) - := (offset_min char_P_alloc_table p) <= a /\ - (offset_max char_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_struct_charP (p:(pointer charP)) (a:Z) (b:Z) (charP_alloc_table:(alloc_table charP)) + := (offset_min charP_alloc_table p) <= a /\ + (offset_max charP_alloc_table p) >= b. -(*Why predicate*) Definition valid_struct_void_P (p:(pointer void_P)) (a:Z) (b:Z) (void_P_alloc_table:(alloc_table void_P)) - := (offset_min void_P_alloc_table p) <= a /\ - (offset_max void_P_alloc_table p) >= b. +(*Why predicate*) Definition valid_struct_voidP (p:(pointer voidP)) (a:Z) (b:Z) (voidP_alloc_table:(alloc_table voidP)) + := (offset_min voidP_alloc_table p) <= a /\ + (offset_max voidP_alloc_table p) >= b. -(*Why logic*) Definition void_P_tag : (tag_id void_P). +(*Why logic*) Definition voidP_tag : (tag_id voidP). Admitted. -(*Why axiom*) Lemma void_P_int : (int_of_tag void_P_tag) = 1. +(*Why axiom*) Lemma voidP_int : (int_of_tag voidP_tag) = 1. Admitted. +Dp_hint voidP_int. -(*Why axiom*) Lemma void_P_of_pointer_address_of_pointer_addr : - (forall (p:(pointer void_P)), - p = (void_P_of_pointer_address (pointer_address p))). +(*Why axiom*) Lemma voidP_of_pointer_address_of_pointer_addr : + (forall (p:(pointer voidP)), + p = (voidP_of_pointer_address (pointer_address p))). Admitted. +Dp_hint voidP_of_pointer_address_of_pointer_addr. -(*Why axiom*) Lemma void_P_parenttag_bottom : - (parenttag void_P_tag (@bottom_tag void_P)). +(*Why axiom*) Lemma voidP_parenttag_bottom : + (parenttag voidP_tag (@bottom_tag voidP)). Admitted. +Dp_hint voidP_parenttag_bottom. -(*Why axiom*) Lemma void_P_tags : - (forall (x:(pointer void_P)), - (forall (void_P_tag_table:(tag_table void_P)), - (instanceof void_P_tag_table x void_P_tag))). +(*Why axiom*) Lemma voidP_tags : + (forall (x:(pointer voidP)), + (forall (voidP_tag_table:(tag_table voidP)), + (instanceof voidP_tag_table x voidP_tag))). Admitted. +Dp_hint voidP_tags. -(* Why obligation from file "Sterbenz.c", line 7, characters 13-21: *) +(* Why obligation from file "Sterbenz.c", line 38, characters 13-21: *) (*Why goal*) Lemma Sterbenz_ensures_default_po_1 : forall (x_0: single), forall (y: single), @@ -155,7 +165,7 @@ (Rle (Rdiv (single_value y) (2)%R) (single_value x_0)) /\ (* JC_6 *) (Rle (single_value x_0) (Rmult (2)%R (single_value y))))), - (* JC_16 *) (* JC_16 *) (Rle (0)%R (single_value y)). + (* JC_16 *) (Rle (0)%R (single_value y)). Proof. intros x y (h1,h2). apply Rmult_le_reg_l with 3%R. @@ -167,7 +177,7 @@ apply Rle_trans with (2 * single_value y)%R; [ apply h2 | right; field]. Qed. -(* Why obligation from file "Sterbenz.c", line 8, characters 13-21: *) +(* Why obligation from file "Sterbenz.c", line 39, characters 13-21: *) (*Why goal*) Lemma Sterbenz_ensures_default_po_2 : forall (x_0: single), forall (y: single), @@ -177,14 +187,14 @@ (* JC_6 *) (Rle (single_value x_0) (Rmult (2)%R (single_value y))))), forall (HW_4: (* JC_16 *) (Rle (0)%R (single_value y))), - (* JC_17 *) (* JC_17 *) (Rle (0)%R (single_value x_0)). + (* JC_17 *) (Rle (0)%R (single_value x_0)). Proof. intros x y (h1,h2) y_pos. apply Rle_trans with (single_value y / 2)%R; [idtac|apply h1]. unfold Rdiv; apply Rmult_le_pos; auto with real. Save. -(* Why obligation from file "Sterbenz.c", line 4, characters 12-28: *) +(* Why obligation from file "Sterbenz.c", line 35, characters 12-28: *) (*Why goal*) Lemma Sterbenz_ensures_default_po_3 : forall (x_0: single), forall (y: single), @@ -196,9 +206,7 @@ forall (HW_4: (* JC_16 *) (Rle (0)%R (single_value y))), forall (HW_5: (* JC_17 *) (Rle (0)%R (single_value x_0))), forall (result: single), - forall (HW_6: (no_overflow_single - nearest_even (Rminus (single_value x_0) (single_value y))) /\ - (sub_single_post nearest_even x_0 y result)), + forall (HW_6: (sub_single_post nearest_even x_0 y result)), forall (__retres: single), forall (HW_7: __retres = result), forall (why__return: single), @@ -207,7 +215,7 @@ (eq (single_value why__return) (Rminus (single_value x_0) (single_value y))). Proof. intros x y (H1,H2) _ _ r (H4,(H5a,H5b)) r' H6 r'' H7. -rewrite H7,H6,H5a; unfold single_value in *. +rewrite H7,H6,H4; unfold single_value in *. unfold FtoRradix; rewrite <- Fminus_correct; auto with zarith. elim (mode_single_RoundingMode nearest_even); intros P (H8,H9). apply sym_eq; apply RoundedModeProjectorIdemEq with bsingle 24%nat P; try apply psGivesBound; auto with zarith. @@ -215,7 +223,7 @@ fold FtoRradix; apply Rle_trans with (2:=H1); unfold Rdiv; simpl; right; ring. Save. -(* Why obligation from file "Sterbenz.c", line 9, characters 9-12: *) +(* Why obligation from file "Sterbenz.c", line 40, characters 9-12: *) (*Why goal*) Lemma Sterbenz_safety_po_1 : forall (x_0: single), forall (y: single), diff -Nru why-2.29+dfsg/tests/c/swap.c why-2.30+dfsg/tests/c/swap.c --- why-2.29+dfsg/tests/c/swap.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/swap.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,41 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +int a; +int b; + +/*@ ensures a == \old(b) && b == \old(a); + @*/ +void swap() { + int tmp = a; + a = b; + b = tmp; +} diff -Nru why-2.29+dfsg/tests/c/tree_max.c why-2.30+dfsg/tests/c/tree_max.c --- why-2.29+dfsg/tests/c/tree_max.c 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/c/tree_max.c 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,67 @@ + +#pragma JessieTerminationPolicy(user) + +#define NULL (void*)0 + +//@ ensures \result == \max(x,y); +int max(int x, int y); + +typedef struct Tree *tree; +struct Tree { + int value; + tree left; + tree right; +}; + +/* not accepted by Why3 (termination not proved) + @ predicate mem(int x, tree t) = + @ (t==\null) ? \false : (x==t->value) || mem(x,t->left) || mem(x,t->right); + @*/ + +/*@ axiomatic Mem { + @ predicate mem{L}(int x, tree t); + @ axiom mem_null{L}: \forall int x; ! mem(x,\null); + @ axiom mem_root{L}: \forall tree t; t != \null ==> + @ mem(t->value,t); + @ axiom mem_root_eq{L}: \forall int x, tree t; t != \null ==> + @ x==t->value ==> mem(x,t); + @ axiom mem_left{L}: \forall int x, tree t; t != \null ==> + @ mem(x,t->left) ==> mem(x,t); + @ axiom mem_right{L}: \forall int x, tree t; t != \null ==> + @ mem(x,t->right) ==> mem(x,t); + @ axiom mem_inversion{L}: \forall int x, tree t; + @ mem(x,t) ==> t != \null && + @ (x==t->value || mem(x,t->left) || mem(x,t->right)); + @ } + @*/ + +/*@ axiomatic WellFormedTree { + @ predicate has_size{L}(tree t, integer s); + @ axiom has_size_null{L}: has_size(\null,0); + @ axiom has_size_non_null{L}: \forall tree t; \valid(t) ==> + @ \forall integer s1,s2; + @ has_size(t->left,s1) && has_size(t->right,s2) ==> + @ has_size(t,s1+s2+1) ; + @ axiom has_size_inversion{L}: \forall tree t, integer s; + @ has_size(t,s) ==> + @ (t == \null && s == 0) || + @ (\valid(t) && \exists integer s1,s2; + @ has_size(t->left,s1) && has_size(t->right,s2) && + @ 0 <= s1 && 0 <= s2 && s == s1+s2+1) ; + @ predicate size_decreases{L}(tree t1, tree t2) = + @ \exists integer s1,s2; has_size(t1,s1) && has_size(t2,s2) && s1 > s2; + @ predicate valid_tree{L}(tree t) = + @ \exists integer s; has_size(t,s); + @ } + @*/ + +/*@ requires t != \null && valid_tree(t); + @ // decreases t for size_decreases; + @ ensures mem(\result,t) && \forall int x; mem(x,t) ==> \result >= x; + @*/ +int tree_max(tree t) { + int m = t->value; + if (t->left != NULL) m = max(m,tree_max(t->left)); + if (t->right != NULL) m = max(m,tree_max(t->right)); + return m; + } diff -Nru why-2.29+dfsg/tests/java/AllZeros.java why-2.30+dfsg/tests/java/AllZeros.java --- why-2.29+dfsg/tests/java/AllZeros.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/AllZeros.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,30 +1,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ class AllZeros { @@ -51,3 +53,11 @@ return true; } } + +/* +Local Variables: +compile-command: "make AllZeros.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/ArrayMax.java why-2.30+dfsg/tests/java/ArrayMax.java --- why-2.29+dfsg/tests/java/ArrayMax.java 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/ArrayMax.java 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,50 @@ +/* +COST Verification Competition. vladimir@cost-ic0701.org + +Challenge 1: Maximum in an array + +Given: A non-empty integer array a. + +Verify that the index returned by the method max() given below points to +an element maximal in the array. + +*/ + +/*@ axiomatic integer_max { + @ logic integer max(integer x, integer y); + @ axiom max_is_ge : \forall integer x y; max(x,y) >= x && max(x,y) >= y; + @ axiom max_is_some : \forall integer x y; max(x,y) == x || max(x,y) == y; + @ } + @*/ + +public class ArrayMax { + + + /*@ requires a.length > 0; + @ ensures 0 <= \result < a.length && + @ \forall integer i; 0 <= i < a.length ==> a[i] <= a[\result]; + @*/ + public static int max(int[] a) { + int x = 0; + int y = a.length-1; + /*@ loop_invariant 0 <= x <= y < a.length && + @ \forall integer i; + @ 0 <= i < x || y < i < a.length ==> + @ a[i] <= max(a[x],a[y]); + @ loop_variant y - x; + @*/ + while (x != y) { + if (a[x] <= a[y]) x++; + else y--; + } + return x; + } + +} + +/* +Local Variables: +compile-command: "make ArrayMax.why3ml" +End: +*/ + diff -Nru why-2.29+dfsg/tests/java/Arrays.java why-2.30+dfsg/tests/java/Arrays.java --- why-2.29+dfsg/tests/java/Arrays.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Arrays.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,30 +1,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ @@ -113,7 +115,7 @@ /* Local Variables: -compile-command: "make Arrays" +compile-command: "make Arrays.why3ml" End: */ diff -Nru why-2.29+dfsg/tests/java/BinarySearch.java why-2.30+dfsg/tests/java/BinarySearch.java --- why-2.29+dfsg/tests/java/BinarySearch.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/BinarySearch.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,30 +1,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ // RUNSIMPLIFY this tells regtests to run Simplify in this example @@ -96,3 +98,10 @@ } +/* +Local Variables: +compile-command: "make BinarySearch.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/coq/Fibonacci_why.v why-2.30+dfsg/tests/java/coq/Fibonacci_why.v --- why-2.29+dfsg/tests/java/coq/Fibonacci_why.v 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/coq/Fibonacci_why.v 2011-10-24 15:21:06.000000000 +0000 @@ -26,7 +26,7 @@ Admitted. (*Why predicate*) Definition Non_null_Object (x_0:(pointer Object)) (Object_alloc_table:(alloc_table Object)) - := (offset_max Object_alloc_table x_0) = 0. + := (offset_max Object_alloc_table x_0) >= 0. (*Why axiom*) Lemma Object_int : (int_of_tag Object_tag) = 1. Admitted. @@ -102,35 +102,6 @@ (isfib n (p + r_0)))))) . -(* Why obligation from file "Fibonacci.jc", line 57, characters 0-29: *) -(*Why goal*) Lemma isfib_2_1 : - (isfib 2 1). -Dp_hint isfib_2_1. -Proof. -apply isfibn with (r_0:=0) (p:=1); intuition. -apply isfib0. -apply isfib1. -Save. - -(* Why obligation from file "Fibonacci.jc", line 51, characters 0-29: *) -(*Why goal*) Lemma isfib_6_8 : - (isfib 6 8). -Dp_hint isfib_6_8. -Proof. -assert (isfib3: isfib 3 2). -apply isfibn with (r_0:=1) (p:=1); intuition. -apply isfib1. -apply isfib_2_1. -assert (isfib4: isfib 4 3). -apply isfibn with (r_0:=1) (p:=2); intuition. -apply isfib_2_1. -assert (isfib5: isfib 5 5). -apply isfibn with (r_0:=2) (p:=3); intuition. -apply isfibn with (r_0:=3) (p:=5); intuition. -Qed. - - - (*Why predicate*) Definition left_valid_struct_Object (p:(pointer Object)) (a:Z) (Object_alloc_table:(alloc_table Object)) := (offset_min Object_alloc_table p) <= a. @@ -149,30 +120,17 @@ (*Why predicate*) Definition left_valid_struct_interface (p:(pointer interface)) (a:Z) (interface_alloc_table:(alloc_table interface)) := (offset_min interface_alloc_table p) <= a. -(* Why obligation from file "Fibonacci.jc", line 54, characters 0-37: *) -(*Why goal*) Lemma not_isfib_2_2 : - ~(isfib 2 2). -Dp_hint not_isfib_2_2. -Proof. -intro h; inversion h; intuition. -replace (p + r_0 - (p + r_0)) with 0 in H1 by omega. -inversion H1; auto with zarith. -assert (p=2) by omega. -subst. -replace (2 + 0 - 1) with 1 in H4 by omega. -inversion H4; auto with zarith. -Save. - - (*Why axiom*) Lemma pointer_addr_of_Object_of_pointer_address : (forall (p:(pointer unit)), p = (pointer_address (Object_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_Object_of_pointer_address. (*Why axiom*) Lemma pointer_addr_of_interface_of_pointer_address : (forall (p:(pointer unit)), p = (pointer_address (interface_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_interface_of_pointer_address. (*Why predicate*) Definition right_valid_struct_Object (p:(pointer Object)) (b:Z) (Object_alloc_table:(alloc_table Object)) := (offset_max Object_alloc_table p) >= b. @@ -220,25 +178,11 @@ := (offset_min interface_alloc_table p) = a /\ (offset_max interface_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_Object (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_Exception (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (valid_bitvector_struct_Object p a b bitvector_alloc_table). -(*Why predicate*) Definition valid_bitvector_struct_Fibonacci (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (valid_bitvector_struct_Object p a b bitvector_alloc_table). -(*Why predicate*) Definition valid_bitvector_struct_String (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (valid_bitvector_struct_Object p a b bitvector_alloc_table). -(*Why predicate*) Definition valid_bitvector_struct_Throwable (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (valid_bitvector_struct_Object p a b bitvector_alloc_table). -(*Why predicate*) Definition valid_bitvector_struct_interface (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. (*Why predicate*) Definition valid_root_Object (p:(pointer Object)) (a:Z) (b:Z) (Object_alloc_table:(alloc_table Object)) := (offset_min Object_alloc_table p) <= a /\ @@ -268,51 +212,127 @@ := (offset_min interface_alloc_table p) <= a /\ (offset_max interface_alloc_table p) >= b. -(* Why obligation from file "Fibonacci.java", line 29, characters 20-26: *) +(* Why obligation from file "Fibonacci.java", line 46, characters 10-19: *) +(*Why goal*) Lemma isfib_2_1 : + (isfib 2 1). +Proof. +apply isfibn with (r_0:=0) (p:=1); intuition. +apply isfib0. +apply isfib1. +Save. +Dp_hint isfib_2_1. + +(* Why obligation from file "Fibonacci.java", line 47, characters 10-19: *) +(*Why goal*) Lemma isfib_6_8 : + (isfib 6 8). +Proof. +assert (isfib3: isfib 3 2). +apply isfibn with (r_0:=1) (p:=1); intuition. +apply isfib1. +apply isfib_2_1. +assert (isfib4: isfib 4 3). +apply isfibn with (r_0:=1) (p:=2); intuition. +apply isfib_2_1. +assert (isfib5: isfib 5 5). +apply isfibn with (r_0:=2) (p:=3); intuition. +apply isfibn with (r_0:=3) (p:=5); intuition. +Save. +Dp_hint isfib_6_8. + +(* Why obligation from file "Fibonacci.java", line 50, characters 10-23: *) +(*Why goal*) Lemma not_isfib_2_2 : + ~(isfib 2 2). +Proof. +intro h; inversion h; intuition. +replace (p + r_0 - (p + r_0)) with 0 in H1 by omega. +inversion H1; auto with zarith. +assert (p=2) by omega. +subst. +replace (2 + 0 - 1) with 1 in H4 by omega. +inversion H4; auto with zarith. +Save. +Dp_hint not_isfib_2_2. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +(* Why obligation from file "Fibonacci.java", line 60, characters 20-26: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_1 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), - (* JC_32 *) (* JC_28 *) (* JC_28 *) 0 <= 0. + forall (HW_1: (* JC_21 *) n_0 >= 0), + (* JC_40 *) (* JC_36 *) 0 <= 0. Proof. intuition. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 25-31: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 25-31: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_2 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), - (* JC_32 *) (* JC_29 *) (* JC_29 *) 0 <= n_0. + forall (HW_1: (* JC_21 *) n_0 >= 0), + (* JC_40 *) (* JC_37 *) 0 <= n_0. Proof. intuition. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 35-47: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 35-47: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_3 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), - (* JC_32 *) (* JC_30 *) (* JC_30 *) (isfib (0 + 1) 1). + forall (HW_1: (* JC_21 *) n_0 >= 0), + (* JC_40 *) (* JC_38 *) (isfib (0 + 1) 1). Proof. intros; apply isfib1. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 51-61: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 51-61: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_4 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), - (* JC_32 *) (* JC_31 *) (* JC_31 *) (isfib 0 0). + forall (HW_1: (* JC_21 *) n_0 >= 0), + (* JC_40 *) (* JC_39 *) (isfib 0 0). Proof. intros; apply isfib0. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 20-26: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 20-26: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_5 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_32 *) ((* JC_28 *) 0 <= i /\ (* JC_29 *) i <= n_0 /\ - (* JC_30 *) (isfib (i + 1) x_0_0) /\ (* JC_31 *) (isfib i y))), + forall (HW_4: (* JC_40 *) ((* JC_36 *) 0 <= i /\ (* JC_37 *) i <= n_0 /\ + (* JC_38 *) (isfib (i + 1) x_0_0) /\ (* JC_39 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -322,20 +342,20 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - (* JC_32 *) (* JC_28 *) (* JC_28 *) 0 <= i0. + (* JC_40 *) (* JC_36 *) 0 <= i0. Proof. intuition. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 25-31: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 25-31: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_6 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_32 *) ((* JC_28 *) 0 <= i /\ (* JC_29 *) i <= n_0 /\ - (* JC_30 *) (isfib (i + 1) x_0_0) /\ (* JC_31 *) (isfib i y))), + forall (HW_4: (* JC_40 *) ((* JC_36 *) 0 <= i /\ (* JC_37 *) i <= n_0 /\ + (* JC_38 *) (isfib (i + 1) x_0_0) /\ (* JC_39 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -345,20 +365,20 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - (* JC_32 *) (* JC_29 *) (* JC_29 *) i0 <= n_0. + (* JC_40 *) (* JC_37 *) i0 <= n_0. Proof. intuition. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 35-47: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 35-47: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_7 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_32 *) ((* JC_28 *) 0 <= i /\ (* JC_29 *) i <= n_0 /\ - (* JC_30 *) (isfib (i + 1) x_0_0) /\ (* JC_31 *) (isfib i y))), + forall (HW_4: (* JC_40 *) ((* JC_36 *) 0 <= i /\ (* JC_37 *) i <= n_0 /\ + (* JC_38 *) (isfib (i + 1) x_0_0) /\ (* JC_39 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -368,7 +388,7 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - (* JC_32 *) (* JC_30 *) (* JC_30 *) (isfib (i0 + 1) x_0_0_0). + (* JC_40 *) (* JC_38 *) (isfib (i0 + 1) x_0_0_0). Proof. intuition;subst; auto. apply isfibn; intuition. @@ -376,15 +396,15 @@ replace (i+1+1-1) with (i+1); auto with zarith. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 51-61: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 51-61: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_8 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_32 *) ((* JC_28 *) 0 <= i /\ (* JC_29 *) i <= n_0 /\ - (* JC_30 *) (isfib (i + 1) x_0_0) /\ (* JC_31 *) (isfib i y))), + forall (HW_4: (* JC_40 *) ((* JC_36 *) 0 <= i /\ (* JC_37 *) i <= n_0 /\ + (* JC_38 *) (isfib (i + 1) x_0_0) /\ (* JC_39 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -394,40 +414,40 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - (* JC_32 *) (* JC_31 *) (* JC_31 *) (isfib i0 y0). + (* JC_40 *) (* JC_39 *) (isfib i0 y0). Proof. intuition; subst; auto. Save. -(* Why obligation from file "Fibonacci.java", line 24, characters 16-33: *) +(* Why obligation from file "Fibonacci.java", line 55, characters 16-33: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_9 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_32 *) ((* JC_28 *) 0 <= i /\ (* JC_29 *) i <= n_0 /\ - (* JC_30 *) (isfib (i + 1) x_0_0) /\ (* JC_31 *) (isfib i y))), + forall (HW_4: (* JC_40 *) ((* JC_36 *) 0 <= i /\ (* JC_37 *) i <= n_0 /\ + (* JC_38 *) (isfib (i + 1) x_0_0) /\ (* JC_39 *) (isfib i y))), forall (HW_11: i >= n_0), forall (why__return: Z), forall (HW_12: why__return = y), - (* JC_15 *) (isfib n_0 why__return). + (* JC_23 *) (isfib n_0 why__return). Proof. intuition. assert (i=n_0) by omega. subst; auto. Save. -(* Why obligation from file "Fibonacci.java", line 30, characters 18-21: *) +(* Why obligation from file "Fibonacci.java", line 61, characters 18-21: *) (*Why goal*) Lemma Fibonacci_Fib_safety_po_1 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_25 *) True), - forall (HW_5: (* JC_23 *) ((* JC_19 *) 0 <= i /\ (* JC_20 *) i <= n_0 /\ - (* JC_21 *) (isfib (i + 1) x_0_0) /\ (* JC_22 *) (isfib i y))), + forall (HW_4: (* JC_33 *) True), + forall (HW_5: (* JC_31 *) ((* JC_27 *) 0 <= i /\ (* JC_28 *) i <= n_0 /\ + (* JC_29 *) (isfib (i + 1) x_0_0) /\ (* JC_30 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -437,21 +457,21 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - 0 <= ((* JC_27 *) (n_0 - i)). + 0 <= ((* JC_35 *) (n_0 - i)). Proof. intuition. Save. -(* Why obligation from file "Fibonacci.java", line 30, characters 18-21: *) +(* Why obligation from file "Fibonacci.java", line 61, characters 18-21: *) (*Why goal*) Lemma Fibonacci_Fib_safety_po_2 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_25 *) True), - forall (HW_5: (* JC_23 *) ((* JC_19 *) 0 <= i /\ (* JC_20 *) i <= n_0 /\ - (* JC_21 *) (isfib (i + 1) x_0_0) /\ (* JC_22 *) (isfib i y))), + forall (HW_4: (* JC_33 *) True), + forall (HW_5: (* JC_31 *) ((* JC_27 *) 0 <= i /\ (* JC_28 *) i <= n_0 /\ + (* JC_29 *) (isfib (i + 1) x_0_0) /\ (* JC_30 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -461,7 +481,7 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - ((* JC_27 *) (n_0 - i0)) < ((* JC_27 *) (n_0 - i)). + ((* JC_35 *) (n_0 - i0)) < ((* JC_35 *) (n_0 - i)). Proof. intuition. Save. diff -Nru why-2.29+dfsg/tests/java/Counter.java why-2.30+dfsg/tests/java/Counter.java --- why-2.29+dfsg/tests/java/Counter.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Counter.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,12 +1,45 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +//@+ CheckArithOverflow = no + /*@ logic integer value{L}(Counter c) = @ \at(c.increments,L) - \at(c.decrements,L); @*/ public class Counter { + private int increments; private int decrements; - //@ ensures value{Here}(this) == value{Old}(this) + 1; public void increment() { increments++; @@ -19,3 +52,10 @@ } +/* +Local Variables: +compile-command: "make Counter.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/Creation.java why-2.30+dfsg/tests/java/Creation.java --- why-2.29+dfsg/tests/java/Creation.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Creation.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ CheckArithOverflow = no @@ -70,3 +100,10 @@ } +/* +Local Variables: +compile-command: "make Creation.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/Duplets.java why-2.30+dfsg/tests/java/Duplets.java --- why-2.29+dfsg/tests/java/Duplets.java 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/Duplets.java 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,114 @@ +/* +COST Verification Competition. vladimir@cost-ic0701.org + +Challenge 3: Two equal elements + +Given: An integer array a of length n+2 with n>=2. It is known that at +least two values stored in the array appear twice (i.e., there are at +least two duplets). + +Implement and verify a program finding such two values. + +You may assume that the array contains values between 0 and n-1. +*/ + + +class Integer { + int value; + /*@ ensures this.value == a; + @*/ + Integer(int a) { + value = a; + } +} + +class Pair { + int x,y; + /*@ ensures this.x == a && this.y == b; + @*/ + Pair(int a,int b) { + x = a; y = b; + } +} + +class Quadruple { + int x,y,z,t; + /*@ ensures this.x == a && this.y == b && + @ this.z == c && this.t == d; + @*/ + Pair(int a,int b,int c,int d) { + x = a; y = b; z = c; t = d; + } +} + +/* equality between an integer and a possibly null Integer object */ +/*@ predicate eq_opt{L}(integer x, Integer o) = + @ o != null && x == o.value; + @*/ + +/* A duplet in array a is a pair of indexes (i,j) in the bounds of array + a such that a[i] = a[j] */ +/*@ predicate is_duplet{L}(int a[], integer i, integer j) = + @ 0 <= i < j < a.length && a[i] == a[j]; + @*/ + +class Duplets { + + /* duplet(a) returns the indexes (i,j) of a duplet in a. + * moreover, if except is not null, the value of this duplet must + * be different from it. + */ + /*@ requires 2 <= a.length && + @ \exists integer i j; + @ is_duplet(a,i,j) && ! eq_opt(a[i],except) ; + @ ensures + @ is_duplet(a,\result.x,\result.y) && + @ ! eq_opt(a[\result.x],except); + @*/ + Pair duplet(int a[], Integer except) { + /*@ loop_invariant + @ \forall integer k l; 0 <= k < i && k < l < a.length ==> + @ ! eq_opt(a[k],except) ==> ! is_duplet(a,k,l); + @ loop_variant a.length - i; + @*/ + for(int i=0; i <= a.length - 2; i++) { + int v = a[i]; + if (except != null && except.value != v) { + /*@ loop_invariant + @ \forall integer l; i < l < j ==> ! is_duplet(a,i,l); + @ loop_variant a.length - j; + @*/ + for (int j=i+1; j < a.length; j++) { + if (a[j] == v) { + return new Pair(i, j); + } + } + } + } + // assert \forall integer i j; ! is_duplet(a,i,j); + //@ assert false; + return null; + } + + + /* requires 4 <= a.length && \exists integer i j k l; + @ is_duplet(a,i,j) && is_duplet(a,k,l) && a[i] != a[k]; + @ ensures is_duplet(a,\result.x,\result.y) && + @ is_duplet(a,\result.z,\result.t) && + @ a[\result.x] != a[\result.z]; + @*/ + Quadruple duplets(int a[]) { + Pair p = duplet(a,null); + Pair q = duplet(a,new Integer(a[p.x])); + return new Quadruple(p.x,p.y,q.x,q.y); + } + + +} + +/* +Local Variables: +compile-command: "make Duplets.why3ml" +End: +*/ + diff -Nru why-2.29+dfsg/tests/java/Fibonacci.java why-2.30+dfsg/tests/java/Fibonacci.java --- why-2.29+dfsg/tests/java/Fibonacci.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Fibonacci.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,34 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // RUNCOQ: will ask regtests to check Coq proofs of this program // int model: unbounded mathematical integers @@ -38,3 +69,10 @@ } } +/* +Local Variables: +compile-command: "make Fibonacci.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/FlagStatic.java why-2.30+dfsg/tests/java/FlagStatic.java --- why-2.29+dfsg/tests/java/FlagStatic.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/FlagStatic.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,22 +1,26 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU Library General Public */ -/* License version 2, with the special exception on linking */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ /* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ @@ -34,7 +38,7 @@ @*/ /*@ predicate is_color_array{L}(int t[]) = - @ t != null && + @ t != null && @ \forall integer i; 0 <= i < t.length ==> is_color(t[i]) ; @*/ @@ -44,15 +48,15 @@ class FlagStatic { - + public static final int BLUE = 1, WHITE = 2, RED = 3; - + /*@ requires t != null && 0 <= i <= j <= t.length ; @ behavior decides_monochromatic: @ ensures \result <==> is_monochrome(t,i,j,c); @*/ public static boolean isMonochrome(int t[], int i, int j, int c) { - /*@ loop_invariant i <= k && + /*@ loop_invariant i <= k && @ (\forall integer l; i <= l < k ==> t[l]==c); @ loop_variant j - k; @*/ @@ -72,9 +76,9 @@ } /*@ requires - @ is_color_array(t); + @ is_color_array(t); @ behavior sorts: - @ ensures + @ ensures @ (\exists integer b r; @ is_monochrome(t,0,b,BLUE) && @ is_monochrome(t,b,r,WHITE) && @@ -90,17 +94,17 @@ @ is_monochrome(t,0,b,BLUE) && @ is_monochrome(t,b,i,WHITE) && @ is_monochrome(t,r,t.length,RED); - @ loop_variant r - i; + @ loop_variant r - i; @*/ while (i < r) { switch (t[i]) { - case BLUE: + case BLUE: swap(t,b++, i++); - break; - case WHITE: - i++; break; - case RED: + case WHITE: + i++; + break; + case RED: swap(t,--r, i); break; } @@ -111,7 +115,7 @@ /* -Local Variables: -compile-command: "make FlagStatic" -End: +Local Variables: +compile-command: "make FlagStatic.why3ml" +End: */ diff -Nru why-2.29+dfsg/tests/java/Gcd.java why-2.30+dfsg/tests/java/Gcd.java --- why-2.29+dfsg/tests/java/Gcd.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Gcd.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,58 +1,60 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ //@+ CheckArithOverflow = no /* complements for non-linear integer arithmetic */ -/*@ lemma distr_right: - @ \forall integer x y z; x*(y+z) == (x*y)+(x*z); +/*@ lemma distr_right: + @ \forall integer x y z; x*(y+z) == (x*y)+(x*z); @*/ -/*@ lemma distr_left: +/*@ lemma distr_left: @ \forall integer x y z; (x+y)*z == (x*z)+(y*z); @*/ -/*@ lemma distr_right_minus: - @ \forall integer x y z; x*(y-z) == (x*y)-(x*z); +/*@ lemma distr_right_minus: + @ \forall integer x y z; x*(y-z) == (x*y)-(x*z); @*/ -/*@ lemma distr_left_minus: +/*@ lemma distr_left_minus: @ \forall integer x y z; (x-y)*z == (x*z)-(y*z); @*/ -/*@ lemma mul_comm: - @ \forall integer x y; x*y == y*x; +/*@ lemma mul_comm: + @ \forall integer x y; x*y == y*x; @*/ -/*@ lemma mul_assoc: - @ \forall integer x y z; x*(y*z) == (x*y)*z; +/*@ lemma mul_assoc: + @ \forall integer x y z; x*(y*z) == (x*y)*z; @*/ /*@ predicate divides(integer x, integer y) = @@ -60,17 +62,17 @@ @*/ /*@ lemma div_mod_property: - @ \forall integer x y; - @ x >=0 && y > 0 ==> x%y == x - y*(x/y); + @ \forall integer x y; + @ x >=0 && y > 0 ==> x%y == x - y*(x/y); @*/ /*@ lemma mod_property: - @ \forall integer x y; - @ x >=0 && y > 0 ==> 0 <= x%y && x%y < y; + @ \forall integer x y; + @ x >=0 && y > 0 ==> 0 <= x%y && x%y < y; @*/ /*@ predicate isGcd(integer a, integer b, integer d) = - @ divides(d,a) && divides(d,b) && + @ divides(d,a) && divides(d,b) && @ \forall integer z; @ divides(z,a) && divides(z,b) ==> divides(z,d) ; @*/ @@ -81,24 +83,24 @@ /*@ lemma gcd_property : @ \forall integer a b d q; - @ b > 0 && isGcd(b,a % b,d) ==> isGcd(a,b,d) ; + @ a >= 0 && b > 0 && isGcd(b,a % b,d) ==> isGcd(a,b,d) ; @*/ class Gcd { /*@ requires x >= 0 && y >= 0; - @ behavior resultIsGcd: + @ behavior resultIsGcd: @ ensures isGcd(x,y,\result) ; @ behavior bezoutProperty: @ ensures \exists integer a b; a*x+b*y == \result; @*/ static int gcd(int x, int y) { //@ ghost integer a = 1, b = 0, c = 0, d = 1; - /*@ loop_invariant - @ x >= 0 && y >= 0 && - @ (\forall integer d ; isGcd(x,y,d) ==> - @ \at(isGcd(x,y,d),Pre)) && - @ a*\at(x,Pre)+b*\at(y,Pre) == x && + /*@ loop_invariant + @ x >= 0 && y >= 0 && + @ (\forall integer d ; isGcd(x,y,d) ==> + @ \at(isGcd(x,y,d),Pre)) && + @ a*\at(x,Pre)+b*\at(y,Pre) == x && @ c*\at(x,Pre)+d*\at(y,Pre) == y ; @ loop_variant y; @*/ @@ -108,7 +110,7 @@ x = y; y = r; //@ ghost integer ta = a, tb = b; - //@ ghost a = c; + //@ ghost a = c; //@ ghost b = d; //@ ghost c = ta - c * q; //@ ghost d = tb - d * q; @@ -122,8 +124,8 @@ /* -Local Variables: -compile-command: "make Gcd" -End: +Local Variables: +compile-command: "make Gcd.why3ml" +End: */ diff -Nru why-2.29+dfsg/tests/java/Hello.java why-2.30+dfsg/tests/java/Hello.java --- why-2.29+dfsg/tests/java/Hello.java 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/Hello.java 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,48 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +class Hello { + + public static void main(String argv[]) { + System.out.println("Hello Krakatoa"); + } + +} + + + +/* +Local Variables: +compile-command: "make Hello.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/Isqrt.java why-2.30+dfsg/tests/java/Isqrt.java --- why-2.29+dfsg/tests/java/Isqrt.java 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/Isqrt.java 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,68 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + + +//@+ CheckArithOverflow = no + +//@ logic integer sqr(integer x) = x * x; + +class Isqrt { + +/*@ requires x >= 0; + @ ensures \result >= 0 && sqr(\result) <= x && x < sqr(\result + 1); + @*/ +static int isqrt(int x) { + int count = 0, sum = 1; + /*@ loop_invariant count >= 0 && x >= sqr(count) && sum == sqr(count+1); + @ loop_variant x - count; + @*/ + while (sum <= x) sum += 2 * ++count + 1; + return count; +} + +//@ ensures \result == 4; +static int main () { + int r; + r = isqrt(17); + //@ assert r < 4 ==> false; + //@ assert r > 4 ==> false; + return r; +} + +} + +/* +Local Variables: +compile-command: "make Isqrt.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/Literals.java why-2.30+dfsg/tests/java/Literals.java --- why-2.29+dfsg/tests/java/Literals.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Literals.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,34 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + class Literals { public static final int x = 0xbad; @@ -10,3 +41,12 @@ } } + + +/* +Local Variables: +compile-command: "make Literals.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/MacCarthy.java why-2.30+dfsg/tests/java/MacCarthy.java --- why-2.29+dfsg/tests/java/MacCarthy.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/MacCarthy.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,10 +1,37 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ /* McCarthy's ``91'' function. */ -//@+ CheckArithOverflow = no - - public class MacCarthy { /*@ decreases 101-n ; @@ -23,4 +50,12 @@ return n - 10; } -} \ No newline at end of file +} + +/* +Local Variables: +compile-command: "make MacCarthy.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/Muller.java why-2.30+dfsg/tests/java/Muller.java --- why-2.29+dfsg/tests/java/Muller.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Muller.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,79 +1,95 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ -//@+ CheckArithOverflow = no //@+ SeparationPolicy = Regions /*@ axiomatic NumOfPos { @ logic integer num_of_pos{L}(integer i,integer j,int t[]); @ axiom num_of_pos_empty{L} : @ \forall integer i j, int t[]; - @ i > j ==> num_of_pos(i,j,t) == 0; + @ i >= j ==> num_of_pos(i,j,t) == 0; @ axiom num_of_pos_true_case{L} : @ \forall integer i j k, int t[]; - @ i <= j && t[j] > 0 ==> + @ i < j && t[j-1] > 0 ==> @ num_of_pos(i,j,t) == num_of_pos(i,j-1,t) + 1; @ axiom num_of_pos_false_case{L} : @ \forall integer i j k, int t[]; - @ i <= j && ! (t[j] > 0) ==> + @ i < j && ! (t[j-1] > 0) ==> @ num_of_pos(i,j,t) == num_of_pos(i,j-1,t); @ } @*/ + +/*@ lemma num_of_pos_non_negative{L} : + @ \forall integer i j, int t[]; 0 <= num_of_pos(i,j,t); + @*/ + +/*@ lemma num_of_pos_additive{L} : + @ \forall integer i j k, int t[]; i <= j <= k ==> + @ num_of_pos(i,k,t) == num_of_pos(i,j,t) + num_of_pos(j,k,t); + @*/ + +/*@ lemma num_of_pos_increasing{L} : + @ \forall integer i j k, int t[]; + @ j <= k ==> num_of_pos(i,j,t) <= num_of_pos(i,k,t); + @*/ + /*@ lemma num_of_pos_strictly_increasing{L} : - @ \forall integer i j k l, int t[]; - @ j < k && k <= l && t[k] > 0 ==> - @ num_of_pos(i,j,t) < num_of_pos(i,l,t); + @ \forall integer i n, int t[]; + @ 0 <= i < n && t[i] > 0 ==> + @ num_of_pos(0,i,t) < num_of_pos(0,n,t); @*/ public class Muller { - /*@ requires t!=null; + /*@ requires t != null; @*/ public static int[] m(int t[]) { int count = 0; - + /*@ loop_invariant - @ 0 <= i && i <= t.length && - @ 0 <= count && count <= i && - @ count == num_of_pos(0,i-1,t) ; + @ 0 <= i <= t.length && + @ 0 <= count <= i && + @ count == num_of_pos(0,i,t) ; @ loop_variant t.length - i; @*/ for (int i=0 ; i < t.length; i++) if (t[i] > 0) count++; - + int u[] = new int[count]; count = 0; - + /*@ loop_invariant - @ 0 <= i && i <= t.length && - @ 0 <= count && count <= i && - @ count == num_of_pos(0,i-1,t); + @ 0 <= i <= t.length && + @ 0 <= count <= i && + @ count == num_of_pos(0,i,t); @ loop_variant t.length - i; @*/ for (int i=0 ; i < t.length; i++) { @@ -81,11 +97,11 @@ } return u; } - + } /* -Local Variables: -compile-command: "make Muller" -End: +Local Variables: +compile-command: "make Muller.why3ml" +End: */ diff -Nru why-2.29+dfsg/tests/java/MullerTheory.java why-2.30+dfsg/tests/java/MullerTheory.java --- why-2.29+dfsg/tests/java/MullerTheory.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/MullerTheory.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,34 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + /* File Muller.java */ //@+ CheckArithOverflow = no diff -Nru why-2.29+dfsg/tests/java/NameConflicts.java why-2.30+dfsg/tests/java/NameConflicts.java --- why-2.29+dfsg/tests/java/NameConflicts.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/NameConflicts.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ class NameConflicts { @@ -21,3 +51,11 @@ } + +/* +Local Variables: +compile-command: "make NameConflicts.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/Negate.java why-2.30+dfsg/tests/java/Negate.java --- why-2.29+dfsg/tests/java/Negate.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Negate.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ CheckArithOverflow = no @@ -10,17 +40,27 @@ @*/ static void negate(int t[]) { int i = 0; - /*@ loop_invariant - @ 0 <= i <= t.length && - @ (\forall integer k; 0 <= k < i ==> t[k] == -\at(t[k],Pre)) ; - @ loop_assigns t[0..i-1]; - @ loop_variant t.length-i; + /*@ loop_invariant + @ 0 <= i <= t.length && + @ (\forall integer k; 0 <= k < i ==> t[k] == -\at(t[k],Pre)) && + @ (\forall integer k; i <= k < t.length ==> t[k] == \at(t[k],Pre)) ; + @ // TODO: replace previous invariant by loop_assigns t[0..i-1]; + @ loop_variant t.length-i; @*/ while (i < t.length) { t[i] = -t[i]; i++; } - + } } + + + +/* +Local Variables: +compile-command: "make Negate.why3ml" +End: +*/ + diff -Nru why-2.29+dfsg/tests/java/oracle/AllZeros.res.oracle why-2.30+dfsg/tests/java/oracle/AllZeros.res.oracle --- why-2.29+dfsg/tests/java/oracle/AllZeros.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/AllZeros.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -2,30 +2,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ class AllZeros { @@ -52,6 +54,14 @@ return true; } } + +/* +Local Variables: +compile-command: "make AllZeros.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -80,7 +90,10 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -178,105 +191,105 @@ ========== file tests/java/AllZeros.jloc ========== [K_10] file = "HOME/tests/java/AllZeros.java" -line = 46 +line = 48 begin = 18 end = 30 [K_11] file = "HOME/tests/java/AllZeros.java" -line = 49 +line = 51 begin = 9 end = 13 [K_12] file = "HOME/tests/java/AllZeros.java" -line = 49 +line = 51 begin = 9 end = 18 [K_13] file = "HOME/tests/java/AllZeros.java" -line = 48 +line = 50 begin = 31 end = 34 [K_14] file = "HOME/tests/java/AllZeros.java" -line = 48 +line = 50 begin = 21 end = 29 [K_15] file = "HOME/tests/java/AllZeros.java" -line = 48 +line = 50 begin = 17 end = 29 [K_1] file = "HOME/tests/java/AllZeros.java" -line = 33 +line = 35 begin = 8 end = 16 [K_2] file = "HOME/tests/java/AllZeros.java" -line = 39 +line = 41 begin = 16 end = 93 [K_3] file = "HOME/tests/java/AllZeros.java" -line = 38 +line = 40 begin = 17 end = 26 [K_4] file = "HOME/tests/java/AllZeros.java" -line = 48 +line = 50 begin = 14 end = 15 [K_5] file = "HOME/tests/java/AllZeros.java" -line = 45 +line = 47 begin = 6 end = 49 [K_6] file = "HOME/tests/java/AllZeros.java" -line = 44 +line = 46 begin = 11 end = 24 [K_7] file = "HOME/tests/java/AllZeros.java" -line = 44 +line = 46 begin = 6 end = 12 [AllZeros_should_not_be_proved] name = "Method should_not_be_proved" file = "HOME/tests/java/AllZeros.java" -line = 32 +line = 34 begin = 15 end = 35 [K_8] file = "HOME/tests/java/AllZeros.java" -line = 44 +line = 46 begin = 6 end = 24 [K_9] file = "HOME/tests/java/AllZeros.java" -line = 44 +line = 46 begin = 6 end = 78 [AllZeros_all_zeros] name = "Method all_zeros" file = "HOME/tests/java/AllZeros.java" -line = 42 +line = 44 begin = 19 end = 28 @@ -306,10 +319,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs AllZeros.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/AllZeros_why.sx @@ -370,6 +384,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/AllZeros_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/AllZeros_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -442,6 +463,9 @@ why3ide: why/AllZeros_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: AllZeros.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include AllZeros.depend depend: coq/AllZeros_why.v @@ -452,31 +476,28 @@ ========== file tests/java/AllZeros.loc ========== [JC_40] -kind = IndexBounds -file = "HOME/tests/java/AllZeros.java" -line = 33 -begin = 8 -end = 16 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_41] -kind = ArithOverflow file = "HOME/tests/java/AllZeros.java" -line = 33 -begin = 8 -end = 16 +line = 34 +begin = 15 +end = 35 [JC_42] -kind = UserCall -file = "HOME/tests/java/AllZeros.java" -line = 33 -begin = 8 -end = 16 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_43] -file = "HOME/tests/java/AllZeros.java" -line = 38 -begin = 17 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [cons_AllZeros_safety] name = "Constructor of class AllZeros" @@ -493,10 +514,10 @@ end = -1 [JC_45] -file = "HOME/tests/java/AllZeros.java" -line = 38 -begin = 17 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_46] file = "HOME/" @@ -506,24 +527,25 @@ [JC_1] file = "HOME/tests/java/AllZeros.jc" -line = 49 -begin = 8 -end = 21 - -[JC_47] -file = "HOME/tests/java/AllZeros.java" -line = 39 -begin = 16 -end = 93 +line = 23 +begin = 12 +end = 22 [AllZeros_should_not_be_proved_safety] name = "Method should_not_be_proved" behavior = "Safety" file = "HOME/tests/java/AllZeros.java" -line = 32 +line = 34 begin = 15 end = 35 +[JC_47] +kind = UserCall +file = "HOME/tests/java/AllZeros.java" +line = 35 +begin = 8 +end = 16 + [JC_2] file = "HOME/" line = 0 @@ -531,156 +553,155 @@ end = -1 [JC_48] +kind = IndexBounds file = "HOME/tests/java/AllZeros.java" -line = 39 -begin = 16 -end = 93 +line = 35 +begin = 8 +end = 16 [JC_3] file = "HOME/tests/java/AllZeros.jc" -line = 49 -begin = 8 -end = 21 +line = 23 +begin = 12 +end = 22 [JC_49] +kind = ArithOverflow +file = "HOME/tests/java/AllZeros.java" +line = 35 +begin = 8 +end = 16 + +[JC_4] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_4] +[JC_5] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_5] -file = "HOME/tests/java/AllZeros.jc" -line = 52 -begin = 11 -end = 66 - [JC_6] -file = "HOME/tests/java/AllZeros.jc" -line = 51 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_7] -file = "HOME/tests/java/AllZeros.jc" -line = 52 -begin = 11 -end = 66 - -[JC_8] -file = "HOME/tests/java/AllZeros.jc" -line = 51 -begin = 10 -end = 18 - -[JC_9] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_50] +[JC_8] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_9] +file = "HOME/tests/java/AllZeros.jc" +line = 52 +begin = 8 +end = 21 + +[JC_50] +kind = UserCall +file = "HOME/tests/java/AllZeros.java" +line = 35 +begin = 8 +end = 16 + [JC_51] file = "HOME/tests/java/AllZeros.java" -line = 44 -begin = 6 -end = 12 +line = 40 +begin = 17 +end = 26 [JC_52] -file = "HOME/tests/java/AllZeros.java" -line = 44 -begin = 11 -end = 24 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_53] file = "HOME/tests/java/AllZeros.java" -line = 45 -begin = 6 -end = 49 +line = 40 +begin = 17 +end = 26 [JC_54] -file = "HOME/tests/java/AllZeros.java" -line = 44 -begin = 6 -end = 78 - -[JC_55] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_55] +file = "HOME/tests/java/AllZeros.java" +line = 41 +begin = 16 +end = 93 + [JC_56] -file = "HOME/tests/java/AllZeros.jc" -line = 88 -begin = 9 -end = 652 +file = "HOME/tests/java/AllZeros.java" +line = 41 +begin = 16 +end = 93 [JC_57] -file = "HOME/tests/java/AllZeros.jc" -line = 88 -begin = 9 -end = 652 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_58] -kind = UserCall -file = "HOME/tests/java/AllZeros.java" -line = 48 -begin = 21 -end = 29 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_59] -kind = IndexBounds file = "HOME/tests/java/AllZeros.java" -line = 48 -begin = 21 -end = 29 +line = 46 +begin = 6 +end = 12 [AllZeros_should_not_be_proved_ensures_default] name = "Method should_not_be_proved" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/AllZeros.java" -line = 32 +line = 34 begin = 15 end = 35 [AllZeros_all_zeros_ensures_default] name = "Method all_zeros" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/AllZeros.java" -line = 42 +line = 44 begin = 19 end = 28 [JC_60] -kind = PointerDeref file = "HOME/tests/java/AllZeros.java" -line = 49 -begin = 9 -end = 13 +line = 46 +begin = 11 +end = 24 [JC_61] -kind = ArithOverflow -file = "HOME/tests/java/AllZeros.jc" -line = 98 -begin = 18 -end = 22 +file = "HOME/tests/java/AllZeros.java" +line = 47 +begin = 6 +end = 49 [JC_62] file = "HOME/tests/java/AllZeros.java" line = 46 -begin = 18 -end = 30 +begin = 6 +end = 78 [JC_10] file = "HOME/" @@ -689,22 +710,22 @@ end = -1 [JC_63] -file = "HOME/tests/java/AllZeros.java" -line = 44 -begin = 6 -end = 12 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_11] file = "HOME/tests/java/AllZeros.jc" -line = 55 +line = 52 begin = 8 -end = 30 +end = 21 [JC_64] -file = "HOME/tests/java/AllZeros.java" -line = 44 -begin = 11 -end = 24 +file = "HOME/tests/java/AllZeros.jc" +line = 91 +begin = 9 +end = 652 [JC_12] file = "HOME/" @@ -714,230 +735,282 @@ [cons_AllZeros_ensures_default] name = "Constructor of class AllZeros" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 end = -1 [JC_65] -file = "HOME/tests/java/AllZeros.java" -line = 45 -begin = 6 -end = 49 +file = "HOME/tests/java/AllZeros.jc" +line = 91 +begin = 9 +end = 652 [JC_13] file = "HOME/tests/java/AllZeros.jc" line = 55 -begin = 8 -end = 30 +begin = 11 +end = 66 [JC_66] +kind = UserCall file = "HOME/tests/java/AllZeros.java" -line = 44 -begin = 6 -end = 78 +line = 50 +begin = 21 +end = 29 [JC_14] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/AllZeros.jc" +line = 54 +begin = 10 +end = 18 [JC_67] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = IndexBounds +file = "HOME/tests/java/AllZeros.java" +line = 50 +begin = 21 +end = 29 [JC_15] file = "HOME/tests/java/AllZeros.jc" -line = 58 +line = 55 begin = 11 -end = 103 +end = 66 [JC_68] -file = "HOME/tests/java/AllZeros.jc" -line = 88 +kind = PointerDeref +file = "HOME/tests/java/AllZeros.java" +line = 51 begin = 9 -end = 652 +end = 13 [JC_16] file = "HOME/tests/java/AllZeros.jc" -line = 57 +line = 54 begin = 10 end = 18 [JC_69] +kind = ArithOverflow file = "HOME/tests/java/AllZeros.jc" -line = 88 -begin = 9 -end = 652 +line = 101 +begin = 18 +end = 22 [JC_17] -file = "HOME/tests/java/AllZeros.jc" -line = 58 -begin = 11 -end = 103 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_18] -file = "HOME/tests/java/AllZeros.jc" -line = 57 -begin = 10 -end = 18 - -[JC_19] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_19] +file = "HOME/tests/java/AllZeros.jc" +line = 58 +begin = 8 +end = 30 + [JC_70] -kind = UserCall file = "HOME/tests/java/AllZeros.java" line = 48 -begin = 21 -end = 29 +begin = 18 +end = 30 [JC_71] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/AllZeros.java" +line = 46 +begin = 6 +end = 12 [JC_72] +file = "HOME/tests/java/AllZeros.java" +line = 46 +begin = 11 +end = 24 + +[JC_20] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_20] +[JC_73] +file = "HOME/tests/java/AllZeros.java" +line = 47 +begin = 6 +end = 49 + +[JC_21] +file = "HOME/tests/java/AllZeros.jc" +line = 58 +begin = 8 +end = 30 + +[JC_74] +file = "HOME/tests/java/AllZeros.java" +line = 46 +begin = 6 +end = 78 + +[JC_22] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_73] +[JC_75] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_21] +[JC_23] +file = "HOME/tests/java/AllZeros.jc" +line = 61 +begin = 11 +end = 103 + +[JC_76] +file = "HOME/tests/java/AllZeros.jc" +line = 91 +begin = 9 +end = 652 + +[JC_24] +file = "HOME/tests/java/AllZeros.jc" +line = 60 +begin = 10 +end = 18 + +[JC_77] +file = "HOME/tests/java/AllZeros.jc" +line = 91 +begin = 9 +end = 652 + +[JC_25] +file = "HOME/tests/java/AllZeros.jc" +line = 61 +begin = 11 +end = 103 + +[JC_78] +kind = UserCall +file = "HOME/tests/java/AllZeros.java" +line = 50 +begin = 21 +end = 29 + +[JC_26] file = "HOME/tests/java/AllZeros.jc" -line = 62 -begin = 8 -end = 23 +line = 60 +begin = 10 +end = 18 -[JC_74] +[JC_79] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_22] +[JC_27] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_75] +[AllZeros_all_zeros_safety] +name = "Method all_zeros" +behavior = "Safety" +file = "HOME/tests/java/AllZeros.java" +line = 44 +begin = 19 +end = 28 + +[JC_28] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_23] +[JC_29] file = "HOME/tests/java/AllZeros.jc" -line = 62 +line = 65 begin = 8 end = 23 -[JC_76] +[JC_80] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_24] +[JC_81] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_77] +[JC_82] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_25] +[JC_30] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_78] +[JC_83] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_26] +[JC_31] +file = "HOME/tests/java/AllZeros.jc" +line = 65 +begin = 8 +end = 23 + +[JC_84] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_27] +[JC_32] file = "HOME/" line = 0 begin = -1 end = -1 -[AllZeros_all_zeros_safety] -name = "Method all_zeros" -behavior = "Safety" -file = "HOME/tests/java/AllZeros.java" -line = 42 -begin = 19 -end = 28 - -[JC_28] +[JC_85] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_29] -file = "HOME/tests/java/AllZeros.jc" -line = 64 -begin = 11 -end = 65 - -[JC_30] -file = "HOME/tests/java/AllZeros.jc" -line = 64 -begin = 11 -end = 65 - -[JC_31] -file = "HOME/tests/java/AllZeros.java" -line = 32 -begin = 15 -end = 35 - -[JC_32] +[JC_33] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_33] -file = "HOME/tests/java/AllZeros.java" -line = 32 -begin = 15 -end = 35 +[JC_86] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_34] file = "HOME/" @@ -958,23 +1031,22 @@ end = -1 [JC_37] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/AllZeros.jc" +line = 67 +begin = 11 +end = 65 [JC_38] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/AllZeros.jc" +line = 67 +begin = 11 +end = 65 [JC_39] -kind = UserCall file = "HOME/tests/java/AllZeros.java" -line = 33 -begin = 8 -end = 16 +line = 34 +begin = 15 +end = 35 ========== file tests/java/why/AllZeros.why ========== type Object @@ -997,19 +1069,13 @@ axiom AllZeros_parenttag_Object : parenttag(AllZeros_tag, Object_tag) -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_1:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_1), (0)) + ge_int(offset_max(Object_alloc_table, x_1), (0)) predicate Non_null_intM(x_0:Object pointer, Object_alloc_table:Object alloc_table) = @@ -1030,14 +1096,10 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -1051,6 +1113,11 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_byte(byte_of_integer(x)), x))) +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + axiom byte_range : (forall x:byte. (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) @@ -1064,6 +1131,11 @@ ((le_int((0), x) and le_int(x, (65535))) -> eq_int(integer_of_char(char_of_integer(x)), x))) +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + axiom char_range : (forall x:char. (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) @@ -1096,6 +1168,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -1157,6 +1234,11 @@ ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> eq_int(integer_of_long(long_of_integer(x)), x))) +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + axiom long_range : (forall x:long. (le_int((-9223372036854775808), integer_of_long(x)) @@ -1204,6 +1286,11 @@ ((le_int((-32768), x) and le_int(x, (32767))) -> eq_int(integer_of_short(short_of_integer(x)), x))) +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + axiom short_range : (forall x:short. (le_int((-32768), integer_of_short(x)) @@ -1249,36 +1336,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_AllZeros(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1326,23 +1383,23 @@ parameter AllZeros_all_zeros : t_0:Object pointer -> { } bool reads Object_alloc_table,intM_intP - { (JC_48: + { (JC_56: ((result = true) <-> (forall i:int. ((le_int((0), i) and lt_int(i, add_int(offset_max(Object_alloc_table, t_0), (1)))) -> - eq_int(integer_of_int32(select(intM_intP, shift(t_0, i))), (0)))))) } + (integer_of_int32(select(intM_intP, shift(t_0, i))) = (0)))))) } parameter AllZeros_all_zeros_requires : t_0:Object pointer -> - { (JC_43: Non_null_intM(t_0, Object_alloc_table))} bool + { (JC_51: Non_null_intM(t_0, Object_alloc_table))} bool reads Object_alloc_table,intM_intP - { (JC_48: + { (JC_56: ((result = true) <-> (forall i:int. ((le_int((0), i) and lt_int(i, add_int(offset_max(Object_alloc_table, t_0), (1)))) -> - eq_int(integer_of_int32(select(intM_intP, shift(t_0, i))), (0)))))) } + (integer_of_int32(select(intM_intP, shift(t_0, i))) = (0)))))) } parameter AllZeros_should_not_be_proved : t:Object pointer -> { } int32 reads Object_alloc_table { true } @@ -1350,133 +1407,17 @@ parameter AllZeros_should_not_be_proved_requires : t:Object pointer -> { } int32 reads Object_alloc_table { true } -parameter Object_tag_table : Object tag_table ref - -parameter alloc_bitvector_struct_AllZeros : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_AllZeros(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_AllZeros_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_AllZeros(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Exception_exc of Object pointer -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_intM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_intM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_AllZeros : n:int -> @@ -1653,6 +1594,10 @@ parameter any_short : unit -> { } short { true } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter byte_of_integer_ : x:int -> { (le_int((-128), x) and le_int(x, (127)))} byte @@ -1677,18 +1622,18 @@ parameter java_array_length_intM : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter java_array_length_intM_requires : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter long_of_integer_ : x:int -> @@ -1698,28 +1643,28 @@ parameter non_null_Object : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_Object_requires : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_intM : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_intM_requires : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } @@ -1746,7 +1691,7 @@ let AllZeros_all_zeros_ensures_default = fun (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_45: Non_null_intM(t_0, Object_alloc_table))) } + and (JC_53: Non_null_intM(t_0, Object_alloc_table))) } (init: (let return = ref (any_bool void) in try @@ -1756,26 +1701,24 @@ (loop_2: while true do { invariant - (JC_66: - ((JC_63: le_int((0), integer_of_int32(k))) - and ((JC_64: + (JC_74: + ((JC_71: le_int((0), integer_of_int32(k))) + and ((JC_72: le_int(integer_of_int32(k), add_int(offset_max(Object_alloc_table, t_0), (1)))) - and (JC_65: + and (JC_73: (forall i_0:int. ((le_int((0), i_0) and lt_int(i_0, integer_of_int32(k))) -> - eq_int(integer_of_int32(select(intM_intP, - shift(t_0, i_0))), - (0)))))))) } + (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = (0)))))))) + } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_15: ((lt_int_ (integer_of_int32 !k)) (K_14: (let jessie_ = t_0 in - (JC_70: + (JC_78: (java_array_length_intM jessie_)))))) then (if (K_12: @@ -1783,8 +1726,8 @@ ((safe_acc_ !intM_intP) ((shift t_0) (integer_of_int32 !k)))))) (0))) then begin (return := false); (raise Return) end else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_13: @@ -1795,17 +1738,17 @@ void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := true); (raise Return); absurd end with Return -> !return end)) - { (JC_47: + { (JC_55: ((result = true) <-> (forall i:int. ((le_int((0), i) and lt_int(i, add_int(offset_max(Object_alloc_table, t_0), (1)))) -> - eq_int(integer_of_int32(select(intM_intP, shift(t_0, i))), (0)))))) } + (integer_of_int32(select(intM_intP, shift(t_0, i))) = (0)))))) } let AllZeros_all_zeros_safety = fun (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_45: Non_null_intM(t_0, Object_alloc_table))) } + and (JC_53: Non_null_intM(t_0, Object_alloc_table))) } (init: (let return = ref (any_bool void) in try @@ -1814,53 +1757,50 @@ try (loop_1: while true do - { invariant (JC_56: true) - variant (JC_62 : sub_int(add_int(offset_max(Object_alloc_table, t_0), + { invariant (JC_64: true) + variant (JC_70 : sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), integer_of_int32(k))) } begin [ { } unit reads Object_alloc_table,intM_intP,k - { (JC_54: - ((JC_51: le_int((0), integer_of_int32(k))) - and ((JC_52: + { (JC_62: + ((JC_59: le_int((0), integer_of_int32(k))) + and ((JC_60: le_int(integer_of_int32(k), add_int(offset_max(Object_alloc_table, t_0), (1)))) - and (JC_53: + and (JC_61: (forall i_0:int. ((le_int((0), i_0) and lt_int(i_0, integer_of_int32(k))) -> - eq_int(integer_of_int32(select(intM_intP, - shift(t_0, i_0))), - (0)))))))) } ]; + (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = (0)))))))) } ]; try - (let jessie_ = begin (if (K_15: ((lt_int_ (integer_of_int32 !k)) (K_14: (let jessie_ = t_0 in - (JC_59: + (JC_67: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_58: + (JC_66: (java_array_length_intM_requires jessie_)))))))) then (if (K_12: ((neq_int_ (integer_of_int32 (K_11: - (JC_60: + (JC_68: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) (integer_of_int32 !k)))))) (0))) then begin (return := false); (raise Return) end else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_13: (let jessie_ = !k in begin (let jessie_ = - (k := (JC_61: + (k := (JC_69: (int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1))))) in void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := true); (raise Return); @@ -1875,10 +1815,10 @@ begin (return := (safe_int32_of_integer_ (K_1: (let jessie_ = t in - (JC_42: + (JC_50: (java_array_length_intM jessie_)))))); (raise Return); absurd end with Return -> !return end)) - { (JC_35: true) } + { (JC_43: true) } let AllZeros_should_not_be_proved_safety = fun (t : Object pointer) -> @@ -1887,15 +1827,15 @@ (let return = ref (any_int32 void) in try begin - (return := (JC_41: + (return := (JC_49: (int32_of_integer_ (K_1: (let jessie_ = t in - (JC_40: + (JC_48: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_39: + (JC_47: (java_array_length_intM_requires jessie_))))))))); (raise Return); absurd end with Return -> !return end)) { true } @@ -1903,7 +1843,7 @@ fun (this_0 : Object pointer) -> { valid_struct_AllZeros(this_0, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_75: true) } + { (JC_83: true) } let cons_AllZeros_safety = fun (this_0 : Object pointer) -> @@ -1920,11 +1860,11 @@ - + - + @@ -1932,82 +1872,82 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - + - + - + - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2969,7 +2909,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -3007,6 +2947,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -3019,6 +2963,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -3051,6 +2999,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -3112,6 +3065,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -3160,6 +3117,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -3204,36 +3166,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_AllZeros(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -3274,6 +3206,16 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/AllZeros_po1.why ========== +goal AllZeros_all_zeros_ensures_default_po_1: + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + ("JC_74": ("JC_71": (0 <= integer_of_int32(result)))) + ========== file tests/java/why/AllZeros_po10.why ========== goal AllZeros_all_zeros_ensures_default_po_10: forall t_0:Object pointer. @@ -3281,20 +3223,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) >= result0) -> @@ -3303,7 +3245,7 @@ (forall i:int. (((0 <= i) and (i < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0))) -> - ("JC_47": (return = true)) + ("JC_55": (return = true)) ========== file tests/java/why/AllZeros_po11.why ========== goal AllZeros_all_zeros_safety_po_1: @@ -3312,16 +3254,16 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> @@ -3334,22 +3276,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3362,22 +3304,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3390,22 +3332,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3423,22 +3365,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3456,22 +3398,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3486,7 +3428,7 @@ (integer_of_int32(result2) = (integer_of_int32(k) + 1)) -> forall k0:int32. (k0 = result2) -> - (0 <= ("JC_62": ((offset_max(Object_alloc_table, + (0 <= ("JC_70": ((offset_max(Object_alloc_table, t_0) + 1) - integer_of_int32(k)))) ========== file tests/java/why/AllZeros_po17.why ========== @@ -3496,22 +3438,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3526,8 +3468,8 @@ (integer_of_int32(result2) = (integer_of_int32(k) + 1)) -> forall k0:int32. (k0 = result2) -> - (("JC_62": ((offset_max(Object_alloc_table, - t_0) + 1) - integer_of_int32(k0))) < ("JC_62": + (("JC_70": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(k0))) < ("JC_70": ((offset_max(Object_alloc_table, t_0) + 1) - integer_of_int32(k)))) @@ -3545,33 +3487,22 @@ left_valid_struct_intM(t, 0, Object_alloc_table) -> (offset_max(Object_alloc_table, t) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> ((-2147483648) <= result) -========== file tests/java/why/AllZeros_po1.why ========== -goal AllZeros_all_zeros_ensures_default_po_1: - forall t_0:Object pointer. - forall Object_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> - forall result:int32. - (integer_of_int32(result) = 0) -> - ("JC_66": ("JC_63": ("JC_63": (0 <= integer_of_int32(result))))) - ========== file tests/java/why/AllZeros_po2.why ========== goal AllZeros_all_zeros_ensures_default_po_2: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> - ("JC_66": - ("JC_64": - ("JC_64": (integer_of_int32(result) <= (offset_max(Object_alloc_table, - t_0) + 1))))) + ("JC_74": + ("JC_72": (integer_of_int32(result) <= (offset_max(Object_alloc_table, + t_0) + 1)))) ========== file tests/java/why/AllZeros_po3.why ========== goal AllZeros_all_zeros_ensures_default_po_3: @@ -3580,15 +3511,13 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> - ("JC_66": - ("JC_65": - ("JC_65": - (forall i_0:int. - (((0 <= i_0) and (i_0 < integer_of_int32(result))) -> - (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0)))))) + forall i_0:int. + ((0 <= i_0) and (i_0 < integer_of_int32(result))) -> + ("JC_74": + ("JC_73": (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))) ========== file tests/java/why/AllZeros_po4.why ========== goal AllZeros_all_zeros_ensures_default_po_4: @@ -3597,20 +3526,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3622,7 +3551,7 @@ (return = true) -> forall i:int. ((0 <= i) and (i < (offset_max(Object_alloc_table, t_0) + 1))) -> - ("JC_47": (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0)) + ("JC_55": (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0)) ========== file tests/java/why/AllZeros_po5.why ========== goal AllZeros_all_zeros_ensures_default_po_5: @@ -3631,20 +3560,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3656,7 +3585,7 @@ (forall i:int. (((0 <= i) and (i < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0))) -> - ("JC_47": (return = true)) + ("JC_55": (return = true)) ========== file tests/java/why/AllZeros_po6.why ========== goal AllZeros_all_zeros_ensures_default_po_6: @@ -3665,20 +3594,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3689,7 +3618,7 @@ (integer_of_int32(result2) = (integer_of_int32(k) + 1)) -> forall k0:int32. (k0 = result2) -> - ("JC_66": ("JC_63": ("JC_63": (0 <= integer_of_int32(k0))))) + ("JC_74": ("JC_71": (0 <= integer_of_int32(k0)))) ========== file tests/java/why/AllZeros_po7.why ========== goal AllZeros_all_zeros_ensures_default_po_7: @@ -3698,20 +3627,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3722,10 +3651,9 @@ (integer_of_int32(result2) = (integer_of_int32(k) + 1)) -> forall k0:int32. (k0 = result2) -> - ("JC_66": - ("JC_64": - ("JC_64": (integer_of_int32(k0) <= (offset_max(Object_alloc_table, - t_0) + 1))))) + ("JC_74": + ("JC_72": (integer_of_int32(k0) <= (offset_max(Object_alloc_table, + t_0) + 1)))) ========== file tests/java/why/AllZeros_po8.why ========== goal AllZeros_all_zeros_ensures_default_po_8: @@ -3734,20 +3662,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -3758,12 +3686,10 @@ (integer_of_int32(result2) = (integer_of_int32(k) + 1)) -> forall k0:int32. (k0 = result2) -> - ("JC_66": - ("JC_65": - ("JC_65": - (forall i_0:int. - (((0 <= i_0) and (i_0 < integer_of_int32(k0))) -> - (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0)))))) + forall i_0:int. + ((0 <= i_0) and (i_0 < integer_of_int32(k0))) -> + ("JC_74": + ("JC_73": (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))) ========== file tests/java/why/AllZeros_po9.why ========== goal AllZeros_all_zeros_ensures_default_po_9: @@ -3772,20 +3698,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) >= result0) -> @@ -3794,7 +3720,7 @@ (return = true) -> forall i:int. ((0 <= i) and (i < (offset_max(Object_alloc_table, t_0) + 1))) -> - ("JC_47": (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0)) + ("JC_55": (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0)) ========== generation of Simplify VC output ========== why -simplify [...] why/AllZeros.why @@ -4622,7 +4548,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_1) 0)) + (>= (offset_max Object_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_alloc_table) (>= (offset_max Object_alloc_table x_0) (- 0 1))) @@ -4658,6 +4584,11 @@ (EQ (integer_of_byte (byte_of_integer x)) x)))) (BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom byte_range (FORALL (x) (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) @@ -4669,6 +4600,11 @@ (EQ (integer_of_char (char_of_integer x)) x)))) (BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom char_range (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) @@ -4691,6 +4627,11 @@ (EQ (integer_of_int32 (int32_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int32_range (FORALL (x) (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) @@ -4747,6 +4688,11 @@ (EQ (integer_of_long (long_of_integer x)) x)))) (BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom long_range (FORALL (x) (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) @@ -4788,6 +4734,11 @@ (EQ (integer_of_short (short_of_integer x)) x)))) (BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom short_range (FORALL (x) (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) @@ -4823,29 +4774,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_AllZeros p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -4877,7 +4805,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; AllZeros_all_zeros_ensures_default_po_1, File "HOME/tests/java/AllZeros.java", line 44, characters 6-12 +;; AllZeros_all_zeros_ensures_default_po_1, File "HOME/tests/java/AllZeros.java", line 46, characters 6-12 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -4885,7 +4813,7 @@ (FORALL (result) (IMPLIES (EQ (integer_of_int32 result) 0) (<= 0 (integer_of_int32 result))))))) -;; AllZeros_all_zeros_ensures_default_po_2, File "HOME/tests/java/AllZeros.java", line 44, characters 11-24 +;; AllZeros_all_zeros_ensures_default_po_2, File "HOME/tests/java/AllZeros.java", line 46, characters 11-24 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -4894,7 +4822,7 @@ (IMPLIES (EQ (integer_of_int32 result) 0) (<= (integer_of_int32 result) (+ (offset_max Object_alloc_table t_0) 1))))))) -;; AllZeros_all_zeros_ensures_default_po_3, File "HOME/tests/java/AllZeros.java", line 45, characters 6-49 +;; AllZeros_all_zeros_ensures_default_po_3, File "HOME/tests/java/AllZeros.java", line 47, characters 6-49 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -4906,7 +4834,7 @@ (IMPLIES (AND (<= 0 i_0) (< i_0 (integer_of_int32 result))) (EQ (integer_of_int32 (select intM_intP (shift t_0 i_0))) 0))))))))) -;; AllZeros_all_zeros_ensures_default_po_4, File "HOME/tests/java/AllZeros.java", line 39, characters 16-93 +;; AllZeros_all_zeros_ensures_default_po_4, File "HOME/tests/java/AllZeros.java", line 41, characters 16-93 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -4936,7 +4864,7 @@ (IMPLIES (AND (<= 0 i) (< i (+ (offset_max Object_alloc_table t_0) 1))) (EQ (integer_of_int32 (select intM_intP (shift t_0 i))) 0)))))))))))))))))))) -;; AllZeros_all_zeros_ensures_default_po_5, File "HOME/tests/java/AllZeros.java", line 39, characters 16-93 +;; AllZeros_all_zeros_ensures_default_po_5, File "HOME/tests/java/AllZeros.java", line 41, characters 16-93 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -4967,7 +4895,7 @@ (EQ (integer_of_int32 (select intM_intP (shift t_0 i))) 0))) (EQ return |@true|)))))))))))))))))) -;; AllZeros_all_zeros_ensures_default_po_6, File "HOME/tests/java/AllZeros.java", line 44, characters 6-12 +;; AllZeros_all_zeros_ensures_default_po_6, File "HOME/tests/java/AllZeros.java", line 46, characters 6-12 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -4994,7 +4922,7 @@ (IMPLIES (EQ (integer_of_int32 result2) (+ (integer_of_int32 k) 1)) (FORALL (k0) (IMPLIES (EQ k0 result2) (<= 0 (integer_of_int32 k0)))))))))))))))))))) -;; AllZeros_all_zeros_ensures_default_po_7, File "HOME/tests/java/AllZeros.java", line 44, characters 11-24 +;; AllZeros_all_zeros_ensures_default_po_7, File "HOME/tests/java/AllZeros.java", line 46, characters 11-24 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5023,7 +4951,7 @@ (IMPLIES (EQ k0 result2) (<= (integer_of_int32 k0) (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))) -;; AllZeros_all_zeros_ensures_default_po_8, File "HOME/tests/java/AllZeros.java", line 45, characters 6-49 +;; AllZeros_all_zeros_ensures_default_po_8, File "HOME/tests/java/AllZeros.java", line 47, characters 6-49 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5054,7 +4982,7 @@ (IMPLIES (AND (<= 0 i_0) (< i_0 (integer_of_int32 k0))) (EQ (integer_of_int32 (select intM_intP (shift t_0 i_0))) 0))))))))))))))))))))) -;; AllZeros_all_zeros_ensures_default_po_9, File "HOME/tests/java/AllZeros.java", line 39, characters 16-93 +;; AllZeros_all_zeros_ensures_default_po_9, File "HOME/tests/java/AllZeros.java", line 41, characters 16-93 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5081,7 +5009,7 @@ (IMPLIES (AND (<= 0 i) (< i (+ (offset_max Object_alloc_table t_0) 1))) (EQ (integer_of_int32 (select intM_intP (shift t_0 i))) 0))))))))))))))))) -;; AllZeros_all_zeros_ensures_default_po_10, File "HOME/tests/java/AllZeros.java", line 39, characters 16-93 +;; AllZeros_all_zeros_ensures_default_po_10, File "HOME/tests/java/AllZeros.java", line 41, characters 16-93 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5109,7 +5037,7 @@ (EQ (integer_of_int32 (select intM_intP (shift t_0 i))) 0))) (EQ return |@true|))))))))))))))) -;; AllZeros_all_zeros_safety_po_1, File "why/AllZeros.why", line 864, characters 50-211 +;; AllZeros_all_zeros_safety_po_1, File "why/AllZeros.why", line 732, characters 50-211 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5127,7 +5055,7 @@ (EQ (integer_of_int32 (select intM_intP (shift t_0 i_0))) 0))))) (>= (offset_max Object_alloc_table t_0) (- 0 1))))))))))) -;; AllZeros_all_zeros_safety_po_2, File "HOME/tests/java/AllZeros.java", line 49, characters 9-13 +;; AllZeros_all_zeros_safety_po_2, File "HOME/tests/java/AllZeros.java", line 51, characters 9-13 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5151,7 +5079,7 @@ (IMPLIES (< (integer_of_int32 k) result0) (<= (offset_min Object_alloc_table t_0) (integer_of_int32 k))))))))))))))) -;; AllZeros_all_zeros_safety_po_3, File "HOME/tests/java/AllZeros.java", line 49, characters 9-13 +;; AllZeros_all_zeros_safety_po_3, File "HOME/tests/java/AllZeros.java", line 51, characters 9-13 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5175,7 +5103,7 @@ (IMPLIES (< (integer_of_int32 k) result0) (<= (integer_of_int32 k) (offset_max Object_alloc_table t_0))))))))))))))) -;; AllZeros_all_zeros_safety_po_4, File "HOME/tests/java/AllZeros.jc", line 98, characters 18-22 +;; AllZeros_all_zeros_safety_po_4, File "HOME/tests/java/AllZeros.jc", line 101, characters 18-22 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5204,7 +5132,7 @@ (IMPLIES (EQ (integer_of_int32 result1) 0) (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 k) 1))))))))))))))))))) -;; AllZeros_all_zeros_safety_po_5, File "HOME/tests/java/AllZeros.jc", line 98, characters 18-22 +;; AllZeros_all_zeros_safety_po_5, File "HOME/tests/java/AllZeros.jc", line 101, characters 18-22 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5233,7 +5161,7 @@ (IMPLIES (EQ (integer_of_int32 result1) 0) (<= (+ (integer_of_int32 k) 1) constant_too_large_2147483647)))))))))))))))))) -;; AllZeros_all_zeros_safety_po_6, File "HOME/tests/java/AllZeros.java", line 46, characters 18-30 +;; AllZeros_all_zeros_safety_po_6, File "HOME/tests/java/AllZeros.java", line 48, characters 18-30 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5269,7 +5197,7 @@ (IMPLIES (EQ k0 result2) (<= 0 (- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 k))))))))))))))))))))))))) -;; AllZeros_all_zeros_safety_po_7, File "HOME/tests/java/AllZeros.java", line 46, characters 18-30 +;; AllZeros_all_zeros_safety_po_7, File "HOME/tests/java/AllZeros.java", line 48, characters 18-30 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -5306,13 +5234,13 @@ (< (- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 k0)) (- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 k))))))))))))))))))))))))) -;; AllZeros_should_not_be_proved_safety_po_1, File "why/AllZeros.why", line 916, characters 37-172 +;; AllZeros_should_not_be_proved_safety_po_1, File "why/AllZeros.why", line 784, characters 37-172 (FORALL (t) (FORALL (Object_alloc_table) (IMPLIES (left_valid_struct_intM t 0 Object_alloc_table) (>= (offset_max Object_alloc_table t) (- 0 1))))) -;; AllZeros_should_not_be_proved_safety_po_2, File "HOME/tests/java/AllZeros.java", line 33, characters 8-16 +;; AllZeros_should_not_be_proved_safety_po_2, File "HOME/tests/java/AllZeros.java", line 35, characters 8-16 (FORALL (t) (FORALL (Object_alloc_table) (IMPLIES (left_valid_struct_intM t 0 Object_alloc_table) @@ -6291,7 +6219,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -6329,6 +6257,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -6341,6 +6273,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -6373,6 +6309,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -6434,6 +6375,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -6482,6 +6427,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -6526,36 +6476,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_AllZeros(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -6600,22 +6520,21 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> - ("JC_66": ("JC_63": ("JC_63": (0 <= integer_of_int32(result))))) + ("JC_74": ("JC_71": (0 <= integer_of_int32(result)))) goal AllZeros_all_zeros_ensures_default_po_2: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> - ("JC_66": - ("JC_64": - ("JC_64": (integer_of_int32(result) <= (offset_max(Object_alloc_table, - t_0) + 1))))) + ("JC_74": + ("JC_72": (integer_of_int32(result) <= (offset_max(Object_alloc_table, + t_0) + 1)))) goal AllZeros_all_zeros_ensures_default_po_3: forall t_0:Object pointer. @@ -6623,15 +6542,13 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> - ("JC_66": - ("JC_65": - ("JC_65": - (forall i_0:int. - (((0 <= i_0) and (i_0 < integer_of_int32(result))) -> - (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0)))))) + forall i_0:int. + ((0 <= i_0) and (i_0 < integer_of_int32(result))) -> + ("JC_74": + ("JC_73": (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))) goal AllZeros_all_zeros_ensures_default_po_4: forall t_0:Object pointer. @@ -6639,20 +6556,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -6664,7 +6581,7 @@ (return = true) -> forall i:int. ((0 <= i) and (i < (offset_max(Object_alloc_table, t_0) + 1))) -> - ("JC_47": (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0)) + ("JC_55": (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0)) goal AllZeros_all_zeros_ensures_default_po_5: forall t_0:Object pointer. @@ -6672,20 +6589,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -6697,7 +6614,7 @@ (forall i:int. (((0 <= i) and (i < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0))) -> - ("JC_47": (return = true)) + ("JC_55": (return = true)) goal AllZeros_all_zeros_ensures_default_po_6: forall t_0:Object pointer. @@ -6705,20 +6622,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -6729,7 +6646,7 @@ (integer_of_int32(result2) = (integer_of_int32(k) + 1)) -> forall k0:int32. (k0 = result2) -> - ("JC_66": ("JC_63": ("JC_63": (0 <= integer_of_int32(k0))))) + ("JC_74": ("JC_71": (0 <= integer_of_int32(k0)))) goal AllZeros_all_zeros_ensures_default_po_7: forall t_0:Object pointer. @@ -6737,20 +6654,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -6761,10 +6678,9 @@ (integer_of_int32(result2) = (integer_of_int32(k) + 1)) -> forall k0:int32. (k0 = result2) -> - ("JC_66": - ("JC_64": - ("JC_64": (integer_of_int32(k0) <= (offset_max(Object_alloc_table, - t_0) + 1))))) + ("JC_74": + ("JC_72": (integer_of_int32(k0) <= (offset_max(Object_alloc_table, + t_0) + 1)))) goal AllZeros_all_zeros_ensures_default_po_8: forall t_0:Object pointer. @@ -6772,20 +6688,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -6796,12 +6712,10 @@ (integer_of_int32(result2) = (integer_of_int32(k) + 1)) -> forall k0:int32. (k0 = result2) -> - ("JC_66": - ("JC_65": - ("JC_65": - (forall i_0:int. - (((0 <= i_0) and (i_0 < integer_of_int32(k0))) -> - (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0)))))) + forall i_0:int. + ((0 <= i_0) and (i_0 < integer_of_int32(k0))) -> + ("JC_74": + ("JC_73": (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))) goal AllZeros_all_zeros_ensures_default_po_9: forall t_0:Object pointer. @@ -6809,20 +6723,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) >= result0) -> @@ -6831,7 +6745,7 @@ (return = true) -> forall i:int. ((0 <= i) and (i < (offset_max(Object_alloc_table, t_0) + 1))) -> - ("JC_47": (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0)) + ("JC_55": (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0)) goal AllZeros_all_zeros_ensures_default_po_10: forall t_0:Object pointer. @@ -6839,20 +6753,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_66": - (("JC_63": (0 <= integer_of_int32(k))) and - (("JC_64": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_74": + (("JC_71": (0 <= integer_of_int32(k))) and + (("JC_72": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_65": + ("JC_73": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) >= result0) -> @@ -6861,7 +6775,7 @@ (forall i:int. (((0 <= i) and (i < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, i))) = 0))) -> - ("JC_47": (return = true)) + ("JC_55": (return = true)) goal AllZeros_all_zeros_safety_po_1: forall t_0:Object pointer. @@ -6869,16 +6783,16 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> @@ -6890,22 +6804,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -6917,22 +6831,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -6944,22 +6858,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -6976,22 +6890,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -7008,22 +6922,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -7038,7 +6952,7 @@ (integer_of_int32(result2) = (integer_of_int32(k) + 1)) -> forall k0:int32. (k0 = result2) -> - (0 <= ("JC_62": ((offset_max(Object_alloc_table, + (0 <= ("JC_70": ((offset_max(Object_alloc_table, t_0) + 1) - integer_of_int32(k)))) goal AllZeros_all_zeros_safety_po_7: @@ -7047,22 +6961,22 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_45": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_53": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall k:int32. - ("JC_56": true) -> - ("JC_54": - (("JC_51": (0 <= integer_of_int32(k))) and - (("JC_52": (integer_of_int32(k) <= (offset_max(Object_alloc_table, + ("JC_64": true) -> + ("JC_62": + (("JC_59": (0 <= integer_of_int32(k))) and + (("JC_60": (integer_of_int32(k) <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_53": + ("JC_61": (forall i_0:int. (((0 <= i_0) and (i_0 < integer_of_int32(k))) -> (integer_of_int32(select(intM_intP, shift(t_0, i_0))) = 0))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (integer_of_int32(k) < result0) -> @@ -7077,8 +6991,8 @@ (integer_of_int32(result2) = (integer_of_int32(k) + 1)) -> forall k0:int32. (k0 = result2) -> - (("JC_62": ((offset_max(Object_alloc_table, - t_0) + 1) - integer_of_int32(k0))) < ("JC_62": + (("JC_70": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(k0))) < ("JC_70": ((offset_max(Object_alloc_table, t_0) + 1) - integer_of_int32(k)))) @@ -7094,7 +7008,7 @@ left_valid_struct_intM(t, 0, Object_alloc_table) -> (offset_max(Object_alloc_table, t) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> ((-2147483648) <= result) diff -Nru why-2.29+dfsg/tests/java/oracle/ArrayMax.res.oracle why-2.30+dfsg/tests/java/oracle/ArrayMax.res.oracle --- why-2.29+dfsg/tests/java/oracle/ArrayMax.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/ArrayMax.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,9234 @@ +========== file tests/java/ArrayMax.java ========== +/* +COST Verification Competition. vladimir@cost-ic0701.org + +Challenge 1: Maximum in an array + +Given: A non-empty integer array a. + +Verify that the index returned by the method max() given below points to +an element maximal in the array. + +*/ + +/*@ axiomatic integer_max { + @ logic integer max(integer x, integer y); + @ axiom max_is_ge : \forall integer x y; max(x,y) >= x && max(x,y) >= y; + @ axiom max_is_some : \forall integer x y; max(x,y) == x || max(x,y) == y; + @ } + @*/ + +public class ArrayMax { + + + /*@ requires a.length > 0; + @ ensures 0 <= \result < a.length && + @ \forall integer i; 0 <= i < a.length ==> a[i] <= a[\result]; + @*/ + public static int max(int[] a) { + int x = 0; + int y = a.length-1; + /*@ loop_invariant 0 <= x <= y < a.length && + @ \forall integer i; + @ 0 <= i < x || y < i < a.length ==> + @ a[i] <= max(a[x],a[y]); + @ loop_variant y - x; + @*/ + while (x != y) { + if (a[x] <= a[y]) x++; + else y--; + } + return x; + } + +} + +/* +Local Variables: +compile-command: "make ArrayMax.why3ml" +End: +*/ + +========== krakatoa execution ========== +Parsing OK. +Typing OK. +Generating JC function ArrayMax_max for method ArrayMax.max +Generating JC function cons_ArrayMax for constructor ArrayMax +Done. +========== file tests/java/ArrayMax.jc ========== +# InvariantPolicy = Arguments +# TerminationPolicy = always +# SeparationPolicy = None +# AnnotationPolicy = None +# AbstractDomain = None + +type byte = -128..127 + +type short = -32768..32767 + +type int32 = -2147483648..2147483647 + +type long = -9223372036854775808..9223372036854775807 + +type char = 0..65535 + +predicate Non_null_intM{Here}(intM[0..] x) = +(\offset_max(x) >= -1) + +predicate Non_null_Object{Here}(Object[0..] x) = +(\offset_max(x) >= 0) + +String[0..] any_string() +; + +tag Object = { +} + +tag String = Object with { +} + +tag Throwable = Object with { +} + +tag Exception = Object with { +} + +tag ArrayMax = Object with { +} + +type Object = [Object] + +type interface = [interface] + +tag interface = { +} + +tag intM = Object with { + int32 intP; +} + +boolean non_null_intM(! intM[0..] x) +behavior default: + assigns \nothing; + ensures (if \result then (\offset_max(x) >= -1) else (x == null)); +; + +integer java_array_length_intM(! intM[0..-1] x) +behavior default: + assigns \nothing; + ensures ((\result <= 2147483647) && + ((\result >= 0) && (\result == (\offset_max(x) + 1)))); +; + +boolean non_null_Object(! Object[0..] x) +behavior normal: + ensures (if \result then (\offset_max(x) == 0) else (x == null)); +; + +axiomatic integer_max { + + logic integer max(integer x, integer y) + + axiom max_is_some : + (\forall integer x_1; + (\forall integer y_1; + ((max(x_1, y_1) == x_1) || (max(x_1, y_1) == y_1)))) + + axiom max_is_ge : + (\forall integer x_0; + (\forall integer y_0; + ((max(x_0, y_0) >= x_0) && (max(x_0, y_0) >= y_0)))) + +} + +exception Throwable of Throwable[0..] + +exception Exception of Exception[0..] + +int32 ArrayMax_max(intM[0..] a) + requires (K_6 : ((\offset_max(a) + 1) > 0)); +behavior default: + ensures (K_5 : ((K_4 : ((K_3 : (0 <= \result)) && + (K_2 : (\result < (\offset_max(a) + 1))))) && + (K_1 : (\forall integer i; + (((0 <= i) && (i < (\offset_max(a) + 1))) ==> + ((a + i).intP <= (a + \result).intP)))))); +{ + { + (var int32 x_2 = (K_23 : 0)); + + { + (var int32 y_2 = (K_22 : (((K_21 : java_array_length_intM(a)) - 1) :> int32))); + + { + loop + behavior default: + invariant (K_13 : ((K_12 : ((K_11 : ((K_10 : (0 <= x_2)) && + (K_9 : (x_2 <= y_2)))) && + (K_8 : (y_2 < + (\offset_max(a) + 1))))) && + (K_7 : (\forall integer i_0; + ((((0 <= i_0) && (i_0 < x_2)) || + ((y_2 < i_0) && + (i_0 < (\offset_max(a) + 1)))) ==> + ((a + i_0).intP <= + max((a + x_2).intP, + (a + y_2).intP))))))); + variant (K_14 : (y_2 - x_2)); + while ((K_20 : (x_2 != y_2))) + { (if (K_19 : ((K_17 : (a + x_2).intP) <= + (K_18 : (a + y_2).intP))) then (K_16 : (x_2 ++)) else + (K_15 : (y_2 --))) + }; + + (return x_2) + } + } + } +} + +unit cons_ArrayMax(! ArrayMax[0] this_0){()} + +/* +Local Variables: +mode: java +compile-command: "jessie -why-opt -split-user-conj -locs tests/java/ArrayMax.jloc tests/java/ArrayMax.jc && make -f tests/java/ArrayMax.makefile gui" +End: +*/ +========== file tests/java/ArrayMax.jloc ========== +[K_10] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 27 +end = 33 + +[K_11] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 27 +end = 38 + +[K_12] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 27 +end = 49 + +[K_13] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 27 +end = 186 + +[K_14] +file = "HOME/tests/java/ArrayMax.java" +line = 34 +begin = 25 +end = 30 + +[K_15] +file = "HOME/tests/java/ArrayMax.java" +line = 38 +begin = 21 +end = 24 + +[ArrayMax_max] +name = "Method max" +file = "HOME/tests/java/ArrayMax.java" +line = 27 +begin = 22 +end = 25 + +[K_16] +file = "HOME/tests/java/ArrayMax.java" +line = 37 +begin = 30 +end = 33 + +[K_17] +file = "HOME/tests/java/ArrayMax.java" +line = 37 +begin = 16 +end = 20 + +[cons_ArrayMax] +name = "Constructor of class ArrayMax" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[K_18] +file = "HOME/tests/java/ArrayMax.java" +line = 37 +begin = 24 +end = 28 + +[K_19] +file = "HOME/tests/java/ArrayMax.java" +line = 37 +begin = 16 +end = 28 + +[K_20] +file = "HOME/tests/java/ArrayMax.java" +line = 36 +begin = 15 +end = 21 + +[K_21] +file = "HOME/tests/java/ArrayMax.java" +line = 29 +begin = 16 +end = 24 + +[K_22] +file = "HOME/tests/java/ArrayMax.java" +line = 29 +begin = 16 +end = 26 + +[K_23] +file = "HOME/tests/java/ArrayMax.java" +line = 28 +begin = 16 +end = 17 + +[K_1] +file = "HOME/tests/java/ArrayMax.java" +line = 25 +begin = 10 +end = 69 + +[K_2] +file = "HOME/tests/java/ArrayMax.java" +line = 24 +begin = 21 +end = 39 + +[K_3] +file = "HOME/tests/java/ArrayMax.java" +line = 24 +begin = 16 +end = 28 + +[K_4] +file = "HOME/tests/java/ArrayMax.java" +line = 24 +begin = 16 +end = 39 + +[K_5] +file = "HOME/tests/java/ArrayMax.java" +line = 24 +begin = 16 +end = 112 + +[K_6] +file = "HOME/tests/java/ArrayMax.java" +line = 23 +begin = 17 +end = 29 + +[K_7] +file = "HOME/tests/java/ArrayMax.java" +line = 31 +begin = 17 +end = 133 + +[K_8] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 37 +end = 49 + +[K_9] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 32 +end = 38 + +[max_is_ge] +name = "Lemma max_is_ge" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[max_is_some] +name = "Lemma max_is_some" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +========== jessie execution ========== +Generating Why function ArrayMax_max +Generating Why function cons_ArrayMax +========== file tests/java/ArrayMax.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs ArrayMax.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs ArrayMax.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/ArrayMax_why.sx + +project: why/ArrayMax.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/ArrayMax_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/ArrayMax_why.vo + +coq/ArrayMax_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/ArrayMax_why.v: why/ArrayMax.why + @echo 'why -coq [...] why/ArrayMax.why' && $(WHY) $(JESSIELIBFILES) why/ArrayMax.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/ArrayMax_ctx_why.vo + for f in why/*_po*.why; do make -f ArrayMax.makefile coq/`basename $$f .why`_why.v ; done + +coq/ArrayMax_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/ArrayMax_ctx_why.v: why/ArrayMax_ctx.why + @echo 'why -coq [...] why/ArrayMax_ctx.why' && $(WHY) why/ArrayMax_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export ArrayMax_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/ArrayMax_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/ArrayMax_ctx_why.vo + +pvs: pvs/ArrayMax_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/ArrayMax_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/ArrayMax_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/ArrayMax_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/ArrayMax_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/ArrayMax_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/ArrayMax_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/ArrayMax_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/ArrayMax_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/ArrayMax_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/ArrayMax_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/ArrayMax_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/ArrayMax_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/ArrayMax_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/ArrayMax_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: ArrayMax.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/ArrayMax_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/ArrayMax_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: ArrayMax.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include ArrayMax.depend + +depend: coq/ArrayMax_why.v + -$(COQDEP) -I coq coq/ArrayMax*_why.v > ArrayMax.depend + +clean: + rm -f coq/*.vo + +========== file tests/java/ArrayMax.loc ========== +[JC_40] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_41] +file = "HOME/tests/java/ArrayMax.java" +line = 23 +begin = 17 +end = 29 + +[JC_42] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_43] +file = "HOME/tests/java/ArrayMax.java" +line = 24 +begin = 16 +end = 28 + +[JC_44] +file = "HOME/tests/java/ArrayMax.java" +line = 24 +begin = 21 +end = 39 + +[JC_45] +file = "HOME/tests/java/ArrayMax.java" +line = 25 +begin = 10 +end = 69 + +[JC_46] +file = "HOME/tests/java/ArrayMax.java" +line = 24 +begin = 16 +end = 112 + +[JC_1] +file = "HOME/tests/java/ArrayMax.jc" +line = 23 +begin = 12 +end = 22 + +[JC_47] +file = "HOME/tests/java/ArrayMax.java" +line = 24 +begin = 16 +end = 28 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_48] +file = "HOME/tests/java/ArrayMax.java" +line = 24 +begin = 21 +end = 39 + +[JC_3] +file = "HOME/tests/java/ArrayMax.jc" +line = 23 +begin = 12 +end = 22 + +[JC_49] +file = "HOME/tests/java/ArrayMax.java" +line = 25 +begin = 10 +end = 69 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_6] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_7] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_9] +file = "HOME/tests/java/ArrayMax.jc" +line = 52 +begin = 8 +end = 21 + +[JC_50] +file = "HOME/tests/java/ArrayMax.java" +line = 24 +begin = 16 +end = 112 + +[cons_ArrayMax_ensures_default] +name = "Constructor of class ArrayMax" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_51] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_52] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_53] +kind = UserCall +file = "HOME/tests/java/ArrayMax.java" +line = 29 +begin = 16 +end = 24 + +[JC_54] +kind = IndexBounds +file = "HOME/tests/java/ArrayMax.java" +line = 29 +begin = 16 +end = 24 + +[JC_55] +kind = ArithOverflow +file = "HOME/tests/java/ArrayMax.java" +line = 29 +begin = 16 +end = 26 + +[JC_56] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 27 +end = 33 + +[JC_57] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 32 +end = 38 + +[JC_58] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 37 +end = 49 + +[JC_59] +file = "HOME/tests/java/ArrayMax.java" +line = 31 +begin = 17 +end = 133 + +[JC_60] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 27 +end = 186 + +[JC_61] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_62] +file = "HOME/tests/java/ArrayMax.jc" +line = 106 +begin = 12 +end = 1096 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_63] +file = "HOME/tests/java/ArrayMax.jc" +line = 106 +begin = 12 +end = 1096 + +[JC_11] +file = "HOME/tests/java/ArrayMax.jc" +line = 52 +begin = 8 +end = 21 + +[JC_64] +kind = PointerDeref +file = "HOME/tests/java/ArrayMax.java" +line = 37 +begin = 16 +end = 20 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_65] +kind = PointerDeref +file = "HOME/tests/java/ArrayMax.java" +line = 37 +begin = 24 +end = 28 + +[JC_13] +file = "HOME/tests/java/ArrayMax.jc" +line = 55 +begin = 11 +end = 66 + +[JC_66] +kind = ArithOverflow +file = "HOME/tests/java/ArrayMax.jc" +line = 122 +begin = 69 +end = 75 + +[JC_14] +file = "HOME/tests/java/ArrayMax.jc" +line = 54 +begin = 10 +end = 18 + +[JC_67] +kind = ArithOverflow +file = "HOME/tests/java/ArrayMax.jc" +line = 123 +begin = 24 +end = 30 + +[JC_15] +file = "HOME/tests/java/ArrayMax.jc" +line = 55 +begin = 11 +end = 66 + +[JC_68] +file = "HOME/tests/java/ArrayMax.java" +line = 34 +begin = 25 +end = 30 + +[JC_16] +file = "HOME/tests/java/ArrayMax.jc" +line = 54 +begin = 10 +end = 18 + +[max_is_ge] +name = "Lemma max_is_ge" +behavior = "axiom" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[JC_69] +kind = UserCall +file = "HOME/tests/java/ArrayMax.java" +line = 29 +begin = 16 +end = 24 + +[JC_17] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_18] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_19] +file = "HOME/tests/java/ArrayMax.jc" +line = 58 +begin = 8 +end = 30 + +[cons_ArrayMax_safety] +name = "Constructor of class ArrayMax" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_70] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 27 +end = 33 + +[JC_71] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 32 +end = 38 + +[JC_72] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 37 +end = 49 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_73] +file = "HOME/tests/java/ArrayMax.java" +line = 31 +begin = 17 +end = 133 + +[JC_21] +file = "HOME/tests/java/ArrayMax.jc" +line = 58 +begin = 8 +end = 30 + +[JC_74] +file = "HOME/tests/java/ArrayMax.java" +line = 30 +begin = 27 +end = 186 + +[JC_22] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_75] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_23] +file = "HOME/tests/java/ArrayMax.jc" +line = 61 +begin = 11 +end = 103 + +[JC_76] +file = "HOME/tests/java/ArrayMax.jc" +line = 106 +begin = 12 +end = 1096 + +[JC_24] +file = "HOME/tests/java/ArrayMax.jc" +line = 60 +begin = 10 +end = 18 + +[JC_77] +file = "HOME/tests/java/ArrayMax.jc" +line = 106 +begin = 12 +end = 1096 + +[JC_25] +file = "HOME/tests/java/ArrayMax.jc" +line = 61 +begin = 11 +end = 103 + +[JC_78] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_26] +file = "HOME/tests/java/ArrayMax.jc" +line = 60 +begin = 10 +end = 18 + +[JC_79] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[ArrayMax_max_safety] +name = "Method max" +behavior = "Safety" +file = "HOME/tests/java/ArrayMax.java" +line = 27 +begin = 22 +end = 25 + +[JC_27] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_28] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_29] +file = "HOME/tests/java/ArrayMax.jc" +line = 65 +begin = 8 +end = 23 + +[max_is_some] +name = "Lemma max_is_some" +behavior = "axiom" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[ArrayMax_max_ensures_default] +name = "Method max" +behavior = "default behavior" +file = "HOME/tests/java/ArrayMax.java" +line = 27 +begin = 22 +end = 25 + +[JC_80] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_81] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_82] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_30] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_83] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_31] +file = "HOME/tests/java/ArrayMax.jc" +line = 65 +begin = 8 +end = 23 + +[JC_84] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_32] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_85] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_33] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_34] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_35] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_36] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_37] +file = "HOME/tests/java/ArrayMax.jc" +line = 67 +begin = 11 +end = 65 + +[JC_38] +file = "HOME/tests/java/ArrayMax.jc" +line = 67 +begin = 11 +end = 65 + +[JC_39] +file = "HOME/tests/java/ArrayMax.java" +line = 23 +begin = 17 +end = 29 + +========== file tests/java/why/ArrayMax.why ========== +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic ArrayMax_tag: -> Object tag_id + +logic Object_tag: -> Object tag_id + +axiom ArrayMax_parenttag_Object : parenttag(ArrayMax_tag, Object_tag) + +logic Exception_tag: -> Object tag_id + +axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) + +predicate Non_null_Object(x_1:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_1), (0)) + +predicate Non_null_intM(x_0:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_0), neg_int((1))) + +axiom Object_int : (int_of_tag(Object_tag) = (1)) + +logic Object_of_pointer_address: unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr : + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom : parenttag(Object_tag, bottom_tag) + +axiom Object_tags : + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. + instanceof(Object_tag_table, x, Object_tag))) + +logic String_tag: -> Object tag_id + +axiom String_parenttag_Object : parenttag(String_tag, Object_tag) + +logic Throwable_tag: -> Object tag_id + +axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) + +logic integer_of_byte: byte -> int + +logic byte_of_integer: int -> byte + +axiom byte_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_byte(byte_of_integer(x)), x))) + +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + +axiom byte_range : + (forall x:byte. + (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) + +logic integer_of_char: char -> int + +logic char_of_integer: int -> char + +axiom char_coerce : + (forall x:int. + ((le_int((0), x) and le_int(x, (65535))) -> + eq_int(integer_of_char(char_of_integer(x)), x))) + +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + +axiom char_range : + (forall x:char. + (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) + +predicate eq_byte(x:byte, y:byte) = + eq_int(integer_of_byte(x), integer_of_byte(y)) + +predicate eq_char(x:char, y:char) = + eq_int(integer_of_char(x), integer_of_char(y)) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_long: long -> int + +predicate eq_long(x:long, y:long) = + eq_int(integer_of_long(x), integer_of_long(y)) + +logic integer_of_short: short -> int + +predicate eq_short(x:short, y:short) = + eq_int(integer_of_short(x), integer_of_short(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic intM_tag: -> Object tag_id + +axiom intM_parenttag_Object : parenttag(intM_tag, Object_tag) + +logic interface_tag: -> interface tag_id + +axiom interface_int : (int_of_tag(interface_tag) = (1)) + +logic interface_of_pointer_address: unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr : + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom : parenttag(interface_tag, bottom_tag) + +axiom interface_tags : + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + (offset_min(Object_alloc_table, p) <= a) + +predicate left_valid_struct_ArrayMax(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_Exception(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_String(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_Throwable(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_intM(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_interface(p:interface pointer, a:int, + interface_alloc_table:interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +logic long_of_integer: int -> long + +axiom long_coerce : + (forall x:int. + ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> + eq_int(integer_of_long(long_of_integer(x)), x))) + +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + +axiom long_range : + (forall x:long. + (le_int((-9223372036854775808), integer_of_long(x)) + and le_int(integer_of_long(x), (9223372036854775807)))) + +logic max: int, int -> int + +axiom pointer_addr_of_Object_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address : + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + (offset_max(Object_alloc_table, p) >= b) + +predicate right_valid_struct_ArrayMax(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_Exception(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_String(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_Throwable(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_intM(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_interface(p:interface pointer, b:int, + interface_alloc_table:interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer: int -> short + +axiom short_coerce : + (forall x:int. + ((le_int((-32768), x) and le_int(x, (32767))) -> + eq_int(integer_of_short(short_of_integer(x)), x))) + +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + +axiom short_range : + (forall x:short. + (le_int((-32768), integer_of_short(x)) + and le_int(integer_of_short(x), (32767)))) + +predicate strict_valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_ArrayMax(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_intM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_ArrayMax(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_intM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +axiom max_is_some : + (forall x_1_0:int. + (forall y_1:int. ((max(x_1_0, y_1) = x_1_0) or (max(x_1_0, y_1) = y_1)))) + +axiom max_is_ge : + (forall x_0_0:int. + (forall y_0:int. + (ge_int(max(x_0_0, y_0), x_0_0) and ge_int(max(x_0_0, y_0), y_0)))) + +parameter Object_alloc_table : Object alloc_table ref + +parameter intM_intP : (Object, int32) memory ref + +parameter ArrayMax_max : + a:Object pointer -> + { } int32 reads Object_alloc_table,intM_intP + { (JC_50: + ((JC_47: le_int((0), integer_of_int32(result))) + and ((JC_48: + lt_int(integer_of_int32(result), + add_int(offset_max(Object_alloc_table, a), (1)))) + and (JC_49: + (forall i:int. + ((le_int((0), i) + and lt_int(i, add_int(offset_max(Object_alloc_table, a), (1)))) -> + le_int(integer_of_int32(select(intM_intP, shift(a, i))), + integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(result))))))))))) } + +parameter ArrayMax_max_requires : + a:Object pointer -> + { (JC_39: gt_int(add_int(offset_max(Object_alloc_table, a), (1)), (0)))} + int32 reads Object_alloc_table,intM_intP + { (JC_50: + ((JC_47: le_int((0), integer_of_int32(result))) + and ((JC_48: + lt_int(integer_of_int32(result), + add_int(offset_max(Object_alloc_table, a), (1)))) + and (JC_49: + (forall i:int. + ((le_int((0), i) + and lt_int(i, add_int(offset_max(Object_alloc_table, a), (1)))) -> + le_int(integer_of_int32(select(intM_intP, shift(a, i))), + integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(result))))))))))) } + +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +parameter Object_tag_table : Object tag_table ref + +exception Return_label_exc of unit + +exception Throwable_exc of Object pointer + +parameter alloc_struct_ArrayMax : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_ArrayMax(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, ArrayMax_tag)))) } + +parameter alloc_struct_ArrayMax_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_ArrayMax(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, ArrayMax_tag)))) } + +parameter alloc_struct_Exception : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Exception_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Object : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_Object_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_String : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_String_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_Throwable : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_Throwable_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_intM : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_intM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, intM_tag)))) } + +parameter alloc_struct_intM_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_intM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, intM_tag)))) } + +parameter interface_alloc_table : interface alloc_table ref + +parameter interface_tag_table : interface tag_table ref + +parameter alloc_struct_interface : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { } interface pointer writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter alloc_struct_interface_requires : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { ge_int(n, (0))} interface pointer + writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter any_byte : unit -> { } byte { true } + +parameter any_char : unit -> { } char { true } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_long : unit -> { } long { true } + +parameter any_short : unit -> { } short { true } + +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + +parameter byte_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} byte + { eq_int(integer_of_byte(result), x) } + +parameter char_of_integer_ : + x:int -> + { (le_int((0), x) and le_int(x, (65535)))} char + { eq_int(integer_of_char(result), x) } + +parameter cons_ArrayMax : + this_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_ArrayMax_requires : + this_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter java_array_length_intM : + x_3:Object pointer -> + { } int reads Object_alloc_table + { (JC_25: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + +parameter java_array_length_intM_requires : + x_3:Object pointer -> + { } int reads Object_alloc_table + { (JC_25: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + +parameter long_of_integer_ : + x:int -> + { (le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807)))} + long { eq_int(integer_of_long(result), x) } + +parameter non_null_Object : + x_4:Object pointer -> + { } bool reads Object_alloc_table + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) + else (x_4 = null))) } + +parameter non_null_Object_requires : + x_4:Object pointer -> + { } bool reads Object_alloc_table + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) + else (x_4 = null))) } + +parameter non_null_intM : + x_2:Object pointer -> + { } bool reads Object_alloc_table + { (JC_15: + (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) + else (x_2 = null))) } + +parameter non_null_intM_requires : + x_2:Object pointer -> + { } bool reads Object_alloc_table + { (JC_15: + (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) + else (x_2 = null))) } + +parameter safe_byte_of_integer_ : + x:int -> { } byte { eq_int(integer_of_byte(result), x) } + +parameter safe_char_of_integer_ : + x:int -> { } char { eq_int(integer_of_char(result), x) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_long_of_integer_ : + x:int -> { } long { eq_int(integer_of_long(result), x) } + +parameter safe_short_of_integer_ : + x:int -> { } short { eq_int(integer_of_short(result), x) } + +parameter short_of_integer_ : + x:int -> + { (le_int((-32768), x) and le_int(x, (32767)))} short + { eq_int(integer_of_short(result), x) } + +let ArrayMax_max_ensures_default = + fun (a : Object pointer) -> + { (left_valid_struct_intM(a, (0), Object_alloc_table) + and (JC_41: gt_int(add_int(offset_max(Object_alloc_table, a), (1)), (0)))) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let x_2_0 = ref (safe_int32_of_integer_ (K_23: (0))) in + (let y_2 = + ref (K_22: + (safe_int32_of_integer_ ((sub_int (K_21: + (let jessie_ = a in + (JC_69: + (java_array_length_intM jessie_))))) (1)))) in + begin + try + (loop_2: + while true do + { invariant + (JC_74: + ((JC_70: le_int((0), integer_of_int32(x_2_0))) + and ((JC_71: + le_int(integer_of_int32(x_2_0), integer_of_int32(y_2))) + and ((JC_72: + lt_int(integer_of_int32(y_2), + add_int(offset_max(Object_alloc_table, a), (1)))) + and (JC_73: + (forall i_0:int. + (((le_int((0), i_0) + and lt_int(i_0, integer_of_int32(x_2_0))) + or (lt_int(integer_of_int32(y_2), i_0) + and lt_int(i_0, + add_int(offset_max(Object_alloc_table, a), + (1))))) -> + le_int(integer_of_int32(select(intM_intP, + shift(a, i_0))), + max(integer_of_int32(select(intM_intP, + shift(a, + integer_of_int32(x_2_0)))), + integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) + } + begin + [ { } unit { true } ]; + try + begin + (if (K_20: + ((neq_int_ (integer_of_int32 !x_2_0)) (integer_of_int32 !y_2))) + then + (let jessie_ = + (if (K_19: + ((le_int_ (integer_of_int32 (K_17: + ((safe_acc_ !intM_intP) + ((shift a) (integer_of_int32 !x_2_0)))))) + (integer_of_int32 (K_18: + ((safe_acc_ !intM_intP) ((shift a) + (integer_of_int32 !y_2))))))) + then + (K_16: + (let jessie_ = !x_2_0 in + begin + (let jessie_ = + (x_2_0 := (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end)) + else + (K_15: + (let jessie_ = !y_2 in + begin + (let jessie_ = + (y_2 := (safe_int32_of_integer_ ((sub_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end))) in void) + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done) with + Loop_exit_exc jessie_ -> void end; (return := !x_2_0); + (raise Return) end)); absurd end with Return -> !return end)) + { (JC_46: + ((JC_43: le_int((0), integer_of_int32(result))) + and ((JC_44: + lt_int(integer_of_int32(result), + add_int(offset_max(Object_alloc_table, a), (1)))) + and (JC_45: + (forall i:int. + ((le_int((0), i) + and lt_int(i, add_int(offset_max(Object_alloc_table, a), (1)))) -> + le_int(integer_of_int32(select(intM_intP, shift(a, i))), + integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(result))))))))))) } + +let ArrayMax_max_safety = + fun (a : Object pointer) -> + { (left_valid_struct_intM(a, (0), Object_alloc_table) + and (JC_41: gt_int(add_int(offset_max(Object_alloc_table, a), (1)), (0)))) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let x_2_0 = ref (safe_int32_of_integer_ (K_23: (0))) in + (let y_2 = + ref (K_22: + (JC_55: + (int32_of_integer_ ((sub_int (K_21: + (let jessie_ = a in + (JC_54: + (assert + { ge_int(offset_max(Object_alloc_table, + jessie_), + (-1)) }; + (JC_53: + (java_array_length_intM_requires jessie_))))))) (1))))) in + begin + try + (loop_1: + while true do + { invariant (JC_62: true) + variant (JC_68 : sub_int(integer_of_int32(y_2), + integer_of_int32(x_2_0))) } + begin + [ { } unit reads Object_alloc_table,intM_intP,x_2_0,y_2 + { (JC_60: + ((JC_56: le_int((0), integer_of_int32(x_2_0))) + and ((JC_57: + le_int(integer_of_int32(x_2_0), integer_of_int32(y_2))) + and ((JC_58: + lt_int(integer_of_int32(y_2), + add_int(offset_max(Object_alloc_table, a), (1)))) + and (JC_59: + (forall i_0:int. + (((le_int((0), i_0) + and lt_int(i_0, integer_of_int32(x_2_0))) + or (lt_int(integer_of_int32(y_2), i_0) + and lt_int(i_0, + add_int(offset_max(Object_alloc_table, a), + (1))))) -> + le_int(integer_of_int32(select(intM_intP, + shift(a, i_0))), + max(integer_of_int32(select(intM_intP, + shift(a, + integer_of_int32(x_2_0)))), + integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) } ]; + try + begin + (if (K_20: + ((neq_int_ (integer_of_int32 !x_2_0)) (integer_of_int32 !y_2))) + then + (let jessie_ = + (if (K_19: + ((le_int_ (integer_of_int32 (K_17: + (JC_64: + ((((offset_acc_ !Object_alloc_table) !intM_intP) a) + (integer_of_int32 !x_2_0)))))) + (integer_of_int32 (K_18: + (JC_65: + ((((offset_acc_ !Object_alloc_table) !intM_intP) a) + (integer_of_int32 !y_2))))))) + then + (K_16: + (let jessie_ = !x_2_0 in + begin + (let jessie_ = + (x_2_0 := (JC_66: + (int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1))))) in + void); jessie_ end)) + else + (K_15: + (let jessie_ = !y_2 in + begin + (let jessie_ = + (y_2 := (JC_67: + (int32_of_integer_ ((sub_int (integer_of_int32 jessie_)) (1))))) in + void); jessie_ end))) in void) + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done) with + Loop_exit_exc jessie_ -> void end; (return := !x_2_0); + (raise Return) end)); absurd end with Return -> !return end)) + { true } + +let cons_ArrayMax_ensures_default = + fun (this_0 : Object pointer) -> + { valid_struct_ArrayMax(this_0, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_82: true) } + +let cons_ArrayMax_safety = + fun (this_0 : Object pointer) -> + { valid_struct_ArrayMax(this_0, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + + +========== make project execution ========== +why --project [...] why/ArrayMax.why +========== file tests/java/why/ArrayMax.wpr ========== + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +========== file tests/java/why/ArrayMax_ctx.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic ArrayMax_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom ArrayMax_parenttag_Object: parenttag(ArrayMax_tag, Object_tag) + +logic Exception_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +predicate Non_null_Object(x_1: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_1) >= 0) + +predicate Non_null_intM(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= (-1)) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic intM_tag : Object tag_id + +axiom intM_parenttag_Object: parenttag(intM_tag, Object_tag) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_ArrayMax(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_intM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +logic long_of_integer : int -> long + +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) + +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) + +logic max : int, int -> int + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_ArrayMax(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_intM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_ArrayMax(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_ArrayMax(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +axiom max_is_some: + (forall x_1_0:int. + (forall y_1:int. ((max(x_1_0, y_1) = x_1_0) or (max(x_1_0, y_1) = y_1)))) + +axiom max_is_ge: + (forall x_0_0:int. + (forall y_0:int. + ((max(x_0_0, y_0) >= x_0_0) and (max(x_0_0, y_0) >= y_0)))) + +========== file tests/java/why/ArrayMax_po1.why ========== +goal ArrayMax_max_ensures_default_po_1: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + ("JC_74": ("JC_70": (0 <= integer_of_int32(result)))) + +========== file tests/java/why/ArrayMax_po10.why ========== +goal ArrayMax_max_ensures_default_po_10: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(y_2) - 1)) -> + forall y_2_0:int32. + (y_2_0 = result4) -> + ("JC_74": + ("JC_72": (integer_of_int32(y_2_0) < (offset_max(Object_alloc_table, + a) + 1)))) + +========== file tests/java/why/ArrayMax_po11.why ========== +goal ArrayMax_max_ensures_default_po_11: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(y_2) - 1)) -> + forall y_2_0:int32. + (y_2_0 = result4) -> + forall i_0:int. + (((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2_0) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + ("JC_74": + ("JC_73": (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(y_2_0)))))))) + +========== file tests/java/why/ArrayMax_po12.why ========== +goal ArrayMax_max_ensures_default_po_12: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) = integer_of_int32(y_2)) -> + forall return:int32. + (return = x_2_0) -> + ("JC_46": ("JC_43": (0 <= integer_of_int32(return)))) + +========== file tests/java/why/ArrayMax_po13.why ========== +goal ArrayMax_max_ensures_default_po_13: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) = integer_of_int32(y_2)) -> + forall return:int32. + (return = x_2_0) -> + ("JC_46": + ("JC_44": (integer_of_int32(return) < (offset_max(Object_alloc_table, + a) + 1)))) + +========== file tests/java/why/ArrayMax_po14.why ========== +goal ArrayMax_max_ensures_default_po_14: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) = integer_of_int32(y_2)) -> + forall return:int32. + (return = x_2_0) -> + forall i:int. + ((0 <= i) and (i < (offset_max(Object_alloc_table, a) + 1))) -> + ("JC_46": + ("JC_45": (integer_of_int32(select(intM_intP, shift(a, + i))) <= integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(return))))))) + +========== file tests/java/why/ArrayMax_po15.why ========== +goal ArrayMax_max_safety_po_1: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) + +========== file tests/java/why/ArrayMax_po16.why ========== +goal ArrayMax_max_safety_po_2: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + ((-2147483648) <= (result0 - 1)) + +========== file tests/java/why/ArrayMax_po17.why ========== +goal ArrayMax_max_safety_po_3: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + ((result0 - 1) <= 2147483647) + +========== file tests/java/why/ArrayMax_po18.why ========== +goal ArrayMax_max_safety_po_4: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + (offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) + +========== file tests/java/why/ArrayMax_po19.why ========== +goal ArrayMax_max_safety_po_5: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a)) + +========== file tests/java/why/ArrayMax_po2.why ========== +goal ArrayMax_max_ensures_default_po_2: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + ("JC_74": + ("JC_71": (integer_of_int32(result) <= integer_of_int32(result1)))) + +========== file tests/java/why/ArrayMax_po20.why ========== +goal ArrayMax_max_safety_po_6: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + (offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) + +========== file tests/java/why/ArrayMax_po21.why ========== +goal ArrayMax_max_safety_po_7: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a)) + +========== file tests/java/why/ArrayMax_po22.why ========== +goal ArrayMax_max_safety_po_8: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + ((-2147483648) <= (integer_of_int32(x_2_0) + 1)) + +========== file tests/java/why/ArrayMax_po23.why ========== +goal ArrayMax_max_safety_po_9: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + ((integer_of_int32(x_2_0) + 1) <= 2147483647) + +========== file tests/java/why/ArrayMax_po24.why ========== +goal ArrayMax_max_safety_po_10: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + (((-2147483648) <= (integer_of_int32(x_2_0) + 1)) and + ((integer_of_int32(x_2_0) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + (0 <= ("JC_68": (integer_of_int32(y_2) - integer_of_int32(x_2_0)))) + +========== file tests/java/why/ArrayMax_po25.why ========== +goal ArrayMax_max_safety_po_11: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + (((-2147483648) <= (integer_of_int32(x_2_0) + 1)) and + ((integer_of_int32(x_2_0) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + (("JC_68": (integer_of_int32(y_2) - integer_of_int32(x_2_0_0))) < ("JC_68": + (integer_of_int32(y_2) - integer_of_int32(x_2_0)))) + +========== file tests/java/why/ArrayMax_po26.why ========== +goal ArrayMax_max_safety_po_12: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + ((-2147483648) <= (integer_of_int32(y_2) - 1)) + +========== file tests/java/why/ArrayMax_po27.why ========== +goal ArrayMax_max_safety_po_13: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + ((integer_of_int32(y_2) - 1) <= 2147483647) + +========== file tests/java/why/ArrayMax_po28.why ========== +goal ArrayMax_max_safety_po_14: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + (((-2147483648) <= (integer_of_int32(y_2) - 1)) and + ((integer_of_int32(y_2) - 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(y_2) - 1)) -> + forall y_2_0:int32. + (y_2_0 = result4) -> + (0 <= ("JC_68": (integer_of_int32(y_2) - integer_of_int32(x_2_0)))) + +========== file tests/java/why/ArrayMax_po29.why ========== +goal ArrayMax_max_safety_po_15: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + (((-2147483648) <= (integer_of_int32(y_2) - 1)) and + ((integer_of_int32(y_2) - 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(y_2) - 1)) -> + forall y_2_0:int32. + (y_2_0 = result4) -> + (("JC_68": (integer_of_int32(y_2_0) - integer_of_int32(x_2_0))) < ("JC_68": + (integer_of_int32(y_2) - integer_of_int32(x_2_0)))) + +========== file tests/java/why/ArrayMax_po3.why ========== +goal ArrayMax_max_ensures_default_po_3: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + ("JC_74": + ("JC_72": (integer_of_int32(result1) < (offset_max(Object_alloc_table, + a) + 1)))) + +========== file tests/java/why/ArrayMax_po4.why ========== +goal ArrayMax_max_ensures_default_po_4: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall i_0:int. + (((0 <= i_0) and (i_0 < integer_of_int32(result))) or + ((integer_of_int32(result1) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + ("JC_74": + ("JC_73": (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(result)))), integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(result1)))))))) + +========== file tests/java/why/ArrayMax_po5.why ========== +goal ArrayMax_max_ensures_default_po_5: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + ("JC_74": ("JC_70": (0 <= integer_of_int32(x_2_0_0)))) + +========== file tests/java/why/ArrayMax_po6.why ========== +goal ArrayMax_max_ensures_default_po_6: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + ("JC_74": ("JC_71": (integer_of_int32(x_2_0_0) <= integer_of_int32(y_2)))) + +========== file tests/java/why/ArrayMax_po7.why ========== +goal ArrayMax_max_ensures_default_po_7: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + ("JC_74": + ("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1)))) + +========== file tests/java/why/ArrayMax_po8.why ========== +goal ArrayMax_max_ensures_default_po_8: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + forall i_0:int. + (((0 <= i_0) and (i_0 < integer_of_int32(x_2_0_0))) or + ((integer_of_int32(y_2) < i_0) and (i_0 < (offset_max(Object_alloc_table, + a) + 1)))) -> + ("JC_74": + ("JC_73": (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0_0)))), integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(y_2)))))))) + +========== file tests/java/why/ArrayMax_po9.why ========== +goal ArrayMax_max_ensures_default_po_9: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(y_2) - 1)) -> + forall y_2_0:int32. + (y_2_0 = result4) -> + ("JC_74": ("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2_0)))) + +========== generation of Simplify VC output ========== +why -simplify [...] why/ArrayMax.why +========== file tests/java/simplify/ArrayMax_why.sx ========== + +;; DO NOT EDIT BELOW THIS LINE + +(BG_PUSH (NEQ |@true| |@false|)) + +(DEFPRED (zwf_zero a b) (AND (<= 0 b) (< a b))) + +(BG_PUSH + ;; Why axiom bool_and_def + (FORALL (a b) + (IFF (EQ (bool_and a b) |@true|) (AND (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_or_def + (FORALL (a b) + (IFF (EQ (bool_or a b) |@true|) (OR (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_xor_def + (FORALL (a b) (IFF (EQ (bool_xor a b) |@true|) (NEQ a b)))) + +(BG_PUSH + ;; Why axiom bool_not_def + (FORALL (a) (IFF (EQ (bool_not a) |@true|) (EQ a |@false|)))) + +(BG_PUSH + ;; Why axiom ite_true + (FORALL (x y) (EQ (ite |@true| x y) x))) + +(BG_PUSH + ;; Why axiom ite_false + (FORALL (x y) (EQ (ite |@false| x y) y))) + +(BG_PUSH + ;; Why axiom lt_int_bool_axiom + (FORALL (x y) (IFF (EQ (lt_int_bool x y) |@true|) (< x y)))) + +(BG_PUSH + ;; Why axiom le_int_bool_axiom + (FORALL (x y) (IFF (EQ (le_int_bool x y) |@true|) (<= x y)))) + +(BG_PUSH + ;; Why axiom gt_int_bool_axiom + (FORALL (x y) (IFF (EQ (gt_int_bool x y) |@true|) (> x y)))) + +(BG_PUSH + ;; Why axiom ge_int_bool_axiom + (FORALL (x y) (IFF (EQ (ge_int_bool x y) |@true|) (>= x y)))) + +(BG_PUSH + ;; Why axiom eq_int_bool_axiom + (FORALL (x y) (IFF (EQ (eq_int_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_int_bool_axiom + (FORALL (x y) (IFF (EQ (neq_int_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom abs_int_pos + (FORALL (x) (IMPLIES (>= x 0) (EQ (abs_int x) x)))) + +(BG_PUSH + ;; Why axiom abs_int_neg + (FORALL (x) (IMPLIES (<= x 0) (EQ (abs_int x) (- 0 x))))) + +(BG_PUSH + ;; Why axiom int_max_is_ge + (FORALL (x y) (AND (>= (int_max x y) x) (>= (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_max_is_some + (FORALL (x y) (OR (EQ (int_max x y) x) (EQ (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_le + (FORALL (x y) (AND (<= (int_min x y) x) (<= (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_some + (FORALL (x y) (OR (EQ (int_min x y) x) (EQ (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom real_of_int_zero + (EQ (real_of_int 0) real_constant_0_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_one + (EQ (real_of_int 1) real_constant_1_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_add + (FORALL (x y) + (EQ (real_of_int (+ x y)) (real_add (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom real_of_int_sub + (FORALL (x y) + (EQ (real_of_int (- x y)) (real_sub (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom truncate_down_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (AND (EQ (le_real (real_of_int (truncate_real_to_int x)) x) |@true|) + (EQ (lt_real x (real_of_int (+ (truncate_real_to_int x) 1))) |@true|))))) + +(BG_PUSH + ;; Why axiom truncate_up_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (AND (EQ (lt_real (real_of_int (- (truncate_real_to_int x) 1)) x) |@true|) + (EQ (le_real x (real_of_int (truncate_real_to_int x))) |@true|))))) + +(BG_PUSH + ;; Why axiom lt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (lt_real_bool x y) |@true|) (EQ (lt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom le_real_bool_axiom + (FORALL (x y) + (IFF (EQ (le_real_bool x y) |@true|) (EQ (le_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom gt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (gt_real_bool x y) |@true|) (EQ (gt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom ge_real_bool_axiom + (FORALL (x y) + (IFF (EQ (ge_real_bool x y) |@true|) (EQ (ge_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom eq_real_bool_axiom + (FORALL (x y) (IFF (EQ (eq_real_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_real_bool_axiom + (FORALL (x y) (IFF (EQ (neq_real_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom real_max_is_ge + (FORALL (x y) + (AND (EQ (ge_real (real_max x y) x) |@true|) + (EQ (ge_real (real_max x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_max_is_some + (FORALL (x y) (OR (EQ (real_max x y) x) (EQ (real_max x y) y)))) + +(BG_PUSH + ;; Why axiom real_min_is_le + (FORALL (x y) + (AND (EQ (le_real (real_min x y) x) |@true|) + (EQ (le_real (real_min x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_min_is_some + (FORALL (x y) (OR (EQ (real_min x y) x) (EQ (real_min x y) y)))) + +(BG_PUSH + ;; Why axiom sqr_real_def + (FORALL (x) (EQ (sqr_real x) (real_mul x x)))) + +(BG_PUSH + ;; Why axiom sqrt_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (ge_real (real_sqrt x) real_constant_0_0e) |@true|)))) + +(BG_PUSH + ;; Why axiom sqrt_sqr + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (sqr_real (real_sqrt x)) x)))) + +(BG_PUSH + ;; Why axiom sqr_sqrt + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (real_sqrt (real_mul x x)) x)))) + +(BG_PUSH + ;; Why axiom abs_real_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) (EQ (real_abs x) x)))) + +(BG_PUSH + ;; Why axiom abs_real_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (EQ (real_abs x) (real_neg x))))) + +(BG_PUSH + ;; Why axiom log_exp + (FORALL (x) (EQ (log (exp x)) x))) + +(BG_PUSH + ;; Why axiom exp_log + (FORALL (x) + (IMPLIES (EQ (gt_real x real_constant_0_0e) |@true|) (EQ (exp (log x)) x)))) + +(BG_PUSH + ;; Why axiom prod_pos + (FORALL (x y) + (AND + (IMPLIES + (AND (EQ (gt_real x real_constant_0_0e) |@true|) + (EQ (gt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|)) + (IMPLIES + (AND (EQ (lt_real x real_constant_0_0e) |@true|) + (EQ (lt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|))))) + +(BG_PUSH + ;; Why axiom abs_minus + (FORALL (x) (EQ (real_abs (real_neg x)) (real_abs x)))) + +(BG_PUSH + ;; Why axiom math_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (math_div x y)) (math_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (math_div x y)) (math_mod x y))))))) + +(BG_PUSH + ;; Why axiom math_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) + (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))))) + +(BG_PUSH + ;; Why axiom computer_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))))) + +(BG_PUSH + ;; Why axiom computer_div_bound + (FORALL (x y) + (IMPLIES (AND (>= x 0) (> y 0)) + (AND (<= 0 (computer_div x y)) (<= (computer_div x y) x))))) + +(BG_PUSH + ;; Why axiom computer_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) (< (abs_int (computer_mod x y)) (abs_int y)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (< (abs_int (computer_mod x y)) (abs_int y)))))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_pos + (FORALL (x y) (IMPLIES (AND (>= x 0) (NEQ y 0)) (>= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_neg + (FORALL (x y) (IMPLIES (AND (<= x 0) (NEQ y 0)) (<= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_rounds_toward_zero + (FORALL (x y) + (IMPLIES (NEQ y 0) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))))) + +(DEFPRED (valid a p) (AND (<= (offset_min a p) 0) (>= (offset_max a p) 0))) + +(DEFPRED (same_block p q) (EQ (base_block p) (base_block q))) + +(BG_PUSH + ;; Why axiom address_injective + (FORALL (p q) (IFF (EQ p q) (EQ (address p) (address q))))) + +(BG_PUSH + ;; Why axiom address_null + (EQ (address null) 0)) + +(BG_PUSH + ;; Why axiom address_shift_lt + (FORALL (p i j) + (IFF (< (address (shift p i)) (address (shift p j))) (< i j)))) + +(BG_PUSH + ;; Why axiom address_shift_le + (FORALL (p i j) + (IFF (<= (address (shift p i)) (address (shift p j))) (<= i j)))) + +(BG_PUSH + ;; Why axiom shift_zero + (FORALL (p) (EQ (shift p 0) p))) + +(BG_PUSH + ;; Why axiom shift_shift + (FORALL (p i j) (EQ (shift (shift p i) j) (shift p (+ i j))))) + +(BG_PUSH + ;; Why axiom offset_max_shift + (FORALL (a p i) (EQ (offset_max a (shift p i)) (- (offset_max a p) i)))) + +(BG_PUSH + ;; Why axiom offset_min_shift + (FORALL (a p i) (EQ (offset_min a (shift p i)) (- (offset_min a p) i)))) + +(BG_PUSH + ;; Why axiom neq_shift + (FORALL (p i j) (IMPLIES (NEQ i j) (NEQ (shift p i) (shift p j)))) + + (FORALL (i j) + (IMPLIES (NEQ i j) (FORALL (p) (NEQ (shift p i) (shift p j)))))) + +(BG_PUSH + ;; Why axiom null_not_valid + (FORALL (a) (NOT (valid a null)))) + +(BG_PUSH + ;; Why axiom null_pointer + (FORALL (a) + (AND (>= (offset_min a null) 0) (<= (offset_max a null) (- 0 2))))) + +(BG_PUSH + ;; Why axiom eq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (eq_pointer_bool p1 p2) |@true|) (EQ p1 p2)))) + +(BG_PUSH + ;; Why axiom neq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (neq_pointer_bool p1 p2) |@true|) (NEQ p1 p2)))) + +(BG_PUSH + ;; Why axiom same_block_shift_right + (FORALL (p q i) (IMPLIES (same_block p q) (same_block p (shift q i)))) + + (FORALL (p q) + (IMPLIES (same_block p q) (FORALL (i) (same_block p (shift q i)))))) + +(BG_PUSH + ;; Why axiom same_block_shift_left + (FORALL (p q i) (IMPLIES (same_block q p) (same_block (shift q i) p))) + + (FORALL (p q) + (IMPLIES (same_block q p) (FORALL (i) (same_block (shift q i) p))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift + (FORALL (p q) (IMPLIES (same_block p q) (EQ p (shift q (sub_pointer p q)))))) + +(BG_PUSH + ;; Why axiom sub_pointer_self + (FORALL (p) (EQ (sub_pointer p p) 0))) + +(BG_PUSH + ;; Why axiom sub_pointer_zero + (FORALL (p q) + (IMPLIES (same_block p q) (IMPLIES (EQ (sub_pointer p q) 0) (EQ p q))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_left + (FORALL (p q i) (EQ (sub_pointer (shift p i) q) (+ (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_right + (FORALL (p q i) (EQ (sub_pointer p (shift q i)) (- (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom select_store_eq + (FORALL (m p1 p2 a) + (IMPLIES (EQ p1 p2) (EQ (select (|why__store| m p1 a) p2) a))) + + (FORALL (p1 p2) + (IMPLIES (EQ p1 p2) (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) a))))) + +(BG_PUSH + ;; Why axiom select_store_neq + (FORALL (m p1 p2 a) + (IMPLIES (NEQ p1 p2) (EQ (select (|why__store| m p1 a) p2) (select m p2)))) + + (FORALL (p1 p2) + (IMPLIES (NEQ p1 p2) + (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) (select m p2)))))) + +(DEFPRED (pset_disjoint ps1 ps2) + (FORALL (p) + (NOT (AND (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|))))) + +(DEFPRED (pset_included ps1 ps2) + (FORALL (p) + (IMPLIES (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|)))) + +(BG_PUSH + ;; Why axiom pset_included_self + (FORALL (ps) (pset_included ps ps))) + +(BG_PUSH + ;; Why axiom pset_included_range + (FORALL (ps a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (pset_included (pset_range ps a b) (pset_range ps c d)))) + + (FORALL (a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (FORALL (ps) (pset_included (pset_range ps a b) (pset_range ps c d)))))) + +(BG_PUSH + ;; Why axiom pset_included_range_all + (FORALL (ps a b c d) (pset_included (pset_range ps a b) (pset_all ps)))) + +(BG_PUSH + ;; Why axiom in_pset_empty + (FORALL (p) (NOT (EQ (in_pset p pset_empty) |@true|)))) + +(BG_PUSH + ;; Why axiom in_pset_singleton + (FORALL (p q) (IFF (EQ (in_pset p (pset_singleton q)) |@true|) (EQ p q)))) + +(BG_PUSH + ;; Why axiom in_pset_deref + (FORALL (p m q) + (IFF (EQ (in_pset p (pset_deref m q)) |@true|) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))))))) + +(BG_PUSH + ;; Why axiom in_pset_all + (FORALL (p q) + (IFF (EQ (in_pset p (pset_all q)) |@true|) + (EXISTS (i) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))) + +(BG_PUSH + ;; Why axiom in_pset_range + (FORALL (p q a b) + (IFF (EQ (in_pset p (pset_range q a b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_left + (FORALL (p q b) + (IFF (EQ (in_pset p (pset_range_left q b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_right + (FORALL (p q a) + (IFF (EQ (in_pset p (pset_range_right q a)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_union + (FORALL (p s1 s2) + (IFF (EQ (in_pset p (pset_union s1 s2)) |@true|) + (OR (EQ (in_pset p s1) |@true|) (EQ (in_pset p s2) |@true|))))) + +(BG_PUSH + ;; Why axiom valid_pset_empty + (FORALL (a) (EQ (valid_pset a pset_empty) |@true|))) + +(BG_PUSH + ;; Why axiom valid_pset_singleton + (FORALL (a p) + (IFF (EQ (valid_pset a (pset_singleton p)) |@true|) (valid a p)))) + +(BG_PUSH + ;; Why axiom valid_pset_deref + (FORALL (a m q) + (IFF (EQ (valid_pset a (pset_deref m q)) |@true|) + (FORALL (r p) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))) (valid a p)))))) + +(BG_PUSH + ;; Why axiom valid_pset_range + (FORALL (a q c d) + (IFF (EQ (valid_pset a (pset_range q c d)) |@true|) + (FORALL (i r) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (AND (<= c i) (<= i d))) + (valid a (shift r i))))))) + +(BG_PUSH + ;; Why axiom valid_pset_union + (FORALL (a s1 s2) + (IFF (EQ (valid_pset a (pset_union s1 s2)) |@true|) + (AND (EQ (valid_pset a s1) |@true|) (EQ (valid_pset a s2) |@true|))))) + +(DEFPRED (not_assigns a m1 m2 l) + (FORALL (p) + (IMPLIES (AND (valid a p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (select m2 p) (select m1 p))))) + +(BG_PUSH + ;; Why axiom not_assigns_refl + (FORALL (a m l) (not_assigns a m m l))) + +(BG_PUSH + ;; Why axiom not_assigns_trans + (FORALL (a m1 m2 m3 l) + (IMPLIES (not_assigns a m1 m2 l) + (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))) + + (FORALL (a m1 m2 l) + (IMPLIES (not_assigns a m1 m2 l) + (FORALL (m3) (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))))) + +(BG_PUSH + ;; Why axiom full_separated_shift1 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift2 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift3 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift4 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom subtag_bool_def + (FORALL (t1 t2) + (IFF (EQ (subtag_bool t1 t2) |@true|) (EQ (subtag t1 t2) |@true|)))) + +(BG_PUSH + ;; Why axiom subtag_refl + (FORALL (t) (EQ (subtag t t) |@true|))) + +(BG_PUSH + ;; Why axiom subtag_parent + (FORALL (t1 t2 t3) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))) + + (FORALL (t1 t2) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (FORALL (t3) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))))) + +(DEFPRED (instanceof a p t) (EQ (subtag (typeof a p) t) |@true|)) + +(BG_PUSH + ;; Why axiom downcast_instanceof + (FORALL (a p s) (IMPLIES (instanceof a p s) (EQ (downcast a p s) p)))) + +(BG_PUSH + ;; Why axiom bottom_tag_axiom + (FORALL (t) (EQ (subtag t bottom_tag) |@true|))) + +(DEFPRED (root_tag t) (EQ (parenttag t bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom root_subtag + (FORALL (a b c) + (IMPLIES (root_tag a) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|))))))) + + (FORALL (a) + (IMPLIES (root_tag a) + (FORALL (b) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (FORALL (c) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|)))))))))) + +(DEFPRED (fully_packed tag_table mutable this) + (EQ (select mutable this) (typeof tag_table this))) + +(BG_PUSH + ;; Why axiom bw_and_not_null + (FORALL (a b) (IMPLIES (NEQ (bw_and a b) 0) (AND (NEQ a 0) (NEQ b 0))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsl a b))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_monotone + (FORALL (a1 a2 b) + (IMPLIES (AND (<= 0 a1) (AND (<= a1 a2) (<= 0 b))) + (<= (lsl a1 b) (lsl a2 b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_decreases + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_positive_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (asr a b))))) + +(BG_PUSH + ;; Why axiom asr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (asr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_lsr_same_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (asr a b) (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsl_of_lsr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsl (lsr a b) b) a)))) + +(BG_PUSH + ;; Why axiom lsr_of_lsl_identity_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (lsr (lsl a b) b) a)))) + +(DEFPRED (alloc_fresh a p n) + (FORALL (i) (IMPLIES (AND (<= 0 i) (< i n)) (NOT (valid a (shift p i)))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_min + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_max + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_not_assigns_empty + (FORALL (a1 a2 m1 m2 l p n) + (IMPLIES + (AND (EQ (alloc_extends a1 a2) |@true|) + (AND (alloc_fresh a1 p n) + (AND (not_assigns a2 m1 m2 l) + (pset_included l (pset_all (pset_singleton p)))))) + (not_assigns a1 m1 m2 pset_empty)))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_min + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_max + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom disj_sym + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) (EQ (disj_mybag s2 s1) |@true|)))) + +(BG_PUSH + ;; Why axiom sub_refl + (FORALL (sa) (EQ (sub_mybag sa sa) |@true|))) + +(BG_PUSH + ;; Why axiom sub_disj + (FORALL (s1 s2 s3) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))) + + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (FORALL (s3) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))))) + +(BG_PUSH + ;; Why axiom sub_in + (FORALL (s1 s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))) + + (FORALL (s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (FORALL (s1) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_refl + (FORALL (sa m) (EQ (frame_between sa m m) |@true|))) + +(BG_PUSH + ;; Why axiom frame_between_gen + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (FORALL (v) (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen2 + (FORALL (sa m1 m2 m3) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub1 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 s13) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (FORALL (m2 m1) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s23 m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub2 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 m1 m2) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s13 s23) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_pointer + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (EQ (select m1 p) (select m2 p))))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (FORALL (v) (EQ (select m1 p) (select m2 p)))))))) + +(BG_PUSH + ;; Why axiom frame_between_sub + (FORALL (sa sb m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (sb) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))))) + +(BG_PUSH + ;; Why axiom ArrayMax_parenttag_Object + (EQ (parenttag ArrayMax_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Exception_parenttag_Object + (EQ (parenttag Exception_tag Object_tag) |@true|)) + +(DEFPRED (Non_null_Object x_1 Object_alloc_table) + (>= (offset_max Object_alloc_table x_1) 0)) + +(DEFPRED (Non_null_intM x_0 Object_alloc_table) + (>= (offset_max Object_alloc_table x_0) (- 0 1))) + +(BG_PUSH + ;; Why axiom Object_int + (EQ (int_of_tag Object_tag) 1)) + +(BG_PUSH + ;; Why axiom Object_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (Object_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom Object_parenttag_bottom + (EQ (parenttag Object_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Object_tags + (FORALL (x Object_tag_table) (instanceof Object_tag_table x Object_tag))) + +(BG_PUSH + ;; Why axiom String_parenttag_Object + (EQ (parenttag String_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Throwable_parenttag_Object + (EQ (parenttag Throwable_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom byte_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 128) x) (<= x 127)) + (EQ (integer_of_byte (byte_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom byte_range + (FORALL (x) + (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) + +(BG_PUSH + ;; Why axiom char_coerce + (FORALL (x) + (IMPLIES (AND (<= 0 x) (<= x 65535)) + (EQ (integer_of_char (char_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom char_range + (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) + +(DEFPRED (eq_byte x y) (EQ (integer_of_byte x) (integer_of_byte y))) + +(DEFPRED (eq_char x y) (EQ (integer_of_char x) (integer_of_char y))) + +(DEFPRED (eq_int32 x y) (EQ (integer_of_int32 x) (integer_of_int32 y))) + +(DEFPRED (eq_long x y) (EQ (integer_of_long x) (integer_of_long y))) + +(DEFPRED (eq_short x y) (EQ (integer_of_short x) (integer_of_short y))) + +(BG_PUSH + ;; Why axiom int32_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_2147483648) x) + (<= x constant_too_large_2147483647)) + (EQ (integer_of_int32 (int32_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom int32_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) + (<= (integer_of_int32 x) constant_too_large_2147483647)))) + +(BG_PUSH + ;; Why axiom intM_parenttag_Object + (EQ (parenttag intM_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom interface_int + (EQ (int_of_tag interface_tag) 1)) + +(BG_PUSH + ;; Why axiom interface_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (interface_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom interface_parenttag_bottom + (EQ (parenttag interface_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom interface_tags + (FORALL (x interface_tag_table) + (instanceof interface_tag_table x interface_tag))) + +(DEFPRED (left_valid_struct_Object p a Object_alloc_table) + (<= (offset_min Object_alloc_table p) a)) + +(DEFPRED (left_valid_struct_ArrayMax p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Exception p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_String p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Throwable p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_intM p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_interface p a interface_alloc_table) + (<= (offset_min interface_alloc_table p) a)) + +(BG_PUSH + ;; Why axiom long_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_9223372036854775808) x) + (<= x constant_too_large_9223372036854775807)) + (EQ (integer_of_long (long_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom long_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) + (<= (integer_of_long x) constant_too_large_9223372036854775807)))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_Object_of_pointer_address + (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_interface_of_pointer_address + (FORALL (p) (EQ p (pointer_address (interface_of_pointer_address p))))) + +(DEFPRED (right_valid_struct_Object p b Object_alloc_table) + (>= (offset_max Object_alloc_table p) b)) + +(DEFPRED (right_valid_struct_ArrayMax p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Exception p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_String p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Throwable p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_intM p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_interface p b interface_alloc_table) + (>= (offset_max interface_alloc_table p) b)) + +(BG_PUSH + ;; Why axiom short_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 32768) x) (<= x 32767)) + (EQ (integer_of_short (short_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom short_range + (FORALL (x) + (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) + +(DEFPRED (strict_valid_root_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_root_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_ArrayMax p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Exception p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_String p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Throwable p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_intM p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_root_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_root_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_struct_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_struct_ArrayMax p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Exception p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_String p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Throwable p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_intM p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +(BG_PUSH + ;; Why axiom max_is_some + (FORALL (x_1_0 y_1) + (OR (EQ (max x_1_0 y_1) x_1_0) (EQ (max x_1_0 y_1) y_1)))) + +(BG_PUSH + ;; Why axiom max_is_ge + (FORALL (x_0_0 y_0) + (AND (>= (max x_0_0 y_0) x_0_0) (>= (max x_0_0 y_0) y_0)))) + +;; ArrayMax_max_ensures_default_po_1, File "HOME/tests/java/ArrayMax.java", line 30, characters 27-33 +(FORALL (a) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(<= 0 (integer_of_int32 result))))))))))) + +;; ArrayMax_max_ensures_default_po_2, File "HOME/tests/java/ArrayMax.java", line 30, characters 32-38 +(FORALL (a) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(<= (integer_of_int32 result) (integer_of_int32 result1))))))))))) + +;; ArrayMax_max_ensures_default_po_3, File "HOME/tests/java/ArrayMax.java", line 30, characters 37-49 +(FORALL (a) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(< (integer_of_int32 result1) (+ (offset_max Object_alloc_table a) 1))))))))))) + +;; ArrayMax_max_ensures_default_po_4, File "HOME/tests/java/ArrayMax.java", line 31, characters 17-133 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (i_0) +(IMPLIES (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 result))) + (AND (< (integer_of_int32 result1) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) +(<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP (shift + a (integer_of_int32 + result)))) + (integer_of_int32 + (select + intM_intP (shift + a (integer_of_int32 + result1)))))))))))))))))) + +;; ArrayMax_max_ensures_default_po_5, File "HOME/tests/java/ArrayMax.java", line 30, characters 27-33 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (<= (integer_of_int32 result2) (integer_of_int32 result3)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 x_2_0) 1)) +(FORALL (x_2_0_0) +(IMPLIES (EQ x_2_0_0 result4) (<= 0 (integer_of_int32 x_2_0_0))))))))))))))))))))))))) + +;; ArrayMax_max_ensures_default_po_6, File "HOME/tests/java/ArrayMax.java", line 30, characters 32-38 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (<= (integer_of_int32 result2) (integer_of_int32 result3)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 x_2_0) 1)) +(FORALL (x_2_0_0) +(IMPLIES (EQ x_2_0_0 result4) +(<= (integer_of_int32 x_2_0_0) (integer_of_int32 y_2))))))))))))))))))))))))) + +;; ArrayMax_max_ensures_default_po_7, File "HOME/tests/java/ArrayMax.java", line 30, characters 37-49 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (<= (integer_of_int32 result2) (integer_of_int32 result3)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 x_2_0) 1)) +(FORALL (x_2_0_0) +(IMPLIES (EQ x_2_0_0 result4) +(< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1))))))))))))))))))))))))) + +;; ArrayMax_max_ensures_default_po_8, File "HOME/tests/java/ArrayMax.java", line 31, characters 17-133 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (<= (integer_of_int32 result2) (integer_of_int32 result3)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 x_2_0) 1)) +(FORALL (x_2_0_0) +(IMPLIES (EQ x_2_0_0 result4) +(FORALL (i_0) +(IMPLIES (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) +(<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP (shift + a (integer_of_int32 + x_2_0_0)))) + (integer_of_int32 + (select + intM_intP (shift + a (integer_of_int32 + y_2))))))))))))))))))))))))))))))) + +;; ArrayMax_max_ensures_default_po_9, File "HOME/tests/java/ArrayMax.java", line 30, characters 32-38 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (> (integer_of_int32 result2) (integer_of_int32 result3)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (- (integer_of_int32 y_2) 1)) +(FORALL (y_2_0) +(IMPLIES (EQ y_2_0 result4) +(<= (integer_of_int32 x_2_0) (integer_of_int32 y_2_0))))))))))))))))))))))))) + +;; ArrayMax_max_ensures_default_po_10, File "HOME/tests/java/ArrayMax.java", line 30, characters 37-49 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (> (integer_of_int32 result2) (integer_of_int32 result3)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (- (integer_of_int32 y_2) 1)) +(FORALL (y_2_0) +(IMPLIES (EQ y_2_0 result4) +(< (integer_of_int32 y_2_0) (+ (offset_max Object_alloc_table a) 1))))))))))))))))))))))))) + +;; ArrayMax_max_ensures_default_po_11, File "HOME/tests/java/ArrayMax.java", line 31, characters 17-133 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (> (integer_of_int32 result2) (integer_of_int32 result3)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (- (integer_of_int32 y_2) 1)) +(FORALL (y_2_0) +(IMPLIES (EQ y_2_0 result4) +(FORALL (i_0) +(IMPLIES (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2_0) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) +(<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP (shift + a (integer_of_int32 + y_2_0))))))))))))))))))))))))))))))) + +;; ArrayMax_max_ensures_default_po_12, File "HOME/tests/java/ArrayMax.java", line 24, characters 16-28 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (EQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(FORALL (return) +(IMPLIES (EQ return x_2_0) (<= 0 (integer_of_int32 return)))))))))))))))))) + +;; ArrayMax_max_ensures_default_po_13, File "HOME/tests/java/ArrayMax.java", line 24, characters 21-39 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (EQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(FORALL (return) +(IMPLIES (EQ return x_2_0) +(< (integer_of_int32 return) (+ (offset_max Object_alloc_table a) 1)))))))))))))))))) + +;; ArrayMax_max_ensures_default_po_14, File "HOME/tests/java/ArrayMax.java", line 25, characters 10-69 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (EQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(FORALL (return) +(IMPLIES (EQ return x_2_0) +(FORALL (i) +(IMPLIES (AND (<= 0 i) (< i (+ (offset_max Object_alloc_table a) 1))) +(<= (integer_of_int32 (select intM_intP (shift a i))) (integer_of_int32 + (select + intM_intP (shift + a (integer_of_int32 + return))))))))))))))))))))))) + +;; ArrayMax_max_safety_po_1, File "why/ArrayMax.why", line 763, characters 40-181 +(FORALL (a) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(>= (offset_max Object_alloc_table a) (- 0 1))))))) + +;; ArrayMax_max_safety_po_2, File "HOME/tests/java/ArrayMax.java", line 29, characters 16-26 +(FORALL (a) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(<= (- 0 constant_too_large_2147483648) (- result0 1)))))))))) + +;; ArrayMax_max_safety_po_3, File "HOME/tests/java/ArrayMax.java", line 29, characters 16-26 +(FORALL (a) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(<= (- result0 1) constant_too_large_2147483647))))))))) + +;; ArrayMax_max_safety_po_4, File "HOME/tests/java/ArrayMax.java", line 37, characters 16-20 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0))))))))))))))))))) + +;; ArrayMax_max_safety_po_5, File "HOME/tests/java/ArrayMax.java", line 37, characters 16-20 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))))))))))))))))))) + +;; ArrayMax_max_safety_po_6, File "HOME/tests/java/ArrayMax.java", line 37, characters 24-28 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0)) + (<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(<= (offset_min Object_alloc_table a) (integer_of_int32 y_2)))))))))))))))))))))) + +;; ArrayMax_max_safety_po_7, File "HOME/tests/java/ArrayMax.java", line 37, characters 24-28 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0)) + (<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(<= (integer_of_int32 y_2) (offset_max Object_alloc_table a)))))))))))))))))))))) + +;; ArrayMax_max_safety_po_8, File "HOME/tests/java/ArrayMax.jc", line 122, characters 69-75 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0)) + (<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 y_2)) + (<= (integer_of_int32 y_2) (offset_max Object_alloc_table a))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (<= (integer_of_int32 result2) (integer_of_int32 result3)) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 x_2_0) 1)))))))))))))))))))))))))) + +;; ArrayMax_max_safety_po_9, File "HOME/tests/java/ArrayMax.jc", line 122, characters 69-75 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0)) + (<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 y_2)) + (<= (integer_of_int32 y_2) (offset_max Object_alloc_table a))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (<= (integer_of_int32 result2) (integer_of_int32 result3)) +(<= (+ (integer_of_int32 x_2_0) 1) constant_too_large_2147483647))))))))))))))))))))))))) + +;; ArrayMax_max_safety_po_10, File "HOME/tests/java/ArrayMax.java", line 34, characters 25-30 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0)) + (<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 y_2)) + (<= (integer_of_int32 y_2) (offset_max Object_alloc_table a))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (<= (integer_of_int32 result2) (integer_of_int32 result3)) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 x_2_0) 1)) + (<= (+ (integer_of_int32 x_2_0) 1) constant_too_large_2147483647)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 x_2_0) 1)) +(FORALL (x_2_0_0) +(IMPLIES (EQ x_2_0_0 result4) +(<= 0 (- (integer_of_int32 y_2) (integer_of_int32 x_2_0)))))))))))))))))))))))))))))))) + +;; ArrayMax_max_safety_po_11, File "HOME/tests/java/ArrayMax.java", line 34, characters 25-30 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0)) + (<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 y_2)) + (<= (integer_of_int32 y_2) (offset_max Object_alloc_table a))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (<= (integer_of_int32 result2) (integer_of_int32 result3)) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 x_2_0) 1)) + (<= (+ (integer_of_int32 x_2_0) 1) constant_too_large_2147483647)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 x_2_0) 1)) +(FORALL (x_2_0_0) +(IMPLIES (EQ x_2_0_0 result4) +(< (- (integer_of_int32 y_2) (integer_of_int32 x_2_0_0)) (- (integer_of_int32 + y_2) (integer_of_int32 + x_2_0)))))))))))))))))))))))))))))))) + +;; ArrayMax_max_safety_po_12, File "HOME/tests/java/ArrayMax.jc", line 123, characters 24-30 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0)) + (<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 y_2)) + (<= (integer_of_int32 y_2) (offset_max Object_alloc_table a))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (> (integer_of_int32 result2) (integer_of_int32 result3)) +(<= (- 0 constant_too_large_2147483648) (- (integer_of_int32 y_2) 1)))))))))))))))))))))))))) + +;; ArrayMax_max_safety_po_13, File "HOME/tests/java/ArrayMax.jc", line 123, characters 24-30 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0)) + (<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 y_2)) + (<= (integer_of_int32 y_2) (offset_max Object_alloc_table a))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (> (integer_of_int32 result2) (integer_of_int32 result3)) +(<= (- (integer_of_int32 y_2) 1) constant_too_large_2147483647))))))))))))))))))))))))) + +;; ArrayMax_max_safety_po_14, File "HOME/tests/java/ArrayMax.java", line 34, characters 25-30 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0)) + (<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 y_2)) + (<= (integer_of_int32 y_2) (offset_max Object_alloc_table a))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (> (integer_of_int32 result2) (integer_of_int32 result3)) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (- (integer_of_int32 y_2) 1)) + (<= (- (integer_of_int32 y_2) 1) constant_too_large_2147483647)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (- (integer_of_int32 y_2) 1)) +(FORALL (y_2_0) +(IMPLIES (EQ y_2_0 result4) +(<= 0 (- (integer_of_int32 y_2) (integer_of_int32 x_2_0)))))))))))))))))))))))))))))))) + +;; ArrayMax_max_safety_po_15, File "HOME/tests/java/ArrayMax.java", line 34, characters 25-30 +(FORALL (a) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM a 0 Object_alloc_table) + (> (+ (offset_max Object_alloc_table a) 1) 0)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(IMPLIES (>= (offset_max Object_alloc_table a) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table a) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(FORALL (x_2_0) +(FORALL (y_2) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 x_2_0)) + (AND (<= (integer_of_int32 x_2_0) (integer_of_int32 y_2)) + (AND + (< (integer_of_int32 y_2) (+ (offset_max Object_alloc_table a) 1)) + (FORALL (i_0) + (IMPLIES + (OR (AND (<= 0 i_0) (< i_0 (integer_of_int32 x_2_0))) + (AND (< (integer_of_int32 y_2) i_0) + (< i_0 (+ (offset_max Object_alloc_table a) 1)))) + (<= (integer_of_int32 (select intM_intP (shift a i_0))) (max + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + x_2_0)))) + (integer_of_int32 + (select + intM_intP + (shift + a (integer_of_int32 + y_2))))))))))) +(IMPLIES (NEQ (integer_of_int32 x_2_0) (integer_of_int32 y_2)) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 x_2_0)) + (<= (integer_of_int32 x_2_0) (offset_max Object_alloc_table a))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift a (integer_of_int32 x_2_0)))) +(IMPLIES (AND (<= (offset_min Object_alloc_table a) (integer_of_int32 y_2)) + (<= (integer_of_int32 y_2) (offset_max Object_alloc_table a))) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP (shift a (integer_of_int32 y_2)))) +(IMPLIES (> (integer_of_int32 result2) (integer_of_int32 result3)) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (- (integer_of_int32 y_2) 1)) + (<= (- (integer_of_int32 y_2) 1) constant_too_large_2147483647)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (- (integer_of_int32 y_2) 1)) +(FORALL (y_2_0) +(IMPLIES (EQ y_2_0 result4) +(< (- (integer_of_int32 y_2_0) (integer_of_int32 x_2_0)) (- (integer_of_int32 + y_2) (integer_of_int32 + x_2_0)))))))))))))))))))))))))))))))) + +========== running Simplify ========== +Running Simplify on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +simplify/ArrayMax_why.sx : ............................. (29/0/0/0/0) +total : 29 +valid : 29 (100%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 0 ( 0%) +failure : 0 ( 0%) +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/ArrayMax.why +========== file tests/java/why/ArrayMax_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic ArrayMax_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom ArrayMax_parenttag_Object: parenttag(ArrayMax_tag, Object_tag) + +logic Exception_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +predicate Non_null_Object(x_1: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_1) >= 0) + +predicate Non_null_intM(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= (-1)) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic intM_tag : Object tag_id + +axiom intM_parenttag_Object: parenttag(intM_tag, Object_tag) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_ArrayMax(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_intM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +logic long_of_integer : int -> long + +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) + +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) + +logic max : int, int -> int + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_ArrayMax(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_intM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_ArrayMax(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_ArrayMax(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +axiom max_is_some: + (forall x_1_0:int. + (forall y_1:int. ((max(x_1_0, y_1) = x_1_0) or (max(x_1_0, y_1) = y_1)))) + +axiom max_is_ge: + (forall x_0_0:int. + (forall y_0:int. + ((max(x_0_0, y_0) >= x_0_0) and (max(x_0_0, y_0) >= y_0)))) + +goal ArrayMax_max_ensures_default_po_1: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + ("JC_74": ("JC_70": (0 <= integer_of_int32(result)))) + +goal ArrayMax_max_ensures_default_po_2: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + ("JC_74": + ("JC_71": (integer_of_int32(result) <= integer_of_int32(result1)))) + +goal ArrayMax_max_ensures_default_po_3: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + ("JC_74": + ("JC_72": (integer_of_int32(result1) < (offset_max(Object_alloc_table, + a) + 1)))) + +goal ArrayMax_max_ensures_default_po_4: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall i_0:int. + (((0 <= i_0) and (i_0 < integer_of_int32(result))) or + ((integer_of_int32(result1) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + ("JC_74": + ("JC_73": (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(result)))), integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(result1)))))))) + +goal ArrayMax_max_ensures_default_po_5: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + ("JC_74": ("JC_70": (0 <= integer_of_int32(x_2_0_0)))) + +goal ArrayMax_max_ensures_default_po_6: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + ("JC_74": ("JC_71": (integer_of_int32(x_2_0_0) <= integer_of_int32(y_2)))) + +goal ArrayMax_max_ensures_default_po_7: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + ("JC_74": + ("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1)))) + +goal ArrayMax_max_ensures_default_po_8: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + forall i_0:int. + (((0 <= i_0) and (i_0 < integer_of_int32(x_2_0_0))) or + ((integer_of_int32(y_2) < i_0) and (i_0 < (offset_max(Object_alloc_table, + a) + 1)))) -> + ("JC_74": + ("JC_73": (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0_0)))), integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(y_2)))))))) + +goal ArrayMax_max_ensures_default_po_9: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(y_2) - 1)) -> + forall y_2_0:int32. + (y_2_0 = result4) -> + ("JC_74": ("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2_0)))) + +goal ArrayMax_max_ensures_default_po_10: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(y_2) - 1)) -> + forall y_2_0:int32. + (y_2_0 = result4) -> + ("JC_74": + ("JC_72": (integer_of_int32(y_2_0) < (offset_max(Object_alloc_table, + a) + 1)))) + +goal ArrayMax_max_ensures_default_po_11: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(y_2) - 1)) -> + forall y_2_0:int32. + (y_2_0 = result4) -> + forall i_0:int. + (((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2_0) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + ("JC_74": + ("JC_73": (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(y_2_0)))))))) + +goal ArrayMax_max_ensures_default_po_12: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) = integer_of_int32(y_2)) -> + forall return:int32. + (return = x_2_0) -> + ("JC_46": ("JC_43": (0 <= integer_of_int32(return)))) + +goal ArrayMax_max_ensures_default_po_13: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) = integer_of_int32(y_2)) -> + forall return:int32. + (return = x_2_0) -> + ("JC_46": + ("JC_44": (integer_of_int32(return) < (offset_max(Object_alloc_table, + a) + 1)))) + +goal ArrayMax_max_ensures_default_po_14: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_74": + (("JC_70": (0 <= integer_of_int32(x_2_0))) and + (("JC_71": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_72": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_73": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) = integer_of_int32(y_2)) -> + forall return:int32. + (return = x_2_0) -> + forall i:int. + ((0 <= i) and (i < (offset_max(Object_alloc_table, a) + 1))) -> + ("JC_46": + ("JC_45": (integer_of_int32(select(intM_intP, shift(a, + i))) <= integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(return))))))) + +goal ArrayMax_max_safety_po_1: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) + +goal ArrayMax_max_safety_po_2: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + ((-2147483648) <= (result0 - 1)) + +goal ArrayMax_max_safety_po_3: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + ((result0 - 1) <= 2147483647) + +goal ArrayMax_max_safety_po_4: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + (offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) + +goal ArrayMax_max_safety_po_5: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a)) + +goal ArrayMax_max_safety_po_6: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + (offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) + +goal ArrayMax_max_safety_po_7: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a)) + +goal ArrayMax_max_safety_po_8: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + ((-2147483648) <= (integer_of_int32(x_2_0) + 1)) + +goal ArrayMax_max_safety_po_9: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + ((integer_of_int32(x_2_0) + 1) <= 2147483647) + +goal ArrayMax_max_safety_po_10: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + (((-2147483648) <= (integer_of_int32(x_2_0) + 1)) and + ((integer_of_int32(x_2_0) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + (0 <= ("JC_68": (integer_of_int32(y_2) - integer_of_int32(x_2_0)))) + +goal ArrayMax_max_safety_po_11: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) <= integer_of_int32(result3)) -> + (((-2147483648) <= (integer_of_int32(x_2_0) + 1)) and + ((integer_of_int32(x_2_0) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(x_2_0) + 1)) -> + forall x_2_0_0:int32. + (x_2_0_0 = result4) -> + (("JC_68": (integer_of_int32(y_2) - integer_of_int32(x_2_0_0))) < ("JC_68": + (integer_of_int32(y_2) - integer_of_int32(x_2_0)))) + +goal ArrayMax_max_safety_po_12: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + ((-2147483648) <= (integer_of_int32(y_2) - 1)) + +goal ArrayMax_max_safety_po_13: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + ((integer_of_int32(y_2) - 1) <= 2147483647) + +goal ArrayMax_max_safety_po_14: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + (((-2147483648) <= (integer_of_int32(y_2) - 1)) and + ((integer_of_int32(y_2) - 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(y_2) - 1)) -> + forall y_2_0:int32. + (y_2_0 = result4) -> + (0 <= ("JC_68": (integer_of_int32(y_2) - integer_of_int32(x_2_0)))) + +goal ArrayMax_max_safety_po_15: + forall a:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(a, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, a) + 1) > 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + (offset_max(Object_alloc_table, a) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, a) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + forall x_2_0:int32. + forall y_2:int32. + ("JC_62": true) -> + ("JC_60": + (("JC_56": (0 <= integer_of_int32(x_2_0))) and + (("JC_57": (integer_of_int32(x_2_0) <= integer_of_int32(y_2))) and + (("JC_58": (integer_of_int32(y_2) < (offset_max(Object_alloc_table, + a) + 1))) and + ("JC_59": + (forall i_0:int. + ((((0 <= i_0) and (i_0 < integer_of_int32(x_2_0))) or + ((integer_of_int32(y_2) < i_0) and + (i_0 < (offset_max(Object_alloc_table, a) + 1)))) -> + (integer_of_int32(select(intM_intP, shift(a, + i_0))) <= max(integer_of_int32(select(intM_intP, shift(a, + integer_of_int32(x_2_0)))), integer_of_int32(select(intM_intP, + shift(a, integer_of_int32(y_2))))))))))))) -> + (integer_of_int32(x_2_0) <> integer_of_int32(y_2)) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(x_2_0)) and + (integer_of_int32(x_2_0) <= offset_max(Object_alloc_table, a))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(a, integer_of_int32(x_2_0)))) -> + ((offset_min(Object_alloc_table, a) <= integer_of_int32(y_2)) and + (integer_of_int32(y_2) <= offset_max(Object_alloc_table, a))) -> + forall result3:int32. + (result3 = select(intM_intP, shift(a, integer_of_int32(y_2)))) -> + (integer_of_int32(result2) > integer_of_int32(result3)) -> + (((-2147483648) <= (integer_of_int32(y_2) - 1)) and + ((integer_of_int32(y_2) - 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(y_2) - 1)) -> + forall y_2_0:int32. + (y_2_0 = result4) -> + (("JC_68": (integer_of_int32(y_2_0) - integer_of_int32(x_2_0))) < ("JC_68": + (integer_of_int32(y_2) - integer_of_int32(x_2_0)))) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/ArrayMax_why.why : ............................. (29/0/0/0/0) +total : 29 +valid : 29 (100%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 0 ( 0%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/Arrays.res.oracle why-2.30+dfsg/tests/java/oracle/Arrays.res.oracle --- why-2.29+dfsg/tests/java/oracle/Arrays.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Arrays.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -2,30 +2,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ @@ -114,7 +116,7 @@ /* Local Variables: -compile-command: "make Arrays" +compile-command: "make Arrays.why3ml" End: */ @@ -137,7 +139,10 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -359,339 +364,339 @@ ========== file tests/java/Arrays.jloc ========== [K_62] file = "HOME/tests/java/Arrays.java" -line = 92 +line = 94 begin = 17 end = 26 [K_10] file = "HOME/tests/java/Arrays.java" -line = 44 +line = 46 begin = 17 end = 52 [K_63] file = "HOME/tests/java/Arrays.java" -line = 105 +line = 107 begin = 19 end = 27 [K_11] file = "HOME/tests/java/Arrays.java" -line = 59 +line = 61 begin = 14 end = 15 [K_64] file = "HOME/tests/java/Arrays.java" -line = 105 +line = 107 begin = 19 end = 29 [K_12] file = "HOME/tests/java/Arrays.java" -line = 56 +line = 58 begin = 28 end = 71 [K_65] file = "HOME/tests/java/Arrays.java" -line = 99 +line = 101 begin = 8 end = 206 [K_13] file = "HOME/tests/java/Arrays.java" -line = 56 +line = 58 begin = 14 end = 23 [K_66] file = "HOME/tests/java/Arrays.java" -line = 98 +line = 100 begin = 7 end = 19 [K_14] file = "HOME/tests/java/Arrays.java" -line = 55 +line = 57 begin = 41 end = 53 [K_67] file = "HOME/tests/java/Arrays.java" -line = 98 +line = 100 begin = 7 end = 230 [K_15] file = "HOME/tests/java/Arrays.java" -line = 55 +line = 57 begin = 36 end = 42 [K_68] file = "HOME/tests/java/Arrays.java" -line = 103 +line = 105 begin = 18 end = 19 [Arrays_arrayShift] name = "Method arrayShift" file = "HOME/tests/java/Arrays.java" -line = 96 +line = 98 begin = 23 end = 33 [K_16] file = "HOME/tests/java/Arrays.java" -line = 55 +line = 57 begin = 36 end = 53 [K_69] file = "HOME/tests/java/Arrays.java" -line = 106 +line = 108 begin = 12 end = 15 [K_17] file = "HOME/tests/java/Arrays.java" -line = 55 +line = 57 begin = 19 end = 32 [K_18] file = "HOME/tests/java/Arrays.java" -line = 55 +line = 57 begin = 14 end = 20 [K_19] file = "HOME/tests/java/Arrays.java" -line = 55 +line = 57 begin = 14 end = 32 [K_70] file = "HOME/tests/java/Arrays.java" -line = 106 +line = 108 begin = 10 end = 16 [K_71] file = "HOME/tests/java/Arrays.java" -line = 106 +line = 108 begin = 3 end = 16 [K_72] file = "HOME/tests/java/Arrays.java" -line = 105 +line = 107 begin = 40 end = 43 [K_20] file = "HOME/tests/java/Arrays.java" -line = 55 +line = 57 begin = 14 end = 53 [K_73] file = "HOME/tests/java/Arrays.java" -line = 105 +line = 107 begin = 32 end = 37 [K_21] file = "HOME/tests/java/Arrays.java" -line = 55 +line = 57 begin = 14 end = 80 [K_22] file = "HOME/tests/java/Arrays.java" -line = 55 +line = 57 begin = 14 end = 129 [K_23] file = "HOME/tests/java/Arrays.java" -line = 57 +line = 59 begin = 25 end = 35 [K_24] file = "HOME/tests/java/Arrays.java" -line = 62 +line = 64 begin = 6 end = 10 [K_1] file = "HOME/tests/java/Arrays.java" -line = 48 +line = 50 begin = 14 end = 92 [K_25] file = "HOME/tests/java/Arrays.java" -line = 60 +line = 62 begin = 9 end = 13 [K_2] file = "HOME/tests/java/Arrays.java" -line = 47 +line = 49 begin = 18 end = 36 [K_26] file = "HOME/tests/java/Arrays.java" -line = 60 +line = 62 begin = 9 end = 17 [K_3] file = "HOME/tests/java/Arrays.java" -line = 47 +line = 49 begin = 13 end = 25 [K_27] file = "HOME/tests/java/Arrays.java" -line = 59 +line = 61 begin = 31 end = 34 [K_4] file = "HOME/tests/java/Arrays.java" -line = 47 +line = 49 begin = 13 end = 36 [K_28] file = "HOME/tests/java/Arrays.java" -line = 59 +line = 61 begin = 21 end = 29 [K_5] file = "HOME/tests/java/Arrays.java" -line = 47 +line = 49 begin = 13 end = 134 [K_29] file = "HOME/tests/java/Arrays.java" -line = 59 +line = 61 begin = 17 end = 29 [K_6] file = "HOME/tests/java/Arrays.java" -line = 44 +line = 46 begin = 35 end = 52 [K_7] file = "HOME/tests/java/Arrays.java" -line = 44 +line = 46 begin = 30 end = 43 [K_8] file = "HOME/tests/java/Arrays.java" -line = 44 +line = 46 begin = 30 end = 52 [K_9] file = "HOME/tests/java/Arrays.java" -line = 44 +line = 46 begin = 17 end = 26 [K_30] file = "HOME/tests/java/Arrays.java" -line = 53 +line = 55 begin = 11 end = 12 [K_31] file = "HOME/tests/java/Arrays.java" -line = 52 +line = 54 begin = 9 end = 13 [K_32] file = "HOME/tests/java/Arrays.java" -line = 72 +line = 74 begin = 13 end = 39 [K_33] file = "HOME/tests/java/Arrays.java" -line = 71 +line = 73 begin = 18 end = 36 [K_34] file = "HOME/tests/java/Arrays.java" -line = 71 +line = 73 begin = 13 end = 25 [K_35] file = "HOME/tests/java/Arrays.java" -line = 71 +line = 73 begin = 13 end = 36 [K_36] file = "HOME/tests/java/Arrays.java" -line = 71 +line = 73 begin = 13 end = 80 [K_37] file = "HOME/tests/java/Arrays.java" -line = 68 +line = 70 begin = 30 end = 43 [K_38] file = "HOME/tests/java/Arrays.java" -line = 68 +line = 70 begin = 17 end = 26 [K_39] file = "HOME/tests/java/Arrays.java" -line = 68 +line = 70 begin = 17 end = 43 [Arrays_findMax2] name = "Method findMax2" file = "HOME/tests/java/Arrays.java" -line = 74 +line = 76 begin = 22 end = 30 [K_40] file = "HOME/tests/java/Arrays.java" -line = 82 +line = 84 begin = 12 end = 13 [K_41] file = "HOME/tests/java/Arrays.java" -line = 79 +line = 81 begin = 27 end = 40 [K_42] file = "HOME/tests/java/Arrays.java" -line = 79 +line = 81 begin = 14 end = 23 @@ -704,122 +709,122 @@ [K_43] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 34 end = 46 [K_44] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 29 end = 35 [K_45] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 29 end = 46 [K_46] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 12 end = 25 [K_47] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 7 end = 13 [K_48] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 7 end = 25 [K_49] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 7 end = 46 [K_50] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 7 end = 73 [K_51] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 7 end = 90 [K_52] file = "HOME/tests/java/Arrays.java" -line = 80 +line = 82 begin = 18 end = 28 [K_53] file = "HOME/tests/java/Arrays.java" -line = 85 +line = 87 begin = 6 end = 10 [K_54] file = "HOME/tests/java/Arrays.java" -line = 83 +line = 85 begin = 9 end = 13 [K_55] file = "HOME/tests/java/Arrays.java" -line = 83 +line = 85 begin = 9 end = 17 [K_56] file = "HOME/tests/java/Arrays.java" -line = 82 +line = 84 begin = 29 end = 32 [K_57] file = "HOME/tests/java/Arrays.java" -line = 82 +line = 84 begin = 19 end = 27 [K_58] file = "HOME/tests/java/Arrays.java" -line = 82 +line = 84 begin = 15 end = 27 [K_59] file = "HOME/tests/java/Arrays.java" -line = 76 +line = 78 begin = 9 end = 10 [Arrays_findMax] name = "Method findMax" file = "HOME/tests/java/Arrays.java" -line = 51 +line = 53 begin = 24 end = 31 [K_60] file = "HOME/tests/java/Arrays.java" -line = 75 +line = 77 begin = 9 end = 13 [K_61] file = "HOME/tests/java/Arrays.java" -line = 94 +line = 96 begin = 10 end = 70 @@ -843,10 +848,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Arrays.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Arrays_why.sx @@ -907,6 +913,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Arrays_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Arrays_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -979,6 +992,9 @@ why3ide: why/Arrays_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Arrays.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Arrays.depend depend: coq/Arrays_why.v @@ -988,835 +1004,1016 @@ rm -f coq/*.vo ========== file tests/java/Arrays.loc ========== -[JC_90] -kind = UserCall -file = "HOME/tests/java/Arrays.java" -line = 59 -begin = 21 -end = 29 - -[JC_91] +[JC_103] file = "HOME/tests/java/Arrays.java" -line = 68 +line = 70 begin = 17 end = 26 -[JC_92] +[JC_104] file = "HOME/tests/java/Arrays.java" -line = 68 +line = 70 begin = 30 end = 43 -[JC_40] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_93] +[JC_105] file = "HOME/tests/java/Arrays.java" -line = 68 +line = 70 begin = 17 end = 43 -[JC_41] +[JC_106] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_94] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +[JC_40] +file = "HOME/tests/java/Arrays.java" +line = 46 +begin = 30 +end = 43 -[JC_42] +[JC_107] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_95] +[JC_41] file = "HOME/tests/java/Arrays.java" -line = 68 -begin = 17 -end = 26 - -[JC_43] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +line = 46 +begin = 35 +end = 52 -[cons_Arrays_safety] -name = "Constructor of class Arrays" -behavior = "Safety" +[JC_108] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_96] +[JC_42] file = "HOME/tests/java/Arrays.java" -line = 68 -begin = 30 -end = 43 +line = 46 +begin = 17 +end = 52 -[JC_44] +[JC_109] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_150] +[JC_43] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_97] +[JC_44] file = "HOME/tests/java/Arrays.java" -line = 68 +line = 46 begin = 17 -end = 43 +end = 26 [JC_45] file = "HOME/tests/java/Arrays.java" -line = 47 -begin = 13 -end = 25 - -[JC_151] -file = "HOME/tests/java/Arrays.java" -line = 92 -begin = 17 -end = 26 - -[JC_98] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +line = 46 +begin = 30 +end = 43 [JC_46] file = "HOME/tests/java/Arrays.java" -line = 47 -begin = 18 -end = 36 - -[JC_1] -file = "HOME/tests/java/Arrays.jc" -line = 39 -begin = 8 -end = 21 +line = 46 +begin = 35 +end = 52 -[JC_152] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +[JC_47] +file = "HOME/tests/java/Arrays.java" +line = 46 +begin = 17 +end = 52 -[JC_100] +[JC_48] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_99] +[JC_49] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_47] +[Arrays_findMax2_safety] +name = "Method findMax2" +behavior = "Safety" file = "HOME/tests/java/Arrays.java" -line = 48 -begin = 14 -end = 92 +line = 76 +begin = 22 +end = 30 -[JC_2] +[JC_110] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_153] +[JC_111] file = "HOME/tests/java/Arrays.java" -line = 94 -begin = 10 -end = 70 +line = 73 +begin = 13 +end = 25 -[JC_101] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +[JC_112] +file = "HOME/tests/java/Arrays.java" +line = 73 +begin = 18 +end = 36 -[JC_48] +[JC_113] file = "HOME/tests/java/Arrays.java" -line = 47 +line = 74 begin = 13 -end = 134 +end = 39 -[JC_3] -file = "HOME/tests/java/Arrays.jc" -line = 39 -begin = 8 -end = 21 +[JC_114] +file = "HOME/tests/java/Arrays.java" +line = 73 +begin = 13 +end = 80 -[JC_154] +[JC_115] file = "HOME/tests/java/Arrays.java" -line = 94 -begin = 10 -end = 70 +line = 73 +begin = 13 +end = 25 -[JC_102] +[JC_116] +file = "HOME/tests/java/Arrays.java" +line = 73 +begin = 18 +end = 36 + +[JC_50] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_49] +[JC_117] file = "HOME/tests/java/Arrays.java" -line = 47 +line = 74 begin = 13 -end = 25 +end = 39 -[JC_4] +[JC_51] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_155] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_103] +[JC_118] file = "HOME/tests/java/Arrays.java" -line = 71 +line = 73 begin = 13 -end = 25 - -[JC_5] -file = "HOME/tests/java/Arrays.jc" -line = 42 -begin = 11 -end = 66 +end = 80 -[JC_156] +[JC_52] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_104] -file = "HOME/tests/java/Arrays.java" -line = 71 -begin = 18 -end = 36 - -[JC_6] -file = "HOME/tests/java/Arrays.jc" -line = 41 -begin = 10 -end = 18 - -[JC_157] -kind = UserCall -file = "HOME/tests/java/Arrays.java" -line = 105 -begin = 19 -end = 27 - -[JC_105] -file = "HOME/tests/java/Arrays.java" -line = 72 -begin = 13 -end = 39 - -[JC_7] -file = "HOME/tests/java/Arrays.jc" -line = 42 -begin = 11 -end = 66 - -[JC_158] +[JC_119] kind = IndexBounds file = "HOME/tests/java/Arrays.java" -line = 105 -begin = 19 -end = 27 - -[JC_106] -file = "HOME/tests/java/Arrays.java" -line = 71 -begin = 13 -end = 80 - -[JC_8] -file = "HOME/tests/java/Arrays.jc" -line = 41 -begin = 10 -end = 18 - -[JC_159] -file = "HOME/tests/java/Arrays.java" -line = 98 -begin = 7 -end = 19 +line = 77 +begin = 9 +end = 13 -[JC_107] +[JC_53] file = "HOME/tests/java/Arrays.java" -line = 71 +line = 49 begin = 13 end = 25 -[JC_9] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +[Arrays_findMax_ensures_max_found] +name = "Method findMax" +behavior = "Behavior `max_found'" +file = "HOME/tests/java/Arrays.java" +line = 53 +begin = 24 +end = 31 -[JC_108] +[JC_54] file = "HOME/tests/java/Arrays.java" -line = 71 +line = 49 begin = 18 end = 36 -[JC_109] -file = "HOME/tests/java/Arrays.java" -line = 72 -begin = 13 -end = 39 - [Arrays_arrayShift_safety] name = "Method arrayShift" behavior = "Safety" file = "HOME/tests/java/Arrays.java" -line = 96 -begin = 23 -end = 33 - -[Arrays_arrayShift_ensures_default] -name = "Method arrayShift" -behavior = "Default behavior" -file = "HOME/tests/java/Arrays.java" -line = 96 +line = 98 begin = 23 end = 33 -[JC_50] -file = "HOME/tests/java/Arrays.java" -line = 47 -begin = 18 -end = 36 - -[JC_51] +[JC_55] file = "HOME/tests/java/Arrays.java" -line = 48 +line = 50 begin = 14 end = 92 -[JC_52] +[JC_56] file = "HOME/tests/java/Arrays.java" -line = 47 +line = 49 begin = 13 end = 134 -[JC_53] -kind = IndexBounds -file = "HOME/tests/java/Arrays.java" -line = 52 -begin = 9 -end = 13 - -[JC_54] -file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 14 -end = 20 - -[JC_160] -file = "HOME/tests/java/Arrays.java" -line = 99 -begin = 8 -end = 206 - -[JC_55] +[JC_57] file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 19 -end = 32 +line = 49 +begin = 13 +end = 25 -[JC_161] +[JC_58] file = "HOME/tests/java/Arrays.java" -line = 98 -begin = 7 -end = 230 +line = 49 +begin = 18 +end = 36 -[Arrays_findMax2_safety] +[Arrays_findMax2_ensures_default] name = "Method findMax2" -behavior = "Safety" +behavior = "default behavior" file = "HOME/tests/java/Arrays.java" -line = 74 +line = 76 begin = 22 end = 30 -[JC_56] -file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 36 -end = 42 - -[JC_162] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_110] -file = "HOME/tests/java/Arrays.java" -line = 71 -begin = 13 -end = 80 - -[JC_57] -file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 41 -end = 53 - -[JC_163] -file = "HOME/tests/java/Arrays.jc" -line = 198 -begin = 9 -end = 1153 - -[JC_111] -kind = IndexBounds -file = "HOME/tests/java/Arrays.java" -line = 75 -begin = 9 -end = 13 - -[JC_58] +[JC_59] file = "HOME/tests/java/Arrays.java" -line = 56 +line = 50 begin = 14 -end = 23 - -[JC_164] -file = "HOME/tests/java/Arrays.jc" -line = 198 -begin = 9 -end = 1153 +end = 92 -[JC_112] +[JC_120] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 7 end = 13 -[JC_59] -file = "HOME/tests/java/Arrays.java" -line = 56 -begin = 28 -end = 71 - -[JC_165] -kind = PointerDeref -file = "HOME/tests/java/Arrays.java" -line = 106 -begin = 10 -end = 16 - -[JC_113] +[JC_121] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 12 end = 25 -[JC_166] -kind = PointerDeref -file = "HOME/tests/java/Arrays.jc" -line = 216 -begin = 21 -end = 80 - -[JC_114] +[JC_122] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 29 end = 35 -[JC_167] -file = "HOME/tests/java/Arrays.java" -line = 103 -begin = 18 -end = 19 - -[JC_115] +[JC_123] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 34 end = 46 -[JC_168] -kind = UserCall -file = "HOME/tests/java/Arrays.java" -line = 105 -begin = 19 -end = 27 - -[JC_116] +[JC_124] file = "HOME/tests/java/Arrays.java" -line = 79 +line = 81 begin = 14 end = 23 -[JC_169] -file = "HOME/tests/java/Arrays.java" -line = 98 -begin = 7 -end = 19 - -[JC_117] +[JC_125] file = "HOME/tests/java/Arrays.java" -line = 79 +line = 81 begin = 27 end = 40 -[JC_118] +[JC_126] file = "HOME/tests/java/Arrays.java" -line = 78 +line = 80 begin = 7 end = 90 -[JC_119] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - [JC_60] file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 14 -end = 129 +line = 49 +begin = 13 +end = 134 -[JC_61] +[JC_127] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_61] +kind = IndexBounds +file = "HOME/tests/java/Arrays.java" +line = 54 +begin = 9 +end = 13 + +[JC_128] +file = "HOME/tests/java/Arrays.jc" +line = 151 +begin = 18 +end = 1821 + [JC_62] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 14 +end = 20 + +[JC_129] file = "HOME/tests/java/Arrays.jc" -line = 88 +line = 151 begin = 18 -end = 2047 +end = 1821 -[JC_10] +[JC_63] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 19 +end = 32 + +[JC_64] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 36 +end = 42 + +[JC_65] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 41 +end = 53 + +[JC_66] +file = "HOME/tests/java/Arrays.java" +line = 58 +begin = 14 +end = 23 + +[JC_67] +file = "HOME/tests/java/Arrays.java" +line = 58 +begin = 28 +end = 71 + +[JC_68] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 14 +end = 129 + +[JC_69] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_63] +[JC_130] +kind = UserCall +file = "HOME/tests/java/Arrays.java" +line = 84 +begin = 19 +end = 27 + +[JC_131] +kind = IndexBounds +file = "HOME/tests/java/Arrays.java" +line = 84 +begin = 19 +end = 27 + +[JC_132] +kind = PointerDeref +file = "HOME/tests/java/Arrays.java" +line = 85 +begin = 9 +end = 13 + +[JC_133] +kind = PointerDeref +file = "HOME/tests/java/Arrays.java" +line = 87 +begin = 6 +end = 10 + +[JC_134] +file = "HOME/tests/java/Arrays.java" +line = 82 +begin = 18 +end = 28 + +[JC_135] +file = "HOME/tests/java/Arrays.java" +line = 80 +begin = 7 +end = 13 + +[JC_136] +file = "HOME/tests/java/Arrays.java" +line = 80 +begin = 12 +end = 25 + +[JC_70] file = "HOME/tests/java/Arrays.jc" -line = 88 +line = 91 begin = 18 end = 2047 -[JC_11] +[JC_137] +file = "HOME/tests/java/Arrays.java" +line = 80 +begin = 29 +end = 35 + +[JC_71] file = "HOME/tests/java/Arrays.jc" -line = 45 -begin = 8 -end = 30 +line = 91 +begin = 18 +end = 2047 -[JC_64] +[JC_138] +file = "HOME/tests/java/Arrays.java" +line = 80 +begin = 34 +end = 46 + +[JC_72] kind = UserCall file = "HOME/tests/java/Arrays.java" -line = 59 +line = 61 begin = 21 end = 29 -[JC_12] +[JC_139] +file = "HOME/tests/java/Arrays.java" +line = 81 +begin = 14 +end = 23 + +[JC_73] +kind = IndexBounds +file = "HOME/tests/java/Arrays.java" +line = 61 +begin = 21 +end = 29 + +[JC_74] +kind = PointerDeref +file = "HOME/tests/java/Arrays.java" +line = 62 +begin = 9 +end = 13 + +[JC_75] +kind = PointerDeref +file = "HOME/tests/java/Arrays.java" +line = 64 +begin = 6 +end = 10 + +[JC_76] +file = "HOME/tests/java/Arrays.java" +line = 59 +begin = 25 +end = 35 + +[Arrays_findMax2_ensures_max_found] +name = "Method findMax2" +behavior = "Behavior `max_found'" +file = "HOME/tests/java/Arrays.java" +line = 76 +begin = 22 +end = 30 + +[JC_77] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 14 +end = 20 + +[JC_78] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 19 +end = 32 + +[JC_79] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 36 +end = 42 + +[JC_140] +file = "HOME/tests/java/Arrays.java" +line = 81 +begin = 27 +end = 40 + +[JC_141] +file = "HOME/tests/java/Arrays.java" +line = 80 +begin = 7 +end = 90 + +[JC_142] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_170] +[cons_Arrays_ensures_default] +name = "Constructor of class Arrays" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_143] +file = "HOME/tests/java/Arrays.jc" +line = 151 +begin = 18 +end = 1821 + +[JC_144] +file = "HOME/tests/java/Arrays.jc" +line = 151 +begin = 18 +end = 1821 + +[JC_145] +kind = UserCall file = "HOME/tests/java/Arrays.java" -line = 99 -begin = 8 -end = 206 +line = 84 +begin = 19 +end = 27 -[JC_65] -kind = IndexBounds +[JC_146] file = "HOME/tests/java/Arrays.java" -line = 59 +line = 80 +begin = 7 +end = 13 + +[JC_80] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 41 +end = 53 + +[JC_147] +file = "HOME/tests/java/Arrays.java" +line = 80 +begin = 12 +end = 25 + +[JC_81] +file = "HOME/tests/java/Arrays.java" +line = 58 +begin = 14 +end = 23 + +[Arrays_findMax_ensures_default] +name = "Method findMax" +behavior = "default behavior" +file = "HOME/tests/java/Arrays.java" +line = 53 +begin = 24 +end = 31 + +[JC_148] +file = "HOME/tests/java/Arrays.java" +line = 80 +begin = 29 +end = 35 + +[JC_82] +file = "HOME/tests/java/Arrays.java" +line = 58 +begin = 28 +end = 71 + +[JC_149] +file = "HOME/tests/java/Arrays.java" +line = 80 +begin = 34 +end = 46 + +[JC_83] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 14 +end = 129 + +[JC_84] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_85] +file = "HOME/tests/java/Arrays.jc" +line = 91 +begin = 18 +end = 2047 + +[JC_86] +file = "HOME/tests/java/Arrays.jc" +line = 91 +begin = 18 +end = 2047 + +[JC_87] +kind = UserCall +file = "HOME/tests/java/Arrays.java" +line = 61 begin = 21 end = 29 -[JC_13] +[JC_88] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 14 +end = 20 + +[JC_1] file = "HOME/tests/java/Arrays.jc" -line = 45 -begin = 8 -end = 30 +line = 13 +begin = 12 +end = 22 -[JC_171] +[JC_89] file = "HOME/tests/java/Arrays.java" -line = 98 -begin = 7 -end = 230 +line = 57 +begin = 19 +end = 32 -[JC_66] -kind = PointerDeref +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_3] +file = "HOME/tests/java/Arrays.jc" +line = 13 +begin = 12 +end = 22 + +[Arrays_findMax_safety] +name = "Method findMax" +behavior = "Safety" file = "HOME/tests/java/Arrays.java" -line = 60 -begin = 9 -end = 13 +line = 53 +begin = 24 +end = 31 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_6] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_150] +file = "HOME/tests/java/Arrays.java" +line = 81 +begin = 14 +end = 23 -[JC_14] +[JC_7] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_172] +[JC_151] +file = "HOME/tests/java/Arrays.java" +line = 81 +begin = 27 +end = 40 + +[JC_8] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_120] -file = "HOME/tests/java/Arrays.jc" -line = 148 -begin = 18 -end = 1821 - -[JC_67] -kind = PointerDeref +[JC_152] file = "HOME/tests/java/Arrays.java" -line = 62 -begin = 6 -end = 10 +line = 80 +begin = 7 +end = 90 -[JC_15] +[JC_9] file = "HOME/tests/java/Arrays.jc" -line = 48 -begin = 11 -end = 103 +line = 42 +begin = 8 +end = 21 -[JC_173] -file = "HOME/tests/java/Arrays.jc" -line = 198 -begin = 9 -end = 1153 +[JC_153] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_121] +[JC_154] file = "HOME/tests/java/Arrays.jc" -line = 148 +line = 151 begin = 18 end = 1821 -[JC_68] -file = "HOME/tests/java/Arrays.java" -line = 57 -begin = 25 -end = 35 - -[JC_16] -file = "HOME/tests/java/Arrays.jc" -line = 47 -begin = 10 -end = 18 - -[JC_174] +[JC_155] file = "HOME/tests/java/Arrays.jc" -line = 198 -begin = 9 -end = 1153 +line = 151 +begin = 18 +end = 1821 -[JC_122] +[JC_156] kind = UserCall file = "HOME/tests/java/Arrays.java" -line = 82 +line = 84 begin = 19 end = 27 -[JC_69] +[JC_90] file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 14 -end = 20 +line = 57 +begin = 36 +end = 42 -[JC_17] -file = "HOME/tests/java/Arrays.jc" -line = 48 -begin = 11 -end = 103 +[JC_157] +file = "HOME/tests/java/Arrays.java" +line = 94 +begin = 17 +end = 26 -[JC_175] +[JC_91] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 41 +end = 53 + +[JC_158] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_123] -kind = IndexBounds +[JC_92] file = "HOME/tests/java/Arrays.java" -line = 82 -begin = 19 -end = 27 +line = 58 +begin = 14 +end = 23 -[JC_18] -file = "HOME/tests/java/Arrays.jc" -line = 47 -begin = 10 -end = 18 +[JC_159] +file = "HOME/tests/java/Arrays.java" +line = 94 +begin = 17 +end = 26 -[JC_176] +[JC_93] +file = "HOME/tests/java/Arrays.java" +line = 58 +begin = 28 +end = 71 + +[JC_94] +file = "HOME/tests/java/Arrays.java" +line = 57 +begin = 14 +end = 129 + +[JC_95] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_124] -kind = PointerDeref +[JC_96] +file = "HOME/tests/java/Arrays.jc" +line = 91 +begin = 18 +end = 2047 + +[JC_97] +file = "HOME/tests/java/Arrays.jc" +line = 91 +begin = 18 +end = 2047 + +[Arrays_arrayShift_ensures_default] +name = "Method arrayShift" +behavior = "default behavior" file = "HOME/tests/java/Arrays.java" -line = 83 -begin = 9 -end = 13 +line = 98 +begin = 23 +end = 33 -[Arrays_findMax_ensures_max_found] -name = "Method findMax" -behavior = "Normal behavior `max_found'" +[JC_98] +kind = UserCall file = "HOME/tests/java/Arrays.java" -line = 51 -begin = 24 -end = 31 +line = 61 +begin = 21 +end = 29 -[JC_19] +[JC_99] +file = "HOME/tests/java/Arrays.java" +line = 70 +begin = 17 +end = 26 + +[JC_160] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_177] +[JC_161] +file = "HOME/tests/java/Arrays.java" +line = 96 +begin = 10 +end = 70 + +[JC_162] +file = "HOME/tests/java/Arrays.java" +line = 96 +begin = 10 +end = 70 + +[JC_163] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_125] -kind = PointerDeref -file = "HOME/tests/java/Arrays.java" -line = 85 -begin = 6 -end = 10 - -[JC_178] +[JC_164] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_126] +[JC_165] +kind = UserCall file = "HOME/tests/java/Arrays.java" -line = 80 -begin = 18 -end = 28 +line = 107 +begin = 19 +end = 27 -[JC_179] +[JC_166] +kind = IndexBounds +file = "HOME/tests/java/Arrays.java" +line = 107 +begin = 19 +end = 27 + +[JC_167] +file = "HOME/tests/java/Arrays.java" +line = 100 +begin = 7 +end = 19 + +[JC_168] +file = "HOME/tests/java/Arrays.java" +line = 101 +begin = 8 +end = 206 + +[JC_169] +file = "HOME/tests/java/Arrays.java" +line = 100 +begin = 7 +end = 230 + +[JC_170] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_127] +[JC_171] +file = "HOME/tests/java/Arrays.jc" +line = 201 +begin = 9 +end = 1153 + +[JC_172] +file = "HOME/tests/java/Arrays.jc" +line = 201 +begin = 9 +end = 1153 + +[JC_173] +kind = PointerDeref file = "HOME/tests/java/Arrays.java" -line = 78 -begin = 7 -end = 13 +line = 108 +begin = 10 +end = 16 -[JC_128] +[JC_174] +kind = PointerDeref +file = "HOME/tests/java/Arrays.jc" +line = 219 +begin = 21 +end = 80 + +[JC_175] file = "HOME/tests/java/Arrays.java" -line = 78 -begin = 12 -end = 25 +line = 105 +begin = 18 +end = 19 -[JC_129] +[JC_176] +kind = UserCall file = "HOME/tests/java/Arrays.java" -line = 78 -begin = 29 -end = 35 +line = 107 +begin = 19 +end = 27 -[Arrays_findMax2_ensures_default] -name = "Method findMax2" -behavior = "Default behavior" +[JC_177] file = "HOME/tests/java/Arrays.java" -line = 74 -begin = 22 -end = 30 +line = 100 +begin = 7 +end = 19 -[JC_70] +[JC_178] file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 19 -end = 32 +line = 101 +begin = 8 +end = 206 -[JC_71] +[JC_179] file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 36 -end = 42 +line = 100 +begin = 7 +end = 230 -[JC_72] -file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 41 -end = 53 +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_20] +[JC_11] +file = "HOME/tests/java/Arrays.jc" +line = 42 +begin = 8 +end = 21 + +[JC_12] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_73] -file = "HOME/tests/java/Arrays.java" -line = 56 -begin = 14 -end = 23 +[JC_13] +file = "HOME/tests/java/Arrays.jc" +line = 45 +begin = 11 +end = 66 -[JC_21] +[JC_14] file = "HOME/tests/java/Arrays.jc" -line = 52 -begin = 8 -end = 23 +line = 44 +begin = 10 +end = 18 -[JC_74] -file = "HOME/tests/java/Arrays.java" -line = 56 -begin = 28 -end = 71 +[JC_15] +file = "HOME/tests/java/Arrays.jc" +line = 45 +begin = 11 +end = 66 -[Arrays_findMax_safety] -name = "Method findMax" -behavior = "Safety" -file = "HOME/tests/java/Arrays.java" -line = 51 -begin = 24 -end = 31 +[JC_16] +file = "HOME/tests/java/Arrays.jc" +line = 44 +begin = 10 +end = 18 -[JC_22] +[JC_17] file = "HOME/" line = 0 begin = -1 @@ -1828,106 +2025,113 @@ begin = -1 end = -1 -[JC_75] -file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 14 -end = 129 +[JC_18] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_23] +[JC_181] +file = "HOME/tests/java/Arrays.jc" +line = 201 +begin = 9 +end = 1153 + +[JC_19] file = "HOME/tests/java/Arrays.jc" -line = 52 +line = 48 begin = 8 -end = 23 +end = 30 -[JC_181] +[JC_182] +file = "HOME/tests/java/Arrays.jc" +line = 201 +begin = 9 +end = 1153 + +[JC_183] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_76] +[JC_184] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_24] +[JC_185] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_182] +[JC_186] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_130] -file = "HOME/tests/java/Arrays.java" -line = 78 -begin = 34 -end = 46 - -[JC_77] -file = "HOME/tests/java/Arrays.jc" -line = 88 -begin = 18 -end = 2047 +[JC_187] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_25] +[JC_188] file = "HOME/" line = 0 begin = -1 end = -1 -[Arrays_findMax2_ensures_max_found] -name = "Method findMax2" -behavior = "Normal behavior `max_found'" -file = "HOME/tests/java/Arrays.java" -line = 74 -begin = 22 -end = 30 +[JC_189] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_131] -file = "HOME/tests/java/Arrays.java" -line = 79 -begin = 14 -end = 23 +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_78] +[JC_21] file = "HOME/tests/java/Arrays.jc" -line = 88 -begin = 18 -end = 2047 +line = 48 +begin = 8 +end = 30 -[JC_26] +[JC_22] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_132] -file = "HOME/tests/java/Arrays.java" -line = 79 -begin = 27 -end = 40 +[JC_23] +file = "HOME/tests/java/Arrays.jc" +line = 51 +begin = 11 +end = 103 -[Arrays_findMax_ensures_default] -name = "Method findMax" -behavior = "Default behavior" -file = "HOME/tests/java/Arrays.java" +[JC_24] +file = "HOME/tests/java/Arrays.jc" +line = 50 +begin = 10 +end = 18 + +[JC_25] +file = "HOME/tests/java/Arrays.jc" line = 51 -begin = 24 -end = 31 +begin = 11 +end = 103 -[JC_79] -kind = UserCall -file = "HOME/tests/java/Arrays.java" -line = 59 -begin = 21 -end = 29 +[JC_26] +file = "HOME/tests/java/Arrays.jc" +line = 50 +begin = 10 +end = 18 [JC_27] file = "HOME/" @@ -1935,19 +2139,13 @@ begin = -1 end = -1 -[JC_133] -file = "HOME/tests/java/Arrays.java" -line = 78 -begin = 7 -end = 90 - -[JC_28] +[JC_190] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_134] +[JC_28] file = "HOME/" line = 0 begin = -1 @@ -1955,128 +2153,35 @@ [JC_29] file = "HOME/tests/java/Arrays.jc" -line = 54 -begin = 11 -end = 65 - -[JC_135] -file = "HOME/tests/java/Arrays.jc" -line = 148 -begin = 18 -end = 1821 - -[JC_136] -file = "HOME/tests/java/Arrays.jc" -line = 148 -begin = 18 -end = 1821 - -[JC_137] -kind = UserCall -file = "HOME/tests/java/Arrays.java" -line = 82 -begin = 19 -end = 27 - -[JC_138] -file = "HOME/tests/java/Arrays.java" -line = 78 -begin = 7 -end = 13 - -[JC_139] -file = "HOME/tests/java/Arrays.java" -line = 78 -begin = 12 -end = 25 - -[JC_80] -file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 14 -end = 20 - -[JC_81] -file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 19 -end = 32 - -[JC_82] -file = "HOME/tests/java/Arrays.java" line = 55 -begin = 36 -end = 42 +begin = 8 +end = 23 [JC_30] -file = "HOME/tests/java/Arrays.jc" -line = 54 -begin = 11 -end = 65 - -[JC_83] -file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 41 -end = 53 - -[JC_31] -file = "HOME/tests/java/Arrays.java" -line = 44 -begin = 17 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_84] -file = "HOME/tests/java/Arrays.java" -line = 56 -begin = 14 +[JC_31] +file = "HOME/tests/java/Arrays.jc" +line = 55 +begin = 8 end = 23 [JC_32] -file = "HOME/tests/java/Arrays.java" -line = 44 -begin = 30 -end = 43 - -[JC_85] -file = "HOME/tests/java/Arrays.java" -line = 56 -begin = 28 -end = 71 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_33] -file = "HOME/tests/java/Arrays.java" -line = 44 -begin = 35 -end = 52 - -[cons_Arrays_ensures_default] -name = "Constructor of class Arrays" -behavior = "Default behavior" file = "HOME/" line = 0 begin = -1 end = -1 -[JC_86] -file = "HOME/tests/java/Arrays.java" -line = 55 -begin = 14 -end = 129 - [JC_34] -file = "HOME/tests/java/Arrays.java" -line = 44 -begin = 17 -end = 52 - -[JC_140] -file = "HOME/tests/java/Arrays.java" -line = 78 -begin = 29 -end = 35 - -[JC_87] file = "HOME/" line = 0 begin = -1 @@ -2088,97 +2193,56 @@ begin = -1 end = -1 -[JC_141] -file = "HOME/tests/java/Arrays.java" -line = 78 -begin = 34 -end = 46 +[JC_36] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_88] +[JC_37] file = "HOME/tests/java/Arrays.jc" -line = 88 -begin = 18 -end = 2047 +line = 57 +begin = 11 +end = 65 -[JC_36] +[JC_38] +file = "HOME/tests/java/Arrays.jc" +line = 57 +begin = 11 +end = 65 + +[JC_39] file = "HOME/tests/java/Arrays.java" -line = 44 +line = 46 begin = 17 end = 26 -[JC_142] -file = "HOME/tests/java/Arrays.java" -line = 79 -begin = 14 -end = 23 - -[JC_89] -file = "HOME/tests/java/Arrays.jc" -line = 88 -begin = 18 -end = 2047 - -[JC_37] +[JC_100] file = "HOME/tests/java/Arrays.java" -line = 44 +line = 70 begin = 30 end = 43 -[JC_143] -file = "HOME/tests/java/Arrays.java" -line = 79 -begin = 27 -end = 40 - -[JC_38] -file = "HOME/tests/java/Arrays.java" -line = 44 -begin = 35 -end = 52 - -[JC_144] -file = "HOME/tests/java/Arrays.java" -line = 78 -begin = 7 -end = 90 +[cons_Arrays_safety] +name = "Constructor of class Arrays" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_39] +[JC_101] file = "HOME/tests/java/Arrays.java" -line = 44 +line = 70 begin = 17 -end = 52 +end = 43 -[JC_145] +[JC_102] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_146] -file = "HOME/tests/java/Arrays.jc" -line = 148 -begin = 18 -end = 1821 - -[JC_147] -file = "HOME/tests/java/Arrays.jc" -line = 148 -begin = 18 -end = 1821 - -[JC_148] -kind = UserCall -file = "HOME/tests/java/Arrays.java" -line = 82 -begin = 19 -end = 27 - -[JC_149] -file = "HOME/tests/java/Arrays.java" -line = 92 -begin = 17 -end = 26 - ========== file tests/java/why/Arrays.why ========== type Object @@ -2190,19 +2254,13 @@ axiom Arrays_parenttag_Object : parenttag(Arrays_tag, Object_tag) -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_1:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_1), (0)) + ge_int(offset_max(Object_alloc_table, x_1), (0)) predicate Non_null_intM(x_0:Object pointer, Object_alloc_table:Object alloc_table) = @@ -2223,14 +2281,10 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -2371,36 +2425,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Arrays(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -2448,32 +2472,32 @@ parameter Arrays_arrayShift : t_2:Object pointer -> { } unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_154: + { (JC_162: (forall i_0:int. ((lt_int((0), i_0) and lt_int(i_0, add_int(offset_max(Object_alloc_table, t_2), (1)))) -> - eq_int(select(intM_intP, shift(t_2, i_0)), - select(intM_intP@, shift(t_2@, sub_int(i_0@, (1)))))))) } + (select(intM_intP, shift(t_2, i_0)) = select(intM_intP@, + shift(t_2, sub_int(i_0, (1)))))))) } parameter Arrays_arrayShift_requires : t_2:Object pointer -> - { (JC_149: Non_null_intM(t_2, Object_alloc_table))} unit + { (JC_157: Non_null_intM(t_2, Object_alloc_table))} unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_154: + { (JC_162: (forall i_0:int. ((lt_int((0), i_0) and lt_int(i_0, add_int(offset_max(Object_alloc_table, t_2), (1)))) -> - eq_int(select(intM_intP, shift(t_2, i_0)), - select(intM_intP@, shift(t_2@, sub_int(i_0@, (1)))))))) } + (select(intM_intP, shift(t_2, i_0)) = select(intM_intP@, + shift(t_2, sub_int(i_0, (1)))))))) } parameter Arrays_findMax : t_0:Object pointer -> { } int reads Object_alloc_table,intM_intP - { (JC_52: - ((JC_49: le_int((0), result)) - and ((JC_50: + { (JC_60: + ((JC_57: le_int((0), result)) + and ((JC_58: lt_int(result, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and (JC_51: + and (JC_59: (forall i_4:int. ((le_int((0), i_4) and lt_int(i_4, @@ -2484,46 +2508,46 @@ parameter Arrays_findMax2 : t_1:Object pointer -> { } int reads Object_alloc_table,intM_intP - { (JC_110: - ((JC_107: le_int((0), result)) - and ((JC_108: + { (JC_118: + ((JC_115: le_int((0), result)) + and ((JC_116: lt_int(result, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and (JC_109: + and (JC_117: is_max(t_1, result, add_int(offset_max(Object_alloc_table, t_1), (1)), Object_alloc_table, intM_intP))))) } parameter Arrays_findMax2_requires : t_1:Object pointer -> - { (JC_93: - ((JC_91: Non_null_intM(t_1, Object_alloc_table)) - and (JC_92: + { (JC_101: + ((JC_99: Non_null_intM(t_1, Object_alloc_table)) + and (JC_100: ge_int(add_int(offset_max(Object_alloc_table, t_1), (1)), (1)))))} int reads Object_alloc_table,intM_intP - { (JC_110: - ((JC_107: le_int((0), result)) - and ((JC_108: + { (JC_118: + ((JC_115: le_int((0), result)) + and ((JC_116: lt_int(result, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and (JC_109: + and (JC_117: is_max(t_1, result, add_int(offset_max(Object_alloc_table, t_1), (1)), Object_alloc_table, intM_intP))))) } parameter Arrays_findMax_requires : t_0:Object pointer -> - { (JC_34: - ((JC_31: Non_null_intM(t_0, Object_alloc_table)) - and ((JC_32: + { (JC_42: + ((JC_39: Non_null_intM(t_0, Object_alloc_table)) + and ((JC_40: le_int((1), add_int(offset_max(Object_alloc_table, t_0), (1)))) - and (JC_33: + and (JC_41: le_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (32767))))))} int reads Object_alloc_table,intM_intP - { (JC_52: - ((JC_49: le_int((0), result)) - and ((JC_50: + { (JC_60: + ((JC_57: le_int((0), result)) + and ((JC_58: lt_int(result, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and (JC_51: + and (JC_59: (forall i_4:int. ((le_int((0), i_4) and lt_int(i_4, @@ -2531,133 +2555,17 @@ le_int(select(intM_intP, shift(t_0, i_4)), select(intM_intP, shift(t_0, result))))))))) } -parameter Object_tag_table : Object tag_table ref - -parameter alloc_bitvector_struct_Arrays : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Arrays(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Arrays_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Arrays(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Exception_exc of Object pointer -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_intM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_intM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Arrays : n:int -> @@ -2824,6 +2732,10 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_Arrays : this_0:Object pointer -> { } unit reads Object_alloc_table { true } @@ -2833,51 +2745,51 @@ parameter java_array_length_intM : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter java_array_length_intM_requires : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter non_null_Object : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_Object_requires : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_intM : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_intM_requires : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } let Arrays_arrayShift_ensures_default = fun (t_2 : Object pointer) -> { (left_valid_struct_intM(t_2, (0), Object_alloc_table) - and (JC_151: Non_null_intM(t_2, Object_alloc_table))) } + and (JC_159: Non_null_intM(t_2, Object_alloc_table))) } (init: try begin @@ -2885,34 +2797,34 @@ ref (K_64: ((sub_int (K_63: (let jessie_ = t_2 in - (JC_168: (java_array_length_intM jessie_))))) (1))) in + (JC_176: (java_array_length_intM jessie_))))) (1))) in try (loop_8: while true do { invariant - (JC_171: - ((JC_169: + (JC_179: + ((JC_177: lt_int(j_0, add_int(offset_max(Object_alloc_table, t_2), (1)))) - and (JC_170: + and (JC_178: (gt_int(add_int(offset_max(Object_alloc_table, t_2), (1)), (0)) -> (le_int((0), j_0) and ((forall i_1:int. ((le_int((0), i_1) and le_int(i_1, j_0)) -> - eq_int(select(intM_intP, shift(t_2, i_1)), - select(intM_intP@init, shift(t_2@init, i_1@init))))) + (select(intM_intP, shift(t_2, i_1)) = select(intM_intP@init, + shift(t_2, i_1))))) and (forall i_2:int. ((lt_int(j_0, i_2) and lt_int(i_2, add_int(offset_max(Object_alloc_table, t_2), (1)))) -> - eq_int(select(intM_intP, shift(t_2, i_2)), - select(intM_intP@init, - shift(t_2@init, sub_int(i_2@init, (1))))))))))))) + (select(intM_intP, shift(t_2, i_2)) = select(intM_intP@init, + shift(t_2, + sub_int(i_2, + (1))))))))))))) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_73: ((gt_int_ !j_0) (0))) then @@ -2926,9 +2838,8 @@ (let jessie_ = ((shift jessie_) jessie_) in begin (((safe_upd_ intM_intP) jessie_) jessie_); jessie_ end))))) in - void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_72: @@ -2938,17 +2849,17 @@ jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (raise Return) end with Return -> void end) - { (JC_153: + { (JC_161: (forall i_0:int. ((lt_int((0), i_0) and lt_int(i_0, add_int(offset_max(Object_alloc_table, t_2), (1)))) -> - eq_int(select(intM_intP, shift(t_2, i_0)), - select(intM_intP@, shift(t_2@, sub_int(i_0@, (1)))))))) } + (select(intM_intP, shift(t_2, i_0)) = select(intM_intP@, + shift(t_2, sub_int(i_0, (1)))))))) } let Arrays_arrayShift_safety = fun (t_2 : Object pointer) -> { (left_valid_struct_intM(t_2, (0), Object_alloc_table) - and (JC_151: Non_null_intM(t_2, Object_alloc_table))) } + and (JC_159: Non_null_intM(t_2, Object_alloc_table))) } (init: try begin @@ -2956,37 +2867,38 @@ ref (K_64: ((sub_int (K_63: (let jessie_ = t_2 in - (JC_158: + (JC_166: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_157: (java_array_length_intM_requires jessie_))))))) (1))) in + (JC_165: (java_array_length_intM_requires jessie_))))))) (1))) in try (loop_7: while true do - { invariant (JC_163: true) variant (JC_167 : j_0) } + { invariant (JC_171: true) variant (JC_175 : j_0) } begin [ { } unit reads Object_alloc_table,intM_intP,j_0 - { (JC_161: - ((JC_159: + { (JC_169: + ((JC_167: lt_int(j_0, add_int(offset_max(Object_alloc_table, t_2), (1)))) - and (JC_160: + and (JC_168: (gt_int(add_int(offset_max(Object_alloc_table, t_2), (1)), (0)) -> (le_int((0), j_0) and ((forall i_1:int. ((le_int((0), i_1) and le_int(i_1, j_0)) -> - eq_int(select(intM_intP, shift(t_2, i_1)), - select(intM_intP@init, shift(t_2@init, i_1@init))))) + (select(intM_intP, shift(t_2, i_1)) = select(intM_intP@init, + shift(t_2, + i_1))))) and (forall i_2:int. ((lt_int(j_0, i_2) and lt_int(i_2, add_int(offset_max(Object_alloc_table, t_2), (1)))) -> - eq_int(select(intM_intP, shift(t_2, i_2)), - select(intM_intP@init, - shift(t_2@init, sub_int(i_2@init, (1))))))))))))) } ]; + (select(intM_intP, shift(t_2, i_2)) = select(intM_intP@init, + shift(t_2, + sub_int(i_2, + (1))))))))))))) } ]; try - (let jessie_ = begin (if (K_73: ((gt_int_ !j_0) (0))) then @@ -2994,18 +2906,17 @@ (K_71: (let jessie_ = (K_70: - (JC_165: + (JC_173: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_2) (K_69: ((sub_int !j_0) (1)))))) in (let jessie_ = t_2 in (let jessie_ = !j_0 in (let jessie_ = ((shift jessie_) jessie_) in begin - (JC_166: + (JC_174: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)); - jessie_ end))))) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + jessie_ end))))) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_72: @@ -3019,9 +2930,9 @@ let Arrays_findMax2_ensures_default = fun (t_1 : Object pointer) -> { (left_valid_struct_intM(t_1, (0), Object_alloc_table) - and (JC_97: - ((JC_95: Non_null_intM(t_1, Object_alloc_table)) - and (JC_96: + and (JC_105: + ((JC_103: Non_null_intM(t_1, Object_alloc_table)) + and (JC_104: ge_int(add_int(offset_max(Object_alloc_table, t_1), (1)), (1)))))) } (init: (let return = ref (any_int void) in @@ -3035,29 +2946,27 @@ (loop_5: while true do { invariant - (JC_133: - ((JC_127: le_int((1), i_3)) - and ((JC_128: + (JC_141: + ((JC_135: le_int((1), i_3)) + and ((JC_136: le_int(i_3, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and ((JC_129: le_int((0), r)) - and ((JC_130: + and ((JC_137: le_int((0), r)) + and ((JC_138: lt_int(r, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and ((JC_131: - eq_int(m, select(intM_intP, shift(t_1, r)))) - and (JC_132: + and ((JC_139: (m = select(intM_intP, shift(t_1, r)))) + and (JC_140: is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_58: ((lt_int_ !i_3) (K_57: (let jessie_ = t_1 in - (JC_137: (java_array_length_intM jessie_)))))) + (JC_145: (java_array_length_intM jessie_)))))) then (if (K_55: ((gt_int_ (K_54: @@ -3067,9 +2976,8 @@ begin (let jessie_ = (r := !i_3) in void); (m := (K_53: ((safe_acc_ !intM_intP) ((shift t_1) !i_3)))); - !m end in void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + !m end in void) else void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_56: @@ -3078,14 +2986,14 @@ (let jessie_ = (i_3 := ((add_int jessie_) (1))) in void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := !r); (raise Return) - end)); absurd end with Return -> !return end)) { (JC_99: true) } + end)); absurd end with Return -> !return end)) { (JC_107: true) } let Arrays_findMax2_ensures_max_found = fun (t_1 : Object pointer) -> { (left_valid_struct_intM(t_1, (0), Object_alloc_table) - and (JC_97: - ((JC_95: Non_null_intM(t_1, Object_alloc_table)) - and (JC_96: + and (JC_105: + ((JC_103: Non_null_intM(t_1, Object_alloc_table)) + and (JC_104: ge_int(add_int(offset_max(Object_alloc_table, t_1), (1)), (1)))))) } (init: (let return = ref (any_int void) in @@ -3098,30 +3006,29 @@ try (loop_6: while true do - { invariant (JC_146: true) } + { invariant (JC_154: true) } begin [ { } unit reads Object_alloc_table,i_3,intM_intP,m,r - { (JC_144: - ((JC_138: le_int((1), i_3)) - and ((JC_139: + { (JC_152: + ((JC_146: le_int((1), i_3)) + and ((JC_147: le_int(i_3, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and ((JC_140: le_int((0), r)) - and ((JC_141: + and ((JC_148: le_int((0), r)) + and ((JC_149: lt_int(r, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and ((JC_142: - eq_int(m, select(intM_intP, shift(t_1, r)))) - and (JC_143: + and ((JC_150: + (m = select(intM_intP, shift(t_1, r)))) + and (JC_151: is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) } ]; try - (let jessie_ = begin (if (K_58: ((lt_int_ !i_3) (K_57: (let jessie_ = t_1 in - (JC_148: (java_array_length_intM jessie_)))))) + (JC_156: (java_array_length_intM jessie_)))))) then (if (K_55: ((gt_int_ (K_54: @@ -3131,9 +3038,8 @@ begin (let jessie_ = (r := !i_3) in void); (m := (K_53: ((safe_acc_ !intM_intP) ((shift t_1) !i_3)))); - !m end in void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + !m end in void) else void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_56: @@ -3143,11 +3049,11 @@ jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := !r); (raise Return) end)); absurd end with Return -> !return end)) - { (JC_106: - ((JC_103: le_int((0), result)) - and ((JC_104: + { (JC_114: + ((JC_111: le_int((0), result)) + and ((JC_112: lt_int(result, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and (JC_105: + and (JC_113: is_max(t_1, result, add_int(offset_max(Object_alloc_table, t_1), (1)), Object_alloc_table, intM_intP))))) } @@ -3155,9 +3061,9 @@ let Arrays_findMax2_safety = fun (t_1 : Object pointer) -> { (left_valid_struct_intM(t_1, (0), Object_alloc_table) - and (JC_97: - ((JC_95: Non_null_intM(t_1, Object_alloc_table)) - and (JC_96: + and (JC_105: + ((JC_103: Non_null_intM(t_1, Object_alloc_table)) + and (JC_104: ge_int(add_int(offset_max(Object_alloc_table, t_1), (1)), (1)))))) } (init: (let return = ref (any_int void) in @@ -3165,7 +3071,7 @@ begin (let m = ref (K_60: - (JC_111: + (JC_119: ((((lsafe_lbound_acc_ !Object_alloc_table) !intM_intP) t_1) (0)))) in (let r = ref (K_59: (0)) in begin @@ -3173,55 +3079,53 @@ try (loop_4: while true do - { invariant (JC_120: true) - variant (JC_126 : sub_int(add_int(offset_max(Object_alloc_table, + { invariant (JC_128: true) + variant (JC_134 : sub_int(add_int(offset_max(Object_alloc_table, t_1), (1)), i_3)) } begin [ { } unit reads Object_alloc_table,i_3,intM_intP,m,r - { (JC_118: - ((JC_112: le_int((1), i_3)) - and ((JC_113: + { (JC_126: + ((JC_120: le_int((1), i_3)) + and ((JC_121: le_int(i_3, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and ((JC_114: le_int((0), r)) - and ((JC_115: + and ((JC_122: le_int((0), r)) + and ((JC_123: lt_int(r, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and ((JC_116: - eq_int(m, select(intM_intP, shift(t_1, r)))) - and (JC_117: + and ((JC_124: + (m = select(intM_intP, shift(t_1, r)))) + and (JC_125: is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) } ]; try - (let jessie_ = begin (if (K_58: ((lt_int_ !i_3) (K_57: (let jessie_ = t_1 in - (JC_123: + (JC_131: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_122: + (JC_130: (java_array_length_intM_requires jessie_)))))))) then (if (K_55: ((gt_int_ (K_54: - (JC_124: + (JC_132: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_1) !i_3)))) !m)) then (let jessie_ = begin (let jessie_ = (r := !i_3) in void); (m := (K_53: - (JC_125: + (JC_133: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_1) !i_3)))); - !m end in void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + !m end in void) else void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_56: @@ -3235,11 +3139,11 @@ let Arrays_findMax_ensures_default = fun (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_39: - ((JC_36: Non_null_intM(t_0, Object_alloc_table)) - and ((JC_37: + and (JC_47: + ((JC_44: Non_null_intM(t_0, Object_alloc_table)) + and ((JC_45: le_int((1), add_int(offset_max(Object_alloc_table, t_0), (1)))) - and (JC_38: + and (JC_46: le_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (32767))))))) } (init: @@ -3254,18 +3158,18 @@ (loop_2: while true do { invariant - (JC_75: - ((JC_69: le_int((1), i_5)) - and ((JC_70: + (JC_83: + ((JC_77: le_int((1), i_5)) + and ((JC_78: le_int(i_5, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_71: le_int((0), r_0)) - and ((JC_72: + and ((JC_79: le_int((0), r_0)) + and ((JC_80: lt_int(r_0, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_73: - eq_int(m_0, select(intM_intP, shift(t_0, r_0)))) - and (JC_74: + and ((JC_81: + (m_0 = select(intM_intP, shift(t_0, r_0)))) + and (JC_82: (forall j_1:int. ((le_int((0), j_1) and lt_int(j_1, i_5)) -> le_int(select(intM_intP, shift(t_0, j_1)), @@ -3273,12 +3177,11 @@ begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_29: ((lt_int_ !i_5) (K_28: (let jessie_ = t_0 in - (JC_79: (java_array_length_intM jessie_)))))) + (JC_87: (java_array_length_intM jessie_)))))) then (if (K_26: ((gt_int_ (K_25: @@ -3289,8 +3192,8 @@ (let jessie_ = (r_0 := !i_5) in void); (m_0 := (K_24: ((safe_acc_ !intM_intP) ((shift t_0) !i_5)))); !m_0 end in void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_27: @@ -3299,16 +3202,16 @@ (let jessie_ = (i_5 := ((add_int jessie_) (1))) in void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := !r_0); (raise Return) - end)); absurd end with Return -> !return end)) { (JC_41: true) } + end)); absurd end with Return -> !return end)) { (JC_49: true) } let Arrays_findMax_ensures_max_found = fun (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_39: - ((JC_36: Non_null_intM(t_0, Object_alloc_table)) - and ((JC_37: + and (JC_47: + ((JC_44: Non_null_intM(t_0, Object_alloc_table)) + and ((JC_45: le_int((1), add_int(offset_max(Object_alloc_table, t_0), (1)))) - and (JC_38: + and (JC_46: le_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (32767))))))) } (init: @@ -3322,34 +3225,32 @@ try (loop_3: while true do - { invariant (JC_88: true) } + { invariant (JC_96: true) } begin [ { } unit reads Object_alloc_table,i_5,intM_intP,m_0,r_0 - { (JC_86: - ((JC_80: le_int((1), i_5)) - and ((JC_81: + { (JC_94: + ((JC_88: le_int((1), i_5)) + and ((JC_89: le_int(i_5, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_82: le_int((0), r_0)) - and ((JC_83: + and ((JC_90: le_int((0), r_0)) + and ((JC_91: lt_int(r_0, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_84: - eq_int(m_0, - select(intM_intP, shift(t_0, r_0)))) - and (JC_85: + and ((JC_92: + (m_0 = select(intM_intP, shift(t_0, r_0)))) + and (JC_93: (forall j_1:int. ((le_int((0), j_1) and lt_int(j_1, i_5)) -> le_int(select(intM_intP, shift(t_0, j_1)), m_0)))))))))) } ]; try - (let jessie_ = begin (if (K_29: ((lt_int_ !i_5) (K_28: (let jessie_ = t_0 in - (JC_90: (java_array_length_intM jessie_)))))) + (JC_98: (java_array_length_intM jessie_)))))) then (if (K_26: ((gt_int_ (K_25: @@ -3360,8 +3261,8 @@ (let jessie_ = (r_0 := !i_5) in void); (m_0 := (K_24: ((safe_acc_ !intM_intP) ((shift t_0) !i_5)))); !m_0 end in void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_27: @@ -3371,11 +3272,11 @@ jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := !r_0); (raise Return) end)); absurd end with Return -> !return end)) - { (JC_48: - ((JC_45: le_int((0), result)) - and ((JC_46: + { (JC_56: + ((JC_53: le_int((0), result)) + and ((JC_54: lt_int(result, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and (JC_47: + and (JC_55: (forall i_4:int. ((le_int((0), i_4) and lt_int(i_4, @@ -3386,11 +3287,11 @@ let Arrays_findMax_safety = fun (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_39: - ((JC_36: Non_null_intM(t_0, Object_alloc_table)) - and ((JC_37: + and (JC_47: + ((JC_44: Non_null_intM(t_0, Object_alloc_table)) + and ((JC_45: le_int((1), add_int(offset_max(Object_alloc_table, t_0), (1)))) - and (JC_38: + and (JC_46: le_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (32767))))))) } (init: @@ -3399,7 +3300,7 @@ begin (let m_0 = ref (K_31: - (JC_53: + (JC_61: ((((lsafe_lbound_acc_ !Object_alloc_table) !intM_intP) t_0) (0)))) in (let r_0 = ref (K_30: (0)) in begin @@ -3407,412 +3308,410 @@ try (loop_1: while true do - { invariant (JC_62: true) - variant (JC_68 : sub_int(add_int(offset_max(Object_alloc_table, + { invariant (JC_70: true) + variant (JC_76 : sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), i_5)) } begin [ { } unit reads Object_alloc_table,i_5,intM_intP,m_0,r_0 - { (JC_60: - ((JC_54: le_int((1), i_5)) - and ((JC_55: + { (JC_68: + ((JC_62: le_int((1), i_5)) + and ((JC_63: le_int(i_5, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_56: le_int((0), r_0)) - and ((JC_57: + and ((JC_64: le_int((0), r_0)) + and ((JC_65: lt_int(r_0, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_58: - eq_int(m_0, - select(intM_intP, shift(t_0, r_0)))) - and (JC_59: + and ((JC_66: + (m_0 = select(intM_intP, shift(t_0, r_0)))) + and (JC_67: (forall j_1:int. ((le_int((0), j_1) and lt_int(j_1, i_5)) -> le_int(select(intM_intP, shift(t_0, j_1)), m_0)))))))))) } ]; try - (let jessie_ = begin (if (K_29: ((lt_int_ !i_5) (K_28: (let jessie_ = t_0 in - (JC_65: + (JC_73: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_64: + (JC_72: (java_array_length_intM_requires jessie_)))))))) then (if (K_26: ((gt_int_ (K_25: - (JC_66: + (JC_74: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) !i_5)))) !m_0)) then (let jessie_ = begin (let jessie_ = (r_0 := !i_5) in void); (m_0 := (K_24: - (JC_67: - ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) !i_5)))); - !m_0 end in void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with - Loop_continue_exc jessie_ -> - (let jessie_ = - (K_27: - (let jessie_ = !i_5 in - begin - (let jessie_ = (i_5 := ((add_int jessie_) (1))) in void); - jessie_ end)) in void) end end done) with - Loop_exit_exc jessie_ -> void end); (return := !r_0); (raise Return) - end)); absurd end with Return -> !return end)) { true } - -let cons_Arrays_ensures_default = - fun (this_0 : Object pointer) -> - { valid_struct_Arrays(this_0, (0), (0), Object_alloc_table) } - (init: try begin void; (raise Return) end with Return -> void end) - { (JC_179: true) } - -let cons_Arrays_safety = - fun (this_0 : Object pointer) -> - { valid_struct_Arrays(this_0, (0), (0), Object_alloc_table) } - (init: try begin void; (raise Return) end with Return -> void end) - { true } - - -========== make project execution ========== -why --project [...] why/Arrays.why -========== file tests/java/why/Arrays.wpr ========== - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + (JC_75: + ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) !i_5)))); + !m_0 end in void) else void) + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> + (let jessie_ = + (K_27: + (let jessie_ = !i_5 in + begin + (let jessie_ = (i_5 := ((add_int jessie_) (1))) in void); + jessie_ end)) in void) end end done) with + Loop_exit_exc jessie_ -> void end); (return := !r_0); (raise Return) + end)); absurd end with Return -> !return end)) { true } + +let cons_Arrays_ensures_default = + fun (this_0 : Object pointer) -> + { valid_struct_Arrays(this_0, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_187: true) } + +let cons_Arrays_safety = + fun (this_0 : Object pointer) -> + { valid_struct_Arrays(this_0, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + + +========== make project execution ========== +why --project [...] why/Arrays.why +========== file tests/java/why/Arrays.wpr ========== + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - - - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - - + + + - - + + - - + + - + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - - - - + + + + + + - - + + - - + + - - - + + + - - - + + + - - + + - - + + - + + + + + + + + + + + + + + + + + + - + - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -4764,7 +4663,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -4929,36 +4828,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Arrays(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -4999,6 +4868,19 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/Arrays_po1.why ========== +goal Arrays_arrayShift_ensures_default_po_1: + forall t_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_2, 0, Object_alloc_table) and + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> + ("JC_179": + ("JC_177": ((result - 1) < (offset_max(Object_alloc_table, t_2) + 1)))) + ========== file tests/java/why/Arrays_po10.why ========== goal Arrays_arrayShift_safety_po_2: forall t_2:Object pointer. @@ -5006,19 +4888,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -5038,19 +4920,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -5070,19 +4952,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -5106,19 +4988,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -5142,19 +5024,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -5176,7 +5058,7 @@ (intM_intP1 = store(intM_intP0, shift(t_2, j_0), result0)) -> forall j_0_0:int. (j_0_0 = (j_0 - 1)) -> - (0 <= ("JC_167": j_0)) + (0 <= ("JC_175": j_0)) ========== file tests/java/why/Arrays_po15.why ========== goal Arrays_arrayShift_safety_po_7: @@ -5185,19 +5067,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -5219,7 +5101,7 @@ (intM_intP1 = store(intM_intP0, shift(t_2, j_0), result0)) -> forall j_0_0:int. (j_0_0 = (j_0 - 1)) -> - (("JC_167": j_0_0) < ("JC_167": j_0)) + (("JC_175": j_0_0) < ("JC_175": j_0)) ========== file tests/java/why/Arrays_po16.why ========== goal Arrays_findMax2_ensures_default_po_1: @@ -5228,12 +5110,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": ("JC_127": ("JC_127": (1 <= 1)))) + ("JC_141": ("JC_135": (1 <= 1))) ========== file tests/java/why/Arrays_po17.why ========== goal Arrays_findMax2_ensures_default_po_2: @@ -5242,13 +5124,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": - ("JC_128": ("JC_128": (1 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": ("JC_136": (1 <= (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/Arrays_po18.why ========== goal Arrays_findMax2_ensures_default_po_3: @@ -5257,12 +5138,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": ("JC_129": ("JC_129": (0 <= 0)))) + ("JC_141": ("JC_137": (0 <= 0))) ========== file tests/java/why/Arrays_po19.why ========== goal Arrays_findMax2_ensures_default_po_4: @@ -5271,27 +5152,25 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": - ("JC_130": ("JC_130": (0 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": ("JC_138": (0 < (offset_max(Object_alloc_table, t_1) + 1)))) -========== file tests/java/why/Arrays_po1.why ========== -goal Arrays_arrayShift_ensures_default_po_1: +========== file tests/java/why/Arrays_po2.why ========== +goal Arrays_arrayShift_ensures_default_po_2: forall t_2:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> - ("JC_171": - ("JC_169": - ("JC_169": ((result - 1) < (offset_max(Object_alloc_table, t_2) + 1))))) + ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> + ("JC_179": ("JC_178": (0 <= (result - 1)))) ========== file tests/java/why/Arrays_po20.why ========== goal Arrays_findMax2_ensures_default_po_5: @@ -5300,13 +5179,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": - ("JC_131": ("JC_131": (result = select(intM_intP, shift(t_1, 0)))))) + ("JC_141": ("JC_139": (result = select(intM_intP, shift(t_1, 0))))) ========== file tests/java/why/Arrays_po21.why ========== goal Arrays_findMax2_ensures_default_po_6: @@ -5315,13 +5193,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": - ("JC_132": ("JC_132": is_max(t_1, 0, 1, Object_alloc_table, intM_intP)))) + ("JC_141": ("JC_140": is_max(t_1, 0, 1, Object_alloc_table, intM_intP))) ========== file tests/java/why/Arrays_po22.why ========== goal Arrays_findMax2_ensures_default_po_7: @@ -5330,23 +5207,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5361,7 +5238,7 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": ("JC_127": ("JC_127": (1 <= i_3_0)))) + ("JC_141": ("JC_135": (1 <= i_3_0))) ========== file tests/java/why/Arrays_po23.why ========== goal Arrays_findMax2_ensures_default_po_8: @@ -5370,23 +5247,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5401,9 +5278,8 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_128": - ("JC_128": (i_3_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": + ("JC_136": (i_3_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/Arrays_po24.why ========== goal Arrays_findMax2_ensures_default_po_9: @@ -5412,23 +5288,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5443,7 +5319,7 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": ("JC_129": ("JC_129": (0 <= r0)))) + ("JC_141": ("JC_137": (0 <= r0))) ========== file tests/java/why/Arrays_po25.why ========== goal Arrays_findMax2_ensures_default_po_10: @@ -5452,23 +5328,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5483,8 +5359,7 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_130": ("JC_130": (r0 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": ("JC_138": (r0 < (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/Arrays_po26.why ========== goal Arrays_findMax2_ensures_default_po_11: @@ -5493,23 +5368,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5524,8 +5399,7 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_131": ("JC_131": (m0 = select(intM_intP, shift(t_1, r0)))))) + ("JC_141": ("JC_139": (m0 = select(intM_intP, shift(t_1, r0))))) ========== file tests/java/why/Arrays_po27.why ========== goal Arrays_findMax2_ensures_default_po_12: @@ -5534,23 +5408,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5565,9 +5439,8 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_132": - ("JC_132": is_max(t_1, r0, i_3_0, Object_alloc_table, intM_intP)))) + ("JC_141": + ("JC_140": is_max(t_1, r0, i_3_0, Object_alloc_table, intM_intP))) ========== file tests/java/why/Arrays_po28.why ========== goal Arrays_findMax2_ensures_default_po_13: @@ -5576,23 +5449,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5601,7 +5474,7 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": ("JC_127": ("JC_127": (1 <= i_3_0)))) + ("JC_141": ("JC_135": (1 <= i_3_0))) ========== file tests/java/why/Arrays_po29.why ========== goal Arrays_findMax2_ensures_default_po_14: @@ -5610,23 +5483,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5635,22 +5508,27 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_128": - ("JC_128": (i_3_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": + ("JC_136": (i_3_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) -========== file tests/java/why/Arrays_po2.why ========== -goal Arrays_arrayShift_ensures_default_po_2: +========== file tests/java/why/Arrays_po3.why ========== +goal Arrays_arrayShift_ensures_default_po_3: forall t_2:Object pointer. forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> - ("JC_171": ("JC_170": (0 <= (result - 1)))) + forall i_2:int. + (((result - 1) < i_2) and (i_2 < (offset_max(Object_alloc_table, t_2) + 1))) -> + ("JC_179": + ("JC_178": (select(intM_intP, shift(t_2, i_2)) = select(intM_intP, + shift(t_2, (i_2 - 1)))))) ========== file tests/java/why/Arrays_po30.why ========== goal Arrays_findMax2_ensures_default_po_15: @@ -5659,23 +5537,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5684,7 +5562,7 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": ("JC_129": ("JC_129": (0 <= r)))) + ("JC_141": ("JC_137": (0 <= r))) ========== file tests/java/why/Arrays_po31.why ========== goal Arrays_findMax2_ensures_default_po_16: @@ -5693,23 +5571,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5718,8 +5596,7 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_130": ("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": ("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/Arrays_po32.why ========== goal Arrays_findMax2_ensures_default_po_17: @@ -5728,23 +5605,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5753,7 +5630,7 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": ("JC_131": ("JC_131": (m = select(intM_intP, shift(t_1, r)))))) + ("JC_141": ("JC_139": (m = select(intM_intP, shift(t_1, r))))) ========== file tests/java/why/Arrays_po33.why ========== goal Arrays_findMax2_ensures_default_po_18: @@ -5762,23 +5639,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -5787,9 +5664,8 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_132": - ("JC_132": is_max(t_1, r, i_3_0, Object_alloc_table, intM_intP)))) + ("JC_141": + ("JC_140": is_max(t_1, r, i_3_0, Object_alloc_table, intM_intP))) ========== file tests/java/why/Arrays_po34.why ========== goal Arrays_findMax2_ensures_max_found_po_1: @@ -5798,30 +5674,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_146": true) -> - ("JC_144": - (("JC_138": (1 <= i_3)) and - (("JC_139": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_140": (0 <= r)) and - (("JC_141": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_142": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_143": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_154": true) -> + ("JC_152": + (("JC_146": (1 <= i_3)) and + (("JC_147": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_148": (0 <= r)) and + (("JC_149": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_150": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_151": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 >= result0) -> forall return:int. (return = r) -> - ("JC_106": ("JC_103": ("JC_103": (0 <= return)))) + ("JC_114": ("JC_111": (0 <= return))) ========== file tests/java/why/Arrays_po35.why ========== goal Arrays_findMax2_ensures_max_found_po_2: @@ -5830,32 +5706,31 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_146": true) -> - ("JC_144": - (("JC_138": (1 <= i_3)) and - (("JC_139": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_140": (0 <= r)) and - (("JC_141": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_142": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_143": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_154": true) -> + ("JC_152": + (("JC_146": (1 <= i_3)) and + (("JC_147": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_148": (0 <= r)) and + (("JC_149": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_150": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_151": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 >= result0) -> forall return:int. (return = r) -> - ("JC_106": - ("JC_104": - ("JC_104": (return < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_114": + ("JC_112": (return < (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/Arrays_po36.why ========== goal Arrays_findMax2_ensures_max_found_po_3: @@ -5864,42 +5739,41 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_146": true) -> - ("JC_144": - (("JC_138": (1 <= i_3)) and - (("JC_139": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_140": (0 <= r)) and - (("JC_141": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_142": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_143": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_154": true) -> + ("JC_152": + (("JC_146": (1 <= i_3)) and + (("JC_147": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_148": (0 <= r)) and + (("JC_149": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_150": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_151": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 >= result0) -> forall return:int. (return = r) -> - ("JC_106": - ("JC_105": - ("JC_105": is_max(t_1, return, (offset_max(Object_alloc_table, t_1) + 1), - Object_alloc_table, intM_intP)))) + ("JC_114": + ("JC_113": is_max(t_1, return, (offset_max(Object_alloc_table, t_1) + 1), + Object_alloc_table, intM_intP))) ========== file tests/java/why/Arrays_po37.why ========== goal Arrays_findMax2_safety_po_1: forall t_1:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) ========== file tests/java/why/Arrays_po38.why ========== @@ -5909,23 +5783,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) ========== file tests/java/why/Arrays_po39.why ========== @@ -5935,49 +5809,67 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> (offset_min(Object_alloc_table, t_1) <= i_3) -========== file tests/java/why/Arrays_po3.why ========== -goal Arrays_arrayShift_ensures_default_po_3: +========== file tests/java/why/Arrays_po4.why ========== +goal Arrays_arrayShift_ensures_default_po_4: forall t_2:Object pointer. forall Object_alloc_table:Object alloc_table. forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> - ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> - forall i_2:int. - (((result - 1) < i_2) and (i_2 < (offset_max(Object_alloc_table, t_2) + 1))) -> - ("JC_171": - ("JC_170": (select(intM_intP, shift(t_2, i_2)) = select(intM_intP, - shift(t_2, (i_2 - 1)))))) + forall intM_intP0:(Object, + int) memory. + forall j_0:int. + ("JC_179": + (("JC_177": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_178": + (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> + ((0 <= j_0) and + ((forall i_1:int. + (((0 <= i_1) and (i_1 <= j_0)) -> (select(intM_intP0, shift(t_2, + i_1)) = select(intM_intP, shift(t_2, i_1))))) and + (forall i_2:int. + (((j_0 < i_2) and (i_2 < (offset_max(Object_alloc_table, t_2) + 1))) -> + (select(intM_intP0, shift(t_2, i_2)) = select(intM_intP, shift(t_2, + (i_2 - 1)))))))))))) -> + (j_0 > 0) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t_2, (j_0 - 1)))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t_2, j_0), result0)) -> + forall j_0_0:int. + (j_0_0 = (j_0 - 1)) -> + ("JC_179": ("JC_177": (j_0_0 < (offset_max(Object_alloc_table, t_2) + 1)))) ========== file tests/java/why/Arrays_po40.why ========== goal Arrays_findMax2_safety_po_4: @@ -5986,26 +5878,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -6018,26 +5910,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -6056,7 +5948,7 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (0 <= ("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) + (0 <= ("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) ========== file tests/java/why/Arrays_po42.why ========== goal Arrays_findMax2_safety_po_6: @@ -6065,26 +5957,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -6103,8 +5995,8 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3_0)) < - ("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) + (("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3_0)) < + ("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) ========== file tests/java/why/Arrays_po43.why ========== goal Arrays_findMax2_safety_po_7: @@ -6113,26 +6005,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -6143,7 +6035,7 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (0 <= ("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) + (0 <= ("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) ========== file tests/java/why/Arrays_po44.why ========== goal Arrays_findMax2_safety_po_8: @@ -6152,26 +6044,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -6182,8 +6074,8 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3_0)) < - ("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) + (("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3_0)) < + ("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) ========== file tests/java/why/Arrays_po45.why ========== goal Arrays_findMax_ensures_default_po_1: @@ -6192,13 +6084,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": ("JC_69": ("JC_69": (1 <= 1)))) + ("JC_83": ("JC_77": (1 <= 1))) ========== file tests/java/why/Arrays_po46.why ========== goal Arrays_findMax_ensures_default_po_2: @@ -6207,14 +6099,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": - ("JC_70": ("JC_70": (1 <= (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_78": (1 <= (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Arrays_po47.why ========== goal Arrays_findMax_ensures_default_po_3: @@ -6223,13 +6114,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": ("JC_71": ("JC_71": (0 <= 0)))) + ("JC_83": ("JC_79": (0 <= 0))) ========== file tests/java/why/Arrays_po48.why ========== goal Arrays_findMax_ensures_default_po_4: @@ -6238,14 +6129,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": - ("JC_72": ("JC_72": (0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_80": (0 < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Arrays_po49.why ========== goal Arrays_findMax_ensures_default_po_5: @@ -6254,33 +6144,32 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": - ("JC_73": ("JC_73": (result = select(intM_intP, shift(t_0, 0)))))) + ("JC_83": ("JC_81": (result = select(intM_intP, shift(t_0, 0))))) -========== file tests/java/why/Arrays_po4.why ========== -goal Arrays_arrayShift_ensures_default_po_4: +========== file tests/java/why/Arrays_po5.why ========== +goal Arrays_arrayShift_ensures_default_po_5: forall t_2:Object pointer. forall Object_alloc_table:Object alloc_table. forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_171": - (("JC_169": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_170": + ("JC_179": + (("JC_177": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_178": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -6298,8 +6187,8 @@ (intM_intP1 = store(intM_intP0, shift(t_2, j_0), result0)) -> forall j_0_0:int. (j_0_0 = (j_0 - 1)) -> - ("JC_171": - ("JC_169": ("JC_169": (j_0_0 < (offset_max(Object_alloc_table, t_2) + 1))))) + ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> + ("JC_179": ("JC_178": (0 <= j_0_0))) ========== file tests/java/why/Arrays_po50.why ========== goal Arrays_findMax_ensures_default_po_6: @@ -6308,18 +6197,15 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": - ("JC_74": - ("JC_74": - (forall j_1:int. - (((0 <= j_1) and (j_1 < 1)) -> (select(intM_intP, shift(t_0, - j_1)) <= result)))))) + forall j_1:int. + ((0 <= j_1) and (j_1 < 1)) -> + ("JC_83": ("JC_82": (select(intM_intP, shift(t_0, j_1)) <= result))) ========== file tests/java/why/Arrays_po51.why ========== goal Arrays_findMax_ensures_default_po_7: @@ -6328,27 +6214,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6363,7 +6249,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": ("JC_69": ("JC_69": (1 <= i_5_0)))) + ("JC_83": ("JC_77": (1 <= i_5_0))) ========== file tests/java/why/Arrays_po52.why ========== goal Arrays_findMax_ensures_default_po_8: @@ -6372,27 +6258,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6407,8 +6293,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_70": ("JC_70": (i_5_0 <= (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_78": (i_5_0 <= (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Arrays_po53.why ========== goal Arrays_findMax_ensures_default_po_9: @@ -6417,27 +6302,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6452,7 +6337,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": ("JC_71": ("JC_71": (0 <= r_0_0)))) + ("JC_83": ("JC_79": (0 <= r_0_0))) ========== file tests/java/why/Arrays_po54.why ========== goal Arrays_findMax_ensures_default_po_10: @@ -6461,27 +6346,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6496,8 +6381,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_72": ("JC_72": (r_0_0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_80": (r_0_0 < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Arrays_po55.why ========== goal Arrays_findMax_ensures_default_po_11: @@ -6506,27 +6390,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6541,8 +6425,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_73": ("JC_73": (m_0_0 = select(intM_intP, shift(t_0, r_0_0)))))) + ("JC_83": ("JC_81": (m_0_0 = select(intM_intP, shift(t_0, r_0_0))))) ========== file tests/java/why/Arrays_po56.why ========== goal Arrays_findMax_ensures_default_po_12: @@ -6551,27 +6434,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6586,12 +6469,9 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_74": - ("JC_74": - (forall j_1:int. - (((0 <= j_1) and (j_1 < i_5_0)) -> (select(intM_intP, shift(t_0, - j_1)) <= m_0_0)))))) + forall j_1:int. + ((0 <= j_1) and (j_1 < i_5_0)) -> + ("JC_83": ("JC_82": (select(intM_intP, shift(t_0, j_1)) <= m_0_0))) ========== file tests/java/why/Arrays_po57.why ========== goal Arrays_findMax_ensures_default_po_13: @@ -6600,27 +6480,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6629,7 +6509,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": ("JC_69": ("JC_69": (1 <= i_5_0)))) + ("JC_83": ("JC_77": (1 <= i_5_0))) ========== file tests/java/why/Arrays_po58.why ========== goal Arrays_findMax_ensures_default_po_14: @@ -6638,27 +6518,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6667,8 +6547,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_70": ("JC_70": (i_5_0 <= (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_78": (i_5_0 <= (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Arrays_po59.why ========== goal Arrays_findMax_ensures_default_po_15: @@ -6677,27 +6556,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6706,26 +6585,26 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": ("JC_71": ("JC_71": (0 <= r_0)))) + ("JC_83": ("JC_79": (0 <= r_0))) -========== file tests/java/why/Arrays_po5.why ========== -goal Arrays_arrayShift_ensures_default_po_5: +========== file tests/java/why/Arrays_po6.why ========== +goal Arrays_arrayShift_ensures_default_po_6: forall t_2:Object pointer. forall Object_alloc_table:Object alloc_table. forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_171": - (("JC_169": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_170": + ("JC_179": + (("JC_177": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_178": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -6744,7 +6623,11 @@ forall j_0_0:int. (j_0_0 = (j_0 - 1)) -> ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> - ("JC_171": ("JC_170": (0 <= j_0_0))) + forall i_1:int. + ((0 <= i_1) and (i_1 <= j_0_0)) -> + ("JC_179": + ("JC_178": (select(intM_intP1, shift(t_2, i_1)) = select(intM_intP, + shift(t_2, i_1))))) ========== file tests/java/why/Arrays_po60.why ========== goal Arrays_findMax_ensures_default_po_16: @@ -6753,27 +6636,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6782,8 +6665,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_72": ("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Arrays_po61.why ========== goal Arrays_findMax_ensures_default_po_17: @@ -6792,27 +6674,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6821,7 +6703,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": ("JC_73": ("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))))) + ("JC_83": ("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0))))) ========== file tests/java/why/Arrays_po62.why ========== goal Arrays_findMax_ensures_default_po_18: @@ -6830,27 +6712,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -6859,12 +6741,9 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_74": - ("JC_74": - (forall j_1:int. - (((0 <= j_1) and (j_1 < i_5_0)) -> (select(intM_intP, shift(t_0, - j_1)) <= m_0)))))) + forall j_1:int. + ((0 <= j_1) and (j_1 < i_5_0)) -> + ("JC_83": ("JC_82": (select(intM_intP, shift(t_0, j_1)) <= m_0))) ========== file tests/java/why/Arrays_po63.why ========== goal Arrays_findMax_ensures_max_found_po_1: @@ -6873,34 +6752,34 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (1 <= i_5)) and - (("JC_81": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_82": (0 <= r_0)) and - (("JC_83": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_84": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_85": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (1 <= i_5)) and + (("JC_89": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_90": (0 <= r_0)) and + (("JC_91": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_92": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_93": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 >= result0) -> forall return:int. (return = r_0) -> - ("JC_48": ("JC_45": ("JC_45": (0 <= return)))) + ("JC_56": ("JC_53": (0 <= return))) ========== file tests/java/why/Arrays_po64.why ========== goal Arrays_findMax_ensures_max_found_po_2: @@ -6909,35 +6788,34 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (1 <= i_5)) and - (("JC_81": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_82": (0 <= r_0)) and - (("JC_83": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_84": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_85": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (1 <= i_5)) and + (("JC_89": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_90": (0 <= r_0)) and + (("JC_91": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_92": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_93": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 >= result0) -> forall return:int. (return = r_0) -> - ("JC_48": - ("JC_46": ("JC_46": (return < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_56": ("JC_54": (return < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Arrays_po65.why ========== goal Arrays_findMax_ensures_max_found_po_3: @@ -6946,50 +6824,48 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (1 <= i_5)) and - (("JC_81": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_82": (0 <= r_0)) and - (("JC_83": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_84": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_85": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (1 <= i_5)) and + (("JC_89": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_90": (0 <= r_0)) and + (("JC_91": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_92": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_93": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 >= result0) -> forall return:int. (return = r_0) -> - ("JC_48": - ("JC_47": - ("JC_47": - (forall i_4:int. - (((0 <= i_4) and (i_4 < (offset_max(Object_alloc_table, t_0) + 1))) -> - (select(intM_intP, shift(t_0, i_4)) <= select(intM_intP, shift(t_0, - return)))))))) + forall i_4:int. + ((0 <= i_4) and (i_4 < (offset_max(Object_alloc_table, t_0) + 1))) -> + ("JC_56": + ("JC_55": (select(intM_intP, shift(t_0, i_4)) <= select(intM_intP, + shift(t_0, return))))) ========== file tests/java/why/Arrays_po66.why ========== goal Arrays_findMax_safety_po_1: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) ========== file tests/java/why/Arrays_po67.why ========== @@ -6999,24 +6875,24 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> @@ -7029,30 +6905,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -7065,53 +6941,53 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> (i_5 <= offset_max(Object_alloc_table, t_0)) -========== file tests/java/why/Arrays_po6.why ========== -goal Arrays_arrayShift_ensures_default_po_6: +========== file tests/java/why/Arrays_po7.why ========== +goal Arrays_arrayShift_ensures_default_po_7: forall t_2:Object pointer. forall Object_alloc_table:Object alloc_table. forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_171": - (("JC_169": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_170": + ("JC_179": + (("JC_177": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_178": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -7130,11 +7006,11 @@ forall j_0_0:int. (j_0_0 = (j_0 - 1)) -> ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> - forall i_1:int. - ((0 <= i_1) and (i_1 <= j_0_0)) -> - ("JC_171": - ("JC_170": (select(intM_intP1, shift(t_2, i_1)) = select(intM_intP, - shift(t_2, i_1))))) + forall i_2:int. + ((j_0_0 < i_2) and (i_2 < (offset_max(Object_alloc_table, t_2) + 1))) -> + ("JC_179": + ("JC_178": (select(intM_intP1, shift(t_2, i_2)) = select(intM_intP, + shift(t_2, (i_2 - 1)))))) ========== file tests/java/why/Arrays_po70.why ========== goal Arrays_findMax_safety_po_5: @@ -7143,30 +7019,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -7185,7 +7061,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_68": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) + (0 <= ("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) ========== file tests/java/why/Arrays_po71.why ========== goal Arrays_findMax_safety_po_6: @@ -7194,30 +7070,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -7236,7 +7112,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (("JC_68": ((offset_max(Object_alloc_table, t_0) + 1) - i_5_0)) < ("JC_68": + (("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5_0)) < ("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) @@ -7247,30 +7123,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -7281,7 +7157,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_68": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) + (0 <= ("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) ========== file tests/java/why/Arrays_po73.why ========== goal Arrays_findMax_safety_po_8: @@ -7290,30 +7166,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -7324,52 +7200,10 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (("JC_68": ((offset_max(Object_alloc_table, t_0) + 1) - i_5_0)) < ("JC_68": + (("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5_0)) < ("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) -========== file tests/java/why/Arrays_po7.why ========== -goal Arrays_arrayShift_ensures_default_po_7: - forall t_2:Object pointer. - forall Object_alloc_table:Object alloc_table. - forall intM_intP:(Object, - int) memory. - (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> - forall intM_intP0:(Object, - int) memory. - forall j_0:int. - ("JC_171": - (("JC_169": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_170": - (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> - ((0 <= j_0) and - ((forall i_1:int. - (((0 <= i_1) and (i_1 <= j_0)) -> (select(intM_intP0, shift(t_2, - i_1)) = select(intM_intP, shift(t_2, i_1))))) and - (forall i_2:int. - (((j_0 < i_2) and (i_2 < (offset_max(Object_alloc_table, t_2) + 1))) -> - (select(intM_intP0, shift(t_2, i_2)) = select(intM_intP, shift(t_2, - (i_2 - 1)))))))))))) -> - (j_0 > 0) -> - forall result0:int. - (result0 = select(intM_intP0, shift(t_2, (j_0 - 1)))) -> - forall intM_intP1:(Object, - int) memory. - (intM_intP1 = store(intM_intP0, shift(t_2, j_0), result0)) -> - forall j_0_0:int. - (j_0_0 = (j_0 - 1)) -> - ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> - forall i_2:int. - ((j_0_0 < i_2) and (i_2 < (offset_max(Object_alloc_table, t_2) + 1))) -> - ("JC_171": - ("JC_170": (select(intM_intP1, shift(t_2, i_2)) = select(intM_intP, - shift(t_2, (i_2 - 1)))))) - ========== file tests/java/why/Arrays_po8.why ========== goal Arrays_arrayShift_ensures_default_po_8: forall t_2:Object pointer. @@ -7377,17 +7211,17 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_171": - (("JC_169": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_170": + ("JC_179": + (("JC_177": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_178": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -7400,7 +7234,7 @@ (j_0 <= 0) -> forall i_0:int. ((0 < i_0) and (i_0 < (offset_max(Object_alloc_table, t_2) + 1))) -> - ("JC_153": (select(intM_intP0, shift(t_2, i_0)) = select(intM_intP, + ("JC_161": (select(intM_intP0, shift(t_2, i_0)) = select(intM_intP, shift(t_2, (i_0 - 1))))) ========== file tests/java/why/Arrays_po9.why ========== @@ -7408,7 +7242,7 @@ forall t_2:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) ========== generation of Simplify VC output ========== @@ -8237,7 +8071,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_1) 0)) + (>= (offset_max Object_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_alloc_table) (>= (offset_max Object_alloc_table x_0) (- 0 1))) @@ -8377,29 +8211,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Arrays p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -8431,7 +8242,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; Arrays_arrayShift_ensures_default_po_1, File "HOME/tests/java/Arrays.java", line 98, characters 7-19 +;; Arrays_arrayShift_ensures_default_po_1, File "HOME/tests/java/Arrays.java", line 100, characters 7-19 (FORALL (t_2) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_2 0 Object_alloc_table) @@ -8442,7 +8253,7 @@ (EQ result (+ (offset_max Object_alloc_table t_2) 1)))) (< (- result 1) (+ (offset_max Object_alloc_table t_2) 1))))))) -;; Arrays_arrayShift_ensures_default_po_2, File "HOME/tests/java/Arrays.java", line 99, characters 8-206 +;; Arrays_arrayShift_ensures_default_po_2, File "HOME/tests/java/Arrays.java", line 101, characters 8-206 (FORALL (t_2) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_2 0 Object_alloc_table) @@ -8453,7 +8264,7 @@ (EQ result (+ (offset_max Object_alloc_table t_2) 1)))) (IMPLIES (> (+ (offset_max Object_alloc_table t_2) 1) 0) (<= 0 (- result 1)))))))) -;; Arrays_arrayShift_ensures_default_po_3, File "HOME/tests/java/Arrays.java", line 99, characters 8-206 +;; Arrays_arrayShift_ensures_default_po_3, File "HOME/tests/java/Arrays.java", line 101, characters 8-206 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8470,7 +8281,7 @@ (EQ (select intM_intP (shift t_2 i_2)) (select intM_intP (shift t_2 (- i_2 1))))))))))))) -;; Arrays_arrayShift_ensures_default_po_4, File "HOME/tests/java/Arrays.java", line 98, characters 7-19 +;; Arrays_arrayShift_ensures_default_po_4, File "HOME/tests/java/Arrays.java", line 100, characters 7-19 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8504,7 +8315,7 @@ (IMPLIES (EQ j_0_0 (- j_0 1)) (< j_0_0 (+ (offset_max Object_alloc_table t_2) 1)))))))))))))))))) -;; Arrays_arrayShift_ensures_default_po_5, File "HOME/tests/java/Arrays.java", line 99, characters 8-206 +;; Arrays_arrayShift_ensures_default_po_5, File "HOME/tests/java/Arrays.java", line 101, characters 8-206 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8538,7 +8349,7 @@ (IMPLIES (EQ j_0_0 (- j_0 1)) (IMPLIES (> (+ (offset_max Object_alloc_table t_2) 1) 0) (<= 0 j_0_0)))))))))))))))))) -;; Arrays_arrayShift_ensures_default_po_6, File "HOME/tests/java/Arrays.java", line 99, characters 8-206 +;; Arrays_arrayShift_ensures_default_po_6, File "HOME/tests/java/Arrays.java", line 101, characters 8-206 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8575,7 +8386,7 @@ (IMPLIES (AND (<= 0 i_1) (<= i_1 j_0_0)) (EQ (select intM_intP1 (shift t_2 i_1)) (select intM_intP (shift t_2 i_1)))))))))))))))))))))) -;; Arrays_arrayShift_ensures_default_po_7, File "HOME/tests/java/Arrays.java", line 99, characters 8-206 +;; Arrays_arrayShift_ensures_default_po_7, File "HOME/tests/java/Arrays.java", line 101, characters 8-206 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8614,7 +8425,7 @@ (EQ (select intM_intP1 (shift t_2 i_2)) (select intM_intP (shift t_2 (- i_2 1))))))))))))))))))))))) -;; Arrays_arrayShift_ensures_default_po_8, File "HOME/tests/java/Arrays.java", line 94, characters 10-70 +;; Arrays_arrayShift_ensures_default_po_8, File "HOME/tests/java/Arrays.java", line 96, characters 10-70 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8645,14 +8456,14 @@ (EQ (select intM_intP0 (shift t_2 i_0)) (select intM_intP (shift t_2 (- i_0 1)))))))))))))))) -;; Arrays_arrayShift_safety_po_1, File "why/Arrays.why", line 779, characters 21-77 +;; Arrays_arrayShift_safety_po_1, File "why/Arrays.why", line 626, characters 21-76 (FORALL (t_2) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_2 0 Object_alloc_table) (Non_null_intM t_2 Object_alloc_table)) (>= (offset_max Object_alloc_table t_2) (- 0 1))))) -;; Arrays_arrayShift_safety_po_2, File "HOME/tests/java/Arrays.java", line 106, characters 10-16 +;; Arrays_arrayShift_safety_po_2, File "HOME/tests/java/Arrays.java", line 108, characters 10-16 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8681,7 +8492,7 @@ (select intM_intP (shift t_2 (- i_2 1)))))))))) (IMPLIES (> j_0 0) (<= (offset_min Object_alloc_table t_2) (- j_0 1)))))))))))))) -;; Arrays_arrayShift_safety_po_3, File "HOME/tests/java/Arrays.java", line 106, characters 10-16 +;; Arrays_arrayShift_safety_po_3, File "HOME/tests/java/Arrays.java", line 108, characters 10-16 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8710,7 +8521,7 @@ (select intM_intP (shift t_2 (- i_2 1)))))))))) (IMPLIES (> j_0 0) (<= (- j_0 1) (offset_max Object_alloc_table t_2)))))))))))))) -;; Arrays_arrayShift_safety_po_4, File "HOME/tests/java/Arrays.jc", line 216, characters 21-80 +;; Arrays_arrayShift_safety_po_4, File "HOME/tests/java/Arrays.jc", line 219, characters 21-80 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8744,7 +8555,7 @@ (IMPLIES (EQ result0 (select intM_intP0 (shift t_2 (- j_0 1)))) (<= (offset_min Object_alloc_table t_2) j_0)))))))))))))))) -;; Arrays_arrayShift_safety_po_5, File "HOME/tests/java/Arrays.jc", line 216, characters 21-80 +;; Arrays_arrayShift_safety_po_5, File "HOME/tests/java/Arrays.jc", line 219, characters 21-80 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8778,7 +8589,7 @@ (IMPLIES (EQ result0 (select intM_intP0 (shift t_2 (- j_0 1)))) (<= j_0 (offset_max Object_alloc_table t_2))))))))))))))))) -;; Arrays_arrayShift_safety_po_6, File "HOME/tests/java/Arrays.java", line 103, characters 18-19 +;; Arrays_arrayShift_safety_po_6, File "HOME/tests/java/Arrays.java", line 105, characters 18-19 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8816,7 +8627,7 @@ (IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t_2 j_0) result0)) (FORALL (j_0_0) (IMPLIES (EQ j_0_0 (- j_0 1)) (<= 0 j_0))))))))))))))))))))) -;; Arrays_arrayShift_safety_po_7, File "HOME/tests/java/Arrays.java", line 103, characters 18-19 +;; Arrays_arrayShift_safety_po_7, File "HOME/tests/java/Arrays.java", line 105, characters 18-19 (FORALL (t_2) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8854,7 +8665,7 @@ (IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t_2 j_0) result0)) (FORALL (j_0_0) (IMPLIES (EQ j_0_0 (- j_0 1)) (< j_0_0 j_0))))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_1, File "HOME/tests/java/Arrays.java", line 78, characters 7-13 +;; Arrays_findMax2_ensures_default_po_1, File "HOME/tests/java/Arrays.java", line 80, characters 7-13 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8864,7 +8675,7 @@ (FORALL (result) (IMPLIES (EQ result (select intM_intP (shift t_1 0))) (<= 1 1))))))) -;; Arrays_findMax2_ensures_default_po_2, File "HOME/tests/java/Arrays.java", line 78, characters 12-25 +;; Arrays_findMax2_ensures_default_po_2, File "HOME/tests/java/Arrays.java", line 80, characters 12-25 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8875,7 +8686,7 @@ (IMPLIES (EQ result (select intM_intP (shift t_1 0))) (<= 1 (+ (offset_max Object_alloc_table t_1) 1)))))))) -;; Arrays_findMax2_ensures_default_po_3, File "HOME/tests/java/Arrays.java", line 78, characters 29-35 +;; Arrays_findMax2_ensures_default_po_3, File "HOME/tests/java/Arrays.java", line 80, characters 29-35 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8885,7 +8696,7 @@ (FORALL (result) (IMPLIES (EQ result (select intM_intP (shift t_1 0))) (<= 0 0))))))) -;; Arrays_findMax2_ensures_default_po_4, File "HOME/tests/java/Arrays.java", line 78, characters 34-46 +;; Arrays_findMax2_ensures_default_po_4, File "HOME/tests/java/Arrays.java", line 80, characters 34-46 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8896,7 +8707,7 @@ (IMPLIES (EQ result (select intM_intP (shift t_1 0))) (< 0 (+ (offset_max Object_alloc_table t_1) 1)))))))) -;; Arrays_findMax2_ensures_default_po_5, File "HOME/tests/java/Arrays.java", line 79, characters 14-23 +;; Arrays_findMax2_ensures_default_po_5, File "HOME/tests/java/Arrays.java", line 81, characters 14-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8907,7 +8718,7 @@ (IMPLIES (EQ result (select intM_intP (shift t_1 0))) (EQ result (select intM_intP (shift t_1 0))))))))) -;; Arrays_findMax2_ensures_default_po_6, File "HOME/tests/java/Arrays.java", line 79, characters 27-40 +;; Arrays_findMax2_ensures_default_po_6, File "HOME/tests/java/Arrays.java", line 81, characters 27-40 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8918,7 +8729,7 @@ (IMPLIES (EQ result (select intM_intP (shift t_1 0))) (is_max t_1 0 1 Object_alloc_table intM_intP))))))) -;; Arrays_findMax2_ensures_default_po_7, File "HOME/tests/java/Arrays.java", line 78, characters 7-13 +;; Arrays_findMax2_ensures_default_po_7, File "HOME/tests/java/Arrays.java", line 80, characters 7-13 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8952,7 +8763,7 @@ (IMPLIES (EQ m0 result2) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= 1 i_3_0))))))))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_8, File "HOME/tests/java/Arrays.java", line 78, characters 12-25 +;; Arrays_findMax2_ensures_default_po_8, File "HOME/tests/java/Arrays.java", line 80, characters 12-25 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -8988,7 +8799,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= i_3_0 (+ (offset_max Object_alloc_table t_1) 1)))))))))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_9, File "HOME/tests/java/Arrays.java", line 78, characters 29-35 +;; Arrays_findMax2_ensures_default_po_9, File "HOME/tests/java/Arrays.java", line 80, characters 29-35 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9022,7 +8833,7 @@ (IMPLIES (EQ m0 result2) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= 0 r0))))))))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_10, File "HOME/tests/java/Arrays.java", line 78, characters 34-46 +;; Arrays_findMax2_ensures_default_po_10, File "HOME/tests/java/Arrays.java", line 80, characters 34-46 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9058,7 +8869,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (< r0 (+ (offset_max Object_alloc_table t_1) 1)))))))))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_11, File "HOME/tests/java/Arrays.java", line 79, characters 14-23 +;; Arrays_findMax2_ensures_default_po_11, File "HOME/tests/java/Arrays.java", line 81, characters 14-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9093,7 +8904,7 @@ (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (EQ m0 (select intM_intP (shift t_1 r0))))))))))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_12, File "HOME/tests/java/Arrays.java", line 79, characters 27-40 +;; Arrays_findMax2_ensures_default_po_12, File "HOME/tests/java/Arrays.java", line 81, characters 27-40 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9129,7 +8940,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (is_max t_1 r0 i_3_0 Object_alloc_table intM_intP))))))))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_13, File "HOME/tests/java/Arrays.java", line 78, characters 7-13 +;; Arrays_findMax2_ensures_default_po_13, File "HOME/tests/java/Arrays.java", line 80, characters 7-13 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9157,7 +8968,7 @@ (IMPLIES (<= result1 m) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= 1 i_3_0))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_14, File "HOME/tests/java/Arrays.java", line 78, characters 12-25 +;; Arrays_findMax2_ensures_default_po_14, File "HOME/tests/java/Arrays.java", line 80, characters 12-25 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9187,7 +8998,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= i_3_0 (+ (offset_max Object_alloc_table t_1) 1)))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_15, File "HOME/tests/java/Arrays.java", line 78, characters 29-35 +;; Arrays_findMax2_ensures_default_po_15, File "HOME/tests/java/Arrays.java", line 80, characters 29-35 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9215,7 +9026,7 @@ (IMPLIES (<= result1 m) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= 0 r))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_16, File "HOME/tests/java/Arrays.java", line 78, characters 34-46 +;; Arrays_findMax2_ensures_default_po_16, File "HOME/tests/java/Arrays.java", line 80, characters 34-46 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9245,7 +9056,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (< r (+ (offset_max Object_alloc_table t_1) 1)))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_17, File "HOME/tests/java/Arrays.java", line 79, characters 14-23 +;; Arrays_findMax2_ensures_default_po_17, File "HOME/tests/java/Arrays.java", line 81, characters 14-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9274,7 +9085,7 @@ (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (EQ m (select intM_intP (shift t_1 r))))))))))))))))))))) -;; Arrays_findMax2_ensures_default_po_18, File "HOME/tests/java/Arrays.java", line 79, characters 27-40 +;; Arrays_findMax2_ensures_default_po_18, File "HOME/tests/java/Arrays.java", line 81, characters 27-40 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9304,7 +9115,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (is_max t_1 r i_3_0 Object_alloc_table intM_intP))))))))))))))))))) -;; Arrays_findMax2_ensures_max_found_po_1, File "HOME/tests/java/Arrays.java", line 71, characters 13-25 +;; Arrays_findMax2_ensures_max_found_po_1, File "HOME/tests/java/Arrays.java", line 73, characters 13-25 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9330,7 +9141,7 @@ (IMPLIES (>= i_3 result0) (FORALL (return) (IMPLIES (EQ return r) (<= 0 return))))))))))))))))) -;; Arrays_findMax2_ensures_max_found_po_2, File "HOME/tests/java/Arrays.java", line 71, characters 18-36 +;; Arrays_findMax2_ensures_max_found_po_2, File "HOME/tests/java/Arrays.java", line 73, characters 18-36 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9357,7 +9168,7 @@ (FORALL (return) (IMPLIES (EQ return r) (< return (+ (offset_max Object_alloc_table t_1) 1)))))))))))))))))) -;; Arrays_findMax2_ensures_max_found_po_3, File "HOME/tests/java/Arrays.java", line 72, characters 13-39 +;; Arrays_findMax2_ensures_max_found_po_3, File "HOME/tests/java/Arrays.java", line 74, characters 13-39 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9386,7 +9197,7 @@ (is_max t_1 return (+ (offset_max Object_alloc_table t_1) 1) Object_alloc_table intM_intP))))))))))))))))) -;; Arrays_findMax2_safety_po_1, File "HOME/tests/java/Arrays.java", line 75, characters 9-13 +;; Arrays_findMax2_safety_po_1, File "HOME/tests/java/Arrays.java", line 77, characters 9-13 (FORALL (t_1) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_1 0 Object_alloc_table) @@ -9394,7 +9205,7 @@ (>= (+ (offset_max Object_alloc_table t_1) 1) 1))) (<= 0 (offset_max Object_alloc_table t_1))))) -;; Arrays_findMax2_safety_po_2, File "why/Arrays.why", line 1023, characters 35-167 +;; Arrays_findMax2_safety_po_2, File "why/Arrays.why", line 864, characters 35-167 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9416,7 +9227,7 @@ (is_max t_1 r i_3 Object_alloc_table intM_intP)))))) (>= (offset_max Object_alloc_table t_1) (- 0 1)))))))))))))) -;; Arrays_findMax2_safety_po_3, File "HOME/tests/java/Arrays.java", line 83, characters 9-13 +;; Arrays_findMax2_safety_po_3, File "HOME/tests/java/Arrays.java", line 85, characters 9-13 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9443,7 +9254,7 @@ (EQ result0 (+ (offset_max Object_alloc_table t_1) 1)))) (IMPLIES (< i_3 result0) (<= (offset_min Object_alloc_table t_1) i_3))))))))))))))))) -;; Arrays_findMax2_safety_po_4, File "HOME/tests/java/Arrays.java", line 83, characters 9-13 +;; Arrays_findMax2_safety_po_4, File "HOME/tests/java/Arrays.java", line 85, characters 9-13 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9470,7 +9281,7 @@ (EQ result0 (+ (offset_max Object_alloc_table t_1) 1)))) (IMPLIES (< i_3 result0) (<= i_3 (offset_max Object_alloc_table t_1)))))))))))))))))) -;; Arrays_findMax2_safety_po_5, File "HOME/tests/java/Arrays.java", line 80, characters 18-28 +;; Arrays_findMax2_safety_po_5, File "HOME/tests/java/Arrays.java", line 82, characters 18-28 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9513,7 +9324,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= 0 (- (+ (offset_max Object_alloc_table t_1) 1) i_3))))))))))))))))))))))))))))))) -;; Arrays_findMax2_safety_po_6, File "HOME/tests/java/Arrays.java", line 80, characters 18-28 +;; Arrays_findMax2_safety_po_6, File "HOME/tests/java/Arrays.java", line 82, characters 18-28 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9557,7 +9368,7 @@ (< (- (+ (offset_max Object_alloc_table t_1) 1) i_3_0) (- (+ (offset_max Object_alloc_table t_1) 1) i_3))))))))))))))))))))))))))))))) -;; Arrays_findMax2_safety_po_7, File "HOME/tests/java/Arrays.java", line 80, characters 18-28 +;; Arrays_findMax2_safety_po_7, File "HOME/tests/java/Arrays.java", line 82, characters 18-28 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9592,7 +9403,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= 0 (- (+ (offset_max Object_alloc_table t_1) 1) i_3)))))))))))))))))))))))) -;; Arrays_findMax2_safety_po_8, File "HOME/tests/java/Arrays.java", line 80, characters 18-28 +;; Arrays_findMax2_safety_po_8, File "HOME/tests/java/Arrays.java", line 82, characters 18-28 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9628,7 +9439,7 @@ (< (- (+ (offset_max Object_alloc_table t_1) 1) i_3_0) (- (+ (offset_max Object_alloc_table t_1) 1) i_3)))))))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_1, File "HOME/tests/java/Arrays.java", line 55, characters 14-20 +;; Arrays_findMax_ensures_default_po_1, File "HOME/tests/java/Arrays.java", line 57, characters 14-20 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9639,7 +9450,7 @@ (FORALL (result) (IMPLIES (EQ result (select intM_intP (shift t_0 0))) (<= 1 1))))))) -;; Arrays_findMax_ensures_default_po_2, File "HOME/tests/java/Arrays.java", line 55, characters 19-32 +;; Arrays_findMax_ensures_default_po_2, File "HOME/tests/java/Arrays.java", line 57, characters 19-32 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9651,7 +9462,7 @@ (IMPLIES (EQ result (select intM_intP (shift t_0 0))) (<= 1 (+ (offset_max Object_alloc_table t_0) 1)))))))) -;; Arrays_findMax_ensures_default_po_3, File "HOME/tests/java/Arrays.java", line 55, characters 36-42 +;; Arrays_findMax_ensures_default_po_3, File "HOME/tests/java/Arrays.java", line 57, characters 36-42 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9662,7 +9473,7 @@ (FORALL (result) (IMPLIES (EQ result (select intM_intP (shift t_0 0))) (<= 0 0))))))) -;; Arrays_findMax_ensures_default_po_4, File "HOME/tests/java/Arrays.java", line 55, characters 41-53 +;; Arrays_findMax_ensures_default_po_4, File "HOME/tests/java/Arrays.java", line 57, characters 41-53 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9674,7 +9485,7 @@ (IMPLIES (EQ result (select intM_intP (shift t_0 0))) (< 0 (+ (offset_max Object_alloc_table t_0) 1)))))))) -;; Arrays_findMax_ensures_default_po_5, File "HOME/tests/java/Arrays.java", line 56, characters 14-23 +;; Arrays_findMax_ensures_default_po_5, File "HOME/tests/java/Arrays.java", line 58, characters 14-23 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9686,7 +9497,7 @@ (IMPLIES (EQ result (select intM_intP (shift t_0 0))) (EQ result (select intM_intP (shift t_0 0))))))))) -;; Arrays_findMax_ensures_default_po_6, File "HOME/tests/java/Arrays.java", line 56, characters 28-71 +;; Arrays_findMax_ensures_default_po_6, File "HOME/tests/java/Arrays.java", line 58, characters 28-71 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9700,7 +9511,7 @@ (IMPLIES (AND (<= 0 j_1) (< j_1 1)) (<= (select intM_intP (shift t_0 j_1)) result))))))))) -;; Arrays_findMax_ensures_default_po_7, File "HOME/tests/java/Arrays.java", line 55, characters 14-20 +;; Arrays_findMax_ensures_default_po_7, File "HOME/tests/java/Arrays.java", line 57, characters 14-20 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9737,7 +9548,7 @@ (IMPLIES (EQ m_0_0 result2) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 1 i_5_0))))))))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_8, File "HOME/tests/java/Arrays.java", line 55, characters 19-32 +;; Arrays_findMax_ensures_default_po_8, File "HOME/tests/java/Arrays.java", line 57, characters 19-32 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9776,7 +9587,7 @@ (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= i_5_0 (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_9, File "HOME/tests/java/Arrays.java", line 55, characters 36-42 +;; Arrays_findMax_ensures_default_po_9, File "HOME/tests/java/Arrays.java", line 57, characters 36-42 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9813,7 +9624,7 @@ (IMPLIES (EQ m_0_0 result2) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 r_0_0))))))))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_10, File "HOME/tests/java/Arrays.java", line 55, characters 41-53 +;; Arrays_findMax_ensures_default_po_10, File "HOME/tests/java/Arrays.java", line 57, characters 41-53 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9852,7 +9663,7 @@ (IMPLIES (EQ i_5_0 (+ i_5 1)) (< r_0_0 (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_11, File "HOME/tests/java/Arrays.java", line 56, characters 14-23 +;; Arrays_findMax_ensures_default_po_11, File "HOME/tests/java/Arrays.java", line 58, characters 14-23 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9891,7 +9702,7 @@ (IMPLIES (EQ i_5_0 (+ i_5 1)) (EQ m_0_0 (select intM_intP (shift t_0 r_0_0))))))))))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_12, File "HOME/tests/java/Arrays.java", line 56, characters 28-71 +;; Arrays_findMax_ensures_default_po_12, File "HOME/tests/java/Arrays.java", line 58, characters 28-71 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9932,7 +9743,7 @@ (IMPLIES (AND (<= 0 j_1) (< j_1 i_5_0)) (<= (select intM_intP (shift t_0 j_1)) m_0_0))))))))))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_13, File "HOME/tests/java/Arrays.java", line 55, characters 14-20 +;; Arrays_findMax_ensures_default_po_13, File "HOME/tests/java/Arrays.java", line 57, characters 14-20 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9963,7 +9774,7 @@ (IMPLIES (<= result1 m_0) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 1 i_5_0))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_14, File "HOME/tests/java/Arrays.java", line 55, characters 19-32 +;; Arrays_findMax_ensures_default_po_14, File "HOME/tests/java/Arrays.java", line 57, characters 19-32 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9996,7 +9807,7 @@ (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= i_5_0 (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_15, File "HOME/tests/java/Arrays.java", line 55, characters 36-42 +;; Arrays_findMax_ensures_default_po_15, File "HOME/tests/java/Arrays.java", line 57, characters 36-42 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10027,7 +9838,7 @@ (IMPLIES (<= result1 m_0) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 r_0))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_16, File "HOME/tests/java/Arrays.java", line 55, characters 41-53 +;; Arrays_findMax_ensures_default_po_16, File "HOME/tests/java/Arrays.java", line 57, characters 41-53 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10060,7 +9871,7 @@ (IMPLIES (EQ i_5_0 (+ i_5 1)) (< r_0 (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_17, File "HOME/tests/java/Arrays.java", line 56, characters 14-23 +;; Arrays_findMax_ensures_default_po_17, File "HOME/tests/java/Arrays.java", line 58, characters 14-23 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10092,7 +9903,7 @@ (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (EQ m_0 (select intM_intP (shift t_0 r_0))))))))))))))))))))) -;; Arrays_findMax_ensures_default_po_18, File "HOME/tests/java/Arrays.java", line 56, characters 28-71 +;; Arrays_findMax_ensures_default_po_18, File "HOME/tests/java/Arrays.java", line 58, characters 28-71 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10127,7 +9938,7 @@ (IMPLIES (AND (<= 0 j_1) (< j_1 i_5_0)) (<= (select intM_intP (shift t_0 j_1)) m_0))))))))))))))))))))) -;; Arrays_findMax_ensures_max_found_po_1, File "HOME/tests/java/Arrays.java", line 47, characters 13-25 +;; Arrays_findMax_ensures_max_found_po_1, File "HOME/tests/java/Arrays.java", line 49, characters 13-25 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10156,7 +9967,7 @@ (IMPLIES (>= i_5 result0) (FORALL (return) (IMPLIES (EQ return r_0) (<= 0 return))))))))))))))))) -;; Arrays_findMax_ensures_max_found_po_2, File "HOME/tests/java/Arrays.java", line 47, characters 18-36 +;; Arrays_findMax_ensures_max_found_po_2, File "HOME/tests/java/Arrays.java", line 49, characters 18-36 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10187,7 +9998,7 @@ (IMPLIES (EQ return r_0) (< return (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))) -;; Arrays_findMax_ensures_max_found_po_3, File "HOME/tests/java/Arrays.java", line 48, characters 14-92 +;; Arrays_findMax_ensures_max_found_po_3, File "HOME/tests/java/Arrays.java", line 50, characters 14-92 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10220,7 +10031,7 @@ (IMPLIES (AND (<= 0 i_4) (< i_4 (+ (offset_max Object_alloc_table t_0) 1))) (<= (select intM_intP (shift t_0 i_4)) (select intM_intP (shift t_0 return))))))))))))))))))))) -;; Arrays_findMax_safety_po_1, File "HOME/tests/java/Arrays.java", line 52, characters 9-13 +;; Arrays_findMax_safety_po_1, File "HOME/tests/java/Arrays.java", line 54, characters 9-13 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -10229,7 +10040,7 @@ (<= (+ (offset_max Object_alloc_table t_0) 1) 32767)))) (<= 0 (offset_max Object_alloc_table t_0))))) -;; Arrays_findMax_safety_po_2, File "why/Arrays.why", line 1261, characters 35-167 +;; Arrays_findMax_safety_po_2, File "why/Arrays.why", line 1096, characters 35-167 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10254,7 +10065,7 @@ (<= (select intM_intP (shift t_0 j_1)) m_0)))))))) (>= (offset_max Object_alloc_table t_0) (- 0 1)))))))))))))) -;; Arrays_findMax_safety_po_3, File "HOME/tests/java/Arrays.java", line 60, characters 9-13 +;; Arrays_findMax_safety_po_3, File "HOME/tests/java/Arrays.java", line 62, characters 9-13 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10284,7 +10095,7 @@ (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) (IMPLIES (< i_5 result0) (<= (offset_min Object_alloc_table t_0) i_5))))))))))))))))) -;; Arrays_findMax_safety_po_4, File "HOME/tests/java/Arrays.java", line 60, characters 9-13 +;; Arrays_findMax_safety_po_4, File "HOME/tests/java/Arrays.java", line 62, characters 9-13 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10314,7 +10125,7 @@ (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) (IMPLIES (< i_5 result0) (<= i_5 (offset_max Object_alloc_table t_0)))))))))))))))))) -;; Arrays_findMax_safety_po_5, File "HOME/tests/java/Arrays.java", line 57, characters 25-35 +;; Arrays_findMax_safety_po_5, File "HOME/tests/java/Arrays.java", line 59, characters 25-35 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10360,7 +10171,7 @@ (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 (- (+ (offset_max Object_alloc_table t_0) 1) i_5))))))))))))))))))))))))))))))) -;; Arrays_findMax_safety_po_6, File "HOME/tests/java/Arrays.java", line 57, characters 25-35 +;; Arrays_findMax_safety_po_6, File "HOME/tests/java/Arrays.java", line 59, characters 25-35 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10407,7 +10218,7 @@ (< (- (+ (offset_max Object_alloc_table t_0) 1) i_5_0) (- (+ (offset_max Object_alloc_table t_0) 1) i_5))))))))))))))))))))))))))))))) -;; Arrays_findMax_safety_po_7, File "HOME/tests/java/Arrays.java", line 57, characters 25-35 +;; Arrays_findMax_safety_po_7, File "HOME/tests/java/Arrays.java", line 59, characters 25-35 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10445,7 +10256,7 @@ (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 (- (+ (offset_max Object_alloc_table t_0) 1) i_5)))))))))))))))))))))))) -;; Arrays_findMax_safety_po_8, File "HOME/tests/java/Arrays.java", line 57, characters 25-35 +;; Arrays_findMax_safety_po_8, File "HOME/tests/java/Arrays.java", line 59, characters 25-35 (FORALL (t_0) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11442,7 +11253,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -11607,36 +11418,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Arrays(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -11681,26 +11462,25 @@ forall t_2:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> - ("JC_171": - ("JC_169": - ("JC_169": ((result - 1) < (offset_max(Object_alloc_table, t_2) + 1))))) + ("JC_179": + ("JC_177": ((result - 1) < (offset_max(Object_alloc_table, t_2) + 1)))) goal Arrays_arrayShift_ensures_default_po_2: forall t_2:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> - ("JC_171": ("JC_170": (0 <= (result - 1)))) + ("JC_179": ("JC_178": (0 <= (result - 1)))) goal Arrays_arrayShift_ensures_default_po_3: forall t_2:Object pointer. @@ -11708,16 +11488,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> forall i_2:int. (((result - 1) < i_2) and (i_2 < (offset_max(Object_alloc_table, t_2) + 1))) -> - ("JC_171": - ("JC_170": (select(intM_intP, shift(t_2, i_2)) = select(intM_intP, + ("JC_179": + ("JC_178": (select(intM_intP, shift(t_2, i_2)) = select(intM_intP, shift(t_2, (i_2 - 1)))))) goal Arrays_arrayShift_ensures_default_po_4: @@ -11726,17 +11506,17 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_171": - (("JC_169": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_170": + ("JC_179": + (("JC_177": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_178": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -11754,8 +11534,7 @@ (intM_intP1 = store(intM_intP0, shift(t_2, j_0), result0)) -> forall j_0_0:int. (j_0_0 = (j_0 - 1)) -> - ("JC_171": - ("JC_169": ("JC_169": (j_0_0 < (offset_max(Object_alloc_table, t_2) + 1))))) + ("JC_179": ("JC_177": (j_0_0 < (offset_max(Object_alloc_table, t_2) + 1)))) goal Arrays_arrayShift_ensures_default_po_5: forall t_2:Object pointer. @@ -11763,17 +11542,17 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_171": - (("JC_169": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_170": + ("JC_179": + (("JC_177": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_178": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -11792,7 +11571,7 @@ forall j_0_0:int. (j_0_0 = (j_0 - 1)) -> ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> - ("JC_171": ("JC_170": (0 <= j_0_0))) + ("JC_179": ("JC_178": (0 <= j_0_0))) goal Arrays_arrayShift_ensures_default_po_6: forall t_2:Object pointer. @@ -11800,17 +11579,17 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_171": - (("JC_169": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_170": + ("JC_179": + (("JC_177": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_178": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -11831,8 +11610,8 @@ ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> forall i_1:int. ((0 <= i_1) and (i_1 <= j_0_0)) -> - ("JC_171": - ("JC_170": (select(intM_intP1, shift(t_2, i_1)) = select(intM_intP, + ("JC_179": + ("JC_178": (select(intM_intP1, shift(t_2, i_1)) = select(intM_intP, shift(t_2, i_1))))) goal Arrays_arrayShift_ensures_default_po_7: @@ -11841,17 +11620,17 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_171": - (("JC_169": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_170": + ("JC_179": + (("JC_177": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_178": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -11872,8 +11651,8 @@ ((offset_max(Object_alloc_table, t_2) + 1) > 0) -> forall i_2:int. ((j_0_0 < i_2) and (i_2 < (offset_max(Object_alloc_table, t_2) + 1))) -> - ("JC_171": - ("JC_170": (select(intM_intP1, shift(t_2, i_2)) = select(intM_intP, + ("JC_179": + ("JC_178": (select(intM_intP1, shift(t_2, i_2)) = select(intM_intP, shift(t_2, (i_2 - 1)))))) goal Arrays_arrayShift_ensures_default_po_8: @@ -11882,17 +11661,17 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_171": - (("JC_169": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_170": + ("JC_179": + (("JC_177": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_178": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -11905,14 +11684,14 @@ (j_0 <= 0) -> forall i_0:int. ((0 < i_0) and (i_0 < (offset_max(Object_alloc_table, t_2) + 1))) -> - ("JC_153": (select(intM_intP0, shift(t_2, i_0)) = select(intM_intP, + ("JC_161": (select(intM_intP0, shift(t_2, i_0)) = select(intM_intP, shift(t_2, (i_0 - 1))))) goal Arrays_arrayShift_safety_po_1: forall t_2:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) goal Arrays_arrayShift_safety_po_2: @@ -11921,19 +11700,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -11952,19 +11731,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -11983,19 +11762,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -12018,19 +11797,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -12053,19 +11832,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -12087,7 +11866,7 @@ (intM_intP1 = store(intM_intP0, shift(t_2, j_0), result0)) -> forall j_0_0:int. (j_0_0 = (j_0 - 1)) -> - (0 <= ("JC_167": j_0)) + (0 <= ("JC_175": j_0)) goal Arrays_arrayShift_safety_po_7: forall t_2:Object pointer. @@ -12095,19 +11874,19 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_2, 0, Object_alloc_table) and - ("JC_151": Non_null_intM(t_2, Object_alloc_table))) -> + ("JC_159": Non_null_intM(t_2, Object_alloc_table))) -> (offset_max(Object_alloc_table, t_2) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_2) + 1))))) -> forall intM_intP0:(Object, int) memory. forall j_0:int. - ("JC_163": true) -> - ("JC_161": - (("JC_159": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and - ("JC_160": + ("JC_171": true) -> + ("JC_169": + (("JC_167": (j_0 < (offset_max(Object_alloc_table, t_2) + 1))) and + ("JC_168": (((offset_max(Object_alloc_table, t_2) + 1) > 0) -> ((0 <= j_0) and ((forall i_1:int. @@ -12129,7 +11908,7 @@ (intM_intP1 = store(intM_intP0, shift(t_2, j_0), result0)) -> forall j_0_0:int. (j_0_0 = (j_0 - 1)) -> - (("JC_167": j_0_0) < ("JC_167": j_0)) + (("JC_175": j_0_0) < ("JC_175": j_0)) goal Arrays_findMax2_ensures_default_po_1: forall t_1:Object pointer. @@ -12137,12 +11916,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": ("JC_127": ("JC_127": (1 <= 1)))) + ("JC_141": ("JC_135": (1 <= 1))) goal Arrays_findMax2_ensures_default_po_2: forall t_1:Object pointer. @@ -12150,13 +11929,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": - ("JC_128": ("JC_128": (1 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": ("JC_136": (1 <= (offset_max(Object_alloc_table, t_1) + 1)))) goal Arrays_findMax2_ensures_default_po_3: forall t_1:Object pointer. @@ -12164,12 +11942,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": ("JC_129": ("JC_129": (0 <= 0)))) + ("JC_141": ("JC_137": (0 <= 0))) goal Arrays_findMax2_ensures_default_po_4: forall t_1:Object pointer. @@ -12177,13 +11955,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": - ("JC_130": ("JC_130": (0 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": ("JC_138": (0 < (offset_max(Object_alloc_table, t_1) + 1)))) goal Arrays_findMax2_ensures_default_po_5: forall t_1:Object pointer. @@ -12191,13 +11968,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": - ("JC_131": ("JC_131": (result = select(intM_intP, shift(t_1, 0)))))) + ("JC_141": ("JC_139": (result = select(intM_intP, shift(t_1, 0))))) goal Arrays_findMax2_ensures_default_po_6: forall t_1:Object pointer. @@ -12205,13 +11981,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> - ("JC_133": - ("JC_132": ("JC_132": is_max(t_1, 0, 1, Object_alloc_table, intM_intP)))) + ("JC_141": ("JC_140": is_max(t_1, 0, 1, Object_alloc_table, intM_intP))) goal Arrays_findMax2_ensures_default_po_7: forall t_1:Object pointer. @@ -12219,23 +11994,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12250,7 +12025,7 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": ("JC_127": ("JC_127": (1 <= i_3_0)))) + ("JC_141": ("JC_135": (1 <= i_3_0))) goal Arrays_findMax2_ensures_default_po_8: forall t_1:Object pointer. @@ -12258,23 +12033,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12289,9 +12064,8 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_128": - ("JC_128": (i_3_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": + ("JC_136": (i_3_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) goal Arrays_findMax2_ensures_default_po_9: forall t_1:Object pointer. @@ -12299,23 +12073,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12330,7 +12104,7 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": ("JC_129": ("JC_129": (0 <= r0)))) + ("JC_141": ("JC_137": (0 <= r0))) goal Arrays_findMax2_ensures_default_po_10: forall t_1:Object pointer. @@ -12338,23 +12112,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12369,8 +12143,7 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_130": ("JC_130": (r0 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": ("JC_138": (r0 < (offset_max(Object_alloc_table, t_1) + 1)))) goal Arrays_findMax2_ensures_default_po_11: forall t_1:Object pointer. @@ -12378,23 +12151,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12409,8 +12182,7 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_131": ("JC_131": (m0 = select(intM_intP, shift(t_1, r0)))))) + ("JC_141": ("JC_139": (m0 = select(intM_intP, shift(t_1, r0))))) goal Arrays_findMax2_ensures_default_po_12: forall t_1:Object pointer. @@ -12418,23 +12190,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12449,9 +12221,8 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_132": - ("JC_132": is_max(t_1, r0, i_3_0, Object_alloc_table, intM_intP)))) + ("JC_141": + ("JC_140": is_max(t_1, r0, i_3_0, Object_alloc_table, intM_intP))) goal Arrays_findMax2_ensures_default_po_13: forall t_1:Object pointer. @@ -12459,23 +12230,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12484,7 +12255,7 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": ("JC_127": ("JC_127": (1 <= i_3_0)))) + ("JC_141": ("JC_135": (1 <= i_3_0))) goal Arrays_findMax2_ensures_default_po_14: forall t_1:Object pointer. @@ -12492,23 +12263,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12517,9 +12288,8 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_128": - ("JC_128": (i_3_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": + ("JC_136": (i_3_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) goal Arrays_findMax2_ensures_default_po_15: forall t_1:Object pointer. @@ -12527,23 +12297,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12552,7 +12322,7 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": ("JC_129": ("JC_129": (0 <= r)))) + ("JC_141": ("JC_137": (0 <= r))) goal Arrays_findMax2_ensures_default_po_16: forall t_1:Object pointer. @@ -12560,23 +12330,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12585,8 +12355,7 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_130": ("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_141": ("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1)))) goal Arrays_findMax2_ensures_default_po_17: forall t_1:Object pointer. @@ -12594,23 +12363,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12619,7 +12388,7 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": ("JC_131": ("JC_131": (m = select(intM_intP, shift(t_1, r)))))) + ("JC_141": ("JC_139": (m = select(intM_intP, shift(t_1, r))))) goal Arrays_findMax2_ensures_default_po_18: forall t_1:Object pointer. @@ -12627,23 +12396,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_133": - (("JC_127": (1 <= i_3)) and - (("JC_128": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_129": (0 <= r)) and - (("JC_130": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_131": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_132": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_141": + (("JC_135": (1 <= i_3)) and + (("JC_136": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_137": (0 <= r)) and + (("JC_138": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_139": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_140": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12652,9 +12421,8 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_133": - ("JC_132": - ("JC_132": is_max(t_1, r, i_3_0, Object_alloc_table, intM_intP)))) + ("JC_141": + ("JC_140": is_max(t_1, r, i_3_0, Object_alloc_table, intM_intP))) goal Arrays_findMax2_ensures_max_found_po_1: forall t_1:Object pointer. @@ -12662,30 +12430,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_146": true) -> - ("JC_144": - (("JC_138": (1 <= i_3)) and - (("JC_139": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_140": (0 <= r)) and - (("JC_141": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_142": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_143": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_154": true) -> + ("JC_152": + (("JC_146": (1 <= i_3)) and + (("JC_147": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_148": (0 <= r)) and + (("JC_149": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_150": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_151": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 >= result0) -> forall return:int. (return = r) -> - ("JC_106": ("JC_103": ("JC_103": (0 <= return)))) + ("JC_114": ("JC_111": (0 <= return))) goal Arrays_findMax2_ensures_max_found_po_2: forall t_1:Object pointer. @@ -12693,32 +12461,31 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_146": true) -> - ("JC_144": - (("JC_138": (1 <= i_3)) and - (("JC_139": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_140": (0 <= r)) and - (("JC_141": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_142": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_143": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_154": true) -> + ("JC_152": + (("JC_146": (1 <= i_3)) and + (("JC_147": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_148": (0 <= r)) and + (("JC_149": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_150": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_151": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 >= result0) -> forall return:int. (return = r) -> - ("JC_106": - ("JC_104": - ("JC_104": (return < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_114": + ("JC_112": (return < (offset_max(Object_alloc_table, t_1) + 1)))) goal Arrays_findMax2_ensures_max_found_po_3: forall t_1:Object pointer. @@ -12726,41 +12493,40 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_146": true) -> - ("JC_144": - (("JC_138": (1 <= i_3)) and - (("JC_139": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_140": (0 <= r)) and - (("JC_141": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_142": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_143": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_154": true) -> + ("JC_152": + (("JC_146": (1 <= i_3)) and + (("JC_147": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_148": (0 <= r)) and + (("JC_149": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_150": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_151": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 >= result0) -> forall return:int. (return = r) -> - ("JC_106": - ("JC_105": - ("JC_105": is_max(t_1, return, (offset_max(Object_alloc_table, t_1) + 1), - Object_alloc_table, intM_intP)))) + ("JC_114": + ("JC_113": is_max(t_1, return, (offset_max(Object_alloc_table, t_1) + 1), + Object_alloc_table, intM_intP))) goal Arrays_findMax2_safety_po_1: forall t_1:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) goal Arrays_findMax2_safety_po_2: @@ -12769,23 +12535,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) goal Arrays_findMax2_safety_po_3: @@ -12794,26 +12560,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12825,26 +12591,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12856,26 +12622,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12894,7 +12660,7 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (0 <= ("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) + (0 <= ("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) goal Arrays_findMax2_safety_po_6: forall t_1:Object pointer. @@ -12902,26 +12668,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12940,8 +12706,8 @@ (m0 = result2) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3_0)) < - ("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) + (("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3_0)) < + ("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) goal Arrays_findMax2_safety_po_7: forall t_1:Object pointer. @@ -12949,26 +12715,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -12979,7 +12745,7 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (0 <= ("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) + (0 <= ("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) goal Arrays_findMax2_safety_po_8: forall t_1:Object pointer. @@ -12987,26 +12753,26 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_97": - (("JC_95": Non_null_intM(t_1, Object_alloc_table)) and - ("JC_96": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> + ("JC_105": + (("JC_103": Non_null_intM(t_1, Object_alloc_table)) and + ("JC_104": ((offset_max(Object_alloc_table, t_1) + 1) >= 1))))) -> (0 <= offset_max(Object_alloc_table, t_1)) -> forall result:int. (result = select(intM_intP, shift(t_1, 0))) -> forall i_3:int. forall m:int. forall r:int. - ("JC_120": true) -> - ("JC_118": - (("JC_112": (1 <= i_3)) and - (("JC_113": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_114": (0 <= r)) and - (("JC_115": (r < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": (m = select(intM_intP, shift(t_1, r)))) and - ("JC_117": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> + ("JC_128": true) -> + ("JC_126": + (("JC_120": (1 <= i_3)) and + (("JC_121": (i_3 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_122": (0 <= r)) and + (("JC_123": (r < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": (m = select(intM_intP, shift(t_1, r)))) and + ("JC_125": is_max(t_1, r, i_3, Object_alloc_table, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_1) + 1))))) -> (i_3 < result0) -> @@ -13017,8 +12783,8 @@ (result1 <= m) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3_0)) < - ("JC_126": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) + (("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3_0)) < + ("JC_134": ((offset_max(Object_alloc_table, t_1) + 1) - i_3))) goal Arrays_findMax_ensures_default_po_1: forall t_0:Object pointer. @@ -13026,13 +12792,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": ("JC_69": ("JC_69": (1 <= 1)))) + ("JC_83": ("JC_77": (1 <= 1))) goal Arrays_findMax_ensures_default_po_2: forall t_0:Object pointer. @@ -13040,14 +12806,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": - ("JC_70": ("JC_70": (1 <= (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_78": (1 <= (offset_max(Object_alloc_table, t_0) + 1)))) goal Arrays_findMax_ensures_default_po_3: forall t_0:Object pointer. @@ -13055,13 +12820,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": ("JC_71": ("JC_71": (0 <= 0)))) + ("JC_83": ("JC_79": (0 <= 0))) goal Arrays_findMax_ensures_default_po_4: forall t_0:Object pointer. @@ -13069,14 +12834,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": - ("JC_72": ("JC_72": (0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_80": (0 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Arrays_findMax_ensures_default_po_5: forall t_0:Object pointer. @@ -13084,14 +12848,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": - ("JC_73": ("JC_73": (result = select(intM_intP, shift(t_0, 0)))))) + ("JC_83": ("JC_81": (result = select(intM_intP, shift(t_0, 0))))) goal Arrays_findMax_ensures_default_po_6: forall t_0:Object pointer. @@ -13099,18 +12862,15 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> - ("JC_75": - ("JC_74": - ("JC_74": - (forall j_1:int. - (((0 <= j_1) and (j_1 < 1)) -> (select(intM_intP, shift(t_0, - j_1)) <= result)))))) + forall j_1:int. + ((0 <= j_1) and (j_1 < 1)) -> + ("JC_83": ("JC_82": (select(intM_intP, shift(t_0, j_1)) <= result))) goal Arrays_findMax_ensures_default_po_7: forall t_0:Object pointer. @@ -13118,27 +12878,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13153,7 +12913,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": ("JC_69": ("JC_69": (1 <= i_5_0)))) + ("JC_83": ("JC_77": (1 <= i_5_0))) goal Arrays_findMax_ensures_default_po_8: forall t_0:Object pointer. @@ -13161,27 +12921,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13196,8 +12956,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_70": ("JC_70": (i_5_0 <= (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_78": (i_5_0 <= (offset_max(Object_alloc_table, t_0) + 1)))) goal Arrays_findMax_ensures_default_po_9: forall t_0:Object pointer. @@ -13205,27 +12964,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13240,7 +12999,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": ("JC_71": ("JC_71": (0 <= r_0_0)))) + ("JC_83": ("JC_79": (0 <= r_0_0))) goal Arrays_findMax_ensures_default_po_10: forall t_0:Object pointer. @@ -13248,27 +13007,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13283,8 +13042,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_72": ("JC_72": (r_0_0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_80": (r_0_0 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Arrays_findMax_ensures_default_po_11: forall t_0:Object pointer. @@ -13292,27 +13050,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13327,8 +13085,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_73": ("JC_73": (m_0_0 = select(intM_intP, shift(t_0, r_0_0)))))) + ("JC_83": ("JC_81": (m_0_0 = select(intM_intP, shift(t_0, r_0_0))))) goal Arrays_findMax_ensures_default_po_12: forall t_0:Object pointer. @@ -13336,27 +13093,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13371,12 +13128,9 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_74": - ("JC_74": - (forall j_1:int. - (((0 <= j_1) and (j_1 < i_5_0)) -> (select(intM_intP, shift(t_0, - j_1)) <= m_0_0)))))) + forall j_1:int. + ((0 <= j_1) and (j_1 < i_5_0)) -> + ("JC_83": ("JC_82": (select(intM_intP, shift(t_0, j_1)) <= m_0_0))) goal Arrays_findMax_ensures_default_po_13: forall t_0:Object pointer. @@ -13384,27 +13138,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13413,7 +13167,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": ("JC_69": ("JC_69": (1 <= i_5_0)))) + ("JC_83": ("JC_77": (1 <= i_5_0))) goal Arrays_findMax_ensures_default_po_14: forall t_0:Object pointer. @@ -13421,27 +13175,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13450,8 +13204,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_70": ("JC_70": (i_5_0 <= (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_78": (i_5_0 <= (offset_max(Object_alloc_table, t_0) + 1)))) goal Arrays_findMax_ensures_default_po_15: forall t_0:Object pointer. @@ -13459,27 +13212,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13488,7 +13241,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": ("JC_71": ("JC_71": (0 <= r_0)))) + ("JC_83": ("JC_79": (0 <= r_0))) goal Arrays_findMax_ensures_default_po_16: forall t_0:Object pointer. @@ -13496,27 +13249,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13525,8 +13278,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_72": ("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_83": ("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Arrays_findMax_ensures_default_po_17: forall t_0:Object pointer. @@ -13534,27 +13286,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13563,7 +13315,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": ("JC_73": ("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))))) + ("JC_83": ("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0))))) goal Arrays_findMax_ensures_default_po_18: forall t_0:Object pointer. @@ -13571,27 +13323,27 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_75": - (("JC_69": (1 <= i_5)) and - (("JC_70": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_71": (0 <= r_0)) and - (("JC_72": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_73": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_74": + ("JC_83": + (("JC_77": (1 <= i_5)) and + (("JC_78": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_79": (0 <= r_0)) and + (("JC_80": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_81": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_82": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13600,12 +13352,9 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_75": - ("JC_74": - ("JC_74": - (forall j_1:int. - (((0 <= j_1) and (j_1 < i_5_0)) -> (select(intM_intP, shift(t_0, - j_1)) <= m_0)))))) + forall j_1:int. + ((0 <= j_1) and (j_1 < i_5_0)) -> + ("JC_83": ("JC_82": (select(intM_intP, shift(t_0, j_1)) <= m_0))) goal Arrays_findMax_ensures_max_found_po_1: forall t_0:Object pointer. @@ -13613,34 +13362,34 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (1 <= i_5)) and - (("JC_81": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_82": (0 <= r_0)) and - (("JC_83": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_84": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_85": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (1 <= i_5)) and + (("JC_89": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_90": (0 <= r_0)) and + (("JC_91": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_92": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_93": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 >= result0) -> forall return:int. (return = r_0) -> - ("JC_48": ("JC_45": ("JC_45": (0 <= return)))) + ("JC_56": ("JC_53": (0 <= return))) goal Arrays_findMax_ensures_max_found_po_2: forall t_0:Object pointer. @@ -13648,35 +13397,34 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (1 <= i_5)) and - (("JC_81": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_82": (0 <= r_0)) and - (("JC_83": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_84": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_85": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (1 <= i_5)) and + (("JC_89": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_90": (0 <= r_0)) and + (("JC_91": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_92": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_93": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 >= result0) -> forall return:int. (return = r_0) -> - ("JC_48": - ("JC_46": ("JC_46": (return < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_56": ("JC_54": (return < (offset_max(Object_alloc_table, t_0) + 1)))) goal Arrays_findMax_ensures_max_found_po_3: forall t_0:Object pointer. @@ -13684,49 +13432,47 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (1 <= i_5)) and - (("JC_81": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_82": (0 <= r_0)) and - (("JC_83": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_84": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_85": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (1 <= i_5)) and + (("JC_89": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_90": (0 <= r_0)) and + (("JC_91": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_92": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_93": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 >= result0) -> forall return:int. (return = r_0) -> - ("JC_48": - ("JC_47": - ("JC_47": - (forall i_4:int. - (((0 <= i_4) and (i_4 < (offset_max(Object_alloc_table, t_0) + 1))) -> - (select(intM_intP, shift(t_0, i_4)) <= select(intM_intP, shift(t_0, - return)))))))) + forall i_4:int. + ((0 <= i_4) and (i_4 < (offset_max(Object_alloc_table, t_0) + 1))) -> + ("JC_56": + ("JC_55": (select(intM_intP, shift(t_0, i_4)) <= select(intM_intP, + shift(t_0, return))))) goal Arrays_findMax_safety_po_1: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) goal Arrays_findMax_safety_po_2: @@ -13735,24 +13481,24 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> @@ -13764,30 +13510,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13799,30 +13545,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13834,30 +13580,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13876,7 +13622,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_68": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) + (0 <= ("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) goal Arrays_findMax_safety_po_6: forall t_0:Object pointer. @@ -13884,30 +13630,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13926,7 +13672,7 @@ (m_0_0 = result2) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (("JC_68": ((offset_max(Object_alloc_table, t_0) + 1) - i_5_0)) < ("JC_68": + (("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5_0)) < ("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) @@ -13936,30 +13682,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -13970,7 +13716,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_68": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) + (0 <= ("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) goal Arrays_findMax_safety_po_8: forall t_0:Object pointer. @@ -13978,30 +13724,30 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_39": - (("JC_36": Non_null_intM(t_0, Object_alloc_table)) and - (("JC_37": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and - ("JC_38": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> + ("JC_47": + (("JC_44": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_45": (1 <= (offset_max(Object_alloc_table, t_0) + 1))) and + ("JC_46": ((offset_max(Object_alloc_table, t_0) + 1) <= 32767)))))) -> (0 <= offset_max(Object_alloc_table, t_0)) -> forall result:int. (result = select(intM_intP, shift(t_0, 0))) -> forall i_5:int. forall m_0:int. forall r_0:int. - ("JC_62": true) -> - ("JC_60": - (("JC_54": (1 <= i_5)) and - (("JC_55": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_56": (0 <= r_0)) and - (("JC_57": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_58": (m_0 = select(intM_intP, shift(t_0, r_0)))) and - ("JC_59": + ("JC_70": true) -> + ("JC_68": + (("JC_62": (1 <= i_5)) and + (("JC_63": (i_5 <= (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_64": (0 <= r_0)) and + (("JC_65": (r_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_66": (m_0 = select(intM_intP, shift(t_0, r_0)))) and + ("JC_67": (forall j_1:int. (((0 <= j_1) and (j_1 < i_5)) -> (select(intM_intP, shift(t_0, j_1)) <= m_0)))))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_5 < result0) -> @@ -14012,7 +13758,7 @@ (result1 <= m_0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (("JC_68": ((offset_max(Object_alloc_table, t_0) + 1) - i_5_0)) < ("JC_68": + (("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5_0)) < ("JC_76": ((offset_max(Object_alloc_table, t_0) + 1) - i_5))) diff -Nru why-2.29+dfsg/tests/java/oracle/BinarySearch.res.oracle why-2.30+dfsg/tests/java/oracle/BinarySearch.res.oracle --- why-2.29+dfsg/tests/java/oracle/BinarySearch.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/BinarySearch.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -2,30 +2,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ // RUNSIMPLIFY this tells regtests to run Simplify in this example @@ -97,6 +99,13 @@ } +/* +Local Variables: +compile-command: "make BinarySearch.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -124,7 +133,10 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -249,169 +261,169 @@ ========== file tests/java/BinarySearch.jloc ========== [K_10] file = "HOME/tests/java/BinarySearch.java" -line = 80 +line = 82 begin = 8 end = 74 [K_11] file = "HOME/tests/java/BinarySearch.java" -line = 82 +line = 84 begin = 7 end = 10 [K_12] file = "HOME/tests/java/BinarySearch.java" -line = 86 +line = 88 begin = 17 end = 22 [K_13] file = "HOME/tests/java/BinarySearch.java" -line = 86 +line = 88 begin = 16 end = 27 [K_14] file = "HOME/tests/java/BinarySearch.java" -line = 89 +line = 91 begin = 28 end = 34 [K_15] file = "HOME/tests/java/BinarySearch.java" -line = 89 +line = 91 begin = 23 end = 29 [K_16] file = "HOME/tests/java/BinarySearch.java" -line = 89 +line = 91 begin = 23 end = 34 [K_17] file = "HOME/tests/java/BinarySearch.java" -line = 89 +line = 91 begin = 23 end = 34 [K_18] file = "HOME/tests/java/BinarySearch.java" -line = 91 +line = 93 begin = 28 end = 33 [K_19] file = "HOME/tests/java/BinarySearch.java" -line = 91 +line = 93 begin = 14 end = 18 [K_20] file = "HOME/tests/java/BinarySearch.java" -line = 91 +line = 93 begin = 14 end = 22 [K_21] file = "HOME/tests/java/BinarySearch.java" -line = 90 +line = 92 begin = 23 end = 28 [K_22] file = "HOME/tests/java/BinarySearch.java" -line = 90 +line = 92 begin = 9 end = 13 [K_23] file = "HOME/tests/java/BinarySearch.java" -line = 90 +line = 92 begin = 9 end = 17 [K_24] file = "HOME/tests/java/BinarySearch.java" -line = 84 +line = 86 begin = 8 end = 14 [K_1] file = "HOME/tests/java/BinarySearch.java" -line = 63 +line = 65 begin = 22 end = 40 [K_25] file = "HOME/tests/java/BinarySearch.java" -line = 94 +line = 96 begin = 8 end = 10 [K_2] file = "HOME/tests/java/BinarySearch.java" -line = 63 +line = 65 begin = 16 end = 29 [K_26] file = "HOME/tests/java/BinarySearch.java" -line = 75 +line = 77 begin = 16 end = 24 [K_3] file = "HOME/tests/java/BinarySearch.java" -line = 63 +line = 65 begin = 16 end = 40 [K_27] file = "HOME/tests/java/BinarySearch.java" -line = 75 +line = 77 begin = 16 end = 28 [K_4] file = "HOME/tests/java/BinarySearch.java" -line = 65 +line = 67 begin = 18 end = 50 [K_28] file = "HOME/tests/java/BinarySearch.java" -line = 75 +line = 77 begin = 9 end = 10 [K_5] file = "HOME/tests/java/BinarySearch.java" -line = 71 +line = 73 begin = 17 end = 96 [K_6] file = "HOME/tests/java/BinarySearch.java" -line = 62 +line = 64 begin = 17 end = 26 [K_7] file = "HOME/tests/java/BinarySearch.java" -line = 77 +line = 79 begin = 17 end = 34 [K_8] file = "HOME/tests/java/BinarySearch.java" -line = 77 +line = 79 begin = 7 end = 13 [K_9] file = "HOME/tests/java/BinarySearch.java" -line = 77 +line = 79 begin = 7 end = 34 @@ -425,7 +437,7 @@ [BinarySearch_binary_search] name = "Method binary_search" file = "HOME/tests/java/BinarySearch.java" -line = 74 +line = 76 begin = 15 end = 28 @@ -447,10 +459,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs BinarySearch.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/BinarySearch_why.sx @@ -511,6 +524,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/BinarySearch_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/BinarySearch_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -583,6 +603,9 @@ why3ide: why/BinarySearch_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: BinarySearch.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include BinarySearch.depend depend: coq/BinarySearch_why.v @@ -593,46 +616,47 @@ ========== file tests/java/BinarySearch.loc ========== [JC_90] -file = "HOME/tests/java/BinarySearch.java" -line = 80 -begin = 8 -end = 74 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_91] -file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 7 -end = 13 +file = "HOME/tests/java/BinarySearch.jc" +line = 102 +begin = 12 +end = 1476 [JC_92] -file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 17 -end = 34 +file = "HOME/tests/java/BinarySearch.jc" +line = 102 +begin = 12 +end = 1476 [JC_40] -file = "HOME/tests/java/BinarySearch.java" -line = 63 -begin = 16 -end = 40 - -[JC_93] -file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 7 -end = 34 - -[JC_41] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_93] +kind = DivByZero +file = "HOME/tests/java/BinarySearch.jc" +line = 118 +begin = 36 +end = 67 + +[JC_41] +file = "HOME/tests/java/BinarySearch.java" +line = 64 +begin = 17 +end = 26 + [JC_94] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/BinarySearch.java" +line = 91 +begin = 23 +end = 29 [JC_42] file = "HOME/" @@ -641,78 +665,77 @@ end = -1 [JC_95] -file = "HOME/tests/java/BinarySearch.jc" -line = 99 -begin = 12 -end = 1476 +file = "HOME/tests/java/BinarySearch.java" +line = 91 +begin = 28 +end = 34 [JC_43] file = "HOME/tests/java/BinarySearch.java" line = 65 -begin = 18 -end = 50 +begin = 16 +end = 29 [JC_96] -file = "HOME/tests/java/BinarySearch.jc" -line = 99 -begin = 12 -end = 1476 +file = "HOME/tests/java/BinarySearch.java" +line = 91 +begin = 23 +end = 34 [JC_44] file = "HOME/tests/java/BinarySearch.java" line = 65 -begin = 18 -end = 50 +begin = 22 +end = 40 [JC_97] -kind = DivByZero -file = "HOME/tests/java/BinarySearch.jc" -line = 115 -begin = 36 -end = 67 +kind = UserCall +file = "HOME/tests/java/BinarySearch.java" +line = 77 +begin = 16 +end = 24 [JC_45] file = "HOME/tests/java/BinarySearch.java" -line = 71 -begin = 17 -end = 96 +line = 65 +begin = 16 +end = 40 [JC_98] file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 23 -end = 29 +line = 82 +begin = 8 +end = 74 [JC_46] file = "HOME/tests/java/BinarySearch.java" -line = 71 -begin = 17 -end = 96 +line = 65 +begin = 16 +end = 29 [JC_1] file = "HOME/tests/java/BinarySearch.jc" -line = 49 -begin = 8 -end = 21 +line = 23 +begin = 12 +end = 22 [JC_100] file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 23 +line = 79 +begin = 17 end = 34 [JC_99] file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 28 -end = 34 +line = 79 +begin = 7 +end = 13 [JC_47] -kind = UserCall file = "HOME/tests/java/BinarySearch.java" -line = 75 -begin = 16 -end = 24 +line = 65 +begin = 22 +end = 40 [JC_2] file = "HOME/" @@ -721,23 +744,22 @@ end = -1 [JC_101] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/BinarySearch.java" +line = 79 +begin = 7 +end = 34 [JC_48] -kind = IndexBounds file = "HOME/tests/java/BinarySearch.java" -line = 75 +line = 65 begin = 16 -end = 24 +end = 40 [JC_3] file = "HOME/tests/java/BinarySearch.jc" -line = 49 -begin = 8 -end = 21 +line = 23 +begin = 12 +end = 22 [JC_102] file = "HOME/" @@ -746,165 +768,212 @@ end = -1 [JC_49] -kind = ArithOverflow -file = "HOME/tests/java/BinarySearch.java" -line = 75 -begin = 16 -end = 28 - -[JC_4] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_103] +[JC_4] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_5] +[JC_103] file = "HOME/tests/java/BinarySearch.jc" -line = 52 -begin = 11 -end = 66 +line = 102 +begin = 12 +end = 1476 -[JC_104] +[JC_5] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_6] +[JC_104] file = "HOME/tests/java/BinarySearch.jc" -line = 51 -begin = 10 -end = 18 +line = 102 +begin = 12 +end = 1476 -[JC_105] +[JC_6] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_7] +[JC_105] +kind = DivByZero file = "HOME/tests/java/BinarySearch.jc" -line = 52 -begin = 11 -end = 66 +line = 118 +begin = 36 +end = 67 -[JC_106] +[JC_7] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_8] -file = "HOME/tests/java/BinarySearch.jc" -line = 51 -begin = 10 -end = 18 +[JC_106] +file = "HOME/tests/java/BinarySearch.java" +line = 91 +begin = 23 +end = 29 -[JC_107] +[JC_8] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_107] +file = "HOME/tests/java/BinarySearch.java" +line = 91 +begin = 28 +end = 34 + [JC_9] +file = "HOME/tests/java/BinarySearch.jc" +line = 52 +begin = 8 +end = 21 + +[JC_108] +file = "HOME/tests/java/BinarySearch.java" +line = 91 +begin = 23 +end = 34 + +[JC_109] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_108] +[JC_50] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_50] -file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 7 -end = 13 - [JC_51] file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 17 -end = 34 +line = 67 +begin = 18 +end = 50 [JC_52] file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 7 -end = 34 +line = 67 +begin = 18 +end = 50 [JC_53] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - +file = "HOME/tests/java/BinarySearch.java" +line = 73 +begin = 17 +end = 96 + [JC_54] -file = "HOME/tests/java/BinarySearch.jc" -line = 99 -begin = 12 -end = 1476 +file = "HOME/tests/java/BinarySearch.java" +line = 73 +begin = 17 +end = 96 [JC_55] -file = "HOME/tests/java/BinarySearch.jc" -line = 99 -begin = 12 -end = 1476 +kind = UserCall +file = "HOME/tests/java/BinarySearch.java" +line = 77 +begin = 16 +end = 24 [JC_56] -kind = ArithOverflow +kind = IndexBounds file = "HOME/tests/java/BinarySearch.java" -line = 86 -begin = 17 -end = 22 +line = 77 +begin = 16 +end = 24 -[JC_57] -kind = DivByZero -file = "HOME/tests/java/BinarySearch.jc" -line = 115 -begin = 36 -end = 67 +[JC_110] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_58] +[JC_57] kind = ArithOverflow file = "HOME/tests/java/BinarySearch.java" -line = 86 +line = 77 begin = 16 -end = 27 +end = 28 + +[JC_111] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_58] +file = "HOME/tests/java/BinarySearch.java" +line = 79 +begin = 7 +end = 13 + +[JC_112] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_59] file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 23 -end = 29 +line = 79 +begin = 17 +end = 34 + +[JC_113] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_114] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_115] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_116] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_60] file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 28 +line = 79 +begin = 7 end = 34 [JC_61] -file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 23 -end = 34 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_62] -kind = PointerDeref -file = "HOME/tests/java/BinarySearch.java" -line = 90 -begin = 9 -end = 13 +file = "HOME/tests/java/BinarySearch.jc" +line = 102 +begin = 12 +end = 1476 [JC_10] file = "HOME/" @@ -913,24 +982,23 @@ end = -1 [JC_63] -kind = ArithOverflow -file = "HOME/tests/java/BinarySearch.java" -line = 90 -begin = 23 -end = 28 +file = "HOME/tests/java/BinarySearch.jc" +line = 102 +begin = 12 +end = 1476 [JC_11] file = "HOME/tests/java/BinarySearch.jc" -line = 55 +line = 52 begin = 8 -end = 30 +end = 21 [JC_64] -kind = PointerDeref +kind = ArithOverflow file = "HOME/tests/java/BinarySearch.java" -line = 91 -begin = 14 -end = 18 +line = 88 +begin = 17 +end = 22 [JC_12] file = "HOME/" @@ -939,112 +1007,115 @@ end = -1 [JC_65] -kind = ArithOverflow -file = "HOME/tests/java/BinarySearch.java" -line = 91 -begin = 28 -end = 33 +kind = DivByZero +file = "HOME/tests/java/BinarySearch.jc" +line = 118 +begin = 36 +end = 67 [JC_13] file = "HOME/tests/java/BinarySearch.jc" line = 55 -begin = 8 -end = 30 +begin = 11 +end = 66 [JC_66] +kind = ArithOverflow file = "HOME/tests/java/BinarySearch.java" -line = 82 -begin = 7 -end = 10 +line = 88 +begin = 16 +end = 27 [JC_14] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/BinarySearch.jc" +line = 54 +begin = 10 +end = 18 [JC_67] -kind = UserCall file = "HOME/tests/java/BinarySearch.java" -line = 75 -begin = 16 -end = 24 +line = 91 +begin = 23 +end = 29 [JC_15] file = "HOME/tests/java/BinarySearch.jc" -line = 58 +line = 55 begin = 11 -end = 103 +end = 66 [JC_68] file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 7 -end = 13 +line = 91 +begin = 28 +end = 34 [JC_16] file = "HOME/tests/java/BinarySearch.jc" -line = 57 +line = 54 begin = 10 end = 18 [JC_69] file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 17 +line = 91 +begin = 23 end = 34 [JC_17] -file = "HOME/tests/java/BinarySearch.jc" -line = 58 -begin = 11 -end = 103 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_18] -file = "HOME/tests/java/BinarySearch.jc" -line = 57 -begin = 10 -end = 18 - -[JC_19] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_19] +file = "HOME/tests/java/BinarySearch.jc" +line = 58 +begin = 8 +end = 30 + [cons_BinarySearch_ensures_default] name = "Constructor of class BinarySearch" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 end = -1 [JC_70] +kind = PointerDeref file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 7 -end = 34 +line = 92 +begin = 9 +end = 13 [JC_71] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = ArithOverflow +file = "HOME/tests/java/BinarySearch.java" +line = 92 +begin = 23 +end = 28 [BinarySearch_binary_search_ensures_default] name = "Method binary_search" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/BinarySearch.java" -line = 74 +line = 76 begin = 15 end = 28 [JC_72] -file = "HOME/tests/java/BinarySearch.jc" -line = 99 -begin = 12 -end = 1476 +kind = PointerDeref +file = "HOME/tests/java/BinarySearch.java" +line = 93 +begin = 14 +end = 18 [JC_20] file = "HOME/" @@ -1053,23 +1124,23 @@ end = -1 [JC_73] -file = "HOME/tests/java/BinarySearch.jc" -line = 99 -begin = 12 -end = 1476 +kind = ArithOverflow +file = "HOME/tests/java/BinarySearch.java" +line = 93 +begin = 28 +end = 33 [JC_21] file = "HOME/tests/java/BinarySearch.jc" -line = 62 +line = 58 begin = 8 -end = 23 +end = 30 [JC_74] -kind = DivByZero -file = "HOME/tests/java/BinarySearch.jc" -line = 115 -begin = 36 -end = 67 +file = "HOME/tests/java/BinarySearch.java" +line = 84 +begin = 7 +end = 10 [JC_22] file = "HOME/" @@ -1086,68 +1157,68 @@ end = -1 [JC_75] +kind = UserCall file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 23 -end = 29 +line = 77 +begin = 16 +end = 24 [JC_23] file = "HOME/tests/java/BinarySearch.jc" -line = 62 -begin = 8 -end = 23 +line = 61 +begin = 11 +end = 103 [BinarySearch_binary_search_ensures_failure] name = "Method binary_search" -behavior = "Normal behavior `failure'" +behavior = "Behavior `failure'" file = "HOME/tests/java/BinarySearch.java" -line = 74 +line = 76 begin = 15 end = 28 [JC_76] file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 28 -end = 34 +line = 79 +begin = 7 +end = 13 [JC_24] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/BinarySearch.jc" +line = 60 +begin = 10 +end = 18 [JC_77] file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 23 +line = 79 +begin = 17 end = 34 [JC_25] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/BinarySearch.jc" +line = 61 +begin = 11 +end = 103 [JC_78] -kind = UserCall file = "HOME/tests/java/BinarySearch.java" -line = 75 -begin = 16 -end = 24 +line = 79 +begin = 7 +end = 34 [JC_26] +file = "HOME/tests/java/BinarySearch.jc" +line = 60 +begin = 10 +end = 18 + +[JC_79] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_79] -file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 7 -end = 13 - [JC_27] file = "HOME/" line = 0 @@ -1162,51 +1233,52 @@ [JC_29] file = "HOME/tests/java/BinarySearch.jc" -line = 64 -begin = 11 -end = 65 +line = 65 +begin = 8 +end = 23 [JC_80] -file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 17 -end = 34 +file = "HOME/tests/java/BinarySearch.jc" +line = 102 +begin = 12 +end = 1476 [JC_81] -file = "HOME/tests/java/BinarySearch.java" -line = 77 -begin = 7 -end = 34 +file = "HOME/tests/java/BinarySearch.jc" +line = 102 +begin = 12 +end = 1476 [JC_82] +kind = DivByZero +file = "HOME/tests/java/BinarySearch.jc" +line = 118 +begin = 36 +end = 67 + +[JC_30] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_30] -file = "HOME/tests/java/BinarySearch.jc" -line = 64 -begin = 11 -end = 65 - [JC_83] -file = "HOME/tests/java/BinarySearch.jc" -line = 99 -begin = 12 -end = 1476 +file = "HOME/tests/java/BinarySearch.java" +line = 91 +begin = 23 +end = 29 [JC_31] -file = "HOME/tests/java/BinarySearch.java" -line = 62 -begin = 17 -end = 26 +file = "HOME/tests/java/BinarySearch.jc" +line = 65 +begin = 8 +end = 23 [JC_84] -file = "HOME/tests/java/BinarySearch.jc" -line = 99 -begin = 12 -end = 1476 +file = "HOME/tests/java/BinarySearch.java" +line = 91 +begin = 28 +end = 34 [JC_32] file = "HOME/" @@ -1215,23 +1287,23 @@ end = -1 [JC_85] -kind = DivByZero -file = "HOME/tests/java/BinarySearch.jc" -line = 115 -begin = 36 -end = 67 +file = "HOME/tests/java/BinarySearch.java" +line = 91 +begin = 23 +end = 34 [JC_33] -file = "HOME/tests/java/BinarySearch.java" -line = 62 -begin = 17 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_86] +kind = UserCall file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 23 -end = 29 +line = 77 +begin = 16 +end = 24 [JC_34] file = "HOME/" @@ -1241,66 +1313,65 @@ [JC_87] file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 28 -end = 34 +line = 79 +begin = 7 +end = 13 [JC_35] -file = "HOME/tests/java/BinarySearch.java" -line = 63 -begin = 16 -end = 29 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_88] file = "HOME/tests/java/BinarySearch.java" -line = 89 -begin = 23 +line = 79 +begin = 17 end = 34 [JC_36] -file = "HOME/tests/java/BinarySearch.java" -line = 63 -begin = 22 -end = 40 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_89] -kind = UserCall file = "HOME/tests/java/BinarySearch.java" -line = 75 -begin = 16 -end = 24 +line = 79 +begin = 7 +end = 34 [JC_37] -file = "HOME/tests/java/BinarySearch.java" -line = 63 -begin = 16 -end = 40 +file = "HOME/tests/java/BinarySearch.jc" +line = 67 +begin = 11 +end = 65 [JC_38] -file = "HOME/tests/java/BinarySearch.java" -line = 63 -begin = 16 -end = 29 +file = "HOME/tests/java/BinarySearch.jc" +line = 67 +begin = 11 +end = 65 [BinarySearch_binary_search_ensures_success] name = "Method binary_search" -behavior = "Normal behavior `success'" +behavior = "Behavior `success'" file = "HOME/tests/java/BinarySearch.java" -line = 74 +line = 76 begin = 15 end = 28 [JC_39] file = "HOME/tests/java/BinarySearch.java" -line = 63 -begin = 22 -end = 40 +line = 64 +begin = 17 +end = 26 [BinarySearch_binary_search_safety] name = "Method binary_search" behavior = "Safety" file = "HOME/tests/java/BinarySearch.java" -line = 74 +line = 76 begin = 15 end = 28 @@ -1325,19 +1396,13 @@ axiom BinarySearch_parenttag_Object : parenttag(BinarySearch_tag, Object_tag) -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_1:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_1), (0)) + ge_int(offset_max(Object_alloc_table, x_1), (0)) predicate Non_null_intM(x_0:Object pointer, Object_alloc_table:Object alloc_table) = @@ -1356,16 +1421,12 @@ axiom Object_tags : (forall x:Object pointer. (forall Object_tag_table:Object tag_table. - instanceof(Object_tag_table, x, Object_tag))) - -exception Return_label_exc of unit + instanceof(Object_tag_table, x, Object_tag))) logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -1379,6 +1440,11 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_byte(byte_of_integer(x)), x))) +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + axiom byte_range : (forall x:byte. (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) @@ -1392,6 +1458,11 @@ ((le_int((0), x) and le_int(x, (65535))) -> eq_int(integer_of_char(char_of_integer(x)), x))) +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + axiom char_range : (forall x:char. (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) @@ -1424,6 +1495,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -1498,6 +1574,11 @@ ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> eq_int(integer_of_long(long_of_integer(x)), x))) +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + axiom long_range : (forall x:long. (le_int((-9223372036854775808), integer_of_long(x)) @@ -1545,6 +1626,11 @@ ((le_int((-32768), x) and le_int(x, (32767))) -> eq_int(integer_of_short(short_of_integer(x)), x))) +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + axiom short_range : (forall x:short. (le_int((-32768), integer_of_short(x)) @@ -1590,36 +1676,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_BinarySearch(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1668,176 +1724,58 @@ t_0:Object pointer -> v:int32 -> { } int32 reads Object_alloc_table,intM_intP - { ((is_sorted(t_0@, Object_alloc_table@, intM_intP@) -> - (JC_46: - (eq_int(integer_of_int32(result), neg_int((1))) -> + { ((is_sorted(t_0, Object_alloc_table@, intM_intP@) -> + (JC_54: + ((integer_of_int32(result) = neg_int((1))) -> (forall k:int. ((le_int((0), k) and lt_int(k, add_int(offset_max(Object_alloc_table, t_0), (1)))) -> - neq_int(integer_of_int32(select(intM_intP, shift(t_0, k))), - integer_of_int32(v))))))) - and ((JC_44: + (integer_of_int32(select(intM_intP, shift(t_0, k))) <> integer_of_int32(v))))))) + and ((JC_52: (ge_int(integer_of_int32(result), (0)) -> - eq_int(integer_of_int32(select(intM_intP, - shift(t_0, integer_of_int32(result)))), + (integer_of_int32(select(intM_intP, + shift(t_0, integer_of_int32(result)))) = integer_of_int32(v)))) - and (JC_40: - ((JC_38: le_int(neg_int((1)), integer_of_int32(result))) - and (JC_39: + and (JC_48: + ((JC_46: le_int(neg_int((1)), integer_of_int32(result))) + and (JC_47: lt_int(integer_of_int32(result), add_int(offset_max(Object_alloc_table, t_0), (1)))))))) } parameter BinarySearch_binary_search_requires : t_0:Object pointer -> v:int32 -> - { (JC_31: Non_null_intM(t_0, Object_alloc_table))} int32 + { (JC_39: Non_null_intM(t_0, Object_alloc_table))} int32 reads Object_alloc_table,intM_intP - { ((is_sorted(t_0@, Object_alloc_table@, intM_intP@) -> - (JC_46: - (eq_int(integer_of_int32(result), neg_int((1))) -> + { ((is_sorted(t_0, Object_alloc_table@, intM_intP@) -> + (JC_54: + ((integer_of_int32(result) = neg_int((1))) -> (forall k:int. ((le_int((0), k) and lt_int(k, add_int(offset_max(Object_alloc_table, t_0), (1)))) -> - neq_int(integer_of_int32(select(intM_intP, shift(t_0, k))), - integer_of_int32(v))))))) - and ((JC_44: + (integer_of_int32(select(intM_intP, shift(t_0, k))) <> integer_of_int32(v))))))) + and ((JC_52: (ge_int(integer_of_int32(result), (0)) -> - eq_int(integer_of_int32(select(intM_intP, - shift(t_0, integer_of_int32(result)))), + (integer_of_int32(select(intM_intP, + shift(t_0, integer_of_int32(result)))) = integer_of_int32(v)))) - and (JC_40: - ((JC_38: le_int(neg_int((1)), integer_of_int32(result))) - and (JC_39: + and (JC_48: + ((JC_46: le_int(neg_int((1)), integer_of_int32(result))) + and (JC_47: lt_int(integer_of_int32(result), add_int(offset_max(Object_alloc_table, t_0), (1)))))))) } -parameter Object_tag_table : Object tag_table ref - -parameter alloc_bitvector_struct_BinarySearch : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_BinarySearch(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_BinarySearch_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_BinarySearch(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Exception_exc of Object pointer -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_intM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_intM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_BinarySearch : n:int -> @@ -2014,6 +1952,10 @@ parameter any_short : unit -> { } short { true } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter byte_of_integer_ : x:int -> { (le_int((-128), x) and le_int(x, (127)))} byte @@ -2038,18 +1980,18 @@ parameter java_array_length_intM : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter java_array_length_intM_requires : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter long_of_integer_ : x:int -> @@ -2059,28 +2001,28 @@ parameter non_null_Object : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_Object_requires : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_intM : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_intM_requires : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } @@ -2107,7 +2049,7 @@ let BinarySearch_binary_search_ensures_default = fun (t_0 : Object pointer) (v : int32) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_33: Non_null_intM(t_0, Object_alloc_table))) } + and (JC_41: Non_null_intM(t_0, Object_alloc_table))) } (init: (let return = ref (any_int32 void) in try @@ -2117,23 +2059,22 @@ ref (K_27: (safe_int32_of_integer_ ((sub_int (K_26: (let jessie_ = t_0 in - (JC_67: + (JC_75: (java_array_length_intM jessie_))))) (1)))) in begin try (loop_2: while true do { invariant - (JC_70: - ((JC_68: le_int((0), integer_of_int32(l))) - and (JC_69: + (JC_78: + ((JC_76: le_int((0), integer_of_int32(l))) + and (JC_77: le_int(integer_of_int32(u), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)))))) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_24: ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u))) @@ -2143,7 +2084,7 @@ begin (let jessie_ = (m := (K_13: - (safe_int32_of_integer_ (JC_74: + (safe_int32_of_integer_ (JC_82: ((computer_div (integer_of_int32 (K_12: (safe_int32_of_integer_ @@ -2152,9 +2093,9 @@ (integer_of_int32 !l)))))) (2)))))) in void); (assert - { (JC_77: - ((JC_75: le_int(integer_of_int32(l), integer_of_int32(m))) - and (JC_76: + { (JC_85: + ((JC_83: le_int(integer_of_int32(l), integer_of_int32(m))) + and (JC_84: le_int(integer_of_int32(m), integer_of_int32(u))))) }; void); (if (K_23: @@ -2178,15 +2119,15 @@ (u := (K_18: (safe_int32_of_integer_ ((sub_int (integer_of_int32 !m)) (1))))) in void) else begin (return := !m); (raise Return) end)) end)) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (return := (K_25: (safe_int32_of_integer_ (neg_int (1))))); (raise Return) end)); absurd end with Return -> !return end)) - { (JC_37: - ((JC_35: le_int(neg_int((1)), integer_of_int32(result))) - and (JC_36: + { (JC_45: + ((JC_43: le_int(neg_int((1)), integer_of_int32(result))) + and (JC_44: lt_int(integer_of_int32(result), add_int(offset_max(Object_alloc_table, t_0), (1)))))) } @@ -2194,7 +2135,7 @@ fun (t_0 : Object pointer) (v : int32) -> { (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_33: Non_null_intM(t_0, Object_alloc_table)))) } + and (JC_41: Non_null_intM(t_0, Object_alloc_table)))) } (init: (let return = ref (any_int32 void) in try @@ -2204,32 +2145,31 @@ ref (K_27: (safe_int32_of_integer_ ((sub_int (K_26: (let jessie_ = t_0 in - (JC_89: + (JC_97: (java_array_length_intM jessie_))))) (1)))) in begin try (loop_4: while true do { invariant - (JC_90: + (JC_98: (forall k_0:int. ((le_int((0), k_0) and lt_int(k_0, add_int(offset_max(Object_alloc_table, t_0), (1)))) -> - (eq_int(integer_of_int32(select(intM_intP, shift(t_0, k_0))), + ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> (le_int(integer_of_int32(l), k_0) and le_int(k_0, integer_of_int32(u))))))) } begin [ { } unit reads Object_alloc_table,l,u - { (JC_93: - ((JC_91: le_int((0), integer_of_int32(l))) - and (JC_92: + { (JC_101: + ((JC_99: le_int((0), integer_of_int32(l))) + and (JC_100: le_int(integer_of_int32(u), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)))))) } ]; try - (let jessie_ = begin (if (K_24: ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u))) @@ -2239,7 +2179,7 @@ begin (let jessie_ = (m := (K_13: - (safe_int32_of_integer_ (JC_97: + (safe_int32_of_integer_ (JC_105: ((computer_div (integer_of_int32 (K_12: (safe_int32_of_integer_ @@ -2248,9 +2188,10 @@ (integer_of_int32 !l)))))) (2)))))) in void); [ { } unit reads l,m,u - { (JC_100: - ((JC_98: le_int(integer_of_int32(l), integer_of_int32(m))) - and (JC_99: + { (JC_108: + ((JC_106: + le_int(integer_of_int32(l), integer_of_int32(m))) + and (JC_107: le_int(integer_of_int32(m), integer_of_int32(u))))) } ]; (if (K_23: ((lt_int_ (integer_of_int32 (K_22: @@ -2273,24 +2214,23 @@ (u := (K_18: (safe_int32_of_integer_ ((sub_int (integer_of_int32 !m)) (1))))) in void) else begin (return := !m); (raise Return) end)) end)) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (return := (K_25: (safe_int32_of_integer_ (neg_int (1))))); (raise Return) end)); absurd end with Return -> !return end)) - { (JC_45: - (eq_int(integer_of_int32(result), neg_int((1))) -> + { (JC_53: + ((integer_of_int32(result) = neg_int((1))) -> (forall k:int. ((le_int((0), k) and lt_int(k, add_int(offset_max(Object_alloc_table, t_0), (1)))) -> - neq_int(integer_of_int32(select(intM_intP, shift(t_0, k))), - integer_of_int32(v)))))) } + (integer_of_int32(select(intM_intP, shift(t_0, k))) <> integer_of_int32(v)))))) } let BinarySearch_binary_search_ensures_success = fun (t_0 : Object pointer) (v : int32) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_33: Non_null_intM(t_0, Object_alloc_table))) } + and (JC_41: Non_null_intM(t_0, Object_alloc_table))) } (init: (let return = ref (any_int32 void) in try @@ -2300,23 +2240,22 @@ ref (K_27: (safe_int32_of_integer_ ((sub_int (K_26: (let jessie_ = t_0 in - (JC_78: + (JC_86: (java_array_length_intM jessie_))))) (1)))) in begin try (loop_3: while true do - { invariant (JC_83: true) } + { invariant (JC_91: true) } begin [ { } unit reads Object_alloc_table,l,u - { (JC_81: - ((JC_79: le_int((0), integer_of_int32(l))) - and (JC_80: + { (JC_89: + ((JC_87: le_int((0), integer_of_int32(l))) + and (JC_88: le_int(integer_of_int32(u), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)))))) } ]; try - (let jessie_ = begin (if (K_24: ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u))) @@ -2326,7 +2265,7 @@ begin (let jessie_ = (m := (K_13: - (safe_int32_of_integer_ (JC_85: + (safe_int32_of_integer_ (JC_93: ((computer_div (integer_of_int32 (K_12: (safe_int32_of_integer_ @@ -2335,9 +2274,9 @@ (integer_of_int32 !l)))))) (2)))))) in void); [ { } unit reads l,m,u - { (JC_88: - ((JC_86: le_int(integer_of_int32(l), integer_of_int32(m))) - and (JC_87: + { (JC_96: + ((JC_94: le_int(integer_of_int32(l), integer_of_int32(m))) + and (JC_95: le_int(integer_of_int32(m), integer_of_int32(u))))) } ]; (if (K_23: ((lt_int_ (integer_of_int32 (K_22: @@ -2360,22 +2299,21 @@ (u := (K_18: (safe_int32_of_integer_ ((sub_int (integer_of_int32 !m)) (1))))) in void) else begin (return := !m); (raise Return) end)) end)) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (return := (K_25: (safe_int32_of_integer_ (neg_int (1))))); (raise Return) end)); absurd end with Return -> !return end)) - { (JC_43: + { (JC_51: (ge_int(integer_of_int32(result), (0)) -> - eq_int(integer_of_int32(select(intM_intP, - shift(t_0, integer_of_int32(result)))), - integer_of_int32(v)))) } + (integer_of_int32(select(intM_intP, + shift(t_0, integer_of_int32(result)))) = integer_of_int32(v)))) } let BinarySearch_binary_search_safety = fun (t_0 : Object pointer) (v : int32) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_33: Non_null_intM(t_0, Object_alloc_table))) } + and (JC_41: Non_null_intM(t_0, Object_alloc_table))) } (init: (let return = ref (any_int32 void) in try @@ -2383,32 +2321,31 @@ (let l = ref (safe_int32_of_integer_ (K_28: (0))) in (let u = ref (K_27: - (JC_49: + (JC_57: (int32_of_integer_ ((sub_int (K_26: (let jessie_ = t_0 in - (JC_48: + (JC_56: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_47: + (JC_55: (java_array_length_intM_requires jessie_))))))) (1))))) in begin try (loop_1: while true do - { invariant (JC_54: true) - variant (JC_66 : sub_int(integer_of_int32(u), integer_of_int32(l))) } + { invariant (JC_62: true) + variant (JC_74 : sub_int(integer_of_int32(u), integer_of_int32(l))) } begin [ { } unit reads Object_alloc_table,l,u - { (JC_52: - ((JC_50: le_int((0), integer_of_int32(l))) - and (JC_51: + { (JC_60: + ((JC_58: le_int((0), integer_of_int32(l))) + and (JC_59: le_int(integer_of_int32(u), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)))))) } ]; try - (let jessie_ = begin (if (K_24: ((le_int_ (integer_of_int32 !l)) (integer_of_int32 !u))) @@ -2418,48 +2355,48 @@ begin (let jessie_ = (m := (K_13: - (JC_58: - (int32_of_integer_ (JC_57: + (JC_66: + (int32_of_integer_ (JC_65: ((computer_div_ (integer_of_int32 (K_12: - (JC_56: + (JC_64: (int32_of_integer_ ((add_int (integer_of_int32 !u)) (integer_of_int32 !l))))))) (2))))))) in void); [ { } unit reads l,m,u - { (JC_61: - ((JC_59: le_int(integer_of_int32(l), integer_of_int32(m))) - and (JC_60: + { (JC_69: + ((JC_67: le_int(integer_of_int32(l), integer_of_int32(m))) + and (JC_68: le_int(integer_of_int32(m), integer_of_int32(u))))) } ]; (if (K_23: ((lt_int_ (integer_of_int32 (K_22: - (JC_62: + (JC_70: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) (integer_of_int32 !m)))))) (integer_of_int32 v))) then (let jessie_ = (l := (K_21: - (JC_63: + (JC_71: (int32_of_integer_ ((add_int (integer_of_int32 !m)) (1)))))) in void) else (if (K_20: ((gt_int_ (integer_of_int32 (K_19: - (JC_64: + (JC_72: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) (integer_of_int32 !m)))))) (integer_of_int32 v))) then (let jessie_ = (u := (K_18: - (JC_65: + (JC_73: (int32_of_integer_ ((sub_int (integer_of_int32 !m)) (1)))))) in void) else begin (return := !m); (raise Return) end)) end)) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (return := (K_25: (safe_int32_of_integer_ (neg_int (1))))); @@ -2470,7 +2407,7 @@ fun (this_0 : Object pointer) -> { valid_struct_BinarySearch(this_0, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_105: true) } + { (JC_113: true) } let cons_BinarySearch_safety = fun (this_0 : Object pointer) -> @@ -2485,176 +2422,176 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -3619,7 +3556,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -3657,6 +3594,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -3669,6 +3610,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -3701,6 +3646,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -3773,6 +3723,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -3821,6 +3775,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -3865,36 +3824,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_BinarySearch(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -3935,35 +3864,50 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/BinarySearch_po1.why ========== +goal BinarySearch_binary_search_ensures_default_po_1: + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + ("JC_78": ("JC_76": (0 <= integer_of_int32(result)))) + ========== file tests/java/why/BinarySearch_po10.why ========== goal BinarySearch_binary_search_ensures_default_po_10: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) > integer_of_int32(u)) -> forall result2:int32. (integer_of_int32(result2) = (-1)) -> forall return:int32. (return = result2) -> - ("JC_37": - ("JC_36": - ("JC_36": (integer_of_int32(return) < (offset_max(Object_alloc_table, - t_0) + 1))))) + ("JC_45": + ("JC_44": (integer_of_int32(return) < (offset_max(Object_alloc_table, + t_0) + 1)))) ========== file tests/java/why/BinarySearch_po11.why ========== goal BinarySearch_binary_search_ensures_failure_po_1: @@ -3974,11 +3918,11 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. @@ -3987,7 +3931,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (integer_of_int32(result) <= k_0)) + ("JC_98": (integer_of_int32(result) <= k_0)) ========== file tests/java/why/BinarySearch_po12.why ========== goal BinarySearch_binary_search_ensures_failure_po_2: @@ -3998,11 +3942,11 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. @@ -4011,7 +3955,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (k_0 <= integer_of_int32(result1))) + ("JC_98": (k_0 <= integer_of_int32(result1))) ========== file tests/java/why/BinarySearch_po13.why ========== goal BinarySearch_binary_search_ensures_failure_po_3: @@ -4022,26 +3966,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -4050,9 +3994,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_100": - (("JC_98": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_99": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_108": + (("JC_106": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_107": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) < integer_of_int32(v)) -> @@ -4064,7 +4008,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (integer_of_int32(l0) <= k_0)) + ("JC_98": (integer_of_int32(l0) <= k_0)) ========== file tests/java/why/BinarySearch_po14.why ========== goal BinarySearch_binary_search_ensures_failure_po_4: @@ -4075,26 +4019,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -4103,9 +4047,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_100": - (("JC_98": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_99": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_108": + (("JC_106": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_107": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) < integer_of_int32(v)) -> @@ -4117,7 +4061,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (k_0 <= integer_of_int32(u))) + ("JC_98": (k_0 <= integer_of_int32(u))) ========== file tests/java/why/BinarySearch_po15.why ========== goal BinarySearch_binary_search_ensures_failure_po_5: @@ -4128,26 +4072,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -4156,9 +4100,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_100": - (("JC_98": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_99": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_108": + (("JC_106": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_107": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -4173,7 +4117,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (integer_of_int32(l) <= k_0)) + ("JC_98": (integer_of_int32(l) <= k_0)) ========== file tests/java/why/BinarySearch_po16.why ========== goal BinarySearch_binary_search_ensures_failure_po_6: @@ -4184,26 +4128,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -4212,9 +4156,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_100": - (("JC_98": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_99": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_108": + (("JC_106": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_107": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -4229,7 +4173,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (k_0 <= integer_of_int32(u0))) + ("JC_98": (k_0 <= integer_of_int32(u0))) ========== file tests/java/why/BinarySearch_po17.why ========== goal BinarySearch_binary_search_ensures_failure_po_7: @@ -4240,26 +4184,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -4268,9 +4212,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_100": - (("JC_98": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_99": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_108": + (("JC_106": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_107": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -4282,7 +4226,7 @@ (integer_of_int32(return) = (-1)) -> forall k:int. ((0 <= k) and (k < (offset_max(Object_alloc_table, t_0) + 1))) -> - ("JC_45": (integer_of_int32(select(intM_intP, shift(t_0, + ("JC_53": (integer_of_int32(select(intM_intP, shift(t_0, k))) <> integer_of_int32(v))) ========== file tests/java/why/BinarySearch_po18.why ========== @@ -4294,26 +4238,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) > integer_of_int32(u)) -> forall result2:int32. @@ -4323,7 +4267,7 @@ (integer_of_int32(return) = (-1)) -> forall k:int. ((0 <= k) and (k < (offset_max(Object_alloc_table, t_0) + 1))) -> - ("JC_45": (integer_of_int32(select(intM_intP, shift(t_0, + ("JC_53": (integer_of_int32(select(intM_intP, shift(t_0, k))) <> integer_of_int32(v))) ========== file tests/java/why/BinarySearch_po19.why ========== @@ -4334,21 +4278,21 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_83": true) -> - ("JC_81": - (("JC_79": (0 <= integer_of_int32(l))) and - ("JC_80": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_91": true) -> + ("JC_89": + (("JC_87": (0 <= integer_of_int32(l))) and + ("JC_88": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -4357,9 +4301,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_88": - (("JC_86": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_87": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_96": + (("JC_94": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_95": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -4369,24 +4313,26 @@ forall return:int32. (return = m) -> (integer_of_int32(return) >= 0) -> - ("JC_43": (integer_of_int32(select(intM_intP, shift(t_0, + ("JC_51": (integer_of_int32(select(intM_intP, shift(t_0, integer_of_int32(return)))) = integer_of_int32(v))) -========== file tests/java/why/BinarySearch_po1.why ========== -goal BinarySearch_binary_search_ensures_default_po_1: +========== file tests/java/why/BinarySearch_po2.why ========== +goal BinarySearch_binary_search_ensures_default_po_2: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> - ("JC_70": ("JC_68": ("JC_68": (0 <= integer_of_int32(result))))) + ("JC_78": + ("JC_77": (integer_of_int32(result1) <= ((offset_max(Object_alloc_table, + t_0) + 1) - 1)))) ========== file tests/java/why/BinarySearch_po20.why ========== goal BinarySearch_binary_search_ensures_success_po_2: @@ -4396,21 +4342,21 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_83": true) -> - ("JC_81": - (("JC_79": (0 <= integer_of_int32(l))) and - ("JC_80": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_91": true) -> + ("JC_89": + (("JC_87": (0 <= integer_of_int32(l))) and + ("JC_88": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) > integer_of_int32(u)) -> forall result2:int32. @@ -4418,7 +4364,7 @@ forall return:int32. (return = result2) -> (integer_of_int32(return) >= 0) -> - ("JC_43": (integer_of_int32(select(intM_intP, shift(t_0, + ("JC_51": (integer_of_int32(select(intM_intP, shift(t_0, integer_of_int32(return)))) = integer_of_int32(v))) ========== file tests/java/why/BinarySearch_po21.why ========== @@ -4426,7 +4372,7 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) @@ -4436,12 +4382,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> ((-2147483648) <= (result0 - 1)) @@ -4451,12 +4397,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> ((result0 - 1) <= 2147483647) @@ -4466,12 +4412,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4479,10 +4425,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> ((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) @@ -4492,12 +4438,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4505,10 +4451,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> ((integer_of_int32(u) + integer_of_int32(l)) <= 2147483647) @@ -4518,12 +4464,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4531,10 +4477,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -4548,12 +4494,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4561,10 +4507,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -4581,12 +4527,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4594,10 +4540,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -4614,12 +4560,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4627,10 +4573,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -4645,41 +4591,51 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> (offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) -========== file tests/java/why/BinarySearch_po2.why ========== -goal BinarySearch_binary_search_ensures_default_po_2: +========== file tests/java/why/BinarySearch_po3.why ========== +goal BinarySearch_binary_search_ensures_default_po_3: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> - ("JC_70": - ("JC_69": - ("JC_69": (integer_of_int32(result1) <= ((offset_max(Object_alloc_table, - t_0) + 1) - 1))))) + forall l:int32. + forall u:int32. + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + t_0) + 1) - 1))))) -> + (integer_of_int32(l) <= integer_of_int32(u)) -> + forall result2:int32. + (integer_of_int32(result2) = (integer_of_int32(u) + integer_of_int32(l))) -> + forall result3:int32. + (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> + forall m:int32. + (m = result3) -> + ("JC_85": ("JC_83": (integer_of_int32(l) <= integer_of_int32(m)))) ========== file tests/java/why/BinarySearch_po30.why ========== goal BinarySearch_binary_search_safety_po_10: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4687,10 +4643,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -4705,9 +4661,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0)) ========== file tests/java/why/BinarySearch_po31.why ========== @@ -4718,12 +4674,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4731,10 +4687,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -4749,9 +4705,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -4767,12 +4723,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4780,10 +4736,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -4798,9 +4754,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -4816,12 +4772,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4829,10 +4785,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -4847,9 +4803,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -4861,7 +4817,7 @@ (integer_of_int32(result6) = (integer_of_int32(m) + 1)) -> forall l0:int32. (l0 = result6) -> - (0 <= ("JC_66": (integer_of_int32(u) - integer_of_int32(l)))) + (0 <= ("JC_74": (integer_of_int32(u) - integer_of_int32(l)))) ========== file tests/java/why/BinarySearch_po34.why ========== goal BinarySearch_binary_search_safety_po_14: @@ -4871,12 +4827,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4884,10 +4840,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -4902,9 +4858,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -4916,7 +4872,7 @@ (integer_of_int32(result6) = (integer_of_int32(m) + 1)) -> forall l0:int32. (l0 = result6) -> - (("JC_66": (integer_of_int32(u) - integer_of_int32(l0))) < ("JC_66": + (("JC_74": (integer_of_int32(u) - integer_of_int32(l0))) < ("JC_74": (integer_of_int32(u) - integer_of_int32(l)))) ========== file tests/java/why/BinarySearch_po35.why ========== @@ -4927,12 +4883,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4940,10 +4896,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -4958,9 +4914,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -4981,12 +4937,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -4994,10 +4950,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -5012,9 +4968,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -5035,12 +4991,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -5048,10 +5004,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -5066,9 +5022,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -5085,7 +5041,7 @@ (integer_of_int32(result7) = (integer_of_int32(m) - 1)) -> forall u0:int32. (u0 = result7) -> - (0 <= ("JC_66": (integer_of_int32(u) - integer_of_int32(l)))) + (0 <= ("JC_74": (integer_of_int32(u) - integer_of_int32(l)))) ========== file tests/java/why/BinarySearch_po38.why ========== goal BinarySearch_binary_search_safety_po_18: @@ -5095,12 +5051,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -5108,10 +5064,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -5126,9 +5082,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -5145,58 +5101,28 @@ (integer_of_int32(result7) = (integer_of_int32(m) - 1)) -> forall u0:int32. (u0 = result7) -> - (("JC_66": (integer_of_int32(u0) - integer_of_int32(l))) < ("JC_66": + (("JC_74": (integer_of_int32(u0) - integer_of_int32(l))) < ("JC_74": (integer_of_int32(u) - integer_of_int32(l)))) -========== file tests/java/why/BinarySearch_po3.why ========== -goal BinarySearch_binary_search_ensures_default_po_3: - forall t_0:Object pointer. - forall Object_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> - forall result:int32. - (integer_of_int32(result) = 0) -> - forall result0:int. - ("JC_17": - ((result0 <= 2147483647) and - ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> - forall result1:int32. - (integer_of_int32(result1) = (result0 - 1)) -> - forall l:int32. - forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, - t_0) + 1) - 1))))) -> - (integer_of_int32(l) <= integer_of_int32(u)) -> - forall result2:int32. - (integer_of_int32(result2) = (integer_of_int32(u) + integer_of_int32(l))) -> - forall result3:int32. - (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> - forall m:int32. - (m = result3) -> - ("JC_77": - ("JC_75": ("JC_75": (integer_of_int32(l) <= integer_of_int32(m))))) - ========== file tests/java/why/BinarySearch_po4.why ========== goal BinarySearch_binary_search_ensures_default_po_4: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -5205,8 +5131,7 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - ("JC_76": ("JC_76": (integer_of_int32(m) <= integer_of_int32(u))))) + ("JC_85": ("JC_84": (integer_of_int32(m) <= integer_of_int32(u)))) ========== file tests/java/why/BinarySearch_po5.why ========== goal BinarySearch_binary_search_ensures_default_po_5: @@ -5216,20 +5141,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -5238,9 +5163,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - (("JC_75": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_76": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_85": + (("JC_83": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_84": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) < integer_of_int32(v)) -> @@ -5248,7 +5173,7 @@ (integer_of_int32(result5) = (integer_of_int32(m) + 1)) -> forall l0:int32. (l0 = result5) -> - ("JC_70": ("JC_68": ("JC_68": (0 <= integer_of_int32(l0))))) + ("JC_78": ("JC_76": (0 <= integer_of_int32(l0)))) ========== file tests/java/why/BinarySearch_po6.why ========== goal BinarySearch_binary_search_ensures_default_po_6: @@ -5258,20 +5183,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -5280,9 +5205,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - (("JC_75": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_76": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_85": + (("JC_83": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_84": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -5293,10 +5218,9 @@ (integer_of_int32(result6) = (integer_of_int32(m) - 1)) -> forall u0:int32. (u0 = result6) -> - ("JC_70": - ("JC_69": - ("JC_69": (integer_of_int32(u0) <= ((offset_max(Object_alloc_table, - t_0) + 1) - 1))))) + ("JC_78": + ("JC_77": (integer_of_int32(u0) <= ((offset_max(Object_alloc_table, + t_0) + 1) - 1)))) ========== file tests/java/why/BinarySearch_po7.why ========== goal BinarySearch_binary_search_ensures_default_po_7: @@ -5306,20 +5230,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -5328,9 +5252,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - (("JC_75": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_76": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_85": + (("JC_83": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_84": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -5339,7 +5263,7 @@ (integer_of_int32(result5) <= integer_of_int32(v)) -> forall return:int32. (return = m) -> - ("JC_37": ("JC_35": ("JC_35": ((-1) <= integer_of_int32(return))))) + ("JC_45": ("JC_43": ((-1) <= integer_of_int32(return)))) ========== file tests/java/why/BinarySearch_po8.why ========== goal BinarySearch_binary_search_ensures_default_po_8: @@ -5349,20 +5273,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -5371,9 +5295,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - (("JC_75": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_76": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_85": + (("JC_83": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_84": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -5382,37 +5306,36 @@ (integer_of_int32(result5) <= integer_of_int32(v)) -> forall return:int32. (return = m) -> - ("JC_37": - ("JC_36": - ("JC_36": (integer_of_int32(return) < (offset_max(Object_alloc_table, - t_0) + 1))))) + ("JC_45": + ("JC_44": (integer_of_int32(return) < (offset_max(Object_alloc_table, + t_0) + 1)))) ========== file tests/java/why/BinarySearch_po9.why ========== goal BinarySearch_binary_search_ensures_default_po_9: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) > integer_of_int32(u)) -> forall result2:int32. (integer_of_int32(result2) = (-1)) -> forall return:int32. (return = result2) -> - ("JC_37": ("JC_35": ("JC_35": ((-1) <= integer_of_int32(return))))) + ("JC_45": ("JC_43": ((-1) <= integer_of_int32(return)))) ========== generation of Simplify VC output ========== why -simplify [...] why/BinarySearch.why @@ -6240,7 +6163,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_1) 0)) + (>= (offset_max Object_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_alloc_table) (>= (offset_max Object_alloc_table x_0) (- 0 1))) @@ -6276,6 +6199,11 @@ (EQ (integer_of_byte (byte_of_integer x)) x)))) (BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom byte_range (FORALL (x) (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) @@ -6287,6 +6215,11 @@ (EQ (integer_of_char (char_of_integer x)) x)))) (BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom char_range (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) @@ -6309,6 +6242,11 @@ (EQ (integer_of_int32 (int32_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int32_range (FORALL (x) (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) @@ -6376,6 +6314,11 @@ (EQ (integer_of_long (long_of_integer x)) x)))) (BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom long_range (FORALL (x) (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) @@ -6417,6 +6360,11 @@ (EQ (integer_of_short (short_of_integer x)) x)))) (BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom short_range (FORALL (x) (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) @@ -6452,29 +6400,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_BinarySearch p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -6506,7 +6431,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; BinarySearch_binary_search_ensures_default_po_1, File "HOME/tests/java/BinarySearch.java", line 77, characters 7-13 +;; BinarySearch_binary_search_ensures_default_po_1, File "HOME/tests/java/BinarySearch.java", line 79, characters 7-13 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -6521,7 +6446,7 @@ (IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) (<= 0 (integer_of_int32 result))))))))))) -;; BinarySearch_binary_search_ensures_default_po_2, File "HOME/tests/java/BinarySearch.java", line 77, characters 17-34 +;; BinarySearch_binary_search_ensures_default_po_2, File "HOME/tests/java/BinarySearch.java", line 79, characters 17-34 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -6536,7 +6461,7 @@ (IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) (<= (integer_of_int32 result1) (- (+ (offset_max Object_alloc_table t_0) 1) 1))))))))))) -;; BinarySearch_binary_search_ensures_default_po_3, File "HOME/tests/java/BinarySearch.java", line 89, characters 23-29 +;; BinarySearch_binary_search_ensures_default_po_3, File "HOME/tests/java/BinarySearch.java", line 91, characters 23-29 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -6563,7 +6488,7 @@ (FORALL (m) (IMPLIES (EQ m result3) (<= (integer_of_int32 l) (integer_of_int32 m))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_4, File "HOME/tests/java/BinarySearch.java", line 89, characters 28-34 +;; BinarySearch_binary_search_ensures_default_po_4, File "HOME/tests/java/BinarySearch.java", line 91, characters 28-34 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -6590,7 +6515,7 @@ (FORALL (m) (IMPLIES (EQ m result3) (<= (integer_of_int32 m) (integer_of_int32 u))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_5, File "HOME/tests/java/BinarySearch.java", line 77, characters 7-13 +;; BinarySearch_binary_search_ensures_default_po_5, File "HOME/tests/java/BinarySearch.java", line 79, characters 7-13 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -6627,7 +6552,7 @@ (IMPLIES (EQ (integer_of_int32 result5) (+ (integer_of_int32 m) 1)) (FORALL (l0) (IMPLIES (EQ l0 result5) (<= 0 (integer_of_int32 l0))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_6, File "HOME/tests/java/BinarySearch.java", line 77, characters 17-34 +;; BinarySearch_binary_search_ensures_default_po_6, File "HOME/tests/java/BinarySearch.java", line 79, characters 17-34 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -6669,7 +6594,7 @@ (IMPLIES (EQ u0 result6) (<= (integer_of_int32 u0) (- (+ (offset_max Object_alloc_table t_0) 1) 1)))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_7, File "HOME/tests/java/BinarySearch.java", line 63, characters 16-29 +;; BinarySearch_binary_search_ensures_default_po_7, File "HOME/tests/java/BinarySearch.java", line 65, characters 16-29 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -6708,7 +6633,7 @@ (FORALL (return) (IMPLIES (EQ return m) (<= (- 0 1) (integer_of_int32 return)))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_8, File "HOME/tests/java/BinarySearch.java", line 63, characters 22-40 +;; BinarySearch_binary_search_ensures_default_po_8, File "HOME/tests/java/BinarySearch.java", line 65, characters 22-40 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -6748,7 +6673,7 @@ (IMPLIES (EQ return m) (< (integer_of_int32 return) (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_9, File "HOME/tests/java/BinarySearch.java", line 63, characters 16-29 +;; BinarySearch_binary_search_ensures_default_po_9, File "HOME/tests/java/BinarySearch.java", line 65, characters 16-29 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -6771,7 +6696,7 @@ (FORALL (return) (IMPLIES (EQ return result2) (<= (- 0 1) (integer_of_int32 return))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_10, File "HOME/tests/java/BinarySearch.java", line 63, characters 22-40 +;; BinarySearch_binary_search_ensures_default_po_10, File "HOME/tests/java/BinarySearch.java", line 65, characters 22-40 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -6795,7 +6720,7 @@ (IMPLIES (EQ return result2) (< (integer_of_int32 return) (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_1, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_1, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -6817,7 +6742,7 @@ (integer_of_int32 v)) (<= (integer_of_int32 result) k_0))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_2, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_2, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -6839,7 +6764,7 @@ (integer_of_int32 v)) (<= k_0 (integer_of_int32 result1)))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_3, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_3, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -6890,7 +6815,7 @@ (integer_of_int32 v)) (<= (integer_of_int32 l0) k_0)))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_4, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_4, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -6941,7 +6866,7 @@ (integer_of_int32 v)) (<= k_0 (integer_of_int32 u))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_5, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_5, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -6995,7 +6920,7 @@ (integer_of_int32 v)) (<= (integer_of_int32 l) k_0))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_6, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_6, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7049,7 +6974,7 @@ (integer_of_int32 v)) (<= k_0 (integer_of_int32 u0)))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_7, File "HOME/tests/java/BinarySearch.java", line 71, characters 17-96 +;; BinarySearch_binary_search_ensures_failure_po_7, File "HOME/tests/java/BinarySearch.java", line 73, characters 17-96 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7101,7 +7026,7 @@ (NEQ (integer_of_int32 (select intM_intP (shift t_0 k))) (integer_of_int32 v)))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_8, File "HOME/tests/java/BinarySearch.java", line 71, characters 17-96 +;; BinarySearch_binary_search_ensures_failure_po_8, File "HOME/tests/java/BinarySearch.java", line 73, characters 17-96 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7139,7 +7064,7 @@ (NEQ (integer_of_int32 (select intM_intP (shift t_0 k))) (integer_of_int32 v))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_success_po_1, File "HOME/tests/java/BinarySearch.java", line 65, characters 18-50 +;; BinarySearch_binary_search_ensures_success_po_1, File "HOME/tests/java/BinarySearch.java", line 67, characters 18-50 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7183,7 +7108,7 @@ (select intM_intP (shift t_0 (integer_of_int32 return)))) (integer_of_int32 v)))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_success_po_2, File "HOME/tests/java/BinarySearch.java", line 65, characters 18-50 +;; BinarySearch_binary_search_ensures_success_po_2, File "HOME/tests/java/BinarySearch.java", line 67, characters 18-50 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7213,7 +7138,7 @@ (select intM_intP (shift t_0 (integer_of_int32 return)))) (integer_of_int32 v))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_1, File "why/BinarySearch.why", line 1084, characters 40-181 +;; BinarySearch_binary_search_safety_po_1, File "why/BinarySearch.why", line 951, characters 40-181 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -7222,7 +7147,7 @@ (IMPLIES (EQ (integer_of_int32 result) 0) (>= (offset_max Object_alloc_table t_0) (- 0 1))))))) -;; BinarySearch_binary_search_safety_po_2, File "HOME/tests/java/BinarySearch.java", line 75, characters 16-28 +;; BinarySearch_binary_search_safety_po_2, File "HOME/tests/java/BinarySearch.java", line 77, characters 16-28 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -7236,7 +7161,7 @@ (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) (<= (- 0 constant_too_large_2147483648) (- result0 1)))))))))) -;; BinarySearch_binary_search_safety_po_3, File "HOME/tests/java/BinarySearch.java", line 75, characters 16-28 +;; BinarySearch_binary_search_safety_po_3, File "HOME/tests/java/BinarySearch.java", line 77, characters 16-28 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -7250,7 +7175,7 @@ (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) (<= (- result0 1) constant_too_large_2147483647))))))))) -;; BinarySearch_binary_search_safety_po_4, File "HOME/tests/java/BinarySearch.java", line 86, characters 17-22 +;; BinarySearch_binary_search_safety_po_4, File "HOME/tests/java/BinarySearch.java", line 88, characters 17-22 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -7275,7 +7200,7 @@ (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 u) (integer_of_int32 l))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_5, File "HOME/tests/java/BinarySearch.java", line 86, characters 17-22 +;; BinarySearch_binary_search_safety_po_5, File "HOME/tests/java/BinarySearch.java", line 88, characters 17-22 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -7299,7 +7224,7 @@ (IMPLIES (<= (integer_of_int32 l) (integer_of_int32 u)) (<= (+ (integer_of_int32 u) (integer_of_int32 l)) constant_too_large_2147483647))))))))))))))))) -;; BinarySearch_binary_search_safety_po_6, File "HOME/tests/java/BinarySearch.jc", line 115, characters 36-67 +;; BinarySearch_binary_search_safety_po_6, File "HOME/tests/java/BinarySearch.jc", line 118, characters 36-67 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -7330,7 +7255,7 @@ (+ (integer_of_int32 u) (integer_of_int32 l))) (NEQ 2 0)))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_7, File "HOME/tests/java/BinarySearch.java", line 86, characters 16-27 +;; BinarySearch_binary_search_safety_po_7, File "HOME/tests/java/BinarySearch.java", line 88, characters 16-27 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -7364,7 +7289,7 @@ (IMPLIES (EQ result3 (computer_div (integer_of_int32 result2) 2)) (<= (- 0 constant_too_large_2147483648) result3))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_8, File "HOME/tests/java/BinarySearch.java", line 86, characters 16-27 +;; BinarySearch_binary_search_safety_po_8, File "HOME/tests/java/BinarySearch.java", line 88, characters 16-27 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -7398,7 +7323,7 @@ (IMPLIES (EQ result3 (computer_div (integer_of_int32 result2) 2)) (<= result3 constant_too_large_2147483647))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_9, File "HOME/tests/java/BinarySearch.java", line 90, characters 9-13 +;; BinarySearch_binary_search_safety_po_9, File "HOME/tests/java/BinarySearch.java", line 92, characters 9-13 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -7440,7 +7365,7 @@ (<= (integer_of_int32 m) (integer_of_int32 u))) (<= (offset_min Object_alloc_table t_0) (integer_of_int32 m)))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_10, File "HOME/tests/java/BinarySearch.java", line 90, characters 9-13 +;; BinarySearch_binary_search_safety_po_10, File "HOME/tests/java/BinarySearch.java", line 92, characters 9-13 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -7482,7 +7407,7 @@ (<= (integer_of_int32 m) (integer_of_int32 u))) (<= (integer_of_int32 m) (offset_max Object_alloc_table t_0)))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_11, File "HOME/tests/java/BinarySearch.java", line 90, characters 23-28 +;; BinarySearch_binary_search_safety_po_11, File "HOME/tests/java/BinarySearch.java", line 92, characters 23-28 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7531,7 +7456,7 @@ (IMPLIES (< (integer_of_int32 result5) (integer_of_int32 v)) (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 m) 1)))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_12, File "HOME/tests/java/BinarySearch.java", line 90, characters 23-28 +;; BinarySearch_binary_search_safety_po_12, File "HOME/tests/java/BinarySearch.java", line 92, characters 23-28 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7580,7 +7505,7 @@ (IMPLIES (< (integer_of_int32 result5) (integer_of_int32 v)) (<= (+ (integer_of_int32 m) 1) constant_too_large_2147483647))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_13, File "HOME/tests/java/BinarySearch.java", line 82, characters 7-10 +;; BinarySearch_binary_search_safety_po_13, File "HOME/tests/java/BinarySearch.java", line 84, characters 7-10 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7636,7 +7561,7 @@ (IMPLIES (EQ l0 result6) (<= 0 (- (integer_of_int32 u) (integer_of_int32 l)))))))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_14, File "HOME/tests/java/BinarySearch.java", line 82, characters 7-10 +;; BinarySearch_binary_search_safety_po_14, File "HOME/tests/java/BinarySearch.java", line 84, characters 7-10 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7693,7 +7618,7 @@ (< (- (integer_of_int32 u) (integer_of_int32 l0)) (- (integer_of_int32 u) (integer_of_int32 l)))))))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_15, File "HOME/tests/java/BinarySearch.java", line 91, characters 28-33 +;; BinarySearch_binary_search_safety_po_15, File "HOME/tests/java/BinarySearch.java", line 93, characters 28-33 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7747,7 +7672,7 @@ (IMPLIES (> (integer_of_int32 result6) (integer_of_int32 v)) (<= (- 0 constant_too_large_2147483648) (- (integer_of_int32 m) 1)))))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_16, File "HOME/tests/java/BinarySearch.java", line 91, characters 28-33 +;; BinarySearch_binary_search_safety_po_16, File "HOME/tests/java/BinarySearch.java", line 93, characters 28-33 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7801,7 +7726,7 @@ (IMPLIES (> (integer_of_int32 result6) (integer_of_int32 v)) (<= (- (integer_of_int32 m) 1) constant_too_large_2147483647))))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_17, File "HOME/tests/java/BinarySearch.java", line 82, characters 7-10 +;; BinarySearch_binary_search_safety_po_17, File "HOME/tests/java/BinarySearch.java", line 84, characters 7-10 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7862,7 +7787,7 @@ (IMPLIES (EQ u0 result7) (<= 0 (- (integer_of_int32 u) (integer_of_int32 l)))))))))))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_18, File "HOME/tests/java/BinarySearch.java", line 82, characters 7-10 +;; BinarySearch_binary_search_safety_po_18, File "HOME/tests/java/BinarySearch.java", line 84, characters 7-10 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -7927,12 +7852,12 @@ ========== running Simplify ========== Running Simplify on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -simplify/BinarySearch_why.sx : .....................#..?.........#... (35/0/1/2/0) +simplify/BinarySearch_why.sx : .....................#..?.........?... (35/0/2/1/0) total : 38 valid : 35 ( 92%) invalid : 0 ( 0%) -unknown : 1 ( 3%) -timeout : 2 ( 5%) +unknown : 2 ( 5%) +timeout : 1 ( 3%) failure : 0 ( 0%) ========== generation of alt-ergo VC output ========== why -alt-ergo [...] why/BinarySearch.why @@ -8892,7 +8817,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -8930,6 +8855,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -8942,6 +8871,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -8974,6 +8907,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -9046,6 +8984,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -9094,6 +9036,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -9138,36 +9085,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_BinarySearch(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -9212,53 +9129,52 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> - ("JC_70": ("JC_68": ("JC_68": (0 <= integer_of_int32(result))))) + ("JC_78": ("JC_76": (0 <= integer_of_int32(result)))) goal BinarySearch_binary_search_ensures_default_po_2: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> - ("JC_70": - ("JC_69": - ("JC_69": (integer_of_int32(result1) <= ((offset_max(Object_alloc_table, - t_0) + 1) - 1))))) + ("JC_78": + ("JC_77": (integer_of_int32(result1) <= ((offset_max(Object_alloc_table, + t_0) + 1) - 1)))) goal BinarySearch_binary_search_ensures_default_po_3: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9267,27 +9183,26 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - ("JC_75": ("JC_75": (integer_of_int32(l) <= integer_of_int32(m))))) + ("JC_85": ("JC_83": (integer_of_int32(l) <= integer_of_int32(m)))) goal BinarySearch_binary_search_ensures_default_po_4: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9296,8 +9211,7 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - ("JC_76": ("JC_76": (integer_of_int32(m) <= integer_of_int32(u))))) + ("JC_85": ("JC_84": (integer_of_int32(m) <= integer_of_int32(u)))) goal BinarySearch_binary_search_ensures_default_po_5: forall t_0:Object pointer. @@ -9306,20 +9220,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9328,9 +9242,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - (("JC_75": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_76": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_85": + (("JC_83": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_84": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) < integer_of_int32(v)) -> @@ -9338,7 +9252,7 @@ (integer_of_int32(result5) = (integer_of_int32(m) + 1)) -> forall l0:int32. (l0 = result5) -> - ("JC_70": ("JC_68": ("JC_68": (0 <= integer_of_int32(l0))))) + ("JC_78": ("JC_76": (0 <= integer_of_int32(l0)))) goal BinarySearch_binary_search_ensures_default_po_6: forall t_0:Object pointer. @@ -9347,20 +9261,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9369,9 +9283,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - (("JC_75": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_76": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_85": + (("JC_83": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_84": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -9382,10 +9296,9 @@ (integer_of_int32(result6) = (integer_of_int32(m) - 1)) -> forall u0:int32. (u0 = result6) -> - ("JC_70": - ("JC_69": - ("JC_69": (integer_of_int32(u0) <= ((offset_max(Object_alloc_table, - t_0) + 1) - 1))))) + ("JC_78": + ("JC_77": (integer_of_int32(u0) <= ((offset_max(Object_alloc_table, + t_0) + 1) - 1)))) goal BinarySearch_binary_search_ensures_default_po_7: forall t_0:Object pointer. @@ -9394,20 +9307,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9416,9 +9329,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - (("JC_75": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_76": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_85": + (("JC_83": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_84": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -9427,7 +9340,7 @@ (integer_of_int32(result5) <= integer_of_int32(v)) -> forall return:int32. (return = m) -> - ("JC_37": ("JC_35": ("JC_35": ((-1) <= integer_of_int32(return))))) + ("JC_45": ("JC_43": ((-1) <= integer_of_int32(return)))) goal BinarySearch_binary_search_ensures_default_po_8: forall t_0:Object pointer. @@ -9436,20 +9349,20 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9458,9 +9371,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_77": - (("JC_75": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_76": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_85": + (("JC_83": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_84": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -9469,65 +9382,63 @@ (integer_of_int32(result5) <= integer_of_int32(v)) -> forall return:int32. (return = m) -> - ("JC_37": - ("JC_36": - ("JC_36": (integer_of_int32(return) < (offset_max(Object_alloc_table, - t_0) + 1))))) + ("JC_45": + ("JC_44": (integer_of_int32(return) < (offset_max(Object_alloc_table, + t_0) + 1)))) goal BinarySearch_binary_search_ensures_default_po_9: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) > integer_of_int32(u)) -> forall result2:int32. (integer_of_int32(result2) = (-1)) -> forall return:int32. (return = result2) -> - ("JC_37": ("JC_35": ("JC_35": ((-1) <= integer_of_int32(return))))) + ("JC_45": ("JC_43": ((-1) <= integer_of_int32(return)))) goal BinarySearch_binary_search_ensures_default_po_10: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_70": - (("JC_68": (0 <= integer_of_int32(l))) and - ("JC_69": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_78": + (("JC_76": (0 <= integer_of_int32(l))) and + ("JC_77": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) > integer_of_int32(u)) -> forall result2:int32. (integer_of_int32(result2) = (-1)) -> forall return:int32. (return = result2) -> - ("JC_37": - ("JC_36": - ("JC_36": (integer_of_int32(return) < (offset_max(Object_alloc_table, - t_0) + 1))))) + ("JC_45": + ("JC_44": (integer_of_int32(return) < (offset_max(Object_alloc_table, + t_0) + 1)))) goal BinarySearch_binary_search_ensures_failure_po_1: forall t_0:Object pointer. @@ -9537,11 +9448,11 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. @@ -9550,7 +9461,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (integer_of_int32(result) <= k_0)) + ("JC_98": (integer_of_int32(result) <= k_0)) goal BinarySearch_binary_search_ensures_failure_po_2: forall t_0:Object pointer. @@ -9560,11 +9471,11 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. @@ -9573,7 +9484,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (k_0 <= integer_of_int32(result1))) + ("JC_98": (k_0 <= integer_of_int32(result1))) goal BinarySearch_binary_search_ensures_failure_po_3: forall t_0:Object pointer. @@ -9583,26 +9494,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9611,9 +9522,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_100": - (("JC_98": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_99": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_108": + (("JC_106": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_107": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) < integer_of_int32(v)) -> @@ -9625,7 +9536,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (integer_of_int32(l0) <= k_0)) + ("JC_98": (integer_of_int32(l0) <= k_0)) goal BinarySearch_binary_search_ensures_failure_po_4: forall t_0:Object pointer. @@ -9635,26 +9546,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9663,9 +9574,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_100": - (("JC_98": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_99": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_108": + (("JC_106": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_107": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) < integer_of_int32(v)) -> @@ -9677,7 +9588,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (k_0 <= integer_of_int32(u))) + ("JC_98": (k_0 <= integer_of_int32(u))) goal BinarySearch_binary_search_ensures_failure_po_5: forall t_0:Object pointer. @@ -9687,26 +9598,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9715,9 +9626,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_100": - (("JC_98": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_99": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_108": + (("JC_106": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_107": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -9732,7 +9643,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (integer_of_int32(l) <= k_0)) + ("JC_98": (integer_of_int32(l) <= k_0)) goal BinarySearch_binary_search_ensures_failure_po_6: forall t_0:Object pointer. @@ -9742,26 +9653,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9770,9 +9681,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_100": - (("JC_98": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_99": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_108": + (("JC_106": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_107": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -9787,7 +9698,7 @@ ((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> (integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> - ("JC_90": (k_0 <= integer_of_int32(u0))) + ("JC_98": (k_0 <= integer_of_int32(u0))) goal BinarySearch_binary_search_ensures_failure_po_7: forall t_0:Object pointer. @@ -9797,26 +9708,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9825,9 +9736,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_100": - (("JC_98": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_99": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_108": + (("JC_106": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_107": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -9839,7 +9750,7 @@ (integer_of_int32(return) = (-1)) -> forall k:int. ((0 <= k) and (k < (offset_max(Object_alloc_table, t_0) + 1))) -> - ("JC_45": (integer_of_int32(select(intM_intP, shift(t_0, + ("JC_53": (integer_of_int32(select(intM_intP, shift(t_0, k))) <> integer_of_int32(v))) goal BinarySearch_binary_search_ensures_failure_po_8: @@ -9850,26 +9761,26 @@ int32) memory. (is_sorted(t_0, Object_alloc_table, intM_intP) and (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table)))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_90": + ("JC_98": (forall k_0:int. (((0 <= k_0) and (k_0 < (offset_max(Object_alloc_table, t_0) + 1))) -> ((integer_of_int32(select(intM_intP, shift(t_0, k_0))) = integer_of_int32(v)) -> ((integer_of_int32(l) <= k_0) and (k_0 <= integer_of_int32(u))))))) -> - ("JC_93": - (("JC_91": (0 <= integer_of_int32(l))) and - ("JC_92": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_101": + (("JC_99": (0 <= integer_of_int32(l))) and + ("JC_100": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) > integer_of_int32(u)) -> forall result2:int32. @@ -9879,7 +9790,7 @@ (integer_of_int32(return) = (-1)) -> forall k:int. ((0 <= k) and (k < (offset_max(Object_alloc_table, t_0) + 1))) -> - ("JC_45": (integer_of_int32(select(intM_intP, shift(t_0, + ("JC_53": (integer_of_int32(select(intM_intP, shift(t_0, k))) <> integer_of_int32(v))) goal BinarySearch_binary_search_ensures_success_po_1: @@ -9889,21 +9800,21 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_83": true) -> - ("JC_81": - (("JC_79": (0 <= integer_of_int32(l))) and - ("JC_80": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_91": true) -> + ("JC_89": + (("JC_87": (0 <= integer_of_int32(l))) and + ("JC_88": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> forall result2:int32. @@ -9912,9 +9823,9 @@ (integer_of_int32(result3) = computer_div(integer_of_int32(result2), 2)) -> forall m:int32. (m = result3) -> - ("JC_88": - (("JC_86": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_87": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_96": + (("JC_94": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_95": (integer_of_int32(m) <= integer_of_int32(u))))) -> forall result4:int32. (result4 = select(intM_intP, shift(t_0, integer_of_int32(m)))) -> (integer_of_int32(result4) >= integer_of_int32(v)) -> @@ -9924,7 +9835,7 @@ forall return:int32. (return = m) -> (integer_of_int32(return) >= 0) -> - ("JC_43": (integer_of_int32(select(intM_intP, shift(t_0, + ("JC_51": (integer_of_int32(select(intM_intP, shift(t_0, integer_of_int32(return)))) = integer_of_int32(v))) goal BinarySearch_binary_search_ensures_success_po_2: @@ -9934,21 +9845,21 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> forall result1:int32. (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_83": true) -> - ("JC_81": - (("JC_79": (0 <= integer_of_int32(l))) and - ("JC_80": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_91": true) -> + ("JC_89": + (("JC_87": (0 <= integer_of_int32(l))) and + ("JC_88": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) > integer_of_int32(u)) -> forall result2:int32. @@ -9956,14 +9867,14 @@ forall return:int32. (return = result2) -> (integer_of_int32(return) >= 0) -> - ("JC_43": (integer_of_int32(select(intM_intP, shift(t_0, + ("JC_51": (integer_of_int32(select(intM_intP, shift(t_0, integer_of_int32(return)))) = integer_of_int32(v))) goal BinarySearch_binary_search_safety_po_1: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) @@ -9972,12 +9883,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> ((-2147483648) <= (result0 - 1)) @@ -9986,12 +9897,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> ((result0 - 1) <= 2147483647) @@ -10000,12 +9911,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10013,10 +9924,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> ((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) @@ -10025,12 +9936,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10038,10 +9949,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> ((integer_of_int32(u) + integer_of_int32(l)) <= 2147483647) @@ -10050,12 +9961,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10063,10 +9974,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10079,12 +9990,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10092,10 +10003,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10111,12 +10022,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10124,10 +10035,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10143,12 +10054,12 @@ forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10156,10 +10067,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10174,21 +10085,21 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> (offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) goal BinarySearch_binary_search_safety_po_10: forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10196,10 +10107,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10214,9 +10125,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0)) goal BinarySearch_binary_search_safety_po_11: @@ -10226,12 +10137,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10239,10 +10150,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10257,9 +10168,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -10274,12 +10185,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10287,10 +10198,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10305,9 +10216,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -10322,12 +10233,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10335,10 +10246,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10353,9 +10264,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -10367,7 +10278,7 @@ (integer_of_int32(result6) = (integer_of_int32(m) + 1)) -> forall l0:int32. (l0 = result6) -> - (0 <= ("JC_66": (integer_of_int32(u) - integer_of_int32(l)))) + (0 <= ("JC_74": (integer_of_int32(u) - integer_of_int32(l)))) goal BinarySearch_binary_search_safety_po_14: forall t_0:Object pointer. @@ -10376,12 +10287,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10389,10 +10300,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10407,9 +10318,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -10421,7 +10332,7 @@ (integer_of_int32(result6) = (integer_of_int32(m) + 1)) -> forall l0:int32. (l0 = result6) -> - (("JC_66": (integer_of_int32(u) - integer_of_int32(l0))) < ("JC_66": + (("JC_74": (integer_of_int32(u) - integer_of_int32(l0))) < ("JC_74": (integer_of_int32(u) - integer_of_int32(l)))) goal BinarySearch_binary_search_safety_po_15: @@ -10431,12 +10342,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10444,10 +10355,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10462,9 +10373,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -10484,12 +10395,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10497,10 +10408,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10515,9 +10426,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -10537,12 +10448,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10550,10 +10461,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10568,9 +10479,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -10587,7 +10498,7 @@ (integer_of_int32(result7) = (integer_of_int32(m) - 1)) -> forall u0:int32. (u0 = result7) -> - (0 <= ("JC_66": (integer_of_int32(u) - integer_of_int32(l)))) + (0 <= ("JC_74": (integer_of_int32(u) - integer_of_int32(l)))) goal BinarySearch_binary_search_safety_po_18: forall t_0:Object pointer. @@ -10596,12 +10507,12 @@ forall intM_intP:(Object, int32) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_33": Non_null_intM(t_0, Object_alloc_table))) -> + ("JC_41": Non_null_intM(t_0, Object_alloc_table))) -> forall result:int32. (integer_of_int32(result) = 0) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result0:int. - ("JC_17": + ("JC_25": ((result0 <= 2147483647) and ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> @@ -10609,10 +10520,10 @@ (integer_of_int32(result1) = (result0 - 1)) -> forall l:int32. forall u:int32. - ("JC_54": true) -> - ("JC_52": - (("JC_50": (0 <= integer_of_int32(l))) and - ("JC_51": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, + ("JC_62": true) -> + ("JC_60": + (("JC_58": (0 <= integer_of_int32(l))) and + ("JC_59": (integer_of_int32(u) <= ((offset_max(Object_alloc_table, t_0) + 1) - 1))))) -> (integer_of_int32(l) <= integer_of_int32(u)) -> (((-2147483648) <= (integer_of_int32(u) + integer_of_int32(l))) and @@ -10627,9 +10538,9 @@ (integer_of_int32(result4) = result3) -> forall m:int32. (m = result4) -> - ("JC_61": - (("JC_59": (integer_of_int32(l) <= integer_of_int32(m))) and - ("JC_60": (integer_of_int32(m) <= integer_of_int32(u))))) -> + ("JC_69": + (("JC_67": (integer_of_int32(l) <= integer_of_int32(m))) and + ("JC_68": (integer_of_int32(m) <= integer_of_int32(u))))) -> ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(m)) and (integer_of_int32(m) <= offset_max(Object_alloc_table, t_0))) -> forall result5:int32. @@ -10646,7 +10557,7 @@ (integer_of_int32(result7) = (integer_of_int32(m) - 1)) -> forall u0:int32. (u0 = result7) -> - (("JC_66": (integer_of_int32(u0) - integer_of_int32(l))) < ("JC_66": + (("JC_74": (integer_of_int32(u0) - integer_of_int32(l))) < ("JC_74": (integer_of_int32(u) - integer_of_int32(l)))) ========== running alt-ergo ========== @@ -11485,7 +11396,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_1) 0)) + (>= (offset_max Object_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_alloc_table) (>= (offset_max Object_alloc_table x_0) (- 0 1))) @@ -11521,6 +11432,11 @@ (EQ (integer_of_byte (byte_of_integer x)) x)))) (BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom byte_range (FORALL (x) (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) @@ -11532,6 +11448,11 @@ (EQ (integer_of_char (char_of_integer x)) x)))) (BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom char_range (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) @@ -11554,6 +11475,11 @@ (EQ (integer_of_int32 (int32_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int32_range (FORALL (x) (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) @@ -11621,6 +11547,11 @@ (EQ (integer_of_long (long_of_integer x)) x)))) (BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom long_range (FORALL (x) (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) @@ -11662,6 +11593,11 @@ (EQ (integer_of_short (short_of_integer x)) x)))) (BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom short_range (FORALL (x) (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) @@ -11697,29 +11633,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_BinarySearch p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -11751,7 +11664,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; BinarySearch_binary_search_ensures_default_po_1, File "HOME/tests/java/BinarySearch.java", line 77, characters 7-13 +;; BinarySearch_binary_search_ensures_default_po_1, File "HOME/tests/java/BinarySearch.java", line 79, characters 7-13 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -11766,7 +11679,7 @@ (IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) (<= 0 (integer_of_int32 result))))))))))) -;; BinarySearch_binary_search_ensures_default_po_2, File "HOME/tests/java/BinarySearch.java", line 77, characters 17-34 +;; BinarySearch_binary_search_ensures_default_po_2, File "HOME/tests/java/BinarySearch.java", line 79, characters 17-34 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -11781,7 +11694,7 @@ (IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) (<= (integer_of_int32 result1) (- (+ (offset_max Object_alloc_table t_0) 1) 1))))))))))) -;; BinarySearch_binary_search_ensures_default_po_3, File "HOME/tests/java/BinarySearch.java", line 89, characters 23-29 +;; BinarySearch_binary_search_ensures_default_po_3, File "HOME/tests/java/BinarySearch.java", line 91, characters 23-29 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -11808,7 +11721,7 @@ (FORALL (m) (IMPLIES (EQ m result3) (<= (integer_of_int32 l) (integer_of_int32 m))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_4, File "HOME/tests/java/BinarySearch.java", line 89, characters 28-34 +;; BinarySearch_binary_search_ensures_default_po_4, File "HOME/tests/java/BinarySearch.java", line 91, characters 28-34 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -11835,7 +11748,7 @@ (FORALL (m) (IMPLIES (EQ m result3) (<= (integer_of_int32 m) (integer_of_int32 u))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_5, File "HOME/tests/java/BinarySearch.java", line 77, characters 7-13 +;; BinarySearch_binary_search_ensures_default_po_5, File "HOME/tests/java/BinarySearch.java", line 79, characters 7-13 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -11872,7 +11785,7 @@ (IMPLIES (EQ (integer_of_int32 result5) (+ (integer_of_int32 m) 1)) (FORALL (l0) (IMPLIES (EQ l0 result5) (<= 0 (integer_of_int32 l0))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_6, File "HOME/tests/java/BinarySearch.java", line 77, characters 17-34 +;; BinarySearch_binary_search_ensures_default_po_6, File "HOME/tests/java/BinarySearch.java", line 79, characters 17-34 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -11914,7 +11827,7 @@ (IMPLIES (EQ u0 result6) (<= (integer_of_int32 u0) (- (+ (offset_max Object_alloc_table t_0) 1) 1)))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_7, File "HOME/tests/java/BinarySearch.java", line 63, characters 16-29 +;; BinarySearch_binary_search_ensures_default_po_7, File "HOME/tests/java/BinarySearch.java", line 65, characters 16-29 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -11953,7 +11866,7 @@ (FORALL (return) (IMPLIES (EQ return m) (<= (- 0 1) (integer_of_int32 return)))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_8, File "HOME/tests/java/BinarySearch.java", line 63, characters 22-40 +;; BinarySearch_binary_search_ensures_default_po_8, File "HOME/tests/java/BinarySearch.java", line 65, characters 22-40 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -11993,7 +11906,7 @@ (IMPLIES (EQ return m) (< (integer_of_int32 return) (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_9, File "HOME/tests/java/BinarySearch.java", line 63, characters 16-29 +;; BinarySearch_binary_search_ensures_default_po_9, File "HOME/tests/java/BinarySearch.java", line 65, characters 16-29 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12016,7 +11929,7 @@ (FORALL (return) (IMPLIES (EQ return result2) (<= (- 0 1) (integer_of_int32 return))))))))))))))))))) -;; BinarySearch_binary_search_ensures_default_po_10, File "HOME/tests/java/BinarySearch.java", line 63, characters 22-40 +;; BinarySearch_binary_search_ensures_default_po_10, File "HOME/tests/java/BinarySearch.java", line 65, characters 22-40 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12040,7 +11953,7 @@ (IMPLIES (EQ return result2) (< (integer_of_int32 return) (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_1, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_1, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12062,7 +11975,7 @@ (integer_of_int32 v)) (<= (integer_of_int32 result) k_0))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_2, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_2, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12084,7 +11997,7 @@ (integer_of_int32 v)) (<= k_0 (integer_of_int32 result1)))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_3, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_3, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12135,7 +12048,7 @@ (integer_of_int32 v)) (<= (integer_of_int32 l0) k_0)))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_4, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_4, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12186,7 +12099,7 @@ (integer_of_int32 v)) (<= k_0 (integer_of_int32 u))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_5, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_5, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12240,7 +12153,7 @@ (integer_of_int32 v)) (<= (integer_of_int32 l) k_0))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_6, File "HOME/tests/java/BinarySearch.java", line 80, characters 8-74 +;; BinarySearch_binary_search_ensures_failure_po_6, File "HOME/tests/java/BinarySearch.java", line 82, characters 8-74 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12294,7 +12207,7 @@ (integer_of_int32 v)) (<= k_0 (integer_of_int32 u0)))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_7, File "HOME/tests/java/BinarySearch.java", line 71, characters 17-96 +;; BinarySearch_binary_search_ensures_failure_po_7, File "HOME/tests/java/BinarySearch.java", line 73, characters 17-96 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12346,7 +12259,7 @@ (NEQ (integer_of_int32 (select intM_intP (shift t_0 k))) (integer_of_int32 v)))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_failure_po_8, File "HOME/tests/java/BinarySearch.java", line 71, characters 17-96 +;; BinarySearch_binary_search_ensures_failure_po_8, File "HOME/tests/java/BinarySearch.java", line 73, characters 17-96 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12384,7 +12297,7 @@ (NEQ (integer_of_int32 (select intM_intP (shift t_0 k))) (integer_of_int32 v))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_success_po_1, File "HOME/tests/java/BinarySearch.java", line 65, characters 18-50 +;; BinarySearch_binary_search_ensures_success_po_1, File "HOME/tests/java/BinarySearch.java", line 67, characters 18-50 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12428,7 +12341,7 @@ (select intM_intP (shift t_0 (integer_of_int32 return)))) (integer_of_int32 v)))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_ensures_success_po_2, File "HOME/tests/java/BinarySearch.java", line 65, characters 18-50 +;; BinarySearch_binary_search_ensures_success_po_2, File "HOME/tests/java/BinarySearch.java", line 67, characters 18-50 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12458,7 +12371,7 @@ (select intM_intP (shift t_0 (integer_of_int32 return)))) (integer_of_int32 v))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_1, File "why/BinarySearch.why", line 1084, characters 40-181 +;; BinarySearch_binary_search_safety_po_1, File "why/BinarySearch.why", line 951, characters 40-181 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12467,7 +12380,7 @@ (IMPLIES (EQ (integer_of_int32 result) 0) (>= (offset_max Object_alloc_table t_0) (- 0 1))))))) -;; BinarySearch_binary_search_safety_po_2, File "HOME/tests/java/BinarySearch.java", line 75, characters 16-28 +;; BinarySearch_binary_search_safety_po_2, File "HOME/tests/java/BinarySearch.java", line 77, characters 16-28 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12481,7 +12394,7 @@ (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) (<= (- 0 constant_too_large_2147483648) (- result0 1)))))))))) -;; BinarySearch_binary_search_safety_po_3, File "HOME/tests/java/BinarySearch.java", line 75, characters 16-28 +;; BinarySearch_binary_search_safety_po_3, File "HOME/tests/java/BinarySearch.java", line 77, characters 16-28 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12495,7 +12408,7 @@ (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) (<= (- result0 1) constant_too_large_2147483647))))))))) -;; BinarySearch_binary_search_safety_po_4, File "HOME/tests/java/BinarySearch.java", line 86, characters 17-22 +;; BinarySearch_binary_search_safety_po_4, File "HOME/tests/java/BinarySearch.java", line 88, characters 17-22 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12520,7 +12433,7 @@ (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 u) (integer_of_int32 l))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_5, File "HOME/tests/java/BinarySearch.java", line 86, characters 17-22 +;; BinarySearch_binary_search_safety_po_5, File "HOME/tests/java/BinarySearch.java", line 88, characters 17-22 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12544,7 +12457,7 @@ (IMPLIES (<= (integer_of_int32 l) (integer_of_int32 u)) (<= (+ (integer_of_int32 u) (integer_of_int32 l)) constant_too_large_2147483647))))))))))))))))) -;; BinarySearch_binary_search_safety_po_6, File "HOME/tests/java/BinarySearch.jc", line 115, characters 36-67 +;; BinarySearch_binary_search_safety_po_6, File "HOME/tests/java/BinarySearch.jc", line 118, characters 36-67 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12575,7 +12488,7 @@ (+ (integer_of_int32 u) (integer_of_int32 l))) (NEQ 2 0)))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_7, File "HOME/tests/java/BinarySearch.java", line 86, characters 16-27 +;; BinarySearch_binary_search_safety_po_7, File "HOME/tests/java/BinarySearch.java", line 88, characters 16-27 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12609,7 +12522,7 @@ (IMPLIES (EQ result3 (computer_div (integer_of_int32 result2) 2)) (<= (- 0 constant_too_large_2147483648) result3))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_8, File "HOME/tests/java/BinarySearch.java", line 86, characters 16-27 +;; BinarySearch_binary_search_safety_po_8, File "HOME/tests/java/BinarySearch.java", line 88, characters 16-27 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12643,7 +12556,7 @@ (IMPLIES (EQ result3 (computer_div (integer_of_int32 result2) 2)) (<= result3 constant_too_large_2147483647))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_9, File "HOME/tests/java/BinarySearch.java", line 90, characters 9-13 +;; BinarySearch_binary_search_safety_po_9, File "HOME/tests/java/BinarySearch.java", line 92, characters 9-13 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12685,7 +12598,7 @@ (<= (integer_of_int32 m) (integer_of_int32 u))) (<= (offset_min Object_alloc_table t_0) (integer_of_int32 m)))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_10, File "HOME/tests/java/BinarySearch.java", line 90, characters 9-13 +;; BinarySearch_binary_search_safety_po_10, File "HOME/tests/java/BinarySearch.java", line 92, characters 9-13 (FORALL (t_0) (FORALL (Object_alloc_table) (IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) @@ -12727,7 +12640,7 @@ (<= (integer_of_int32 m) (integer_of_int32 u))) (<= (integer_of_int32 m) (offset_max Object_alloc_table t_0)))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_11, File "HOME/tests/java/BinarySearch.java", line 90, characters 23-28 +;; BinarySearch_binary_search_safety_po_11, File "HOME/tests/java/BinarySearch.java", line 92, characters 23-28 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12776,7 +12689,7 @@ (IMPLIES (< (integer_of_int32 result5) (integer_of_int32 v)) (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 m) 1)))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_12, File "HOME/tests/java/BinarySearch.java", line 90, characters 23-28 +;; BinarySearch_binary_search_safety_po_12, File "HOME/tests/java/BinarySearch.java", line 92, characters 23-28 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12825,7 +12738,7 @@ (IMPLIES (< (integer_of_int32 result5) (integer_of_int32 v)) (<= (+ (integer_of_int32 m) 1) constant_too_large_2147483647))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_13, File "HOME/tests/java/BinarySearch.java", line 82, characters 7-10 +;; BinarySearch_binary_search_safety_po_13, File "HOME/tests/java/BinarySearch.java", line 84, characters 7-10 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12881,7 +12794,7 @@ (IMPLIES (EQ l0 result6) (<= 0 (- (integer_of_int32 u) (integer_of_int32 l)))))))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_14, File "HOME/tests/java/BinarySearch.java", line 82, characters 7-10 +;; BinarySearch_binary_search_safety_po_14, File "HOME/tests/java/BinarySearch.java", line 84, characters 7-10 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12938,7 +12851,7 @@ (< (- (integer_of_int32 u) (integer_of_int32 l0)) (- (integer_of_int32 u) (integer_of_int32 l)))))))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_15, File "HOME/tests/java/BinarySearch.java", line 91, characters 28-33 +;; BinarySearch_binary_search_safety_po_15, File "HOME/tests/java/BinarySearch.java", line 93, characters 28-33 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -12992,7 +12905,7 @@ (IMPLIES (> (integer_of_int32 result6) (integer_of_int32 v)) (<= (- 0 constant_too_large_2147483648) (- (integer_of_int32 m) 1)))))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_16, File "HOME/tests/java/BinarySearch.java", line 91, characters 28-33 +;; BinarySearch_binary_search_safety_po_16, File "HOME/tests/java/BinarySearch.java", line 93, characters 28-33 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -13046,7 +12959,7 @@ (IMPLIES (> (integer_of_int32 result6) (integer_of_int32 v)) (<= (- (integer_of_int32 m) 1) constant_too_large_2147483647))))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_17, File "HOME/tests/java/BinarySearch.java", line 82, characters 7-10 +;; BinarySearch_binary_search_safety_po_17, File "HOME/tests/java/BinarySearch.java", line 84, characters 7-10 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -13107,7 +13020,7 @@ (IMPLIES (EQ u0 result7) (<= 0 (- (integer_of_int32 u) (integer_of_int32 l)))))))))))))))))))))))))))))))))))))))))))))) -;; BinarySearch_binary_search_safety_po_18, File "HOME/tests/java/BinarySearch.java", line 82, characters 7-10 +;; BinarySearch_binary_search_safety_po_18, File "HOME/tests/java/BinarySearch.java", line 84, characters 7-10 (FORALL (t_0) (FORALL (v) (FORALL (Object_alloc_table) @@ -13172,10 +13085,10 @@ ========== running Simplify ========== Running Simplify on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -simplify/BinarySearch_why.sx : .....................#..?.........#... (35/0/1/2/0) +simplify/BinarySearch_why.sx : .....................#..?.........?... (35/0/2/1/0) total : 38 valid : 35 ( 92%) invalid : 0 ( 0%) -unknown : 1 ( 3%) -timeout : 2 ( 5%) +unknown : 2 ( 5%) +timeout : 1 ( 3%) failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/Counter.res.oracle why-2.30+dfsg/tests/java/oracle/Counter.res.oracle --- why-2.29+dfsg/tests/java/oracle/Counter.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Counter.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,13 +1,46 @@ ========== file tests/java/Counter.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +//@+ CheckArithOverflow = no + /*@ logic integer value{L}(Counter c) = @ \at(c.increments,L) - \at(c.decrements,L); @*/ public class Counter { + private int increments; private int decrements; - //@ ensures value{Here}(this) == value{Old}(this) + 1; public void increment() { increments++; @@ -20,6 +53,13 @@ } +/* +Local Variables: +compile-command: "make Counter.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -34,18 +74,11 @@ # AnnotationPolicy = None # AbstractDomain = None -type byte = -128..127 - -type short = -32768..32767 - -type int32 = -2147483648..2147483647 - -type long = -9223372036854775808..9223372036854775807 - -type char = 0..65535 - predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -60,8 +93,8 @@ } tag Counter = Object with { - int32 increments; - int32 decrements; + integer increments; + integer decrements; } type Object = [Object] @@ -109,32 +142,32 @@ ========== file tests/java/Counter.jloc ========== [K_1] file = "HOME/tests/java/Counter.java" -line = 10 +line = 43 begin = 16 end = 57 [K_2] file = "HOME/tests/java/Counter.java" -line = 12 +line = 45 begin = 8 end = 20 [K_3] file = "HOME/tests/java/Counter.java" -line = 15 +line = 48 begin = 16 end = 57 [K_4] file = "HOME/tests/java/Counter.java" -line = 17 +line = 50 begin = 8 end = 20 [Counter_increment] name = "Method increment" file = "HOME/tests/java/Counter.java" -line = 11 +line = 44 begin = 16 end = 25 @@ -148,7 +181,7 @@ [Counter_decrement] name = "Method decrement" file = "HOME/tests/java/Counter.java" -line = 16 +line = 49 begin = 16 end = 25 @@ -171,10 +204,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Counter.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Counter_why.sx @@ -235,6 +269,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Counter_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Counter_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -307,6 +348,9 @@ why3ide: why/Counter_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Counter.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Counter.depend depend: coq/Counter_why.v @@ -318,25 +362,43 @@ ========== file tests/java/Counter.loc ========== [Counter_increment_ensures_default] name = "Method increment" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Counter.java" -line = 11 +line = 44 begin = 16 end = 25 +[JC_40] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_41] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_42] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [Counter_decrement_ensures_default] name = "Method decrement" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Counter.java" -line = 16 +line = 49 begin = 16 end = 25 [JC_1] file = "HOME/tests/java/Counter.jc" -line = 44 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 [JC_2] file = "HOME/" @@ -346,9 +408,9 @@ [JC_3] file = "HOME/tests/java/Counter.jc" -line = 44 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 [JC_4] file = "HOME/" @@ -360,7 +422,7 @@ name = "Method decrement" behavior = "Safety" file = "HOME/tests/java/Counter.java" -line = 16 +line = 49 begin = 16 end = 25 @@ -390,21 +452,21 @@ [JC_9] file = "HOME/tests/java/Counter.jc" -line = 46 -begin = 11 -end = 65 +line = 37 +begin = 8 +end = 23 [JC_10] -file = "HOME/tests/java/Counter.jc" -line = 46 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_11] -file = "HOME/tests/java/Counter.java" -line = 11 -begin = 16 -end = 25 +file = "HOME/tests/java/Counter.jc" +line = 37 +begin = 8 +end = 23 [JC_12] file = "HOME/" @@ -413,10 +475,10 @@ end = -1 [JC_13] -file = "HOME/tests/java/Counter.java" -line = 11 -begin = 16 -end = 25 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_14] file = "HOME/" @@ -425,35 +487,34 @@ end = -1 [JC_15] -file = "HOME/tests/java/Counter.java" -line = 10 -begin = 16 -end = 57 - -[JC_16] -file = "HOME/tests/java/Counter.java" -line = 10 -begin = 16 -end = 57 - -[JC_17] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_18] +[JC_16] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_19] -kind = ArithOverflow +[JC_17] +file = "HOME/tests/java/Counter.jc" +line = 39 +begin = 11 +end = 65 + +[JC_18] file = "HOME/tests/java/Counter.jc" -line = 59 +line = 39 begin = 11 -end = 31 +end = 65 + +[JC_19] +file = "HOME/tests/java/Counter.java" +line = 44 +begin = 16 +end = 25 [cons_Counter_safety] name = "Constructor of class Counter" @@ -464,66 +525,65 @@ end = -1 [JC_20] -file = "HOME/tests/java/Counter.java" -line = 16 -begin = 16 -end = 25 - -[JC_21] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_22] +[JC_21] file = "HOME/tests/java/Counter.java" -line = 16 +line = 44 begin = 16 end = 25 -[JC_23] +[JC_22] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_24] +[JC_23] file = "HOME/tests/java/Counter.java" -line = 15 +line = 43 begin = 16 end = 57 -[JC_25] +[JC_24] file = "HOME/tests/java/Counter.java" -line = 15 +line = 43 begin = 16 end = 57 -[JC_26] +[JC_25] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_27] +[JC_26] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_28] -kind = ArithOverflow -file = "HOME/tests/java/Counter.jc" -line = 65 -begin = 11 -end = 31 +[JC_27] +file = "HOME/tests/java/Counter.java" +line = 49 +begin = 16 +end = 25 -[JC_29] +[JC_28] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_29] +file = "HOME/tests/java/Counter.java" +line = 49 +begin = 16 +end = 25 + [JC_30] file = "HOME/" line = 0 @@ -531,36 +591,54 @@ end = -1 [JC_31] +file = "HOME/tests/java/Counter.java" +line = 48 +begin = 16 +end = 57 + +[JC_32] +file = "HOME/tests/java/Counter.java" +line = 48 +begin = 16 +end = 57 + +[JC_33] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_32] +[JC_34] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_33] +[JC_35] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_34] +[JC_36] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_35] +[JC_37] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_36] +[JC_38] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_39] file = "HOME/" line = 0 begin = -1 @@ -568,7 +646,7 @@ [cons_Counter_ensures_default] name = "Constructor of class Counter" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -578,44 +656,28 @@ name = "Method increment" behavior = "Safety" file = "HOME/tests/java/Counter.java" -line = 11 +line = 44 begin = 16 end = 25 ========== file tests/java/why/Counter.why ========== type Object -type byte - -type char - -type int32 - type interface -type long - -type short - logic Counter_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Counter_parenttag_Object : parenttag(Counter_tag, Object_tag) -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -632,77 +694,14 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) -logic integer_of_byte: byte -> int - -logic byte_of_integer: int -> byte - -axiom byte_coerce : - (forall x:int. - ((le_int((-128), x) and le_int(x, (127))) -> - eq_int(integer_of_byte(byte_of_integer(x)), x))) - -axiom byte_range : - (forall x:byte. - (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) - -logic integer_of_char: char -> int - -logic char_of_integer: int -> char - -axiom char_coerce : - (forall x:int. - ((le_int((0), x) and le_int(x, (65535))) -> - eq_int(integer_of_char(char_of_integer(x)), x))) - -axiom char_range : - (forall x:char. - (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) - -predicate eq_byte(x:byte, y:byte) = - eq_int(integer_of_byte(x), integer_of_byte(y)) - -predicate eq_char(x:char, y:char) = - eq_int(integer_of_char(x), integer_of_char(y)) - -logic integer_of_int32: int32 -> int - -predicate eq_int32(x:int32, y:int32) = - eq_int(integer_of_int32(x), integer_of_int32(y)) - -logic integer_of_long: long -> int - -predicate eq_long(x:long, y:long) = - eq_int(integer_of_long(x), integer_of_long(y)) - -logic integer_of_short: short -> int - -predicate eq_short(x:short, y:short) = - eq_int(integer_of_short(x), integer_of_short(y)) - -logic int32_of_integer: int -> int32 - -axiom int32_coerce : - (forall x:int. - ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> - eq_int(integer_of_int32(int32_of_integer(x)), x))) - -axiom int32_range : - (forall x:int32. - (le_int((-2147483648), integer_of_int32(x)) - and le_int(integer_of_int32(x), (2147483647)))) - logic interface_tag: -> interface tag_id axiom interface_int : (int_of_tag(interface_tag) = (1)) @@ -744,18 +743,6 @@ interface_alloc_table:interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) -logic long_of_integer: int -> long - -axiom long_coerce : - (forall x:int. - ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> - eq_int(integer_of_long(long_of_integer(x)), x))) - -axiom long_range : - (forall x:long. - (le_int((-9223372036854775808), integer_of_long(x)) - and le_int(integer_of_long(x), (9223372036854775807)))) - axiom pointer_addr_of_Object_of_pointer_address : (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -787,18 +774,6 @@ interface_alloc_table:interface alloc_table) = (offset_max(interface_alloc_table, p) >= b) -logic short_of_integer: int -> short - -axiom short_coerce : - (forall x:int. - ((le_int((-32768), x) and le_int(x, (32767))) -> - eq_int(integer_of_short(short_of_integer(x)), x))) - -axiom short_range : - (forall x:short. - (le_int((-32768), integer_of_short(x)) - and le_int(integer_of_short(x), (32767)))) - predicate strict_valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) = a) @@ -835,32 +810,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Counter(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -898,158 +847,72 @@ and (offset_max(interface_alloc_table, p) >= b)) function value(c:Object pointer, - Counter_decrements_at_L:(Object, int32) memory, - Counter_increments_at_L:(Object, int32) memory) : int = - sub_int(integer_of_int32(select(Counter_increments_at_L, c)), - integer_of_int32(select(Counter_decrements_at_L, c))) + Counter_decrements_at_L:(Object, int) memory, + Counter_increments_at_L:(Object, int) memory) : int = + sub_int(select(Counter_increments_at_L, c), + select(Counter_decrements_at_L, c)) parameter Object_alloc_table : Object alloc_table ref -parameter Counter_decrements : (Object, int32) memory ref +parameter Counter_decrements : (Object, int) memory ref -parameter Counter_increments : (Object, int32) memory ref +parameter Counter_increments : (Object, int) memory ref parameter Counter_decrement : this_0:Object pointer -> { } unit reads Counter_decrements,Counter_increments,Object_alloc_table writes Counter_decrements - { (JC_25: - eq_int(value(this_0, Counter_decrements, Counter_increments), - sub_int(value(this_0, Counter_decrements@, Counter_increments@), (1)))) } + { (JC_32: + (value(this_0, Counter_decrements, Counter_increments) = sub_int( + value(this_0, + Counter_decrements@, + Counter_increments@), + (1)))) } parameter Counter_decrement_requires : this_0:Object pointer -> { } unit reads Counter_decrements,Counter_increments,Object_alloc_table writes Counter_decrements - { (JC_25: - eq_int(value(this_0, Counter_decrements, Counter_increments), - sub_int(value(this_0, Counter_decrements@, Counter_increments@), (1)))) } + { (JC_32: + (value(this_0, Counter_decrements, Counter_increments) = sub_int( + value(this_0, + Counter_decrements@, + Counter_increments@), + (1)))) } parameter Counter_increment : this_1:Object pointer -> { } unit reads Counter_decrements,Counter_increments,Object_alloc_table writes Counter_increments - { (JC_16: - eq_int(value(this_1, Counter_decrements, Counter_increments), - add_int(value(this_1, Counter_decrements@, Counter_increments@), (1)))) } + { (JC_24: + (value(this_1, Counter_decrements, Counter_increments) = add_int( + value(this_1, + Counter_decrements@, + Counter_increments@), + (1)))) } parameter Counter_increment_requires : this_1:Object pointer -> { } unit reads Counter_decrements,Counter_increments,Object_alloc_table writes Counter_increments - { (JC_16: - eq_int(value(this_1, Counter_decrements, Counter_increments), - add_int(value(this_1, Counter_decrements@, Counter_increments@), (1)))) } - -parameter Object_tag_table : Object tag_table ref - -parameter alloc_bitvector_struct_Counter : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Counter(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Counter_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Counter(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + { (JC_24: + (value(this_1, Counter_decrements, Counter_increments) = add_int( + value(this_1, + Counter_decrements@, + Counter_increments@), + (1)))) } -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Exception_exc of Object pointer -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Counter : n:int -> @@ -1193,25 +1056,9 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } -parameter any_byte : unit -> { } byte { true } - -parameter any_char : unit -> { } char { true } - -parameter any_int32 : unit -> { } int32 { true } +parameter any_string_0 : tt:unit -> { } Object pointer { true } -parameter any_long : unit -> { } long { true } - -parameter any_short : unit -> { } short { true } - -parameter byte_of_integer_ : - x:int -> - { (le_int((-128), x) and le_int(x, (127)))} byte - { eq_int(integer_of_byte(result), x) } - -parameter char_of_integer_ : - x:int -> - { (le_int((0), x) and le_int(x, (65535)))} char - { eq_int(integer_of_char(result), x) } +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } parameter cons_Counter : this_2:Object pointer -> @@ -1223,50 +1070,20 @@ { } unit reads Object_alloc_table writes Counter_decrements,Counter_increments { true } -parameter int32_of_integer_ : - x:int -> - { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 - { eq_int(integer_of_int32(result), x) } - -parameter long_of_integer_ : - x:int -> - { (le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807)))} - long { eq_int(integer_of_long(result), x) } - parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } -parameter safe_byte_of_integer_ : - x:int -> { } byte { eq_int(integer_of_byte(result), x) } - -parameter safe_char_of_integer_ : - x:int -> { } char { eq_int(integer_of_char(result), x) } - -parameter safe_int32_of_integer_ : - x:int -> { } int32 { eq_int(integer_of_int32(result), x) } - -parameter safe_long_of_integer_ : - x:int -> { } long { eq_int(integer_of_long(result), x) } - -parameter safe_short_of_integer_ : - x:int -> { } short { eq_int(integer_of_short(result), x) } - -parameter short_of_integer_ : - x:int -> - { (le_int((-32768), x) and le_int(x, (32767)))} short - { eq_int(integer_of_short(result), x) } - let Counter_decrement_ensures_default = fun (this_0 : Object pointer) -> { valid_struct_Counter(this_0, (0), (0), Object_alloc_table) } @@ -1277,14 +1094,16 @@ (K_4: (let jessie_ = ((safe_acc_ !Counter_decrements) this_0) in begin - (let jessie_ = - (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1))) in + (let jessie_ = ((add_int jessie_) (1)) in (let jessie_ = this_0 in (((safe_upd_ Counter_decrements) jessie_) jessie_))); jessie_ end)) in void); (raise Return) end with Return -> void end) - { (JC_24: - eq_int(value(this_0, Counter_decrements, Counter_increments), - sub_int(value(this_0, Counter_decrements@, Counter_increments@), (1)))) } + { (JC_31: + (value(this_0, Counter_decrements, Counter_increments) = sub_int( + value(this_0, + Counter_decrements@, + Counter_increments@), + (1)))) } let Counter_decrement_safety = fun (this_0 : Object pointer) -> @@ -1296,9 +1115,7 @@ (K_4: (let jessie_ = ((safe_acc_ !Counter_decrements) this_0) in begin - (let jessie_ = - (JC_28: - (int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + (let jessie_ = ((add_int jessie_) (1)) in (let jessie_ = this_0 in (((safe_upd_ Counter_decrements) jessie_) jessie_))); jessie_ end)) in void); (raise Return) end with Return -> void end) { true } @@ -1313,14 +1130,16 @@ (K_2: (let jessie_ = ((safe_acc_ !Counter_increments) this_1) in begin - (let jessie_ = - (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1))) in + (let jessie_ = ((add_int jessie_) (1)) in (let jessie_ = this_1 in (((safe_upd_ Counter_increments) jessie_) jessie_))); jessie_ end)) in void); (raise Return) end with Return -> void end) - { (JC_15: - eq_int(value(this_1, Counter_decrements, Counter_increments), - add_int(value(this_1, Counter_decrements@, Counter_increments@), (1)))) } + { (JC_23: + (value(this_1, Counter_decrements, Counter_increments) = add_int( + value(this_1, + Counter_decrements@, + Counter_increments@), + (1)))) } let Counter_increment_safety = fun (this_1 : Object pointer) -> @@ -1332,9 +1151,7 @@ (K_2: (let jessie_ = ((safe_acc_ !Counter_increments) this_1) in begin - (let jessie_ = - (JC_19: - (int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + (let jessie_ = ((add_int jessie_) (1)) in (let jessie_ = this_1 in (((safe_upd_ Counter_increments) jessie_) jessie_))); jessie_ end)) in void); (raise Return) end with Return -> void end) { true } @@ -1347,15 +1164,15 @@ begin (let jessie_ = begin - (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = (0) in (let jessie_ = this_2 in (((safe_upd_ Counter_increments) jessie_) jessie_))); - (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = (0) in begin (let jessie_ = this_2 in (((safe_upd_ Counter_decrements) jessie_) jessie_)); jessie_ end) end in void); (raise Return) end with Return -> void end) - { (JC_33: true) } + { (JC_39: true) } let cons_Counter_safety = fun (this_2 : Object pointer) -> @@ -1365,10 +1182,10 @@ begin (let jessie_ = begin - (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = (0) in (let jessie_ = this_2 in (((safe_upd_ Counter_increments) jessie_) jessie_))); - (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = (0) in begin (let jessie_ = this_2 in (((safe_upd_ Counter_decrements) jessie_) jessie_)); jessie_ @@ -1382,42 +1199,18 @@ - - - - - - - - - - - - - + + + - - - - - - - - - - - + - + @@ -2358,18 +2151,8 @@ type Object -type byte - -type char - -type int32 - type interface -type long - -type short - logic Counter_tag : Object tag_id logic Object_tag : Object tag_id @@ -2382,7 +2165,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -2407,64 +2190,6 @@ axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) -logic integer_of_byte : byte -> int - -logic byte_of_integer : int -> byte - -axiom byte_coerce: - (forall x:int. - ((((-128) <= x) and (x <= 127)) -> - (integer_of_byte(byte_of_integer(x)) = x))) - -axiom byte_range: - (forall x:byte. - (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) - -logic integer_of_char : char -> int - -logic char_of_integer : int -> char - -axiom char_coerce: - (forall x:int. - (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) - -axiom char_range: - (forall x:char. - ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) - -predicate eq_byte(x: byte, y: byte) = - (integer_of_byte(x) = integer_of_byte(y)) - -predicate eq_char(x: char, y: char) = - (integer_of_char(x) = integer_of_char(y)) - -logic integer_of_int32 : int32 -> int - -predicate eq_int32(x: int32, y: int32) = - (integer_of_int32(x) = integer_of_int32(y)) - -logic integer_of_long : long -> int - -predicate eq_long(x: long, y: long) = - (integer_of_long(x) = integer_of_long(y)) - -logic integer_of_short : short -> int - -predicate eq_short(x: short, y: short) = - (integer_of_short(x) = integer_of_short(y)) - -logic int32_of_integer : int -> int32 - -axiom int32_coerce: - (forall x:int. - ((((-2147483648) <= x) and (x <= 2147483647)) -> - (integer_of_int32(int32_of_integer(x)) = x))) - -axiom int32_range: - (forall x:int32. - (((-2147483648) <= integer_of_int32(x)) and - (integer_of_int32(x) <= 2147483647))) - logic interface_tag : interface tag_id axiom interface_int: (int_of_tag(interface_tag) = 1) @@ -2506,18 +2231,6 @@ interface_alloc_table: interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) -logic long_of_integer : int -> long - -axiom long_coerce: - (forall x:int. - ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> - (integer_of_long(long_of_integer(x)) = x))) - -axiom long_range: - (forall x:long. - (((-9223372036854775808) <= integer_of_long(x)) and - (integer_of_long(x) <= 9223372036854775807))) - axiom pointer_addr_of_Object_of_pointer_address: (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -2550,17 +2263,6 @@ interface_alloc_table: interface alloc_table) = (offset_max(interface_alloc_table, p) >= b) -logic short_of_integer : int -> short - -axiom short_coerce: - (forall x:int. - ((((-32768) <= x) and (x <= 32767)) -> - (integer_of_short(short_of_integer(x)) = x))) - -axiom short_range: - (forall x:short. - (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) - predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) = a) and @@ -2597,32 +2299,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Counter(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -2660,94 +2336,45 @@ (offset_max(interface_alloc_table, p) >= b)) function value(c: Object pointer, Counter_decrements_at_L: (Object, - int32) memory, Counter_increments_at_L: (Object, int32) memory) : int = - (integer_of_int32(select(Counter_increments_at_L, - c)) - integer_of_int32(select(Counter_decrements_at_L, c))) + int) memory, Counter_increments_at_L: (Object, int) memory) : int = + (select(Counter_increments_at_L, c) - select(Counter_decrements_at_L, c)) ========== file tests/java/why/Counter_po1.why ========== goal Counter_decrement_ensures_default_po_1: forall this_0:Object pointer. forall Counter_decrements:(Object, - int32) memory. + int) memory. forall Counter_increments:(Object, - int32) memory. + int) memory. forall Object_alloc_table:Object alloc_table. valid_struct_Counter(this_0, 0, 0, Object_alloc_table) -> - forall result:int32. + forall result:int. (result = select(Counter_decrements, this_0)) -> - forall result0:int32. - (integer_of_int32(result0) = (integer_of_int32(result) + 1)) -> forall Counter_decrements0:(Object, - int32) memory. - (Counter_decrements0 = store(Counter_decrements, this_0, result0)) -> - ("JC_24": (value(this_0, Counter_decrements0, + int) memory. + (Counter_decrements0 = store(Counter_decrements, this_0, (result + 1))) -> + ("JC_31": (value(this_0, Counter_decrements0, Counter_increments) = (value(this_0, Counter_decrements, Counter_increments) - 1))) ========== file tests/java/why/Counter_po2.why ========== -goal Counter_decrement_safety_po_1: - forall this_0:Object pointer. - forall Counter_decrements:(Object, - int32) memory. - forall Object_alloc_table:Object alloc_table. - valid_struct_Counter(this_0, 0, 0, Object_alloc_table) -> - forall result:int32. - (result = select(Counter_decrements, this_0)) -> - ((-2147483648) <= (integer_of_int32(result) + 1)) - -========== file tests/java/why/Counter_po3.why ========== -goal Counter_decrement_safety_po_2: - forall this_0:Object pointer. - forall Counter_decrements:(Object, - int32) memory. - forall Object_alloc_table:Object alloc_table. - valid_struct_Counter(this_0, 0, 0, Object_alloc_table) -> - forall result:int32. - (result = select(Counter_decrements, this_0)) -> - ((integer_of_int32(result) + 1) <= 2147483647) - -========== file tests/java/why/Counter_po4.why ========== goal Counter_increment_ensures_default_po_1: forall this_1:Object pointer. forall Counter_decrements:(Object, - int32) memory. + int) memory. forall Counter_increments:(Object, - int32) memory. + int) memory. forall Object_alloc_table:Object alloc_table. valid_struct_Counter(this_1, 0, 0, Object_alloc_table) -> - forall result:int32. + forall result:int. (result = select(Counter_increments, this_1)) -> - forall result0:int32. - (integer_of_int32(result0) = (integer_of_int32(result) + 1)) -> forall Counter_increments0:(Object, - int32) memory. - (Counter_increments0 = store(Counter_increments, this_1, result0)) -> - ("JC_15": (value(this_1, Counter_decrements, + int) memory. + (Counter_increments0 = store(Counter_increments, this_1, (result + 1))) -> + ("JC_23": (value(this_1, Counter_decrements, Counter_increments0) = (value(this_1, Counter_decrements, Counter_increments) + 1))) -========== file tests/java/why/Counter_po5.why ========== -goal Counter_increment_safety_po_1: - forall this_1:Object pointer. - forall Counter_increments:(Object, - int32) memory. - forall Object_alloc_table:Object alloc_table. - valid_struct_Counter(this_1, 0, 0, Object_alloc_table) -> - forall result:int32. - (result = select(Counter_increments, this_1)) -> - ((-2147483648) <= (integer_of_int32(result) + 1)) - -========== file tests/java/why/Counter_po6.why ========== -goal Counter_increment_safety_po_2: - forall this_1:Object pointer. - forall Counter_increments:(Object, - int32) memory. - forall Object_alloc_table:Object alloc_table. - valid_struct_Counter(this_1, 0, 0, Object_alloc_table) -> - forall result:int32. - (result = select(Counter_increments, this_1)) -> - ((integer_of_int32(result) + 1) <= 2147483647) - ========== generation of Simplify VC output ========== why -simplify [...] why/Counter.why ========== file tests/java/simplify/Counter_why.sx ========== @@ -3574,7 +3201,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -3601,51 +3228,6 @@ (EQ (parenttag Throwable_tag Object_tag) |@true|)) (BG_PUSH - ;; Why axiom byte_coerce - (FORALL (x) - (IMPLIES (AND (<= (- 0 128) x) (<= x 127)) - (EQ (integer_of_byte (byte_of_integer x)) x)))) - -(BG_PUSH - ;; Why axiom byte_range - (FORALL (x) - (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) - -(BG_PUSH - ;; Why axiom char_coerce - (FORALL (x) - (IMPLIES (AND (<= 0 x) (<= x 65535)) - (EQ (integer_of_char (char_of_integer x)) x)))) - -(BG_PUSH - ;; Why axiom char_range - (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) - -(DEFPRED (eq_byte x y) (EQ (integer_of_byte x) (integer_of_byte y))) - -(DEFPRED (eq_char x y) (EQ (integer_of_char x) (integer_of_char y))) - -(DEFPRED (eq_int32 x y) (EQ (integer_of_int32 x) (integer_of_int32 y))) - -(DEFPRED (eq_long x y) (EQ (integer_of_long x) (integer_of_long y))) - -(DEFPRED (eq_short x y) (EQ (integer_of_short x) (integer_of_short y))) - -(BG_PUSH - ;; Why axiom int32_coerce - (FORALL (x) - (IMPLIES - (AND (<= (- 0 constant_too_large_2147483648) x) - (<= x constant_too_large_2147483647)) - (EQ (integer_of_int32 (int32_of_integer x)) x)))) - -(BG_PUSH - ;; Why axiom int32_range - (FORALL (x) - (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) - (<= (integer_of_int32 x) constant_too_large_2147483647)))) - -(BG_PUSH ;; Why axiom interface_int (EQ (int_of_tag interface_tag) 1)) @@ -3681,20 +3263,6 @@ (<= (offset_min interface_alloc_table p) a)) (BG_PUSH - ;; Why axiom long_coerce - (FORALL (x) - (IMPLIES - (AND (<= (- 0 constant_too_large_9223372036854775808) x) - (<= x constant_too_large_9223372036854775807)) - (EQ (integer_of_long (long_of_integer x)) x)))) - -(BG_PUSH - ;; Why axiom long_range - (FORALL (x) - (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) - (<= (integer_of_long x) constant_too_large_9223372036854775807)))) - -(BG_PUSH ;; Why axiom pointer_addr_of_Object_of_pointer_address (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) @@ -3720,17 +3288,6 @@ (DEFPRED (right_valid_struct_interface p b interface_alloc_table) (>= (offset_max interface_alloc_table p) b)) -(BG_PUSH - ;; Why axiom short_coerce - (FORALL (x) - (IMPLIES (AND (<= (- 0 32768) x) (<= x 32767)) - (EQ (integer_of_short (short_of_integer x)) x)))) - -(BG_PUSH - ;; Why axiom short_range - (FORALL (x) - (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) - (DEFPRED (strict_valid_root_Object p a b Object_alloc_table) (AND (EQ (offset_min Object_alloc_table p) a) (EQ (offset_max Object_alloc_table p) b))) @@ -3759,26 +3316,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Counter p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -3811,11 +3348,9 @@ ;; Why axiom value_def (FORALL (c Counter_decrements_at_L Counter_increments_at_L) (EQ (value c Counter_decrements_at_L Counter_increments_at_L) - (- (integer_of_int32 (select Counter_increments_at_L c)) (integer_of_int32 - (select - Counter_decrements_at_L c)))))) + (- (select Counter_increments_at_L c) (select Counter_decrements_at_L c))))) -;; Counter_decrement_ensures_default_po_1, File "HOME/tests/java/Counter.java", line 15, characters 16-57 +;; Counter_decrement_ensures_default_po_1, File "HOME/tests/java/Counter.java", line 48, characters 16-57 (FORALL (this_0) (FORALL (Counter_decrements) (FORALL (Counter_increments) @@ -3823,33 +3358,13 @@ (IMPLIES (valid_struct_Counter this_0 0 0 Object_alloc_table) (FORALL (result) (IMPLIES (EQ result (select Counter_decrements this_0)) -(FORALL (result0) -(IMPLIES (EQ (integer_of_int32 result0) (+ (integer_of_int32 result) 1)) (FORALL (Counter_decrements0) (IMPLIES (EQ Counter_decrements0 - (|why__store| Counter_decrements this_0 result0)) + (|why__store| Counter_decrements this_0 (+ result 1))) (EQ (value this_0 Counter_decrements0 Counter_increments) -(- (value this_0 Counter_decrements Counter_increments) 1))))))))))))) - -;; Counter_decrement_safety_po_1, File "HOME/tests/java/Counter.jc", line 65, characters 11-31 -(FORALL (this_0) -(FORALL (Counter_decrements) -(FORALL (Object_alloc_table) -(IMPLIES (valid_struct_Counter this_0 0 0 Object_alloc_table) -(FORALL (result) -(IMPLIES (EQ result (select Counter_decrements this_0)) -(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 result) 1)))))))) +(- (value this_0 Counter_decrements Counter_increments) 1))))))))))) -;; Counter_decrement_safety_po_2, File "HOME/tests/java/Counter.jc", line 65, characters 11-31 -(FORALL (this_0) -(FORALL (Counter_decrements) -(FORALL (Object_alloc_table) -(IMPLIES (valid_struct_Counter this_0 0 0 Object_alloc_table) -(FORALL (result) -(IMPLIES (EQ result (select Counter_decrements this_0)) -(<= (+ (integer_of_int32 result) 1) constant_too_large_2147483647))))))) - -;; Counter_increment_ensures_default_po_1, File "HOME/tests/java/Counter.java", line 10, characters 16-57 +;; Counter_increment_ensures_default_po_1, File "HOME/tests/java/Counter.java", line 43, characters 16-57 (FORALL (this_1) (FORALL (Counter_decrements) (FORALL (Counter_increments) @@ -3857,40 +3372,20 @@ (IMPLIES (valid_struct_Counter this_1 0 0 Object_alloc_table) (FORALL (result) (IMPLIES (EQ result (select Counter_increments this_1)) -(FORALL (result0) -(IMPLIES (EQ (integer_of_int32 result0) (+ (integer_of_int32 result) 1)) (FORALL (Counter_increments0) (IMPLIES (EQ Counter_increments0 - (|why__store| Counter_increments this_1 result0)) + (|why__store| Counter_increments this_1 (+ result 1))) (EQ (value this_1 Counter_decrements Counter_increments0) -(+ (value this_1 Counter_decrements Counter_increments) 1))))))))))))) - -;; Counter_increment_safety_po_1, File "HOME/tests/java/Counter.jc", line 59, characters 11-31 -(FORALL (this_1) -(FORALL (Counter_increments) -(FORALL (Object_alloc_table) -(IMPLIES (valid_struct_Counter this_1 0 0 Object_alloc_table) -(FORALL (result) -(IMPLIES (EQ result (select Counter_increments this_1)) -(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 result) 1)))))))) - -;; Counter_increment_safety_po_2, File "HOME/tests/java/Counter.jc", line 59, characters 11-31 -(FORALL (this_1) -(FORALL (Counter_increments) -(FORALL (Object_alloc_table) -(IMPLIES (valid_struct_Counter this_1 0 0 Object_alloc_table) -(FORALL (result) -(IMPLIES (EQ result (select Counter_increments this_1)) -(<= (+ (integer_of_int32 result) 1) constant_too_large_2147483647))))))) +(+ (value this_1 Counter_decrements Counter_increments) 1))))))))))) ========== running Simplify ========== Running Simplify on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -simplify/Counter_why.sx : ..?..? (4/0/2/0/0) -total : 6 -valid : 4 ( 67%) +simplify/Counter_why.sx : .. (2/0/0/0/0) +total : 2 +valid : 2 (100%) invalid : 0 ( 0%) -unknown : 2 ( 33%) +unknown : 0 ( 0%) timeout : 0 ( 0%) failure : 0 ( 0%) ========== generation of alt-ergo VC output ========== @@ -4827,18 +4322,8 @@ type Object -type byte - -type char - -type int32 - type interface -type long - -type short - logic Counter_tag : Object tag_id logic Object_tag : Object tag_id @@ -4851,7 +4336,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -4876,64 +4361,6 @@ axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) -logic integer_of_byte : byte -> int - -logic byte_of_integer : int -> byte - -axiom byte_coerce: - (forall x:int. - ((((-128) <= x) and (x <= 127)) -> - (integer_of_byte(byte_of_integer(x)) = x))) - -axiom byte_range: - (forall x:byte. - (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) - -logic integer_of_char : char -> int - -logic char_of_integer : int -> char - -axiom char_coerce: - (forall x:int. - (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) - -axiom char_range: - (forall x:char. - ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) - -predicate eq_byte(x: byte, y: byte) = - (integer_of_byte(x) = integer_of_byte(y)) - -predicate eq_char(x: char, y: char) = - (integer_of_char(x) = integer_of_char(y)) - -logic integer_of_int32 : int32 -> int - -predicate eq_int32(x: int32, y: int32) = - (integer_of_int32(x) = integer_of_int32(y)) - -logic integer_of_long : long -> int - -predicate eq_long(x: long, y: long) = - (integer_of_long(x) = integer_of_long(y)) - -logic integer_of_short : short -> int - -predicate eq_short(x: short, y: short) = - (integer_of_short(x) = integer_of_short(y)) - -logic int32_of_integer : int -> int32 - -axiom int32_coerce: - (forall x:int. - ((((-2147483648) <= x) and (x <= 2147483647)) -> - (integer_of_int32(int32_of_integer(x)) = x))) - -axiom int32_range: - (forall x:int32. - (((-2147483648) <= integer_of_int32(x)) and - (integer_of_int32(x) <= 2147483647))) - logic interface_tag : interface tag_id axiom interface_int: (int_of_tag(interface_tag) = 1) @@ -4975,18 +4402,6 @@ interface_alloc_table: interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) -logic long_of_integer : int -> long - -axiom long_coerce: - (forall x:int. - ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> - (integer_of_long(long_of_integer(x)) = x))) - -axiom long_range: - (forall x:long. - (((-9223372036854775808) <= integer_of_long(x)) and - (integer_of_long(x) <= 9223372036854775807))) - axiom pointer_addr_of_Object_of_pointer_address: (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -5019,17 +4434,6 @@ interface_alloc_table: interface alloc_table) = (offset_max(interface_alloc_table, p) >= b) -logic short_of_integer : int -> short - -axiom short_coerce: - (forall x:int. - ((((-32768) <= x) and (x <= 32767)) -> - (integer_of_short(short_of_integer(x)) = x))) - -axiom short_range: - (forall x:short. - (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) - predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) = a) and @@ -5066,32 +4470,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Counter(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -5129,95 +4507,50 @@ (offset_max(interface_alloc_table, p) >= b)) function value(c: Object pointer, Counter_decrements_at_L: (Object, - int32) memory, Counter_increments_at_L: (Object, int32) memory) : int = - (integer_of_int32(select(Counter_increments_at_L, - c)) - integer_of_int32(select(Counter_decrements_at_L, c))) + int) memory, Counter_increments_at_L: (Object, int) memory) : int = + (select(Counter_increments_at_L, c) - select(Counter_decrements_at_L, c)) goal Counter_decrement_ensures_default_po_1: forall this_0:Object pointer. forall Counter_decrements:(Object, - int32) memory. + int) memory. forall Counter_increments:(Object, - int32) memory. + int) memory. forall Object_alloc_table:Object alloc_table. valid_struct_Counter(this_0, 0, 0, Object_alloc_table) -> - forall result:int32. + forall result:int. (result = select(Counter_decrements, this_0)) -> - forall result0:int32. - (integer_of_int32(result0) = (integer_of_int32(result) + 1)) -> forall Counter_decrements0:(Object, - int32) memory. - (Counter_decrements0 = store(Counter_decrements, this_0, result0)) -> - ("JC_24": (value(this_0, Counter_decrements0, + int) memory. + (Counter_decrements0 = store(Counter_decrements, this_0, (result + 1))) -> + ("JC_31": (value(this_0, Counter_decrements0, Counter_increments) = (value(this_0, Counter_decrements, Counter_increments) - 1))) -goal Counter_decrement_safety_po_1: - forall this_0:Object pointer. - forall Counter_decrements:(Object, - int32) memory. - forall Object_alloc_table:Object alloc_table. - valid_struct_Counter(this_0, 0, 0, Object_alloc_table) -> - forall result:int32. - (result = select(Counter_decrements, this_0)) -> - ((-2147483648) <= (integer_of_int32(result) + 1)) - -goal Counter_decrement_safety_po_2: - forall this_0:Object pointer. - forall Counter_decrements:(Object, - int32) memory. - forall Object_alloc_table:Object alloc_table. - valid_struct_Counter(this_0, 0, 0, Object_alloc_table) -> - forall result:int32. - (result = select(Counter_decrements, this_0)) -> - ((integer_of_int32(result) + 1) <= 2147483647) - goal Counter_increment_ensures_default_po_1: forall this_1:Object pointer. forall Counter_decrements:(Object, - int32) memory. + int) memory. forall Counter_increments:(Object, - int32) memory. + int) memory. forall Object_alloc_table:Object alloc_table. valid_struct_Counter(this_1, 0, 0, Object_alloc_table) -> - forall result:int32. + forall result:int. (result = select(Counter_increments, this_1)) -> - forall result0:int32. - (integer_of_int32(result0) = (integer_of_int32(result) + 1)) -> forall Counter_increments0:(Object, - int32) memory. - (Counter_increments0 = store(Counter_increments, this_1, result0)) -> - ("JC_15": (value(this_1, Counter_decrements, + int) memory. + (Counter_increments0 = store(Counter_increments, this_1, (result + 1))) -> + ("JC_23": (value(this_1, Counter_decrements, Counter_increments0) = (value(this_1, Counter_decrements, Counter_increments) + 1))) -goal Counter_increment_safety_po_1: - forall this_1:Object pointer. - forall Counter_increments:(Object, - int32) memory. - forall Object_alloc_table:Object alloc_table. - valid_struct_Counter(this_1, 0, 0, Object_alloc_table) -> - forall result:int32. - (result = select(Counter_increments, this_1)) -> - ((-2147483648) <= (integer_of_int32(result) + 1)) - -goal Counter_increment_safety_po_2: - forall this_1:Object pointer. - forall Counter_increments:(Object, - int32) memory. - forall Object_alloc_table:Object alloc_table. - valid_struct_Counter(this_1, 0, 0, Object_alloc_table) -> - forall result:int32. - (result = select(Counter_increments, this_1)) -> - ((integer_of_int32(result) + 1) <= 2147483647) - ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/Counter_why.why : ..?..? (4/0/2/0/0) -total : 6 -valid : 4 ( 67%) +why/Counter_why.why : .. (2/0/0/0/0) +total : 2 +valid : 2 (100%) invalid : 0 ( 0%) -unknown : 2 ( 33%) +unknown : 0 ( 0%) timeout : 0 ( 0%) failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/Creation.res.oracle why-2.30+dfsg/tests/java/oracle/Creation.res.oracle --- why-2.29+dfsg/tests/java/oracle/Creation.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Creation.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/java/Creation.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ CheckArithOverflow = no @@ -71,6 +101,13 @@ } +/* +Local Variables: +compile-command: "make Creation.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -90,7 +127,10 @@ # AbstractDomain = None predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -227,49 +267,49 @@ ========== file tests/java/Creation.jloc ========== [K_10] file = "HOME/tests/java/Creation.java" -line = 36 +line = 66 begin = 14 end = 30 [K_11] file = "HOME/tests/java/Creation.java" -line = 41 +line = 71 begin = 18 end = 30 [K_12] file = "HOME/tests/java/Creation.java" -line = 45 +line = 75 begin = 8 end = 20 [K_13] file = "HOME/tests/java/Creation.java" -line = 44 +line = 74 begin = 14 end = 28 [K_14] file = "HOME/tests/java/Creation.java" -line = 50 +line = 80 begin = 18 end = 31 [K_15] file = "HOME/tests/java/Creation.java" -line = 54 +line = 84 begin = 8 end = 20 [K_16] file = "HOME/tests/java/Creation.java" -line = 53 +line = 83 begin = 14 end = 32 [K_17] file = "HOME/tests/java/Creation.java" -line = 64 +line = 94 begin = 18 end = 34 @@ -281,19 +321,19 @@ [K_1] file = "HOME/tests/java/Creation.java" -line = 18 +line = 48 begin = 18 end = 38 [K_2] file = "HOME/tests/java/Creation.java" -line = 21 +line = 51 begin = 1 end = 15 [K_3] file = "HOME/tests/java/Creation.java" -line = 10 +line = 40 begin = 18 end = 38 @@ -305,13 +345,13 @@ [K_5] file = "HOME/tests/java/Creation.java" -line = 26 +line = 56 begin = 18 end = 42 [K_6] file = "HOME/tests/java/Creation.java" -line = 29 +line = 59 begin = 6 end = 9 @@ -323,62 +363,62 @@ [K_8] file = "HOME/tests/java/Creation.java" -line = 33 +line = 63 begin = 18 end = 31 [K_9] file = "HOME/tests/java/Creation.java" -line = 37 +line = 67 begin = 8 end = 20 [cons_TestSuperConstructor] name = "Constructor of class TestSuperConstructor" file = "HOME/tests/java/Creation.java" -line = 66 +line = 96 begin = 4 end = 24 [cons_Creation_int] name = "Constructor of class Creation" file = "HOME/tests/java/Creation.java" -line = 20 +line = 50 begin = 4 end = 12 [cons_Creation] name = "Constructor of class Creation" file = "HOME/tests/java/Creation.java" -line = 12 +line = 42 begin = 4 end = 12 [Creation_test1] name = "Method test1" file = "HOME/tests/java/Creation.java" -line = 35 +line = 65 begin = 22 end = 27 [Creation_test2] name = "Method test2" file = "HOME/tests/java/Creation.java" -line = 43 +line = 73 begin = 22 end = 27 [Creation_test3] name = "Method test3" file = "HOME/tests/java/Creation.java" -line = 52 +line = 82 begin = 22 end = 27 [cons_Creation_int_int] name = "Constructor of class Creation" file = "HOME/tests/java/Creation.java" -line = 28 +line = 58 begin = 4 end = 12 @@ -405,10 +445,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Creation.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Creation_why.sx @@ -469,6 +510,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Creation_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Creation_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -541,6 +589,9 @@ why3ide: why/Creation_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Creation.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Creation.depend depend: coq/Creation_why.v @@ -551,139 +602,139 @@ ========== file tests/java/Creation.loc ========== [JC_90] -kind = IndexBounds -file = "HOME/tests/java/Creation.java" -line = 45 -begin = 8 -end = 20 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_91] -kind = AllocSize -file = "HOME/tests/java/Creation.jc" -line = 96 -begin = 59 -end = 74 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_92] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 99 -begin = 52 -end = 71 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_40] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 58 -begin = 10 -end = 38 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_93] -kind = AllocSize -file = "HOME/tests/java/Creation.jc" -line = 96 -begin = 59 -end = 74 +file = "HOME/tests/java/Creation.java" +line = 71 +begin = 18 +end = 30 [JC_41] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 58 -begin = 10 +file = "HOME/tests/java/Creation.java" +line = 40 +begin = 18 end = 38 [JC_94] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 99 -begin = 52 -end = 71 +file = "HOME/tests/java/Creation.java" +line = 71 +begin = 18 +end = 30 [JC_42] file = "HOME/tests/java/Creation.java" -line = 28 +line = 42 begin = 4 end = 12 [JC_95] -file = "HOME/tests/java/Creation.java" -line = 52 -begin = 22 -end = 27 +kind = AllocSize +file = "HOME/tests/java/Creation.jc" +line = 99 +begin = 59 +end = 74 [JC_43] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Creation.jc" +line = 57 +begin = 9 +end = 15 [Creation_test3_ensures_normal] name = "Method test3" -behavior = "Normal behavior `normal'" +behavior = "Behavior `normal'" file = "HOME/tests/java/Creation.java" -line = 52 +line = 82 begin = 22 end = 27 [JC_96] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = IndexBounds +file = "HOME/tests/java/Creation.jc" +line = 99 +begin = 35 +end = 75 [JC_44] file = "HOME/tests/java/Creation.java" -line = 28 -begin = 4 -end = 12 +line = 40 +begin = 18 +end = 38 [JC_97] -file = "HOME/tests/java/Creation.java" -line = 52 -begin = 22 -end = 27 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 102 +begin = 52 +end = 71 [JC_45] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Creation.java" +line = 42 +begin = 4 +end = 12 [JC_98] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = IndexBounds +file = "HOME/tests/java/Creation.java" +line = 75 +begin = 8 +end = 20 [JC_46] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Creation.jc" +line = 57 +begin = 9 +end = 15 [JC_1] file = "HOME/tests/java/Creation.jc" -line = 36 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 [JC_100] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 102 +begin = 52 +end = 71 [JC_99] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = AllocSize +file = "HOME/tests/java/Creation.jc" +line = 99 +begin = 59 +end = 74 [JC_47] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 61 +begin = 10 +end = 38 [JC_2] file = "HOME/" @@ -692,34 +743,38 @@ end = -1 [JC_101] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = AllocSize +file = "HOME/tests/java/Creation.jc" +line = 99 +begin = 59 +end = 74 [JC_48] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 61 +begin = 10 +end = 38 [JC_3] file = "HOME/tests/java/Creation.jc" -line = 36 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 [JC_102] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 102 +begin = 52 +end = 71 [JC_49] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 61 +begin = 10 +end = 38 [JC_4] file = "HOME/" @@ -729,15 +784,15 @@ [JC_103] file = "HOME/tests/java/Creation.java" -line = 50 -begin = 18 -end = 31 +line = 82 +begin = 22 +end = 27 [cons_Creation_int_safety] name = "Constructor of class Creation" behavior = "Safety" file = "HOME/tests/java/Creation.java" -line = 20 +line = 50 begin = 4 end = 12 @@ -748,10 +803,10 @@ end = -1 [JC_104] -file = "HOME/tests/java/Creation.java" -line = 52 -begin = 22 -end = 27 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_6] file = "HOME/" @@ -760,16 +815,16 @@ end = -1 [JC_105] -file = "HOME/tests/java/Creation.jc" -line = 109 -begin = 9 -end = 15 +file = "HOME/tests/java/Creation.java" +line = 82 +begin = 22 +end = 27 [Creation_test1_safety] name = "Method test1" behavior = "Safety" file = "HOME/tests/java/Creation.java" -line = 35 +line = 65 begin = 22 end = 27 @@ -780,10 +835,10 @@ end = -1 [JC_106] -file = "HOME/tests/java/Creation.java" -line = 50 -begin = 18 -end = 31 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_8] file = "HOME/" @@ -792,257 +847,250 @@ end = -1 [JC_107] -file = "HOME/tests/java/Creation.java" -line = 52 -begin = 22 -end = 27 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_9] file = "HOME/tests/java/Creation.jc" -line = 38 -begin = 11 -end = 65 +line = 39 +begin = 8 +end = 23 [JC_108] -file = "HOME/tests/java/Creation.jc" -line = 109 -begin = 9 -end = 15 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_109] -kind = AllocSize -file = "HOME/tests/java/Creation.jc" -line = 116 -begin = 57 -end = 72 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [cons_Creation_ensures_default] name = "Constructor of class Creation" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Creation.java" -line = 12 +line = 42 begin = 4 end = 12 [JC_50] file = "HOME/tests/java/Creation.java" -line = 26 -begin = 18 -end = 42 - -[JC_51] -file = "HOME/tests/java/Creation.java" -line = 28 +line = 58 begin = 4 end = 12 +[JC_51] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [Creation_test2_ensures_default] name = "Method test2" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Creation.java" -line = 43 +line = 73 begin = 22 end = 27 [JC_52] -file = "HOME/tests/java/Creation.jc" -line = 62 -begin = 9 -end = 15 +file = "HOME/tests/java/Creation.java" +line = 58 +begin = 4 +end = 12 [JC_53] -file = "HOME/tests/java/Creation.java" -line = 26 -begin = 18 -end = 42 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_54] -file = "HOME/tests/java/Creation.java" -line = 28 -begin = 4 -end = 12 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_55] -file = "HOME/tests/java/Creation.jc" -line = 62 -begin = 9 -end = 15 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_56] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 66 -begin = 10 -end = 54 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_110] -kind = IndexBounds -file = "HOME/tests/java/Creation.jc" -line = 116 -begin = 33 -end = 73 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_57] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 66 -begin = 10 -end = 54 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_111] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 119 -begin = 50 -end = 120 +file = "HOME/tests/java/Creation.java" +line = 80 +begin = 18 +end = 31 [JC_58] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 66 -begin = 10 -end = 54 +file = "HOME/tests/java/Creation.java" +line = 56 +begin = 18 +end = 42 [JC_112] -kind = IndexBounds file = "HOME/tests/java/Creation.java" -line = 54 -begin = 8 -end = 20 +line = 82 +begin = 22 +end = 27 [JC_59] file = "HOME/tests/java/Creation.java" -line = 35 -begin = 22 -end = 27 +line = 58 +begin = 4 +end = 12 [JC_113] -kind = AllocSize file = "HOME/tests/java/Creation.jc" -line = 116 -begin = 57 -end = 72 +line = 112 +begin = 9 +end = 15 [JC_114] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 119 -begin = 50 -end = 120 +file = "HOME/tests/java/Creation.java" +line = 80 +begin = 18 +end = 31 [JC_115] -kind = AllocSize -file = "HOME/tests/java/Creation.jc" -line = 116 -begin = 57 -end = 72 +file = "HOME/tests/java/Creation.java" +line = 82 +begin = 22 +end = 27 [Creation_test2_ensures_normal] name = "Method test2" -behavior = "Normal behavior `normal'" +behavior = "Behavior `normal'" file = "HOME/tests/java/Creation.java" -line = 43 +line = 73 begin = 22 end = 27 [cons_Creation_int_ensures_default] name = "Constructor of class Creation" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Creation.java" -line = 20 +line = 50 begin = 4 end = 12 [JC_116] -kind = UserCall file = "HOME/tests/java/Creation.jc" -line = 119 -begin = 50 -end = 120 +line = 112 +begin = 9 +end = 15 [JC_117] -file = "HOME/tests/java/Creation.java" -line = 66 -begin = 4 -end = 24 +kind = AllocSize +file = "HOME/tests/java/Creation.jc" +line = 119 +begin = 57 +end = 72 [JC_118] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = IndexBounds +file = "HOME/tests/java/Creation.jc" +line = 119 +begin = 33 +end = 73 [Creation_test2_safety] name = "Method test2" behavior = "Safety" file = "HOME/tests/java/Creation.java" -line = 43 +line = 73 begin = 22 end = 27 [JC_119] -file = "HOME/tests/java/Creation.java" -line = 66 -begin = 4 -end = 24 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 122 +begin = 50 +end = 120 [JC_60] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Creation.jc" +line = 65 +begin = 9 +end = 15 [JC_61] file = "HOME/tests/java/Creation.java" -line = 35 -begin = 22 -end = 27 +line = 56 +begin = 18 +end = 42 [cons_Creation_safety] name = "Constructor of class Creation" behavior = "Safety" file = "HOME/tests/java/Creation.java" -line = 12 +line = 42 begin = 4 end = 12 [JC_62] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Creation.java" +line = 58 +begin = 4 +end = 12 [cons_Creation_int_ensures_normal] name = "Constructor of class Creation" -behavior = "Normal behavior `normal'" +behavior = "Behavior `normal'" file = "HOME/tests/java/Creation.java" -line = 20 +line = 50 begin = 4 end = 12 [JC_10] -file = "HOME/tests/java/Creation.jc" -line = 38 -begin = 11 -end = 65 - -[JC_63] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_63] +file = "HOME/tests/java/Creation.jc" +line = 65 +begin = 9 +end = 15 + [JC_11] -file = "HOME/tests/java/Creation.java" -line = 20 -begin = 4 -end = 12 +file = "HOME/tests/java/Creation.jc" +line = 39 +begin = 8 +end = 23 [JC_64] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 69 +begin = 10 +end = 54 [JC_12] file = "HOME/" @@ -1051,23 +1099,25 @@ end = -1 [JC_65] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 69 +begin = 10 +end = 54 [JC_13] -file = "HOME/tests/java/Creation.java" -line = 20 -begin = 4 -end = 12 - -[JC_66] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_66] +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 69 +begin = 10 +end = 54 + [JC_14] file = "HOME/" line = 0 @@ -1075,16 +1125,17 @@ end = -1 [JC_120] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = IndexBounds +file = "HOME/tests/java/Creation.java" +line = 84 +begin = 8 +end = 20 [JC_67] file = "HOME/tests/java/Creation.java" -line = 33 -begin = 18 -end = 31 +line = 65 +begin = 22 +end = 27 [JC_15] file = "HOME/" @@ -1093,17 +1144,18 @@ end = -1 [JC_121] +kind = AllocSize +file = "HOME/tests/java/Creation.jc" +line = 119 +begin = 57 +end = 72 + +[JC_68] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_68] -file = "HOME/tests/java/Creation.java" -line = 33 -begin = 18 -end = 31 - [JC_16] file = "HOME/" line = 0 @@ -1111,220 +1163,216 @@ end = -1 [JC_122] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 122 +begin = 50 +end = 120 [JC_69] -kind = AllocSize -file = "HOME/tests/java/Creation.jc" -line = 76 -begin = 59 -end = 74 +file = "HOME/tests/java/Creation.java" +line = 65 +begin = 22 +end = 27 [JC_17] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Creation.jc" +line = 41 +begin = 11 +end = 65 [JC_123] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_18] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = AllocSize +file = "HOME/tests/java/Creation.jc" +line = 119 +begin = 57 +end = 72 + +[JC_18] +file = "HOME/tests/java/Creation.jc" +line = 41 +begin = 11 +end = 65 [JC_124] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 122 +begin = 50 +end = 120 [JC_19] file = "HOME/tests/java/Creation.java" -line = 18 -begin = 18 -end = 38 +line = 50 +begin = 4 +end = 12 [JC_125] file = "HOME/tests/java/Creation.java" -line = 64 -begin = 18 -end = 34 +line = 96 +begin = 4 +end = 24 [JC_126] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_127] file = "HOME/tests/java/Creation.java" -line = 66 +line = 96 begin = 4 end = 24 -[JC_127] -file = "HOME/tests/java/Creation.jc" -line = 130 -begin = 9 -end = 15 - [JC_128] -file = "HOME/tests/java/Creation.java" -line = 64 -begin = 18 -end = 34 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [cons_Creation_ensures_normal] name = "Constructor of class Creation" -behavior = "Normal behavior `normal'" +behavior = "Behavior `normal'" file = "HOME/tests/java/Creation.java" -line = 12 +line = 42 begin = 4 end = 12 [cons_TestSuperConstructor_ensures_normal] name = "Constructor of class TestSuperConstructor" -behavior = "Normal behavior `normal'" +behavior = "Behavior `normal'" file = "HOME/tests/java/Creation.java" -line = 66 +line = 96 begin = 4 end = 24 [JC_129] -file = "HOME/tests/java/Creation.java" -line = 66 -begin = 4 -end = 24 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [Creation_test3_safety] name = "Method test3" behavior = "Safety" file = "HOME/tests/java/Creation.java" -line = 52 +line = 82 begin = 22 end = 27 [JC_70] -kind = IndexBounds -file = "HOME/tests/java/Creation.jc" -line = 76 -begin = 35 -end = 75 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [Creation_test1_ensures_normal] name = "Method test1" -behavior = "Normal behavior `normal'" +behavior = "Behavior `normal'" file = "HOME/tests/java/Creation.java" -line = 35 +line = 65 begin = 22 end = 27 [JC_71] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 79 -begin = 52 -end = 117 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_72] -kind = IndexBounds -file = "HOME/tests/java/Creation.java" -line = 37 -begin = 8 -end = 20 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_20] -file = "HOME/tests/java/Creation.java" -line = 20 -begin = 4 -end = 12 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_73] -kind = AllocSize -file = "HOME/tests/java/Creation.jc" -line = 76 -begin = 59 -end = 74 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_21] -file = "HOME/tests/java/Creation.jc" -line = 46 -begin = 9 -end = 15 +file = "HOME/tests/java/Creation.java" +line = 50 +begin = 4 +end = 12 [JC_74] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 79 -begin = 52 -end = 117 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_22] -file = "HOME/tests/java/Creation.java" -line = 18 -begin = 18 -end = 38 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_75] -kind = AllocSize -file = "HOME/tests/java/Creation.jc" -line = 76 -begin = 59 -end = 74 +file = "HOME/tests/java/Creation.java" +line = 63 +begin = 18 +end = 31 [JC_23] -file = "HOME/tests/java/Creation.java" -line = 20 -begin = 4 -end = 12 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_76] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 79 -begin = 52 -end = 117 +file = "HOME/tests/java/Creation.java" +line = 63 +begin = 18 +end = 31 [JC_24] -file = "HOME/tests/java/Creation.jc" -line = 46 -begin = 9 -end = 15 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_130] -file = "HOME/tests/java/Creation.jc" -line = 130 -begin = 9 -end = 15 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_77] -file = "HOME/tests/java/Creation.java" -line = 43 -begin = 22 -end = 27 +kind = AllocSize +file = "HOME/tests/java/Creation.jc" +line = 79 +begin = 59 +end = 74 [JC_25] -file = "HOME/tests/java/Creation.java" -line = 12 -begin = 4 -end = 12 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_131] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 133 -begin = 11 -end = 40 - -[JC_78] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_78] +kind = IndexBounds +file = "HOME/tests/java/Creation.jc" +line = 79 +begin = 35 +end = 75 + [JC_26] file = "HOME/" line = 0 @@ -1332,56 +1380,79 @@ end = -1 [JC_132] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 133 -begin = 11 -end = 40 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_79] -file = "HOME/tests/java/Creation.java" -line = 43 -begin = 22 -end = 27 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 82 +begin = 52 +end = 117 [cons_Creation_int_int_ensures_normal] name = "Constructor of class Creation" -behavior = "Normal behavior `normal'" +behavior = "Behavior `normal'" file = "HOME/tests/java/Creation.java" -line = 28 +line = 58 begin = 4 end = 12 [JC_27] file = "HOME/tests/java/Creation.java" -line = 12 +line = 48 +begin = 18 +end = 38 + +[JC_133] +file = "HOME/tests/java/Creation.java" +line = 94 +begin = 18 +end = 34 + +[JC_28] +file = "HOME/tests/java/Creation.java" +line = 50 begin = 4 end = 12 -[JC_133] -kind = UserCall +[JC_134] +file = "HOME/tests/java/Creation.java" +line = 96 +begin = 4 +end = 24 + +[JC_29] +file = "HOME/tests/java/Creation.jc" +line = 49 +begin = 9 +end = 15 + +[JC_135] file = "HOME/tests/java/Creation.jc" line = 133 -begin = 11 -end = 40 +begin = 9 +end = 15 -[JC_28] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +[JC_136] +file = "HOME/tests/java/Creation.java" +line = 94 +begin = 18 +end = 34 -[JC_29] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +[JC_137] +file = "HOME/tests/java/Creation.java" +line = 96 +begin = 4 +end = 24 [cons_Creation_int_int_ensures_default] name = "Constructor of class Creation" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Creation.java" -line = 28 +line = 58 begin = 4 end = 12 @@ -1389,89 +1460,107 @@ name = "Constructor of class TestSuperConstructor" behavior = "Safety" file = "HOME/tests/java/Creation.java" -line = 66 +line = 96 begin = 4 end = 24 +[JC_138] +file = "HOME/tests/java/Creation.jc" +line = 133 +begin = 9 +end = 15 + +[JC_139] +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 136 +begin = 11 +end = 40 + [cons_TestSuperConstructor_ensures_default] name = "Constructor of class TestSuperConstructor" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Creation.java" -line = 66 +line = 96 begin = 4 end = 24 [JC_80] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = IndexBounds +file = "HOME/tests/java/Creation.java" +line = 67 +begin = 8 +end = 20 [JC_81] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = AllocSize +file = "HOME/tests/java/Creation.jc" +line = 79 +begin = 59 +end = 74 [JC_82] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 82 +begin = 52 +end = 117 [JC_30] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Creation.java" +line = 48 +begin = 18 +end = 38 [JC_83] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = AllocSize +file = "HOME/tests/java/Creation.jc" +line = 79 +begin = 59 +end = 74 [JC_31] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Creation.java" +line = 50 +begin = 4 +end = 12 [JC_84] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Creation.jc" +line = 82 +begin = 52 +end = 117 [JC_32] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Creation.jc" +line = 49 +begin = 9 +end = 15 [JC_85] file = "HOME/tests/java/Creation.java" -line = 41 -begin = 18 -end = 30 +line = 73 +begin = 22 +end = 27 [JC_33] file = "HOME/tests/java/Creation.java" -line = 10 -begin = 18 -end = 38 +line = 42 +begin = 4 +end = 12 [JC_86] -file = "HOME/tests/java/Creation.java" -line = 41 -begin = 18 -end = 30 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [Creation_test1_ensures_default] name = "Method test1" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Creation.java" -line = 35 +line = 65 begin = 22 end = 27 @@ -1479,73 +1568,83 @@ name = "Constructor of class Creation" behavior = "Safety" file = "HOME/tests/java/Creation.java" -line = 28 +line = 58 begin = 4 end = 12 [JC_34] -file = "HOME/tests/java/Creation.java" -line = 12 -begin = 4 -end = 12 +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_87] -kind = AllocSize +[JC_140] +kind = UserCall file = "HOME/tests/java/Creation.jc" -line = 96 -begin = 59 -end = 74 +line = 136 +begin = 11 +end = 40 + +[JC_87] +file = "HOME/tests/java/Creation.java" +line = 73 +begin = 22 +end = 27 [JC_35] +file = "HOME/tests/java/Creation.java" +line = 42 +begin = 4 +end = 12 + +[JC_141] +kind = UserCall file = "HOME/tests/java/Creation.jc" -line = 54 -begin = 9 -end = 15 +line = 136 +begin = 11 +end = 40 [JC_88] -kind = IndexBounds -file = "HOME/tests/java/Creation.jc" -line = 96 -begin = 35 -end = 75 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_36] -file = "HOME/tests/java/Creation.java" -line = 10 -begin = 18 -end = 38 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_89] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 99 -begin = 52 -end = 71 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_37] -file = "HOME/tests/java/Creation.java" -line = 12 -begin = 4 -end = 12 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_38] -file = "HOME/tests/java/Creation.jc" -line = 54 -begin = 9 -end = 15 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_39] -kind = UserCall -file = "HOME/tests/java/Creation.jc" -line = 58 -begin = 10 -end = 38 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [Creation_test3_ensures_default] name = "Method test3" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Creation.java" -line = 52 +line = 82 begin = 22 end = 27 @@ -1560,19 +1659,13 @@ axiom Creation_parenttag_Object : parenttag(Creation_tag, Object_tag) -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -1589,8 +1682,6 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) @@ -1600,8 +1691,6 @@ axiom TestSuperConstructor_parenttag_Creation : parenttag(TestSuperConstructor_tag, Creation_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -1726,36 +1815,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Creation(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_TestSuperConstructor(p:unit pointer, a:int, - b:int, bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Creation(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1806,33 +1865,33 @@ tt:unit -> { } int reads Creation_simple_val,Object_alloc_table writes Creation_simple_val,Object_alloc_table,Object_tag_table - { (JC_68: eq_int(result, (17))) } + { (JC_76: (result = (17))) } parameter Creation_test1_requires : tt:unit -> { } int reads Creation_simple_val,Object_alloc_table writes Creation_simple_val,Object_alloc_table,Object_tag_table - { (JC_68: eq_int(result, (17))) } + { (JC_76: (result = (17))) } parameter Creation_test2 : tt:unit -> { } int reads Creation_simple_val,Object_alloc_table writes Creation_simple_val,Object_alloc_table,Object_tag_table - { (JC_86: eq_int(result, (0))) } + { (JC_94: (result = (0))) } parameter Creation_test2_requires : tt:unit -> { } int reads Creation_simple_val,Object_alloc_table writes Creation_simple_val,Object_alloc_table,Object_tag_table - { (JC_86: eq_int(result, (0))) } + { (JC_94: (result = (0))) } parameter Creation_test3 : tt:unit -> { } int reads Creation_simple_val,Object_alloc_table writes Creation_simple_val,Object_alloc_table,Object_tag_table - { (JC_108: - ((JC_106: eq_int(result, (17))) - and (JC_107: + { (JC_116: + ((JC_114: (result = (17))) + and (JC_115: not_assigns(Object_alloc_table@, Creation_simple_val@, Creation_simple_val, pset_empty)))) } @@ -1840,137 +1899,21 @@ tt:unit -> { } int reads Creation_simple_val,Object_alloc_table writes Creation_simple_val,Object_alloc_table,Object_tag_table - { (JC_108: - ((JC_106: eq_int(result, (17))) - and (JC_107: + { (JC_116: + ((JC_114: (result = (17))) + and (JC_115: not_assigns(Object_alloc_table@, Creation_simple_val@, Creation_simple_val, pset_empty)))) } -parameter alloc_bitvector_struct_Creation : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Creation(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Creation_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Creation(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_TestSuperConstructor : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_TestSuperConstructor(result, (0), - sub_int(n, (1)), bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_TestSuperConstructor_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_TestSuperConstructor(result, (0), - sub_int(n, (1)), bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Exception_exc of Object pointer -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Creation : n:int -> @@ -2139,26 +2082,30 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_Creation : this_2:Object pointer -> { } unit reads Creation_simple_val,Object_alloc_table writes Creation_simple_val - { (JC_38: - ((JC_36: eq_int(select(Creation_simple_val, this_2), (0))) - and (JC_37: + { (JC_46: + ((JC_44: (select(Creation_simple_val, this_2) = (0))) + and (JC_45: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_2@))))) } + Creation_simple_val, pset_singleton(this_2))))) } parameter cons_Creation_int : this_1:Object pointer -> n:int -> { } unit reads Creation_simple_val,Object_alloc_table writes Creation_simple_val - { (JC_24: - ((JC_22: eq_int(select(Creation_simple_val, this_1), n)) - and (JC_23: + { (JC_32: + ((JC_30: (select(Creation_simple_val, this_1) = n)) + and (JC_31: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_1@))))) } + Creation_simple_val, pset_singleton(this_1))))) } parameter cons_Creation_int_int : this_0:Object pointer -> @@ -2166,11 +2113,11 @@ m:int -> { } unit reads Creation_simple_val,Object_alloc_table writes Creation_simple_val - { (JC_55: - ((JC_53: eq_int(select(Creation_simple_val, this_0), add_int(n_0, m))) - and (JC_54: + { (JC_63: + ((JC_61: (select(Creation_simple_val, this_0) = add_int(n_0, m))) + and (JC_62: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_0@))))) } + Creation_simple_val, pset_singleton(this_0))))) } parameter cons_Creation_int_int_requires : this_0:Object pointer -> @@ -2178,70 +2125,70 @@ m:int -> { } unit reads Creation_simple_val,Object_alloc_table writes Creation_simple_val - { (JC_55: - ((JC_53: eq_int(select(Creation_simple_val, this_0), add_int(n_0, m))) - and (JC_54: + { (JC_63: + ((JC_61: (select(Creation_simple_val, this_0) = add_int(n_0, m))) + and (JC_62: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_0@))))) } + Creation_simple_val, pset_singleton(this_0))))) } parameter cons_Creation_int_requires : this_1:Object pointer -> n:int -> { } unit reads Creation_simple_val,Object_alloc_table writes Creation_simple_val - { (JC_24: - ((JC_22: eq_int(select(Creation_simple_val, this_1), n)) - and (JC_23: + { (JC_32: + ((JC_30: (select(Creation_simple_val, this_1) = n)) + and (JC_31: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_1@))))) } + Creation_simple_val, pset_singleton(this_1))))) } parameter cons_Creation_requires : this_2:Object pointer -> { } unit reads Creation_simple_val,Object_alloc_table writes Creation_simple_val - { (JC_38: - ((JC_36: eq_int(select(Creation_simple_val, this_2), (0))) - and (JC_37: + { (JC_46: + ((JC_44: (select(Creation_simple_val, this_2) = (0))) + and (JC_45: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_2@))))) } + Creation_simple_val, pset_singleton(this_2))))) } parameter cons_TestSuperConstructor : this_4:Object pointer -> { } unit reads Creation_simple_val,Object_alloc_table writes Creation_simple_val - { (JC_130: - ((JC_128: eq_int(select(Creation_simple_val, this_4), (12))) - and (JC_129: + { (JC_138: + ((JC_136: (select(Creation_simple_val, this_4) = (12))) + and (JC_137: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_4@))))) } + Creation_simple_val, pset_singleton(this_4))))) } parameter cons_TestSuperConstructor_requires : this_4:Object pointer -> { } unit reads Creation_simple_val,Object_alloc_table writes Creation_simple_val - { (JC_130: - ((JC_128: eq_int(select(Creation_simple_val, this_4), (12))) - and (JC_129: + { (JC_138: + ((JC_136: (select(Creation_simple_val, this_4) = (12))) + and (JC_137: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_4@))))) } + Creation_simple_val, pset_singleton(this_4))))) } parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } let Creation_test1_ensures_default = fun (tt : unit) -> - { (JC_62: true) } + { (JC_70: true) } (init: (let return = ref (any_int void) in try @@ -2249,20 +2196,20 @@ (let t_1 = (K_10: (let this = - (JC_73: + (JC_81: (((alloc_struct_Creation (1)) Object_alloc_table) Object_tag_table)) in (let tt = (let jessie_ = this in (let jessie_ = (17) in - (JC_74: ((cons_Creation_int jessie_) jessie_)))) in this))) in + (JC_82: ((cons_Creation_int jessie_) jessie_)))) in this))) in begin (return := (K_9: ((safe_acc_ !Creation_simple_val) t_1))); (raise Return) end); absurd end with Return -> !return end)) - { (JC_63: true) } + { (JC_71: true) } let Creation_test1_ensures_normal = fun (tt : unit) -> - { (JC_62: true) } + { (JC_70: true) } (init: (let return = ref (any_int void) in try @@ -2270,20 +2217,20 @@ (let t_1 = (K_10: (let this = - (JC_75: + (JC_83: (((alloc_struct_Creation (1)) Object_alloc_table) Object_tag_table)) in (let tt = (let jessie_ = this in (let jessie_ = (17) in - (JC_76: ((cons_Creation_int jessie_) jessie_)))) in this))) in + (JC_84: ((cons_Creation_int jessie_) jessie_)))) in this))) in begin (return := (K_9: ((safe_acc_ !Creation_simple_val) t_1))); (raise Return) end); absurd end with Return -> !return end)) - { (JC_67: eq_int(result, (17))) } + { (JC_75: (result = (17))) } let Creation_test1_safety = fun (tt : unit) -> - { (JC_62: true) } + { (JC_70: true) } (init: (let return = ref (any_int void) in try @@ -2292,24 +2239,24 @@ (K_10: (let this = (let jessie_ = - (JC_69: + (JC_77: (((alloc_struct_Creation_requires (1)) Object_alloc_table) Object_tag_table)) in - (JC_70: + (JC_78: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (0)) }; jessie_))) in (let tt = (let jessie_ = this in (let jessie_ = (17) in - (JC_71: ((cons_Creation_int_requires jessie_) jessie_)))) in this))) in + (JC_79: ((cons_Creation_int_requires jessie_) jessie_)))) in this))) in begin (return := (K_9: - (JC_72: + (JC_80: ((((lsafe_lbound_acc_ !Object_alloc_table) !Creation_simple_val) t_1) (0))))); (raise Return) end); absurd end with Return -> !return end)) { true } let Creation_test2_ensures_default = fun (tt : unit) -> - { (JC_80: true) } + { (JC_88: true) } (init: (let return = ref (any_int void) in try @@ -2317,19 +2264,19 @@ (let t_0 = (K_13: (let this_3 = - (JC_91: + (JC_99: (((alloc_struct_Creation (1)) Object_alloc_table) Object_tag_table)) in (let tt_0 = - (let jessie_ = this_3 in (JC_92: (cons_Creation jessie_))) in + (let jessie_ = this_3 in (JC_100: (cons_Creation jessie_))) in this_3))) in begin (return := (K_12: ((safe_acc_ !Creation_simple_val) t_0))); (raise Return) end); absurd end with Return -> !return end)) - { (JC_81: true) } + { (JC_89: true) } let Creation_test2_ensures_normal = fun (tt : unit) -> - { (JC_80: true) } + { (JC_88: true) } (init: (let return = ref (any_int void) in try @@ -2337,19 +2284,19 @@ (let t_0 = (K_13: (let this_3 = - (JC_93: + (JC_101: (((alloc_struct_Creation (1)) Object_alloc_table) Object_tag_table)) in (let tt_0 = - (let jessie_ = this_3 in (JC_94: (cons_Creation jessie_))) in + (let jessie_ = this_3 in (JC_102: (cons_Creation jessie_))) in this_3))) in begin (return := (K_12: ((safe_acc_ !Creation_simple_val) t_0))); (raise Return) end); absurd end with Return -> !return end)) - { (JC_85: eq_int(result, (0))) } + { (JC_93: (result = (0))) } let Creation_test2_safety = fun (tt : unit) -> - { (JC_80: true) } + { (JC_88: true) } (init: (let return = ref (any_int void) in try @@ -2358,23 +2305,23 @@ (K_13: (let this_3 = (let jessie_ = - (JC_87: + (JC_95: (((alloc_struct_Creation_requires (1)) Object_alloc_table) Object_tag_table)) in - (JC_88: + (JC_96: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (0)) }; jessie_))) in (let tt_0 = - (let jessie_ = this_3 in (JC_89: (cons_Creation_requires jessie_))) in + (let jessie_ = this_3 in (JC_97: (cons_Creation_requires jessie_))) in this_3))) in begin (return := (K_12: - (JC_90: + (JC_98: ((((lsafe_lbound_acc_ !Object_alloc_table) !Creation_simple_val) t_0) (0))))); (raise Return) end); absurd end with Return -> !return end)) { true } let Creation_test3_ensures_default = fun (tt : unit) -> - { (JC_98: true) } + { (JC_106: true) } (init: (let return = ref (any_int void) in try @@ -2382,22 +2329,22 @@ (let t = (K_16: (let this_5 = - (JC_113: + (JC_121: (((alloc_struct_Creation (1)) Object_alloc_table) Object_tag_table)) in (let tt_1 = (let jessie_ = this_5 in (let jessie_ = (10) in (let jessie_ = (7) in - (JC_114: (((cons_Creation_int_int jessie_) jessie_) jessie_))))) in + (JC_122: (((cons_Creation_int_int jessie_) jessie_) jessie_))))) in this_5))) in begin (return := (K_15: ((safe_acc_ !Creation_simple_val) t))); (raise Return) end); absurd end with Return -> !return end)) - { (JC_99: true) } + { (JC_107: true) } let Creation_test3_ensures_normal = fun (tt : unit) -> - { (JC_98: true) } + { (JC_106: true) } (init: (let return = ref (any_int void) in try @@ -2405,26 +2352,26 @@ (let t = (K_16: (let this_5 = - (JC_115: + (JC_123: (((alloc_struct_Creation (1)) Object_alloc_table) Object_tag_table)) in (let tt_1 = (let jessie_ = this_5 in (let jessie_ = (10) in (let jessie_ = (7) in - (JC_116: (((cons_Creation_int_int jessie_) jessie_) jessie_))))) in + (JC_124: (((cons_Creation_int_int jessie_) jessie_) jessie_))))) in this_5))) in begin (return := (K_15: ((safe_acc_ !Creation_simple_val) t))); (raise Return) end); absurd end with Return -> !return end)) - { (JC_105: - ((JC_103: eq_int(result, (17))) - and (JC_104: + { (JC_113: + ((JC_111: (result = (17))) + and (JC_112: not_assigns(Object_alloc_table@, Creation_simple_val@, Creation_simple_val, pset_empty)))) } let Creation_test3_safety = fun (tt : unit) -> - { (JC_98: true) } + { (JC_106: true) } (init: (let return = ref (any_int void) in try @@ -2433,21 +2380,21 @@ (K_16: (let this_5 = (let jessie_ = - (JC_109: + (JC_117: (((alloc_struct_Creation_requires (1)) Object_alloc_table) Object_tag_table)) in - (JC_110: + (JC_118: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (0)) }; jessie_))) in (let tt_1 = (let jessie_ = this_5 in (let jessie_ = (10) in (let jessie_ = (7) in - (JC_111: + (JC_119: (((cons_Creation_int_int_requires jessie_) jessie_) jessie_))))) in this_5))) in begin (return := (K_15: - (JC_112: + (JC_120: ((((lsafe_lbound_acc_ !Object_alloc_table) !Creation_simple_val) t) (0))))); (raise Return) end); absurd end with Return -> !return end)) { true } @@ -2463,8 +2410,8 @@ (K_4: (let jessie_ = this_2 in (let jessie_ = (0) in - (JC_40: ((cons_Creation_int jessie_) jessie_))))); (raise Return) end - with Return -> void end) { (JC_29: true) } + (JC_48: ((cons_Creation_int jessie_) jessie_))))); (raise Return) end + with Return -> void end) { (JC_37: true) } let cons_Creation_ensures_normal = fun (this_2 : Object pointer) -> @@ -2478,13 +2425,13 @@ (K_4: (let jessie_ = this_2 in (let jessie_ = (0) in - (JC_41: ((cons_Creation_int jessie_) jessie_))))); (raise Return) end + (JC_49: ((cons_Creation_int jessie_) jessie_))))); (raise Return) end with Return -> void end) - { (JC_35: - ((JC_33: eq_int(select(Creation_simple_val, this_2), (0))) - and (JC_34: + { (JC_43: + ((JC_41: (select(Creation_simple_val, this_2) = (0))) + and (JC_42: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_2@))))) } + Creation_simple_val, pset_singleton(this_2))))) } let cons_Creation_int_ensures_default = fun (this_1 : Object pointer) (n : int) -> @@ -2503,7 +2450,7 @@ (let jessie_ = this_1 in (((safe_upd_ Creation_simple_val) jessie_) jessie_)); jessie_ end)) end in void); (raise Return) end with Return -> void end) - { (JC_15: true) } + { (JC_23: true) } let cons_Creation_int_ensures_normal = fun (this_1 : Object pointer) (n : int) -> @@ -2522,11 +2469,11 @@ (let jessie_ = this_1 in (((safe_upd_ Creation_simple_val) jessie_) jessie_)); jessie_ end)) end in void); (raise Return) end with Return -> void end) - { (JC_21: - ((JC_19: eq_int(select(Creation_simple_val, this_1), n)) - and (JC_20: + { (JC_29: + ((JC_27: (select(Creation_simple_val, this_1) = n)) + and (JC_28: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_1@))))) } + Creation_simple_val, pset_singleton(this_1))))) } let cons_Creation_int_int_ensures_default = fun (this_0 : Object pointer) (n_0 : int) (m : int) -> @@ -2540,8 +2487,8 @@ (K_7: (let jessie_ = this_0 in (let jessie_ = (K_6: ((add_int n_0) m)) in - (JC_57: ((cons_Creation_int jessie_) jessie_))))); (raise Return) end - with Return -> void end) { (JC_46: true) } + (JC_65: ((cons_Creation_int jessie_) jessie_))))); (raise Return) end + with Return -> void end) { (JC_54: true) } let cons_Creation_int_int_ensures_normal = fun (this_0 : Object pointer) (n_0 : int) (m : int) -> @@ -2555,13 +2502,13 @@ (K_7: (let jessie_ = this_0 in (let jessie_ = (K_6: ((add_int n_0) m)) in - (JC_58: ((cons_Creation_int jessie_) jessie_))))); (raise Return) end + (JC_66: ((cons_Creation_int jessie_) jessie_))))); (raise Return) end with Return -> void end) - { (JC_52: - ((JC_50: eq_int(select(Creation_simple_val, this_0), add_int(n_0, m))) - and (JC_51: + { (JC_60: + ((JC_58: (select(Creation_simple_val, this_0) = add_int(n_0, m))) + and (JC_59: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_0@))))) } + Creation_simple_val, pset_singleton(this_0))))) } let cons_Creation_int_int_safety = fun (this_0 : Object pointer) (n_0 : int) (m : int) -> @@ -2575,7 +2522,7 @@ (K_7: (let jessie_ = this_0 in (let jessie_ = (K_6: ((add_int n_0) m)) in - (JC_56: ((cons_Creation_int_requires jessie_) jessie_))))); + (JC_64: ((cons_Creation_int_requires jessie_) jessie_))))); (raise Return) end with Return -> void end) { true } let cons_Creation_int_safety = @@ -2608,7 +2555,7 @@ (K_4: (let jessie_ = this_2 in (let jessie_ = (0) in - (JC_39: ((cons_Creation_int_requires jessie_) jessie_))))); + (JC_47: ((cons_Creation_int_requires jessie_) jessie_))))); (raise Return) end with Return -> void end) { true } let cons_TestSuperConstructor_ensures_default = @@ -2620,8 +2567,8 @@ (K_18: (let jessie_ = this_4 in (let jessie_ = (12) in - (JC_132: ((cons_Creation_int jessie_) jessie_))))); (raise Return) - end with Return -> void end) { (JC_121: true) } + (JC_140: ((cons_Creation_int jessie_) jessie_))))); (raise Return) + end with Return -> void end) { (JC_129: true) } let cons_TestSuperConstructor_ensures_normal = fun (this_4 : Object pointer) -> @@ -2632,13 +2579,13 @@ (K_18: (let jessie_ = this_4 in (let jessie_ = (12) in - (JC_133: ((cons_Creation_int jessie_) jessie_))))); (raise Return) + (JC_141: ((cons_Creation_int jessie_) jessie_))))); (raise Return) end with Return -> void end) - { (JC_127: - ((JC_125: eq_int(select(Creation_simple_val, this_4), (12))) - and (JC_126: + { (JC_135: + ((JC_133: (select(Creation_simple_val, this_4) = (12))) + and (JC_134: not_assigns(Object_alloc_table@, Creation_simple_val@, - Creation_simple_val, pset_singleton(this_4@))))) } + Creation_simple_val, pset_singleton(this_4))))) } let cons_TestSuperConstructor_safety = fun (this_4 : Object pointer) -> @@ -2649,7 +2596,7 @@ (K_18: (let jessie_ = this_4 in (let jessie_ = (12) in - (JC_131: ((cons_Creation_int_requires jessie_) jessie_))))); + (JC_139: ((cons_Creation_int_requires jessie_) jessie_))))); (raise Return) end with Return -> void end) { true } @@ -2661,27 +2608,27 @@ - + - + - + - + - + - + @@ -2690,23 +2637,23 @@ - + - + - + - + - + @@ -2715,23 +2662,23 @@ - + - + - + - + - + @@ -2741,21 +2688,21 @@ - + - + - + - + - + @@ -3707,7 +3654,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -3858,36 +3805,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Creation(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_TestSuperConstructor(p: unit pointer, - a: int, b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Creation(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -3928,12 +3845,37 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/Creation_po1.why ========== +goal Creation_test1_ensures_normal_po_1: + forall Creation_simple_val:(Object, + int) memory. + forall Object_alloc_table:Object alloc_table. + ("JC_70": true) -> + forall result:Object pointer. + forall Object_alloc_table0:Object alloc_table. + forall Object_tag_table:Object tag_table. + (strict_valid_struct_Creation(result, 0, (1 - 1), Object_alloc_table0) and + (alloc_extends(Object_alloc_table, Object_alloc_table0) and + (alloc_fresh(Object_alloc_table, result, 1) and + instanceof(Object_tag_table, result, Creation_tag)))) -> + forall Creation_simple_val0:(Object, + int) memory. + ("JC_32": + (("JC_30": (select(Creation_simple_val0, result) = 17)) and + ("JC_31": not_assigns(Object_alloc_table0, Creation_simple_val, + Creation_simple_val0, pset_singleton(result))))) -> + forall result0:int. + (result0 = select(Creation_simple_val0, result)) -> + forall return:int. + (return = result0) -> + ("JC_75": (return = 17)) + ========== file tests/java/why/Creation_po10.why ========== goal Creation_test3_ensures_normal_po_2: forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_98": true) -> + ("JC_106": true) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. @@ -3943,28 +3885,27 @@ instanceof(Object_tag_table, result, Creation_tag)))) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_55": - (("JC_53": (select(Creation_simple_val0, result) = (10 + 7))) and - ("JC_54": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_63": + (("JC_61": (select(Creation_simple_val0, result) = (10 + 7))) and + ("JC_62": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> forall result0:int. (result0 = select(Creation_simple_val0, result)) -> forall return:int. (return = result0) -> - ("JC_105": - ("JC_104": - ("JC_104": not_assigns(Object_alloc_table, Creation_simple_val, - Creation_simple_val0, pset_empty)))) + ("JC_113": + ("JC_112": not_assigns(Object_alloc_table, Creation_simple_val, + Creation_simple_val0, pset_empty))) ========== file tests/java/why/Creation_po11.why ========== goal Creation_test3_safety_po_1: - ("JC_98": true) -> + ("JC_106": true) -> (1 >= 0) ========== file tests/java/why/Creation_po12.why ========== goal Creation_test3_safety_po_2: forall Object_alloc_table:Object alloc_table. - ("JC_98": true) -> + ("JC_106": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -3980,7 +3921,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_98": true) -> + ("JC_106": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -3992,9 +3933,9 @@ (offset_max(Object_alloc_table0, result) >= 0) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_55": - (("JC_53": (select(Creation_simple_val0, result) = (10 + 7))) and - ("JC_54": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_63": + (("JC_61": (select(Creation_simple_val0, result) = (10 + 7))) and + ("JC_62": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> (0 <= offset_max(Object_alloc_table0, result)) @@ -4010,14 +3951,13 @@ (Creation_simple_val0 = store(Creation_simple_val, this_2, 0)) -> forall Creation_simple_val1:(Object, int) memory. - ("JC_24": - (("JC_22": (select(Creation_simple_val1, this_2) = 0)) and - ("JC_23": not_assigns(Object_alloc_table, Creation_simple_val0, + ("JC_32": + (("JC_30": (select(Creation_simple_val1, this_2) = 0)) and + ("JC_31": not_assigns(Object_alloc_table, Creation_simple_val0, Creation_simple_val1, pset_singleton(this_2))))) -> - ("JC_35": - ("JC_34": - ("JC_34": not_assigns(Object_alloc_table, Creation_simple_val, - Creation_simple_val1, pset_singleton(this_2))))) + ("JC_43": + ("JC_42": not_assigns(Object_alloc_table, Creation_simple_val, + Creation_simple_val1, pset_singleton(this_2)))) ========== file tests/java/why/Creation_po15.why ========== goal cons_Creation_int_ensures_normal_po_1: @@ -4033,7 +3973,7 @@ forall Creation_simple_val1:(Object, int) memory. (Creation_simple_val1 = store(Creation_simple_val0, this_1, n)) -> - ("JC_21": ("JC_19": ("JC_19": (select(Creation_simple_val1, this_1) = n)))) + ("JC_29": ("JC_27": (select(Creation_simple_val1, this_1) = n))) ========== file tests/java/why/Creation_po16.why ========== goal cons_Creation_int_ensures_normal_po_2: @@ -4049,10 +3989,9 @@ forall Creation_simple_val1:(Object, int) memory. (Creation_simple_val1 = store(Creation_simple_val0, this_1, n)) -> - ("JC_21": - ("JC_20": - ("JC_20": not_assigns(Object_alloc_table, Creation_simple_val, - Creation_simple_val1, pset_singleton(this_1))))) + ("JC_29": + ("JC_28": not_assigns(Object_alloc_table, Creation_simple_val, + Creation_simple_val1, pset_singleton(this_1)))) ========== file tests/java/why/Creation_po17.why ========== goal cons_Creation_int_int_ensures_normal_po_1: @@ -4068,49 +4007,23 @@ (Creation_simple_val0 = store(Creation_simple_val, this_0, 0)) -> forall Creation_simple_val1:(Object, int) memory. - ("JC_24": - (("JC_22": (select(Creation_simple_val1, this_0) = (n_0 + m))) and - ("JC_23": not_assigns(Object_alloc_table, Creation_simple_val0, + ("JC_32": + (("JC_30": (select(Creation_simple_val1, this_0) = (n_0 + m))) and + ("JC_31": not_assigns(Object_alloc_table, Creation_simple_val0, Creation_simple_val1, pset_singleton(this_0))))) -> - ("JC_52": - ("JC_51": - ("JC_51": not_assigns(Object_alloc_table, Creation_simple_val, - Creation_simple_val1, pset_singleton(this_0))))) - -========== file tests/java/why/Creation_po1.why ========== -goal Creation_test1_ensures_normal_po_1: - forall Creation_simple_val:(Object, - int) memory. - forall Object_alloc_table:Object alloc_table. - ("JC_62": true) -> - forall result:Object pointer. - forall Object_alloc_table0:Object alloc_table. - forall Object_tag_table:Object tag_table. - (strict_valid_struct_Creation(result, 0, (1 - 1), Object_alloc_table0) and - (alloc_extends(Object_alloc_table, Object_alloc_table0) and - (alloc_fresh(Object_alloc_table, result, 1) and - instanceof(Object_tag_table, result, Creation_tag)))) -> - forall Creation_simple_val0:(Object, - int) memory. - ("JC_24": - (("JC_22": (select(Creation_simple_val0, result) = 17)) and - ("JC_23": not_assigns(Object_alloc_table0, Creation_simple_val, - Creation_simple_val0, pset_singleton(result))))) -> - forall result0:int. - (result0 = select(Creation_simple_val0, result)) -> - forall return:int. - (return = result0) -> - ("JC_67": (return = 17)) + ("JC_60": + ("JC_59": not_assigns(Object_alloc_table, Creation_simple_val, + Creation_simple_val1, pset_singleton(this_0)))) ========== file tests/java/why/Creation_po2.why ========== goal Creation_test1_safety_po_1: - ("JC_62": true) -> + ("JC_70": true) -> (1 >= 0) ========== file tests/java/why/Creation_po3.why ========== goal Creation_test1_safety_po_2: forall Object_alloc_table:Object alloc_table. - ("JC_62": true) -> + ("JC_70": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -4126,7 +4039,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_62": true) -> + ("JC_70": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -4138,9 +4051,9 @@ (offset_max(Object_alloc_table0, result) >= 0) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_24": - (("JC_22": (select(Creation_simple_val0, result) = 17)) and - ("JC_23": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_32": + (("JC_30": (select(Creation_simple_val0, result) = 17)) and + ("JC_31": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> (0 <= offset_max(Object_alloc_table0, result)) @@ -4149,7 +4062,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_80": true) -> + ("JC_88": true) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. @@ -4159,25 +4072,25 @@ instanceof(Object_tag_table, result, Creation_tag)))) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_38": - (("JC_36": (select(Creation_simple_val0, result) = 0)) and - ("JC_37": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_46": + (("JC_44": (select(Creation_simple_val0, result) = 0)) and + ("JC_45": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> forall result0:int. (result0 = select(Creation_simple_val0, result)) -> forall return:int. (return = result0) -> - ("JC_85": (return = 0)) + ("JC_93": (return = 0)) ========== file tests/java/why/Creation_po6.why ========== goal Creation_test2_safety_po_1: - ("JC_80": true) -> + ("JC_88": true) -> (1 >= 0) ========== file tests/java/why/Creation_po7.why ========== goal Creation_test2_safety_po_2: forall Object_alloc_table:Object alloc_table. - ("JC_80": true) -> + ("JC_88": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -4193,7 +4106,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_80": true) -> + ("JC_88": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -4205,9 +4118,9 @@ (offset_max(Object_alloc_table0, result) >= 0) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_38": - (("JC_36": (select(Creation_simple_val0, result) = 0)) and - ("JC_37": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_46": + (("JC_44": (select(Creation_simple_val0, result) = 0)) and + ("JC_45": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> (0 <= offset_max(Object_alloc_table0, result)) @@ -4216,7 +4129,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_98": true) -> + ("JC_106": true) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. @@ -4226,15 +4139,15 @@ instanceof(Object_tag_table, result, Creation_tag)))) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_55": - (("JC_53": (select(Creation_simple_val0, result) = (10 + 7))) and - ("JC_54": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_63": + (("JC_61": (select(Creation_simple_val0, result) = (10 + 7))) and + ("JC_62": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> forall result0:int. (result0 = select(Creation_simple_val0, result)) -> forall return:int. (return = result0) -> - ("JC_105": ("JC_103": ("JC_103": (return = 17)))) + ("JC_113": ("JC_111": (return = 17))) ========== generation of Simplify VC output ========== why -simplify [...] why/Creation.why @@ -5062,7 +4975,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -5190,29 +5103,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Creation p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_TestSuperConstructor p a b bitvector_alloc_table) - (valid_bitvector_struct_Creation p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -5244,7 +5134,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; Creation_test1_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 33, characters 18-31 +;; Creation_test1_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 63, characters 18-31 (FORALL (Creation_simple_val) (FORALL (Object_alloc_table) (IMPLIES TRUE @@ -5266,10 +5156,10 @@ (IMPLIES (EQ result0 (select Creation_simple_val0 result)) (FORALL (return) (IMPLIES (EQ return result0) (EQ return 17)))))))))))))) -;; Creation_test1_safety_po_1, File "HOME/tests/java/Creation.jc", line 76, characters 59-74 +;; Creation_test1_safety_po_1, File "HOME/tests/java/Creation.jc", line 79, characters 59-74 (IMPLIES TRUE (>= 1 0)) -;; Creation_test1_safety_po_2, File "why/Creation.why", line 746, characters 15-69 +;; Creation_test1_safety_po_2, File "why/Creation.why", line 594, characters 15-69 (FORALL (Object_alloc_table) (IMPLIES TRUE (IMPLIES (>= 1 0) @@ -5284,7 +5174,7 @@ (instanceof Object_tag_table result Creation_tag)))) (>= (offset_max Object_alloc_table0 result) 0)))))))) -;; Creation_test1_safety_po_3, File "HOME/tests/java/Creation.java", line 37, characters 8-20 +;; Creation_test1_safety_po_3, File "HOME/tests/java/Creation.java", line 67, characters 8-20 (FORALL (Creation_simple_val) (FORALL (Object_alloc_table) (IMPLIES TRUE @@ -5306,7 +5196,7 @@ (pset_singleton result))) (<= 0 (offset_max Object_alloc_table0 result))))))))))))) -;; Creation_test2_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 41, characters 18-30 +;; Creation_test2_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 71, characters 18-30 (FORALL (Creation_simple_val) (FORALL (Object_alloc_table) (IMPLIES TRUE @@ -5328,10 +5218,10 @@ (IMPLIES (EQ result0 (select Creation_simple_val0 result)) (FORALL (return) (IMPLIES (EQ return result0) (EQ return 0)))))))))))))) -;; Creation_test2_safety_po_1, File "HOME/tests/java/Creation.jc", line 96, characters 59-74 +;; Creation_test2_safety_po_1, File "HOME/tests/java/Creation.jc", line 99, characters 59-74 (IMPLIES TRUE (>= 1 0)) -;; Creation_test2_safety_po_2, File "why/Creation.why", line 812, characters 15-69 +;; Creation_test2_safety_po_2, File "why/Creation.why", line 660, characters 15-69 (FORALL (Object_alloc_table) (IMPLIES TRUE (IMPLIES (>= 1 0) @@ -5346,7 +5236,7 @@ (instanceof Object_tag_table result Creation_tag)))) (>= (offset_max Object_alloc_table0 result) 0)))))))) -;; Creation_test2_safety_po_3, File "HOME/tests/java/Creation.java", line 45, characters 8-20 +;; Creation_test2_safety_po_3, File "HOME/tests/java/Creation.java", line 75, characters 8-20 (FORALL (Creation_simple_val) (FORALL (Object_alloc_table) (IMPLIES TRUE @@ -5368,7 +5258,7 @@ (pset_singleton result))) (<= 0 (offset_max Object_alloc_table0 result))))))))))))) -;; Creation_test3_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 50, characters 18-31 +;; Creation_test3_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 80, characters 18-31 (FORALL (Creation_simple_val) (FORALL (Object_alloc_table) (IMPLIES TRUE @@ -5390,7 +5280,7 @@ (IMPLIES (EQ result0 (select Creation_simple_val0 result)) (FORALL (return) (IMPLIES (EQ return result0) (EQ return 17)))))))))))))) -;; Creation_test3_ensures_normal_po_2, File "HOME/tests/java/Creation.java", line 52, characters 22-27 +;; Creation_test3_ensures_normal_po_2, File "HOME/tests/java/Creation.java", line 82, characters 22-27 (FORALL (Creation_simple_val) (FORALL (Object_alloc_table) (IMPLIES TRUE @@ -5415,10 +5305,10 @@ (not_assigns Object_alloc_table Creation_simple_val Creation_simple_val0 pset_empty)))))))))))))) -;; Creation_test3_safety_po_1, File "HOME/tests/java/Creation.jc", line 116, characters 57-72 +;; Creation_test3_safety_po_1, File "HOME/tests/java/Creation.jc", line 119, characters 57-72 (IMPLIES TRUE (>= 1 0)) -;; Creation_test3_safety_po_2, File "why/Creation.why", line 887, characters 15-70 +;; Creation_test3_safety_po_2, File "why/Creation.why", line 735, characters 15-70 (FORALL (Object_alloc_table) (IMPLIES TRUE (IMPLIES (>= 1 0) @@ -5433,7 +5323,7 @@ (instanceof Object_tag_table result Creation_tag)))) (>= (offset_max Object_alloc_table0 result) 0)))))))) -;; Creation_test3_safety_po_3, File "HOME/tests/java/Creation.java", line 54, characters 8-20 +;; Creation_test3_safety_po_3, File "HOME/tests/java/Creation.java", line 84, characters 8-20 (FORALL (Creation_simple_val) (FORALL (Object_alloc_table) (IMPLIES TRUE @@ -5455,7 +5345,7 @@ (pset_singleton result))) (<= 0 (offset_max Object_alloc_table0 result))))))))))))) -;; cons_Creation_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 12, characters 4-12 +;; cons_Creation_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 42, characters 4-12 (FORALL (this_2) (FORALL (Creation_simple_val) (FORALL (Object_alloc_table) @@ -5472,7 +5362,7 @@ Object_alloc_table Creation_simple_val Creation_simple_val1 (pset_singleton this_2)))))))))) -;; cons_Creation_int_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 18, characters 18-38 +;; cons_Creation_int_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 48, characters 18-38 (FORALL (this_1) (FORALL (n) (FORALL (Creation_simple_val) @@ -5486,7 +5376,7 @@ (|why__store| Creation_simple_val0 this_1 n)) (EQ (select Creation_simple_val1 this_1) n)))))))))) -;; cons_Creation_int_ensures_normal_po_2, File "HOME/tests/java/Creation.java", line 20, characters 4-12 +;; cons_Creation_int_ensures_normal_po_2, File "HOME/tests/java/Creation.java", line 50, characters 4-12 (FORALL (this_1) (FORALL (n) (FORALL (Creation_simple_val) @@ -5502,7 +5392,7 @@ Object_alloc_table Creation_simple_val Creation_simple_val1 (pset_singleton this_1))))))))))) -;; cons_Creation_int_int_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 28, characters 4-12 +;; cons_Creation_int_int_ensures_normal_po_1, File "HOME/tests/java/Creation.java", line 58, characters 4-12 (FORALL (this_0) (FORALL (n_0) (FORALL (m) @@ -6479,7 +6369,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -6630,36 +6520,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Creation(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_TestSuperConstructor(p: unit pointer, - a: int, b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Creation(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -6704,7 +6564,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_62": true) -> + ("JC_70": true) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. @@ -6714,23 +6574,23 @@ instanceof(Object_tag_table, result, Creation_tag)))) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_24": - (("JC_22": (select(Creation_simple_val0, result) = 17)) and - ("JC_23": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_32": + (("JC_30": (select(Creation_simple_val0, result) = 17)) and + ("JC_31": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> forall result0:int. (result0 = select(Creation_simple_val0, result)) -> forall return:int. (return = result0) -> - ("JC_67": (return = 17)) + ("JC_75": (return = 17)) goal Creation_test1_safety_po_1: - ("JC_62": true) -> + ("JC_70": true) -> (1 >= 0) goal Creation_test1_safety_po_2: forall Object_alloc_table:Object alloc_table. - ("JC_62": true) -> + ("JC_70": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -6745,7 +6605,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_62": true) -> + ("JC_70": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -6757,9 +6617,9 @@ (offset_max(Object_alloc_table0, result) >= 0) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_24": - (("JC_22": (select(Creation_simple_val0, result) = 17)) and - ("JC_23": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_32": + (("JC_30": (select(Creation_simple_val0, result) = 17)) and + ("JC_31": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> (0 <= offset_max(Object_alloc_table0, result)) @@ -6767,7 +6627,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_80": true) -> + ("JC_88": true) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. @@ -6777,23 +6637,23 @@ instanceof(Object_tag_table, result, Creation_tag)))) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_38": - (("JC_36": (select(Creation_simple_val0, result) = 0)) and - ("JC_37": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_46": + (("JC_44": (select(Creation_simple_val0, result) = 0)) and + ("JC_45": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> forall result0:int. (result0 = select(Creation_simple_val0, result)) -> forall return:int. (return = result0) -> - ("JC_85": (return = 0)) + ("JC_93": (return = 0)) goal Creation_test2_safety_po_1: - ("JC_80": true) -> + ("JC_88": true) -> (1 >= 0) goal Creation_test2_safety_po_2: forall Object_alloc_table:Object alloc_table. - ("JC_80": true) -> + ("JC_88": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -6808,7 +6668,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_80": true) -> + ("JC_88": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -6820,9 +6680,9 @@ (offset_max(Object_alloc_table0, result) >= 0) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_38": - (("JC_36": (select(Creation_simple_val0, result) = 0)) and - ("JC_37": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_46": + (("JC_44": (select(Creation_simple_val0, result) = 0)) and + ("JC_45": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> (0 <= offset_max(Object_alloc_table0, result)) @@ -6830,7 +6690,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_98": true) -> + ("JC_106": true) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. @@ -6840,21 +6700,21 @@ instanceof(Object_tag_table, result, Creation_tag)))) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_55": - (("JC_53": (select(Creation_simple_val0, result) = (10 + 7))) and - ("JC_54": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_63": + (("JC_61": (select(Creation_simple_val0, result) = (10 + 7))) and + ("JC_62": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> forall result0:int. (result0 = select(Creation_simple_val0, result)) -> forall return:int. (return = result0) -> - ("JC_105": ("JC_103": ("JC_103": (return = 17)))) + ("JC_113": ("JC_111": (return = 17))) goal Creation_test3_ensures_normal_po_2: forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_98": true) -> + ("JC_106": true) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. @@ -6864,26 +6724,25 @@ instanceof(Object_tag_table, result, Creation_tag)))) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_55": - (("JC_53": (select(Creation_simple_val0, result) = (10 + 7))) and - ("JC_54": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_63": + (("JC_61": (select(Creation_simple_val0, result) = (10 + 7))) and + ("JC_62": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> forall result0:int. (result0 = select(Creation_simple_val0, result)) -> forall return:int. (return = result0) -> - ("JC_105": - ("JC_104": - ("JC_104": not_assigns(Object_alloc_table, Creation_simple_val, - Creation_simple_val0, pset_empty)))) + ("JC_113": + ("JC_112": not_assigns(Object_alloc_table, Creation_simple_val, + Creation_simple_val0, pset_empty))) goal Creation_test3_safety_po_1: - ("JC_98": true) -> + ("JC_106": true) -> (1 >= 0) goal Creation_test3_safety_po_2: forall Object_alloc_table:Object alloc_table. - ("JC_98": true) -> + ("JC_106": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -6898,7 +6757,7 @@ forall Creation_simple_val:(Object, int) memory. forall Object_alloc_table:Object alloc_table. - ("JC_98": true) -> + ("JC_106": true) -> (1 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -6910,9 +6769,9 @@ (offset_max(Object_alloc_table0, result) >= 0) -> forall Creation_simple_val0:(Object, int) memory. - ("JC_55": - (("JC_53": (select(Creation_simple_val0, result) = (10 + 7))) and - ("JC_54": not_assigns(Object_alloc_table0, Creation_simple_val, + ("JC_63": + (("JC_61": (select(Creation_simple_val0, result) = (10 + 7))) and + ("JC_62": not_assigns(Object_alloc_table0, Creation_simple_val, Creation_simple_val0, pset_singleton(result))))) -> (0 <= offset_max(Object_alloc_table0, result)) @@ -6927,14 +6786,13 @@ (Creation_simple_val0 = store(Creation_simple_val, this_2, 0)) -> forall Creation_simple_val1:(Object, int) memory. - ("JC_24": - (("JC_22": (select(Creation_simple_val1, this_2) = 0)) and - ("JC_23": not_assigns(Object_alloc_table, Creation_simple_val0, + ("JC_32": + (("JC_30": (select(Creation_simple_val1, this_2) = 0)) and + ("JC_31": not_assigns(Object_alloc_table, Creation_simple_val0, Creation_simple_val1, pset_singleton(this_2))))) -> - ("JC_35": - ("JC_34": - ("JC_34": not_assigns(Object_alloc_table, Creation_simple_val, - Creation_simple_val1, pset_singleton(this_2))))) + ("JC_43": + ("JC_42": not_assigns(Object_alloc_table, Creation_simple_val, + Creation_simple_val1, pset_singleton(this_2)))) goal cons_Creation_int_ensures_normal_po_1: forall this_1:Object pointer. @@ -6949,7 +6807,7 @@ forall Creation_simple_val1:(Object, int) memory. (Creation_simple_val1 = store(Creation_simple_val0, this_1, n)) -> - ("JC_21": ("JC_19": ("JC_19": (select(Creation_simple_val1, this_1) = n)))) + ("JC_29": ("JC_27": (select(Creation_simple_val1, this_1) = n))) goal cons_Creation_int_ensures_normal_po_2: forall this_1:Object pointer. @@ -6964,10 +6822,9 @@ forall Creation_simple_val1:(Object, int) memory. (Creation_simple_val1 = store(Creation_simple_val0, this_1, n)) -> - ("JC_21": - ("JC_20": - ("JC_20": not_assigns(Object_alloc_table, Creation_simple_val, - Creation_simple_val1, pset_singleton(this_1))))) + ("JC_29": + ("JC_28": not_assigns(Object_alloc_table, Creation_simple_val, + Creation_simple_val1, pset_singleton(this_1)))) goal cons_Creation_int_int_ensures_normal_po_1: forall this_0:Object pointer. @@ -6982,14 +6839,13 @@ (Creation_simple_val0 = store(Creation_simple_val, this_0, 0)) -> forall Creation_simple_val1:(Object, int) memory. - ("JC_24": - (("JC_22": (select(Creation_simple_val1, this_0) = (n_0 + m))) and - ("JC_23": not_assigns(Object_alloc_table, Creation_simple_val0, + ("JC_32": + (("JC_30": (select(Creation_simple_val1, this_0) = (n_0 + m))) and + ("JC_31": not_assigns(Object_alloc_table, Creation_simple_val0, Creation_simple_val1, pset_singleton(this_0))))) -> - ("JC_52": - ("JC_51": - ("JC_51": not_assigns(Object_alloc_table, Creation_simple_val, - Creation_simple_val1, pset_singleton(this_0))))) + ("JC_60": + ("JC_59": not_assigns(Object_alloc_table, Creation_simple_val, + Creation_simple_val1, pset_singleton(this_0)))) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations diff -Nru why-2.29+dfsg/tests/java/oracle/Duplets.err.oracle why-2.30+dfsg/tests/java/oracle/Duplets.err.oracle --- why-2.29+dfsg/tests/java/oracle/Duplets.err.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Duplets.err.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,2 @@ +File "jc/jc_pervasives.ml", line 862, characters 6-6: +Uncaught exception: File "jc/jc_pervasives.ml", line 862, characters 6-12: Assertion failed diff -Nru why-2.29+dfsg/tests/java/oracle/Duplets.res.oracle why-2.30+dfsg/tests/java/oracle/Duplets.res.oracle --- why-2.29+dfsg/tests/java/oracle/Duplets.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Duplets.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,868 @@ +========== file tests/java/Duplets.java ========== +/* +COST Verification Competition. vladimir@cost-ic0701.org + +Challenge 3: Two equal elements + +Given: An integer array a of length n+2 with n>=2. It is known that at +least two values stored in the array appear twice (i.e., there are at +least two duplets). + +Implement and verify a program finding such two values. + +You may assume that the array contains values between 0 and n-1. +*/ + + +class Integer { + int value; + /*@ ensures this.value == a; + @*/ + Integer(int a) { + value = a; + } +} + +class Pair { + int x,y; + /*@ ensures this.x == a && this.y == b; + @*/ + Pair(int a,int b) { + x = a; y = b; + } +} + +class Quadruple { + int x,y,z,t; + /*@ ensures this.x == a && this.y == b && + @ this.z == c && this.t == d; + @*/ + Pair(int a,int b,int c,int d) { + x = a; y = b; z = c; t = d; + } +} + +/* equality between an integer and a possibly null Integer object */ +/*@ predicate eq_opt{L}(integer x, Integer o) = + @ o != null && x == o.value; + @*/ + +/* A duplet in array a is a pair of indexes (i,j) in the bounds of array + a such that a[i] = a[j] */ +/*@ predicate is_duplet{L}(int a[], integer i, integer j) = + @ 0 <= i < j < a.length && a[i] == a[j]; + @*/ + +class Duplets { + + /* duplet(a) returns the indexes (i,j) of a duplet in a. + * moreover, if except is not null, the value of this duplet must + * be different from it. + */ + /*@ requires 2 <= a.length && + @ \exists integer i j; + @ is_duplet(a,i,j) && ! eq_opt(a[i],except) ; + @ ensures + @ is_duplet(a,\result.x,\result.y) && + @ ! eq_opt(a[\result.x],except); + @*/ + Pair duplet(int a[], Integer except) { + /*@ loop_invariant + @ \forall integer k l; 0 <= k < i && k < l < a.length ==> + @ ! eq_opt(a[k],except) ==> ! is_duplet(a,k,l); + @ loop_variant a.length - i; + @*/ + for(int i=0; i <= a.length - 2; i++) { + int v = a[i]; + if (except != null && except.value != v) { + /*@ loop_invariant + @ \forall integer l; i < l < j ==> ! is_duplet(a,i,l); + @ loop_variant a.length - j; + @*/ + for (int j=i+1; j < a.length; j++) { + if (a[j] == v) { + return new Pair(i, j); + } + } + } + } + // assert \forall integer i j; ! is_duplet(a,i,j); + //@ assert false; + return null; + } + + + /* requires 4 <= a.length && \exists integer i j k l; + @ is_duplet(a,i,j) && is_duplet(a,k,l) && a[i] != a[k]; + @ ensures is_duplet(a,\result.x,\result.y) && + @ is_duplet(a,\result.z,\result.t) && + @ a[\result.x] != a[\result.z]; + @*/ + Quadruple duplets(int a[]) { + Pair p = duplet(a,null); + Pair q = duplet(a,new Integer(a[p.x])); + return new Quadruple(p.x,p.y,q.x,q.y); + } + + +} + +/* +Local Variables: +compile-command: "make Duplets.why3ml" +End: +*/ + +========== krakatoa execution ========== +Parsing OK. +Typing OK. +Generating JC function cons_Integer_int for constructor Integer +Generating JC function cons_Pair_int_int for constructor Pair +Generating JC function cons_Quadruple_int_int_int_int for constructor Quadruple +Generating JC function Duplets_duplet for method Duplets.duplet +Generating JC function Duplets_duplets for method Duplets.duplets +Generating JC function cons_Duplets for constructor Duplets +Generating JC function Object_registerNatives for method Object.registerNatives +Generating JC function Object_hashCode for method Object.hashCode +Generating JC function Object_equals for method Object.equals +Generating JC function Object_clone for method Object.clone +Generating JC function Object_toString for method Object.toString +Generating JC function Object_notify for method Object.notify +Generating JC function Object_notifyAll for method Object.notifyAll +Generating JC function Object_wait_long for method Object.wait +Generating JC function Object_wait_long_int for method Object.wait +Generating JC function Object_wait for method Object.wait +Generating JC function Object_finalize for method Object.finalize +Generating JC function cons_Object for constructor Object +Done. +========== file tests/java/Duplets.jc ========== +# InvariantPolicy = Arguments +# TerminationPolicy = always +# SeparationPolicy = None +# AnnotationPolicy = None +# AbstractDomain = None + +type byte = -128..127 + +type short = -32768..32767 + +type int32 = -2147483648..2147483647 + +type long = -9223372036854775808..9223372036854775807 + +type char = 0..65535 + +predicate Non_null_intM{Here}(intM[0..] x) = +(\offset_max(x) >= -1) + +predicate Non_null_Object{Here}(Object[0..] x) = +(\offset_max(x) >= 0) + +String[0..] any_string() +; + +tag Object = { +} + +tag String = Object with { +} + +tag Throwable = Object with { +} + +tag Exception = Object with { +} + +tag Integer = Object with { + int32 value; +} + +tag Pair = Object with { + int32 x; + int32 y; +} + +tag Quadruple = Object with { + int32 x; + int32 y; + int32 z; + int32 t; +} + +tag Duplets = Object with { +} + +type Object = [Object] + +type interface = [interface] + +tag interface = { +} + +tag intM = Object with { + int32 intP; +} + +boolean non_null_intM(! intM[0..] x) +behavior default: + assigns \nothing; + ensures (if \result then (\offset_max(x) >= -1) else (x == null)); +; + +integer java_array_length_intM(! intM[0..-1] x) +behavior default: + assigns \nothing; + ensures ((\result <= 2147483647) && + ((\result >= 0) && (\result == (\offset_max(x) + 1)))); +; + +boolean non_null_Object(! Object[0..] x) +behavior normal: + ensures (if \result then (\offset_max(x) == 0) else (x == null)); +; + +predicate eq_opt{L}(integer x, Integer[0..] o) = +(Non_null_Object(o) && (x == o.value)) + +predicate is_duplet{L}(intM[0..] a_2, integer i, integer j) = +((((0 <= i) && (i < j)) && (j < (\offset_max(a_2) + 1))) && + ((a_2 + i).intP == (a_2 + j).intP)) + +exception Throwable of Throwable[0..] + +exception Exception of Exception[0..] + +unit cons_Integer_int(! Integer[0] this_0, int32 a) +behavior default: + ensures (K_1 : (this_0.value == a)); +{ (this_0.value = 0); + (K_2 : (this_0.value = a)) +} + +unit cons_Pair_int_int(! Pair[0] this_2, int32 a_0, int32 b) +behavior default: + ensures (K_5 : ((K_4 : (this_2.x == a_0)) && (K_3 : (this_2.y == b)))); +{ (this_2.x = 0); + (this_2.y = 0); + (K_6 : (this_2.x = a_0)); + (K_7 : (this_2.y = b)) +} + +unit cons_Quadruple_int_int_int_int(! Quadruple[0] this_4, int32 a_1, + int32 b_0, int32 c, int32 d) +behavior default: + ensures (K_14 : ((K_13 : ((K_12 : ((K_11 : (this_4.x == a_1)) && + (K_10 : (this_4.y == b_0)))) && + (K_9 : (this_4.z == c)))) && + (K_8 : (this_4.t == d)))); +{ (this_4.x = 0); + (this_4.y = 0); + (this_4.z = 0); + (this_4.t = 0); + (K_15 : (this_4.x = a_1)); + (K_16 : (this_4.y = b_0)); + (K_17 : (this_4.z = c)); + (K_18 : (this_4.t = d)) +} + +Pair[0..] Duplets_duplet(Duplets[0] this_8, intM[0..] a_3, + Integer[0..] except) + requires (K_24 : ((K_23 : (2 <= (\offset_max(a_3) + 1))) && + (K_22 : (\exists integer i_0; + (\exists integer j_0; + (is_duplet{Here}(a_3, i_0, j_0) && + (! eq_opt{Here}((a_3 + i_0).intP, except)))))))); +behavior default: + ensures (K_21 : ((K_20 : is_duplet{Here}(a_3, \result.x, \result.y)) && + (K_19 : (! eq_opt{Here}((a_3 + \result.x).intP, except))))); +{ + { + { + (var int32 i_1 = (K_25 : 0)); + + loop + behavior default: + invariant (K_26 : (\forall integer k; + (\forall integer l; + ((((0 <= k) && (k < i_1)) && + ((k < l) && (l < (\offset_max(a_3) + 1)))) ==> + ((! eq_opt{Here}((a_3 + k).intP, except)) ==> + (! is_duplet{Here}(a_3, k, l))))))); + + variant (K_27 : ((\offset_max(a_3) + 1) - i_1)); + for ( ; (K_43 : (i_1 <= + (K_42 : (((K_41 : java_array_length_intM(a_3)) - + 2) :> int32)))) ; (K_40 : (i_1 ++))) + { + { + (var int32 v = (K_39 : (a_3 + i_1).intP)); + (if (K_38 : (non_null_Object(except) && + (K_37 : ((K_36 : except.value) != v)))) then + { + { + (var int32 j_1 = (K_28 : ((i_1 + 1) :> int32))); + + loop + behavior default: + invariant (K_29 : (\forall integer l_0; + (((i_1 < l_0) && (l_0 < j_1)) ==> + (! is_duplet{Here}(a_3, i_1, l_0))))); + + variant (K_30 : ((\offset_max(a_3) + 1) - j_1)); + for ( ; (K_35 : (j_1 < + (K_34 : java_array_length_intM(a_3)))) ; + (K_33 : (j_1 ++))) + { (if (K_32 : ((K_31 : (a_3 + j_1).intP) == v)) then + (return + { + (var Pair[0] this = (new Pair[1])); + + { + (var unit tt = cons_Pair_int_int(this, i_1, j_1)); + this + } + }) else ()) + } + } + } else ()) + } + } + } + }; + (K_45 : + (assert (K_44 : false))); + + (return null) +} + +Quadruple[0..] Duplets_duplets(Duplets[0] this_6, intM[0..] a_4) +{ + { + (var Pair[0..] p = (K_53 : Duplets_duplet(this_6, a_4, null))); + + { + (var Pair[0..] q = (K_52 : Duplets_duplet(this_6, a_4, + + { + (var Integer[0] this = (new Integer[1])); + + { + (var unit tt = cons_Integer_int( + this, + (K_51 : (a_4 + + (K_50 : p.x)).intP))); + this + } + }))); + + (return + { + (var Quadruple[0] this = (new Quadruple[1])); + + { + (var unit tt = cons_Quadruple_int_int_int_int(this, + (K_46 : p.x), + (K_47 : p.y), + (K_48 : q.x), + (K_49 : q.y))); + this + } + }) + } + } +} + +unit cons_Duplets(! Duplets[0] this_9){()} + +unit Object_registerNatives() +; + +int32 Object_hashCode(Object[0] this_10) +; + +boolean Object_equals(Object[0] this_11, Object[0..] obj) +; + +Object[0..] Object_clone(Object[0] this_12) +; + +String[0..] Object_toString(Object[0] this_13) +; + +unit Object_notify(Object[0] this_14) +; + +unit Object_notifyAll(Object[0] this_15) +; + +unit Object_wait_long(Object[0] this_16, long timeout) +; + +unit Object_wait_long_int(Object[0] this_17, long timeout_0, int32 nanos) +; + +unit Object_wait(Object[0] this_18) +; + +unit Object_finalize(Object[0] this_19) +; + +unit cons_Object(! Object[0] this_20){()} + +/* +Local Variables: +mode: java +compile-command: "jessie -why-opt -split-user-conj -locs tests/java/Duplets.jloc tests/java/Duplets.jc && make -f tests/java/Duplets.makefile gui" +End: +*/ +========== file tests/java/Duplets.jloc ========== +[K_10] +file = "HOME/tests/java/Duplets.java" +line = 36 +begin = 31 +end = 42 + +[K_11] +file = "HOME/tests/java/Duplets.java" +line = 36 +begin = 16 +end = 27 + +[K_12] +file = "HOME/tests/java/Duplets.java" +line = 36 +begin = 16 +end = 42 + +[K_13] +file = "HOME/tests/java/Duplets.java" +line = 36 +begin = 16 +end = 73 + +[K_14] +file = "HOME/tests/java/Duplets.java" +line = 36 +begin = 16 +end = 88 + +[cons_Integer_int] +name = "Constructor of class Integer" +file = "HOME/tests/java/Duplets.java" +line = 20 +begin = 4 +end = 11 + +[K_15] +file = "HOME/tests/java/Duplets.java" +line = 40 +begin = 8 +end = 13 + +[K_16] +file = "HOME/tests/java/Duplets.java" +line = 40 +begin = 15 +end = 20 + +[K_17] +file = "HOME/tests/java/Duplets.java" +line = 40 +begin = 22 +end = 27 + +[K_18] +file = "HOME/tests/java/Duplets.java" +line = 40 +begin = 29 +end = 34 + +[K_19] +file = "HOME/tests/java/Duplets.java" +line = 66 +begin = 10 +end = 39 + +[Duplets_duplet] +name = "Method duplet" +file = "HOME/tests/java/Duplets.java" +line = 68 +begin = 9 +end = 15 + +[K_20] +file = "HOME/tests/java/Duplets.java" +line = 65 +begin = 10 +end = 42 + +[K_21] +file = "HOME/tests/java/Duplets.java" +line = 65 +begin = 10 +end = 85 + +[cons_Pair_int_int] +name = "Constructor of class Pair" +file = "HOME/tests/java/Duplets.java" +line = 29 +begin = 4 +end = 8 + +[K_22] +file = "HOME/tests/java/Duplets.java" +line = 62 +begin = 10 +end = 84 + +[K_23] +file = "HOME/tests/java/Duplets.java" +line = 61 +begin = 17 +end = 30 + +[K_24] +file = "HOME/tests/java/Duplets.java" +line = 61 +begin = 17 +end = 118 + +[K_1] +file = "HOME/tests/java/Duplets.java" +line = 18 +begin = 16 +end = 31 + +[K_25] +file = "HOME/tests/java/Duplets.java" +line = 74 +begin = 18 +end = 19 + +[K_2] +file = "HOME/tests/java/Duplets.java" +line = 21 +begin = 8 +end = 17 + +[K_26] +file = "HOME/tests/java/Duplets.java" +line = 70 +begin = 13 +end = 128 + +[K_3] +file = "HOME/tests/java/Duplets.java" +line = 27 +begin = 31 +end = 42 + +[Object_equals] +name = "Method equals" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[K_27] +file = "HOME/tests/java/Duplets.java" +line = 72 +begin = 25 +end = 37 + +[K_4] +file = "HOME/tests/java/Duplets.java" +line = 27 +begin = 16 +end = 27 + +[K_28] +file = "HOME/tests/java/Duplets.java" +line = 81 +begin = 27 +end = 30 + +[K_5] +file = "HOME/tests/java/Duplets.java" +line = 27 +begin = 16 +end = 42 + +[K_29] +file = "HOME/tests/java/Duplets.java" +line = 78 +begin = 22 +end = 73 + +[K_6] +file = "HOME/tests/java/Duplets.java" +line = 30 +begin = 8 +end = 13 + +[K_7] +file = "HOME/tests/java/Duplets.java" +line = 30 +begin = 15 +end = 20 + +[K_8] +file = "HOME/tests/java/Duplets.java" +line = 37 +begin = 31 +end = 42 + +[K_9] +file = "HOME/tests/java/Duplets.java" +line = 37 +begin = 16 +end = 27 + +[Object_notify] +name = "Method notify" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[cons_Object] +name = "Constructor of class Object" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[Duplets_duplets] +name = "Method duplets" +file = "HOME/tests/java/Duplets.java" +line = 100 +begin = 14 +end = 21 + +[K_30] +file = "HOME/tests/java/Duplets.java" +line = 79 +begin = 33 +end = 45 + +[cons_Duplets] +name = "Constructor of class Duplets" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[K_31] +file = "HOME/tests/java/Duplets.java" +line = 82 +begin = 24 +end = 28 + +[K_32] +file = "HOME/tests/java/Duplets.java" +line = 82 +begin = 24 +end = 33 + +[K_33] +file = "HOME/tests/java/Duplets.java" +line = 81 +begin = 46 +end = 49 + +[K_34] +file = "HOME/tests/java/Duplets.java" +line = 81 +begin = 36 +end = 44 + +[K_35] +file = "HOME/tests/java/Duplets.java" +line = 81 +begin = 32 +end = 44 + +[K_36] +file = "HOME/tests/java/Duplets.java" +line = 76 +begin = 34 +end = 46 + +[K_37] +file = "HOME/tests/java/Duplets.java" +line = 76 +begin = 34 +end = 51 + +[K_38] +file = "HOME/tests/java/Duplets.java" +line = 76 +begin = 16 +end = 51 + +[Object_wait_long_int] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[K_39] +file = "HOME/tests/java/Duplets.java" +line = 75 +begin = 20 +end = 24 + +[cons_Quadruple_int_int_int_int] +name = "Constructor of class Quadruple" +file = "HOME/tests/java/Duplets.java" +line = 39 +begin = 4 +end = 8 + +[Object_wait_long] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[Object_hashCode] +name = "Method hashCode" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[Object_notifyAll] +name = "Method notifyAll" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[K_40] +file = "HOME/tests/java/Duplets.java" +line = 74 +begin = 40 +end = 43 + +[K_41] +file = "HOME/tests/java/Duplets.java" +line = 74 +begin = 26 +end = 34 + +[K_42] +file = "HOME/tests/java/Duplets.java" +line = 74 +begin = 26 +end = 38 + +[K_43] +file = "HOME/tests/java/Duplets.java" +line = 74 +begin = 21 +end = 38 + +[K_44] +file = "HOME/tests/java/Duplets.java" +line = 89 +begin = 19 +end = 24 + +[Object_toString] +name = "Method toString" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[K_45] +file = "HOME/tests/java/Duplets.java" +line = 89 +begin = 19 +end = 24 + +[K_46] +file = "HOME/tests/java/Duplets.java" +line = 103 +begin = 29 +end = 32 + +[K_47] +file = "HOME/tests/java/Duplets.java" +line = 103 +begin = 33 +end = 36 + +[K_48] +file = "HOME/tests/java/Duplets.java" +line = 103 +begin = 37 +end = 40 + +[K_49] +file = "HOME/tests/java/Duplets.java" +line = 103 +begin = 41 +end = 44 + +[Object_registerNatives] +name = "Method registerNatives" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[K_50] +file = "HOME/tests/java/Duplets.java" +line = 102 +begin = 40 +end = 43 + +[Object_clone] +name = "Method clone" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[K_51] +file = "HOME/tests/java/Duplets.java" +line = 102 +begin = 38 +end = 44 + +[K_52] +file = "HOME/tests/java/Duplets.java" +line = 102 +begin = 17 +end = 46 + +[K_53] +file = "HOME/tests/java/Duplets.java" +line = 101 +begin = 17 +end = 31 + +[Object_wait] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[Object_finalize] +name = "Method finalize" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +========== jessie execution ========== +Generating Why function cons_Integer_int +Generating Why function cons_Pair_int_int +Generating Why function cons_Quadruple_int_int_int_int +Generating Why function Duplets_duplet +(nulltype) diff -Nru why-2.29+dfsg/tests/java/oracle/Fibonacci.err.oracle why-2.30+dfsg/tests/java/oracle/Fibonacci.err.oracle --- why-2.29+dfsg/tests/java/oracle/Fibonacci.err.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Fibonacci.err.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -3,5 +3,3 @@ Warning: recursive definition of isfib in generated file Warning: recursive definition of isfib in generated file Warning: recursive definition of isfib in generated file -make: *** [coq/Fibonacci_why.vo] Error 1 -make: *** [coq/Fibonacci_why.vo] Error 1 diff -Nru why-2.29+dfsg/tests/java/oracle/Fibonacci.res.oracle why-2.30+dfsg/tests/java/oracle/Fibonacci.res.oracle --- why-2.29+dfsg/tests/java/oracle/Fibonacci.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Fibonacci.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,35 @@ ========== file tests/java/Fibonacci.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // RUNCOQ: will ask regtests to check Coq proofs of this program // int model: unbounded mathematical integers @@ -39,6 +70,13 @@ } } +/* +Local Variables: +compile-command: "make Fibonacci.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -53,7 +91,10 @@ # AbstractDomain = None predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -96,15 +137,15 @@ } +lemma isfib_2_1 : +isfib(2, 1) + lemma isfib_6_8 : isfib(6, 8) lemma not_isfib_2_2 : (! isfib(2, 2)) -lemma isfib_2_1 : -isfib(2, 1) - exception Throwable of Throwable[0..] exception Exception of Exception[0..] @@ -164,100 +205,121 @@ ========== file tests/java/Fibonacci.jloc ========== [K_10] file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 20 end = 61 [K_11] file = "HOME/tests/java/Fibonacci.java" -line = 30 +line = 61 begin = 18 end = 21 [K_12] file = "HOME/tests/java/Fibonacci.java" -line = 35 +line = 66 begin = 9 end = 16 [K_13] file = "HOME/tests/java/Fibonacci.java" -line = 32 +line = 63 begin = 21 end = 24 [K_14] file = "HOME/tests/java/Fibonacci.java" -line = 32 +line = 63 begin = 14 end = 19 [K_15] file = "HOME/tests/java/Fibonacci.java" -line = 27 +line = 58 begin = 13 end = 14 [K_16] file = "HOME/tests/java/Fibonacci.java" -line = 27 +line = 58 begin = 8 end = 9 [K_1] file = "HOME/tests/java/Fibonacci.java" -line = 24 +line = 55 begin = 16 end = 33 +[not_isfib_2_2] +name = "Lemma not_isfib_2_2" +file = "HOME/tests/java/Fibonacci.java" +line = 50 +begin = 10 +end = 23 + [K_2] file = "HOME/tests/java/Fibonacci.java" -line = 23 +line = 54 begin = 17 end = 23 [K_3] file = "HOME/tests/java/Fibonacci.java" -line = 32 +line = 63 begin = 11 end = 12 [K_4] file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 51 end = 61 [K_5] file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 35 end = 47 [K_6] file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 25 end = 31 [K_7] file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 20 end = 26 +[isfib_6_8] +name = "Lemma isfib_6_8" +file = "HOME/tests/java/Fibonacci.java" +line = 47 +begin = 10 +end = 19 + [K_8] file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 20 end = 31 [K_9] file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 20 end = 47 +[isfib_2_1] +name = "Lemma isfib_2_1" +file = "HOME/tests/java/Fibonacci.java" +line = 46 +begin = 10 +end = 19 + [cons_Fibonacci] name = "Constructor of class Fibonacci" file = "HOME/" @@ -268,7 +330,7 @@ [Fibonacci_Fib] name = "Method Fib" file = "HOME/tests/java/Fibonacci.java" -line = 26 +line = 57 begin = 23 end = 26 @@ -290,10 +352,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Fibonacci.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Fibonacci_why.sx @@ -354,6 +417,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Fibonacci_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Fibonacci_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -426,6 +496,9 @@ why3ide: why/Fibonacci_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Fibonacci.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Fibonacci.depend depend: coq/Fibonacci_why.v @@ -436,24 +509,42 @@ ========== file tests/java/Fibonacci.loc ========== [JC_40] +file = "HOME/tests/java/Fibonacci.java" +line = 60 +begin = 20 +end = 61 + +[JC_41] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_41] +[JC_42] +file = "HOME/tests/java/Fibonacci.jc" +line = 86 +begin = 21 +end = 720 + +[JC_43] +file = "HOME/tests/java/Fibonacci.jc" +line = 86 +begin = 21 +end = 720 + +[JC_44] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_42] +[JC_45] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_43] +[JC_46] file = "HOME/" line = 0 begin = -1 @@ -461,9 +552,15 @@ [JC_1] file = "HOME/tests/java/Fibonacci.jc" -line = 32 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 + +[JC_47] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_2] file = "HOME/" @@ -471,11 +568,23 @@ begin = -1 end = -1 +[JC_48] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_3] file = "HOME/tests/java/Fibonacci.jc" -line = 32 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 + +[JC_49] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_4] file = "HOME/" @@ -509,33 +618,45 @@ [JC_9] file = "HOME/tests/java/Fibonacci.jc" -line = 34 -begin = 11 -end = 65 +line = 35 +begin = 8 +end = 23 + +[JC_50] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [not_isfib_2_2] -name = "not_isfib_2_2" +name = "Lemma not_isfib_2_2" behavior = "lemma" -file = "HOME/tests/java/Fibonacci.jc" -line = 54 -begin = 0 -end = 37 +file = "HOME/tests/java/Fibonacci.java" +line = 50 +begin = 10 +end = 23 + +[JC_51] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [isfib_6_8] -name = "isfib_6_8" +name = "Lemma isfib_6_8" behavior = "lemma" -file = "HOME/tests/java/Fibonacci.jc" -line = 51 -begin = 0 -end = 29 +file = "HOME/tests/java/Fibonacci.java" +line = 47 +begin = 10 +end = 19 [isfib_2_1] -name = "isfib_2_1" +name = "Lemma isfib_2_1" behavior = "lemma" -file = "HOME/tests/java/Fibonacci.jc" -line = 57 -begin = 0 -end = 29 +file = "HOME/tests/java/Fibonacci.java" +line = 46 +begin = 10 +end = 19 [cons_Fibonacci_safety] name = "Constructor of class Fibonacci" @@ -546,15 +667,15 @@ end = -1 [JC_10] -file = "HOME/tests/java/Fibonacci.jc" -line = 34 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_11] -file = "HOME/tests/java/Fibonacci.java" -line = 23 -begin = 17 +file = "HOME/tests/java/Fibonacci.jc" +line = 35 +begin = 8 end = 23 [JC_12] @@ -564,16 +685,16 @@ end = -1 [JC_13] -file = "HOME/tests/java/Fibonacci.java" -line = 23 -begin = 17 -end = 23 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [Fibonacci_Fib_safety] name = "Method Fib" behavior = "Safety" file = "HOME/tests/java/Fibonacci.java" -line = 26 +line = 57 begin = 23 end = 26 @@ -584,80 +705,80 @@ end = -1 [JC_15] -file = "HOME/tests/java/Fibonacci.java" -line = 24 -begin = 16 -end = 33 - -[JC_16] -file = "HOME/tests/java/Fibonacci.java" -line = 24 -begin = 16 -end = 33 - -[JC_17] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_18] +[JC_16] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_17] +file = "HOME/tests/java/Fibonacci.jc" +line = 37 +begin = 11 +end = 65 + +[JC_18] +file = "HOME/tests/java/Fibonacci.jc" +line = 37 +begin = 11 +end = 65 + [JC_19] file = "HOME/tests/java/Fibonacci.java" -line = 29 -begin = 20 -end = 26 +line = 54 +begin = 17 +end = 23 [JC_20] -file = "HOME/tests/java/Fibonacci.java" -line = 29 -begin = 25 -end = 31 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_21] file = "HOME/tests/java/Fibonacci.java" -line = 29 -begin = 35 -end = 47 +line = 54 +begin = 17 +end = 23 [JC_22] -file = "HOME/tests/java/Fibonacci.java" -line = 29 -begin = 51 -end = 61 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_23] file = "HOME/tests/java/Fibonacci.java" -line = 29 -begin = 20 -end = 61 +line = 55 +begin = 16 +end = 33 [JC_24] +file = "HOME/tests/java/Fibonacci.java" +line = 55 +begin = 16 +end = 33 + +[JC_25] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_25] -file = "HOME/tests/java/Fibonacci.jc" -line = 83 -begin = 21 -end = 720 - [JC_26] -file = "HOME/tests/java/Fibonacci.jc" -line = 83 -begin = 21 -end = 720 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [cons_Fibonacci_ensures_default] name = "Constructor of class Fibonacci" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -665,97 +786,95 @@ [JC_27] file = "HOME/tests/java/Fibonacci.java" -line = 30 -begin = 18 -end = 21 - -[JC_28] -file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 20 end = 26 -[JC_29] +[JC_28] file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 25 end = 31 +[JC_29] +file = "HOME/tests/java/Fibonacci.java" +line = 60 +begin = 35 +end = 47 + [Fibonacci_Fib_ensures_default] name = "Method Fib" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Fibonacci.java" -line = 26 +line = 57 begin = 23 end = 26 [JC_30] file = "HOME/tests/java/Fibonacci.java" -line = 29 -begin = 35 -end = 47 - -[JC_31] -file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 51 end = 61 -[JC_32] +[JC_31] file = "HOME/tests/java/Fibonacci.java" -line = 29 +line = 60 begin = 20 end = 61 -[JC_33] +[JC_32] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_34] +[JC_33] file = "HOME/tests/java/Fibonacci.jc" -line = 83 +line = 86 begin = 21 end = 720 -[JC_35] +[JC_34] file = "HOME/tests/java/Fibonacci.jc" -line = 83 +line = 86 begin = 21 end = 720 +[JC_35] +file = "HOME/tests/java/Fibonacci.java" +line = 61 +begin = 18 +end = 21 + [JC_36] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Fibonacci.java" +line = 60 +begin = 20 +end = 26 [JC_37] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Fibonacci.java" +line = 60 +begin = 25 +end = 31 [JC_38] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Fibonacci.java" +line = 60 +begin = 35 +end = 47 [JC_39] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Fibonacci.java" +line = 60 +begin = 51 +end = 61 ========== file tests/java/why/Fibonacci.why ========== type Object type interface -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id @@ -766,13 +885,9 @@ axiom Fibonacci_parenttag_Object : parenttag(Fibonacci_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -789,14 +904,10 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -829,10 +940,6 @@ and isfib(sub_int(n, (1)), p))) -> isfib(n, add_int(p, r_0)))))) -lemma isfib_2_1 : isfib((2), (1)) - -lemma isfib_6_8 : isfib((6), (8)) - predicate left_valid_struct_Object(p:Object pointer, a:int, Object_alloc_table:Object alloc_table) = (offset_min(Object_alloc_table, p) <= a) @@ -857,8 +964,6 @@ interface_alloc_table:interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) -lemma not_isfib_2_2 : (not isfib((2), (2))) - axiom pointer_addr_of_Object_of_pointer_address : (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -926,32 +1031,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Fibonacci(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -986,124 +1065,32 @@ predicate valid_struct_interface(p:interface pointer, a:int, b:int, interface_alloc_table:interface alloc_table) = ((offset_min(interface_alloc_table, p) <= a) - and (offset_max(interface_alloc_table, p) >= b)) - -parameter Fibonacci_Fib : n_0:int -> { } int { (JC_16: isfib(n_0, result)) } - -parameter Fibonacci_Fib_requires : - n_0:int -> { (JC_11: ge_int(n_0, (0)))} int { (JC_16: isfib(n_0, result)) } - -parameter Object_alloc_table : Object alloc_table ref - -parameter Object_tag_table : Object tag_table ref + and (offset_max(interface_alloc_table, p) >= b)) -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +lemma isfib_2_1 : isfib((2), (1)) -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +lemma isfib_6_8 : isfib((6), (8)) -parameter alloc_bitvector_struct_Fibonacci : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Fibonacci(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +lemma not_isfib_2_2 : (not isfib((2), (2))) -parameter alloc_bitvector_struct_Fibonacci_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Fibonacci(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Exception_exc of Object pointer -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Fibonacci_Fib : n_0:int -> { } int { (JC_24: isfib(n_0, result)) } -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Fibonacci_Fib_requires : + n_0:int -> { (JC_19: ge_int(n_0, (0)))} int { (JC_24: isfib(n_0, result)) } -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Object_alloc_table : Object alloc_table ref -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1247,6 +1234,10 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_Fibonacci : this_0:Object pointer -> { } unit reads Object_alloc_table { true } @@ -1256,20 +1247,20 @@ parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } let Fibonacci_Fib_ensures_default = fun (n_0 : int) -> - { (JC_13: ge_int(n_0, (0))) } + { (JC_21: ge_int(n_0, (0))) } (init: (let return = ref (any_int void) in try @@ -1283,15 +1274,14 @@ (loop_2: while true do { invariant - (JC_32: - ((JC_28: le_int((0), i)) - and ((JC_29: le_int(i, n_0)) - and ((JC_30: isfib(add_int(i, (1)), x_0_0)) - and (JC_31: isfib(i, y)))))) } + (JC_40: + ((JC_36: le_int((0), i)) + and ((JC_37: le_int(i, n_0)) + and ((JC_38: isfib(add_int(i, (1)), x_0_0)) + and (JC_39: isfib(i, y)))))) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_14: ((lt_int_ !i) n_0)) then @@ -1300,9 +1290,8 @@ (let jessie_ = (aux := !y) in void); (let jessie_ = (y := !x_0_0) in void); (x_0_0 := (K_12: ((add_int !x_0_0) !aux))); !x_0_0 end in - void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_13: @@ -1312,11 +1301,11 @@ jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := !y); (raise Return) end))); absurd end with Return -> !return end)) - { (JC_15: isfib(n_0, result)) } + { (JC_23: isfib(n_0, result)) } let Fibonacci_Fib_safety = fun (n_0 : int) -> - { (JC_13: ge_int(n_0, (0))) } + { (JC_21: ge_int(n_0, (0))) } (init: (let return = ref (any_int void) in try @@ -1329,16 +1318,15 @@ try (loop_1: while true do - { invariant (JC_25: true) variant (JC_27 : sub_int(n_0, i)) } + { invariant (JC_33: true) variant (JC_35 : sub_int(n_0, i)) } begin [ { } unit reads i,x_0_0,y - { (JC_23: - ((JC_19: le_int((0), i)) - and ((JC_20: le_int(i, n_0)) - and ((JC_21: isfib(add_int(i, (1)), x_0_0)) - and (JC_22: isfib(i, y)))))) } ]; + { (JC_31: + ((JC_27: le_int((0), i)) + and ((JC_28: le_int(i, n_0)) + and ((JC_29: isfib(add_int(i, (1)), x_0_0)) + and (JC_30: isfib(i, y)))))) } ]; try - (let jessie_ = begin (if (K_14: ((lt_int_ !i) n_0)) then @@ -1347,9 +1335,8 @@ (let jessie_ = (aux := !y) in void); (let jessie_ = (y := !x_0_0) in void); (x_0_0 := (K_12: ((add_int !x_0_0) !aux))); !x_0_0 end in - void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_13: @@ -1364,7 +1351,7 @@ fun (this_0 : Object pointer) -> { valid_struct_Fibonacci(this_0, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_40: true) } + { (JC_48: true) } let cons_Fibonacci_safety = fun (this_0 : Object pointer) -> @@ -1380,83 +1367,83 @@ - + - + - + - - - - - - - - - - - - - - - - - - - - + - + - + - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + @@ -2408,7 +2395,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -2553,32 +2540,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Fibonacci(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -2615,17 +2576,21 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/Fibonacci_po1.why ========== +lemma isfib_2_1: + isfib(2, 1) + ========== file tests/java/why/Fibonacci_po10.why ========== goal Fibonacci_Fib_ensures_default_po_7: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_32": - (("JC_28": (0 <= i)) and - (("JC_29": (i <= n_0)) and - (("JC_30": isfib((i + 1), x_0_0)) and ("JC_31": isfib(i, y)))))) -> + ("JC_40": + (("JC_36": (0 <= i)) and + (("JC_37": (i <= n_0)) and + (("JC_38": isfib((i + 1), x_0_0)) and ("JC_39": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -2635,19 +2600,19 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - ("JC_32": ("JC_30": ("JC_30": isfib((i0 + 1), x_0_0_0)))) + ("JC_40": ("JC_38": isfib((i0 + 1), x_0_0_0))) ========== file tests/java/why/Fibonacci_po11.why ========== goal Fibonacci_Fib_ensures_default_po_8: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_32": - (("JC_28": (0 <= i)) and - (("JC_29": (i <= n_0)) and - (("JC_30": isfib((i + 1), x_0_0)) and ("JC_31": isfib(i, y)))))) -> + ("JC_40": + (("JC_36": (0 <= i)) and + (("JC_37": (i <= n_0)) and + (("JC_38": isfib((i + 1), x_0_0)) and ("JC_39": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -2657,36 +2622,36 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - ("JC_32": ("JC_31": ("JC_31": isfib(i0, y0)))) + ("JC_40": ("JC_39": isfib(i0, y0))) ========== file tests/java/why/Fibonacci_po12.why ========== goal Fibonacci_Fib_ensures_default_po_9: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_32": - (("JC_28": (0 <= i)) and - (("JC_29": (i <= n_0)) and - (("JC_30": isfib((i + 1), x_0_0)) and ("JC_31": isfib(i, y)))))) -> + ("JC_40": + (("JC_36": (0 <= i)) and + (("JC_37": (i <= n_0)) and + (("JC_38": isfib((i + 1), x_0_0)) and ("JC_39": isfib(i, y)))))) -> (i >= n_0) -> forall return:int. (return = y) -> - ("JC_15": isfib(n_0, return)) + ("JC_23": isfib(n_0, return)) ========== file tests/java/why/Fibonacci_po13.why ========== goal Fibonacci_Fib_safety_po_1: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_25": true) -> - ("JC_23": - (("JC_19": (0 <= i)) and - (("JC_20": (i <= n_0)) and - (("JC_21": isfib((i + 1), x_0_0)) and ("JC_22": isfib(i, y)))))) -> + ("JC_33": true) -> + ("JC_31": + (("JC_27": (0 <= i)) and + (("JC_28": (i <= n_0)) and + (("JC_29": isfib((i + 1), x_0_0)) and ("JC_30": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -2696,20 +2661,20 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - (0 <= ("JC_27": (n_0 - i))) + (0 <= ("JC_35": (n_0 - i))) ========== file tests/java/why/Fibonacci_po14.why ========== goal Fibonacci_Fib_safety_po_2: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_25": true) -> - ("JC_23": - (("JC_19": (0 <= i)) and - (("JC_20": (i <= n_0)) and - (("JC_21": isfib((i + 1), x_0_0)) and ("JC_22": isfib(i, y)))))) -> + ("JC_33": true) -> + ("JC_31": + (("JC_27": (0 <= i)) and + (("JC_28": (i <= n_0)) and + (("JC_29": isfib((i + 1), x_0_0)) and ("JC_30": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -2719,11 +2684,7 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - (("JC_27": (n_0 - i0)) < ("JC_27": (n_0 - i))) - -========== file tests/java/why/Fibonacci_po1.why ========== -lemma isfib_2_1: - isfib(2, 1) + (("JC_35": (n_0 - i0)) < ("JC_35": (n_0 - i))) ========== file tests/java/why/Fibonacci_po2.why ========== lemma isfib_6_8: @@ -2736,38 +2697,38 @@ ========== file tests/java/why/Fibonacci_po4.why ========== goal Fibonacci_Fib_ensures_default_po_1: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> - ("JC_32": ("JC_28": ("JC_28": (0 <= 0)))) + ("JC_21": (n_0 >= 0)) -> + ("JC_40": ("JC_36": (0 <= 0))) ========== file tests/java/why/Fibonacci_po5.why ========== goal Fibonacci_Fib_ensures_default_po_2: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> - ("JC_32": ("JC_29": ("JC_29": (0 <= n_0)))) + ("JC_21": (n_0 >= 0)) -> + ("JC_40": ("JC_37": (0 <= n_0))) ========== file tests/java/why/Fibonacci_po6.why ========== goal Fibonacci_Fib_ensures_default_po_3: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> - ("JC_32": ("JC_30": ("JC_30": isfib((0 + 1), 1)))) + ("JC_21": (n_0 >= 0)) -> + ("JC_40": ("JC_38": isfib((0 + 1), 1))) ========== file tests/java/why/Fibonacci_po7.why ========== goal Fibonacci_Fib_ensures_default_po_4: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> - ("JC_32": ("JC_31": ("JC_31": isfib(0, 0)))) + ("JC_21": (n_0 >= 0)) -> + ("JC_40": ("JC_39": isfib(0, 0))) ========== file tests/java/why/Fibonacci_po8.why ========== goal Fibonacci_Fib_ensures_default_po_5: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_32": - (("JC_28": (0 <= i)) and - (("JC_29": (i <= n_0)) and - (("JC_30": isfib((i + 1), x_0_0)) and ("JC_31": isfib(i, y)))))) -> + ("JC_40": + (("JC_36": (0 <= i)) and + (("JC_37": (i <= n_0)) and + (("JC_38": isfib((i + 1), x_0_0)) and ("JC_39": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -2777,19 +2738,19 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - ("JC_32": ("JC_28": ("JC_28": (0 <= i0)))) + ("JC_40": ("JC_36": (0 <= i0))) ========== file tests/java/why/Fibonacci_po9.why ========== goal Fibonacci_Fib_ensures_default_po_6: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_32": - (("JC_28": (0 <= i)) and - (("JC_29": (i <= n_0)) and - (("JC_30": isfib((i + 1), x_0_0)) and ("JC_31": isfib(i, y)))))) -> + ("JC_40": + (("JC_36": (0 <= i)) and + (("JC_37": (i <= n_0)) and + (("JC_38": isfib((i + 1), x_0_0)) and ("JC_39": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -2799,7 +2760,7 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - ("JC_32": ("JC_29": ("JC_29": (i0 <= n_0)))) + ("JC_40": ("JC_37": (i0 <= n_0))) ========== generation of Simplify VC output ========== why -simplify [...] why/Fibonacci.why @@ -3627,7 +3588,7 @@ (EQ (parenttag Fibonacci_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -3700,20 +3661,6 @@ (AND (EQ (isfib (- n 2) r_0) |@true|) (EQ (isfib (- n 1) p) |@true|))) (EQ (isfib n (+ p r_0)) |@true|)))) -;; isfib_2_1, File "HOME/tests/java/Fibonacci.jc", line 57, characters 0-29 -(EQ (isfib 2 1) |@true|) - -(BG_PUSH - ;; lemma isfib_2_1 as axiom -(EQ (isfib 2 1) |@true|)) - -;; isfib_6_8, File "HOME/tests/java/Fibonacci.jc", line 51, characters 0-29 -(EQ (isfib 6 8) |@true|) - -(BG_PUSH - ;; lemma isfib_6_8 as axiom -(EQ (isfib 6 8) |@true|)) - (DEFPRED (left_valid_struct_Object p a Object_alloc_table) (<= (offset_min Object_alloc_table p) a)) @@ -3732,13 +3679,6 @@ (DEFPRED (left_valid_struct_interface p a interface_alloc_table) (<= (offset_min interface_alloc_table p) a)) -;; not_isfib_2_2, File "HOME/tests/java/Fibonacci.jc", line 54, characters 0-37 -(NOT (EQ (isfib 2 2) |@true|)) - -(BG_PUSH - ;; lemma not_isfib_2_2 as axiom -(NOT (EQ (isfib 2 2) |@true|))) - (BG_PUSH ;; Why axiom pointer_addr_of_Object_of_pointer_address (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) @@ -3793,26 +3733,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Fibonacci p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -3841,19 +3761,40 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; Fibonacci_Fib_ensures_default_po_1, File "HOME/tests/java/Fibonacci.java", line 29, characters 20-26 +;; isfib_2_1, File "HOME/tests/java/Fibonacci.java", line 46, characters 10-19 +(EQ (isfib 2 1) |@true|) + +(BG_PUSH + ;; lemma isfib_2_1 as axiom +(EQ (isfib 2 1) |@true|)) + +;; isfib_6_8, File "HOME/tests/java/Fibonacci.java", line 47, characters 10-19 +(EQ (isfib 6 8) |@true|) + +(BG_PUSH + ;; lemma isfib_6_8 as axiom +(EQ (isfib 6 8) |@true|)) + +;; not_isfib_2_2, File "HOME/tests/java/Fibonacci.java", line 50, characters 10-23 +(NOT (EQ (isfib 2 2) |@true|)) + +(BG_PUSH + ;; lemma not_isfib_2_2 as axiom +(NOT (EQ (isfib 2 2) |@true|))) + +;; Fibonacci_Fib_ensures_default_po_1, File "HOME/tests/java/Fibonacci.java", line 60, characters 20-26 (FORALL (n_0) (IMPLIES (>= n_0 0) (<= 0 0))) -;; Fibonacci_Fib_ensures_default_po_2, File "HOME/tests/java/Fibonacci.java", line 29, characters 25-31 +;; Fibonacci_Fib_ensures_default_po_2, File "HOME/tests/java/Fibonacci.java", line 60, characters 25-31 (FORALL (n_0) (IMPLIES (>= n_0 0) (<= 0 n_0))) -;; Fibonacci_Fib_ensures_default_po_3, File "HOME/tests/java/Fibonacci.java", line 29, characters 35-47 +;; Fibonacci_Fib_ensures_default_po_3, File "HOME/tests/java/Fibonacci.java", line 60, characters 35-47 (FORALL (n_0) (IMPLIES (>= n_0 0) (EQ (isfib (+ 0 1) 1) |@true|))) -;; Fibonacci_Fib_ensures_default_po_4, File "HOME/tests/java/Fibonacci.java", line 29, characters 51-61 +;; Fibonacci_Fib_ensures_default_po_4, File "HOME/tests/java/Fibonacci.java", line 60, characters 51-61 (FORALL (n_0) (IMPLIES (>= n_0 0) (EQ (isfib 0 0) |@true|))) -;; Fibonacci_Fib_ensures_default_po_5, File "HOME/tests/java/Fibonacci.java", line 29, characters 20-26 +;; Fibonacci_Fib_ensures_default_po_5, File "HOME/tests/java/Fibonacci.java", line 60, characters 20-26 (FORALL (n_0) (IMPLIES (>= n_0 0) (FORALL (i) @@ -3871,7 +3812,7 @@ (IMPLIES (EQ x_0_0_0 (+ x_0_0 aux)) (FORALL (i0) (IMPLIES (EQ i0 (+ i 1)) (<= 0 i0)))))))))))))))) -;; Fibonacci_Fib_ensures_default_po_6, File "HOME/tests/java/Fibonacci.java", line 29, characters 25-31 +;; Fibonacci_Fib_ensures_default_po_6, File "HOME/tests/java/Fibonacci.java", line 60, characters 25-31 (FORALL (n_0) (IMPLIES (>= n_0 0) (FORALL (i) @@ -3889,7 +3830,7 @@ (IMPLIES (EQ x_0_0_0 (+ x_0_0 aux)) (FORALL (i0) (IMPLIES (EQ i0 (+ i 1)) (<= i0 n_0)))))))))))))))) -;; Fibonacci_Fib_ensures_default_po_7, File "HOME/tests/java/Fibonacci.java", line 29, characters 35-47 +;; Fibonacci_Fib_ensures_default_po_7, File "HOME/tests/java/Fibonacci.java", line 60, characters 35-47 (FORALL (n_0) (IMPLIES (>= n_0 0) (FORALL (i) @@ -3907,7 +3848,7 @@ (IMPLIES (EQ x_0_0_0 (+ x_0_0 aux)) (FORALL (i0) (IMPLIES (EQ i0 (+ i 1)) (EQ (isfib (+ i0 1) x_0_0_0) |@true|)))))))))))))))) -;; Fibonacci_Fib_ensures_default_po_8, File "HOME/tests/java/Fibonacci.java", line 29, characters 51-61 +;; Fibonacci_Fib_ensures_default_po_8, File "HOME/tests/java/Fibonacci.java", line 60, characters 51-61 (FORALL (n_0) (IMPLIES (>= n_0 0) (FORALL (i) @@ -3925,7 +3866,7 @@ (IMPLIES (EQ x_0_0_0 (+ x_0_0 aux)) (FORALL (i0) (IMPLIES (EQ i0 (+ i 1)) (EQ (isfib i0 y0) |@true|)))))))))))))))) -;; Fibonacci_Fib_ensures_default_po_9, File "HOME/tests/java/Fibonacci.java", line 24, characters 16-33 +;; Fibonacci_Fib_ensures_default_po_9, File "HOME/tests/java/Fibonacci.java", line 55, characters 16-33 (FORALL (n_0) (IMPLIES (>= n_0 0) (FORALL (i) @@ -3937,7 +3878,7 @@ (IMPLIES (>= i n_0) (FORALL (return) (IMPLIES (EQ return y) (EQ (isfib n_0 return) |@true|)))))))))) -;; Fibonacci_Fib_safety_po_1, File "HOME/tests/java/Fibonacci.java", line 30, characters 18-21 +;; Fibonacci_Fib_safety_po_1, File "HOME/tests/java/Fibonacci.java", line 61, characters 18-21 (FORALL (n_0) (IMPLIES (>= n_0 0) (FORALL (i) @@ -3956,7 +3897,7 @@ (IMPLIES (EQ x_0_0_0 (+ x_0_0 aux)) (FORALL (i0) (IMPLIES (EQ i0 (+ i 1)) (<= 0 (- n_0 i)))))))))))))))))) -;; Fibonacci_Fib_safety_po_2, File "HOME/tests/java/Fibonacci.java", line 30, characters 18-21 +;; Fibonacci_Fib_safety_po_2, File "HOME/tests/java/Fibonacci.java", line 61, characters 18-21 (FORALL (n_0) (IMPLIES (>= n_0 0) (FORALL (i) @@ -4933,7 +4874,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -5000,18 +4941,6 @@ (((n >= 2) and (isfib((n - 2), r_0) and isfib((n - 1), p))) -> isfib(n, (p + r_0)))))) -goal isfib_2_1: - isfib(2, 1) - -axiom isfib_2_1_as_axiom: - isfib(2, 1) - -goal isfib_6_8: - isfib(6, 8) - -axiom isfib_6_8_as_axiom: - isfib(6, 8) - predicate left_valid_struct_Object(p: Object pointer, a: int, Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, p) <= a) @@ -5036,12 +4965,6 @@ interface_alloc_table: interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) -goal not_isfib_2_2: - (not isfib(2, 2)) - -axiom not_isfib_2_2_as_axiom: - (not isfib(2, 2)) - axiom pointer_addr_of_Object_of_pointer_address: (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -5110,32 +5033,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Fibonacci(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -5172,36 +5069,54 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +goal isfib_2_1: + isfib(2, 1) + +axiom isfib_2_1_as_axiom: + isfib(2, 1) + +goal isfib_6_8: + isfib(6, 8) + +axiom isfib_6_8_as_axiom: + isfib(6, 8) + +goal not_isfib_2_2: + (not isfib(2, 2)) + +axiom not_isfib_2_2_as_axiom: + (not isfib(2, 2)) + goal Fibonacci_Fib_ensures_default_po_1: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> - ("JC_32": ("JC_28": ("JC_28": (0 <= 0)))) + ("JC_21": (n_0 >= 0)) -> + ("JC_40": ("JC_36": (0 <= 0))) goal Fibonacci_Fib_ensures_default_po_2: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> - ("JC_32": ("JC_29": ("JC_29": (0 <= n_0)))) + ("JC_21": (n_0 >= 0)) -> + ("JC_40": ("JC_37": (0 <= n_0))) goal Fibonacci_Fib_ensures_default_po_3: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> - ("JC_32": ("JC_30": ("JC_30": isfib((0 + 1), 1)))) + ("JC_21": (n_0 >= 0)) -> + ("JC_40": ("JC_38": isfib((0 + 1), 1))) goal Fibonacci_Fib_ensures_default_po_4: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> - ("JC_32": ("JC_31": ("JC_31": isfib(0, 0)))) + ("JC_21": (n_0 >= 0)) -> + ("JC_40": ("JC_39": isfib(0, 0))) goal Fibonacci_Fib_ensures_default_po_5: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_32": - (("JC_28": (0 <= i)) and - (("JC_29": (i <= n_0)) and - (("JC_30": isfib((i + 1), x_0_0)) and ("JC_31": isfib(i, y)))))) -> + ("JC_40": + (("JC_36": (0 <= i)) and + (("JC_37": (i <= n_0)) and + (("JC_38": isfib((i + 1), x_0_0)) and ("JC_39": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -5211,18 +5126,18 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - ("JC_32": ("JC_28": ("JC_28": (0 <= i0)))) + ("JC_40": ("JC_36": (0 <= i0))) goal Fibonacci_Fib_ensures_default_po_6: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_32": - (("JC_28": (0 <= i)) and - (("JC_29": (i <= n_0)) and - (("JC_30": isfib((i + 1), x_0_0)) and ("JC_31": isfib(i, y)))))) -> + ("JC_40": + (("JC_36": (0 <= i)) and + (("JC_37": (i <= n_0)) and + (("JC_38": isfib((i + 1), x_0_0)) and ("JC_39": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -5232,18 +5147,18 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - ("JC_32": ("JC_29": ("JC_29": (i0 <= n_0)))) + ("JC_40": ("JC_37": (i0 <= n_0))) goal Fibonacci_Fib_ensures_default_po_7: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_32": - (("JC_28": (0 <= i)) and - (("JC_29": (i <= n_0)) and - (("JC_30": isfib((i + 1), x_0_0)) and ("JC_31": isfib(i, y)))))) -> + ("JC_40": + (("JC_36": (0 <= i)) and + (("JC_37": (i <= n_0)) and + (("JC_38": isfib((i + 1), x_0_0)) and ("JC_39": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -5253,18 +5168,18 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - ("JC_32": ("JC_30": ("JC_30": isfib((i0 + 1), x_0_0_0)))) + ("JC_40": ("JC_38": isfib((i0 + 1), x_0_0_0))) goal Fibonacci_Fib_ensures_default_po_8: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_32": - (("JC_28": (0 <= i)) and - (("JC_29": (i <= n_0)) and - (("JC_30": isfib((i + 1), x_0_0)) and ("JC_31": isfib(i, y)))))) -> + ("JC_40": + (("JC_36": (0 <= i)) and + (("JC_37": (i <= n_0)) and + (("JC_38": isfib((i + 1), x_0_0)) and ("JC_39": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -5274,34 +5189,34 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - ("JC_32": ("JC_31": ("JC_31": isfib(i0, y0)))) + ("JC_40": ("JC_39": isfib(i0, y0))) goal Fibonacci_Fib_ensures_default_po_9: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_32": - (("JC_28": (0 <= i)) and - (("JC_29": (i <= n_0)) and - (("JC_30": isfib((i + 1), x_0_0)) and ("JC_31": isfib(i, y)))))) -> + ("JC_40": + (("JC_36": (0 <= i)) and + (("JC_37": (i <= n_0)) and + (("JC_38": isfib((i + 1), x_0_0)) and ("JC_39": isfib(i, y)))))) -> (i >= n_0) -> forall return:int. (return = y) -> - ("JC_15": isfib(n_0, return)) + ("JC_23": isfib(n_0, return)) goal Fibonacci_Fib_safety_po_1: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_25": true) -> - ("JC_23": - (("JC_19": (0 <= i)) and - (("JC_20": (i <= n_0)) and - (("JC_21": isfib((i + 1), x_0_0)) and ("JC_22": isfib(i, y)))))) -> + ("JC_33": true) -> + ("JC_31": + (("JC_27": (0 <= i)) and + (("JC_28": (i <= n_0)) and + (("JC_29": isfib((i + 1), x_0_0)) and ("JC_30": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -5311,19 +5226,19 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - (0 <= ("JC_27": (n_0 - i))) + (0 <= ("JC_35": (n_0 - i))) goal Fibonacci_Fib_safety_po_2: forall n_0:int. - ("JC_13": (n_0 >= 0)) -> + ("JC_21": (n_0 >= 0)) -> forall i:int. forall x_0_0:int. forall y:int. - ("JC_25": true) -> - ("JC_23": - (("JC_19": (0 <= i)) and - (("JC_20": (i <= n_0)) and - (("JC_21": isfib((i + 1), x_0_0)) and ("JC_22": isfib(i, y)))))) -> + ("JC_33": true) -> + ("JC_31": + (("JC_27": (0 <= i)) and + (("JC_28": (i <= n_0)) and + (("JC_29": isfib((i + 1), x_0_0)) and ("JC_30": isfib(i, y)))))) -> (i < n_0) -> forall aux:int. (aux = y) -> @@ -5333,24 +5248,21 @@ (x_0_0_0 = (x_0_0 + aux)) -> forall i0:int. (i0 = (i + 1)) -> - (("JC_27": (n_0 - i0)) < ("JC_27": (n_0 - i))) + (("JC_35": (n_0 - i0)) < ("JC_35": (n_0 - i))) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/Fibonacci_why.why : ??............ (12/0/2/0/0) +why/Fibonacci_why.why : ?#............ (12/0/1/1/0) total : 14 valid : 12 ( 86%) invalid : 0 ( 0%) -unknown : 2 ( 14%) -timeout : 0 ( 0%) +unknown : 1 ( 7%) +timeout : 1 ( 7%) failure : 0 ( 0%) // RUNCOQ: will ask regtests to check Coq proofs of this program ========== generation of Coq VC output ========== why -coq [...] why/Fibonacci.why -File "/home/cmarche/recherche/why2-carbon/tests/java/coq/Fibonacci_why.v", -line 108, characters 8-17: -Error: The reference isfib_2_1 was not found in the current environment. ========== file tests/java/coq/Fibonacci_why.v ========== (* This file was originally generated by why. It can be modified; only the generated parts will be overwritten. *) @@ -5380,7 +5292,7 @@ Admitted. (*Why predicate*) Definition Non_null_Object (x_0:(pointer Object)) (Object_alloc_table:(alloc_table Object)) - := (offset_max Object_alloc_table x_0) = 0. + := (offset_max Object_alloc_table x_0) >= 0. (*Why axiom*) Lemma Object_int : (int_of_tag Object_tag) = 1. Admitted. @@ -5456,35 +5368,6 @@ (isfib n (p + r_0)))))) . -(* Why obligation from file "Fibonacci.jc", line 57, characters 0-29: *) -(*Why goal*) Lemma isfib_2_1 : - (isfib 2 1). -Dp_hint isfib_2_1. -Proof. -apply isfibn with (r_0:=0) (p:=1); intuition. -apply isfib0. -apply isfib1. -Save. - -(* Why obligation from file "Fibonacci.jc", line 51, characters 0-29: *) -(*Why goal*) Lemma isfib_6_8 : - (isfib 6 8). -Dp_hint isfib_6_8. -Proof. -assert (isfib3: isfib 3 2). -apply isfibn with (r_0:=1) (p:=1); intuition. -apply isfib1. -apply isfib_2_1. -assert (isfib4: isfib 4 3). -apply isfibn with (r_0:=1) (p:=2); intuition. -apply isfib_2_1. -assert (isfib5: isfib 5 5). -apply isfibn with (r_0:=2) (p:=3); intuition. -apply isfibn with (r_0:=3) (p:=5); intuition. -Qed. - - - (*Why predicate*) Definition left_valid_struct_Object (p:(pointer Object)) (a:Z) (Object_alloc_table:(alloc_table Object)) := (offset_min Object_alloc_table p) <= a. @@ -5503,30 +5386,17 @@ (*Why predicate*) Definition left_valid_struct_interface (p:(pointer interface)) (a:Z) (interface_alloc_table:(alloc_table interface)) := (offset_min interface_alloc_table p) <= a. -(* Why obligation from file "Fibonacci.jc", line 54, characters 0-37: *) -(*Why goal*) Lemma not_isfib_2_2 : - ~(isfib 2 2). -Dp_hint not_isfib_2_2. -Proof. -intro h; inversion h; intuition. -replace (p + r_0 - (p + r_0)) with 0 in H1 by omega. -inversion H1; auto with zarith. -assert (p=2) by omega. -subst. -replace (2 + 0 - 1) with 1 in H4 by omega. -inversion H4; auto with zarith. -Save. - - (*Why axiom*) Lemma pointer_addr_of_Object_of_pointer_address : (forall (p:(pointer unit)), p = (pointer_address (Object_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_Object_of_pointer_address. (*Why axiom*) Lemma pointer_addr_of_interface_of_pointer_address : (forall (p:(pointer unit)), p = (pointer_address (interface_of_pointer_address p))). Admitted. +Dp_hint pointer_addr_of_interface_of_pointer_address. (*Why predicate*) Definition right_valid_struct_Object (p:(pointer Object)) (b:Z) (Object_alloc_table:(alloc_table Object)) := (offset_max Object_alloc_table p) >= b. @@ -5574,25 +5444,11 @@ := (offset_min interface_alloc_table p) = a /\ (offset_max interface_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_Object (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. -(*Why predicate*) Definition valid_bitvector_struct_Exception (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (valid_bitvector_struct_Object p a b bitvector_alloc_table). -(*Why predicate*) Definition valid_bitvector_struct_Fibonacci (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (valid_bitvector_struct_Object p a b bitvector_alloc_table). -(*Why predicate*) Definition valid_bitvector_struct_String (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (valid_bitvector_struct_Object p a b bitvector_alloc_table). -(*Why predicate*) Definition valid_bitvector_struct_Throwable (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (valid_bitvector_struct_Object p a b bitvector_alloc_table). -(*Why predicate*) Definition valid_bitvector_struct_interface (p:(pointer unit)) (a:Z) (b:Z) (bitvector_alloc_table:(alloc_table unit)) - := (offset_min bitvector_alloc_table p) = a /\ - (offset_max bitvector_alloc_table p) = b. (*Why predicate*) Definition valid_root_Object (p:(pointer Object)) (a:Z) (b:Z) (Object_alloc_table:(alloc_table Object)) := (offset_min Object_alloc_table p) <= a /\ @@ -5622,51 +5478,127 @@ := (offset_min interface_alloc_table p) <= a /\ (offset_max interface_alloc_table p) >= b. -(* Why obligation from file "Fibonacci.java", line 29, characters 20-26: *) +(* Why obligation from file "Fibonacci.java", line 46, characters 10-19: *) +(*Why goal*) Lemma isfib_2_1 : + (isfib 2 1). +Proof. +apply isfibn with (r_0:=0) (p:=1); intuition. +apply isfib0. +apply isfib1. +Save. +Dp_hint isfib_2_1. + +(* Why obligation from file "Fibonacci.java", line 47, characters 10-19: *) +(*Why goal*) Lemma isfib_6_8 : + (isfib 6 8). +Proof. +assert (isfib3: isfib 3 2). +apply isfibn with (r_0:=1) (p:=1); intuition. +apply isfib1. +apply isfib_2_1. +assert (isfib4: isfib 4 3). +apply isfibn with (r_0:=1) (p:=2); intuition. +apply isfib_2_1. +assert (isfib5: isfib 5 5). +apply isfibn with (r_0:=2) (p:=3); intuition. +apply isfibn with (r_0:=3) (p:=5); intuition. +Save. +Dp_hint isfib_6_8. + +(* Why obligation from file "Fibonacci.java", line 50, characters 10-23: *) +(*Why goal*) Lemma not_isfib_2_2 : + ~(isfib 2 2). +Proof. +intro h; inversion h; intuition. +replace (p + r_0 - (p + r_0)) with 0 in H1 by omega. +inversion H1; auto with zarith. +assert (p=2) by omega. +subst. +replace (2 + 0 - 1) with 1 in H4 by omega. +inversion H4; auto with zarith. +Save. +Dp_hint not_isfib_2_2. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +(* Why obligation from file "Fibonacci.java", line 60, characters 20-26: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_1 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), - (* JC_32 *) (* JC_28 *) (* JC_28 *) 0 <= 0. + forall (HW_1: (* JC_21 *) n_0 >= 0), + (* JC_40 *) (* JC_36 *) 0 <= 0. Proof. intuition. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 25-31: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 25-31: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_2 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), - (* JC_32 *) (* JC_29 *) (* JC_29 *) 0 <= n_0. + forall (HW_1: (* JC_21 *) n_0 >= 0), + (* JC_40 *) (* JC_37 *) 0 <= n_0. Proof. intuition. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 35-47: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 35-47: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_3 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), - (* JC_32 *) (* JC_30 *) (* JC_30 *) (isfib (0 + 1) 1). + forall (HW_1: (* JC_21 *) n_0 >= 0), + (* JC_40 *) (* JC_38 *) (isfib (0 + 1) 1). Proof. intros; apply isfib1. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 51-61: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 51-61: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_4 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), - (* JC_32 *) (* JC_31 *) (* JC_31 *) (isfib 0 0). + forall (HW_1: (* JC_21 *) n_0 >= 0), + (* JC_40 *) (* JC_39 *) (isfib 0 0). Proof. intros; apply isfib0. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 20-26: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 20-26: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_5 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_32 *) ((* JC_28 *) 0 <= i /\ (* JC_29 *) i <= n_0 /\ - (* JC_30 *) (isfib (i + 1) x_0_0) /\ (* JC_31 *) (isfib i y))), + forall (HW_4: (* JC_40 *) ((* JC_36 *) 0 <= i /\ (* JC_37 *) i <= n_0 /\ + (* JC_38 *) (isfib (i + 1) x_0_0) /\ (* JC_39 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -5676,20 +5608,20 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - (* JC_32 *) (* JC_28 *) (* JC_28 *) 0 <= i0. + (* JC_40 *) (* JC_36 *) 0 <= i0. Proof. intuition. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 25-31: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 25-31: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_6 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_32 *) ((* JC_28 *) 0 <= i /\ (* JC_29 *) i <= n_0 /\ - (* JC_30 *) (isfib (i + 1) x_0_0) /\ (* JC_31 *) (isfib i y))), + forall (HW_4: (* JC_40 *) ((* JC_36 *) 0 <= i /\ (* JC_37 *) i <= n_0 /\ + (* JC_38 *) (isfib (i + 1) x_0_0) /\ (* JC_39 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -5699,20 +5631,20 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - (* JC_32 *) (* JC_29 *) (* JC_29 *) i0 <= n_0. + (* JC_40 *) (* JC_37 *) i0 <= n_0. Proof. intuition. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 35-47: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 35-47: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_7 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_32 *) ((* JC_28 *) 0 <= i /\ (* JC_29 *) i <= n_0 /\ - (* JC_30 *) (isfib (i + 1) x_0_0) /\ (* JC_31 *) (isfib i y))), + forall (HW_4: (* JC_40 *) ((* JC_36 *) 0 <= i /\ (* JC_37 *) i <= n_0 /\ + (* JC_38 *) (isfib (i + 1) x_0_0) /\ (* JC_39 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -5722,7 +5654,7 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - (* JC_32 *) (* JC_30 *) (* JC_30 *) (isfib (i0 + 1) x_0_0_0). + (* JC_40 *) (* JC_38 *) (isfib (i0 + 1) x_0_0_0). Proof. intuition;subst; auto. apply isfibn; intuition. @@ -5730,15 +5662,15 @@ replace (i+1+1-1) with (i+1); auto with zarith. Save. -(* Why obligation from file "Fibonacci.java", line 29, characters 51-61: *) +(* Why obligation from file "Fibonacci.java", line 60, characters 51-61: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_8 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_32 *) ((* JC_28 *) 0 <= i /\ (* JC_29 *) i <= n_0 /\ - (* JC_30 *) (isfib (i + 1) x_0_0) /\ (* JC_31 *) (isfib i y))), + forall (HW_4: (* JC_40 *) ((* JC_36 *) 0 <= i /\ (* JC_37 *) i <= n_0 /\ + (* JC_38 *) (isfib (i + 1) x_0_0) /\ (* JC_39 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -5748,40 +5680,40 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - (* JC_32 *) (* JC_31 *) (* JC_31 *) (isfib i0 y0). + (* JC_40 *) (* JC_39 *) (isfib i0 y0). Proof. intuition; subst; auto. Save. -(* Why obligation from file "Fibonacci.java", line 24, characters 16-33: *) +(* Why obligation from file "Fibonacci.java", line 55, characters 16-33: *) (*Why goal*) Lemma Fibonacci_Fib_ensures_default_po_9 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_32 *) ((* JC_28 *) 0 <= i /\ (* JC_29 *) i <= n_0 /\ - (* JC_30 *) (isfib (i + 1) x_0_0) /\ (* JC_31 *) (isfib i y))), + forall (HW_4: (* JC_40 *) ((* JC_36 *) 0 <= i /\ (* JC_37 *) i <= n_0 /\ + (* JC_38 *) (isfib (i + 1) x_0_0) /\ (* JC_39 *) (isfib i y))), forall (HW_11: i >= n_0), forall (why__return: Z), forall (HW_12: why__return = y), - (* JC_15 *) (isfib n_0 why__return). + (* JC_23 *) (isfib n_0 why__return). Proof. intuition. assert (i=n_0) by omega. subst; auto. Save. -(* Why obligation from file "Fibonacci.java", line 30, characters 18-21: *) +(* Why obligation from file "Fibonacci.java", line 61, characters 18-21: *) (*Why goal*) Lemma Fibonacci_Fib_safety_po_1 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_25 *) True), - forall (HW_5: (* JC_23 *) ((* JC_19 *) 0 <= i /\ (* JC_20 *) i <= n_0 /\ - (* JC_21 *) (isfib (i + 1) x_0_0) /\ (* JC_22 *) (isfib i y))), + forall (HW_4: (* JC_33 *) True), + forall (HW_5: (* JC_31 *) ((* JC_27 *) 0 <= i /\ (* JC_28 *) i <= n_0 /\ + (* JC_29 *) (isfib (i + 1) x_0_0) /\ (* JC_30 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -5791,21 +5723,21 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - 0 <= ((* JC_27 *) (n_0 - i)). + 0 <= ((* JC_35 *) (n_0 - i)). Proof. intuition. Save. -(* Why obligation from file "Fibonacci.java", line 30, characters 18-21: *) +(* Why obligation from file "Fibonacci.java", line 61, characters 18-21: *) (*Why goal*) Lemma Fibonacci_Fib_safety_po_2 : forall (n_0: Z), - forall (HW_1: (* JC_13 *) n_0 >= 0), + forall (HW_1: (* JC_21 *) n_0 >= 0), forall (i: Z), forall (x_0_0: Z), forall (y: Z), - forall (HW_4: (* JC_25 *) True), - forall (HW_5: (* JC_23 *) ((* JC_19 *) 0 <= i /\ (* JC_20 *) i <= n_0 /\ - (* JC_21 *) (isfib (i + 1) x_0_0) /\ (* JC_22 *) (isfib i y))), + forall (HW_4: (* JC_33 *) True), + forall (HW_5: (* JC_31 *) ((* JC_27 *) 0 <= i /\ (* JC_28 *) i <= n_0 /\ + (* JC_29 *) (isfib (i + 1) x_0_0) /\ (* JC_30 *) (isfib i y))), forall (HW_6: i < n_0), forall (aux: Z), forall (HW_7: aux = y), @@ -5815,12 +5747,9 @@ forall (HW_9: x_0_0_0 = (x_0_0 + aux)), forall (i0: Z), forall (HW_10: i0 = (i + 1)), - ((* JC_27 *) (n_0 - i0)) < ((* JC_27 *) (n_0 - i)). + ((* JC_35 *) (n_0 - i0)) < ((* JC_35 *) (n_0 - i)). Proof. intuition. Save. ========== running Coq ========== -File "/home/cmarche/recherche/why2-carbon/tests/java/coq/Fibonacci_why.v", -line 108, characters 8-17: -Error: The reference isfib_2_1 was not found in the current environment. diff -Nru why-2.29+dfsg/tests/java/oracle/FlagStatic.res.oracle why-2.30+dfsg/tests/java/oracle/FlagStatic.res.oracle --- why-2.29+dfsg/tests/java/oracle/FlagStatic.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/FlagStatic.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -2,22 +2,26 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU Library General Public */ -/* License version 2, with the special exception on linking */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ /* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ @@ -35,7 +39,7 @@ @*/ /*@ predicate is_color_array{L}(int t[]) = - @ t != null && + @ t != null && @ \forall integer i; 0 <= i < t.length ==> is_color(t[i]) ; @*/ @@ -45,15 +49,15 @@ class FlagStatic { - + public static final int BLUE = 1, WHITE = 2, RED = 3; - + /*@ requires t != null && 0 <= i <= j <= t.length ; @ behavior decides_monochromatic: @ ensures \result <==> is_monochrome(t,i,j,c); @*/ public static boolean isMonochrome(int t[], int i, int j, int c) { - /*@ loop_invariant i <= k && + /*@ loop_invariant i <= k && @ (\forall integer l; i <= l < k ==> t[l]==c); @ loop_variant j - k; @*/ @@ -73,9 +77,9 @@ } /*@ requires - @ is_color_array(t); + @ is_color_array(t); @ behavior sorts: - @ ensures + @ ensures @ (\exists integer b r; @ is_monochrome(t,0,b,BLUE) && @ is_monochrome(t,b,r,WHITE) && @@ -91,17 +95,17 @@ @ is_monochrome(t,0,b,BLUE) && @ is_monochrome(t,b,i,WHITE) && @ is_monochrome(t,r,t.length,RED); - @ loop_variant r - i; + @ loop_variant r - i; @*/ while (i < r) { switch (t[i]) { - case BLUE: + case BLUE: swap(t,b++, i++); - break; - case WHITE: - i++; break; - case RED: + case WHITE: + i++; + break; + case RED: swap(t,--r, i); break; } @@ -112,9 +116,9 @@ /* -Local Variables: -compile-command: "make FlagStatic" -End: +Local Variables: +compile-command: "make FlagStatic.why3ml" +End: */ ========== krakatoa execution ========== Parsing OK. @@ -147,7 +151,7 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) logic integer FlagStatic_BLUE = 1 @@ -158,6 +162,9 @@ logic integer FlagStatic_RED = 3 +String[0..] any_string() +; + tag Object = { } @@ -392,128 +399,128 @@ ========== file tests/java/FlagStatic.jloc ========== [K_10] file = "HOME/tests/java/FlagStatic.java" -line = 56 +line = 60 begin = 8 end = 49 [K_11] file = "HOME/tests/java/FlagStatic.java" -line = 55 +line = 59 begin = 24 end = 30 [K_12] file = "HOME/tests/java/FlagStatic.java" -line = 55 +line = 59 begin = 24 -end = 85 +end = 84 [K_13] file = "HOME/tests/java/FlagStatic.java" -line = 57 +line = 61 begin = 22 end = 27 [K_14] file = "HOME/tests/java/FlagStatic.java" -line = 59 +line = 63 begin = 33 end = 37 [K_15] file = "HOME/tests/java/FlagStatic.java" -line = 59 +line = 63 begin = 33 end = 42 [K_16] file = "HOME/tests/java/FlagStatic.java" -line = 59 +line = 63 begin = 24 end = 27 [K_17] file = "HOME/tests/java/FlagStatic.java" -line = 59 +line = 63 begin = 17 end = 22 [K_18] file = "HOME/tests/java/FlagStatic.java" -line = 66 +line = 70 begin = 40 end = 58 [K_19] file = "HOME/tests/java/FlagStatic.java" -line = 66 +line = 70 begin = 18 end = 36 [FlagStatic_flag] name = "Method flag" file = "HOME/tests/java/FlagStatic.java" -line = 83 +line = 87 begin = 23 end = 27 [K_20] file = "HOME/tests/java/FlagStatic.java" -line = 66 +line = 70 begin = 18 end = 58 [K_21] file = "HOME/tests/java/FlagStatic.java" -line = 63 +line = 67 begin = 43 end = 55 [K_22] file = "HOME/tests/java/FlagStatic.java" -line = 63 +line = 67 begin = 38 end = 44 [K_23] file = "HOME/tests/java/FlagStatic.java" -line = 63 +line = 67 begin = 38 end = 55 [K_24] file = "HOME/tests/java/FlagStatic.java" -line = 63 +line = 67 begin = 22 end = 34 [K_1] file = "HOME/tests/java/FlagStatic.java" -line = 52 +line = 56 begin = 18 end = 53 [K_25] file = "HOME/tests/java/FlagStatic.java" -line = 63 +line = 67 begin = 17 end = 23 [K_2] file = "HOME/tests/java/FlagStatic.java" -line = 50 +line = 54 begin = 40 end = 53 [K_26] file = "HOME/tests/java/FlagStatic.java" -line = 63 +line = 67 begin = 17 end = 34 [K_3] file = "HOME/tests/java/FlagStatic.java" -line = 50 +line = 54 begin = 35 end = 41 @@ -526,55 +533,55 @@ [K_27] file = "HOME/tests/java/FlagStatic.java" -line = 63 +line = 67 begin = 17 end = 55 [K_4] file = "HOME/tests/java/FlagStatic.java" -line = 50 +line = 54 begin = 30 end = 36 [K_28] file = "HOME/tests/java/FlagStatic.java" -line = 70 +line = 74 begin = 8 end = 12 [K_5] file = "HOME/tests/java/FlagStatic.java" -line = 50 +line = 54 begin = 30 end = 41 [K_29] file = "HOME/tests/java/FlagStatic.java" -line = 70 +line = 74 begin = 1 end = 12 [K_6] file = "HOME/tests/java/FlagStatic.java" -line = 50 +line = 54 begin = 30 end = 53 [K_7] file = "HOME/tests/java/FlagStatic.java" -line = 50 +line = 54 begin = 17 end = 26 [K_8] file = "HOME/tests/java/FlagStatic.java" -line = 50 +line = 54 begin = 17 end = 53 [K_9] file = "HOME/tests/java/FlagStatic.java" -line = 59 +line = 63 begin = 14 end = 15 @@ -601,62 +608,62 @@ [K_30] file = "HOME/tests/java/FlagStatic.java" -line = 71 +line = 75 begin = 1 end = 9 [K_31] file = "HOME/tests/java/FlagStatic.java" -line = 69 +line = 73 begin = 9 end = 13 [K_32] file = "HOME/tests/java/FlagStatic.java" -line = 78 +line = 82 begin = 13 end = 169 [K_33] file = "HOME/tests/java/FlagStatic.java" -line = 75 +line = 79 begin = 10 end = 27 [K_34] file = "HOME/tests/java/FlagStatic.java" -line = 92 +line = 96 begin = 14 end = 45 [K_35] file = "HOME/tests/java/FlagStatic.java" -line = 91 +line = 95 begin = 7 end = 33 [FlagStatic_swap] name = "Method swap" file = "HOME/tests/java/FlagStatic.java" -line = 68 +line = 72 begin = 24 end = 28 [K_36] file = "HOME/tests/java/FlagStatic.java" -line = 90 +line = 94 begin = 7 end = 32 [K_37] file = "HOME/tests/java/FlagStatic.java" -line = 89 +line = 93 begin = 22 end = 35 [K_38] file = "HOME/tests/java/FlagStatic.java" -line = 89 +line = 93 begin = 17 end = 23 @@ -669,7 +676,7 @@ [K_39] file = "HOME/tests/java/FlagStatic.java" -line = 89 +line = 93 begin = 12 end = 18 @@ -696,31 +703,31 @@ [K_40] file = "HOME/tests/java/FlagStatic.java" -line = 89 +line = 93 begin = 7 end = 13 [K_41] file = "HOME/tests/java/FlagStatic.java" -line = 89 +line = 93 begin = 7 end = 18 [K_42] file = "HOME/tests/java/FlagStatic.java" -line = 89 +line = 93 begin = 7 end = 23 [K_43] file = "HOME/tests/java/FlagStatic.java" -line = 89 +line = 93 begin = 7 end = 35 [K_44] file = "HOME/tests/java/FlagStatic.java" -line = 88 +line = 92 begin = 7 end = 24 @@ -733,31 +740,31 @@ [K_45] file = "HOME/tests/java/FlagStatic.java" -line = 88 +line = 92 begin = 7 end = 63 [K_46] file = "HOME/tests/java/FlagStatic.java" -line = 88 +line = 92 begin = 7 end = 99 [K_47] file = "HOME/tests/java/FlagStatic.java" -line = 88 +line = 92 begin = 7 end = 136 [K_48] file = "HOME/tests/java/FlagStatic.java" -line = 88 +line = 92 begin = 7 end = 185 [K_49] file = "HOME/tests/java/FlagStatic.java" -line = 93 +line = 97 begin = 18 end = 23 @@ -771,13 +778,13 @@ [FlagStatic_isMonochrome] name = "Method isMonochrome" file = "HOME/tests/java/FlagStatic.java" -line = 54 +line = 58 begin = 26 end = 38 [K_50] file = "HOME/tests/java/FlagStatic.java" -line = 98 +line = 102 begin = 9 end = 12 @@ -790,25 +797,25 @@ [K_51] file = "HOME/tests/java/FlagStatic.java" -line = 98 +line = 102 begin = 14 end = 17 [K_52] file = "HOME/tests/java/FlagStatic.java" -line = 98 +line = 102 begin = 2 end = 18 [K_53] file = "HOME/tests/java/FlagStatic.java" -line = 101 +line = 105 begin = 2 end = 5 [K_54] file = "HOME/tests/java/FlagStatic.java" -line = 104 +line = 108 begin = 9 end = 12 @@ -821,37 +828,37 @@ [K_55] file = "HOME/tests/java/FlagStatic.java" -line = 104 +line = 108 begin = 2 end = 16 [K_56] file = "HOME/tests/java/FlagStatic.java" -line = 96 +line = 100 begin = 13 end = 17 [K_57] file = "HOME/tests/java/FlagStatic.java" -line = 95 +line = 99 begin = 8 end = 13 [K_58] file = "HOME/tests/java/FlagStatic.java" -line = 86 +line = 90 begin = 9 end = 17 [K_59] file = "HOME/tests/java/FlagStatic.java" -line = 85 +line = 89 begin = 9 end = 10 [K_60] file = "HOME/tests/java/FlagStatic.java" -line = 84 +line = 88 begin = 9 end = 10 @@ -883,10 +890,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs FlagStatic.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/FlagStatic_why.sx @@ -947,6 +955,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/FlagStatic_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/FlagStatic_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -1019,6 +1034,9 @@ why3ide: why/FlagStatic_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: FlagStatic.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include FlagStatic.depend depend: coq/FlagStatic_why.v @@ -1029,22 +1047,25 @@ ========== file tests/java/FlagStatic.loc ========== [JC_103] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = PointerDeref +file = "HOME/tests/java/FlagStatic.java" +line = 73 +begin = 9 +end = 13 [JC_104] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = PointerDeref +file = "HOME/tests/java/FlagStatic.java" +line = 74 +begin = 8 +end = 12 [JC_105] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = PointerDeref +file = "HOME/tests/java/FlagStatic.jc" +line = 132 +begin = 18 +end = 62 [cons_FlagStatic_safety] name = "Constructor of class FlagStatic" @@ -1055,41 +1076,42 @@ end = -1 [JC_106] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = PointerDeref +file = "HOME/tests/java/FlagStatic.jc" +line = 133 +begin = 18 +end = 38 [JC_40] file = "HOME/tests/java/FlagStatic.java" -line = 50 -begin = 40 -end = 53 +line = 54 +begin = 30 +end = 36 [JC_107] file = "HOME/tests/java/FlagStatic.java" -line = 78 -begin = 13 -end = 169 +line = 79 +begin = 10 +end = 27 [JC_41] file = "HOME/tests/java/FlagStatic.java" -line = 50 -begin = 17 -end = 53 +line = 54 +begin = 35 +end = 41 [JC_108] -file = "HOME/tests/java/FlagStatic.java" -line = 78 -begin = 13 -end = 169 - -[JC_42] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_42] +file = "HOME/tests/java/FlagStatic.java" +line = 54 +begin = 40 +end = 53 + [JC_220] file = "HOME/" line = 0 @@ -1097,23 +1119,22 @@ end = -1 [JC_109] -kind = UserCall file = "HOME/tests/java/FlagStatic.java" -line = 86 -begin = 9 -end = 17 +line = 79 +begin = 10 +end = 27 [JC_43] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.java" +line = 54 +begin = 17 +end = 53 [JC_221] file = "HOME/lib/java_api/java/lang/Object.java" -line = 333 +line = 267 begin = 29 -end = 33 +end = 38 [JC_44] file = "HOME/" @@ -1128,22 +1149,22 @@ end = -1 [JC_45] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.java" +line = 54 +begin = 17 +end = 26 [JC_223] file = "HOME/lib/java_api/java/lang/Object.java" -line = 333 +line = 267 begin = 29 -end = 33 +end = 38 [JC_46] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.java" +line = 54 +begin = 30 +end = 36 [JC_224] file = "HOME/" @@ -1153,9 +1174,9 @@ [JC_47] file = "HOME/tests/java/FlagStatic.java" -line = 52 -begin = 18 -end = 53 +line = 54 +begin = 35 +end = 41 [JC_225] file = "HOME/" @@ -1165,8 +1186,8 @@ [JC_48] file = "HOME/tests/java/FlagStatic.java" -line = 52 -begin = 18 +line = 54 +begin = 40 end = 53 [JC_226] @@ -1177,9 +1198,9 @@ [JC_49] file = "HOME/tests/java/FlagStatic.java" -line = 55 -begin = 24 -end = 30 +line = 54 +begin = 17 +end = 53 [JC_227] file = "HOME/" @@ -1195,76 +1216,77 @@ [JC_229] file = "HOME/lib/java_api/java/lang/Object.java" -line = 386 -begin = 22 -end = 26 +line = 333 +begin = 29 +end = 33 [JC_110] -kind = IndexBounds -file = "HOME/tests/java/FlagStatic.java" -line = 86 -begin = 9 -end = 17 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_111] -file = "HOME/tests/java/FlagStatic.java" -line = 88 -begin = 7 -end = 24 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_112] -file = "HOME/tests/java/FlagStatic.java" -line = 89 -begin = 7 -end = 13 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_113] -file = "HOME/tests/java/FlagStatic.java" -line = 89 -begin = 12 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_114] -file = "HOME/tests/java/FlagStatic.java" -line = 89 -begin = 17 -end = 23 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_115] file = "HOME/tests/java/FlagStatic.java" -line = 89 -begin = 22 -end = 35 +line = 82 +begin = 13 +end = 169 [JC_116] file = "HOME/tests/java/FlagStatic.java" -line = 90 -begin = 7 -end = 32 +line = 82 +begin = 13 +end = 169 [JC_50] -file = "HOME/tests/java/FlagStatic.java" -line = 56 -begin = 8 -end = 49 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_117] +kind = UserCall file = "HOME/tests/java/FlagStatic.java" -line = 91 -begin = 7 -end = 33 +line = 90 +begin = 9 +end = 17 [JC_51] -file = "HOME/tests/java/FlagStatic.java" -line = 55 -begin = 24 -end = 85 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_118] +kind = IndexBounds file = "HOME/tests/java/FlagStatic.java" -line = 92 -begin = 14 -end = 45 +line = 90 +begin = 9 +end = 17 [JC_52] file = "HOME/" @@ -1280,27 +1302,27 @@ [JC_119] file = "HOME/tests/java/FlagStatic.java" -line = 88 +line = 92 begin = 7 -end = 185 +end = 24 [JC_53] -file = "HOME/tests/java/FlagStatic.jc" -line = 97 -begin = 9 -end = 509 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_231] file = "HOME/lib/java_api/java/lang/Object.java" -line = 386 -begin = 22 -end = 26 +line = 333 +begin = 29 +end = 33 [JC_54] -file = "HOME/tests/java/FlagStatic.jc" -line = 97 -begin = 9 -end = 509 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_232] file = "HOME/" @@ -1309,11 +1331,10 @@ end = -1 [JC_55] -kind = PointerDeref file = "HOME/tests/java/FlagStatic.java" -line = 59 -begin = 33 -end = 37 +line = 56 +begin = 18 +end = 53 [JC_233] file = "HOME/" @@ -1323,9 +1344,9 @@ [JC_56] file = "HOME/tests/java/FlagStatic.java" -line = 57 -begin = 22 -end = 27 +line = 56 +begin = 18 +end = 53 [JC_234] file = "HOME/" @@ -1335,7 +1356,7 @@ [JC_57] file = "HOME/tests/java/FlagStatic.java" -line = 55 +line = 59 begin = 24 end = 30 @@ -1347,7 +1368,7 @@ [JC_58] file = "HOME/tests/java/FlagStatic.java" -line = 56 +line = 60 begin = 8 end = 49 @@ -1359,21 +1380,21 @@ [JC_59] file = "HOME/tests/java/FlagStatic.java" -line = 55 +line = 59 begin = 24 -end = 85 +end = 84 [JC_237] file = "HOME/lib/java_api/java/lang/Object.java" -line = 430 +line = 386 begin = 22 end = 26 [FlagStatic_flag_ensures_sorts] name = "Method flag" -behavior = "Normal behavior `sorts'" +behavior = "Behavior `sorts'" file = "HOME/tests/java/FlagStatic.java" -line = 83 +line = 87 begin = 23 end = 27 @@ -1385,54 +1406,51 @@ [JC_239] file = "HOME/lib/java_api/java/lang/Object.java" -line = 430 +line = 386 begin = 22 end = 26 [JC_120] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.java" +line = 93 +begin = 7 +end = 13 [JC_121] -file = "HOME/tests/java/FlagStatic.jc" -line = 154 +file = "HOME/tests/java/FlagStatic.java" +line = 93 begin = 12 -end = 2823 +end = 18 [JC_122] -file = "HOME/tests/java/FlagStatic.jc" -line = 154 -begin = 12 -end = 2823 +file = "HOME/tests/java/FlagStatic.java" +line = 93 +begin = 17 +end = 23 [JC_123] -kind = PointerDeref file = "HOME/tests/java/FlagStatic.java" -line = 96 -begin = 13 -end = 17 +line = 93 +begin = 22 +end = 35 [JC_124] -kind = UserCall -file = "HOME/tests/java/FlagStatic.jc" -line = 188 -begin = 28 -end = 130 +file = "HOME/tests/java/FlagStatic.java" +line = 94 +begin = 7 +end = 32 [JC_125] -kind = UserCall -file = "HOME/tests/java/FlagStatic.jc" -line = 199 -begin = 28 -end = 72 +file = "HOME/tests/java/FlagStatic.java" +line = 95 +begin = 7 +end = 33 [JC_126] file = "HOME/tests/java/FlagStatic.java" -line = 93 -begin = 18 -end = 23 +line = 96 +begin = 14 +end = 45 [JC_60] file = "HOME/" @@ -1441,27 +1459,26 @@ end = -1 [JC_127] -kind = UserCall file = "HOME/tests/java/FlagStatic.java" -line = 86 -begin = 9 -end = 17 +line = 92 +begin = 7 +end = 185 [JC_61] file = "HOME/tests/java/FlagStatic.jc" -line = 97 +line = 100 begin = 9 end = 509 [JC_128] -file = "HOME/tests/java/FlagStatic.java" -line = 88 -begin = 7 -end = 24 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_62] file = "HOME/tests/java/FlagStatic.jc" -line = 97 +line = 100 begin = 9 end = 509 @@ -1472,16 +1489,17 @@ end = -1 [JC_129] -file = "HOME/tests/java/FlagStatic.java" -line = 89 -begin = 7 -end = 13 +file = "HOME/tests/java/FlagStatic.jc" +line = 157 +begin = 12 +end = 2823 [JC_63] +kind = PointerDeref file = "HOME/tests/java/FlagStatic.java" -line = 55 -begin = 24 -end = 30 +line = 63 +begin = 33 +end = 37 [JC_241] file = "HOME/" @@ -1491,9 +1509,9 @@ [JC_64] file = "HOME/tests/java/FlagStatic.java" -line = 56 -begin = 8 -end = 49 +line = 61 +begin = 22 +end = 27 [JC_242] file = "HOME/" @@ -1503,9 +1521,9 @@ [JC_65] file = "HOME/tests/java/FlagStatic.java" -line = 55 +line = 59 begin = 24 -end = 85 +end = 30 [JC_243] file = "HOME/" @@ -1514,10 +1532,10 @@ end = -1 [JC_66] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.java" +line = 60 +begin = 8 +end = 49 [JC_244] file = "HOME/" @@ -1526,22 +1544,22 @@ end = -1 [JC_67] -file = "HOME/tests/java/FlagStatic.jc" -line = 97 -begin = 9 -end = 509 +file = "HOME/tests/java/FlagStatic.java" +line = 59 +begin = 24 +end = 84 [JC_245] file = "HOME/lib/java_api/java/lang/Object.java" -line = 481 -begin = 19 -end = 27 +line = 430 +begin = 22 +end = 26 [JC_68] -file = "HOME/tests/java/FlagStatic.jc" -line = 97 -begin = 9 -end = 509 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_246] file = "HOME/" @@ -1550,16 +1568,16 @@ end = -1 [JC_69] -file = "HOME/tests/java/FlagStatic.java" -line = 63 -begin = 17 -end = 23 +file = "HOME/tests/java/FlagStatic.jc" +line = 100 +begin = 9 +end = 509 [JC_247] file = "HOME/lib/java_api/java/lang/Object.java" -line = 481 -begin = 19 -end = 27 +line = 430 +begin = 22 +end = 26 [JC_248] file = "HOME/" @@ -1574,76 +1592,80 @@ end = -1 [JC_130] -file = "HOME/tests/java/FlagStatic.java" -line = 89 +file = "HOME/tests/java/FlagStatic.jc" +line = 157 begin = 12 -end = 18 +end = 2823 [JC_131] +kind = PointerDeref file = "HOME/tests/java/FlagStatic.java" -line = 89 -begin = 17 -end = 23 +line = 100 +begin = 13 +end = 17 [JC_132] -file = "HOME/tests/java/FlagStatic.java" -line = 89 -begin = 22 -end = 35 +kind = UserCall +file = "HOME/tests/java/FlagStatic.jc" +line = 191 +begin = 28 +end = 130 [JC_133] -file = "HOME/tests/java/FlagStatic.java" -line = 90 -begin = 7 -end = 32 +kind = UserCall +file = "HOME/tests/java/FlagStatic.jc" +line = 202 +begin = 28 +end = 72 [JC_134] file = "HOME/tests/java/FlagStatic.java" -line = 91 -begin = 7 -end = 33 +line = 97 +begin = 18 +end = 23 [JC_135] +kind = UserCall file = "HOME/tests/java/FlagStatic.java" -line = 92 -begin = 14 -end = 45 +line = 90 +begin = 9 +end = 17 [JC_136] file = "HOME/tests/java/FlagStatic.java" -line = 88 +line = 92 begin = 7 -end = 185 +end = 24 [JC_70] -file = "HOME/tests/java/FlagStatic.java" -line = 63 -begin = 22 -end = 34 +file = "HOME/tests/java/FlagStatic.jc" +line = 100 +begin = 9 +end = 509 [JC_137] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_71] file = "HOME/tests/java/FlagStatic.java" -line = 63 -begin = 38 -end = 44 +line = 93 +begin = 7 +end = 13 + +[JC_71] +file = "HOME/tests/java/FlagStatic.java" +line = 59 +begin = 24 +end = 30 [JC_138] -file = "HOME/tests/java/FlagStatic.jc" -line = 154 +file = "HOME/tests/java/FlagStatic.java" +line = 93 begin = 12 -end = 2823 +end = 18 [JC_72] file = "HOME/tests/java/FlagStatic.java" -line = 63 -begin = 43 -end = 55 +line = 60 +begin = 8 +end = 49 [JC_250] file = "HOME/" @@ -1652,16 +1674,16 @@ end = -1 [JC_139] -file = "HOME/tests/java/FlagStatic.jc" -line = 154 -begin = 12 -end = 2823 +file = "HOME/tests/java/FlagStatic.java" +line = 93 +begin = 17 +end = 23 [JC_73] file = "HOME/tests/java/FlagStatic.java" -line = 63 -begin = 17 -end = 55 +line = 59 +begin = 24 +end = 84 [JC_251] file = "HOME/" @@ -1682,22 +1704,22 @@ end = -1 [JC_75] -file = "HOME/tests/java/FlagStatic.java" -line = 63 -begin = 17 -end = 23 +file = "HOME/tests/java/FlagStatic.jc" +line = 100 +begin = 9 +end = 509 [JC_253] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 [JC_76] -file = "HOME/tests/java/FlagStatic.java" -line = 63 -begin = 22 -end = 34 +file = "HOME/tests/java/FlagStatic.jc" +line = 100 +begin = 9 +end = 509 [JC_254] file = "HOME/" @@ -1707,21 +1729,21 @@ [JC_77] file = "HOME/tests/java/FlagStatic.java" -line = 63 -begin = 38 -end = 44 +line = 67 +begin = 17 +end = 23 [JC_255] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 [JC_78] file = "HOME/tests/java/FlagStatic.java" -line = 63 -begin = 43 -end = 55 +line = 67 +begin = 22 +end = 34 [JC_256] file = "HOME/" @@ -1731,9 +1753,9 @@ [JC_79] file = "HOME/tests/java/FlagStatic.java" -line = 63 -begin = 17 -end = 55 +line = 67 +begin = 38 +end = 44 [JC_257] file = "HOME/" @@ -1754,43 +1776,40 @@ end = -1 [JC_140] -kind = UserCall -file = "HOME/tests/java/FlagStatic.jc" -line = 188 -begin = 28 -end = 130 +file = "HOME/tests/java/FlagStatic.java" +line = 93 +begin = 22 +end = 35 [JC_141] -kind = UserCall -file = "HOME/tests/java/FlagStatic.jc" -line = 199 -begin = 28 -end = 72 +file = "HOME/tests/java/FlagStatic.java" +line = 94 +begin = 7 +end = 32 [JC_142] -kind = UserCall file = "HOME/tests/java/FlagStatic.java" -line = 86 -begin = 9 -end = 17 +line = 95 +begin = 7 +end = 33 [JC_143] file = "HOME/tests/java/FlagStatic.java" -line = 88 -begin = 7 -end = 24 +line = 96 +begin = 14 +end = 45 [JC_144] file = "HOME/tests/java/FlagStatic.java" -line = 89 +line = 92 begin = 7 -end = 13 +end = 185 [JC_145] -file = "HOME/tests/java/FlagStatic.java" -line = 89 -begin = 12 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [cons_Object_safety] name = "Constructor of class Object" @@ -1801,34 +1820,35 @@ end = -1 [JC_146] -file = "HOME/tests/java/FlagStatic.java" -line = 89 -begin = 17 -end = 23 +file = "HOME/tests/java/FlagStatic.jc" +line = 157 +begin = 12 +end = 2823 [JC_80] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.java" +line = 67 +begin = 43 +end = 55 [JC_147] -file = "HOME/tests/java/FlagStatic.java" -line = 89 -begin = 22 -end = 35 +file = "HOME/tests/java/FlagStatic.jc" +line = 157 +begin = 12 +end = 2823 [JC_81] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.java" +line = 67 +begin = 17 +end = 55 [JC_148] -file = "HOME/tests/java/FlagStatic.java" -line = 90 -begin = 7 -end = 32 +kind = UserCall +file = "HOME/tests/java/FlagStatic.jc" +line = 191 +begin = 28 +end = 130 [JC_82] file = "HOME/" @@ -1838,9 +1858,9 @@ [FlagStatic_swap_ensures_default] name = "Method swap" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/FlagStatic.java" -line = 68 +line = 72 begin = 24 end = 28 @@ -1851,18 +1871,31 @@ end = -1 [JC_149] -file = "HOME/tests/java/FlagStatic.java" -line = 91 -begin = 7 -end = 33 +kind = UserCall +file = "HOME/tests/java/FlagStatic.jc" +line = 202 +begin = 28 +end = 72 [JC_83] +file = "HOME/tests/java/FlagStatic.java" +line = 67 +begin = 17 +end = 23 + +[JC_261] file = "HOME/" line = 0 begin = -1 end = -1 [JC_84] +file = "HOME/tests/java/FlagStatic.java" +line = 67 +begin = 22 +end = 34 + +[JC_262] file = "HOME/" line = 0 begin = -1 @@ -1870,39 +1903,63 @@ [JC_85] file = "HOME/tests/java/FlagStatic.java" -line = 66 -begin = 18 -end = 36 +line = 67 +begin = 38 +end = 44 + +[JC_263] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_86] file = "HOME/tests/java/FlagStatic.java" -line = 66 -begin = 40 -end = 58 +line = 67 +begin = 43 +end = 55 + +[JC_264] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_87] file = "HOME/tests/java/FlagStatic.java" -line = 66 -begin = 18 -end = 58 +line = 67 +begin = 17 +end = 55 + +[JC_265] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_88] -file = "HOME/tests/java/FlagStatic.java" -line = 68 -begin = 24 -end = 28 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_1] file = "HOME/tests/java/FlagStatic.jc" -line = 48 -begin = 8 -end = 21 +line = 22 +begin = 12 +end = 22 + +[JC_266] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_89] -file = "HOME/tests/java/FlagStatic.jc" -line = 120 -begin = 9 -end = 20 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_2] file = "HOME/" @@ -1910,11 +1967,23 @@ begin = -1 end = -1 +[JC_267] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_3] file = "HOME/tests/java/FlagStatic.jc" -line = 48 -begin = 8 -end = 21 +line = 22 +begin = 12 +end = 22 + +[JC_268] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_4] file = "HOME/" @@ -1923,168 +1992,163 @@ end = -1 [JC_5] -file = "HOME/tests/java/FlagStatic.jc" -line = 51 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_6] -file = "HOME/tests/java/FlagStatic.jc" -line = 50 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_150] +kind = UserCall file = "HOME/tests/java/FlagStatic.java" -line = 92 -begin = 14 -end = 45 +line = 90 +begin = 9 +end = 17 [JC_7] -file = "HOME/tests/java/FlagStatic.jc" -line = 51 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_151] file = "HOME/tests/java/FlagStatic.java" -line = 88 +line = 92 begin = 7 -end = 185 +end = 24 [JC_8] -file = "HOME/tests/java/FlagStatic.jc" -line = 50 -begin = 10 -end = 18 - -[JC_152] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_152] +file = "HOME/tests/java/FlagStatic.java" +line = 93 +begin = 7 +end = 13 + [JC_9] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.jc" +line = 51 +begin = 8 +end = 21 [JC_153] -file = "HOME/tests/java/FlagStatic.jc" -line = 154 +file = "HOME/tests/java/FlagStatic.java" +line = 93 begin = 12 -end = 2823 +end = 18 [JC_154] -file = "HOME/tests/java/FlagStatic.jc" -line = 154 -begin = 12 -end = 2823 +file = "HOME/tests/java/FlagStatic.java" +line = 93 +begin = 17 +end = 23 [JC_155] -kind = UserCall -file = "HOME/tests/java/FlagStatic.jc" -line = 188 -begin = 28 -end = 130 +file = "HOME/tests/java/FlagStatic.java" +line = 93 +begin = 22 +end = 35 [FlagStatic_isMonochrome_ensures_default] name = "Method isMonochrome" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/FlagStatic.java" -line = 54 +line = 58 begin = 26 end = 38 [JC_156] -kind = UserCall -file = "HOME/tests/java/FlagStatic.jc" -line = 199 -begin = 28 -end = 72 - -[JC_90] file = "HOME/tests/java/FlagStatic.java" -line = 66 -begin = 18 -end = 36 +line = 94 +begin = 7 +end = 32 -[JC_157] +[JC_90] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_91] +[JC_157] file = "HOME/tests/java/FlagStatic.java" -line = 66 -begin = 40 -end = 58 +line = 95 +begin = 7 +end = 33 -[JC_158] +[JC_91] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_92] +[JC_158] file = "HOME/tests/java/FlagStatic.java" -line = 66 -begin = 18 -end = 58 +line = 96 +begin = 14 +end = 45 -[JC_159] +[JC_92] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_159] +file = "HOME/tests/java/FlagStatic.java" +line = 92 +begin = 7 +end = 185 + [JC_93] file = "HOME/tests/java/FlagStatic.java" -line = 68 -begin = 24 -end = 28 +line = 70 +begin = 18 +end = 36 [JC_94] -file = "HOME/tests/java/FlagStatic.jc" -line = 120 -begin = 9 -end = 20 +file = "HOME/tests/java/FlagStatic.java" +line = 70 +begin = 40 +end = 58 [JC_95] -kind = PointerDeref file = "HOME/tests/java/FlagStatic.java" -line = 69 -begin = 9 -end = 13 +line = 70 +begin = 18 +end = 58 [JC_96] -kind = PointerDeref file = "HOME/tests/java/FlagStatic.java" -line = 70 -begin = 8 -end = 12 +line = 72 +begin = 24 +end = 28 [JC_97] -kind = PointerDeref file = "HOME/tests/java/FlagStatic.jc" -line = 129 -begin = 18 -end = 62 +line = 123 +begin = 9 +end = 20 [JC_98] -kind = PointerDeref -file = "HOME/tests/java/FlagStatic.jc" -line = 130 +file = "HOME/tests/java/FlagStatic.java" +line = 70 begin = 18 -end = 38 +end = 36 [JC_99] file = "HOME/tests/java/FlagStatic.java" -line = 75 -begin = 10 -end = 27 +line = 70 +begin = 40 +end = 58 [JC_160] file = "HOME/" @@ -2093,43 +2157,45 @@ end = -1 [JC_161] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.jc" +line = 157 +begin = 12 +end = 2823 [FlagStatic_swap_ensures_i_j_swapped] name = "Method swap" -behavior = "Normal behavior `i_j_swapped'" +behavior = "Behavior `i_j_swapped'" file = "HOME/tests/java/FlagStatic.java" -line = 68 +line = 72 begin = 24 end = 28 [JC_162] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.jc" +line = 157 +begin = 12 +end = 2823 [JC_163] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/FlagStatic.jc" +line = 191 +begin = 28 +end = 130 [JC_164] +kind = UserCall +file = "HOME/tests/java/FlagStatic.jc" +line = 202 +begin = 28 +end = 72 + +[JC_165] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_165] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 22 -begin = 31 -end = 46 - [JC_166] file = "HOME/" line = 0 @@ -2137,10 +2203,10 @@ end = -1 [JC_167] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 22 -begin = 31 -end = 46 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_168] file = "HOME/" @@ -2156,9 +2222,9 @@ [FlagStatic_isMonochrome_ensures_decides_monochromatic] name = "Method isMonochrome" -behavior = "Normal behavior `decides_monochromatic'" +behavior = "Behavior `decides_monochromatic'" file = "HOME/tests/java/FlagStatic.java" -line = 54 +line = 58 begin = 26 end = 38 @@ -2166,15 +2232,15 @@ name = "Method swap" behavior = "Safety" file = "HOME/tests/java/FlagStatic.java" -line = 68 +line = 72 begin = 24 end = 28 [FlagStatic_flag_ensures_default] name = "Method flag" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/FlagStatic.java" -line = 83 +line = 87 begin = 23 end = 27 @@ -2198,9 +2264,9 @@ [JC_173] file = "HOME/lib/java_api/java/lang/Object.java" -line = 74 -begin = 22 -end = 30 +line = 22 +begin = 31 +end = 46 [JC_174] file = "HOME/" @@ -2210,9 +2276,9 @@ [JC_175] file = "HOME/lib/java_api/java/lang/Object.java" -line = 74 -begin = 22 -end = 30 +line = 22 +begin = 31 +end = 46 [JC_176] file = "HOME/" @@ -2224,7 +2290,7 @@ name = "Method flag" behavior = "Safety" file = "HOME/tests/java/FlagStatic.java" -line = 83 +line = 87 begin = 23 end = 27 @@ -2254,9 +2320,9 @@ [JC_11] file = "HOME/tests/java/FlagStatic.jc" -line = 54 +line = 51 begin = 8 -end = 30 +end = 21 [JC_12] file = "HOME/" @@ -2267,32 +2333,32 @@ [JC_13] file = "HOME/tests/java/FlagStatic.jc" line = 54 -begin = 8 -end = 30 +begin = 11 +end = 66 [JC_14] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.jc" +line = 53 +begin = 10 +end = 18 [JC_15] file = "HOME/tests/java/FlagStatic.jc" -line = 57 +line = 54 begin = 11 -end = 103 +end = 66 [JC_16] file = "HOME/tests/java/FlagStatic.jc" -line = 56 +line = 53 begin = 10 end = 18 [JC_17] -file = "HOME/tests/java/FlagStatic.jc" -line = 57 -begin = 11 -end = 103 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_180] file = "HOME/" @@ -2301,22 +2367,22 @@ end = -1 [JC_18] -file = "HOME/tests/java/FlagStatic.jc" -line = 56 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_181] file = "HOME/lib/java_api/java/lang/Object.java" -line = 122 -begin = 19 -end = 25 +line = 74 +begin = 22 +end = 30 [JC_19] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.jc" +line = 57 +begin = 8 +end = 30 [JC_182] file = "HOME/" @@ -2326,9 +2392,9 @@ [JC_183] file = "HOME/lib/java_api/java/lang/Object.java" -line = 122 -begin = 19 -end = 25 +line = 74 +begin = 22 +end = 30 [JC_184] file = "HOME/" @@ -2362,9 +2428,9 @@ [JC_189] file = "HOME/lib/java_api/java/lang/Object.java" -line = 184 -begin = 28 -end = 33 +line = 122 +begin = 19 +end = 25 [JC_20] file = "HOME/" @@ -2374,9 +2440,9 @@ [JC_21] file = "HOME/tests/java/FlagStatic.jc" -line = 61 +line = 57 begin = 8 -end = 23 +end = 30 [JC_22] file = "HOME/" @@ -2386,7 +2452,7 @@ [cons_Object_ensures_default] name = "Constructor of class Object" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -2400,9 +2466,9 @@ [JC_23] file = "HOME/tests/java/FlagStatic.jc" -line = 61 -begin = 8 -end = 23 +line = 60 +begin = 11 +end = 103 [JC_201] file = "HOME/" @@ -2411,10 +2477,10 @@ end = -1 [JC_24] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.jc" +line = 59 +begin = 10 +end = 18 [JC_202] file = "HOME/" @@ -2423,10 +2489,10 @@ end = -1 [JC_25] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.jc" +line = 60 +begin = 11 +end = 103 [JC_203] file = "HOME/" @@ -2435,10 +2501,10 @@ end = -1 [JC_26] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.jc" +line = 59 +begin = 10 +end = 18 [JC_204] file = "HOME/" @@ -2454,9 +2520,9 @@ [JC_205] file = "HOME/lib/java_api/java/lang/Object.java" -line = 243 -begin = 29 -end = 35 +line = 207 +begin = 18 +end = 26 [JC_190] file = "HOME/" @@ -2476,23 +2542,23 @@ begin = -1 end = -1 -[JC_191] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 184 -begin = 28 -end = 33 +[JC_191] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 [JC_29] file = "HOME/tests/java/FlagStatic.jc" -line = 63 -begin = 11 -end = 65 +line = 64 +begin = 8 +end = 23 [JC_207] file = "HOME/lib/java_api/java/lang/Object.java" -line = 243 -begin = 29 -end = 35 +line = 207 +begin = 18 +end = 26 [JC_192] file = "HOME/" @@ -2538,13 +2604,13 @@ [JC_197] file = "HOME/lib/java_api/java/lang/Object.java" -line = 207 -begin = 18 -end = 26 +line = 184 +begin = 28 +end = 33 [cons_FlagStatic_ensures_default] name = "Constructor of class FlagStatic" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -2558,27 +2624,27 @@ [JC_199] file = "HOME/lib/java_api/java/lang/Object.java" -line = 207 -begin = 18 -end = 26 +line = 184 +begin = 28 +end = 33 [JC_30] -file = "HOME/tests/java/FlagStatic.jc" -line = 63 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_31] -file = "HOME/tests/java/FlagStatic.java" -line = 50 -begin = 17 -end = 26 +file = "HOME/tests/java/FlagStatic.jc" +line = 64 +begin = 8 +end = 23 [JC_32] -file = "HOME/tests/java/FlagStatic.java" -line = 50 -begin = 30 -end = 36 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_210] file = "HOME/" @@ -2587,10 +2653,10 @@ end = -1 [JC_33] -file = "HOME/tests/java/FlagStatic.java" -line = 50 -begin = 35 -end = 41 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_211] file = "HOME/" @@ -2599,10 +2665,10 @@ end = -1 [JC_34] -file = "HOME/tests/java/FlagStatic.java" -line = 50 -begin = 40 -end = 53 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_212] file = "HOME/" @@ -2611,16 +2677,16 @@ end = -1 [JC_35] -file = "HOME/tests/java/FlagStatic.java" -line = 50 -begin = 17 -end = 53 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_213] file = "HOME/lib/java_api/java/lang/Object.java" -line = 267 +line = 243 begin = 29 -end = 38 +end = 35 [JC_36] file = "HOME/" @@ -2635,22 +2701,22 @@ end = -1 [JC_37] -file = "HOME/tests/java/FlagStatic.java" -line = 50 -begin = 17 -end = 26 +file = "HOME/tests/java/FlagStatic.jc" +line = 66 +begin = 11 +end = 65 [JC_215] file = "HOME/lib/java_api/java/lang/Object.java" -line = 267 +line = 243 begin = 29 -end = 38 +end = 35 [JC_38] -file = "HOME/tests/java/FlagStatic.java" -line = 50 -begin = 30 -end = 36 +file = "HOME/tests/java/FlagStatic.jc" +line = 66 +begin = 11 +end = 65 [JC_216] file = "HOME/" @@ -2660,9 +2726,9 @@ [JC_39] file = "HOME/tests/java/FlagStatic.java" -line = 50 -begin = 35 -end = 41 +line = 54 +begin = 17 +end = 26 [JC_217] file = "HOME/" @@ -2674,7 +2740,7 @@ name = "Method isMonochrome" behavior = "Safety" file = "HOME/tests/java/FlagStatic.java" -line = 54 +line = 58 begin = 26 end = 38 @@ -2691,30 +2757,28 @@ end = -1 [JC_100] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.java" +line = 70 +begin = 18 +end = 58 [JC_101] file = "HOME/tests/java/FlagStatic.java" -line = 75 -begin = 10 -end = 27 +line = 72 +begin = 24 +end = 28 [JC_102] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/FlagStatic.jc" +line = 123 +begin = 9 +end = 20 ========== file tests/java/why/FlagStatic.why ========== type Object type interface -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id @@ -2731,13 +2795,9 @@ axiom FlagStatic_parenttag_Object : parenttag(FlagStatic_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_1:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_1), (0)) + ge_int(offset_max(Object_alloc_table, x_1), (0)) predicate Non_null_intM(x_0:Object pointer, Object_alloc_table:Object alloc_table) = @@ -2758,14 +2818,10 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -2792,8 +2848,7 @@ instanceof(interface_tag_table, x, interface_tag))) predicate is_color(c:int) = - (eq_int(c, FlagStatic_BLUE) - or (eq_int(c, FlagStatic_WHITE) or eq_int(c, FlagStatic_RED))) + ((c = FlagStatic_BLUE) or ((c = FlagStatic_WHITE) or (c = FlagStatic_RED))) predicate is_color_array(t_2:Object pointer, Object_alloc_table_at_L:Object alloc_table, @@ -2809,7 +2864,7 @@ intM_intP_at_L:(Object, int) memory) = (forall k:int. ((le_int(i_2, k) and lt_int(k, j_1)) -> - eq_int(select(intM_intP_at_L, shift(t_3, k)), c_1))) + (select(intM_intP_at_L, shift(t_3, k)) = c_1))) predicate left_valid_struct_Object(p:Object pointer, a:int, Object_alloc_table:Object alloc_table) = @@ -2914,36 +2969,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_FlagStatic(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -2984,6 +3009,8 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +exception Exception_exc of Object pointer + parameter Object_alloc_table : Object alloc_table ref parameter intM_intP : (Object, int) memory ref @@ -2991,7 +3018,7 @@ parameter FlagStatic_flag : t_1:Object pointer -> { } unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_108: + { (JC_116: (exists b:int. (exists r:int. (is_monochrome(t_1, (0), b, FlagStatic_BLUE, intM_intP) @@ -3002,9 +3029,9 @@ parameter FlagStatic_flag_requires : t_1:Object pointer -> - { (JC_99: is_color_array(t_1, Object_alloc_table, intM_intP))} unit + { (JC_107: is_color_array(t_1, Object_alloc_table, intM_intP))} unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_108: + { (JC_116: (exists b:int. (exists r:int. (is_monochrome(t_1, (0), b, FlagStatic_BLUE, intM_intP) @@ -3019,65 +3046,69 @@ j:int -> c_0:int -> { } bool reads Object_alloc_table,intM_intP - { (JC_48: ((result = true) <-> is_monochrome(t, i, j, c_0, intM_intP))) } + { (JC_56: ((result = true) <-> is_monochrome(t, i, j, c_0, intM_intP))) } parameter FlagStatic_isMonochrome_requires : t:Object pointer -> i:int -> j:int -> c_0:int -> - { (JC_35: - ((JC_31: Non_null_intM(t, Object_alloc_table)) - and ((JC_32: le_int((0), i)) - and ((JC_33: le_int(i, j)) - and (JC_34: + { (JC_43: + ((JC_39: Non_null_intM(t, Object_alloc_table)) + and ((JC_40: le_int((0), i)) + and ((JC_41: le_int(i, j)) + and (JC_42: le_int(j, add_int(offset_max(Object_alloc_table, t), (1))))))))} bool reads Object_alloc_table,intM_intP - { (JC_48: ((result = true) <-> is_monochrome(t, i, j, c_0, intM_intP))) } + { (JC_56: ((result = true) <-> is_monochrome(t, i, j, c_0, intM_intP))) } parameter FlagStatic_swap : t_0:Object pointer -> i_0:int -> j_0:int -> { } unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_94: - ((JC_92: - ((JC_90: - eq_int(select(intM_intP, shift(t_0, i_0)), - select(intM_intP@, shift(t_0@, j_0@)))) - and (JC_91: - eq_int(select(intM_intP, shift(t_0, j_0)), - select(intM_intP@, shift(t_0@, i_0@)))))) - and (JC_93: + { (JC_102: + ((JC_100: + ((JC_98: + (select(intM_intP, shift(t_0, i_0)) = select(intM_intP@, + shift(t_0, j_0)))) + and (JC_99: + (select(intM_intP, shift(t_0, j_0)) = select(intM_intP@, + shift(t_0, i_0)))))) + and (JC_101: not_assigns(Object_alloc_table@, intM_intP@, intM_intP, - pset_union(pset_range(pset_singleton(t_0@), j_0@, j_0@), - pset_range(pset_singleton(t_0@), i_0@, i_0@)))))) } + pset_union(pset_range(pset_singleton(t_0), j_0, j_0), + pset_range(pset_singleton(t_0), i_0, i_0)))))) } parameter FlagStatic_swap_requires : t_0:Object pointer -> i_0:int -> j_0:int -> - { (JC_73: - ((JC_69: le_int((0), i_0)) - and ((JC_70: + { (JC_81: + ((JC_77: le_int((0), i_0)) + and ((JC_78: lt_int(i_0, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_71: le_int((0), j_0)) - and (JC_72: + and ((JC_79: le_int((0), j_0)) + and (JC_80: lt_int(j_0, add_int(offset_max(Object_alloc_table, t_0), (1))))))))} unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_94: - ((JC_92: - ((JC_90: - eq_int(select(intM_intP, shift(t_0, i_0)), - select(intM_intP@, shift(t_0@, j_0@)))) - and (JC_91: - eq_int(select(intM_intP, shift(t_0, j_0)), - select(intM_intP@, shift(t_0@, i_0@)))))) - and (JC_93: + { (JC_102: + ((JC_100: + ((JC_98: + (select(intM_intP, shift(t_0, i_0)) = select(intM_intP@, + shift(t_0, j_0)))) + and (JC_99: + (select(intM_intP, shift(t_0, j_0)) = select(intM_intP@, + shift(t_0, i_0)))))) + and (JC_101: not_assigns(Object_alloc_table@, intM_intP@, intM_intP, - pset_union(pset_range(pset_singleton(t_0@), j_0@, j_0@), - pset_range(pset_singleton(t_0@), i_0@, i_0@)))))) } + pset_union(pset_range(pset_singleton(t_0), j_0, j_0), + pset_range(pset_singleton(t_0), i_0, i_0)))))) } + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit parameter Object_clone : this_4:Object pointer -> @@ -3155,131 +3186,9 @@ parameter Object_wait_requires : this_10:Object pointer -> { } unit reads Object_alloc_table { true } -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_FlagStatic : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_FlagStatic(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_FlagStatic_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_FlagStatic(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -3446,6 +3355,10 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_FlagStatic : this_1:Object pointer -> { } unit reads Object_alloc_table { true } @@ -3461,51 +3374,51 @@ parameter java_array_length_intM : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter java_array_length_intM_requires : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter non_null_Object : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_Object_requires : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_intM : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_intM_requires : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } let FlagStatic_flag_ensures_default = fun (t_1 : Object pointer) -> { (left_valid_struct_intM(t_1, (0), Object_alloc_table) - and (JC_101: is_color_array(t_1, Object_alloc_table, intM_intP))) } + and (JC_109: is_color_array(t_1, Object_alloc_table, intM_intP))) } (init: try begin @@ -3514,26 +3427,26 @@ (let r_0 = ref (K_58: (let jessie_ = t_1 in - (JC_127: (java_array_length_intM jessie_)))) in + (JC_135: (java_array_length_intM jessie_)))) in try (loop_5: while true do { invariant - (JC_136: - ((JC_128: is_color_array(t_1, Object_alloc_table, intM_intP)) - and ((JC_129: le_int((0), b_0)) - and ((JC_130: le_int(b_0, i_3)) - and ((JC_131: le_int(i_3, r_0)) - and ((JC_132: + (JC_144: + ((JC_136: is_color_array(t_1, Object_alloc_table, intM_intP)) + and ((JC_137: le_int((0), b_0)) + and ((JC_138: le_int(b_0, i_3)) + and ((JC_139: le_int(i_3, r_0)) + and ((JC_140: le_int(r_0, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and ((JC_133: + and ((JC_141: is_monochrome(t_1, (0), b_0, FlagStatic_BLUE, intM_intP)) - and ((JC_134: + and ((JC_142: is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP)) - and (JC_135: + and (JC_143: is_monochrome(t_1, r_0, add_int(offset_max(Object_alloc_table, t_1), @@ -3542,7 +3455,6 @@ begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_57: ((lt_int_ !i_3) !r_0)) then @@ -3552,7 +3464,6 @@ begin (if ((eq_int_ jessie_) FlagStatic_BLUE) then - (let jessie_ = (K_52: begin (let jessie_ = t_1 in @@ -3568,12 +3479,11 @@ begin (let jessie_ = (i_3 := ((add_int jessie_) (1))) in void); jessie_ end)) in - (JC_140: + (JC_148: (((FlagStatic_swap jessie_) jessie_) jessie_))))); - (raise (Loop_exit_exc void)) end) in void) else void); + (raise (Loop_exit_exc void)) end) else void); (if (((eq_int_ jessie_) FlagStatic_WHITE) || ((eq_int_ jessie_) FlagStatic_BLUE)) then - (let jessie_ = (K_53: begin (let jessie_ = @@ -3581,31 +3491,30 @@ begin (let jessie_ = (i_3 := ((add_int jessie_) (1))) in void); jessie_ end) in void); - (raise (Loop_exit_exc void)) end) in void) else void); + (raise (Loop_exit_exc void)) end) else void); (if (((eq_int_ jessie_) FlagStatic_RED) || (((eq_int_ jessie_) FlagStatic_WHITE) || ((eq_int_ jessie_) FlagStatic_BLUE))) then - (let jessie_ = (K_55: begin (let jessie_ = t_1 in (let jessie_ = (K_54: begin (r_0 := ((sub_int !r_0) (1))); !r_0 end) in (let jessie_ = !i_3 in - (JC_141: + (JC_149: (((FlagStatic_swap jessie_) jessie_) jessie_))))); - (raise (Loop_exit_exc void)) end) in void) else void) end - with Loop_exit_exc jessie_ -> void end) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + (raise (Loop_exit_exc void)) end) else void) end with + Loop_exit_exc jessie_ -> void end) + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end))); (raise Return) end with - Return -> void end) { (JC_103: true) } + Return -> void end) { (JC_111: true) } let FlagStatic_flag_ensures_sorts = fun (t_1 : Object pointer) -> { (left_valid_struct_intM(t_1, (0), Object_alloc_table) - and (JC_101: is_color_array(t_1, Object_alloc_table, intM_intP))) } + and (JC_109: is_color_array(t_1, Object_alloc_table, intM_intP))) } (init: try begin @@ -3614,35 +3523,34 @@ (let r_0 = ref (K_58: (let jessie_ = t_1 in - (JC_142: (java_array_length_intM jessie_)))) in + (JC_150: (java_array_length_intM jessie_)))) in try (loop_6: while true do - { invariant (JC_153: true) } + { invariant (JC_161: true) } begin [ { } unit reads Object_alloc_table,b_0,i_3,intM_intP,r_0 - { (JC_151: - ((JC_143: is_color_array(t_1, Object_alloc_table, intM_intP)) - and ((JC_144: le_int((0), b_0)) - and ((JC_145: le_int(b_0, i_3)) - and ((JC_146: le_int(i_3, r_0)) - and ((JC_147: + { (JC_159: + ((JC_151: is_color_array(t_1, Object_alloc_table, intM_intP)) + and ((JC_152: le_int((0), b_0)) + and ((JC_153: le_int(b_0, i_3)) + and ((JC_154: le_int(i_3, r_0)) + and ((JC_155: le_int(r_0, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and ((JC_148: + and ((JC_156: is_monochrome(t_1, (0), b_0, FlagStatic_BLUE, intM_intP)) - and ((JC_149: + and ((JC_157: is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP)) - and (JC_150: + and (JC_158: is_monochrome(t_1, r_0, add_int(offset_max(Object_alloc_table, t_1), (1)), FlagStatic_RED, intM_intP)))))))))) } ]; try - (let jessie_ = begin (if (K_57: ((lt_int_ !i_3) !r_0)) then @@ -3652,7 +3560,6 @@ begin (if ((eq_int_ jessie_) FlagStatic_BLUE) then - (let jessie_ = (K_52: begin (let jessie_ = t_1 in @@ -3668,12 +3575,11 @@ begin (let jessie_ = (i_3 := ((add_int jessie_) (1))) in void); jessie_ end)) in - (JC_155: + (JC_163: (((FlagStatic_swap jessie_) jessie_) jessie_))))); - (raise (Loop_exit_exc void)) end) in void) else void); + (raise (Loop_exit_exc void)) end) else void); (if (((eq_int_ jessie_) FlagStatic_WHITE) || ((eq_int_ jessie_) FlagStatic_BLUE)) then - (let jessie_ = (K_53: begin (let jessie_ = @@ -3681,27 +3587,26 @@ begin (let jessie_ = (i_3 := ((add_int jessie_) (1))) in void); jessie_ end) in void); - (raise (Loop_exit_exc void)) end) in void) else void); + (raise (Loop_exit_exc void)) end) else void); (if (((eq_int_ jessie_) FlagStatic_RED) || (((eq_int_ jessie_) FlagStatic_WHITE) || ((eq_int_ jessie_) FlagStatic_BLUE))) then - (let jessie_ = (K_55: begin (let jessie_ = t_1 in (let jessie_ = (K_54: begin (r_0 := ((sub_int !r_0) (1))); !r_0 end) in (let jessie_ = !i_3 in - (JC_156: + (JC_164: (((FlagStatic_swap jessie_) jessie_) jessie_))))); - (raise (Loop_exit_exc void)) end) in void) else void) end - with Loop_exit_exc jessie_ -> void end) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + (raise (Loop_exit_exc void)) end) else void) end with + Loop_exit_exc jessie_ -> void end) + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end))); (raise Return) end with Return -> void end) - { (JC_107: + { (JC_115: (exists b:int. (exists r:int. (is_monochrome(t_1, (0), b, FlagStatic_BLUE, intM_intP) @@ -3713,7 +3618,7 @@ let FlagStatic_flag_safety = fun (t_1 : Object pointer) -> { (left_valid_struct_intM(t_1, (0), Object_alloc_table) - and (JC_101: is_color_array(t_1, Object_alloc_table, intM_intP))) } + and (JC_109: is_color_array(t_1, Object_alloc_table, intM_intP))) } (init: try begin @@ -3722,49 +3627,47 @@ (let r_0 = ref (K_58: (let jessie_ = t_1 in - (JC_110: + (JC_118: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_109: (java_array_length_intM_requires jessie_)))))) in + (JC_117: (java_array_length_intM_requires jessie_)))))) in try (loop_4: while true do - { invariant (JC_121: true) variant (JC_126 : sub_int(r_0, i_3)) } + { invariant (JC_129: true) variant (JC_134 : sub_int(r_0, i_3)) } begin [ { } unit reads Object_alloc_table,b_0,i_3,intM_intP,r_0 - { (JC_119: - ((JC_111: is_color_array(t_1, Object_alloc_table, intM_intP)) - and ((JC_112: le_int((0), b_0)) - and ((JC_113: le_int(b_0, i_3)) - and ((JC_114: le_int(i_3, r_0)) - and ((JC_115: + { (JC_127: + ((JC_119: is_color_array(t_1, Object_alloc_table, intM_intP)) + and ((JC_120: le_int((0), b_0)) + and ((JC_121: le_int(b_0, i_3)) + and ((JC_122: le_int(i_3, r_0)) + and ((JC_123: le_int(r_0, add_int(offset_max(Object_alloc_table, t_1), (1)))) - and ((JC_116: + and ((JC_124: is_monochrome(t_1, (0), b_0, FlagStatic_BLUE, intM_intP)) - and ((JC_117: + and ((JC_125: is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP)) - and (JC_118: + and (JC_126: is_monochrome(t_1, r_0, add_int(offset_max(Object_alloc_table, t_1), (1)), FlagStatic_RED, intM_intP)))))))))) } ]; try - (let jessie_ = begin (if (K_57: ((lt_int_ !i_3) !r_0)) then (let jessie_ = (K_56: - (JC_123: + (JC_131: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_1) !i_3))) in try begin (if ((eq_int_ jessie_) FlagStatic_BLUE) then - (let jessie_ = (K_52: begin (let jessie_ = t_1 in @@ -3780,12 +3683,11 @@ begin (let jessie_ = (i_3 := ((add_int jessie_) (1))) in void); jessie_ end)) in - (JC_124: + (JC_132: (((FlagStatic_swap_requires jessie_) jessie_) jessie_))))); - (raise (Loop_exit_exc void)) end) in void) else void); + (raise (Loop_exit_exc void)) end) else void); (if (((eq_int_ jessie_) FlagStatic_WHITE) || ((eq_int_ jessie_) FlagStatic_BLUE)) then - (let jessie_ = (K_53: begin (let jessie_ = @@ -3793,23 +3695,22 @@ begin (let jessie_ = (i_3 := ((add_int jessie_) (1))) in void); jessie_ end) in void); - (raise (Loop_exit_exc void)) end) in void) else void); + (raise (Loop_exit_exc void)) end) else void); (if (((eq_int_ jessie_) FlagStatic_RED) || (((eq_int_ jessie_) FlagStatic_WHITE) || ((eq_int_ jessie_) FlagStatic_BLUE))) then - (let jessie_ = (K_55: begin (let jessie_ = t_1 in (let jessie_ = (K_54: begin (r_0 := ((sub_int !r_0) (1))); !r_0 end) in (let jessie_ = !i_3 in - (JC_125: + (JC_133: (((FlagStatic_swap_requires jessie_) jessie_) jessie_))))); - (raise (Loop_exit_exc void)) end) in void) else void) end - with Loop_exit_exc jessie_ -> void end) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + (raise (Loop_exit_exc void)) end) else void) end with + Loop_exit_exc jessie_ -> void end) + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end))); (raise Return) end with Return -> void end) { true } @@ -3817,11 +3718,11 @@ let FlagStatic_isMonochrome_ensures_decides_monochromatic = fun (t : Object pointer) (i : int) (j : int) (c_0 : int) -> { (left_valid_struct_intM(t, (0), Object_alloc_table) - and (JC_41: - ((JC_37: Non_null_intM(t, Object_alloc_table)) - and ((JC_38: le_int((0), i)) - and ((JC_39: le_int(i, j)) - and (JC_40: + and (JC_49: + ((JC_45: Non_null_intM(t, Object_alloc_table)) + and ((JC_46: le_int((0), i)) + and ((JC_47: le_int(i, j)) + and (JC_48: le_int(j, add_int(offset_max(Object_alloc_table, t), (1))))))))) } (init: @@ -3832,25 +3733,24 @@ try (loop_3: while true do - { invariant (JC_67: true) } + { invariant (JC_75: true) } begin [ { } unit reads intM_intP,k_0 - { (JC_65: - ((JC_63: le_int(i, k_0)) - and (JC_64: + { (JC_73: + ((JC_71: le_int(i, k_0)) + and (JC_72: (forall l:int. ((le_int(i, l) and lt_int(l, k_0)) -> - eq_int(select(intM_intP, shift(t, l)), c_0)))))) } ]; + (select(intM_intP, shift(t, l)) = c_0)))))) } ]; try - (let jessie_ = begin (if (K_17: ((lt_int_ !k_0) j)) then (if (K_15: ((neq_int_ (K_14: ((safe_acc_ !intM_intP) ((shift t) !k_0)))) c_0)) then begin (return := false); (raise Return) end else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_16: @@ -3860,16 +3760,16 @@ jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := true); (raise Return); absurd end with Return -> !return end)) - { (JC_47: ((result = true) <-> is_monochrome(t, i, j, c_0, intM_intP))) } + { (JC_55: ((result = true) <-> is_monochrome(t, i, j, c_0, intM_intP))) } let FlagStatic_isMonochrome_ensures_default = fun (t : Object pointer) (i : int) (j : int) (c_0 : int) -> { (left_valid_struct_intM(t, (0), Object_alloc_table) - and (JC_41: - ((JC_37: Non_null_intM(t, Object_alloc_table)) - and ((JC_38: le_int((0), i)) - and ((JC_39: le_int(i, j)) - and (JC_40: + and (JC_49: + ((JC_45: Non_null_intM(t, Object_alloc_table)) + and ((JC_46: le_int((0), i)) + and ((JC_47: le_int(i, j)) + and (JC_48: le_int(j, add_int(offset_max(Object_alloc_table, t), (1))))))))) } (init: @@ -3881,24 +3781,23 @@ (loop_2: while true do { invariant - (JC_59: - ((JC_57: le_int(i, k_0)) - and (JC_58: + (JC_67: + ((JC_65: le_int(i, k_0)) + and (JC_66: (forall l:int. ((le_int(i, l) and lt_int(l, k_0)) -> - eq_int(select(intM_intP, shift(t, l)), c_0)))))) } + (select(intM_intP, shift(t, l)) = c_0)))))) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_17: ((lt_int_ !k_0) j)) then (if (K_15: ((neq_int_ (K_14: ((safe_acc_ !intM_intP) ((shift t) !k_0)))) c_0)) then begin (return := false); (raise Return) end else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_16: @@ -3907,16 +3806,16 @@ (let jessie_ = (k_0 := ((add_int jessie_) (1))) in void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := true); (raise Return); - absurd end with Return -> !return end)) { (JC_43: true) } + absurd end with Return -> !return end)) { (JC_51: true) } let FlagStatic_isMonochrome_safety = fun (t : Object pointer) (i : int) (j : int) (c_0 : int) -> { (left_valid_struct_intM(t, (0), Object_alloc_table) - and (JC_41: - ((JC_37: Non_null_intM(t, Object_alloc_table)) - and ((JC_38: le_int((0), i)) - and ((JC_39: le_int(i, j)) - and (JC_40: + and (JC_49: + ((JC_45: Non_null_intM(t, Object_alloc_table)) + and ((JC_46: le_int((0), i)) + and ((JC_47: le_int(i, j)) + and (JC_48: le_int(j, add_int(offset_max(Object_alloc_table, t), (1))))))))) } (init: @@ -3927,27 +3826,26 @@ try (loop_1: while true do - { invariant (JC_53: true) variant (JC_56 : sub_int(j, k_0)) } + { invariant (JC_61: true) variant (JC_64 : sub_int(j, k_0)) } begin [ { } unit reads intM_intP,k_0 - { (JC_51: - ((JC_49: le_int(i, k_0)) - and (JC_50: + { (JC_59: + ((JC_57: le_int(i, k_0)) + and (JC_58: (forall l:int. ((le_int(i, l) and lt_int(l, k_0)) -> - eq_int(select(intM_intP, shift(t, l)), c_0)))))) } ]; + (select(intM_intP, shift(t, l)) = c_0)))))) } ]; try - (let jessie_ = begin (if (K_17: ((lt_int_ !k_0) j)) then (if (K_15: ((neq_int_ (K_14: - (JC_55: + (JC_63: ((((offset_acc_ !Object_alloc_table) !intM_intP) t) !k_0)))) c_0)) then begin (return := false); (raise Return) end else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_16: @@ -3961,12 +3859,12 @@ let FlagStatic_swap_ensures_default = fun (t_0 : Object pointer) (i_0 : int) (j_0 : int) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_79: - ((JC_75: le_int((0), i_0)) - and ((JC_76: + and (JC_87: + ((JC_83: le_int((0), i_0)) + and ((JC_84: lt_int(i_0, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_77: le_int((0), j_0)) - and (JC_78: + and ((JC_85: le_int((0), j_0)) + and (JC_86: lt_int(j_0, add_int(offset_max(Object_alloc_table, t_0), (1))))))))) } (init: @@ -3989,17 +3887,17 @@ (let jessie_ = ((shift jessie_) jessie_) in begin (((safe_upd_ intM_intP) jessie_) jessie_); jessie_ end))))) end)) in void); (raise Return) end with Return -> void end) - { (JC_81: true) } + { (JC_89: true) } let FlagStatic_swap_ensures_i_j_swapped = fun (t_0 : Object pointer) (i_0 : int) (j_0 : int) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_79: - ((JC_75: le_int((0), i_0)) - and ((JC_76: + and (JC_87: + ((JC_83: le_int((0), i_0)) + and ((JC_84: lt_int(i_0, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_77: le_int((0), j_0)) - and (JC_78: + and ((JC_85: le_int((0), j_0)) + and (JC_86: lt_int(j_0, add_int(offset_max(Object_alloc_table, t_0), (1))))))))) } (init: @@ -4022,28 +3920,28 @@ (let jessie_ = ((shift jessie_) jessie_) in begin (((safe_upd_ intM_intP) jessie_) jessie_); jessie_ end))))) end)) in void); (raise Return) end with Return -> void end) - { (JC_89: - ((JC_87: - ((JC_85: - eq_int(select(intM_intP, shift(t_0, i_0)), - select(intM_intP@, shift(t_0@, j_0@)))) - and (JC_86: - eq_int(select(intM_intP, shift(t_0, j_0)), - select(intM_intP@, shift(t_0@, i_0@)))))) - and (JC_88: + { (JC_97: + ((JC_95: + ((JC_93: + (select(intM_intP, shift(t_0, i_0)) = select(intM_intP@, + shift(t_0, j_0)))) + and (JC_94: + (select(intM_intP, shift(t_0, j_0)) = select(intM_intP@, + shift(t_0, i_0)))))) + and (JC_96: not_assigns(Object_alloc_table@, intM_intP@, intM_intP, - pset_union(pset_range(pset_singleton(t_0@), j_0@, j_0@), - pset_range(pset_singleton(t_0@), i_0@, i_0@)))))) } + pset_union(pset_range(pset_singleton(t_0), j_0, j_0), + pset_range(pset_singleton(t_0), i_0, i_0)))))) } let FlagStatic_swap_safety = fun (t_0 : Object pointer) (i_0 : int) (j_0 : int) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) - and (JC_79: - ((JC_75: le_int((0), i_0)) - and ((JC_76: + and (JC_87: + ((JC_83: le_int((0), i_0)) + and ((JC_84: lt_int(i_0, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_77: le_int((0), j_0)) - and (JC_78: + and ((JC_85: le_int((0), j_0)) + and (JC_86: lt_int(j_0, add_int(offset_max(Object_alloc_table, t_0), (1))))))))) } (init: @@ -4052,17 +3950,17 @@ (let jessie_ = (let z = (K_31: - (JC_95: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) i_0))) in + (JC_103: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) i_0))) in (K_29: begin (let jessie_ = (let jessie_ = (K_28: - (JC_96: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) j_0))) in + (JC_104: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) j_0))) in (let jessie_ = t_0 in (let jessie_ = i_0 in (let jessie_ = ((shift jessie_) jessie_) in - (JC_97: + (JC_105: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)))))) in void); (K_30: @@ -4071,7 +3969,7 @@ (let jessie_ = j_0 in (let jessie_ = ((shift jessie_) jessie_) in begin - (JC_98: + (JC_106: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)); jessie_ end))))) end)) in void); (raise Return) end with Return -> void end) { true } @@ -4080,7 +3978,7 @@ fun (this_1 : Object pointer) -> { valid_struct_FlagStatic(this_1, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_161: true) } + { (JC_169: true) } let cons_FlagStatic_safety = fun (this_1 : Object pointer) -> @@ -4092,7 +3990,7 @@ fun (this_12 : Object pointer) -> { valid_struct_Object(this_12, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_257: true) } + { (JC_265: true) } let cons_Object_safety = fun (this_12 : Object pointer) -> @@ -4109,346 +4007,346 @@ - + - + - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + - - - + + + - - - + + + - - - + + + + + + + + - - - + + + - - - + + + - - - + + + - - + + + + +text = "PointerDeref"/> - - + + +text = "PointerDeref"/> - - + + - - + + - - - + + + + + - - - + + + - - - - + + + + + + - + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -5409,7 +5307,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -5580,36 +5478,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_FlagStatic(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -5650,6 +5518,20 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/FlagStatic_po1.why ========== +goal FlagStatic_flag_ensures_default_po_1: + forall t_1:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t_1, 0, Object_alloc_table) and + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> + ("JC_144": ("JC_137": (0 <= 0))) + ========== file tests/java/why/FlagStatic_po10.why ========== goal FlagStatic_flag_ensures_default_po_10: forall t_1:Object pointer. @@ -5657,9 +5539,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -5667,16 +5549,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -5688,16 +5570,16 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": ("JC_130": ("JC_130": (b_0_0 <= i_3_0)))) + ("JC_144": ("JC_138": (b_0_0 <= i_3_0))) ========== file tests/java/why/FlagStatic_po11.why ========== goal FlagStatic_flag_ensures_default_po_11: @@ -5706,9 +5588,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -5716,16 +5598,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -5737,16 +5619,16 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": ("JC_131": ("JC_131": (i_3_0 <= r_0)))) + ("JC_144": ("JC_139": (i_3_0 <= r_0))) ========== file tests/java/why/FlagStatic_po12.why ========== goal FlagStatic_flag_ensures_default_po_12: @@ -5755,9 +5637,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -5765,16 +5647,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -5786,17 +5668,16 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": - ("JC_132": ("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_144": ("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/FlagStatic_po13.why ========== goal FlagStatic_flag_ensures_default_po_13: @@ -5805,9 +5686,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -5815,16 +5696,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -5836,18 +5717,17 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": - ("JC_133": - ("JC_133": is_monochrome(t_1, 0, b_0_0, FlagStatic_BLUE, intM_intP1)))) + ("JC_144": + ("JC_141": is_monochrome(t_1, 0, b_0_0, FlagStatic_BLUE, intM_intP1))) ========== file tests/java/why/FlagStatic_po14.why ========== goal FlagStatic_flag_ensures_default_po_14: @@ -5856,9 +5736,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -5866,16 +5746,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -5887,18 +5767,17 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": - ("JC_134": - ("JC_134": is_monochrome(t_1, b_0_0, i_3_0, FlagStatic_WHITE, intM_intP1)))) + ("JC_144": + ("JC_142": is_monochrome(t_1, b_0_0, i_3_0, FlagStatic_WHITE, intM_intP1))) ========== file tests/java/why/FlagStatic_po15.why ========== goal FlagStatic_flag_ensures_default_po_15: @@ -5907,9 +5786,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -5917,16 +5796,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -5938,19 +5817,18 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": - ("JC_135": - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, - t_1) + 1), FlagStatic_RED, intM_intP1)))) + ("JC_144": + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + t_1) + 1), FlagStatic_RED, intM_intP1))) ========== file tests/java/why/FlagStatic_po16.why ========== goal FlagStatic_flag_ensures_default_po_16: @@ -5959,9 +5837,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -5969,16 +5847,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -5988,7 +5866,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": ("JC_129": ("JC_129": (0 <= b_0)))) + ("JC_144": ("JC_137": (0 <= b_0))) ========== file tests/java/why/FlagStatic_po17.why ========== goal FlagStatic_flag_ensures_default_po_17: @@ -5997,9 +5875,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6007,16 +5885,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6026,7 +5904,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": ("JC_130": ("JC_130": (b_0 <= i_3_0)))) + ("JC_144": ("JC_138": (b_0 <= i_3_0))) ========== file tests/java/why/FlagStatic_po18.why ========== goal FlagStatic_flag_ensures_default_po_18: @@ -6035,9 +5913,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6045,16 +5923,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6064,7 +5942,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": ("JC_131": ("JC_131": (i_3_0 <= r_0)))) + ("JC_144": ("JC_139": (i_3_0 <= r_0))) ========== file tests/java/why/FlagStatic_po19.why ========== goal FlagStatic_flag_ensures_default_po_19: @@ -6073,9 +5951,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6083,16 +5961,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6102,22 +5980,21 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": - ("JC_132": ("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_144": ("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) -========== file tests/java/why/FlagStatic_po1.why ========== -goal FlagStatic_flag_ensures_default_po_1: +========== file tests/java/why/FlagStatic_po2.why ========== +goal FlagStatic_flag_ensures_default_po_2: forall t_1:Object pointer. forall Object_alloc_table:Object alloc_table. forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": ("JC_129": ("JC_129": (0 <= 0)))) + ("JC_144": ("JC_138": (0 <= 0))) ========== file tests/java/why/FlagStatic_po20.why ========== goal FlagStatic_flag_ensures_default_po_20: @@ -6126,9 +6003,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6136,16 +6013,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6155,9 +6032,8 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": - ("JC_133": - ("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)))) + ("JC_144": + ("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0))) ========== file tests/java/why/FlagStatic_po21.why ========== goal FlagStatic_flag_ensures_default_po_21: @@ -6166,9 +6042,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6176,16 +6052,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6195,9 +6071,8 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": - ("JC_134": - ("JC_134": is_monochrome(t_1, b_0, i_3_0, FlagStatic_WHITE, intM_intP0)))) + ("JC_144": + ("JC_142": is_monochrome(t_1, b_0, i_3_0, FlagStatic_WHITE, intM_intP0))) ========== file tests/java/why/FlagStatic_po22.why ========== goal FlagStatic_flag_ensures_default_po_22: @@ -6206,9 +6081,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6216,16 +6091,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6235,10 +6110,9 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": - ("JC_135": - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, - t_1) + 1), FlagStatic_RED, intM_intP0)))) + ("JC_144": + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + t_1) + 1), FlagStatic_RED, intM_intP0))) ========== file tests/java/why/FlagStatic_po23.why ========== goal FlagStatic_flag_ensures_default_po_23: @@ -6247,9 +6121,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6257,16 +6131,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6281,17 +6155,16 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": - ("JC_128": ("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP1)))) + ("JC_144": ("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP1))) ========== file tests/java/why/FlagStatic_po24.why ========== goal FlagStatic_flag_ensures_default_po_24: @@ -6300,9 +6173,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6310,16 +6183,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6334,16 +6207,16 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": ("JC_129": ("JC_129": (0 <= b_0)))) + ("JC_144": ("JC_137": (0 <= b_0))) ========== file tests/java/why/FlagStatic_po25.why ========== goal FlagStatic_flag_ensures_default_po_25: @@ -6352,9 +6225,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6362,16 +6235,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6386,16 +6259,16 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": ("JC_130": ("JC_130": (b_0 <= i_3)))) + ("JC_144": ("JC_138": (b_0 <= i_3))) ========== file tests/java/why/FlagStatic_po26.why ========== goal FlagStatic_flag_ensures_default_po_26: @@ -6404,9 +6277,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6414,16 +6287,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6438,16 +6311,16 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": ("JC_131": ("JC_131": (i_3 <= r_0_0)))) + ("JC_144": ("JC_139": (i_3 <= r_0_0))) ========== file tests/java/why/FlagStatic_po27.why ========== goal FlagStatic_flag_ensures_default_po_27: @@ -6456,9 +6329,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6466,16 +6339,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6490,18 +6363,17 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": - ("JC_132": - ("JC_132": (r_0_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_144": + ("JC_140": (r_0_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/FlagStatic_po28.why ========== goal FlagStatic_flag_ensures_default_po_28: @@ -6510,9 +6382,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6520,16 +6392,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6544,18 +6416,17 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": - ("JC_133": - ("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP1)))) + ("JC_144": + ("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP1))) ========== file tests/java/why/FlagStatic_po29.why ========== goal FlagStatic_flag_ensures_default_po_29: @@ -6564,9 +6435,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6574,16 +6445,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6598,32 +6469,31 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": - ("JC_134": - ("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP1)))) + ("JC_144": + ("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP1))) -========== file tests/java/why/FlagStatic_po2.why ========== -goal FlagStatic_flag_ensures_default_po_2: +========== file tests/java/why/FlagStatic_po3.why ========== +goal FlagStatic_flag_ensures_default_po_3: forall t_1:Object pointer. forall Object_alloc_table:Object alloc_table. forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": ("JC_130": ("JC_130": (0 <= 0)))) + ("JC_144": ("JC_139": (0 <= result))) ========== file tests/java/why/FlagStatic_po30.why ========== goal FlagStatic_flag_ensures_default_po_30: @@ -6632,9 +6502,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6642,16 +6512,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6666,19 +6536,18 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": - ("JC_135": - ("JC_135": is_monochrome(t_1, r_0_0, (offset_max(Object_alloc_table, - t_1) + 1), FlagStatic_RED, intM_intP1)))) + ("JC_144": + ("JC_143": is_monochrome(t_1, r_0_0, (offset_max(Object_alloc_table, + t_1) + 1), FlagStatic_RED, intM_intP1))) ========== file tests/java/why/FlagStatic_po31.why ========== goal FlagStatic_flag_ensures_default_po_31: @@ -6687,9 +6556,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6697,16 +6566,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6715,7 +6584,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": ("JC_129": ("JC_129": (0 <= b_0)))) + ("JC_144": ("JC_137": (0 <= b_0))) ========== file tests/java/why/FlagStatic_po32.why ========== goal FlagStatic_flag_ensures_default_po_32: @@ -6724,9 +6593,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6734,16 +6603,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6752,7 +6621,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": ("JC_130": ("JC_130": (b_0 <= i_3)))) + ("JC_144": ("JC_138": (b_0 <= i_3))) ========== file tests/java/why/FlagStatic_po33.why ========== goal FlagStatic_flag_ensures_default_po_33: @@ -6761,9 +6630,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6771,16 +6640,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6789,7 +6658,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": ("JC_131": ("JC_131": (i_3 <= r_0)))) + ("JC_144": ("JC_139": (i_3 <= r_0))) ========== file tests/java/why/FlagStatic_po34.why ========== goal FlagStatic_flag_ensures_default_po_34: @@ -6798,9 +6667,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6808,16 +6677,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6826,8 +6695,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": - ("JC_132": ("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_144": ("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/FlagStatic_po35.why ========== goal FlagStatic_flag_ensures_default_po_35: @@ -6836,9 +6704,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6846,16 +6714,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6864,9 +6732,8 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": - ("JC_133": - ("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)))) + ("JC_144": + ("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0))) ========== file tests/java/why/FlagStatic_po36.why ========== goal FlagStatic_flag_ensures_default_po_36: @@ -6875,9 +6742,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6885,16 +6752,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6903,9 +6770,8 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": - ("JC_134": - ("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)))) + ("JC_144": + ("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0))) ========== file tests/java/why/FlagStatic_po37.why ========== goal FlagStatic_flag_ensures_default_po_37: @@ -6914,9 +6780,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6924,16 +6790,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -6942,10 +6808,9 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": - ("JC_135": - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, - t_1) + 1), FlagStatic_RED, intM_intP0)))) + ("JC_144": + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + t_1) + 1), FlagStatic_RED, intM_intP0))) ========== file tests/java/why/FlagStatic_po38.why ========== goal FlagStatic_flag_ensures_sorts_po_1: @@ -6954,9 +6819,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -6964,20 +6829,20 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_153": true) -> - ("JC_151": - (("JC_143": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_144": (0 <= b_0)) and - (("JC_145": (b_0 <= i_3)) and - (("JC_146": (i_3 <= r_0)) and - (("JC_147": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_148": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_149": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_161": true) -> + ("JC_159": + (("JC_151": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_152": (0 <= b_0)) and + (("JC_153": (b_0 <= i_3)) and + (("JC_154": (i_3 <= r_0)) and + (("JC_155": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_156": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_157": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_150": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_158": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 >= r_0) -> - ("JC_107": + ("JC_115": (exists b:int. (exists r:int. (is_monochrome(t_1, 0, b, FlagStatic_BLUE, intM_intP0) and @@ -6992,22 +6857,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -========== file tests/java/why/FlagStatic_po3.why ========== -goal FlagStatic_flag_ensures_default_po_3: +========== file tests/java/why/FlagStatic_po4.why ========== +goal FlagStatic_flag_ensures_default_po_4: forall t_1:Object pointer. forall Object_alloc_table:Object alloc_table. forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": ("JC_131": ("JC_131": (0 <= result)))) + ("JC_144": + ("JC_140": (result <= (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/FlagStatic_po40.why ========== goal FlagStatic_flag_safety_po_2: @@ -7016,10 +6882,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7027,17 +6893,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> (offset_min(Object_alloc_table, t_1) <= i_3) @@ -7049,10 +6915,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7060,17 +6926,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> (i_3 <= offset_max(Object_alloc_table, t_1)) @@ -7082,10 +6948,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7093,17 +6959,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7115,7 +6981,7 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": ("JC_69": ("JC_69": (0 <= b_0)))) + ("JC_81": ("JC_77": (0 <= b_0))) ========== file tests/java/why/FlagStatic_po43.why ========== goal FlagStatic_flag_safety_po_5: @@ -7124,10 +6990,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7135,17 +7001,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7157,8 +7023,7 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": - ("JC_70": ("JC_70": (b_0 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_81": ("JC_78": (b_0 < (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/FlagStatic_po44.why ========== goal FlagStatic_flag_safety_po_6: @@ -7167,10 +7032,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7178,17 +7043,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7200,7 +7065,7 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": ("JC_71": ("JC_71": (0 <= i_3)))) + ("JC_81": ("JC_79": (0 <= i_3))) ========== file tests/java/why/FlagStatic_po45.why ========== goal FlagStatic_flag_safety_po_7: @@ -7209,10 +7074,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7220,17 +7085,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7242,8 +7107,7 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": - ("JC_72": ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_81": ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/FlagStatic_po46.why ========== goal FlagStatic_flag_safety_po_8: @@ -7252,10 +7116,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7263,17 +7127,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7285,23 +7149,23 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": - (("JC_69": (0 <= b_0)) and - (("JC_70": (b_0 < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_71": (0 <= i_3)) and - ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> + ("JC_81": + (("JC_77": (0 <= b_0)) and + (("JC_78": (b_0 < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_79": (0 <= i_3)) and + ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - (0 <= ("JC_126": (r_0 - i_3))) + (0 <= ("JC_134": (r_0 - i_3))) ========== file tests/java/why/FlagStatic_po47.why ========== goal FlagStatic_flag_safety_po_9: @@ -7310,10 +7174,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7321,17 +7185,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7343,23 +7207,23 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": - (("JC_69": (0 <= b_0)) and - (("JC_70": (b_0 < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_71": (0 <= i_3)) and - ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> + ("JC_81": + (("JC_77": (0 <= b_0)) and + (("JC_78": (b_0 < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_79": (0 <= i_3)) and + ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - (("JC_126": (r_0 - i_3_0)) < ("JC_126": (r_0 - i_3))) + (("JC_134": (r_0 - i_3_0)) < ("JC_134": (r_0 - i_3))) ========== file tests/java/why/FlagStatic_po48.why ========== goal FlagStatic_flag_safety_po_10: @@ -7368,10 +7232,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7379,17 +7243,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7401,7 +7265,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (0 <= ("JC_126": (r_0 - i_3))) + (0 <= ("JC_134": (r_0 - i_3))) ========== file tests/java/why/FlagStatic_po49.why ========== goal FlagStatic_flag_safety_po_11: @@ -7410,10 +7274,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7421,17 +7285,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7443,23 +7307,22 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (("JC_126": (r_0 - i_3_0)) < ("JC_126": (r_0 - i_3))) + (("JC_134": (r_0 - i_3_0)) < ("JC_134": (r_0 - i_3))) -========== file tests/java/why/FlagStatic_po4.why ========== -goal FlagStatic_flag_ensures_default_po_4: +========== file tests/java/why/FlagStatic_po5.why ========== +goal FlagStatic_flag_ensures_default_po_5: forall t_1:Object pointer. forall Object_alloc_table:Object alloc_table. forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": - ("JC_132": - ("JC_132": (result <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_144": + ("JC_141": is_monochrome(t_1, 0, 0, FlagStatic_BLUE, intM_intP))) ========== file tests/java/why/FlagStatic_po50.why ========== goal FlagStatic_flag_safety_po_12: @@ -7468,10 +7331,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7479,17 +7342,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7504,7 +7367,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": ("JC_69": ("JC_69": (0 <= r_0_0)))) + ("JC_81": ("JC_77": (0 <= r_0_0))) ========== file tests/java/why/FlagStatic_po51.why ========== goal FlagStatic_flag_safety_po_13: @@ -7513,10 +7376,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7524,17 +7387,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7549,8 +7412,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": - ("JC_70": ("JC_70": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_81": ("JC_78": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/FlagStatic_po52.why ========== goal FlagStatic_flag_safety_po_14: @@ -7559,10 +7421,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7570,17 +7432,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7595,7 +7457,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": ("JC_71": ("JC_71": (0 <= i_3)))) + ("JC_81": ("JC_79": (0 <= i_3))) ========== file tests/java/why/FlagStatic_po53.why ========== goal FlagStatic_flag_safety_po_15: @@ -7604,10 +7466,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7615,17 +7477,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7640,8 +7502,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": - ("JC_72": ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_81": ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1)))) ========== file tests/java/why/FlagStatic_po54.why ========== goal FlagStatic_flag_safety_po_16: @@ -7650,10 +7511,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7661,17 +7522,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7686,23 +7547,23 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": - (("JC_69": (0 <= r_0_0)) and - (("JC_70": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_71": (0 <= i_3)) and - ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> + ("JC_81": + (("JC_77": (0 <= r_0_0)) and + (("JC_78": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_79": (0 <= i_3)) and + ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - (0 <= ("JC_126": (r_0 - i_3))) + (0 <= ("JC_134": (r_0 - i_3))) ========== file tests/java/why/FlagStatic_po55.why ========== goal FlagStatic_flag_safety_po_17: @@ -7711,10 +7572,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7722,17 +7583,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7747,23 +7608,23 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": - (("JC_69": (0 <= r_0_0)) and - (("JC_70": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_71": (0 <= i_3)) and - ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> + ("JC_81": + (("JC_77": (0 <= r_0_0)) and + (("JC_78": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_79": (0 <= i_3)) and + ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - (("JC_126": (r_0_0 - i_3)) < ("JC_126": (r_0 - i_3))) + (("JC_134": (r_0_0 - i_3)) < ("JC_134": (r_0 - i_3))) ========== file tests/java/why/FlagStatic_po56.why ========== goal FlagStatic_flag_safety_po_18: @@ -7772,10 +7633,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7783,17 +7644,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7804,7 +7665,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - (0 <= ("JC_126": (r_0 - i_3))) + (0 <= ("JC_134": (r_0 - i_3))) ========== file tests/java/why/FlagStatic_po57.why ========== goal FlagStatic_flag_safety_po_19: @@ -7813,10 +7674,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -7824,17 +7685,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -7845,7 +7706,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - (("JC_126": (r_0 - i_3)) < ("JC_126": (r_0 - i_3))) + (("JC_134": (r_0 - i_3)) < ("JC_134": (r_0 - i_3))) ========== file tests/java/why/FlagStatic_po58.why ========== goal FlagStatic_isMonochrome_ensures_decides_monochromatic_po_1: @@ -7857,16 +7718,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_67": true) -> - ("JC_65": - (("JC_63": (i <= k_0)) and - ("JC_64": + ("JC_75": true) -> + ("JC_73": + (("JC_71": (i <= k_0)) and + ("JC_72": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -7876,7 +7737,7 @@ forall return:bool. (return = false) -> (return = true) -> - ("JC_47": is_monochrome(t, i, j, c_0, intM_intP)) + ("JC_55": is_monochrome(t, i, j, c_0, intM_intP)) ========== file tests/java/why/FlagStatic_po59.why ========== goal FlagStatic_isMonochrome_ensures_decides_monochromatic_po_2: @@ -7888,16 +7749,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_67": true) -> - ("JC_65": - (("JC_63": (i <= k_0)) and - ("JC_64": + ("JC_75": true) -> + ("JC_73": + (("JC_71": (i <= k_0)) and + ("JC_72": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -7907,23 +7768,22 @@ forall return:bool. (return = false) -> is_monochrome(t, i, j, c_0, intM_intP) -> - ("JC_47": (return = true)) + ("JC_55": (return = true)) -========== file tests/java/why/FlagStatic_po5.why ========== -goal FlagStatic_flag_ensures_default_po_5: +========== file tests/java/why/FlagStatic_po6.why ========== +goal FlagStatic_flag_ensures_default_po_6: forall t_1:Object pointer. forall Object_alloc_table:Object alloc_table. forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": - ("JC_133": - ("JC_133": is_monochrome(t_1, 0, 0, FlagStatic_BLUE, intM_intP)))) + ("JC_144": + ("JC_142": is_monochrome(t_1, 0, 0, FlagStatic_WHITE, intM_intP))) ========== file tests/java/why/FlagStatic_po60.why ========== goal FlagStatic_isMonochrome_ensures_decides_monochromatic_po_3: @@ -7935,23 +7795,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_67": true) -> - ("JC_65": - (("JC_63": (i <= k_0)) and - ("JC_64": + ("JC_75": true) -> + ("JC_73": + (("JC_71": (i <= k_0)) and + ("JC_72": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 >= j) -> forall return:bool. (return = true) -> (return = true) -> - ("JC_47": is_monochrome(t, i, j, c_0, intM_intP)) + ("JC_55": is_monochrome(t, i, j, c_0, intM_intP)) ========== file tests/java/why/FlagStatic_po61.why ========== goal FlagStatic_isMonochrome_ensures_decides_monochromatic_po_4: @@ -7963,23 +7823,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_67": true) -> - ("JC_65": - (("JC_63": (i <= k_0)) and - ("JC_64": + ("JC_75": true) -> + ("JC_73": + (("JC_71": (i <= k_0)) and + ("JC_72": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 >= j) -> forall return:bool. (return = true) -> is_monochrome(t, i, j, c_0, intM_intP) -> - ("JC_47": (return = true)) + ("JC_55": (return = true)) ========== file tests/java/why/FlagStatic_po62.why ========== goal FlagStatic_isMonochrome_ensures_default_po_1: @@ -7988,12 +7848,12 @@ forall j:int. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> - ("JC_59": ("JC_57": ("JC_57": (i <= i)))) + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_67": ("JC_65": (i <= i))) ========== file tests/java/why/FlagStatic_po63.why ========== goal FlagStatic_isMonochrome_ensures_default_po_2: @@ -8005,16 +7865,14 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> - ("JC_59": - ("JC_58": - ("JC_58": - (forall l:int. - (((i <= l) and (l < i)) -> (select(intM_intP, shift(t, l)) = c_0)))))) + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + forall l:int. + ((i <= l) and (l < i)) -> + ("JC_67": ("JC_66": (select(intM_intP, shift(t, l)) = c_0))) ========== file tests/java/why/FlagStatic_po64.why ========== goal FlagStatic_isMonochrome_ensures_default_po_3: @@ -8026,15 +7884,15 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_59": - (("JC_57": (i <= k_0)) and - ("JC_58": + ("JC_67": + (("JC_65": (i <= k_0)) and + ("JC_66": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -8043,7 +7901,7 @@ (result = c_0) -> forall k_0_0:int. (k_0_0 = (k_0 + 1)) -> - ("JC_59": ("JC_57": ("JC_57": (i <= k_0_0)))) + ("JC_67": ("JC_65": (i <= k_0_0))) ========== file tests/java/why/FlagStatic_po65.why ========== goal FlagStatic_isMonochrome_ensures_default_po_4: @@ -8055,15 +7913,15 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_59": - (("JC_57": (i <= k_0)) and - ("JC_58": + ("JC_67": + (("JC_65": (i <= k_0)) and + ("JC_66": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -8072,11 +7930,9 @@ (result = c_0) -> forall k_0_0:int. (k_0_0 = (k_0 + 1)) -> - ("JC_59": - ("JC_58": - ("JC_58": - (forall l:int. - (((i <= l) and (l < k_0_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) + forall l:int. + ((i <= l) and (l < k_0_0)) -> + ("JC_67": ("JC_66": (select(intM_intP, shift(t, l)) = c_0))) ========== file tests/java/why/FlagStatic_po66.why ========== goal FlagStatic_isMonochrome_safety_po_1: @@ -8088,16 +7944,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_49": (i <= k_0)) and - ("JC_50": + ("JC_61": true) -> + ("JC_59": + (("JC_57": (i <= k_0)) and + ("JC_58": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -8113,16 +7969,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_49": (i <= k_0)) and - ("JC_50": + ("JC_61": true) -> + ("JC_59": + (("JC_57": (i <= k_0)) and + ("JC_58": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -8138,16 +7994,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_49": (i <= k_0)) and - ("JC_50": + ("JC_61": true) -> + ("JC_59": + (("JC_57": (i <= k_0)) and + ("JC_58": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -8158,7 +8014,7 @@ (result = c_0) -> forall k_0_0:int. (k_0_0 = (k_0 + 1)) -> - (0 <= ("JC_56": (j - k_0))) + (0 <= ("JC_64": (j - k_0))) ========== file tests/java/why/FlagStatic_po69.why ========== goal FlagStatic_isMonochrome_safety_po_4: @@ -8170,16 +8026,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_49": (i <= k_0)) and - ("JC_50": + ("JC_61": true) -> + ("JC_59": + (("JC_57": (i <= k_0)) and + ("JC_58": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -8190,23 +8046,23 @@ (result = c_0) -> forall k_0_0:int. (k_0_0 = (k_0 + 1)) -> - (("JC_56": (j - k_0_0)) < ("JC_56": (j - k_0))) + (("JC_64": (j - k_0_0)) < ("JC_64": (j - k_0))) -========== file tests/java/why/FlagStatic_po6.why ========== -goal FlagStatic_flag_ensures_default_po_6: +========== file tests/java/why/FlagStatic_po7.why ========== +goal FlagStatic_flag_ensures_default_po_7: forall t_1:Object pointer. forall Object_alloc_table:Object alloc_table. forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": - ("JC_134": - ("JC_134": is_monochrome(t_1, 0, 0, FlagStatic_WHITE, intM_intP)))) + ("JC_144": + ("JC_143": is_monochrome(t_1, result, (offset_max(Object_alloc_table, + t_1) + 1), FlagStatic_RED, intM_intP))) ========== file tests/java/why/FlagStatic_po70.why ========== goal FlagStatic_swap_ensures_i_j_swapped_po_1: @@ -8217,11 +8073,11 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> forall result:int. (result = select(intM_intP, shift(t_0, i_0))) -> forall result0:int. @@ -8232,11 +8088,10 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t_0, j_0), result)) -> - ("JC_89": - ("JC_87": - ("JC_85": - ("JC_85": (select(intM_intP1, shift(t_0, i_0)) = select(intM_intP, - shift(t_0, j_0))))))) + ("JC_97": + ("JC_95": + ("JC_93": (select(intM_intP1, shift(t_0, i_0)) = select(intM_intP, + shift(t_0, j_0)))))) ========== file tests/java/why/FlagStatic_po71.why ========== goal FlagStatic_swap_ensures_i_j_swapped_po_2: @@ -8247,11 +8102,11 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> forall result:int. (result = select(intM_intP, shift(t_0, i_0))) -> forall result0:int. @@ -8262,11 +8117,10 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t_0, j_0), result)) -> - ("JC_89": - ("JC_87": - ("JC_86": - ("JC_86": (select(intM_intP1, shift(t_0, j_0)) = select(intM_intP, - shift(t_0, i_0))))))) + ("JC_97": + ("JC_95": + ("JC_94": (select(intM_intP1, shift(t_0, j_0)) = select(intM_intP, + shift(t_0, i_0)))))) ========== file tests/java/why/FlagStatic_po72.why ========== goal FlagStatic_swap_ensures_i_j_swapped_po_3: @@ -8277,11 +8131,11 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> forall result:int. (result = select(intM_intP, shift(t_0, i_0))) -> forall result0:int. @@ -8292,11 +8146,10 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t_0, j_0), result)) -> - ("JC_89": - ("JC_88": - ("JC_88": not_assigns(Object_alloc_table, intM_intP, intM_intP1, + ("JC_97": + ("JC_96": not_assigns(Object_alloc_table, intM_intP, intM_intP1, pset_union(pset_range(pset_singleton(t_0), j_0, j_0), - pset_range(pset_singleton(t_0), i_0, i_0)))))) + pset_range(pset_singleton(t_0), i_0, i_0))))) ========== file tests/java/why/FlagStatic_po73.why ========== goal FlagStatic_swap_safety_po_1: @@ -8305,11 +8158,11 @@ forall j_0:int. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> (offset_min(Object_alloc_table, t_0) <= i_0) ========== file tests/java/why/FlagStatic_po74.why ========== @@ -8319,11 +8172,11 @@ forall j_0:int. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> (i_0 <= offset_max(Object_alloc_table, t_0)) ========== file tests/java/why/FlagStatic_po75.why ========== @@ -8335,11 +8188,11 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> ((offset_min(Object_alloc_table, t_0) <= i_0) and (i_0 <= offset_max(Object_alloc_table, t_0))) -> forall result:int. @@ -8355,34 +8208,17 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> ((offset_min(Object_alloc_table, t_0) <= i_0) and (i_0 <= offset_max(Object_alloc_table, t_0))) -> forall result:int. (result = select(intM_intP, shift(t_0, i_0))) -> (j_0 <= offset_max(Object_alloc_table, t_0)) -========== file tests/java/why/FlagStatic_po7.why ========== -goal FlagStatic_flag_ensures_default_po_7: - forall t_1:Object pointer. - forall Object_alloc_table:Object alloc_table. - forall intM_intP:(Object, - int) memory. - (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": - ("JC_135": - ("JC_135": is_monochrome(t_1, result, (offset_max(Object_alloc_table, - t_1) + 1), FlagStatic_RED, intM_intP)))) - ========== file tests/java/why/FlagStatic_po8.why ========== goal FlagStatic_flag_ensures_default_po_8: forall t_1:Object pointer. @@ -8390,9 +8226,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -8400,16 +8236,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -8421,17 +8257,16 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": - ("JC_128": ("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP1)))) + ("JC_144": ("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP1))) ========== file tests/java/why/FlagStatic_po9.why ========== goal FlagStatic_flag_ensures_default_po_9: @@ -8440,9 +8275,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -8450,16 +8285,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -8471,16 +8306,16 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": ("JC_129": ("JC_129": (0 <= b_0_0)))) + ("JC_144": ("JC_137": (0 <= b_0_0))) ========== generation of Simplify VC output ========== why -simplify [...] why/FlagStatic.why @@ -9320,7 +9155,7 @@ (EQ (parenttag FlagStatic_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_1) 0)) + (>= (offset_max Object_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_alloc_table) (>= (offset_max Object_alloc_table x_0) (- 0 1))) @@ -9467,29 +9302,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_FlagStatic p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -9521,7 +9333,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; FlagStatic_flag_ensures_default_po_1, File "HOME/tests/java/FlagStatic.java", line 89, characters 7-13 +;; FlagStatic_flag_ensures_default_po_1, File "HOME/tests/java/FlagStatic.java", line 93, characters 7-13 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9533,7 +9345,7 @@ (EQ result (+ (offset_max Object_alloc_table t_1) 1)))) (<= 0 0))))))) -;; FlagStatic_flag_ensures_default_po_2, File "HOME/tests/java/FlagStatic.java", line 89, characters 12-18 +;; FlagStatic_flag_ensures_default_po_2, File "HOME/tests/java/FlagStatic.java", line 93, characters 12-18 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9545,7 +9357,7 @@ (EQ result (+ (offset_max Object_alloc_table t_1) 1)))) (<= 0 0))))))) -;; FlagStatic_flag_ensures_default_po_3, File "HOME/tests/java/FlagStatic.java", line 89, characters 17-23 +;; FlagStatic_flag_ensures_default_po_3, File "HOME/tests/java/FlagStatic.java", line 93, characters 17-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9557,7 +9369,7 @@ (EQ result (+ (offset_max Object_alloc_table t_1) 1)))) (<= 0 result))))))) -;; FlagStatic_flag_ensures_default_po_4, File "HOME/tests/java/FlagStatic.java", line 89, characters 22-35 +;; FlagStatic_flag_ensures_default_po_4, File "HOME/tests/java/FlagStatic.java", line 93, characters 22-35 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9569,7 +9381,7 @@ (EQ result (+ (offset_max Object_alloc_table t_1) 1)))) (<= result (+ (offset_max Object_alloc_table t_1) 1)))))))) -;; FlagStatic_flag_ensures_default_po_5, File "HOME/tests/java/FlagStatic.java", line 90, characters 7-32 +;; FlagStatic_flag_ensures_default_po_5, File "HOME/tests/java/FlagStatic.java", line 94, characters 7-32 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9581,7 +9393,7 @@ (EQ result (+ (offset_max Object_alloc_table t_1) 1)))) (is_monochrome t_1 0 0 FlagStatic_BLUE intM_intP))))))) -;; FlagStatic_flag_ensures_default_po_6, File "HOME/tests/java/FlagStatic.java", line 91, characters 7-33 +;; FlagStatic_flag_ensures_default_po_6, File "HOME/tests/java/FlagStatic.java", line 95, characters 7-33 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9593,7 +9405,7 @@ (EQ result (+ (offset_max Object_alloc_table t_1) 1)))) (is_monochrome t_1 0 0 FlagStatic_WHITE intM_intP))))))) -;; FlagStatic_flag_ensures_default_po_7, File "HOME/tests/java/FlagStatic.java", line 92, characters 14-45 +;; FlagStatic_flag_ensures_default_po_7, File "HOME/tests/java/FlagStatic.java", line 96, characters 14-45 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9606,7 +9418,7 @@ (is_monochrome t_1 result (+ (offset_max Object_alloc_table t_1) 1) FlagStatic_RED intM_intP))))))) -;; FlagStatic_flag_ensures_default_po_8, File "HOME/tests/java/FlagStatic.java", line 88, characters 7-24 +;; FlagStatic_flag_ensures_default_po_8, File "HOME/tests/java/FlagStatic.java", line 92, characters 7-24 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9652,7 +9464,7 @@ (pset_singleton t_1) b_0 b_0)))) (is_color_array t_1 Object_alloc_table intM_intP1)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_9, File "HOME/tests/java/FlagStatic.java", line 89, characters 7-13 +;; FlagStatic_flag_ensures_default_po_9, File "HOME/tests/java/FlagStatic.java", line 93, characters 7-13 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9698,7 +9510,7 @@ (pset_singleton t_1) b_0 b_0)))) (<= 0 b_0_0)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_10, File "HOME/tests/java/FlagStatic.java", line 89, characters 12-18 +;; FlagStatic_flag_ensures_default_po_10, File "HOME/tests/java/FlagStatic.java", line 93, characters 12-18 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9744,7 +9556,7 @@ (pset_singleton t_1) b_0 b_0)))) (<= b_0_0 i_3_0)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_11, File "HOME/tests/java/FlagStatic.java", line 89, characters 17-23 +;; FlagStatic_flag_ensures_default_po_11, File "HOME/tests/java/FlagStatic.java", line 93, characters 17-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9790,7 +9602,7 @@ (pset_singleton t_1) b_0 b_0)))) (<= i_3_0 r_0)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_12, File "HOME/tests/java/FlagStatic.java", line 89, characters 22-35 +;; FlagStatic_flag_ensures_default_po_12, File "HOME/tests/java/FlagStatic.java", line 93, characters 22-35 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9836,7 +9648,7 @@ (pset_singleton t_1) b_0 b_0)))) (<= r_0 (+ (offset_max Object_alloc_table t_1) 1))))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_13, File "HOME/tests/java/FlagStatic.java", line 90, characters 7-32 +;; FlagStatic_flag_ensures_default_po_13, File "HOME/tests/java/FlagStatic.java", line 94, characters 7-32 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9882,7 +9694,7 @@ (pset_singleton t_1) b_0 b_0)))) (is_monochrome t_1 0 b_0_0 FlagStatic_BLUE intM_intP1)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_14, File "HOME/tests/java/FlagStatic.java", line 91, characters 7-33 +;; FlagStatic_flag_ensures_default_po_14, File "HOME/tests/java/FlagStatic.java", line 95, characters 7-33 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9928,7 +9740,7 @@ (pset_singleton t_1) b_0 b_0)))) (is_monochrome t_1 b_0_0 i_3_0 FlagStatic_WHITE intM_intP1)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_15, File "HOME/tests/java/FlagStatic.java", line 92, characters 14-45 +;; FlagStatic_flag_ensures_default_po_15, File "HOME/tests/java/FlagStatic.java", line 96, characters 14-45 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -9975,7 +9787,7 @@ (is_monochrome t_1 r_0 (+ (offset_max Object_alloc_table t_1) 1) FlagStatic_RED intM_intP1)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_16, File "HOME/tests/java/FlagStatic.java", line 89, characters 7-13 +;; FlagStatic_flag_ensures_default_po_16, File "HOME/tests/java/FlagStatic.java", line 93, characters 7-13 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10006,7 +9818,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (EQ result0 FlagStatic_BLUE))) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= 0 b_0))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_17, File "HOME/tests/java/FlagStatic.java", line 89, characters 12-18 +;; FlagStatic_flag_ensures_default_po_17, File "HOME/tests/java/FlagStatic.java", line 93, characters 12-18 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10037,7 +9849,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (EQ result0 FlagStatic_BLUE))) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= b_0 i_3_0))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_18, File "HOME/tests/java/FlagStatic.java", line 89, characters 17-23 +;; FlagStatic_flag_ensures_default_po_18, File "HOME/tests/java/FlagStatic.java", line 93, characters 17-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10068,7 +9880,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (EQ result0 FlagStatic_BLUE))) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= i_3_0 r_0))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_19, File "HOME/tests/java/FlagStatic.java", line 89, characters 22-35 +;; FlagStatic_flag_ensures_default_po_19, File "HOME/tests/java/FlagStatic.java", line 93, characters 22-35 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10101,7 +9913,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= r_0 (+ (offset_max Object_alloc_table t_1) 1)))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_20, File "HOME/tests/java/FlagStatic.java", line 90, characters 7-32 +;; FlagStatic_flag_ensures_default_po_20, File "HOME/tests/java/FlagStatic.java", line 94, characters 7-32 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10134,7 +9946,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (is_monochrome t_1 0 b_0 FlagStatic_BLUE intM_intP0))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_21, File "HOME/tests/java/FlagStatic.java", line 91, characters 7-33 +;; FlagStatic_flag_ensures_default_po_21, File "HOME/tests/java/FlagStatic.java", line 95, characters 7-33 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10167,7 +9979,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (is_monochrome t_1 b_0 i_3_0 FlagStatic_WHITE intM_intP0))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_22, File "HOME/tests/java/FlagStatic.java", line 92, characters 14-45 +;; FlagStatic_flag_ensures_default_po_22, File "HOME/tests/java/FlagStatic.java", line 96, characters 14-45 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10201,7 +10013,7 @@ (is_monochrome t_1 r_0 (+ (offset_max Object_alloc_table t_1) 1) FlagStatic_RED intM_intP0))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_23, File "HOME/tests/java/FlagStatic.java", line 88, characters 7-24 +;; FlagStatic_flag_ensures_default_po_23, File "HOME/tests/java/FlagStatic.java", line 92, characters 7-24 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10250,7 +10062,7 @@ (pset_singleton t_1) r_0_0 r_0_0)))) (is_color_array t_1 Object_alloc_table intM_intP1)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_24, File "HOME/tests/java/FlagStatic.java", line 89, characters 7-13 +;; FlagStatic_flag_ensures_default_po_24, File "HOME/tests/java/FlagStatic.java", line 93, characters 7-13 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10299,7 +10111,7 @@ (pset_singleton t_1) r_0_0 r_0_0)))) (<= 0 b_0)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_25, File "HOME/tests/java/FlagStatic.java", line 89, characters 12-18 +;; FlagStatic_flag_ensures_default_po_25, File "HOME/tests/java/FlagStatic.java", line 93, characters 12-18 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10348,7 +10160,7 @@ (pset_singleton t_1) r_0_0 r_0_0)))) (<= b_0 i_3)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_26, File "HOME/tests/java/FlagStatic.java", line 89, characters 17-23 +;; FlagStatic_flag_ensures_default_po_26, File "HOME/tests/java/FlagStatic.java", line 93, characters 17-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10397,7 +10209,7 @@ (pset_singleton t_1) r_0_0 r_0_0)))) (<= i_3 r_0_0)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_27, File "HOME/tests/java/FlagStatic.java", line 89, characters 22-35 +;; FlagStatic_flag_ensures_default_po_27, File "HOME/tests/java/FlagStatic.java", line 93, characters 22-35 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10446,7 +10258,7 @@ (pset_singleton t_1) r_0_0 r_0_0)))) (<= r_0_0 (+ (offset_max Object_alloc_table t_1) 1))))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_28, File "HOME/tests/java/FlagStatic.java", line 90, characters 7-32 +;; FlagStatic_flag_ensures_default_po_28, File "HOME/tests/java/FlagStatic.java", line 94, characters 7-32 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10495,7 +10307,7 @@ (pset_singleton t_1) r_0_0 r_0_0)))) (is_monochrome t_1 0 b_0 FlagStatic_BLUE intM_intP1)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_29, File "HOME/tests/java/FlagStatic.java", line 91, characters 7-33 +;; FlagStatic_flag_ensures_default_po_29, File "HOME/tests/java/FlagStatic.java", line 95, characters 7-33 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10544,7 +10356,7 @@ (pset_singleton t_1) r_0_0 r_0_0)))) (is_monochrome t_1 b_0 i_3 FlagStatic_WHITE intM_intP1)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_30, File "HOME/tests/java/FlagStatic.java", line 92, characters 14-45 +;; FlagStatic_flag_ensures_default_po_30, File "HOME/tests/java/FlagStatic.java", line 96, characters 14-45 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10594,7 +10406,7 @@ (is_monochrome t_1 r_0_0 (+ (offset_max Object_alloc_table t_1) 1) FlagStatic_RED intM_intP1)))))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_31, File "HOME/tests/java/FlagStatic.java", line 89, characters 7-13 +;; FlagStatic_flag_ensures_default_po_31, File "HOME/tests/java/FlagStatic.java", line 93, characters 7-13 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10626,7 +10438,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (NEQ result0 FlagStatic_BLUE))) (<= 0 b_0)))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_32, File "HOME/tests/java/FlagStatic.java", line 89, characters 12-18 +;; FlagStatic_flag_ensures_default_po_32, File "HOME/tests/java/FlagStatic.java", line 93, characters 12-18 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10658,7 +10470,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (NEQ result0 FlagStatic_BLUE))) (<= b_0 i_3)))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_33, File "HOME/tests/java/FlagStatic.java", line 89, characters 17-23 +;; FlagStatic_flag_ensures_default_po_33, File "HOME/tests/java/FlagStatic.java", line 93, characters 17-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10690,7 +10502,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (NEQ result0 FlagStatic_BLUE))) (<= i_3 r_0)))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_34, File "HOME/tests/java/FlagStatic.java", line 89, characters 22-35 +;; FlagStatic_flag_ensures_default_po_34, File "HOME/tests/java/FlagStatic.java", line 93, characters 22-35 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10722,7 +10534,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (NEQ result0 FlagStatic_BLUE))) (<= r_0 (+ (offset_max Object_alloc_table t_1) 1))))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_35, File "HOME/tests/java/FlagStatic.java", line 90, characters 7-32 +;; FlagStatic_flag_ensures_default_po_35, File "HOME/tests/java/FlagStatic.java", line 94, characters 7-32 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10754,7 +10566,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (NEQ result0 FlagStatic_BLUE))) (is_monochrome t_1 0 b_0 FlagStatic_BLUE intM_intP0)))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_36, File "HOME/tests/java/FlagStatic.java", line 91, characters 7-33 +;; FlagStatic_flag_ensures_default_po_36, File "HOME/tests/java/FlagStatic.java", line 95, characters 7-33 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10786,7 +10598,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (NEQ result0 FlagStatic_BLUE))) (is_monochrome t_1 b_0 i_3 FlagStatic_WHITE intM_intP0)))))))))))))))))) -;; FlagStatic_flag_ensures_default_po_37, File "HOME/tests/java/FlagStatic.java", line 92, characters 14-45 +;; FlagStatic_flag_ensures_default_po_37, File "HOME/tests/java/FlagStatic.java", line 96, characters 14-45 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10819,7 +10631,7 @@ (is_monochrome t_1 r_0 (+ (offset_max Object_alloc_table t_1) 1) FlagStatic_RED intM_intP0)))))))))))))))))) -;; FlagStatic_flag_ensures_sorts_po_1, File "HOME/tests/java/FlagStatic.java", line 78, characters 13-169 +;; FlagStatic_flag_ensures_sorts_po_1, File "HOME/tests/java/FlagStatic.java", line 82, characters 13-169 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10851,7 +10663,7 @@ (is_monochrome t_1 r (+ (offset_max Object_alloc_table t_1) 1) FlagStatic_RED intM_intP0)))))))))))))))))) -;; FlagStatic_flag_safety_po_1, File "why/FlagStatic.why", line 1015, characters 19-74 +;; FlagStatic_flag_safety_po_1, File "why/FlagStatic.why", line 854, characters 19-74 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10859,7 +10671,7 @@ (is_color_array t_1 Object_alloc_table intM_intP)) (>= (offset_max Object_alloc_table t_1) (- 0 1)))))) -;; FlagStatic_flag_safety_po_2, File "HOME/tests/java/FlagStatic.java", line 96, characters 13-17 +;; FlagStatic_flag_safety_po_2, File "HOME/tests/java/FlagStatic.java", line 100, characters 13-17 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10886,7 +10698,7 @@ t_1 r_0 (+ (offset_max Object_alloc_table t_1) 1) FlagStatic_RED intM_intP0)))))))) (IMPLIES (< i_3 r_0) (<= (offset_min Object_alloc_table t_1) i_3))))))))))))))) -;; FlagStatic_flag_safety_po_3, File "HOME/tests/java/FlagStatic.java", line 96, characters 13-17 +;; FlagStatic_flag_safety_po_3, File "HOME/tests/java/FlagStatic.java", line 100, characters 13-17 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10913,7 +10725,7 @@ t_1 r_0 (+ (offset_max Object_alloc_table t_1) 1) FlagStatic_RED intM_intP0)))))))) (IMPLIES (< i_3 r_0) (<= i_3 (offset_max Object_alloc_table t_1)))))))))))))))) -;; FlagStatic_flag_safety_po_4, File "HOME/tests/java/FlagStatic.jc", line 188, characters 28-130 +;; FlagStatic_flag_safety_po_4, File "HOME/tests/java/FlagStatic.jc", line 191, characters 28-130 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10948,7 +10760,7 @@ (IMPLIES (EQ b_0_0 (+ b_0 1)) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= 0 b_0))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_5, File "HOME/tests/java/FlagStatic.jc", line 188, characters 28-130 +;; FlagStatic_flag_safety_po_5, File "HOME/tests/java/FlagStatic.jc", line 191, characters 28-130 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -10985,7 +10797,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (< b_0 (+ (offset_max Object_alloc_table t_1) 1)))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_6, File "HOME/tests/java/FlagStatic.jc", line 188, characters 28-130 +;; FlagStatic_flag_safety_po_6, File "HOME/tests/java/FlagStatic.jc", line 191, characters 28-130 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11020,7 +10832,7 @@ (IMPLIES (EQ b_0_0 (+ b_0 1)) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= 0 i_3))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_7, File "HOME/tests/java/FlagStatic.jc", line 188, characters 28-130 +;; FlagStatic_flag_safety_po_7, File "HOME/tests/java/FlagStatic.jc", line 191, characters 28-130 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11057,7 +10869,7 @@ (IMPLIES (EQ i_3_0 (+ i_3 1)) (< i_3 (+ (offset_max Object_alloc_table t_1) 1)))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_8, File "HOME/tests/java/FlagStatic.java", line 93, characters 18-23 +;; FlagStatic_flag_safety_po_8, File "HOME/tests/java/FlagStatic.java", line 97, characters 18-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11110,7 +10922,7 @@ (pset_singleton t_1) b_0 b_0)))) (<= 0 (- r_0 i_3))))))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_9, File "HOME/tests/java/FlagStatic.java", line 93, characters 18-23 +;; FlagStatic_flag_safety_po_9, File "HOME/tests/java/FlagStatic.java", line 97, characters 18-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11163,7 +10975,7 @@ (pset_singleton t_1) b_0 b_0)))) (< (- r_0 i_3_0) (- r_0 i_3))))))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_10, File "HOME/tests/java/FlagStatic.java", line 93, characters 18-23 +;; FlagStatic_flag_safety_po_10, File "HOME/tests/java/FlagStatic.java", line 97, characters 18-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11198,7 +11010,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (EQ result0 FlagStatic_BLUE))) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (<= 0 (- r_0 i_3))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_11, File "HOME/tests/java/FlagStatic.java", line 93, characters 18-23 +;; FlagStatic_flag_safety_po_11, File "HOME/tests/java/FlagStatic.java", line 97, characters 18-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11233,7 +11045,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (EQ result0 FlagStatic_BLUE))) (FORALL (i_3_0) (IMPLIES (EQ i_3_0 (+ i_3 1)) (< (- r_0 i_3_0) (- r_0 i_3))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_12, File "HOME/tests/java/FlagStatic.jc", line 199, characters 28-72 +;; FlagStatic_flag_safety_po_12, File "HOME/tests/java/FlagStatic.jc", line 202, characters 28-72 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11271,7 +11083,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (EQ result0 FlagStatic_BLUE))))) (FORALL (r_0_0) (IMPLIES (EQ r_0_0 (- r_0 1)) (<= 0 r_0_0))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_13, File "HOME/tests/java/FlagStatic.jc", line 199, characters 28-72 +;; FlagStatic_flag_safety_po_13, File "HOME/tests/java/FlagStatic.jc", line 202, characters 28-72 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11311,7 +11123,7 @@ (IMPLIES (EQ r_0_0 (- r_0 1)) (< r_0_0 (+ (offset_max Object_alloc_table t_1) 1)))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_14, File "HOME/tests/java/FlagStatic.jc", line 199, characters 28-72 +;; FlagStatic_flag_safety_po_14, File "HOME/tests/java/FlagStatic.jc", line 202, characters 28-72 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11349,7 +11161,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (EQ result0 FlagStatic_BLUE))))) (FORALL (r_0_0) (IMPLIES (EQ r_0_0 (- r_0 1)) (<= 0 i_3))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_15, File "HOME/tests/java/FlagStatic.jc", line 199, characters 28-72 +;; FlagStatic_flag_safety_po_15, File "HOME/tests/java/FlagStatic.jc", line 202, characters 28-72 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11389,7 +11201,7 @@ (IMPLIES (EQ r_0_0 (- r_0 1)) (< i_3 (+ (offset_max Object_alloc_table t_1) 1)))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_16, File "HOME/tests/java/FlagStatic.java", line 93, characters 18-23 +;; FlagStatic_flag_safety_po_16, File "HOME/tests/java/FlagStatic.java", line 97, characters 18-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11445,7 +11257,7 @@ (pset_singleton t_1) r_0_0 r_0_0)))) (<= 0 (- r_0 i_3))))))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_17, File "HOME/tests/java/FlagStatic.java", line 93, characters 18-23 +;; FlagStatic_flag_safety_po_17, File "HOME/tests/java/FlagStatic.java", line 97, characters 18-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11501,7 +11313,7 @@ (pset_singleton t_1) r_0_0 r_0_0)))) (< (- r_0_0 i_3) (- r_0 i_3))))))))))))))))))))))))))) -;; FlagStatic_flag_safety_po_18, File "HOME/tests/java/FlagStatic.java", line 93, characters 18-23 +;; FlagStatic_flag_safety_po_18, File "HOME/tests/java/FlagStatic.java", line 97, characters 18-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11537,7 +11349,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (NEQ result0 FlagStatic_BLUE))) (<= 0 (- r_0 i_3)))))))))))))))))))))) -;; FlagStatic_flag_safety_po_19, File "HOME/tests/java/FlagStatic.java", line 93, characters 18-23 +;; FlagStatic_flag_safety_po_19, File "HOME/tests/java/FlagStatic.java", line 97, characters 18-23 (FORALL (t_1) (FORALL (Object_alloc_table) (FORALL (intM_intP) @@ -11573,7 +11385,7 @@ (AND (NEQ result0 FlagStatic_WHITE) (NEQ result0 FlagStatic_BLUE))) (< (- r_0 i_3) (- r_0 i_3)))))))))))))))))))))) -;; FlagStatic_isMonochrome_ensures_decides_monochromatic_po_1, File "HOME/tests/java/FlagStatic.java", line 52, characters 18-53 +;; FlagStatic_isMonochrome_ensures_decides_monochromatic_po_1, File "HOME/tests/java/FlagStatic.java", line 56, characters 18-53 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11598,7 +11410,7 @@ (IMPLIES (EQ return |@false|) (IMPLIES (EQ return |@true|) (is_monochrome t i j c_0 intM_intP)))))))))))))))))) -;; FlagStatic_isMonochrome_ensures_decides_monochromatic_po_2, File "HOME/tests/java/FlagStatic.java", line 52, characters 18-53 +;; FlagStatic_isMonochrome_ensures_decides_monochromatic_po_2, File "HOME/tests/java/FlagStatic.java", line 56, characters 18-53 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11623,7 +11435,7 @@ (IMPLIES (EQ return |@false|) (IMPLIES (is_monochrome t i j c_0 intM_intP) (EQ return |@true|)))))))))))))))))) -;; FlagStatic_isMonochrome_ensures_decides_monochromatic_po_3, File "HOME/tests/java/FlagStatic.java", line 52, characters 18-53 +;; FlagStatic_isMonochrome_ensures_decides_monochromatic_po_3, File "HOME/tests/java/FlagStatic.java", line 56, characters 18-53 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11645,7 +11457,7 @@ (IMPLIES (EQ return |@true|) (IMPLIES (EQ return |@true|) (is_monochrome t i j c_0 intM_intP))))))))))))))) -;; FlagStatic_isMonochrome_ensures_decides_monochromatic_po_4, File "HOME/tests/java/FlagStatic.java", line 52, characters 18-53 +;; FlagStatic_isMonochrome_ensures_decides_monochromatic_po_4, File "HOME/tests/java/FlagStatic.java", line 56, characters 18-53 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11667,7 +11479,7 @@ (IMPLIES (EQ return |@true|) (IMPLIES (is_monochrome t i j c_0 intM_intP) (EQ return |@true|))))))))))))))) -;; FlagStatic_isMonochrome_ensures_default_po_1, File "HOME/tests/java/FlagStatic.java", line 55, characters 24-30 +;; FlagStatic_isMonochrome_ensures_default_po_1, File "HOME/tests/java/FlagStatic.java", line 59, characters 24-30 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11678,7 +11490,7 @@ (AND (<= i j) (<= j (+ (offset_max Object_alloc_table t) 1)))))) (<= i i)))))) -;; FlagStatic_isMonochrome_ensures_default_po_2, File "HOME/tests/java/FlagStatic.java", line 56, characters 8-49 +;; FlagStatic_isMonochrome_ensures_default_po_2, File "HOME/tests/java/FlagStatic.java", line 60, characters 8-49 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11692,7 +11504,7 @@ (FORALL (l) (IMPLIES (AND (<= i l) (< l i)) (EQ (select intM_intP (shift t l)) c_0)))))))))) -;; FlagStatic_isMonochrome_ensures_default_po_3, File "HOME/tests/java/FlagStatic.java", line 55, characters 24-30 +;; FlagStatic_isMonochrome_ensures_default_po_3, File "HOME/tests/java/FlagStatic.java", line 59, characters 24-30 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11714,7 +11526,7 @@ (IMPLIES (EQ result c_0) (FORALL (k_0_0) (IMPLIES (EQ k_0_0 (+ k_0 1)) (<= i k_0_0)))))))))))))))) -;; FlagStatic_isMonochrome_ensures_default_po_4, File "HOME/tests/java/FlagStatic.java", line 56, characters 8-49 +;; FlagStatic_isMonochrome_ensures_default_po_4, File "HOME/tests/java/FlagStatic.java", line 60, characters 8-49 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11739,7 +11551,7 @@ (FORALL (l) (IMPLIES (AND (<= i l) (< l k_0_0)) (EQ (select intM_intP (shift t l)) c_0)))))))))))))))))) -;; FlagStatic_isMonochrome_safety_po_1, File "HOME/tests/java/FlagStatic.java", line 59, characters 33-37 +;; FlagStatic_isMonochrome_safety_po_1, File "HOME/tests/java/FlagStatic.java", line 63, characters 33-37 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11758,7 +11570,7 @@ (EQ (select intM_intP (shift t l)) c_0)))) (IMPLIES (< k_0 j) (<= (offset_min Object_alloc_table t) k_0)))))))))))) -;; FlagStatic_isMonochrome_safety_po_2, File "HOME/tests/java/FlagStatic.java", line 59, characters 33-37 +;; FlagStatic_isMonochrome_safety_po_2, File "HOME/tests/java/FlagStatic.java", line 63, characters 33-37 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11777,7 +11589,7 @@ (EQ (select intM_intP (shift t l)) c_0)))) (IMPLIES (< k_0 j) (<= k_0 (offset_max Object_alloc_table t))))))))))))) -;; FlagStatic_isMonochrome_safety_po_3, File "HOME/tests/java/FlagStatic.java", line 57, characters 22-27 +;; FlagStatic_isMonochrome_safety_po_3, File "HOME/tests/java/FlagStatic.java", line 61, characters 22-27 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11802,7 +11614,7 @@ (IMPLIES (EQ result c_0) (FORALL (k_0_0) (IMPLIES (EQ k_0_0 (+ k_0 1)) (<= 0 (- j k_0))))))))))))))))))) -;; FlagStatic_isMonochrome_safety_po_4, File "HOME/tests/java/FlagStatic.java", line 57, characters 22-27 +;; FlagStatic_isMonochrome_safety_po_4, File "HOME/tests/java/FlagStatic.java", line 61, characters 22-27 (FORALL (t) (FORALL (i) (FORALL (j) @@ -11827,7 +11639,7 @@ (IMPLIES (EQ result c_0) (FORALL (k_0_0) (IMPLIES (EQ k_0_0 (+ k_0 1)) (< (- j k_0_0) (- j k_0))))))))))))))))))) -;; FlagStatic_swap_ensures_i_j_swapped_po_1, File "HOME/tests/java/FlagStatic.java", line 66, characters 18-36 +;; FlagStatic_swap_ensures_i_j_swapped_po_1, File "HOME/tests/java/FlagStatic.java", line 70, characters 18-36 (FORALL (t_0) (FORALL (i_0) (FORALL (j_0) @@ -11847,7 +11659,7 @@ (IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t_0 j_0) result)) (EQ (select intM_intP1 (shift t_0 i_0)) (select intM_intP (shift t_0 j_0))))))))))))))))) -;; FlagStatic_swap_ensures_i_j_swapped_po_2, File "HOME/tests/java/FlagStatic.java", line 66, characters 40-58 +;; FlagStatic_swap_ensures_i_j_swapped_po_2, File "HOME/tests/java/FlagStatic.java", line 70, characters 40-58 (FORALL (t_0) (FORALL (i_0) (FORALL (j_0) @@ -11867,7 +11679,7 @@ (IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t_0 j_0) result)) (EQ (select intM_intP1 (shift t_0 j_0)) (select intM_intP (shift t_0 i_0))))))))))))))))) -;; FlagStatic_swap_ensures_i_j_swapped_po_3, File "HOME/tests/java/FlagStatic.java", line 68, characters 24-28 +;; FlagStatic_swap_ensures_i_j_swapped_po_3, File "HOME/tests/java/FlagStatic.java", line 72, characters 24-28 (FORALL (t_0) (FORALL (i_0) (FORALL (j_0) @@ -11892,7 +11704,7 @@ (pset_range (pset_singleton t_0) i_0 i_0))))))))))))))))) -;; FlagStatic_swap_safety_po_1, File "HOME/tests/java/FlagStatic.java", line 69, characters 9-13 +;; FlagStatic_swap_safety_po_1, File "HOME/tests/java/FlagStatic.java", line 73, characters 9-13 (FORALL (t_0) (FORALL (i_0) (FORALL (j_0) @@ -11903,7 +11715,7 @@ (AND (<= 0 j_0) (< j_0 (+ (offset_max Object_alloc_table t_0) 1)))))) (<= (offset_min Object_alloc_table t_0) i_0)))))) -;; FlagStatic_swap_safety_po_2, File "HOME/tests/java/FlagStatic.java", line 69, characters 9-13 +;; FlagStatic_swap_safety_po_2, File "HOME/tests/java/FlagStatic.java", line 73, characters 9-13 (FORALL (t_0) (FORALL (i_0) (FORALL (j_0) @@ -11914,7 +11726,7 @@ (AND (<= 0 j_0) (< j_0 (+ (offset_max Object_alloc_table t_0) 1)))))) (<= i_0 (offset_max Object_alloc_table t_0))))))) -;; FlagStatic_swap_safety_po_3, File "HOME/tests/java/FlagStatic.java", line 70, characters 8-12 +;; FlagStatic_swap_safety_po_3, File "HOME/tests/java/FlagStatic.java", line 74, characters 8-12 (FORALL (t_0) (FORALL (i_0) (FORALL (j_0) @@ -11930,7 +11742,7 @@ (IMPLIES (EQ result (select intM_intP (shift t_0 i_0))) (<= (offset_min Object_alloc_table t_0) j_0)))))))))) -;; FlagStatic_swap_safety_po_4, File "HOME/tests/java/FlagStatic.java", line 70, characters 8-12 +;; FlagStatic_swap_safety_po_4, File "HOME/tests/java/FlagStatic.java", line 74, characters 8-12 (FORALL (t_0) (FORALL (i_0) (FORALL (j_0) @@ -12910,7 +12722,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -13081,36 +12893,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_FlagStatic(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -13157,12 +12939,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": ("JC_129": ("JC_129": (0 <= 0)))) + ("JC_144": ("JC_137": (0 <= 0))) goal FlagStatic_flag_ensures_default_po_2: forall t_1:Object pointer. @@ -13170,12 +12952,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": ("JC_130": ("JC_130": (0 <= 0)))) + ("JC_144": ("JC_138": (0 <= 0))) goal FlagStatic_flag_ensures_default_po_3: forall t_1:Object pointer. @@ -13183,12 +12965,12 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": ("JC_131": ("JC_131": (0 <= result)))) + ("JC_144": ("JC_139": (0 <= result))) goal FlagStatic_flag_ensures_default_po_4: forall t_1:Object pointer. @@ -13196,14 +12978,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": - ("JC_132": - ("JC_132": (result <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_144": + ("JC_140": (result <= (offset_max(Object_alloc_table, t_1) + 1)))) goal FlagStatic_flag_ensures_default_po_5: forall t_1:Object pointer. @@ -13211,14 +12992,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": - ("JC_133": - ("JC_133": is_monochrome(t_1, 0, 0, FlagStatic_BLUE, intM_intP)))) + ("JC_144": + ("JC_141": is_monochrome(t_1, 0, 0, FlagStatic_BLUE, intM_intP))) goal FlagStatic_flag_ensures_default_po_6: forall t_1:Object pointer. @@ -13226,14 +13006,13 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": - ("JC_134": - ("JC_134": is_monochrome(t_1, 0, 0, FlagStatic_WHITE, intM_intP)))) + ("JC_144": + ("JC_142": is_monochrome(t_1, 0, 0, FlagStatic_WHITE, intM_intP))) goal FlagStatic_flag_ensures_default_po_7: forall t_1:Object pointer. @@ -13241,15 +13020,14 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> - ("JC_136": - ("JC_135": - ("JC_135": is_monochrome(t_1, result, (offset_max(Object_alloc_table, - t_1) + 1), FlagStatic_RED, intM_intP)))) + ("JC_144": + ("JC_143": is_monochrome(t_1, result, (offset_max(Object_alloc_table, + t_1) + 1), FlagStatic_RED, intM_intP))) goal FlagStatic_flag_ensures_default_po_8: forall t_1:Object pointer. @@ -13257,9 +13035,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13267,16 +13045,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13288,17 +13066,16 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": - ("JC_128": ("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP1)))) + ("JC_144": ("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP1))) goal FlagStatic_flag_ensures_default_po_9: forall t_1:Object pointer. @@ -13306,9 +13083,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13316,16 +13093,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13337,16 +13114,16 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": ("JC_129": ("JC_129": (0 <= b_0_0)))) + ("JC_144": ("JC_137": (0 <= b_0_0))) goal FlagStatic_flag_ensures_default_po_10: forall t_1:Object pointer. @@ -13354,9 +13131,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13364,16 +13141,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13385,16 +13162,16 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": ("JC_130": ("JC_130": (b_0_0 <= i_3_0)))) + ("JC_144": ("JC_138": (b_0_0 <= i_3_0))) goal FlagStatic_flag_ensures_default_po_11: forall t_1:Object pointer. @@ -13402,9 +13179,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13412,16 +13189,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13433,16 +13210,16 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": ("JC_131": ("JC_131": (i_3_0 <= r_0)))) + ("JC_144": ("JC_139": (i_3_0 <= r_0))) goal FlagStatic_flag_ensures_default_po_12: forall t_1:Object pointer. @@ -13450,9 +13227,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13460,16 +13237,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13481,17 +13258,16 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": - ("JC_132": ("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_144": ("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) goal FlagStatic_flag_ensures_default_po_13: forall t_1:Object pointer. @@ -13499,9 +13275,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13509,16 +13285,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13530,18 +13306,17 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": - ("JC_133": - ("JC_133": is_monochrome(t_1, 0, b_0_0, FlagStatic_BLUE, intM_intP1)))) + ("JC_144": + ("JC_141": is_monochrome(t_1, 0, b_0_0, FlagStatic_BLUE, intM_intP1))) goal FlagStatic_flag_ensures_default_po_14: forall t_1:Object pointer. @@ -13549,9 +13324,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13559,16 +13334,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13580,18 +13355,17 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": - ("JC_134": - ("JC_134": is_monochrome(t_1, b_0_0, i_3_0, FlagStatic_WHITE, intM_intP1)))) + ("JC_144": + ("JC_142": is_monochrome(t_1, b_0_0, i_3_0, FlagStatic_WHITE, intM_intP1))) goal FlagStatic_flag_ensures_default_po_15: forall t_1:Object pointer. @@ -13599,9 +13373,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13609,16 +13383,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13630,19 +13404,18 @@ (i_3_0 = (i_3 + 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - ("JC_136": - ("JC_135": - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, - t_1) + 1), FlagStatic_RED, intM_intP1)))) + ("JC_144": + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + t_1) + 1), FlagStatic_RED, intM_intP1))) goal FlagStatic_flag_ensures_default_po_16: forall t_1:Object pointer. @@ -13650,9 +13423,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13660,16 +13433,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13679,7 +13452,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": ("JC_129": ("JC_129": (0 <= b_0)))) + ("JC_144": ("JC_137": (0 <= b_0))) goal FlagStatic_flag_ensures_default_po_17: forall t_1:Object pointer. @@ -13687,9 +13460,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13697,16 +13470,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13716,7 +13489,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": ("JC_130": ("JC_130": (b_0 <= i_3_0)))) + ("JC_144": ("JC_138": (b_0 <= i_3_0))) goal FlagStatic_flag_ensures_default_po_18: forall t_1:Object pointer. @@ -13724,9 +13497,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13734,16 +13507,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13753,7 +13526,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": ("JC_131": ("JC_131": (i_3_0 <= r_0)))) + ("JC_144": ("JC_139": (i_3_0 <= r_0))) goal FlagStatic_flag_ensures_default_po_19: forall t_1:Object pointer. @@ -13761,9 +13534,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13771,16 +13544,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13790,8 +13563,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": - ("JC_132": ("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_144": ("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) goal FlagStatic_flag_ensures_default_po_20: forall t_1:Object pointer. @@ -13799,9 +13571,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13809,16 +13581,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13828,9 +13600,8 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": - ("JC_133": - ("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)))) + ("JC_144": + ("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0))) goal FlagStatic_flag_ensures_default_po_21: forall t_1:Object pointer. @@ -13838,9 +13609,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13848,16 +13619,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13867,9 +13638,8 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": - ("JC_134": - ("JC_134": is_monochrome(t_1, b_0, i_3_0, FlagStatic_WHITE, intM_intP0)))) + ("JC_144": + ("JC_142": is_monochrome(t_1, b_0, i_3_0, FlagStatic_WHITE, intM_intP0))) goal FlagStatic_flag_ensures_default_po_22: forall t_1:Object pointer. @@ -13877,9 +13647,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13887,16 +13657,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13906,10 +13676,9 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_136": - ("JC_135": - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, - t_1) + 1), FlagStatic_RED, intM_intP0)))) + ("JC_144": + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + t_1) + 1), FlagStatic_RED, intM_intP0))) goal FlagStatic_flag_ensures_default_po_23: forall t_1:Object pointer. @@ -13917,9 +13686,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13927,16 +13696,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -13951,17 +13720,16 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": - ("JC_128": ("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP1)))) + ("JC_144": ("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP1))) goal FlagStatic_flag_ensures_default_po_24: forall t_1:Object pointer. @@ -13969,9 +13737,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -13979,16 +13747,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14003,16 +13771,16 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": ("JC_129": ("JC_129": (0 <= b_0)))) + ("JC_144": ("JC_137": (0 <= b_0))) goal FlagStatic_flag_ensures_default_po_25: forall t_1:Object pointer. @@ -14020,9 +13788,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14030,16 +13798,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14054,16 +13822,16 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": ("JC_130": ("JC_130": (b_0 <= i_3)))) + ("JC_144": ("JC_138": (b_0 <= i_3))) goal FlagStatic_flag_ensures_default_po_26: forall t_1:Object pointer. @@ -14071,9 +13839,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14081,16 +13849,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14105,16 +13873,16 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": ("JC_131": ("JC_131": (i_3 <= r_0_0)))) + ("JC_144": ("JC_139": (i_3 <= r_0_0))) goal FlagStatic_flag_ensures_default_po_27: forall t_1:Object pointer. @@ -14122,9 +13890,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14132,16 +13900,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14156,18 +13924,17 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": - ("JC_132": - ("JC_132": (r_0_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_144": + ("JC_140": (r_0_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) goal FlagStatic_flag_ensures_default_po_28: forall t_1:Object pointer. @@ -14175,9 +13942,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14185,16 +13952,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14209,18 +13976,17 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": - ("JC_133": - ("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP1)))) + ("JC_144": + ("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP1))) goal FlagStatic_flag_ensures_default_po_29: forall t_1:Object pointer. @@ -14228,9 +13994,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14238,16 +14004,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14262,18 +14028,17 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": - ("JC_134": - ("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP1)))) + ("JC_144": + ("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP1))) goal FlagStatic_flag_ensures_default_po_30: forall t_1:Object pointer. @@ -14281,9 +14046,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14291,16 +14056,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14315,19 +14080,18 @@ (r_0_0 = (r_0 - 1)) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - ("JC_136": - ("JC_135": - ("JC_135": is_monochrome(t_1, r_0_0, (offset_max(Object_alloc_table, - t_1) + 1), FlagStatic_RED, intM_intP1)))) + ("JC_144": + ("JC_143": is_monochrome(t_1, r_0_0, (offset_max(Object_alloc_table, + t_1) + 1), FlagStatic_RED, intM_intP1))) goal FlagStatic_flag_ensures_default_po_31: forall t_1:Object pointer. @@ -14335,9 +14099,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14345,16 +14109,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14363,7 +14127,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": ("JC_129": ("JC_129": (0 <= b_0)))) + ("JC_144": ("JC_137": (0 <= b_0))) goal FlagStatic_flag_ensures_default_po_32: forall t_1:Object pointer. @@ -14371,9 +14135,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14381,16 +14145,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14399,7 +14163,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": ("JC_130": ("JC_130": (b_0 <= i_3)))) + ("JC_144": ("JC_138": (b_0 <= i_3))) goal FlagStatic_flag_ensures_default_po_33: forall t_1:Object pointer. @@ -14407,9 +14171,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14417,16 +14181,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14435,7 +14199,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": ("JC_131": ("JC_131": (i_3 <= r_0)))) + ("JC_144": ("JC_139": (i_3 <= r_0))) goal FlagStatic_flag_ensures_default_po_34: forall t_1:Object pointer. @@ -14443,9 +14207,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14453,16 +14217,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14471,8 +14235,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": - ("JC_132": ("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_144": ("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1)))) goal FlagStatic_flag_ensures_default_po_35: forall t_1:Object pointer. @@ -14480,9 +14243,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14490,16 +14253,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14508,9 +14271,8 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": - ("JC_133": - ("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)))) + ("JC_144": + ("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0))) goal FlagStatic_flag_ensures_default_po_36: forall t_1:Object pointer. @@ -14518,9 +14280,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14528,16 +14290,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14546,9 +14308,8 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": - ("JC_134": - ("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)))) + ("JC_144": + ("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0))) goal FlagStatic_flag_ensures_default_po_37: forall t_1:Object pointer. @@ -14556,9 +14317,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14566,16 +14327,16 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_136": - (("JC_128": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_129": (0 <= b_0)) and - (("JC_130": (b_0 <= i_3)) and - (("JC_131": (i_3 <= r_0)) and - (("JC_132": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_133": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_134": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_144": + (("JC_136": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_137": (0 <= b_0)) and + (("JC_138": (b_0 <= i_3)) and + (("JC_139": (i_3 <= r_0)) and + (("JC_140": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_141": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_142": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> forall result0:int. @@ -14584,10 +14345,9 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - ("JC_136": - ("JC_135": - ("JC_135": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, - t_1) + 1), FlagStatic_RED, intM_intP0)))) + ("JC_144": + ("JC_143": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + t_1) + 1), FlagStatic_RED, intM_intP0))) goal FlagStatic_flag_ensures_sorts_po_1: forall t_1:Object pointer. @@ -14595,9 +14355,9 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14605,20 +14365,20 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_153": true) -> - ("JC_151": - (("JC_143": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_144": (0 <= b_0)) and - (("JC_145": (b_0 <= i_3)) and - (("JC_146": (i_3 <= r_0)) and - (("JC_147": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_148": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_149": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_161": true) -> + ("JC_159": + (("JC_151": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_152": (0 <= b_0)) and + (("JC_153": (b_0 <= i_3)) and + (("JC_154": (i_3 <= r_0)) and + (("JC_155": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_156": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_157": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_150": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_158": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 >= r_0) -> - ("JC_107": + ("JC_115": (exists b:int. (exists r:int. (is_monochrome(t_1, 0, b, FlagStatic_BLUE, intM_intP0) and @@ -14632,7 +14392,7 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) goal FlagStatic_flag_safety_po_2: @@ -14641,10 +14401,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14652,17 +14412,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> (offset_min(Object_alloc_table, t_1) <= i_3) @@ -14673,10 +14433,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14684,17 +14444,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> (i_3 <= offset_max(Object_alloc_table, t_1)) @@ -14705,10 +14465,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14716,17 +14476,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -14738,7 +14498,7 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": ("JC_69": ("JC_69": (0 <= b_0)))) + ("JC_81": ("JC_77": (0 <= b_0))) goal FlagStatic_flag_safety_po_5: forall t_1:Object pointer. @@ -14746,10 +14506,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14757,17 +14517,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -14779,8 +14539,7 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": - ("JC_70": ("JC_70": (b_0 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_81": ("JC_78": (b_0 < (offset_max(Object_alloc_table, t_1) + 1)))) goal FlagStatic_flag_safety_po_6: forall t_1:Object pointer. @@ -14788,10 +14547,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14799,17 +14558,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -14821,7 +14580,7 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": ("JC_71": ("JC_71": (0 <= i_3)))) + ("JC_81": ("JC_79": (0 <= i_3))) goal FlagStatic_flag_safety_po_7: forall t_1:Object pointer. @@ -14829,10 +14588,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14840,17 +14599,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -14862,8 +14621,7 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": - ("JC_72": ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_81": ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1)))) goal FlagStatic_flag_safety_po_8: forall t_1:Object pointer. @@ -14871,10 +14629,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14882,17 +14640,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -14904,23 +14662,23 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": - (("JC_69": (0 <= b_0)) and - (("JC_70": (b_0 < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_71": (0 <= i_3)) and - ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> + ("JC_81": + (("JC_77": (0 <= b_0)) and + (("JC_78": (b_0 < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_79": (0 <= i_3)) and + ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - (0 <= ("JC_126": (r_0 - i_3))) + (0 <= ("JC_134": (r_0 - i_3))) goal FlagStatic_flag_safety_po_9: forall t_1:Object pointer. @@ -14928,10 +14686,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14939,17 +14697,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -14961,23 +14719,23 @@ (b_0_0 = (b_0 + 1)) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - ("JC_73": - (("JC_69": (0 <= b_0)) and - (("JC_70": (b_0 < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_71": (0 <= i_3)) and - ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> + ("JC_81": + (("JC_77": (0 <= b_0)) and + (("JC_78": (b_0 < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_79": (0 <= i_3)) and + ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, b_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, b_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), b_0, b_0)))))) -> - (("JC_126": (r_0 - i_3_0)) < ("JC_126": (r_0 - i_3))) + (("JC_134": (r_0 - i_3_0)) < ("JC_134": (r_0 - i_3))) goal FlagStatic_flag_safety_po_10: forall t_1:Object pointer. @@ -14985,10 +14743,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -14996,17 +14754,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -15018,7 +14776,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (0 <= ("JC_126": (r_0 - i_3))) + (0 <= ("JC_134": (r_0 - i_3))) goal FlagStatic_flag_safety_po_11: forall t_1:Object pointer. @@ -15026,10 +14784,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -15037,17 +14795,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -15059,7 +14817,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))) -> forall i_3_0:int. (i_3_0 = (i_3 + 1)) -> - (("JC_126": (r_0 - i_3_0)) < ("JC_126": (r_0 - i_3))) + (("JC_134": (r_0 - i_3_0)) < ("JC_134": (r_0 - i_3))) goal FlagStatic_flag_safety_po_12: forall t_1:Object pointer. @@ -15067,10 +14825,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -15078,17 +14836,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -15103,7 +14861,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": ("JC_69": ("JC_69": (0 <= r_0_0)))) + ("JC_81": ("JC_77": (0 <= r_0_0))) goal FlagStatic_flag_safety_po_13: forall t_1:Object pointer. @@ -15111,10 +14869,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -15122,17 +14880,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -15147,8 +14905,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": - ("JC_70": ("JC_70": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_81": ("JC_78": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1)))) goal FlagStatic_flag_safety_po_14: forall t_1:Object pointer. @@ -15156,10 +14913,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -15167,17 +14924,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -15192,7 +14949,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": ("JC_71": ("JC_71": (0 <= i_3)))) + ("JC_81": ("JC_79": (0 <= i_3))) goal FlagStatic_flag_safety_po_15: forall t_1:Object pointer. @@ -15200,10 +14957,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -15211,17 +14968,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -15236,8 +14993,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": - ("JC_72": ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))) + ("JC_81": ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1)))) goal FlagStatic_flag_safety_po_16: forall t_1:Object pointer. @@ -15245,10 +15001,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -15256,17 +15012,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -15281,23 +15037,23 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": - (("JC_69": (0 <= r_0_0)) and - (("JC_70": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_71": (0 <= i_3)) and - ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> + ("JC_81": + (("JC_77": (0 <= r_0_0)) and + (("JC_78": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_79": (0 <= i_3)) and + ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - (0 <= ("JC_126": (r_0 - i_3))) + (0 <= ("JC_134": (r_0 - i_3))) goal FlagStatic_flag_safety_po_17: forall t_1:Object pointer. @@ -15305,10 +15061,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -15316,17 +15072,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -15341,23 +15097,23 @@ ((result0 <> FlagStatic_WHITE) and (result0 = FlagStatic_BLUE))))) -> forall r_0_0:int. (r_0_0 = (r_0 - 1)) -> - ("JC_73": - (("JC_69": (0 <= r_0_0)) and - (("JC_70": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_71": (0 <= i_3)) and - ("JC_72": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> + ("JC_81": + (("JC_77": (0 <= r_0_0)) and + (("JC_78": (r_0_0 < (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_79": (0 <= i_3)) and + ("JC_80": (i_3 < (offset_max(Object_alloc_table, t_1) + 1))))))) -> forall intM_intP1:(Object, int) memory. - ("JC_94": - (("JC_92": - (("JC_90": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, + ("JC_102": + (("JC_100": + (("JC_98": (select(intM_intP1, shift(t_1, r_0_0)) = select(intM_intP0, shift(t_1, i_3)))) and - ("JC_91": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, + ("JC_99": (select(intM_intP1, shift(t_1, i_3)) = select(intM_intP0, shift(t_1, r_0_0)))))) and - ("JC_93": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_101": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_1), i_3, i_3), pset_range(pset_singleton(t_1), r_0_0, r_0_0)))))) -> - (("JC_126": (r_0_0 - i_3)) < ("JC_126": (r_0 - i_3))) + (("JC_134": (r_0_0 - i_3)) < ("JC_134": (r_0 - i_3))) goal FlagStatic_flag_safety_po_18: forall t_1:Object pointer. @@ -15365,10 +15121,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -15376,17 +15132,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -15397,7 +15153,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - (0 <= ("JC_126": (r_0 - i_3))) + (0 <= ("JC_134": (r_0 - i_3))) goal FlagStatic_flag_safety_po_19: forall t_1:Object pointer. @@ -15405,10 +15161,10 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_1, 0, Object_alloc_table) and - ("JC_101": is_color_array(t_1, Object_alloc_table, intM_intP))) -> + ("JC_109": is_color_array(t_1, Object_alloc_table, intM_intP))) -> (offset_max(Object_alloc_table, t_1) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_1) + 1))))) -> forall b_0:int. @@ -15416,17 +15172,17 @@ forall intM_intP0:(Object, int) memory. forall r_0:int. - ("JC_121": true) -> - ("JC_119": - (("JC_111": is_color_array(t_1, Object_alloc_table, intM_intP0)) and - (("JC_112": (0 <= b_0)) and - (("JC_113": (b_0 <= i_3)) and - (("JC_114": (i_3 <= r_0)) and - (("JC_115": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and - (("JC_116": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and - (("JC_117": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, + ("JC_129": true) -> + ("JC_127": + (("JC_119": is_color_array(t_1, Object_alloc_table, intM_intP0)) and + (("JC_120": (0 <= b_0)) and + (("JC_121": (b_0 <= i_3)) and + (("JC_122": (i_3 <= r_0)) and + (("JC_123": (r_0 <= (offset_max(Object_alloc_table, t_1) + 1))) and + (("JC_124": is_monochrome(t_1, 0, b_0, FlagStatic_BLUE, intM_intP0)) and + (("JC_125": is_monochrome(t_1, b_0, i_3, FlagStatic_WHITE, intM_intP0)) and - ("JC_118": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, + ("JC_126": is_monochrome(t_1, r_0, (offset_max(Object_alloc_table, t_1) + 1), FlagStatic_RED, intM_intP0)))))))))) -> (i_3 < r_0) -> ((offset_min(Object_alloc_table, t_1) <= i_3) and @@ -15437,7 +15193,7 @@ ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE)) -> ((result0 <> FlagStatic_RED) and ((result0 <> FlagStatic_WHITE) and (result0 <> FlagStatic_BLUE))) -> - (("JC_126": (r_0 - i_3)) < ("JC_126": (r_0 - i_3))) + (("JC_134": (r_0 - i_3)) < ("JC_134": (r_0 - i_3))) goal FlagStatic_isMonochrome_ensures_decides_monochromatic_po_1: forall t:Object pointer. @@ -15448,16 +15204,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_67": true) -> - ("JC_65": - (("JC_63": (i <= k_0)) and - ("JC_64": + ("JC_75": true) -> + ("JC_73": + (("JC_71": (i <= k_0)) and + ("JC_72": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -15467,7 +15223,7 @@ forall return:bool. (return = false) -> (return = true) -> - ("JC_47": is_monochrome(t, i, j, c_0, intM_intP)) + ("JC_55": is_monochrome(t, i, j, c_0, intM_intP)) goal FlagStatic_isMonochrome_ensures_decides_monochromatic_po_2: forall t:Object pointer. @@ -15478,16 +15234,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_67": true) -> - ("JC_65": - (("JC_63": (i <= k_0)) and - ("JC_64": + ("JC_75": true) -> + ("JC_73": + (("JC_71": (i <= k_0)) and + ("JC_72": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -15497,7 +15253,7 @@ forall return:bool. (return = false) -> is_monochrome(t, i, j, c_0, intM_intP) -> - ("JC_47": (return = true)) + ("JC_55": (return = true)) goal FlagStatic_isMonochrome_ensures_decides_monochromatic_po_3: forall t:Object pointer. @@ -15508,23 +15264,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_67": true) -> - ("JC_65": - (("JC_63": (i <= k_0)) and - ("JC_64": + ("JC_75": true) -> + ("JC_73": + (("JC_71": (i <= k_0)) and + ("JC_72": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 >= j) -> forall return:bool. (return = true) -> (return = true) -> - ("JC_47": is_monochrome(t, i, j, c_0, intM_intP)) + ("JC_55": is_monochrome(t, i, j, c_0, intM_intP)) goal FlagStatic_isMonochrome_ensures_decides_monochromatic_po_4: forall t:Object pointer. @@ -15535,23 +15291,23 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_67": true) -> - ("JC_65": - (("JC_63": (i <= k_0)) and - ("JC_64": + ("JC_75": true) -> + ("JC_73": + (("JC_71": (i <= k_0)) and + ("JC_72": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 >= j) -> forall return:bool. (return = true) -> is_monochrome(t, i, j, c_0, intM_intP) -> - ("JC_47": (return = true)) + ("JC_55": (return = true)) goal FlagStatic_isMonochrome_ensures_default_po_1: forall t:Object pointer. @@ -15559,12 +15315,12 @@ forall j:int. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> - ("JC_59": ("JC_57": ("JC_57": (i <= i)))) + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_67": ("JC_65": (i <= i))) goal FlagStatic_isMonochrome_ensures_default_po_2: forall t:Object pointer. @@ -15575,16 +15331,14 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> - ("JC_59": - ("JC_58": - ("JC_58": - (forall l:int. - (((i <= l) and (l < i)) -> (select(intM_intP, shift(t, l)) = c_0)))))) + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + forall l:int. + ((i <= l) and (l < i)) -> + ("JC_67": ("JC_66": (select(intM_intP, shift(t, l)) = c_0))) goal FlagStatic_isMonochrome_ensures_default_po_3: forall t:Object pointer. @@ -15595,15 +15349,15 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_59": - (("JC_57": (i <= k_0)) and - ("JC_58": + ("JC_67": + (("JC_65": (i <= k_0)) and + ("JC_66": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -15612,7 +15366,7 @@ (result = c_0) -> forall k_0_0:int. (k_0_0 = (k_0 + 1)) -> - ("JC_59": ("JC_57": ("JC_57": (i <= k_0_0)))) + ("JC_67": ("JC_65": (i <= k_0_0))) goal FlagStatic_isMonochrome_ensures_default_po_4: forall t:Object pointer. @@ -15623,15 +15377,15 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_59": - (("JC_57": (i <= k_0)) and - ("JC_58": + ("JC_67": + (("JC_65": (i <= k_0)) and + ("JC_66": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -15640,11 +15394,9 @@ (result = c_0) -> forall k_0_0:int. (k_0_0 = (k_0 + 1)) -> - ("JC_59": - ("JC_58": - ("JC_58": - (forall l:int. - (((i <= l) and (l < k_0_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) + forall l:int. + ((i <= l) and (l < k_0_0)) -> + ("JC_67": ("JC_66": (select(intM_intP, shift(t, l)) = c_0))) goal FlagStatic_isMonochrome_safety_po_1: forall t:Object pointer. @@ -15655,16 +15407,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_49": (i <= k_0)) and - ("JC_50": + ("JC_61": true) -> + ("JC_59": + (("JC_57": (i <= k_0)) and + ("JC_58": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -15679,16 +15431,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_49": (i <= k_0)) and - ("JC_50": + ("JC_61": true) -> + ("JC_59": + (("JC_57": (i <= k_0)) and + ("JC_58": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -15703,16 +15455,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_49": (i <= k_0)) and - ("JC_50": + ("JC_61": true) -> + ("JC_59": + (("JC_57": (i <= k_0)) and + ("JC_58": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -15723,7 +15475,7 @@ (result = c_0) -> forall k_0_0:int. (k_0_0 = (k_0 + 1)) -> - (0 <= ("JC_56": (j - k_0))) + (0 <= ("JC_64": (j - k_0))) goal FlagStatic_isMonochrome_safety_po_4: forall t:Object pointer. @@ -15734,16 +15486,16 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and - ("JC_41": - (("JC_37": Non_null_intM(t, Object_alloc_table)) and - (("JC_38": (0 <= i)) and - (("JC_39": (i <= j)) and - ("JC_40": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> + ("JC_49": + (("JC_45": Non_null_intM(t, Object_alloc_table)) and + (("JC_46": (0 <= i)) and + (("JC_47": (i <= j)) and + ("JC_48": (j <= (offset_max(Object_alloc_table, t) + 1)))))))) -> forall k_0:int. - ("JC_53": true) -> - ("JC_51": - (("JC_49": (i <= k_0)) and - ("JC_50": + ("JC_61": true) -> + ("JC_59": + (("JC_57": (i <= k_0)) and + ("JC_58": (forall l:int. (((i <= l) and (l < k_0)) -> (select(intM_intP, shift(t, l)) = c_0)))))) -> (k_0 < j) -> @@ -15754,7 +15506,7 @@ (result = c_0) -> forall k_0_0:int. (k_0_0 = (k_0 + 1)) -> - (("JC_56": (j - k_0_0)) < ("JC_56": (j - k_0))) + (("JC_64": (j - k_0_0)) < ("JC_64": (j - k_0))) goal FlagStatic_swap_ensures_i_j_swapped_po_1: forall t_0:Object pointer. @@ -15764,11 +15516,11 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> forall result:int. (result = select(intM_intP, shift(t_0, i_0))) -> forall result0:int. @@ -15779,11 +15531,10 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t_0, j_0), result)) -> - ("JC_89": - ("JC_87": - ("JC_85": - ("JC_85": (select(intM_intP1, shift(t_0, i_0)) = select(intM_intP, - shift(t_0, j_0))))))) + ("JC_97": + ("JC_95": + ("JC_93": (select(intM_intP1, shift(t_0, i_0)) = select(intM_intP, + shift(t_0, j_0)))))) goal FlagStatic_swap_ensures_i_j_swapped_po_2: forall t_0:Object pointer. @@ -15793,11 +15544,11 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> forall result:int. (result = select(intM_intP, shift(t_0, i_0))) -> forall result0:int. @@ -15808,11 +15559,10 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t_0, j_0), result)) -> - ("JC_89": - ("JC_87": - ("JC_86": - ("JC_86": (select(intM_intP1, shift(t_0, j_0)) = select(intM_intP, - shift(t_0, i_0))))))) + ("JC_97": + ("JC_95": + ("JC_94": (select(intM_intP1, shift(t_0, j_0)) = select(intM_intP, + shift(t_0, i_0)))))) goal FlagStatic_swap_ensures_i_j_swapped_po_3: forall t_0:Object pointer. @@ -15822,11 +15572,11 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> forall result:int. (result = select(intM_intP, shift(t_0, i_0))) -> forall result0:int. @@ -15837,11 +15587,10 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t_0, j_0), result)) -> - ("JC_89": - ("JC_88": - ("JC_88": not_assigns(Object_alloc_table, intM_intP, intM_intP1, + ("JC_97": + ("JC_96": not_assigns(Object_alloc_table, intM_intP, intM_intP1, pset_union(pset_range(pset_singleton(t_0), j_0, j_0), - pset_range(pset_singleton(t_0), i_0, i_0)))))) + pset_range(pset_singleton(t_0), i_0, i_0))))) goal FlagStatic_swap_safety_po_1: forall t_0:Object pointer. @@ -15849,11 +15598,11 @@ forall j_0:int. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> (offset_min(Object_alloc_table, t_0) <= i_0) goal FlagStatic_swap_safety_po_2: @@ -15862,11 +15611,11 @@ forall j_0:int. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> (i_0 <= offset_max(Object_alloc_table, t_0)) goal FlagStatic_swap_safety_po_3: @@ -15877,11 +15626,11 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> ((offset_min(Object_alloc_table, t_0) <= i_0) and (i_0 <= offset_max(Object_alloc_table, t_0))) -> forall result:int. @@ -15896,11 +15645,11 @@ forall intM_intP:(Object, int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - ("JC_79": - (("JC_75": (0 <= i_0)) and - (("JC_76": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_77": (0 <= j_0)) and - ("JC_78": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> + ("JC_87": + (("JC_83": (0 <= i_0)) and + (("JC_84": (i_0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_85": (0 <= j_0)) and + ("JC_86": (j_0 < (offset_max(Object_alloc_table, t_0) + 1)))))))) -> ((offset_min(Object_alloc_table, t_0) <= i_0) and (i_0 <= offset_max(Object_alloc_table, t_0))) -> forall result:int. diff -Nru why-2.29+dfsg/tests/java/oracle/Gcd.res.oracle why-2.30+dfsg/tests/java/oracle/Gcd.res.oracle --- why-2.29+dfsg/tests/java/oracle/Gcd.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Gcd.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -2,58 +2,60 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ //@+ CheckArithOverflow = no /* complements for non-linear integer arithmetic */ -/*@ lemma distr_right: - @ \forall integer x y z; x*(y+z) == (x*y)+(x*z); +/*@ lemma distr_right: + @ \forall integer x y z; x*(y+z) == (x*y)+(x*z); @*/ -/*@ lemma distr_left: +/*@ lemma distr_left: @ \forall integer x y z; (x+y)*z == (x*z)+(y*z); @*/ -/*@ lemma distr_right_minus: - @ \forall integer x y z; x*(y-z) == (x*y)-(x*z); +/*@ lemma distr_right_minus: + @ \forall integer x y z; x*(y-z) == (x*y)-(x*z); @*/ -/*@ lemma distr_left_minus: +/*@ lemma distr_left_minus: @ \forall integer x y z; (x-y)*z == (x*z)-(y*z); @*/ -/*@ lemma mul_comm: - @ \forall integer x y; x*y == y*x; +/*@ lemma mul_comm: + @ \forall integer x y; x*y == y*x; @*/ -/*@ lemma mul_assoc: - @ \forall integer x y z; x*(y*z) == (x*y)*z; +/*@ lemma mul_assoc: + @ \forall integer x y z; x*(y*z) == (x*y)*z; @*/ /*@ predicate divides(integer x, integer y) = @@ -61,17 +63,17 @@ @*/ /*@ lemma div_mod_property: - @ \forall integer x y; - @ x >=0 && y > 0 ==> x%y == x - y*(x/y); + @ \forall integer x y; + @ x >=0 && y > 0 ==> x%y == x - y*(x/y); @*/ /*@ lemma mod_property: - @ \forall integer x y; - @ x >=0 && y > 0 ==> 0 <= x%y && x%y < y; + @ \forall integer x y; + @ x >=0 && y > 0 ==> 0 <= x%y && x%y < y; @*/ /*@ predicate isGcd(integer a, integer b, integer d) = - @ divides(d,a) && divides(d,b) && + @ divides(d,a) && divides(d,b) && @ \forall integer z; @ divides(z,a) && divides(z,b) ==> divides(z,d) ; @*/ @@ -82,24 +84,24 @@ /*@ lemma gcd_property : @ \forall integer a b d q; - @ b > 0 && isGcd(b,a % b,d) ==> isGcd(a,b,d) ; + @ a >= 0 && b > 0 && isGcd(b,a % b,d) ==> isGcd(a,b,d) ; @*/ class Gcd { /*@ requires x >= 0 && y >= 0; - @ behavior resultIsGcd: + @ behavior resultIsGcd: @ ensures isGcd(x,y,\result) ; @ behavior bezoutProperty: @ ensures \exists integer a b; a*x+b*y == \result; @*/ static int gcd(int x, int y) { //@ ghost integer a = 1, b = 0, c = 0, d = 1; - /*@ loop_invariant - @ x >= 0 && y >= 0 && - @ (\forall integer d ; isGcd(x,y,d) ==> - @ \at(isGcd(x,y,d),Pre)) && - @ a*\at(x,Pre)+b*\at(y,Pre) == x && + /*@ loop_invariant + @ x >= 0 && y >= 0 && + @ (\forall integer d ; isGcd(x,y,d) ==> + @ \at(isGcd(x,y,d),Pre)) && + @ a*\at(x,Pre)+b*\at(y,Pre) == x && @ c*\at(x,Pre)+d*\at(y,Pre) == y ; @ loop_variant y; @*/ @@ -109,7 +111,7 @@ x = y; y = r; //@ ghost integer ta = a, tb = b; - //@ ghost a = c; + //@ ghost a = c; //@ ghost b = d; //@ ghost c = ta - c * q; //@ ghost d = tb - d * q; @@ -123,9 +125,9 @@ /* -Local Variables: -compile-command: "make Gcd" -End: +Local Variables: +compile-command: "make Gcd.why3ml" +End: */ ========== krakatoa execution ========== @@ -142,7 +144,10 @@ # AbstractDomain = None predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -180,28 +185,11 @@ (\forall integer z_4; ((divides(z_4, a) && divides(z_4, b)) ==> divides(z_4, d)))) -lemma gcd_zero : -(\forall integer a_0; - isGcd(a_0, 0, a_0)) - -lemma distr_left_minus : -(\forall integer x_2; - (\forall integer y_2; - (\forall integer z_2; - (((x_2 - y_2) * z_2) == ((x_2 * z_2) - (y_2 * z_2)))))) - -lemma mul_comm : -(\forall integer x_3; - (\forall integer y_3; - ((x_3 * y_3) == (y_3 * x_3)))) - -lemma gcd_property : -(\forall integer a_1; - (\forall integer b_0; - (\forall integer d_0; - (\forall integer q_0; - (((b_0 > 0) && isGcd(b_0, (a_1 % b_0), d_0)) ==> - isGcd(a_1, b_0, d_0)))))) +lemma distr_right : +(\forall integer x; + (\forall integer y; + (\forall integer z; + ((x * (y + z)) == ((x * y) + (x * z)))))) lemma distr_left : (\forall integer x_0; @@ -215,17 +203,16 @@ (\forall integer z_1; ((x_1 * (y_1 - z_1)) == ((x_1 * y_1) - (x_1 * z_1)))))) -lemma distr_right : -(\forall integer x; - (\forall integer y; - (\forall integer z; - ((x * (y + z)) == ((x * y) + (x * z)))))) +lemma distr_left_minus : +(\forall integer x_2; + (\forall integer y_2; + (\forall integer z_2; + (((x_2 - y_2) * z_2) == ((x_2 * z_2) - (y_2 * z_2)))))) -lemma div_mod_property : -(\forall integer x_6; - (\forall integer y_6; - (((x_6 >= 0) && (y_6 > 0)) ==> - ((x_6 % y_6) == (x_6 - (y_6 * (x_6 / y_6))))))) +lemma mul_comm : +(\forall integer x_3; + (\forall integer y_3; + ((x_3 * y_3) == (y_3 * x_3)))) lemma mul_assoc : (\forall integer x_4; @@ -233,12 +220,30 @@ (\forall integer z_3; ((x_4 * (y_4 * z_3)) == ((x_4 * y_4) * z_3))))) +lemma div_mod_property : +(\forall integer x_6; + (\forall integer y_6; + (((x_6 >= 0) && (y_6 > 0)) ==> + ((x_6 % y_6) == (x_6 - (y_6 * (x_6 / y_6))))))) + lemma mod_property : (\forall integer x_7; (\forall integer y_7; (((x_7 >= 0) && (y_7 > 0)) ==> ((0 <= (x_7 % y_7)) && ((x_7 % y_7) < y_7))))) +lemma gcd_zero : +(\forall integer a_0; + isGcd(a_0, 0, a_0)) + +lemma gcd_property : +(\forall integer a_1; + (\forall integer b_0; + (\forall integer d_0; + (\forall integer q_0; + ((((a_1 >= 0) && (b_0 > 0)) && isGcd(b_0, (a_1 % b_0), d_0)) ==> + isGcd(a_1, b_0, d_0)))))) + exception Throwable of Throwable[0..] exception Exception of Exception[0..] @@ -338,179 +343,214 @@ ========== file tests/java/Gcd.jloc ========== [K_10] file = "HOME/tests/java/Gcd.java" -line = 98 +line = 100 begin = 15 end = 21 [K_11] file = "HOME/tests/java/Gcd.java" -line = 98 +line = 100 begin = 15 end = 31 [K_12] file = "HOME/tests/java/Gcd.java" -line = 98 +line = 100 begin = 15 -end = 119 +end = 116 [K_13] file = "HOME/tests/java/Gcd.java" -line = 98 +line = 100 begin = 15 -end = 169 +end = 165 [K_14] file = "HOME/tests/java/Gcd.java" -line = 98 +line = 100 begin = 15 -end = 219 +end = 214 [K_15] file = "HOME/tests/java/Gcd.java" -line = 103 +line = 105 begin = 25 end = 26 [K_16] file = "HOME/tests/java/Gcd.java" -line = 113 +line = 115 begin = 31 end = 36 +[distr_left] +name = "Lemma distr_left" +file = "HOME/tests/java/Gcd.java" +line = 40 +begin = 10 +end = 20 + [K_17] file = "HOME/tests/java/Gcd.java" -line = 113 +line = 115 begin = 26 end = 36 [K_18] file = "HOME/tests/java/Gcd.java" -line = 114 +line = 116 begin = 31 end = 36 [K_19] file = "HOME/tests/java/Gcd.java" -line = 114 +line = 116 begin = 26 end = 36 [K_20] file = "HOME/tests/java/Gcd.java" -line = 110 +line = 112 begin = 43 end = 44 [K_21] file = "HOME/tests/java/Gcd.java" -line = 110 +line = 112 begin = 35 end = 36 [K_22] file = "HOME/tests/java/Gcd.java" -line = 107 +line = 109 begin = 34 end = 39 [K_23] file = "HOME/tests/java/Gcd.java" -line = 106 +line = 108 begin = 20 end = 25 [K_24] file = "HOME/tests/java/Gcd.java" -line = 105 +line = 107 begin = 15 end = 20 [K_1] file = "HOME/tests/java/Gcd.java" -line = 91 +line = 93 begin = 18 end = 36 [K_25] file = "HOME/tests/java/Gcd.java" -line = 96 +line = 98 begin = 51 end = 52 [K_2] file = "HOME/tests/java/Gcd.java" -line = 93 +line = 95 begin = 18 end = 57 [K_26] file = "HOME/tests/java/Gcd.java" -line = 96 +line = 98 begin = 44 end = 45 [K_3] file = "HOME/tests/java/Gcd.java" -line = 89 +line = 91 begin = 27 end = 33 [K_27] file = "HOME/tests/java/Gcd.java" -line = 96 +line = 98 begin = 37 end = 38 [K_4] file = "HOME/tests/java/Gcd.java" -line = 89 +line = 91 begin = 17 end = 23 [K_28] file = "HOME/tests/java/Gcd.java" -line = 96 +line = 98 begin = 30 end = 31 [K_5] file = "HOME/tests/java/Gcd.java" -line = 89 +line = 91 begin = 17 end = 33 +[mul_assoc] +name = "Lemma mul_assoc" +file = "HOME/tests/java/Gcd.java" +line = 56 +begin = 10 +end = 19 + +[distr_right] +name = "Lemma distr_right" +file = "HOME/tests/java/Gcd.java" +line = 36 +begin = 10 +end = 21 + [K_6] file = "HOME/tests/java/Gcd.java" -line = 102 +line = 104 begin = 15 end = 45 [K_7] file = "HOME/tests/java/Gcd.java" -line = 101 +line = 103 begin = 15 end = 45 [Gcd_gcd] name = "Method gcd" file = "HOME/tests/java/Gcd.java" -line = 95 +line = 97 begin = 15 end = 18 [K_8] file = "HOME/tests/java/Gcd.java" -line = 99 +line = 101 begin = 9 -end = 81 +end = 80 [K_9] file = "HOME/tests/java/Gcd.java" -line = 98 +line = 100 begin = 25 end = 31 +[gcd_zero] +name = "Lemma gcd_zero" +file = "HOME/tests/java/Gcd.java" +line = 80 +begin = 10 +end = 18 + +[mul_comm] +name = "Lemma mul_comm" +file = "HOME/tests/java/Gcd.java" +line = 52 +begin = 10 +end = 18 + [cons_Gcd] name = "Constructor of class Gcd" file = "HOME/" @@ -518,6 +558,41 @@ begin = -1 end = -1 +[distr_right_minus] +name = "Lemma distr_right_minus" +file = "HOME/tests/java/Gcd.java" +line = 44 +begin = 10 +end = 27 + +[mod_property] +name = "Lemma mod_property" +file = "HOME/tests/java/Gcd.java" +line = 69 +begin = 10 +end = 22 + +[div_mod_property] +name = "Lemma div_mod_property" +file = "HOME/tests/java/Gcd.java" +line = 64 +begin = 10 +end = 26 + +[distr_left_minus] +name = "Lemma distr_left_minus" +file = "HOME/tests/java/Gcd.java" +line = 48 +begin = 10 +end = 26 + +[gcd_property] +name = "Lemma gcd_property" +file = "HOME/tests/java/Gcd.java" +line = 84 +begin = 10 +end = 22 + ========== jessie execution ========== Generating Why function Gcd_gcd Generating Why function cons_Gcd @@ -536,10 +611,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Gcd.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Gcd_why.sx @@ -600,6 +676,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Gcd_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Gcd_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -672,6 +755,9 @@ why3ide: why/Gcd_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Gcd.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Gcd.depend depend: coq/Gcd_why.v @@ -683,51 +769,51 @@ ========== file tests/java/Gcd.loc ========== [Gcd_gcd_ensures_resultIsGcd] name = "Method gcd" -behavior = "Normal behavior `resultIsGcd'" +behavior = "Behavior `resultIsGcd'" file = "HOME/tests/java/Gcd.java" -line = 95 +line = 97 begin = 15 end = 18 [JC_40] file = "HOME/tests/java/Gcd.java" -line = 98 -begin = 25 -end = 31 +line = 100 +begin = 15 +end = 214 [JC_41] -file = "HOME/tests/java/Gcd.java" -line = 99 -begin = 9 -end = 81 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [cons_Gcd_ensures_default] name = "Constructor of class Gcd" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 end = -1 [JC_42] -file = "HOME/tests/java/Gcd.java" -line = 101 -begin = 15 -end = 45 +file = "HOME/tests/java/Gcd.jc" +line = 134 +begin = 18 +end = 2892 [distr_left] -name = "distr_left" +name = "Lemma distr_left" behavior = "lemma" -file = "HOME/tests/java/Gcd.jc" -line = 69 -begin = 0 -end = 152 +file = "HOME/tests/java/Gcd.java" +line = 40 +begin = 10 +end = 20 [JC_43] -file = "HOME/tests/java/Gcd.java" -line = 102 -begin = 15 -end = 45 +file = "HOME/tests/java/Gcd.jc" +line = 134 +begin = 18 +end = 2892 [cons_Gcd_safety] name = "Constructor of class Gcd" @@ -738,34 +824,36 @@ end = -1 [JC_44] +kind = DivByZero file = "HOME/tests/java/Gcd.java" -line = 98 -begin = 15 -end = 219 +line = 108 +begin = 20 +end = 25 [JC_45] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = DivByZero +file = "HOME/tests/java/Gcd.java" +line = 109 +begin = 34 +end = 39 [JC_46] -file = "HOME/tests/java/Gcd.jc" -line = 131 -begin = 18 -end = 2892 +file = "HOME/tests/java/Gcd.java" +line = 105 +begin = 25 +end = 26 [JC_1] file = "HOME/tests/java/Gcd.jc" -line = 32 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 [JC_47] -file = "HOME/tests/java/Gcd.jc" -line = 131 -begin = 18 -end = 2892 +file = "HOME/tests/java/Gcd.java" +line = 100 +begin = 15 +end = 21 [JC_2] file = "HOME/" @@ -774,24 +862,22 @@ end = -1 [JC_48] -kind = DivByZero file = "HOME/tests/java/Gcd.java" -line = 106 -begin = 20 -end = 25 +line = 100 +begin = 25 +end = 31 [JC_3] file = "HOME/tests/java/Gcd.jc" -line = 32 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 [JC_49] -kind = DivByZero file = "HOME/tests/java/Gcd.java" -line = 107 -begin = 34 -end = 39 +line = 101 +begin = 9 +end = 80 [JC_4] file = "HOME/" @@ -825,177 +911,177 @@ [JC_9] file = "HOME/tests/java/Gcd.jc" -line = 34 -begin = 11 -end = 65 - -[JC_50] -file = "HOME/tests/java/Gcd.java" -line = 98 -begin = 15 -end = 21 +line = 35 +begin = 8 +end = 23 [Gcd_gcd_ensures_default] name = "Method gcd" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Gcd.java" -line = 95 +line = 97 begin = 15 end = 18 -[JC_51] -file = "HOME/tests/java/Gcd.java" -line = 98 -begin = 25 -end = 31 - -[JC_52] -file = "HOME/tests/java/Gcd.java" -line = 99 -begin = 9 -end = 81 - -[JC_53] +[JC_50] file = "HOME/tests/java/Gcd.java" -line = 101 +line = 103 begin = 15 end = 45 -[JC_54] +[JC_51] file = "HOME/tests/java/Gcd.java" -line = 102 +line = 104 begin = 15 end = 45 -[mul_assoc] -name = "mul_assoc" -behavior = "lemma" -file = "HOME/tests/java/Gcd.jc" -line = 93 -begin = 0 -end = 143 - -[distr_right] -name = "distr_right" -behavior = "lemma" -file = "HOME/tests/java/Gcd.jc" -line = 81 -begin = 0 -end = 133 - -[JC_55] +[JC_52] file = "HOME/tests/java/Gcd.java" -line = 98 +line = 100 begin = 15 -end = 219 +end = 214 -[JC_56] +[JC_53] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_57] -file = "HOME/tests/java/Gcd.jc" -line = 131 -begin = 18 -end = 2892 - -[JC_58] +[JC_54] file = "HOME/tests/java/Gcd.jc" -line = 131 +line = 134 begin = 18 end = 2892 -[Gcd_gcd_safety] -name = "Method gcd" -behavior = "Safety" +[mul_assoc] +name = "Lemma mul_assoc" +behavior = "lemma" file = "HOME/tests/java/Gcd.java" -line = 95 -begin = 15 -end = 18 +line = 56 +begin = 10 +end = 19 -[JC_59] +[distr_right] +name = "Lemma distr_right" +behavior = "lemma" +file = "HOME/tests/java/Gcd.java" +line = 36 +begin = 10 +end = 21 + +[JC_55] +file = "HOME/tests/java/Gcd.jc" +line = 134 +begin = 18 +end = 2892 + +[JC_56] kind = DivByZero file = "HOME/tests/java/Gcd.java" -line = 106 +line = 108 begin = 20 end = 25 -[JC_60] +[JC_57] kind = DivByZero file = "HOME/tests/java/Gcd.java" -line = 107 +line = 109 begin = 34 end = 39 -[JC_61] +[JC_58] file = "HOME/tests/java/Gcd.java" -line = 98 +line = 100 begin = 15 end = 21 +[Gcd_gcd_safety] +name = "Method gcd" +behavior = "Safety" +file = "HOME/tests/java/Gcd.java" +line = 97 +begin = 15 +end = 18 + +[JC_59] +file = "HOME/tests/java/Gcd.java" +line = 100 +begin = 25 +end = 31 + +[JC_60] +file = "HOME/tests/java/Gcd.java" +line = 101 +begin = 9 +end = 80 + +[JC_61] +file = "HOME/tests/java/Gcd.java" +line = 103 +begin = 15 +end = 45 + [gcd_zero] -name = "gcd_zero" +name = "Lemma gcd_zero" behavior = "lemma" -file = "HOME/tests/java/Gcd.jc" -line = 46 -begin = 0 -end = 60 +file = "HOME/tests/java/Gcd.java" +line = 80 +begin = 10 +end = 18 [JC_62] file = "HOME/tests/java/Gcd.java" -line = 98 -begin = 25 -end = 31 +line = 104 +begin = 15 +end = 45 [JC_10] -file = "HOME/tests/java/Gcd.jc" -line = 34 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_63] file = "HOME/tests/java/Gcd.java" -line = 99 -begin = 9 -end = 81 +line = 100 +begin = 15 +end = 214 [JC_11] -file = "HOME/tests/java/Gcd.java" -line = 89 -begin = 17 +file = "HOME/tests/java/Gcd.jc" +line = 35 +begin = 8 end = 23 [JC_64] -file = "HOME/tests/java/Gcd.java" -line = 101 -begin = 15 -end = 45 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_12] -file = "HOME/tests/java/Gcd.java" -line = 89 -begin = 27 -end = 33 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_65] -file = "HOME/tests/java/Gcd.java" -line = 102 -begin = 15 -end = 45 +file = "HOME/tests/java/Gcd.jc" +line = 134 +begin = 18 +end = 2892 [JC_13] -file = "HOME/tests/java/Gcd.java" -line = 89 -begin = 17 -end = 33 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_66] -file = "HOME/tests/java/Gcd.java" -line = 98 -begin = 15 -end = 219 +file = "HOME/tests/java/Gcd.jc" +line = 134 +begin = 18 +end = 2892 [JC_14] file = "HOME/" @@ -1004,120 +1090,120 @@ end = -1 [mul_comm] -name = "mul_comm" +name = "Lemma mul_comm" behavior = "lemma" -file = "HOME/tests/java/Gcd.jc" -line = 56 -begin = 0 -end = 97 +file = "HOME/tests/java/Gcd.java" +line = 52 +begin = 10 +end = 18 [Gcd_gcd_ensures_bezoutProperty] name = "Method gcd" -behavior = "Normal behavior `bezoutProperty'" +behavior = "Behavior `bezoutProperty'" file = "HOME/tests/java/Gcd.java" -line = 95 +line = 97 begin = 15 end = 18 [JC_67] +kind = DivByZero +file = "HOME/tests/java/Gcd.java" +line = 108 +begin = 20 +end = 25 + +[JC_15] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_15] -file = "HOME/tests/java/Gcd.java" -line = 89 -begin = 17 -end = 23 - [JC_68] -file = "HOME/tests/java/Gcd.jc" -line = 131 -begin = 18 -end = 2892 +kind = DivByZero +file = "HOME/tests/java/Gcd.java" +line = 109 +begin = 34 +end = 39 [JC_16] -file = "HOME/tests/java/Gcd.java" -line = 89 -begin = 27 -end = 33 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_69] -file = "HOME/tests/java/Gcd.jc" -line = 131 -begin = 18 -end = 2892 +file = "HOME/tests/java/Gcd.java" +line = 100 +begin = 15 +end = 21 [JC_17] -file = "HOME/tests/java/Gcd.java" -line = 89 -begin = 17 -end = 33 +file = "HOME/tests/java/Gcd.jc" +line = 37 +begin = 11 +end = 65 [JC_18] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Gcd.jc" +line = 37 +begin = 11 +end = 65 [JC_19] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Gcd.java" +line = 91 +begin = 17 +end = 23 [distr_right_minus] -name = "distr_right_minus" +name = "Lemma distr_right_minus" behavior = "lemma" -file = "HOME/tests/java/Gcd.jc" -line = 75 -begin = 0 -end = 159 +file = "HOME/tests/java/Gcd.java" +line = 44 +begin = 10 +end = 27 [JC_70] -kind = DivByZero file = "HOME/tests/java/Gcd.java" -line = 106 -begin = 20 -end = 25 +line = 100 +begin = 25 +end = 31 [JC_71] -kind = DivByZero file = "HOME/tests/java/Gcd.java" -line = 107 -begin = 34 -end = 39 +line = 101 +begin = 9 +end = 80 [JC_72] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Gcd.java" +line = 103 +begin = 15 +end = 45 [JC_20] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Gcd.java" +line = 91 +begin = 27 +end = 33 [JC_73] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Gcd.java" +line = 104 +begin = 15 +end = 45 [JC_21] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Gcd.java" +line = 91 +begin = 17 +end = 33 [JC_74] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Gcd.java" +line = 100 +begin = 15 +end = 214 [JC_22] file = "HOME/" @@ -1134,170 +1220,216 @@ [JC_23] file = "HOME/tests/java/Gcd.java" line = 91 -begin = 18 -end = 36 +begin = 17 +end = 23 [JC_76] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Gcd.jc" +line = 134 +begin = 18 +end = 2892 [JC_24] file = "HOME/tests/java/Gcd.java" line = 91 -begin = 18 -end = 36 +begin = 27 +end = 33 [JC_77] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Gcd.jc" +line = 134 +begin = 18 +end = 2892 [JC_25] file = "HOME/tests/java/Gcd.java" -line = 93 -begin = 18 -end = 57 +line = 91 +begin = 17 +end = 33 [mod_property] -name = "mod_property" +name = "Lemma mod_property" behavior = "lemma" -file = "HOME/tests/java/Gcd.jc" -line = 99 -begin = 0 -end = 154 +file = "HOME/tests/java/Gcd.java" +line = 69 +begin = 10 +end = 22 [JC_78] +kind = DivByZero +file = "HOME/tests/java/Gcd.java" +line = 108 +begin = 20 +end = 25 + +[JC_26] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_26] +[JC_79] +kind = DivByZero file = "HOME/tests/java/Gcd.java" -line = 93 -begin = 18 -end = 57 +line = 109 +begin = 34 +end = 39 -[JC_79] +[JC_27] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_27] -file = "HOME/tests/java/Gcd.java" -line = 98 -begin = 15 -end = 21 - [JC_28] -file = "HOME/tests/java/Gcd.java" -line = 98 -begin = 25 -end = 31 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_29] -file = "HOME/tests/java/Gcd.java" -line = 99 -begin = 9 -end = 81 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [div_mod_property] -name = "div_mod_property" +name = "Lemma div_mod_property" behavior = "lemma" -file = "HOME/tests/java/Gcd.jc" -line = 87 -begin = 0 -end = 159 +file = "HOME/tests/java/Gcd.java" +line = 64 +begin = 10 +end = 26 [distr_left_minus] -name = "distr_left_minus" +name = "Lemma distr_left_minus" behavior = "lemma" -file = "HOME/tests/java/Gcd.jc" -line = 50 -begin = 0 -end = 158 +file = "HOME/tests/java/Gcd.java" +line = 48 +begin = 10 +end = 26 + +[JC_80] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_81] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_82] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_30] -file = "HOME/tests/java/Gcd.java" -line = 101 -begin = 15 -end = 45 +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_83] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_31] file = "HOME/tests/java/Gcd.java" -line = 102 -begin = 15 -end = 45 +line = 93 +begin = 18 +end = 36 [gcd_property] -name = "gcd_property" +name = "Lemma gcd_property" behavior = "lemma" -file = "HOME/tests/java/Gcd.jc" -line = 61 -begin = 0 -end = 213 +file = "HOME/tests/java/Gcd.java" +line = 84 +begin = 10 +end = 22 + +[JC_84] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_32] file = "HOME/tests/java/Gcd.java" -line = 98 -begin = 15 -end = 219 +line = 93 +begin = 18 +end = 36 + +[JC_85] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_33] +file = "HOME/tests/java/Gcd.java" +line = 95 +begin = 18 +end = 57 + +[JC_86] file = "HOME/" line = 0 begin = -1 end = -1 [JC_34] -file = "HOME/tests/java/Gcd.jc" -line = 131 +file = "HOME/tests/java/Gcd.java" +line = 95 begin = 18 -end = 2892 +end = 57 + +[JC_87] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_35] -file = "HOME/tests/java/Gcd.jc" -line = 131 -begin = 18 -end = 2892 +file = "HOME/tests/java/Gcd.java" +line = 100 +begin = 15 +end = 21 [JC_36] -kind = DivByZero file = "HOME/tests/java/Gcd.java" -line = 106 -begin = 20 -end = 25 +line = 100 +begin = 25 +end = 31 [JC_37] -kind = DivByZero file = "HOME/tests/java/Gcd.java" -line = 107 -begin = 34 -end = 39 +line = 101 +begin = 9 +end = 80 [JC_38] file = "HOME/tests/java/Gcd.java" line = 103 -begin = 25 -end = 26 +begin = 15 +end = 45 [JC_39] file = "HOME/tests/java/Gcd.java" -line = 98 +line = 104 begin = 15 -end = 21 +end = 45 ========== file tests/java/why/Gcd.why ========== type Object type interface -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id @@ -1308,13 +1440,9 @@ axiom Gcd_parenttag_Object : parenttag(Gcd_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -1331,71 +1459,15 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) -lemma distr_left : - (forall x_0_0:int. - (forall y_0:int. - (forall z_0:int. - eq_int(mul_int(add_int(x_0_0, y_0), z_0), - add_int(mul_int(x_0_0, z_0), mul_int(y_0, z_0)))))) - -lemma distr_left_minus : - (forall x_2:int. - (forall y_2:int. - (forall z_2:int. - eq_int(mul_int(sub_int(x_2, y_2), z_2), - sub_int(mul_int(x_2, z_2), mul_int(y_2, z_2)))))) - -lemma distr_right : - (forall x_4:int. - (forall y:int. - (forall z:int. - eq_int(mul_int(x_4, add_int(y, z)), - add_int(mul_int(x_4, y), mul_int(x_4, z)))))) - -lemma distr_right_minus : - (forall x_1_0:int. - (forall y_1:int. - (forall z_1:int. - eq_int(mul_int(x_1_0, sub_int(y_1, z_1)), - sub_int(mul_int(x_1_0, y_1), mul_int(x_1_0, z_1)))))) - -lemma div_mod_property : - (forall x_6:int. - (forall y_6:int. - ((ge_int(x_6, (0)) and gt_int(y_6, (0))) -> - eq_int(computer_mod(x_6, y_6), - sub_int(x_6, mul_int(y_6, computer_div(x_6, y_6))))))) - -predicate divides(x_5:int, y_5:int) = - (exists q:int. eq_int(y_5, mul_int(q, x_5))) - -predicate isGcd(a:int, b:int, d:int) = - (divides(d, a) - and (divides(d, b) - and (forall z_4:int. - ((divides(z_4, a) and divides(z_4, b)) -> divides(z_4, d))))) - -lemma gcd_property : - (forall a_1:int. - (forall b_0:int. - (forall d_0:int. - (forall q_0:int. - ((gt_int(b_0, (0)) and isGcd(b_0, computer_mod(a_1, b_0), d_0)) -> - isGcd(a_1, b_0, d_0)))))) - -lemma gcd_zero : (forall a_0:int. isGcd(a_0, (0), a_0)) +predicate divides(x_5:int, y_5:int) = (exists q:int. (y_5 = mul_int(q, x_5))) logic interface_tag: -> interface tag_id @@ -1414,6 +1486,12 @@ (forall interface_tag_table:interface tag_table. instanceof(interface_tag_table, x, interface_tag))) +predicate isGcd(a:int, b:int, d:int) = + (divides(d, a) + and (divides(d, b) + and (forall z_4:int. + ((divides(z_4, a) and divides(z_4, b)) -> divides(z_4, d))))) + predicate left_valid_struct_Object(p:Object pointer, a:int, Object_alloc_table:Object alloc_table) = (offset_min(Object_alloc_table, p) <= a) @@ -1438,24 +1516,6 @@ interface_alloc_table:interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) -lemma mod_property : - (forall x_7:int. - (forall y_7:int. - ((ge_int(x_7, (0)) and gt_int(y_7, (0))) -> - (le_int((0), computer_mod(x_7, y_7)) - and lt_int(computer_mod(x_7, y_7), y_7))))) - -lemma mul_assoc : - (forall x_4_0:int. - (forall y_4:int. - (forall z_3:int. - eq_int(mul_int(x_4_0, mul_int(y_4, z_3)), - mul_int(mul_int(x_4_0, y_4), z_3))))) - -lemma mul_comm : - (forall x_3:int. - (forall y_3:int. eq_int(mul_int(x_3, y_3), mul_int(y_3, x_3)))) - axiom pointer_addr_of_Object_of_pointer_address : (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -1523,32 +1583,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Gcd(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1585,137 +1619,100 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +lemma distr_right : + (forall x_2:int. + (forall y:int. + (forall z:int. + (mul_int(x_2, add_int(y, z)) = add_int(mul_int(x_2, y), mul_int(x_2, z)))))) + +lemma distr_left : + (forall x_0_0:int. + (forall y_0:int. + (forall z_0:int. + (mul_int(add_int(x_0_0, y_0), z_0) = add_int(mul_int(x_0_0, z_0), + mul_int(y_0, z_0)))))) + +lemma distr_right_minus : + (forall x_1_0:int. + (forall y_1:int. + (forall z_1:int. + (mul_int(x_1_0, sub_int(y_1, z_1)) = sub_int(mul_int(x_1_0, y_1), + mul_int(x_1_0, z_1)))))) + +lemma distr_left_minus : + (forall x_2_0:int. + (forall y_2:int. + (forall z_2:int. + (mul_int(sub_int(x_2_0, y_2), z_2) = sub_int(mul_int(x_2_0, z_2), + mul_int(y_2, z_2)))))) + +lemma mul_comm : + (forall x_3:int. (forall y_3:int. (mul_int(x_3, y_3) = mul_int(y_3, x_3)))) + +lemma mul_assoc : + (forall x_4:int. + (forall y_4:int. + (forall z_3:int. + (mul_int(x_4, mul_int(y_4, z_3)) = mul_int(mul_int(x_4, y_4), z_3))))) + +lemma div_mod_property : + (forall x_6:int. + (forall y_6:int. + ((ge_int(x_6, (0)) and gt_int(y_6, (0))) -> + (computer_mod(x_6, y_6) = sub_int(x_6, + mul_int(y_6, computer_div(x_6, y_6))))))) + +lemma mod_property : + (forall x_7:int. + (forall y_7:int. + ((ge_int(x_7, (0)) and gt_int(y_7, (0))) -> + (le_int((0), computer_mod(x_7, y_7)) + and lt_int(computer_mod(x_7, y_7), y_7))))) + +lemma gcd_zero : (forall a_0:int. isGcd(a_0, (0), a_0)) + +lemma gcd_property : + (forall a_1:int. + (forall b_0:int. + (forall d_0:int. + (forall q_0:int. + ((ge_int(a_1, (0)) + and (gt_int(b_0, (0)) and isGcd(b_0, computer_mod(a_1, b_0), d_0))) -> + isGcd(a_1, b_0, d_0)))))) + +exception Exception_exc of Object pointer + parameter Gcd_gcd : x_8:int -> y_8:int -> { } int - { ((JC_26: + { ((JC_34: (exists a_2:int. (exists b_1:int. - eq_int(add_int(mul_int(a_2, x_8), mul_int(b_1, y_8)), result)))) - and (JC_24: isGcd(x_8, y_8, result))) } + (add_int(mul_int(a_2, x_8), mul_int(b_1, y_8)) = result)))) + and (JC_32: isGcd(x_8, y_8, result))) } parameter Gcd_gcd_requires : x_8:int -> y_8:int -> - { (JC_13: ((JC_11: ge_int(x_8, (0))) and (JC_12: ge_int(y_8, (0)))))} int - { ((JC_26: + { (JC_21: ((JC_19: ge_int(x_8, (0))) and (JC_20: ge_int(y_8, (0)))))} int + { ((JC_34: (exists a_2:int. (exists b_1:int. - eq_int(add_int(mul_int(a_2, x_8), mul_int(b_1, y_8)), result)))) - and (JC_24: isGcd(x_8, y_8, result))) } - -parameter Object_alloc_table : Object alloc_table ref - -parameter Object_tag_table : Object tag_table ref + (add_int(mul_int(a_2, x_8), mul_int(b_1, y_8)) = result)))) + and (JC_32: isGcd(x_8, y_8, result))) } -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Gcd : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Gcd(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Gcd_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Gcd(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Object_alloc_table : Object alloc_table ref -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1859,6 +1856,10 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_Gcd : this_0:Object pointer -> { } unit reads Object_alloc_table { true } @@ -1868,20 +1869,20 @@ parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } let Gcd_gcd_ensures_bezoutProperty = fun (x_8 : int) (y_8 : int) -> - { (JC_17: ((JC_15: ge_int(x_8, (0))) and (JC_16: ge_int(y_8, (0))))) } + { (JC_25: ((JC_23: ge_int(x_8, (0))) and (JC_24: ge_int(y_8, (0))))) } (let mutable_x_8 = ref x_8 in (let mutable_y_8 = ref y_8 in (init: @@ -1896,34 +1897,31 @@ try (loop_4: while true do - { invariant (JC_68: true) } + { invariant (JC_76: true) } begin [ { } unit reads a_3,b_2,c,d_1,mutable_x_8,mutable_y_8 - { (JC_66: - ((JC_61: ge_int(mutable_x_8, (0))) - and ((JC_62: ge_int(mutable_y_8, (0))) - and ((JC_63: + { (JC_74: + ((JC_69: ge_int(mutable_x_8, (0))) + and ((JC_70: ge_int(mutable_y_8, (0))) + and ((JC_71: (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> - isGcd(mutable_x_8@init, mutable_y_8@init, d_2@init)))) - and ((JC_64: - eq_int(add_int(mul_int(a_3, mutable_x_8@init), - mul_int(b_2, mutable_y_8@init)), - mutable_x_8)) - and (JC_65: - eq_int(add_int(mul_int(c, mutable_x_8@init), - mul_int(d_1, mutable_y_8@init)), - mutable_y_8))))))) } ]; + isGcd(mutable_x_8@init, mutable_y_8@init, d_2)))) + and ((JC_72: + (add_int(mul_int(a_3, mutable_x_8@init), + mul_int(b_2, mutable_y_8@init)) = mutable_x_8)) + and (JC_73: + (add_int(mul_int(c, mutable_x_8@init), + mul_int(d_1, mutable_y_8@init)) = mutable_y_8))))))) } ]; try - (let jessie_ = begin (if (K_24: ((gt_int_ !mutable_y_8) (0))) then (let jessie_ = (let r = - (K_23: (JC_70: ((computer_mod !mutable_x_8) !mutable_y_8))) in + (K_23: (JC_78: ((computer_mod !mutable_x_8) !mutable_y_8))) in (let q_1 = - (K_22: (JC_71: ((computer_div !mutable_x_8) !mutable_y_8))) in + (K_22: (JC_79: ((computer_div !mutable_x_8) !mutable_y_8))) in begin (let jessie_ = (mutable_x_8 := !mutable_y_8) in void); (let jessie_ = (mutable_y_8 := r) in void); @@ -1936,20 +1934,19 @@ (c := (K_17: ((sub_int ta) (K_16: ((mul_int !c) q_1))))) in void); (d_1 := (K_19: ((sub_int tb) (K_18: ((mul_int !d_1) q_1))))); - !d_1 end)) end)) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + !d_1 end)) end)) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (return := !mutable_x_8); (raise Return) end)))); absurd end with Return -> !return end)))) - { (JC_25: + { (JC_33: (exists a_2:int. (exists b_1:int. - eq_int(add_int(mul_int(a_2, x_8), mul_int(b_1, y_8)), result)))) } + (add_int(mul_int(a_2, x_8), mul_int(b_1, y_8)) = result)))) } let Gcd_gcd_ensures_default = fun (x_8 : int) (y_8 : int) -> - { (JC_17: ((JC_15: ge_int(x_8, (0))) and (JC_16: ge_int(y_8, (0))))) } + { (JC_25: ((JC_23: ge_int(x_8, (0))) and (JC_24: ge_int(y_8, (0))))) } (let mutable_x_8 = ref x_8 in (let mutable_y_8 = ref y_8 in (init: @@ -1965,33 +1962,31 @@ (loop_2: while true do { invariant - (JC_44: - ((JC_39: ge_int(mutable_x_8, (0))) - and ((JC_40: ge_int(mutable_y_8, (0))) - and ((JC_41: + (JC_52: + ((JC_47: ge_int(mutable_x_8, (0))) + and ((JC_48: ge_int(mutable_y_8, (0))) + and ((JC_49: (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> - isGcd(mutable_x_8@init, mutable_y_8@init, d_2@init)))) - and ((JC_42: - eq_int(add_int(mul_int(a_3, mutable_x_8@init), - mul_int(b_2, mutable_y_8@init)), - mutable_x_8)) - and (JC_43: - eq_int(add_int(mul_int(c, mutable_x_8@init), - mul_int(d_1, mutable_y_8@init)), - mutable_y_8))))))) } + isGcd(mutable_x_8@init, mutable_y_8@init, d_2)))) + and ((JC_50: + (add_int(mul_int(a_3, mutable_x_8@init), + mul_int(b_2, mutable_y_8@init)) = mutable_x_8)) + and (JC_51: + (add_int(mul_int(c, mutable_x_8@init), + mul_int(d_1, mutable_y_8@init)) = mutable_y_8))))))) + } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_24: ((gt_int_ !mutable_y_8) (0))) then (let jessie_ = (let r = - (K_23: (JC_48: ((computer_mod !mutable_x_8) !mutable_y_8))) in + (K_23: (JC_56: ((computer_mod !mutable_x_8) !mutable_y_8))) in (let q_1 = - (K_22: (JC_49: ((computer_div !mutable_x_8) !mutable_y_8))) in + (K_22: (JC_57: ((computer_div !mutable_x_8) !mutable_y_8))) in begin (let jessie_ = (mutable_x_8 := !mutable_y_8) in void); (let jessie_ = (mutable_y_8 := r) in void); @@ -2004,17 +1999,16 @@ (c := (K_17: ((sub_int ta) (K_16: ((mul_int !c) q_1))))) in void); (d_1 := (K_19: ((sub_int tb) (K_18: ((mul_int !d_1) q_1))))); - !d_1 end)) end)) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + !d_1 end)) end)) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (return := !mutable_x_8); (raise Return) end)))); absurd end with Return -> !return end)))) - { (JC_19: true) } + { (JC_27: true) } let Gcd_gcd_ensures_resultIsGcd = fun (x_8 : int) (y_8 : int) -> - { (JC_17: ((JC_15: ge_int(x_8, (0))) and (JC_16: ge_int(y_8, (0))))) } + { (JC_25: ((JC_23: ge_int(x_8, (0))) and (JC_24: ge_int(y_8, (0))))) } (let mutable_x_8 = ref x_8 in (let mutable_y_8 = ref y_8 in (init: @@ -2029,34 +2023,31 @@ try (loop_3: while true do - { invariant (JC_57: true) } + { invariant (JC_65: true) } begin [ { } unit reads a_3,b_2,c,d_1,mutable_x_8,mutable_y_8 - { (JC_55: - ((JC_50: ge_int(mutable_x_8, (0))) - and ((JC_51: ge_int(mutable_y_8, (0))) - and ((JC_52: + { (JC_63: + ((JC_58: ge_int(mutable_x_8, (0))) + and ((JC_59: ge_int(mutable_y_8, (0))) + and ((JC_60: (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> - isGcd(mutable_x_8@init, mutable_y_8@init, d_2@init)))) - and ((JC_53: - eq_int(add_int(mul_int(a_3, mutable_x_8@init), - mul_int(b_2, mutable_y_8@init)), - mutable_x_8)) - and (JC_54: - eq_int(add_int(mul_int(c, mutable_x_8@init), - mul_int(d_1, mutable_y_8@init)), - mutable_y_8))))))) } ]; + isGcd(mutable_x_8@init, mutable_y_8@init, d_2)))) + and ((JC_61: + (add_int(mul_int(a_3, mutable_x_8@init), + mul_int(b_2, mutable_y_8@init)) = mutable_x_8)) + and (JC_62: + (add_int(mul_int(c, mutable_x_8@init), + mul_int(d_1, mutable_y_8@init)) = mutable_y_8))))))) } ]; try - (let jessie_ = begin (if (K_24: ((gt_int_ !mutable_y_8) (0))) then (let jessie_ = (let r = - (K_23: (JC_59: ((computer_mod !mutable_x_8) !mutable_y_8))) in + (K_23: (JC_67: ((computer_mod !mutable_x_8) !mutable_y_8))) in (let q_1 = - (K_22: (JC_60: ((computer_div !mutable_x_8) !mutable_y_8))) in + (K_22: (JC_68: ((computer_div !mutable_x_8) !mutable_y_8))) in begin (let jessie_ = (mutable_x_8 := !mutable_y_8) in void); (let jessie_ = (mutable_y_8 := r) in void); @@ -2069,17 +2060,16 @@ (c := (K_17: ((sub_int ta) (K_16: ((mul_int !c) q_1))))) in void); (d_1 := (K_19: ((sub_int tb) (K_18: ((mul_int !d_1) q_1))))); - !d_1 end)) end)) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + !d_1 end)) end)) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (return := !mutable_x_8); (raise Return) end)))); absurd end with Return -> !return end)))) - { (JC_23: isGcd(x_8, y_8, result)) } + { (JC_31: isGcd(x_8, y_8, result)) } let Gcd_gcd_safety = fun (x_8 : int) (y_8 : int) -> - { (JC_17: ((JC_15: ge_int(x_8, (0))) and (JC_16: ge_int(y_8, (0))))) } + { (JC_25: ((JC_23: ge_int(x_8, (0))) and (JC_24: ge_int(y_8, (0))))) } (let mutable_x_8 = ref x_8 in (let mutable_y_8 = ref y_8 in (init: @@ -2094,34 +2084,31 @@ try (loop_1: while true do - { invariant (JC_34: true) variant (JC_38 : mutable_y_8) } + { invariant (JC_42: true) variant (JC_46 : mutable_y_8) } begin [ { } unit reads a_3,b_2,c,d_1,mutable_x_8,mutable_y_8 - { (JC_32: - ((JC_27: ge_int(mutable_x_8, (0))) - and ((JC_28: ge_int(mutable_y_8, (0))) - and ((JC_29: + { (JC_40: + ((JC_35: ge_int(mutable_x_8, (0))) + and ((JC_36: ge_int(mutable_y_8, (0))) + and ((JC_37: (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> - isGcd(mutable_x_8@init, mutable_y_8@init, d_2@init)))) - and ((JC_30: - eq_int(add_int(mul_int(a_3, mutable_x_8@init), - mul_int(b_2, mutable_y_8@init)), - mutable_x_8)) - and (JC_31: - eq_int(add_int(mul_int(c, mutable_x_8@init), - mul_int(d_1, mutable_y_8@init)), - mutable_y_8))))))) } ]; + isGcd(mutable_x_8@init, mutable_y_8@init, d_2)))) + and ((JC_38: + (add_int(mul_int(a_3, mutable_x_8@init), + mul_int(b_2, mutable_y_8@init)) = mutable_x_8)) + and (JC_39: + (add_int(mul_int(c, mutable_x_8@init), + mul_int(d_1, mutable_y_8@init)) = mutable_y_8))))))) } ]; try - (let jessie_ = begin (if (K_24: ((gt_int_ !mutable_y_8) (0))) then (let jessie_ = (let r = - (K_23: (JC_36: ((computer_mod_ !mutable_x_8) !mutable_y_8))) in + (K_23: (JC_44: ((computer_mod_ !mutable_x_8) !mutable_y_8))) in (let q_1 = - (K_22: (JC_37: ((computer_div_ !mutable_x_8) !mutable_y_8))) in + (K_22: (JC_45: ((computer_div_ !mutable_x_8) !mutable_y_8))) in begin (let jessie_ = (mutable_x_8 := !mutable_y_8) in void); (let jessie_ = (mutable_y_8 := r) in void); @@ -2134,9 +2121,8 @@ (c := (K_17: ((sub_int ta) (K_16: ((mul_int !c) q_1))))) in void); (d_1 := (K_19: ((sub_int tb) (K_18: ((mul_int !d_1) q_1))))); - !d_1 end)) end)) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + !d_1 end)) end)) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (return := !mutable_x_8); (raise Return) end)))); absurd end with Return -> !return end)))) @@ -2146,7 +2132,7 @@ fun (this_0 : Object pointer) -> { valid_struct_Gcd(this_0, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_76: true) } + { (JC_84: true) } let cons_Gcd_safety = fun (this_0 : Object pointer) -> @@ -2159,165 +2145,165 @@ why --project [...] why/Gcd.why ========== file tests/java/why/Gcd.wpr ========== - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + - - + + + + + + + + + + + - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -3269,7 +3255,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -3296,12 +3282,6 @@ predicate divides(x_5: int, y_5: int) = (exists q:int. (y_5 = (q * x_5))) -predicate isGcd(a: int, b: int, d: int) = - (divides(d, a) and - (divides(d, b) and - (forall z_4:int. - ((divides(z_4, a) and divides(z_4, b)) -> divides(z_4, d))))) - logic interface_tag : interface tag_id axiom interface_int: (int_of_tag(interface_tag) = 1) @@ -3319,6 +3299,12 @@ (forall interface_tag_table:interface tag_table. instanceof(interface_tag_table, x, interface_tag))) +predicate isGcd(a: int, b: int, d: int) = + (divides(d, a) and + (divides(d, b) and + (forall z_4:int. + ((divides(z_4, a) and divides(z_4, b)) -> divides(z_4, d))))) + predicate left_valid_struct_Object(p: Object pointer, a: int, Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, p) <= a) @@ -3411,32 +3397,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Gcd(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -3473,69 +3433,81 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/Gcd_po1.why ========== +lemma distr_right: + (forall x_2:int. + (forall y:int. + (forall z:int. ((x_2 * (y + z)) = ((x_2 * y) + (x_2 * z)))))) + ========== file tests/java/why/Gcd_po10.why ========== -lemma mul_comm: - (forall x_3:int. (forall y_3:int. ((x_3 * y_3) = (y_3 * x_3)))) +lemma gcd_property: + (forall a_1:int. + (forall b_0:int. + (forall d_0:int. + (forall q_0:int. + (((a_1 >= 0) and + ((b_0 > 0) and isGcd(b_0, computer_mod(a_1, b_0), d_0))) -> + isGcd(a_1, b_0, d_0)))))) ========== file tests/java/why/Gcd_po11.why ========== goal Gcd_gcd_ensures_bezoutProperty_po_1: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_68": true) -> - ("JC_66": - (("JC_61": (mutable_x_8 >= 0)) and - (("JC_62": (mutable_y_8 >= 0)) and - (("JC_63": + ("JC_76": true) -> + ("JC_74": + (("JC_69": (mutable_x_8 >= 0)) and + (("JC_70": (mutable_y_8 >= 0)) and + (("JC_71": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_64": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_65": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_72": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_73": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 <= 0) -> forall return:int. (return = mutable_x_8) -> - ("JC_25": + ("JC_33": (exists a_2:int. (exists b_1:int. (((a_2 * x_8) + (b_1 * y_8)) = return)))) ========== file tests/java/why/Gcd_po12.why ========== goal Gcd_gcd_ensures_default_po_1: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> - ("JC_44": ("JC_42": ("JC_42": (((1 * x_8) + (0 * y_8)) = x_8)))) + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> + ("JC_52": ("JC_50": (((1 * x_8) + (0 * y_8)) = x_8))) ========== file tests/java/why/Gcd_po13.why ========== goal Gcd_gcd_ensures_default_po_2: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> - ("JC_44": ("JC_43": ("JC_43": (((0 * x_8) + (1 * y_8)) = y_8)))) + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> + ("JC_52": ("JC_51": (((0 * x_8) + (1 * y_8)) = y_8))) ========== file tests/java/why/Gcd_po14.why ========== goal Gcd_gcd_ensures_default_po_3: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_44": - (("JC_39": (mutable_x_8 >= 0)) and - (("JC_40": (mutable_y_8 >= 0)) and - (("JC_41": + ("JC_52": + (("JC_47": (mutable_x_8 >= 0)) and + (("JC_48": (mutable_y_8 >= 0)) and + (("JC_49": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_42": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_43": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_50": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_51": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> forall mutable_x_8_0:int. (mutable_x_8_0 = mutable_y_8) -> @@ -3549,27 +3521,27 @@ (c0 = (a_3 - (c * computer_div(mutable_x_8, mutable_y_8)))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * computer_div(mutable_x_8, mutable_y_8)))) -> - ("JC_44": ("JC_39": ("JC_39": (mutable_x_8_0 >= 0)))) + ("JC_52": ("JC_47": (mutable_x_8_0 >= 0))) ========== file tests/java/why/Gcd_po15.why ========== goal Gcd_gcd_ensures_default_po_4: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_44": - (("JC_39": (mutable_x_8 >= 0)) and - (("JC_40": (mutable_y_8 >= 0)) and - (("JC_41": + ("JC_52": + (("JC_47": (mutable_x_8 >= 0)) and + (("JC_48": (mutable_y_8 >= 0)) and + (("JC_49": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_42": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_43": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_50": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_51": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> forall mutable_x_8_0:int. (mutable_x_8_0 = mutable_y_8) -> @@ -3583,27 +3555,27 @@ (c0 = (a_3 - (c * computer_div(mutable_x_8, mutable_y_8)))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * computer_div(mutable_x_8, mutable_y_8)))) -> - ("JC_44": ("JC_40": ("JC_40": (mutable_y_8_0 >= 0)))) + ("JC_52": ("JC_48": (mutable_y_8_0 >= 0))) ========== file tests/java/why/Gcd_po16.why ========== goal Gcd_gcd_ensures_default_po_5: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_44": - (("JC_39": (mutable_x_8 >= 0)) and - (("JC_40": (mutable_y_8 >= 0)) and - (("JC_41": + ("JC_52": + (("JC_47": (mutable_x_8 >= 0)) and + (("JC_48": (mutable_y_8 >= 0)) and + (("JC_49": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_42": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_43": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_50": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_51": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> forall mutable_x_8_0:int. (mutable_x_8_0 = mutable_y_8) -> @@ -3617,31 +3589,29 @@ (c0 = (a_3 - (c * computer_div(mutable_x_8, mutable_y_8)))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * computer_div(mutable_x_8, mutable_y_8)))) -> - ("JC_44": - ("JC_41": - ("JC_41": - (forall d_2:int. - (isGcd(mutable_x_8_0, mutable_y_8_0, d_2) -> isGcd(x_8, y_8, d_2)))))) + forall d_2:int. + isGcd(mutable_x_8_0, mutable_y_8_0, d_2) -> + ("JC_52": ("JC_49": isGcd(x_8, y_8, d_2))) ========== file tests/java/why/Gcd_po17.why ========== goal Gcd_gcd_ensures_default_po_6: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_44": - (("JC_39": (mutable_x_8 >= 0)) and - (("JC_40": (mutable_y_8 >= 0)) and - (("JC_41": + ("JC_52": + (("JC_47": (mutable_x_8 >= 0)) and + (("JC_48": (mutable_y_8 >= 0)) and + (("JC_49": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_42": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_43": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_50": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_51": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> forall mutable_x_8_0:int. (mutable_x_8_0 = mutable_y_8) -> @@ -3655,28 +3625,27 @@ (c0 = (a_3 - (c * computer_div(mutable_x_8, mutable_y_8)))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * computer_div(mutable_x_8, mutable_y_8)))) -> - ("JC_44": - ("JC_42": ("JC_42": (((a_3_0 * x_8) + (b_2_0 * y_8)) = mutable_x_8_0)))) + ("JC_52": ("JC_50": (((a_3_0 * x_8) + (b_2_0 * y_8)) = mutable_x_8_0))) ========== file tests/java/why/Gcd_po18.why ========== goal Gcd_gcd_ensures_default_po_7: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_44": - (("JC_39": (mutable_x_8 >= 0)) and - (("JC_40": (mutable_y_8 >= 0)) and - (("JC_41": + ("JC_52": + (("JC_47": (mutable_x_8 >= 0)) and + (("JC_48": (mutable_y_8 >= 0)) and + (("JC_49": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_42": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_43": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_50": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_51": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> forall mutable_x_8_0:int. (mutable_x_8_0 = mutable_y_8) -> @@ -3690,35 +3659,34 @@ (c0 = (a_3 - (c * computer_div(mutable_x_8, mutable_y_8)))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * computer_div(mutable_x_8, mutable_y_8)))) -> - ("JC_44": - ("JC_43": ("JC_43": (((c0 * x_8) + (d_1_0 * y_8)) = mutable_y_8_0)))) + ("JC_52": ("JC_51": (((c0 * x_8) + (d_1_0 * y_8)) = mutable_y_8_0))) ========== file tests/java/why/Gcd_po19.why ========== goal Gcd_gcd_ensures_resultIsGcd_po_1: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_57": true) -> - ("JC_55": - (("JC_50": (mutable_x_8 >= 0)) and - (("JC_51": (mutable_y_8 >= 0)) and - (("JC_52": + ("JC_65": true) -> + ("JC_63": + (("JC_58": (mutable_x_8 >= 0)) and + (("JC_59": (mutable_y_8 >= 0)) and + (("JC_60": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_53": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_54": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_61": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_62": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 <= 0) -> forall return:int. (return = mutable_x_8) -> - ("JC_23": isGcd(x_8, y_8, return)) + ("JC_31": isGcd(x_8, y_8, return)) -========== file tests/java/why/Gcd_po1.why ========== +========== file tests/java/why/Gcd_po2.why ========== lemma distr_left: (forall x_0_0:int. (forall y_0:int. @@ -3729,22 +3697,22 @@ goal Gcd_gcd_safety_po_1: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_34": true) -> - ("JC_32": - (("JC_27": (mutable_x_8 >= 0)) and - (("JC_28": (mutable_y_8 >= 0)) and - (("JC_29": + ("JC_42": true) -> + ("JC_40": + (("JC_35": (mutable_x_8 >= 0)) and + (("JC_36": (mutable_y_8 >= 0)) and + (("JC_37": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_30": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_31": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_38": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_39": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> (mutable_y_8 <> 0) @@ -3752,22 +3720,22 @@ goal Gcd_gcd_safety_po_2: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_34": true) -> - ("JC_32": - (("JC_27": (mutable_x_8 >= 0)) and - (("JC_28": (mutable_y_8 >= 0)) and - (("JC_29": + ("JC_42": true) -> + ("JC_40": + (("JC_35": (mutable_x_8 >= 0)) and + (("JC_36": (mutable_y_8 >= 0)) and + (("JC_37": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_30": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_31": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_38": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_39": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> (mutable_y_8 <> 0) -> forall result:int. @@ -3787,28 +3755,28 @@ (c0 = (a_3 - (c * result0))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * result0))) -> - (0 <= ("JC_38": mutable_y_8)) + (0 <= ("JC_46": mutable_y_8)) ========== file tests/java/why/Gcd_po22.why ========== goal Gcd_gcd_safety_po_3: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_34": true) -> - ("JC_32": - (("JC_27": (mutable_x_8 >= 0)) and - (("JC_28": (mutable_y_8 >= 0)) and - (("JC_29": + ("JC_42": true) -> + ("JC_40": + (("JC_35": (mutable_x_8 >= 0)) and + (("JC_36": (mutable_y_8 >= 0)) and + (("JC_37": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_30": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_31": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_38": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_39": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> (mutable_y_8 <> 0) -> forall result:int. @@ -3828,47 +3796,39 @@ (c0 = (a_3 - (c * result0))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * result0))) -> - (("JC_38": mutable_y_8_0) < ("JC_38": mutable_y_8)) - -========== file tests/java/why/Gcd_po2.why ========== -lemma distr_left_minus: - (forall x_2:int. - (forall y_2:int. - (forall z_2:int. (((x_2 - y_2) * z_2) = ((x_2 * z_2) - (y_2 * z_2)))))) + (("JC_46": mutable_y_8_0) < ("JC_46": mutable_y_8)) ========== file tests/java/why/Gcd_po3.why ========== -lemma distr_right: - (forall x_4:int. - (forall y:int. - (forall z:int. ((x_4 * (y + z)) = ((x_4 * y) + (x_4 * z)))))) - -========== file tests/java/why/Gcd_po4.why ========== lemma distr_right_minus: (forall x_1_0:int. (forall y_1:int. (forall z_1:int. ((x_1_0 * (y_1 - z_1)) = ((x_1_0 * y_1) - (x_1_0 * z_1)))))) +========== file tests/java/why/Gcd_po4.why ========== +lemma distr_left_minus: + (forall x_2_0:int. + (forall y_2:int. + (forall z_2:int. + (((x_2_0 - y_2) * z_2) = ((x_2_0 * z_2) - (y_2 * z_2)))))) + ========== file tests/java/why/Gcd_po5.why ========== +lemma mul_comm: + (forall x_3:int. (forall y_3:int. ((x_3 * y_3) = (y_3 * x_3)))) + +========== file tests/java/why/Gcd_po6.why ========== +lemma mul_assoc: + (forall x_4:int. + (forall y_4:int. + (forall z_3:int. ((x_4 * (y_4 * z_3)) = ((x_4 * y_4) * z_3))))) + +========== file tests/java/why/Gcd_po7.why ========== lemma div_mod_property: (forall x_6:int. (forall y_6:int. (((x_6 >= 0) and (y_6 > 0)) -> (computer_mod(x_6, y_6) = (x_6 - (y_6 * computer_div(x_6, y_6))))))) -========== file tests/java/why/Gcd_po6.why ========== -lemma gcd_property: - (forall a_1:int. - (forall b_0:int. - (forall d_0:int. - (forall q_0:int. - (((b_0 > 0) and isGcd(b_0, computer_mod(a_1, b_0), d_0)) -> - isGcd(a_1, b_0, d_0)))))) - -========== file tests/java/why/Gcd_po7.why ========== -lemma gcd_zero: - (forall a_0:int. isGcd(a_0, 0, a_0)) - ========== file tests/java/why/Gcd_po8.why ========== lemma mod_property: (forall x_7:int. @@ -3877,10 +3837,8 @@ ((0 <= computer_mod(x_7, y_7)) and (computer_mod(x_7, y_7) < y_7))))) ========== file tests/java/why/Gcd_po9.why ========== -lemma mul_assoc: - (forall x_4_0:int. - (forall y_4:int. - (forall z_3:int. ((x_4_0 * (y_4 * z_3)) = ((x_4_0 * y_4) * z_3))))) +lemma gcd_zero: + (forall a_0:int. isGcd(a_0, 0, a_0)) ========== generation of Simplify VC output ========== why -simplify [...] why/Gcd.why @@ -4708,7 +4666,7 @@ (EQ (parenttag Gcd_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -4734,75 +4692,8 @@ ;; Why axiom Throwable_parenttag_Object (EQ (parenttag Throwable_tag Object_tag) |@true|)) -;; distr_left, File "HOME/tests/java/Gcd.jc", line 69, characters 0-152 -(FORALL (x_0_0 y_0 z_0) -(EQ (* (+ x_0_0 y_0) z_0) (+ (* x_0_0 z_0) (* y_0 z_0)))) - -(BG_PUSH - ;; lemma distr_left as axiom -(FORALL (x_0_0 y_0 z_0) -(EQ (* (+ x_0_0 y_0) z_0) (+ (* x_0_0 z_0) (* y_0 z_0))))) - -;; distr_left_minus, File "HOME/tests/java/Gcd.jc", line 50, characters 0-158 -(FORALL (x_2 y_2 z_2) (EQ (* (- x_2 y_2) z_2) (- (* x_2 z_2) (* y_2 z_2)))) - -(BG_PUSH - ;; lemma distr_left_minus as axiom -(FORALL (x_2 y_2 z_2) (EQ (* (- x_2 y_2) z_2) (- (* x_2 z_2) (* y_2 z_2))))) - -;; distr_right, File "HOME/tests/java/Gcd.jc", line 81, characters 0-133 -(FORALL (x_4 y z) (EQ (* x_4 (+ y z)) (+ (* x_4 y) (* x_4 z)))) - -(BG_PUSH - ;; lemma distr_right as axiom -(FORALL (x_4 y z) (EQ (* x_4 (+ y z)) (+ (* x_4 y) (* x_4 z))))) - -;; distr_right_minus, File "HOME/tests/java/Gcd.jc", line 75, characters 0-159 -(FORALL (x_1_0 y_1 z_1) -(EQ (* x_1_0 (- y_1 z_1)) (- (* x_1_0 y_1) (* x_1_0 z_1)))) - -(BG_PUSH - ;; lemma distr_right_minus as axiom -(FORALL (x_1_0 y_1 z_1) -(EQ (* x_1_0 (- y_1 z_1)) (- (* x_1_0 y_1) (* x_1_0 z_1))))) - -;; div_mod_property, File "HOME/tests/java/Gcd.jc", line 87, characters 0-159 -(FORALL (x_6 y_6) -(IMPLIES (AND (>= x_6 0) (> y_6 0)) -(EQ (computer_mod x_6 y_6) (- x_6 (* y_6 (computer_div x_6 y_6)))))) - -(BG_PUSH - ;; lemma div_mod_property as axiom -(FORALL (x_6 y_6) -(IMPLIES (AND (>= x_6 0) (> y_6 0)) -(EQ (computer_mod x_6 y_6) (- x_6 (* y_6 (computer_div x_6 y_6))))))) - (DEFPRED (divides x_5 y_5) (EXISTS (q) (EQ y_5 (* q x_5)))) -(DEFPRED (isGcd a b d) - (AND (divides d a) - (AND (divides d b) - (FORALL (z_4) - (IMPLIES (AND (divides z_4 a) (divides z_4 b)) (divides z_4 d)))))) - -;; gcd_property, File "HOME/tests/java/Gcd.jc", line 61, characters 0-213 -(FORALL (a_1 b_0 d_0 q_0) -(IMPLIES (AND (> b_0 0) (isGcd b_0 (computer_mod a_1 b_0) d_0)) -(isGcd a_1 b_0 d_0))) - -(BG_PUSH - ;; lemma gcd_property as axiom -(FORALL (a_1 b_0 d_0 q_0) -(IMPLIES (AND (> b_0 0) (isGcd b_0 (computer_mod a_1 b_0) d_0)) -(isGcd a_1 b_0 d_0)))) - -;; gcd_zero, File "HOME/tests/java/Gcd.jc", line 46, characters 0-60 -(FORALL (a_0) (isGcd a_0 0 a_0)) - -(BG_PUSH - ;; lemma gcd_zero as axiom -(FORALL (a_0) (isGcd a_0 0 a_0))) - (BG_PUSH ;; Why axiom interface_int (EQ (int_of_tag interface_tag) 1)) @@ -4820,6 +4711,12 @@ (FORALL (x interface_tag_table) (instanceof interface_tag_table x interface_tag))) +(DEFPRED (isGcd a b d) + (AND (divides d a) + (AND (divides d b) + (FORALL (z_4) + (IMPLIES (AND (divides z_4 a) (divides z_4 b)) (divides z_4 d)))))) + (DEFPRED (left_valid_struct_Object p a Object_alloc_table) (<= (offset_min Object_alloc_table p) a)) @@ -4838,31 +4735,6 @@ (DEFPRED (left_valid_struct_interface p a interface_alloc_table) (<= (offset_min interface_alloc_table p) a)) -;; mod_property, File "HOME/tests/java/Gcd.jc", line 99, characters 0-154 -(FORALL (x_7 y_7) -(IMPLIES (AND (>= x_7 0) (> y_7 0)) -(AND (<= 0 (computer_mod x_7 y_7)) (< (computer_mod x_7 y_7) y_7)))) - -(BG_PUSH - ;; lemma mod_property as axiom -(FORALL (x_7 y_7) -(IMPLIES (AND (>= x_7 0) (> y_7 0)) -(AND (<= 0 (computer_mod x_7 y_7)) (< (computer_mod x_7 y_7) y_7))))) - -;; mul_assoc, File "HOME/tests/java/Gcd.jc", line 93, characters 0-143 -(FORALL (x_4_0 y_4 z_3) (EQ (* x_4_0 (* y_4 z_3)) (* (* x_4_0 y_4) z_3))) - -(BG_PUSH - ;; lemma mul_assoc as axiom -(FORALL (x_4_0 y_4 z_3) (EQ (* x_4_0 (* y_4 z_3)) (* (* x_4_0 y_4) z_3)))) - -;; mul_comm, File "HOME/tests/java/Gcd.jc", line 56, characters 0-97 -(FORALL (x_3 y_3) (EQ (* x_3 y_3) (* y_3 x_3))) - -(BG_PUSH - ;; lemma mul_comm as axiom -(FORALL (x_3 y_3) (EQ (* x_3 y_3) (* y_3 x_3)))) - (BG_PUSH ;; Why axiom pointer_addr_of_Object_of_pointer_address (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) @@ -4917,55 +4789,125 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) +(DEFPRED (valid_root_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_root_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_struct_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_struct_Exception p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Gcd p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_String p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Throwable p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +;; distr_right, File "HOME/tests/java/Gcd.java", line 36, characters 10-21 +(FORALL (x_2 y z) (EQ (* x_2 (+ y z)) (+ (* x_2 y) (* x_2 z)))) + +(BG_PUSH + ;; lemma distr_right as axiom +(FORALL (x_2 y z) (EQ (* x_2 (+ y z)) (+ (* x_2 y) (* x_2 z))))) + +;; distr_left, File "HOME/tests/java/Gcd.java", line 40, characters 10-20 +(FORALL (x_0_0 y_0 z_0) +(EQ (* (+ x_0_0 y_0) z_0) (+ (* x_0_0 z_0) (* y_0 z_0)))) + +(BG_PUSH + ;; lemma distr_left as axiom +(FORALL (x_0_0 y_0 z_0) +(EQ (* (+ x_0_0 y_0) z_0) (+ (* x_0_0 z_0) (* y_0 z_0))))) + +;; distr_right_minus, File "HOME/tests/java/Gcd.java", line 44, characters 10-27 +(FORALL (x_1_0 y_1 z_1) +(EQ (* x_1_0 (- y_1 z_1)) (- (* x_1_0 y_1) (* x_1_0 z_1)))) + +(BG_PUSH + ;; lemma distr_right_minus as axiom +(FORALL (x_1_0 y_1 z_1) +(EQ (* x_1_0 (- y_1 z_1)) (- (* x_1_0 y_1) (* x_1_0 z_1))))) -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) +;; distr_left_minus, File "HOME/tests/java/Gcd.java", line 48, characters 10-26 +(FORALL (x_2_0 y_2 z_2) +(EQ (* (- x_2_0 y_2) z_2) (- (* x_2_0 z_2) (* y_2 z_2)))) -(DEFPRED (valid_bitvector_struct_Gcd p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) +(BG_PUSH + ;; lemma distr_left_minus as axiom +(FORALL (x_2_0 y_2 z_2) +(EQ (* (- x_2_0 y_2) z_2) (- (* x_2_0 z_2) (* y_2 z_2))))) + +;; mul_comm, File "HOME/tests/java/Gcd.java", line 52, characters 10-18 +(FORALL (x_3 y_3) (EQ (* x_3 y_3) (* y_3 x_3))) -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) +(BG_PUSH + ;; lemma mul_comm as axiom +(FORALL (x_3 y_3) (EQ (* x_3 y_3) (* y_3 x_3)))) -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) +;; mul_assoc, File "HOME/tests/java/Gcd.java", line 56, characters 10-19 +(FORALL (x_4 y_4 z_3) (EQ (* x_4 (* y_4 z_3)) (* (* x_4 y_4) z_3))) -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) +(BG_PUSH + ;; lemma mul_assoc as axiom +(FORALL (x_4 y_4 z_3) (EQ (* x_4 (* y_4 z_3)) (* (* x_4 y_4) z_3)))) -(DEFPRED (valid_root_Object p a b Object_alloc_table) - (AND (<= (offset_min Object_alloc_table p) a) - (>= (offset_max Object_alloc_table p) b))) +;; div_mod_property, File "HOME/tests/java/Gcd.java", line 64, characters 10-26 +(FORALL (x_6 y_6) +(IMPLIES (AND (>= x_6 0) (> y_6 0)) +(EQ (computer_mod x_6 y_6) (- x_6 (* y_6 (computer_div x_6 y_6)))))) -(DEFPRED (valid_root_interface p a b interface_alloc_table) - (AND (<= (offset_min interface_alloc_table p) a) - (>= (offset_max interface_alloc_table p) b))) +(BG_PUSH + ;; lemma div_mod_property as axiom +(FORALL (x_6 y_6) +(IMPLIES (AND (>= x_6 0) (> y_6 0)) +(EQ (computer_mod x_6 y_6) (- x_6 (* y_6 (computer_div x_6 y_6))))))) -(DEFPRED (valid_struct_Object p a b Object_alloc_table) - (AND (<= (offset_min Object_alloc_table p) a) - (>= (offset_max Object_alloc_table p) b))) +;; mod_property, File "HOME/tests/java/Gcd.java", line 69, characters 10-22 +(FORALL (x_7 y_7) +(IMPLIES (AND (>= x_7 0) (> y_7 0)) +(AND (<= 0 (computer_mod x_7 y_7)) (< (computer_mod x_7 y_7) y_7)))) -(DEFPRED (valid_struct_Exception p a b Object_alloc_table) - (valid_struct_Object p a b Object_alloc_table)) +(BG_PUSH + ;; lemma mod_property as axiom +(FORALL (x_7 y_7) +(IMPLIES (AND (>= x_7 0) (> y_7 0)) +(AND (<= 0 (computer_mod x_7 y_7)) (< (computer_mod x_7 y_7) y_7))))) -(DEFPRED (valid_struct_Gcd p a b Object_alloc_table) - (valid_struct_Object p a b Object_alloc_table)) +;; gcd_zero, File "HOME/tests/java/Gcd.java", line 80, characters 10-18 +(FORALL (a_0) (isGcd a_0 0 a_0)) -(DEFPRED (valid_struct_String p a b Object_alloc_table) - (valid_struct_Object p a b Object_alloc_table)) +(BG_PUSH + ;; lemma gcd_zero as axiom +(FORALL (a_0) (isGcd a_0 0 a_0))) -(DEFPRED (valid_struct_Throwable p a b Object_alloc_table) - (valid_struct_Object p a b Object_alloc_table)) +;; gcd_property, File "HOME/tests/java/Gcd.java", line 84, characters 10-22 +(FORALL (a_1 b_0 d_0 q_0) +(IMPLIES +(AND (>= a_1 0) (AND (> b_0 0) (isGcd b_0 (computer_mod a_1 b_0) d_0))) +(isGcd a_1 b_0 d_0))) -(DEFPRED (valid_struct_interface p a b interface_alloc_table) - (AND (<= (offset_min interface_alloc_table p) a) - (>= (offset_max interface_alloc_table p) b))) +(BG_PUSH + ;; lemma gcd_property as axiom +(FORALL (a_1 b_0 d_0 q_0) +(IMPLIES +(AND (>= a_1 0) (AND (> b_0 0) (isGcd b_0 (computer_mod a_1 b_0) d_0))) +(isGcd a_1 b_0 d_0)))) -;; Gcd_gcd_ensures_bezoutProperty_po_1, File "HOME/tests/java/Gcd.java", line 93, characters 18-57 +;; Gcd_gcd_ensures_bezoutProperty_po_1, File "HOME/tests/java/Gcd.java", line 95, characters 18-57 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) @@ -4988,17 +4930,17 @@ (IMPLIES (EQ return mutable_x_8) (EXISTS (a_2) (EXISTS (b_1) (EQ (+ (* a_2 x_8) (* b_1 y_8)) return))))))))))))))))) -;; Gcd_gcd_ensures_default_po_1, File "HOME/tests/java/Gcd.java", line 101, characters 15-45 +;; Gcd_gcd_ensures_default_po_1, File "HOME/tests/java/Gcd.java", line 103, characters 15-45 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) (EQ (+ (* 1 x_8) (* 0 y_8)) x_8)))) -;; Gcd_gcd_ensures_default_po_2, File "HOME/tests/java/Gcd.java", line 102, characters 15-45 +;; Gcd_gcd_ensures_default_po_2, File "HOME/tests/java/Gcd.java", line 104, characters 15-45 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) (EQ (+ (* 0 x_8) (* 1 y_8)) y_8)))) -;; Gcd_gcd_ensures_default_po_3, File "HOME/tests/java/Gcd.java", line 98, characters 15-21 +;; Gcd_gcd_ensures_default_po_3, File "HOME/tests/java/Gcd.java", line 100, characters 15-21 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) @@ -5030,7 +4972,7 @@ (IMPLIES (EQ d_1_0 (- b_2 (* d_1 (computer_div mutable_x_8 mutable_y_8)))) (>= mutable_x_8_0 0)))))))))))))))))))))))) -;; Gcd_gcd_ensures_default_po_4, File "HOME/tests/java/Gcd.java", line 98, characters 25-31 +;; Gcd_gcd_ensures_default_po_4, File "HOME/tests/java/Gcd.java", line 100, characters 25-31 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) @@ -5062,7 +5004,7 @@ (IMPLIES (EQ d_1_0 (- b_2 (* d_1 (computer_div mutable_x_8 mutable_y_8)))) (>= mutable_y_8_0 0)))))))))))))))))))))))) -;; Gcd_gcd_ensures_default_po_5, File "HOME/tests/java/Gcd.java", line 99, characters 9-81 +;; Gcd_gcd_ensures_default_po_5, File "HOME/tests/java/Gcd.java", line 101, characters 9-80 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) @@ -5095,7 +5037,7 @@ (FORALL (d_2) (IMPLIES (isGcd mutable_x_8_0 mutable_y_8_0 d_2) (isGcd x_8 y_8 d_2)))))))))))))))))))))))))) -;; Gcd_gcd_ensures_default_po_6, File "HOME/tests/java/Gcd.java", line 101, characters 15-45 +;; Gcd_gcd_ensures_default_po_6, File "HOME/tests/java/Gcd.java", line 103, characters 15-45 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) @@ -5127,7 +5069,7 @@ (IMPLIES (EQ d_1_0 (- b_2 (* d_1 (computer_div mutable_x_8 mutable_y_8)))) (EQ (+ (* a_3_0 x_8) (* b_2_0 y_8)) mutable_x_8_0)))))))))))))))))))))))) -;; Gcd_gcd_ensures_default_po_7, File "HOME/tests/java/Gcd.java", line 102, characters 15-45 +;; Gcd_gcd_ensures_default_po_7, File "HOME/tests/java/Gcd.java", line 104, characters 15-45 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) @@ -5159,7 +5101,7 @@ (IMPLIES (EQ d_1_0 (- b_2 (* d_1 (computer_div mutable_x_8 mutable_y_8)))) (EQ (+ (* c0 x_8) (* d_1_0 y_8)) mutable_y_8_0)))))))))))))))))))))))) -;; Gcd_gcd_ensures_resultIsGcd_po_1, File "HOME/tests/java/Gcd.java", line 91, characters 18-36 +;; Gcd_gcd_ensures_resultIsGcd_po_1, File "HOME/tests/java/Gcd.java", line 93, characters 18-36 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) @@ -5180,7 +5122,7 @@ (IMPLIES (<= mutable_y_8 0) (FORALL (return) (IMPLIES (EQ return mutable_x_8) (isGcd x_8 y_8 return))))))))))))))) -;; Gcd_gcd_safety_po_1, File "HOME/tests/java/Gcd.java", line 106, characters 20-25 +;; Gcd_gcd_safety_po_1, File "HOME/tests/java/Gcd.java", line 108, characters 20-25 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) @@ -5200,7 +5142,7 @@ (EQ (+ (* c x_8) (* d_1 y_8)) mutable_y_8))))) (IMPLIES (> mutable_y_8 0) (NEQ mutable_y_8 0))))))))))))) -;; Gcd_gcd_safety_po_2, File "HOME/tests/java/Gcd.java", line 103, characters 25-26 +;; Gcd_gcd_safety_po_2, File "HOME/tests/java/Gcd.java", line 105, characters 25-26 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) @@ -5238,7 +5180,7 @@ (FORALL (d_1_0) (IMPLIES (EQ d_1_0 (- b_2 (* d_1 result0))) (<= 0 mutable_y_8))))))))))))))))))))))))))))))) -;; Gcd_gcd_safety_po_3, File "HOME/tests/java/Gcd.java", line 103, characters 25-26 +;; Gcd_gcd_safety_po_3, File "HOME/tests/java/Gcd.java", line 105, characters 25-26 (FORALL (x_8) (FORALL (y_8) (IMPLIES (AND (>= x_8 0) (>= y_8 0)) @@ -5279,12 +5221,12 @@ ========== running Simplify ========== Running Simplify on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -simplify/Gcd_why.sx : ????.??.??............ (14/0/8/0/0) +simplify/Gcd_why.sx : ??????..##............ (14/0/6/2/0) total : 22 valid : 14 ( 64%) invalid : 0 ( 0%) -unknown : 8 ( 36%) -timeout : 0 ( 0%) +unknown : 6 ( 27%) +timeout : 2 ( 9%) failure : 0 ( 0%) ========== generation of alt-ergo VC output ========== why -alt-ergo [...] why/Gcd.why @@ -6234,7 +6176,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -6259,92 +6201,8 @@ axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) -goal distr_left: - (forall x_0_0:int. - (forall y_0:int. - (forall z_0:int. - (((x_0_0 + y_0) * z_0) = ((x_0_0 * z_0) + (y_0 * z_0)))))) - -axiom distr_left_as_axiom: - (forall x_0_0:int. - (forall y_0:int. - (forall z_0:int. - (((x_0_0 + y_0) * z_0) = ((x_0_0 * z_0) + (y_0 * z_0)))))) - -goal distr_left_minus: - (forall x_2:int. - (forall y_2:int. - (forall z_2:int. (((x_2 - y_2) * z_2) = ((x_2 * z_2) - (y_2 * z_2)))))) - -axiom distr_left_minus_as_axiom: - (forall x_2:int. - (forall y_2:int. - (forall z_2:int. (((x_2 - y_2) * z_2) = ((x_2 * z_2) - (y_2 * z_2)))))) - -goal distr_right: - (forall x_4:int. - (forall y:int. - (forall z:int. ((x_4 * (y + z)) = ((x_4 * y) + (x_4 * z)))))) - -axiom distr_right_as_axiom: - (forall x_4:int. - (forall y:int. - (forall z:int. ((x_4 * (y + z)) = ((x_4 * y) + (x_4 * z)))))) - -goal distr_right_minus: - (forall x_1_0:int. - (forall y_1:int. - (forall z_1:int. - ((x_1_0 * (y_1 - z_1)) = ((x_1_0 * y_1) - (x_1_0 * z_1)))))) - -axiom distr_right_minus_as_axiom: - (forall x_1_0:int. - (forall y_1:int. - (forall z_1:int. - ((x_1_0 * (y_1 - z_1)) = ((x_1_0 * y_1) - (x_1_0 * z_1)))))) - -goal div_mod_property: - (forall x_6:int. - (forall y_6:int. - (((x_6 >= 0) and (y_6 > 0)) -> (computer_mod(x_6, - y_6) = (x_6 - (y_6 * computer_div(x_6, y_6))))))) - -axiom div_mod_property_as_axiom: - (forall x_6:int. - (forall y_6:int. - (((x_6 >= 0) and (y_6 > 0)) -> (computer_mod(x_6, - y_6) = (x_6 - (y_6 * computer_div(x_6, y_6))))))) - predicate divides(x_5: int, y_5: int) = (exists q:int. (y_5 = (q * x_5))) -predicate isGcd(a: int, b: int, d: int) = - (divides(d, a) and - (divides(d, b) and - (forall z_4:int. - ((divides(z_4, a) and divides(z_4, b)) -> divides(z_4, d))))) - -goal gcd_property: - (forall a_1:int. - (forall b_0:int. - (forall d_0:int. - (forall q_0:int. - (((b_0 > 0) and isGcd(b_0, computer_mod(a_1, b_0), d_0)) -> - isGcd(a_1, b_0, d_0)))))) - -axiom gcd_property_as_axiom: - (forall a_1:int. - (forall b_0:int. - (forall d_0:int. - (forall q_0:int. - (((b_0 > 0) and isGcd(b_0, computer_mod(a_1, b_0), d_0)) -> - isGcd(a_1, b_0, d_0)))))) - -goal gcd_zero: - (forall a_0:int. isGcd(a_0, 0, a_0)) - -axiom gcd_zero_as_axiom: - (forall a_0:int. isGcd(a_0, 0, a_0)) - logic interface_tag : interface tag_id axiom interface_int: (int_of_tag(interface_tag) = 1) @@ -6362,6 +6220,12 @@ (forall interface_tag_table:interface tag_table. instanceof(interface_tag_table, x, interface_tag))) +predicate isGcd(a: int, b: int, d: int) = + (divides(d, a) and + (divides(d, b) and + (forall z_4:int. + ((divides(z_4, a) and divides(z_4, b)) -> divides(z_4, d))))) + predicate left_valid_struct_Object(p: Object pointer, a: int, Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, p) <= a) @@ -6386,34 +6250,6 @@ interface_alloc_table: interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) -goal mod_property: - (forall x_7:int. - (forall y_7:int. - (((x_7 >= 0) and (y_7 > 0)) -> - ((0 <= computer_mod(x_7, y_7)) and (computer_mod(x_7, y_7) < y_7))))) - -axiom mod_property_as_axiom: - (forall x_7:int. - (forall y_7:int. - (((x_7 >= 0) and (y_7 > 0)) -> - ((0 <= computer_mod(x_7, y_7)) and (computer_mod(x_7, y_7) < y_7))))) - -goal mul_assoc: - (forall x_4_0:int. - (forall y_4:int. - (forall z_3:int. ((x_4_0 * (y_4 * z_3)) = ((x_4_0 * y_4) * z_3))))) - -axiom mul_assoc_as_axiom: - (forall x_4_0:int. - (forall y_4:int. - (forall z_3:int. ((x_4_0 * (y_4 * z_3)) = ((x_4_0 * y_4) * z_3))))) - -goal mul_comm: - (forall x_3:int. (forall y_3:int. ((x_3 * y_3) = (y_3 * x_3)))) - -axiom mul_comm_as_axiom: - (forall x_3:int. (forall y_3:int. ((x_3 * y_3) = (y_3 * x_3)))) - axiom pointer_addr_of_Object_of_pointer_address: (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -6482,32 +6318,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Gcd(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -6544,61 +6354,171 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +goal distr_right: + (forall x_2:int. + (forall y:int. + (forall z:int. ((x_2 * (y + z)) = ((x_2 * y) + (x_2 * z)))))) + +axiom distr_right_as_axiom: + (forall x_2:int. + (forall y:int. + (forall z:int. ((x_2 * (y + z)) = ((x_2 * y) + (x_2 * z)))))) + +goal distr_left: + (forall x_0_0:int. + (forall y_0:int. + (forall z_0:int. + (((x_0_0 + y_0) * z_0) = ((x_0_0 * z_0) + (y_0 * z_0)))))) + +axiom distr_left_as_axiom: + (forall x_0_0:int. + (forall y_0:int. + (forall z_0:int. + (((x_0_0 + y_0) * z_0) = ((x_0_0 * z_0) + (y_0 * z_0)))))) + +goal distr_right_minus: + (forall x_1_0:int. + (forall y_1:int. + (forall z_1:int. + ((x_1_0 * (y_1 - z_1)) = ((x_1_0 * y_1) - (x_1_0 * z_1)))))) + +axiom distr_right_minus_as_axiom: + (forall x_1_0:int. + (forall y_1:int. + (forall z_1:int. + ((x_1_0 * (y_1 - z_1)) = ((x_1_0 * y_1) - (x_1_0 * z_1)))))) + +goal distr_left_minus: + (forall x_2_0:int. + (forall y_2:int. + (forall z_2:int. + (((x_2_0 - y_2) * z_2) = ((x_2_0 * z_2) - (y_2 * z_2)))))) + +axiom distr_left_minus_as_axiom: + (forall x_2_0:int. + (forall y_2:int. + (forall z_2:int. + (((x_2_0 - y_2) * z_2) = ((x_2_0 * z_2) - (y_2 * z_2)))))) + +goal mul_comm: + (forall x_3:int. (forall y_3:int. ((x_3 * y_3) = (y_3 * x_3)))) + +axiom mul_comm_as_axiom: + (forall x_3:int. (forall y_3:int. ((x_3 * y_3) = (y_3 * x_3)))) + +goal mul_assoc: + (forall x_4:int. + (forall y_4:int. + (forall z_3:int. ((x_4 * (y_4 * z_3)) = ((x_4 * y_4) * z_3))))) + +axiom mul_assoc_as_axiom: + (forall x_4:int. + (forall y_4:int. + (forall z_3:int. ((x_4 * (y_4 * z_3)) = ((x_4 * y_4) * z_3))))) + +goal div_mod_property: + (forall x_6:int. + (forall y_6:int. + (((x_6 >= 0) and (y_6 > 0)) -> (computer_mod(x_6, + y_6) = (x_6 - (y_6 * computer_div(x_6, y_6))))))) + +axiom div_mod_property_as_axiom: + (forall x_6:int. + (forall y_6:int. + (((x_6 >= 0) and (y_6 > 0)) -> (computer_mod(x_6, + y_6) = (x_6 - (y_6 * computer_div(x_6, y_6))))))) + +goal mod_property: + (forall x_7:int. + (forall y_7:int. + (((x_7 >= 0) and (y_7 > 0)) -> + ((0 <= computer_mod(x_7, y_7)) and (computer_mod(x_7, y_7) < y_7))))) + +axiom mod_property_as_axiom: + (forall x_7:int. + (forall y_7:int. + (((x_7 >= 0) and (y_7 > 0)) -> + ((0 <= computer_mod(x_7, y_7)) and (computer_mod(x_7, y_7) < y_7))))) + +goal gcd_zero: + (forall a_0:int. isGcd(a_0, 0, a_0)) + +axiom gcd_zero_as_axiom: + (forall a_0:int. isGcd(a_0, 0, a_0)) + +goal gcd_property: + (forall a_1:int. + (forall b_0:int. + (forall d_0:int. + (forall q_0:int. + (((a_1 >= 0) and + ((b_0 > 0) and isGcd(b_0, computer_mod(a_1, b_0), d_0))) -> + isGcd(a_1, b_0, d_0)))))) + +axiom gcd_property_as_axiom: + (forall a_1:int. + (forall b_0:int. + (forall d_0:int. + (forall q_0:int. + (((a_1 >= 0) and + ((b_0 > 0) and isGcd(b_0, computer_mod(a_1, b_0), d_0))) -> + isGcd(a_1, b_0, d_0)))))) + goal Gcd_gcd_ensures_bezoutProperty_po_1: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_68": true) -> - ("JC_66": - (("JC_61": (mutable_x_8 >= 0)) and - (("JC_62": (mutable_y_8 >= 0)) and - (("JC_63": + ("JC_76": true) -> + ("JC_74": + (("JC_69": (mutable_x_8 >= 0)) and + (("JC_70": (mutable_y_8 >= 0)) and + (("JC_71": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_64": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_65": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_72": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_73": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 <= 0) -> forall return:int. (return = mutable_x_8) -> - ("JC_25": + ("JC_33": (exists a_2:int. (exists b_1:int. (((a_2 * x_8) + (b_1 * y_8)) = return)))) goal Gcd_gcd_ensures_default_po_1: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> - ("JC_44": ("JC_42": ("JC_42": (((1 * x_8) + (0 * y_8)) = x_8)))) + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> + ("JC_52": ("JC_50": (((1 * x_8) + (0 * y_8)) = x_8))) goal Gcd_gcd_ensures_default_po_2: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> - ("JC_44": ("JC_43": ("JC_43": (((0 * x_8) + (1 * y_8)) = y_8)))) + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> + ("JC_52": ("JC_51": (((0 * x_8) + (1 * y_8)) = y_8))) goal Gcd_gcd_ensures_default_po_3: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_44": - (("JC_39": (mutable_x_8 >= 0)) and - (("JC_40": (mutable_y_8 >= 0)) and - (("JC_41": + ("JC_52": + (("JC_47": (mutable_x_8 >= 0)) and + (("JC_48": (mutable_y_8 >= 0)) and + (("JC_49": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_42": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_43": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_50": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_51": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> forall mutable_x_8_0:int. (mutable_x_8_0 = mutable_y_8) -> @@ -6612,26 +6532,26 @@ (c0 = (a_3 - (c * computer_div(mutable_x_8, mutable_y_8)))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * computer_div(mutable_x_8, mutable_y_8)))) -> - ("JC_44": ("JC_39": ("JC_39": (mutable_x_8_0 >= 0)))) + ("JC_52": ("JC_47": (mutable_x_8_0 >= 0))) goal Gcd_gcd_ensures_default_po_4: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_44": - (("JC_39": (mutable_x_8 >= 0)) and - (("JC_40": (mutable_y_8 >= 0)) and - (("JC_41": + ("JC_52": + (("JC_47": (mutable_x_8 >= 0)) and + (("JC_48": (mutable_y_8 >= 0)) and + (("JC_49": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_42": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_43": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_50": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_51": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> forall mutable_x_8_0:int. (mutable_x_8_0 = mutable_y_8) -> @@ -6645,26 +6565,26 @@ (c0 = (a_3 - (c * computer_div(mutable_x_8, mutable_y_8)))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * computer_div(mutable_x_8, mutable_y_8)))) -> - ("JC_44": ("JC_40": ("JC_40": (mutable_y_8_0 >= 0)))) + ("JC_52": ("JC_48": (mutable_y_8_0 >= 0))) goal Gcd_gcd_ensures_default_po_5: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_44": - (("JC_39": (mutable_x_8 >= 0)) and - (("JC_40": (mutable_y_8 >= 0)) and - (("JC_41": + ("JC_52": + (("JC_47": (mutable_x_8 >= 0)) and + (("JC_48": (mutable_y_8 >= 0)) and + (("JC_49": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_42": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_43": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_50": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_51": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> forall mutable_x_8_0:int. (mutable_x_8_0 = mutable_y_8) -> @@ -6678,30 +6598,28 @@ (c0 = (a_3 - (c * computer_div(mutable_x_8, mutable_y_8)))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * computer_div(mutable_x_8, mutable_y_8)))) -> - ("JC_44": - ("JC_41": - ("JC_41": - (forall d_2:int. - (isGcd(mutable_x_8_0, mutable_y_8_0, d_2) -> isGcd(x_8, y_8, d_2)))))) + forall d_2:int. + isGcd(mutable_x_8_0, mutable_y_8_0, d_2) -> + ("JC_52": ("JC_49": isGcd(x_8, y_8, d_2))) goal Gcd_gcd_ensures_default_po_6: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_44": - (("JC_39": (mutable_x_8 >= 0)) and - (("JC_40": (mutable_y_8 >= 0)) and - (("JC_41": + ("JC_52": + (("JC_47": (mutable_x_8 >= 0)) and + (("JC_48": (mutable_y_8 >= 0)) and + (("JC_49": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_42": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_43": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_50": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_51": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> forall mutable_x_8_0:int. (mutable_x_8_0 = mutable_y_8) -> @@ -6715,27 +6633,26 @@ (c0 = (a_3 - (c * computer_div(mutable_x_8, mutable_y_8)))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * computer_div(mutable_x_8, mutable_y_8)))) -> - ("JC_44": - ("JC_42": ("JC_42": (((a_3_0 * x_8) + (b_2_0 * y_8)) = mutable_x_8_0)))) + ("JC_52": ("JC_50": (((a_3_0 * x_8) + (b_2_0 * y_8)) = mutable_x_8_0))) goal Gcd_gcd_ensures_default_po_7: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_44": - (("JC_39": (mutable_x_8 >= 0)) and - (("JC_40": (mutable_y_8 >= 0)) and - (("JC_41": + ("JC_52": + (("JC_47": (mutable_x_8 >= 0)) and + (("JC_48": (mutable_y_8 >= 0)) and + (("JC_49": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_42": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_43": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_50": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_51": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> forall mutable_x_8_0:int. (mutable_x_8_0 = mutable_y_8) -> @@ -6749,74 +6666,73 @@ (c0 = (a_3 - (c * computer_div(mutable_x_8, mutable_y_8)))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * computer_div(mutable_x_8, mutable_y_8)))) -> - ("JC_44": - ("JC_43": ("JC_43": (((c0 * x_8) + (d_1_0 * y_8)) = mutable_y_8_0)))) + ("JC_52": ("JC_51": (((c0 * x_8) + (d_1_0 * y_8)) = mutable_y_8_0))) goal Gcd_gcd_ensures_resultIsGcd_po_1: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_57": true) -> - ("JC_55": - (("JC_50": (mutable_x_8 >= 0)) and - (("JC_51": (mutable_y_8 >= 0)) and - (("JC_52": + ("JC_65": true) -> + ("JC_63": + (("JC_58": (mutable_x_8 >= 0)) and + (("JC_59": (mutable_y_8 >= 0)) and + (("JC_60": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_53": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_54": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_61": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_62": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 <= 0) -> forall return:int. (return = mutable_x_8) -> - ("JC_23": isGcd(x_8, y_8, return)) + ("JC_31": isGcd(x_8, y_8, return)) goal Gcd_gcd_safety_po_1: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_34": true) -> - ("JC_32": - (("JC_27": (mutable_x_8 >= 0)) and - (("JC_28": (mutable_y_8 >= 0)) and - (("JC_29": + ("JC_42": true) -> + ("JC_40": + (("JC_35": (mutable_x_8 >= 0)) and + (("JC_36": (mutable_y_8 >= 0)) and + (("JC_37": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_30": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_31": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_38": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_39": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> (mutable_y_8 <> 0) goal Gcd_gcd_safety_po_2: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_34": true) -> - ("JC_32": - (("JC_27": (mutable_x_8 >= 0)) and - (("JC_28": (mutable_y_8 >= 0)) and - (("JC_29": + ("JC_42": true) -> + ("JC_40": + (("JC_35": (mutable_x_8 >= 0)) and + (("JC_36": (mutable_y_8 >= 0)) and + (("JC_37": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_30": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_31": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_38": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_39": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> (mutable_y_8 <> 0) -> forall result:int. @@ -6836,27 +6752,27 @@ (c0 = (a_3 - (c * result0))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * result0))) -> - (0 <= ("JC_38": mutable_y_8)) + (0 <= ("JC_46": mutable_y_8)) goal Gcd_gcd_safety_po_3: forall x_8:int. forall y_8:int. - ("JC_17": (("JC_15": (x_8 >= 0)) and ("JC_16": (y_8 >= 0)))) -> + ("JC_25": (("JC_23": (x_8 >= 0)) and ("JC_24": (y_8 >= 0)))) -> forall a_3:int. forall b_2:int. forall c:int. forall d_1:int. forall mutable_x_8:int. forall mutable_y_8:int. - ("JC_34": true) -> - ("JC_32": - (("JC_27": (mutable_x_8 >= 0)) and - (("JC_28": (mutable_y_8 >= 0)) and - (("JC_29": + ("JC_42": true) -> + ("JC_40": + (("JC_35": (mutable_x_8 >= 0)) and + (("JC_36": (mutable_y_8 >= 0)) and + (("JC_37": (forall d_2:int. (isGcd(mutable_x_8, mutable_y_8, d_2) -> isGcd(x_8, y_8, d_2)))) and - (("JC_30": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and - ("JC_31": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> + (("JC_38": (((a_3 * x_8) + (b_2 * y_8)) = mutable_x_8)) and + ("JC_39": (((c * x_8) + (d_1 * y_8)) = mutable_y_8))))))) -> (mutable_y_8 > 0) -> (mutable_y_8 <> 0) -> forall result:int. @@ -6876,15 +6792,15 @@ (c0 = (a_3 - (c * result0))) -> forall d_1_0:int. (d_1_0 = (b_2 - (d_1 * result0))) -> - (("JC_38": mutable_y_8_0) < ("JC_38": mutable_y_8)) + (("JC_46": mutable_y_8_0) < ("JC_46": mutable_y_8)) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/Gcd_why.why : .....??............... (20/0/2/0/0) +why/Gcd_why.why : ........?#.......?.... (19/0/2/1/0) total : 22 -valid : 20 ( 91%) +valid : 19 ( 86%) invalid : 0 ( 0%) unknown : 2 ( 9%) -timeout : 0 ( 0%) +timeout : 1 ( 5%) failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/Hello.res.oracle why-2.30+dfsg/tests/java/oracle/Hello.res.oracle --- why-2.29+dfsg/tests/java/oracle/Hello.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Hello.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,18138 @@ +========== file tests/java/Hello.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +class Hello { + + public static void main(String argv[]) { + System.out.println("Hello Krakatoa"); + } + +} + + + +/* +Local Variables: +compile-command: "make Hello.why3ml" +End: +*/ + + +========== krakatoa execution ========== +Parsing OK. +Typing OK. +Generating JC function String_equals for method String.equals +Generating JC function PrintStream_println_String for method PrintStream.println +Generating JC function Hello_main for method Hello.main +Generating JC function String_contentEquals for method String.contentEquals +Generating JC function cons_Hello for constructor Hello +Generating JC function String_equalsIgnoreCase for method String.equalsIgnoreCase +Generating JC function String_compareTo_String for method String.compareTo +Generating JC function System_registerNatives for method System.registerNatives +Generating JC function cons_System for constructor System +Generating JC function String_compareTo_Object for method String.compareTo +Generating JC function String_compareToIgnoreCase for method String.compareToIgnoreCase +Generating JC function System_setOut for method System.setOut +Generating JC function String_regionMatches_int_String_int_int for method String.regionMatches +Generating JC function System_setErr for method System.setErr +Generating JC function String_regionMatches_boolean_int_String_int_int for method String.regionMatches +Generating JC function System_checkIO for method System.checkIO +Generating JC function String_startsWith_String_int for method String.startsWith +Generating JC function System_setOut0 for method System.setOut0 +Generating JC function String_startsWith_String for method String.startsWith +Generating JC function System_setErr0 for method System.setErr0 +Generating JC function String_endsWith for method String.endsWith +Generating JC function System_currentTimeMillis for method System.currentTimeMillis +Generating JC function String_hashCode for method String.hashCode +Generating JC function System_arraycopy for method System.arraycopy +Generating JC function String_indexOf_int for method String.indexOf +Generating JC function System_identityHashCode for method System.identityHashCode +Generating JC function String_indexOf_int_int for method String.indexOf +Generating JC function System_getProperty_String for method System.getProperty +Generating JC function String_lastIndexOf_int for method String.lastIndexOf +Generating JC function System_getProperty_String_String for method System.getProperty +Generating JC function String_lastIndexOf_int_int for method String.lastIndexOf +Generating JC function System_setProperty for method System.setProperty +Generating JC function String_indexOf_String for method String.indexOf +Generating JC function System_getenv for method System.getenv +Generating JC function String_indexOf_String_int for method String.indexOf +Generating JC function System_exit for method System.exit +Generating JC function String_indexOf for method String.indexOf +Generating JC function System_gc for method System.gc +Generating JC function String_lastIndexOf_String for method String.lastIndexOf +Generating JC function System_runFinalization for method System.runFinalization +Generating JC function String_lastIndexOf_String_int for method String.lastIndexOf +Generating JC function System_runFinalizersOnExit for method System.runFinalizersOnExit +Generating JC function String_lastIndexOf for method String.lastIndexOf +Generating JC function System_load for method System.load +Generating JC function String_substring_int for method String.substring +Generating JC function System_loadLibrary for method System.loadLibrary +Generating JC function String_substring_int_int for method String.substring +Generating JC function System_mapLibraryName for method System.mapLibraryName +Generating JC function String_subSequence for method String.subSequence +Generating JC function System_nullInputStream for method System.nullInputStream +Generating JC function String_concat for method String.concat +Generating JC function System_nullPrintStream for method System.nullPrintStream +Generating JC function String_replace for method String.replace +Generating JC function System_initializeSystemClass for method System.initializeSystemClass +Generating JC function String_matches for method String.matches +Generating JC function OutputStream_write_int for method OutputStream.write +Generating JC function String_replaceFirst for method String.replaceFirst +Generating JC function OutputStream_write_byteA for method OutputStream.write +Generating JC function String_replaceAll for method String.replaceAll +Generating JC function OutputStream_write for method OutputStream.write +Generating JC function String_split_String_int for method String.split +Generating JC function OutputStream_flush for method OutputStream.flush +Generating JC function String_split_String for method String.split +Generating JC function OutputStream_close for method OutputStream.close +Generating JC function cons_OutputStream for constructor OutputStream +Generating JC function String_toLowerCase for method String.toLowerCase +Generating JC function cons_FilterOutputStream_OutputStream for constructor FilterOutputStream +Generating JC function String_toUpperCase for method String.toUpperCase +Generating JC function String_trim for method String.trim +Generating JC function FilterOutputStream_write_int for method FilterOutputStream.write +Generating JC function String_toString for method String.toString +Generating JC function FilterOutputStream_write_byteA for method FilterOutputStream.write +Generating JC function String_toCharArray for method String.toCharArray +Generating JC function FilterOutputStream_write for method FilterOutputStream.write +Generating JC function String_valueOf_Object for method String.valueOf +Generating JC function FilterOutputStream_flush for method FilterOutputStream.flush +Generating JC function String_valueOf_charA for method String.valueOf +Generating JC function FilterOutputStream_close for method FilterOutputStream.close +Generating JC function cons_PrintStream_OutputStream for constructor PrintStream +Generating JC function String_valueOf_charA_int_int for method String.valueOf +Generating JC function cons_PrintStream_boolean_OutputStream for constructor PrintStream +Generating JC function String_copyValueOf_charA_int_int for method String.copyValueOf +Generating JC function String_copyValueOf_charA for method String.copyValueOf +Generating JC function PrintStream_init for method PrintStream.init +Generating JC function cons_PrintStream_OutputStream_boolean for constructor PrintStream +Generating JC function String_valueOf_boolean for method String.valueOf +Generating JC function cons_PrintStream_OutputStream_boolean_String for constructor PrintStream +Generating JC function String_valueOf_char for method String.valueOf +Generating JC function String_valueOf_int for method String.valueOf +Generating JC function PrintStream_ensureOpen for method PrintStream.ensureOpen +Generating JC function String_valueOf_long for method String.valueOf +Generating JC function PrintStream_flush for method PrintStream.flush +Generating JC function String_valueOf_float for method String.valueOf +Generating JC function PrintStream_close for method PrintStream.close +Generating JC function String_valueOf for method String.valueOf +Generating JC function PrintStream_checkError for method PrintStream.checkError +Generating JC function String_intern for method String.intern +Generating JC function PrintStream_setError for method PrintStream.setError +Generating JC function Object_registerNatives for method Object.registerNatives +Generating JC function PrintStream_write_int for method PrintStream.write +Generating JC function Object_hashCode for method Object.hashCode +Generating JC function PrintStream_write_byteA_int_int for method PrintStream.write +Generating JC function Object_equals for method Object.equals +Generating JC function PrintStream_write_charA for method PrintStream.write +Generating JC function Object_clone for method Object.clone +Generating JC function PrintStream_write_String for method PrintStream.write +Generating JC function Object_toString for method Object.toString +Generating JC function PrintStream_newLine for method PrintStream.newLine +Generating JC function Object_notify for method Object.notify +Generating JC function PrintStream_print_boolean for method PrintStream.print +Generating JC function Object_notifyAll for method Object.notifyAll +Generating JC function PrintStream_print_char for method PrintStream.print +Generating JC function Object_wait_long for method Object.wait +Generating JC function PrintStream_print_int for method PrintStream.print +Generating JC function Object_wait_long_int for method Object.wait +Generating JC function PrintStream_print_long for method PrintStream.print +Generating JC function Object_wait for method Object.wait +Generating JC function PrintStream_print_float for method PrintStream.print +Generating JC function Object_finalize for method Object.finalize +Generating JC function PrintStream_print_double for method PrintStream.print +Generating JC function cons_Object for constructor Object +Generating JC function PrintStream_print_charA for method PrintStream.print +Generating JC function PrintStream_print_String for method PrintStream.print +Generating JC function PrintStream_print for method PrintStream.print +Generating JC function PrintStream_println for method PrintStream.println +Generating JC function PrintStream_println_boolean for method PrintStream.println +Generating JC function PrintStream_println_char for method PrintStream.println +Generating JC function PrintStream_println_int for method PrintStream.println +Generating JC function PrintStream_println_long for method PrintStream.println +Generating JC function PrintStream_println_float for method PrintStream.println +Generating JC function PrintStream_println_double for method PrintStream.println +Generating JC function PrintStream_println_charA for method PrintStream.println +Generating JC function PrintStream_println_Object for method PrintStream.println +Generating JC function Comparable_compareTo for method Comparable.compareTo +Generating JC function CharSequence_length for method CharSequence.length +Generating JC function CharSequence_charAt for method CharSequence.charAt +Generating JC function CharSequence_subSequence for method CharSequence.subSequence +Generating JC function CharSequence_toString for method CharSequence.toString +Generating JC function cons_String for constructor String +Generating JC function cons_String_String for constructor String +Generating JC function cons_String_charA for constructor String +Generating JC function cons_String_charA_int_int for constructor String +Generating JC function cons_String_byteA_int_int_int for constructor String +Generating JC function cons_String_byteA_int for constructor String +Generating JC function String_checkBounds for method String.checkBounds +Generating JC function cons_String_byteA_int_int_String for constructor String +Generating JC function cons_String_byteA_String for constructor String +Generating JC function cons_String_byteA_int_int for constructor String +Generating JC function cons_String_byteA for constructor String +Generating JC function cons_String_StringBuffer for constructor String +Generating JC function cons_String_int_int_charA for constructor String +Generating JC function String_length for method String.length +Generating JC function String_charAt for method String.charAt +Generating JC function String_getChars for method String.getChars +Generating JC function String_getBytes_int_int_byteA_int for method String.getBytes +Generating JC function String_getBytes_String for method String.getBytes +Generating JC function String_getBytes for method String.getBytes +Done. +========== file tests/java/Hello.jc ========== +# InvariantPolicy = Arguments +# TerminationPolicy = always +# SeparationPolicy = None +# AnnotationPolicy = None +# AbstractDomain = None + +type byte = -128..127 + +type short = -32768..32767 + +type int32 = -2147483648..2147483647 + +type long = -9223372036854775808..9223372036854775807 + +type char = 0..65535 + +predicate Non_null_byteM{Here}(byteM[0..] x) = +(\offset_max(x) >= -1) + +predicate Non_null_charM{Here}(charM[0..] x) = +(\offset_max(x) >= -1) + +predicate Non_null_StringM{Here}(StringM[0..] x) = +(\offset_max(x) >= -1) + +predicate Non_null_Object{Here}(Object[0..] x) = +(\offset_max(x) >= 0) + +logic long String_serialVersionUID = +-6849794470754667710 + +axiomatic in_theory { + + logic InputStream[0..] System_in + +} + +axiomatic out_theory { + + logic PrintStream[0..] System_out + +} + +axiomatic err_theory { + + logic PrintStream[0..] System_err + +} + +String[0..] any_string() +; + +tag Object = { +} + +tag String = Object with { + charM[0..] value; + int32 offset; + int32 count; + int32 hash; +} + +tag Throwable = Object with { +} + +tag Exception = Object with { +} + +tag Hello = Object with { +} + +tag System = Object with { +} + +tag InputStream = Object with { +} + +tag PrintStream = FilterOutputStream with { + boolean autoFlush; + boolean trouble; + boolean closing; +} + +tag FilterOutputStream = OutputStream with { + OutputStream[0..] out; +} + +tag OutputStream = Object with { +} + +tag OutputStreamWriter = Object with { +} + +tag StringBuffer = Object with { +} + +type Object = [Object] + +type interface = [interface] + +tag interface = { +} + +tag byteM = Object with { + byte byteP; +} + +tag charM = Object with { + char charP; +} + +tag StringM = Object with { + String[0..] StringP; +} + +boolean non_null_byteM(! byteM[0..] x) +behavior default: + assigns \nothing; + ensures (if \result then (\offset_max(x) >= -1) else (x == null)); +; + +integer java_array_length_byteM(! byteM[0..-1] x) +behavior default: + assigns \nothing; + ensures ((\result <= 2147483647) && + ((\result >= 0) && (\result == (\offset_max(x) + 1)))); +; + +boolean non_null_charM(! charM[0..] x) +behavior default: + assigns \nothing; + ensures (if \result then (\offset_max(x) >= -1) else (x == null)); +; + +integer java_array_length_charM(! charM[0..-1] x) +behavior default: + assigns \nothing; + ensures ((\result <= 2147483647) && + ((\result >= 0) && (\result == (\offset_max(x) + 1)))); +; + +boolean non_null_StringM(! StringM[0..] x) +behavior default: + assigns \nothing; + ensures (if \result then (\offset_max(x) >= -1) else (x == null)); +; + +integer java_array_length_StringM(! StringM[0..-1] x) +behavior default: + assigns \nothing; + ensures ((\result <= 2147483647) && + ((\result >= 0) && (\result == (\offset_max(x) + 1)))); +; + +boolean non_null_Object(! Object[0..] x) +behavior normal: + ensures (if \result then (\offset_max(x) == 0) else (x == null)); +; + +exception Throwable of Throwable[0..] + +exception Exception of Exception[0..] + +boolean String_equals(String[0] this_7, Object[0..] anObject) +; + +unit PrintStream_println_String(PrintStream[0] this_91, String[0..] x_7) +; + +unit Hello_main(StringM[0..] argv) +{ (K_1 : PrintStream_println_String(System_out, any_string())) +} + +boolean String_contentEquals(String[0] this_8, StringBuffer[0..] sb) +; + +unit cons_Hello(! Hello[0] this_6){()} + +boolean String_equalsIgnoreCase(String[0] this_9, String[0..] anotherString) +; + +int32 String_compareTo_String(String[0] this_10, String[0..] anotherString_0) +; + +unit System_registerNatives() +; + +unit cons_System(! System[0] this_104){()} + +int32 String_compareTo_Object(String[0] this_11, Object[0..] o_0) +; + +int32 String_compareToIgnoreCase(String[0] this_12, String[0..] str) +; + +unit System_setOut(PrintStream[0..] out) +; + +boolean String_regionMatches_int_String_int_int(String[0] this_13, + int32 toffset, + String[0..] other, + int32 ooffset, int32 len_2) +; + +unit System_setErr(PrintStream[0..] err) +; + +boolean String_regionMatches_boolean_int_String_int_int(String[0] this_14, + boolean ignoreCase, + int32 toffset_0, + String[0..] other_0, + int32 ooffset_0, + int32 len_3) +; + +unit System_checkIO() +; + +boolean String_startsWith_String_int(String[0] this_15, String[0..] prefix, + int32 toffset_1) +; + +unit System_setOut0(PrintStream[0..] out_0) +; + +boolean String_startsWith_String(String[0] this_16, String[0..] prefix_0) +; + +unit System_setErr0(PrintStream[0..] err_0) +; + +boolean String_endsWith(String[0] this_17, String[0..] suffix) +; + +long System_currentTimeMillis() +; + +int32 String_hashCode(String[0] this_18) +; + +unit System_arraycopy(Object[0..] src, int32 srcPos, Object[0..] dest, + int32 destPos, int32 length) +; + +int32 String_indexOf_int(String[0] this_19, int32 ch) +; + +int32 System_identityHashCode(Object[0..] x) +; + +int32 String_indexOf_int_int(String[0] this_20, int32 ch_0, int32 fromIndex) +; + +String[0..] System_getProperty_String(String[0..] key) +; + +int32 String_lastIndexOf_int(String[0] this_21, int32 ch_1) +; + +String[0..] System_getProperty_String_String(String[0..] key_0, + String[0..] def) +; + +int32 String_lastIndexOf_int_int(String[0] this_22, int32 ch_2, + int32 fromIndex_0) +; + +String[0..] System_setProperty(String[0..] key_1, String[0..] value) +; + +int32 String_indexOf_String(String[0] this_23, String[0..] str_0) +; + +String[0..] System_getenv(String[0..] name) +; + +int32 String_indexOf_String_int(String[0] this_24, String[0..] str_1, + int32 fromIndex_1) +; + +unit System_exit(int32 status) +; + +int32 String_indexOf(charM[0..] source, int32 sourceOffset, + int32 sourceCount, charM[0..] target, + int32 targetOffset, int32 targetCount, int32 fromIndex_2) +; + +unit System_gc() +; + +int32 String_lastIndexOf_String(String[0] this_25, String[0..] str_2) +; + +unit System_runFinalization() +; + +int32 String_lastIndexOf_String_int(String[0] this_26, String[0..] str_3, + int32 fromIndex_3) +; + +unit System_runFinalizersOnExit(boolean value_0) +; + +int32 String_lastIndexOf(charM[0..] source_0, int32 sourceOffset_0, + int32 sourceCount_0, charM[0..] target_0, + int32 targetOffset_0, int32 targetCount_0, + int32 fromIndex_4) +; + +unit System_load(String[0..] filename) +; + +String[0..] String_substring_int(String[0] this_27, int32 beginIndex) +; + +unit System_loadLibrary(String[0..] libname) +; + +String[0..] String_substring_int_int(String[0] this_28, int32 beginIndex_0, + int32 endIndex) +; + +String[0..] System_mapLibraryName(String[0..] libname_0) +; + +Object/*interface*/[0..] String_subSequence(String[0] this_29, + int32 beginIndex_1, + int32 endIndex_0) +; + +InputStream[0..] System_nullInputStream() +; + +String[0..] String_concat(String[0] this_30, String[0..] str_4) +; + +PrintStream[0..] System_nullPrintStream() +; + +String[0..] String_replace(String[0] this_31, char oldChar, char newChar) +; + +unit System_initializeSystemClass() +; + +boolean String_matches(String[0] this_32, String[0..] regex) +; + +unit OutputStream_write_int(OutputStream[0] this_33, int32 b) +; + +String[0..] String_replaceFirst(String[0] this_34, String[0..] regex_0, + String[0..] replacement) +; + +unit OutputStream_write_byteA(OutputStream[0] this_35, byteM[0..] b_0) +; + +String[0..] String_replaceAll(String[0] this_36, String[0..] regex_1, + String[0..] replacement_0) +; + +unit OutputStream_write(OutputStream[0] this_37, byteM[0..] b_1, int32 off, + int32 len) +; + +StringM[0..] String_split_String_int(String[0] this_38, String[0..] regex_2, + int32 limit) +; + +unit OutputStream_flush(OutputStream[0] this_39) +; + +StringM[0..] String_split_String(String[0] this_40, String[0..] regex_3) +; + +unit OutputStream_close(OutputStream[0] this_41) +; + +unit cons_OutputStream(! OutputStream[0] this_105){()} + +String[0..] String_toLowerCase(String[0] this_42) +; + +unit cons_FilterOutputStream_OutputStream(! FilterOutputStream[0] this_106, + OutputStream[0..] out_1) +{ (this_106.out = null) +} + +String[0..] String_toUpperCase(String[0] this_43) +; + +String[0..] String_trim(String[0] this_44) +; + +unit FilterOutputStream_write_int(FilterOutputStream[0] this_45, int32 b_2) +; + +String[0..] String_toString(String[0] this_46) +; + +unit FilterOutputStream_write_byteA(FilterOutputStream[0] this_47, + byteM[0..] b_3) +; + +charM[0..] String_toCharArray(String[0] this_48) +; + +unit FilterOutputStream_write(FilterOutputStream[0] this_49, byteM[0..] b_4, + int32 off_0, int32 len_0) +; + +String[0..] String_valueOf_Object(Object[0..] obj_0) +; + +unit FilterOutputStream_flush(FilterOutputStream[0] this_50) +; + +String[0..] String_valueOf_charA(charM[0..] data) +; + +unit FilterOutputStream_close(FilterOutputStream[0] this_51) +; + +unit cons_PrintStream_OutputStream(! PrintStream[0] this_107, + OutputStream[0..] out_2) +{ (this_107.autoFlush = false); + (this_107.trouble = false); + (this_107.closing = false) +} + +String[0..] String_valueOf_charA_int_int(charM[0..] data_0, int32 offset_5, + int32 count_2) +; + +unit cons_PrintStream_boolean_OutputStream(! PrintStream[0] this_108, + boolean autoFlush, + OutputStream[0..] out_3) +{ (this_108.autoFlush = false); + (this_108.trouble = false); + (this_108.closing = false) +} + +String[0..] String_copyValueOf_charA_int_int(charM[0..] data_1, + int32 offset_6, int32 count_3) +; + +String[0..] String_copyValueOf_charA(charM[0..] data_2) +; + +unit PrintStream_init(PrintStream[0] this_52, OutputStreamWriter[0..] osw) +; + +unit cons_PrintStream_OutputStream_boolean(! PrintStream[0] this_109, + OutputStream[0..] out_4, + boolean autoFlush_0) +{ (this_109.autoFlush = false); + (this_109.trouble = false); + (this_109.closing = false) +} + +String[0..] String_valueOf_boolean(boolean b_7) +; + +unit cons_PrintStream_OutputStream_boolean_String(! PrintStream[0] this_110, + OutputStream[0..] out_5, + boolean autoFlush_1, + String[0..] encoding) +{ (this_110.autoFlush = false); + (this_110.trouble = false); + (this_110.closing = false) +} + +String[0..] String_valueOf_char(char c_0) +; + +String[0..] String_valueOf_int(int32 i_0) +; + +unit PrintStream_ensureOpen(PrintStream[0] this_53) +; + +String[0..] String_valueOf_long(long l_0) +; + +unit PrintStream_flush(PrintStream[0] this_54) +; + +String[0..] String_valueOf_float(real f_0) +; + +unit PrintStream_close(PrintStream[0] this_55) +; + +String[0..] String_valueOf(real d_0) +; + +boolean PrintStream_checkError(PrintStream[0] this_56) +; + +String[0..] String_intern(String[0] this_57) +; + +unit PrintStream_setError(PrintStream[0] this_58) +; + +unit Object_registerNatives() +; + +unit PrintStream_write_int(PrintStream[0] this_59, int32 b_5) +; + +int32 Object_hashCode(Object[0] this_60) +; + +unit PrintStream_write_byteA_int_int(PrintStream[0] this_61, byteM[0..] buf, + int32 off_1, int32 len_1) +; + +boolean Object_equals(Object[0] this_62, Object[0..] obj_1) +; + +unit PrintStream_write_charA(PrintStream[0] this_63, charM[0..] buf_0) +; + +Object[0..] Object_clone(Object[0] this_64) +; + +unit PrintStream_write_String(PrintStream[0] this_65, String[0..] s) +; + +String[0..] Object_toString(Object[0] this_66) +; + +unit PrintStream_newLine(PrintStream[0] this_67) +; + +unit Object_notify(Object[0] this_68) +; + +unit PrintStream_print_boolean(PrintStream[0] this_69, boolean b_6) +; + +unit Object_notifyAll(Object[0] this_70) +; + +unit PrintStream_print_char(PrintStream[0] this_71, char c) +; + +unit Object_wait_long(Object[0] this_72, long timeout) +; + +unit PrintStream_print_int(PrintStream[0] this_73, int32 i) +; + +unit Object_wait_long_int(Object[0] this_74, long timeout_0, int32 nanos) +; + +unit PrintStream_print_long(PrintStream[0] this_75, long l) +; + +unit Object_wait(Object[0] this_76) +; + +unit PrintStream_print_float(PrintStream[0] this_77, real f) +; + +unit Object_finalize(Object[0] this_78) +; + +unit PrintStream_print_double(PrintStream[0] this_79, real d) +; + +unit cons_Object(! Object[0] this_111){()} + +unit PrintStream_print_charA(PrintStream[0] this_80, charM[0..] s_0) +; + +unit PrintStream_print_String(PrintStream[0] this_81, String[0..] s_1) +; + +unit PrintStream_print(PrintStream[0] this_82, Object[0..] obj) +; + +unit PrintStream_println(PrintStream[0] this_83) +; + +unit PrintStream_println_boolean(PrintStream[0] this_84, boolean x_0) +; + +unit PrintStream_println_char(PrintStream[0] this_85, char x_1) +; + +unit PrintStream_println_int(PrintStream[0] this_86, int32 x_2) +; + +unit PrintStream_println_long(PrintStream[0] this_87, long x_3) +; + +unit PrintStream_println_float(PrintStream[0] this_88, real x_4) +; + +unit PrintStream_println_double(PrintStream[0] this_89, real x_5) +; + +unit PrintStream_println_charA(PrintStream[0] this_90, charM[0..] x_6) +; + +unit PrintStream_println_Object(PrintStream[0] this_92, Object[0..] x_8) +; + +int32 Comparable_compareTo(Object/*interface*/[0..] this_93, Object[0..] o) +; + +int32 CharSequence_length(Object/*interface*/[0..] this_94) +; + +char CharSequence_charAt(Object/*interface*/[0..] this_95, int32 index) +; + +Object/*interface*/[0..] CharSequence_subSequence(Object/*interface*/[0..] this_96, + int32 start, int32 end_0) +; + +String[0..] CharSequence_toString(Object/*interface*/[0..] this_97) +; + +unit cons_String(! String[0] this_112) +{ (this_112.value = null); + (this_112.offset = 0); + (this_112.count = 0); + (this_112.hash = 0) +} + +unit cons_String_String(! String[0] this_113, String[0..] original) +{ (this_113.value = null); + (this_113.offset = 0); + (this_113.count = 0); + (this_113.hash = 0) +} + +unit cons_String_charA(! String[0] this_114, charM[0..] value_1) +{ (this_114.value = null); + (this_114.offset = 0); + (this_114.count = 0); + (this_114.hash = 0) +} + +unit cons_String_charA_int_int(! String[0] this_115, charM[0..] value_2, + int32 offset, int32 count) +{ (this_115.value = null); + (this_115.offset = 0); + (this_115.count = 0); + (this_115.hash = 0) +} + +unit cons_String_byteA_int_int_int(! String[0] this_116, byteM[0..] ascii, + int32 hibyte, int32 offset_0, + int32 count_0) +{ (this_116.value = null); + (this_116.offset = 0); + (this_116.count = 0); + (this_116.hash = 0) +} + +unit cons_String_byteA_int(! String[0] this_117, byteM[0..] ascii_0, + int32 hibyte_0) +{ (this_117.value = null); + (this_117.offset = 0); + (this_117.count = 0); + (this_117.hash = 0) +} + +unit String_checkBounds(byteM[0..] bytes, int32 offset_1, int32 length_0) +; + +unit cons_String_byteA_int_int_String(! String[0] this_118, + byteM[0..] bytes_0, int32 offset_2, + int32 length_1, String[0..] charsetName) +{ (this_118.value = null); + (this_118.offset = 0); + (this_118.count = 0); + (this_118.hash = 0) +} + +unit cons_String_byteA_String(! String[0] this_119, byteM[0..] bytes_1, + String[0..] charsetName_0) +{ (this_119.value = null); + (this_119.offset = 0); + (this_119.count = 0); + (this_119.hash = 0) +} + +unit cons_String_byteA_int_int(! String[0] this_120, byteM[0..] bytes_2, + int32 offset_3, int32 length_2) +{ (this_120.value = null); + (this_120.offset = 0); + (this_120.count = 0); + (this_120.hash = 0) +} + +unit cons_String_byteA(! String[0] this_121, byteM[0..] bytes_3) +{ (this_121.value = null); + (this_121.offset = 0); + (this_121.count = 0); + (this_121.hash = 0) +} + +unit cons_String_StringBuffer(! String[0] this_122, StringBuffer[0..] buffer) +{ (this_122.value = null); + (this_122.offset = 0); + (this_122.count = 0); + (this_122.hash = 0) +} + +unit cons_String_int_int_charA(! String[0] this_123, int32 offset_4, + int32 count_1, charM[0..] value_3) +{ (this_123.value = null); + (this_123.offset = 0); + (this_123.count = 0); + (this_123.hash = 0) +} + +int32 String_length(String[0] this_98) +; + +char String_charAt(String[0] this_99, int32 index_0) +; + +unit String_getChars(String[0] this_100, int32 srcBegin, int32 srcEnd, + charM[0..] dst, int32 dstBegin) +; + +unit String_getBytes_int_int_byteA_int(String[0] this_101, int32 srcBegin_0, + int32 srcEnd_0, byteM[0..] dst_0, + int32 dstBegin_0) +; + +byteM[0..] String_getBytes_String(String[0] this_102, + String[0..] charsetName_1) +; + +byteM[0..] String_getBytes(String[0] this_103) +; + +/* +Local Variables: +mode: java +compile-command: "jessie -why-opt -split-user-conj -locs tests/java/Hello.jloc tests/java/Hello.jc && make -f tests/java/Hello.makefile gui" +End: +*/ +========== file tests/java/Hello.jloc ========== +[PrintStream_print_boolean] +name = "Method print" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 349 +begin = 16 +end = 21 + +[String_indexOf_int] +name = "Method indexOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1102 +begin = 15 +end = 22 + +[String_hashCode] +name = "Method hashCode" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1070 +begin = 15 +end = 23 + +[PrintStream_print_long] +name = "Method print" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 389 +begin = 16 +end = 21 + +[cons_String_String] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 142 +begin = 11 +end = 17 + +[String_copyValueOf_charA] +name = "Method copyValueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2204 +begin = 25 +end = 36 + +[PrintStream_println_String] +name = "Method println" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 583 +begin = 16 +end = 23 + +[cons_String_byteA_int_int] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 371 +begin = 11 +end = 17 + +[PrintStream_print_String] +name = "Method print" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 444 +begin = 16 +end = 21 + +[System_getenv] +name = "Method getenv" +file = "HOME/lib/java_api/java/lang/System.java" +line = 700 +begin = 25 +end = 31 + +[System_setOut] +name = "Method setOut" +file = "HOME/lib/java_api/java/lang/System.java" +line = 146 +begin = 23 +end = 29 + +[String_toCharArray] +name = "Method toCharArray" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2123 +begin = 18 +end = 29 + +[String_charAt] +name = "Method charAt" +file = "HOME/lib/java_api/java/lang/String.java" +line = 444 +begin = 16 +end = 22 + +[String_matches] +name = "Method matches" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1600 +begin = 19 +end = 26 + +[String_indexOf_String_int] +name = "Method indexOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1239 +begin = 15 +end = 22 + +[FilterOutputStream_write_byteA] +name = "Method write" +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 79 +begin = 16 +end = 21 + +[String_indexOf_String] +name = "Method indexOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1221 +begin = 15 +end = 22 + +[OutputStream_write] +name = "Method write" +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 89 +begin = 16 +end = 21 + +[PrintStream_print] +name = "Method print" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 461 +begin = 16 +end = 21 + +[System_setProperty] +name = "Method setProperty" +file = "HOME/lib/java_api/java/lang/System.java" +line = 656 +begin = 25 +end = 36 + +[System_setErr0] +name = "Method setErr0" +file = "HOME/lib/java_api/java/lang/System.java" +line = 182 +begin = 31 +end = 38 + +[PrintStream_print_char] +name = "Method print" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 361 +begin = 16 +end = 21 + +[String_lastIndexOf] +name = "Method lastIndexOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1351 +begin = 15 +end = 26 + +[cons_String_byteA_int_int_String] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 316 +begin = 11 +end = 17 + +[System_getProperty_String_String] +name = "Method getProperty" +file = "HOME/lib/java_api/java/lang/System.java" +line = 614 +begin = 25 +end = 36 + +[String_copyValueOf_charA_int_int] +name = "Method copyValueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2191 +begin = 25 +end = 36 + +[System_arraycopy] +name = "Method arraycopy" +file = "HOME/lib/java_api/java/lang/System.java" +line = 374 +begin = 30 +end = 39 + +[PrintStream_flush] +name = "Method flush" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 132 +begin = 16 +end = 21 + +[cons_String_charA_int_int] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 189 +begin = 11 +end = 17 + +[CharSequence_length] +name = "Method length" +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 40 +begin = 8 +end = 14 + +[OutputStream_write_int] +name = "Method write" +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 45 +begin = 25 +end = 30 + +[System_setErr] +name = "Method setErr" +file = "HOME/lib/java_api/java/lang/System.java" +line = 170 +begin = 23 +end = 29 + +[cons_String_byteA_int_int_int] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 234 +begin = 11 +end = 17 + +[K_1] +file = "HOME/tests/java/Hello.java" +line = 35 +begin = 8 +end = 44 + +[PrintStream_init] +name = "Method init" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 75 +begin = 17 +end = 21 + +[cons_String_byteA] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 391 +begin = 11 +end = 17 + +[String_valueOf_float] +name = "Method valueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2271 +begin = 25 +end = 32 + +[Object_equals] +name = "Method equals" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[String_valueOf_boolean] +name = "Method valueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2216 +begin = 25 +end = 32 + +[String_compareTo_Object] +name = "Method compareTo" +file = "HOME/lib/java_api/java/lang/String.java" +line = 778 +begin = 15 +end = 24 + +[Hello_main] +name = "Method main" +file = "HOME/tests/java/Hello.java" +line = 34 +begin = 23 +end = 27 + +[String_split_String] +name = "Method split" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1792 +begin = 20 +end = 25 + +[System_load] +name = "Method load" +file = "HOME/lib/java_api/java/lang/System.java" +line = 820 +begin = 23 +end = 27 + +[System_gc] +name = "Method gc" +file = "HOME/lib/java_api/java/lang/System.java" +line = 746 +begin = 23 +end = 25 + +[PrintStream_close] +name = "Method close" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 152 +begin = 16 +end = 21 + +[FilterOutputStream_write_int] +name = "Method write" +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 59 +begin = 16 +end = 21 + +[System_getProperty_String] +name = "Method getProperty" +file = "HOME/lib/java_api/java/lang/System.java" +line = 575 +begin = 25 +end = 36 + +[Object_notify] +name = "Method notify" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[String_toLowerCase] +name = "Method toLowerCase" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1904 +begin = 18 +end = 29 + +[String_lastIndexOf_int_int] +name = "Method lastIndexOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1194 +begin = 15 +end = 26 + +[System_currentTimeMillis] +name = "Method currentTimeMillis" +file = "HOME/lib/java_api/java/lang/System.java" +line = 280 +begin = 30 +end = 47 + +[String_compareTo_String] +name = "Method compareTo" +file = "HOME/lib/java_api/java/lang/String.java" +line = 728 +begin = 15 +end = 24 + +[PrintStream_newLine] +name = "Method newLine" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 318 +begin = 17 +end = 24 + +[cons_FilterOutputStream_OutputStream] +name = "Constructor of class FilterOutputStream" +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 43 +begin = 11 +end = 29 + +[String_substring_int] +name = "Method substring" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1414 +begin = 18 +end = 27 + +[FilterOutputStream_flush] +name = "Method flush" +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 122 +begin = 16 +end = 21 + +[String_valueOf_int] +name = "Method valueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2243 +begin = 25 +end = 32 + +[String_concat] +name = "Method concat" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1506 +begin = 18 +end = 24 + +[String_startsWith_String] +name = "Method startsWith" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1038 +begin = 19 +end = 29 + +[System_checkIO] +name = "Method checkIO" +file = "HOME/lib/java_api/java/lang/System.java" +line = 175 +begin = 24 +end = 31 + +[String_checkBounds] +name = "Method checkBounds" +file = "HOME/lib/java_api/java/lang/String.java" +line = 283 +begin = 24 +end = 35 + +[cons_Object] +name = "Constructor of class Object" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[PrintStream_write_byteA_int_int] +name = "Method write" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 254 +begin = 16 +end = 21 + +[String_lastIndexOf_String] +name = "Method lastIndexOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1315 +begin = 15 +end = 26 + +[String_replace] +name = "Method replace" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1546 +begin = 18 +end = 25 + +[PrintStream_write_charA] +name = "Method write" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 277 +begin = 17 +end = 22 + +[String_toString] +name = "Method toString" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2112 +begin = 18 +end = 26 + +[cons_String] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 129 +begin = 11 +end = 17 + +[System_runFinalization] +name = "Method runFinalization" +file = "HOME/lib/java_api/java/lang/System.java" +line = 768 +begin = 23 +end = 38 + +[CharSequence_charAt] +name = "Method charAt" +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 56 +begin = 9 +end = 15 + +[PrintStream_println_long] +name = "Method println" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 527 +begin = 16 +end = 23 + +[PrintStream_println] +name = "Method println" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 474 +begin = 16 +end = 23 + +[cons_PrintStream_OutputStream_boolean] +name = "Constructor of class PrintStream" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 92 +begin = 11 +end = 22 + +[FilterOutputStream_close] +name = "Method close" +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 138 +begin = 16 +end = 21 + +[cons_OutputStream] +name = "Constructor of class OutputStream" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[String_subSequence] +name = "Method subSequence" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1482 +begin = 24 +end = 35 + +[String_replaceAll] +name = "Method replaceAll" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1666 +begin = 18 +end = 28 + +[String_compareToIgnoreCase] +name = "Method compareToIgnoreCase" +file = "HOME/lib/java_api/java/lang/String.java" +line = 846 +begin = 15 +end = 34 + +[PrintStream_print_float] +name = "Method print" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 403 +begin = 16 +end = 21 + +[Object_wait_long_int] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[String_substring_int_int] +name = "Method substring" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1440 +begin = 18 +end = 27 + +[PrintStream_println_boolean] +name = "Method println" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 485 +begin = 16 +end = 23 + +[String_replaceFirst] +name = "Method replaceFirst" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1633 +begin = 18 +end = 30 + +[cons_String_charA] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 167 +begin = 11 +end = 17 + +[Comparable_compareTo] +name = "Method compareTo" +file = "HOME/lib/java_api/java/lang/Comparable.java" +line = 121 +begin = 15 +end = 24 + +[Object_wait_long] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[System_exit] +name = "Method exit" +file = "HOME/lib/java_api/java/lang/System.java" +line = 724 +begin = 23 +end = 27 + +[cons_String_byteA_String] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 345 +begin = 11 +end = 17 + +[PrintStream_println_float] +name = "Method println" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 541 +begin = 16 +end = 23 + +[PrintStream_println_char] +name = "Method println" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 499 +begin = 16 +end = 23 + +[Object_hashCode] +name = "Method hashCode" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[Object_notifyAll] +name = "Method notifyAll" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[PrintStream_setError] +name = "Method setError" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 199 +begin = 19 +end = 27 + +[String_valueOf_charA] +name = "Method valueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2152 +begin = 25 +end = 32 + +[OutputStream_flush] +name = "Method flush" +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 115 +begin = 16 +end = 21 + +[PrintStream_ensureOpen] +name = "Method ensureOpen" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 121 +begin = 17 +end = 27 + +[System_runFinalizersOnExit] +name = "Method runFinalizersOnExit" +file = "HOME/lib/java_api/java/lang/System.java" +line = 797 +begin = 23 +end = 42 + +[System_nullPrintStream] +name = "Method nullPrintStream" +file = "HOME/lib/java_api/java/lang/System.java" +line = 873 +begin = 31 +end = 46 + +[String_intern] +name = "Method intern" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2313 +begin = 25 +end = 31 + +[cons_String_int_int_charA] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 413 +begin = 4 +end = 10 + +[PrintStream_write_String] +name = "Method write" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 299 +begin = 17 +end = 22 + +[System_initializeSystemClass] +name = "Method initializeSystemClass" +file = "HOME/lib/java_api/java/lang/System.java" +line = 882 +begin = 24 +end = 45 + +[String_getBytes_String] +name = "Method getBytes" +file = "HOME/lib/java_api/java/lang/String.java" +line = 572 +begin = 18 +end = 26 + +[PrintStream_println_double] +name = "Method println" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 555 +begin = 16 +end = 23 + +[String_valueOf_Object] +name = "Method valueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2138 +begin = 25 +end = 32 + +[PrintStream_print_double] +name = "Method print" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 417 +begin = 16 +end = 21 + +[PrintStream_write_int] +name = "Method write" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 223 +begin = 16 +end = 21 + +[PrintStream_checkError] +name = "Method checkError" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 188 +begin = 19 +end = 29 + +[CharSequence_toString] +name = "Method toString" +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 84 +begin = 18 +end = 26 + +[CharSequence_subSequence] +name = "Method subSequence" +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 75 +begin = 17 +end = 28 + +[Object_toString] +name = "Method toString" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[OutputStream_close] +name = "Method close" +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 128 +begin = 16 +end = 21 + +[String_getBytes] +name = "Method getBytes" +file = "HOME/lib/java_api/java/lang/String.java" +line = 591 +begin = 18 +end = 26 + +[String_equalsIgnoreCase] +name = "Method equalsIgnoreCase" +file = "HOME/lib/java_api/java/lang/String.java" +line = 681 +begin = 19 +end = 35 + +[String_equals] +name = "Method equals" +file = "HOME/lib/java_api/java/lang/String.java" +line = 608 +begin = 19 +end = 25 + +[String_indexOf] +name = "Method indexOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1257 +begin = 15 +end = 22 + +[String_indexOf_int_int] +name = "Method indexOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1134 +begin = 15 +end = 22 + +[String_lastIndexOf_String_int] +name = "Method lastIndexOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1333 +begin = 15 +end = 26 + +[cons_PrintStream_OutputStream] +name = "Constructor of class PrintStream" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 55 +begin = 11 +end = 22 + +[String_regionMatches_boolean_int_String_int_int] +name = "Method regionMatches" +file = "HOME/lib/java_api/java/lang/String.java" +line = 950 +begin = 19 +end = 32 + +[String_contentEquals] +name = "Method contentEquals" +file = "HOME/lib/java_api/java/lang/String.java" +line = 640 +begin = 19 +end = 32 + +[Object_registerNatives] +name = "Method registerNatives" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[cons_PrintStream_OutputStream_boolean_String] +name = "Constructor of class PrintStream" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 113 +begin = 11 +end = 22 + +[cons_String_StringBuffer] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 403 +begin = 11 +end = 17 + +[System_registerNatives] +name = "Method registerNatives" +file = "HOME/lib/java_api/java/lang/System.java" +line = 38 +begin = 31 +end = 46 + +[PrintStream_print_charA] +name = "Method print" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 431 +begin = 16 +end = 21 + +[Object_clone] +name = "Method clone" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[String_valueOf_long] +name = "Method valueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2257 +begin = 25 +end = 32 + +[System_setOut0] +name = "Method setOut0" +file = "HOME/lib/java_api/java/lang/System.java" +line = 181 +begin = 31 +end = 38 + +[cons_Hello] +name = "Constructor of class Hello" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_PrintStream_boolean_OutputStream] +name = "Constructor of class PrintStream" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 67 +begin = 12 +end = 23 + +[String_trim] +name = "Method trim" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2092 +begin = 18 +end = 22 + +[String_split_String_int] +name = "Method split" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1750 +begin = 20 +end = 25 + +[System_identityHashCode] +name = "Method identityHashCode" +file = "HOME/lib/java_api/java/lang/System.java" +line = 389 +begin = 29 +end = 45 + +[Object_wait] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[String_length] +name = "Method length" +file = "HOME/lib/java_api/java/lang/String.java" +line = 427 +begin = 15 +end = 21 + +[System_nullInputStream] +name = "Method nullInputStream" +file = "HOME/lib/java_api/java/lang/System.java" +line = 865 +begin = 31 +end = 46 + +[PrintStream_println_charA] +name = "Method println" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 569 +begin = 16 +end = 23 + +[String_startsWith_String_int] +name = "Method startsWith" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1007 +begin = 19 +end = 29 + +[String_endsWith] +name = "Method endsWith" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1053 +begin = 19 +end = 27 + +[String_regionMatches_int_String_int_int] +name = "Method regionMatches" +file = "HOME/lib/java_api/java/lang/String.java" +line = 881 +begin = 19 +end = 32 + +[String_valueOf] +name = "Method valueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2285 +begin = 25 +end = 32 + +[PrintStream_println_int] +name = "Method println" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 513 +begin = 16 +end = 23 + +[FilterOutputStream_write] +name = "Method write" +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 103 +begin = 16 +end = 21 + +[OutputStream_write_byteA] +name = "Method write" +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 57 +begin = 16 +end = 21 + +[cons_String_byteA_int] +name = "Constructor of class String" +file = "HOME/lib/java_api/java/lang/String.java" +line = 275 +begin = 11 +end = 17 + +[String_valueOf_char] +name = "Method valueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2228 +begin = 25 +end = 32 + +[String_lastIndexOf_int] +name = "Method lastIndexOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 1167 +begin = 15 +end = 26 + +[String_getChars] +name = "Method getChars" +file = "HOME/lib/java_api/java/lang/String.java" +line = 481 +begin = 16 +end = 24 + +[PrintStream_print_int] +name = "Method print" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 375 +begin = 16 +end = 21 + +[cons_System] +name = "Constructor of class System" +file = "HOME/lib/java_api/java/lang/System.java" +line = 44 +begin = 12 +end = 18 + +[String_valueOf_charA_int_int] +name = "Method valueOf" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2177 +begin = 25 +end = 32 + +[String_toUpperCase] +name = "Method toUpperCase" +file = "HOME/lib/java_api/java/lang/String.java" +line = 2056 +begin = 18 +end = 29 + +[System_loadLibrary] +name = "Method loadLibrary" +file = "HOME/lib/java_api/java/lang/System.java" +line = 843 +begin = 23 +end = 34 + +[PrintStream_println_Object] +name = "Method println" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 597 +begin = 16 +end = 23 + +[System_mapLibraryName] +name = "Method mapLibraryName" +file = "HOME/lib/java_api/java/lang/System.java" +line = 857 +begin = 32 +end = 46 + +[String_getBytes_int_int_byteA_int] +name = "Method getBytes" +file = "HOME/lib/java_api/java/lang/String.java" +line = 532 +begin = 16 +end = 24 + +[Object_finalize] +name = "Method finalize" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +========== jessie execution ========== +Generating Why function cons_PrintStream_OutputStream_boolean +Generating Why function cons_PrintStream_OutputStream_boolean_String +Generating Why function Hello_main +Generating Why function cons_Hello +Generating Why function cons_System +Generating Why function cons_Object +Generating Why function cons_String +Generating Why function cons_String_String +Generating Why function cons_String_charA +Generating Why function cons_String_charA_int_int +Generating Why function cons_String_byteA_int_int_int +Generating Why function cons_String_byteA_int +Generating Why function cons_String_byteA_int_int_String +Generating Why function cons_String_byteA_String +Generating Why function cons_String_byteA_int_int +Generating Why function cons_String_byteA +Generating Why function cons_String_StringBuffer +Generating Why function cons_String_int_int_charA +Generating Why function cons_OutputStream +Generating Why function cons_FilterOutputStream_OutputStream +Generating Why function cons_PrintStream_OutputStream +Generating Why function cons_PrintStream_boolean_OutputStream +========== file tests/java/Hello.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Hello.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Hello.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/Hello_why.sx + +project: why/Hello.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/Hello_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/Hello_why.vo + +coq/Hello_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/Hello_why.v: why/Hello.why + @echo 'why -coq [...] why/Hello.why' && $(WHY) $(JESSIELIBFILES) why/Hello.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/Hello_ctx_why.vo + for f in why/*_po*.why; do make -f Hello.makefile coq/`basename $$f .why`_why.v ; done + +coq/Hello_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/Hello_ctx_why.v: why/Hello_ctx.why + @echo 'why -coq [...] why/Hello_ctx.why' && $(WHY) why/Hello_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export Hello_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/Hello_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/Hello_ctx_why.vo + +pvs: pvs/Hello_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/Hello_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/Hello_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/Hello_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/Hello_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/Hello_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/Hello_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/Hello_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/Hello_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/Hello_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/Hello_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/Hello_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/Hello_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/Hello_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/Hello_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: Hello.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/Hello_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/Hello_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: Hello.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include Hello.depend + +depend: coq/Hello_why.v + -$(COQDEP) -I coq coq/Hello*_why.v > Hello.depend + +clean: + rm -f coq/*.vo + +========== file tests/java/Hello.loc ========== +[JC_1080] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1081] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1082] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_920] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1083] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_921] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1084] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1600 +begin = 19 +end = 26 + +[JC_922] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1085] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_923] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1086] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1600 +begin = 19 +end = 26 + +[JC_924] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1414 +begin = 18 +end = 27 + +[JC_1087] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_925] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1088] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_926] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1414 +begin = 18 +end = 27 + +[JC_1089] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_927] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_928] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_929] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1090] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1091] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1092] +file = "HOME/lib/java_api/java/lang/String.java" +line = 444 +begin = 16 +end = 22 + +[JC_930] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1093] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_931] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1094] +file = "HOME/lib/java_api/java/lang/String.java" +line = 444 +begin = 16 +end = 22 + +[JC_932] +file = "HOME/lib/java_api/java/lang/String.java" +line = 234 +begin = 11 +end = 17 + +[JC_1095] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_933] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1096] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_934] +file = "HOME/lib/java_api/java/lang/String.java" +line = 234 +begin = 11 +end = 17 + +[JC_700] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1194 +begin = 15 +end = 26 + +[JC_1097] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_935] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_701] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1098] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_936] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_702] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1194 +begin = 15 +end = 26 + +[JC_1099] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_937] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_703] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_938] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_704] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_939] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_705] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_706] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_707] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_708] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 527 +begin = 16 +end = 23 + +[JC_709] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_charA_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 167 +begin = 11 +end = 17 + +[JC_940] +file = "HOME/lib/java_api/java/lang/System.java" +line = 843 +begin = 23 +end = 34 + +[JC_941] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_942] +file = "HOME/lib/java_api/java/lang/System.java" +line = 843 +begin = 23 +end = 34 + +[JC_943] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_944] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_710] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 527 +begin = 16 +end = 23 + +[JC_945] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_711] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_946] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_712] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_947] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_713] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_948] +file = "HOME/lib/java_api/java/lang/String.java" +line = 275 +begin = 11 +end = 17 + +[JC_714] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_949] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_715] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_716] +file = "HOME/lib/java_api/java/lang/System.java" +line = 656 +begin = 25 +end = 36 + +[JC_717] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_718] +file = "HOME/lib/java_api/java/lang/System.java" +line = 656 +begin = 25 +end = 36 + +[JC_719] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_950] +file = "HOME/lib/java_api/java/lang/String.java" +line = 275 +begin = 11 +end = 17 + +[JC_951] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_952] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_953] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_954] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_720] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_955] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_721] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_956] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1440 +begin = 18 +end = 27 + +[JC_722] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_957] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_723] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_958] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1440 +begin = 18 +end = 27 + +[JC_724] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 541 +begin = 16 +end = 23 + +[JC_959] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_725] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_726] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 541 +begin = 16 +end = 23 + +[JC_727] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_728] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_729] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_960] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_961] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_962] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_963] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_964] +file = "HOME/lib/java_api/java/lang/String.java" +line = 283 +begin = 24 +end = 35 + +[JC_730] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_965] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_731] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_966] +file = "HOME/lib/java_api/java/lang/String.java" +line = 283 +begin = 24 +end = 35 + +[JC_732] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1221 +begin = 15 +end = 22 + +[JC_967] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_733] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_968] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_734] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1221 +begin = 15 +end = 22 + +[JC_500] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 389 +begin = 16 +end = 21 + +[JC_969] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_735] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_501] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_736] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_502] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 389 +begin = 16 +end = 21 + +[JC_737] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_503] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_738] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_504] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_739] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_505] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_506] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_507] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_508] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1038 +begin = 19 +end = 29 + +[JC_509] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_970] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_971] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_byteA_int_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 275 +begin = 11 +end = 17 + +[JC_972] +file = "HOME/lib/java_api/java/lang/System.java" +line = 857 +begin = 32 +end = 46 + +[JC_973] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_974] +file = "HOME/lib/java_api/java/lang/System.java" +line = 857 +begin = 32 +end = 46 + +[JC_740] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 555 +begin = 16 +end = 23 + +[JC_975] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_741] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_976] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_742] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 555 +begin = 16 +end = 23 + +[JC_977] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_743] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_978] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_744] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_510] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1038 +begin = 19 +end = 29 + +[JC_979] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_745] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_511] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_746] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_512] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_747] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_513] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_748] +file = "HOME/lib/java_api/java/lang/System.java" +line = 700 +begin = 25 +end = 31 + +[JC_514] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_749] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_515] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_516] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[JC_517] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_518] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[JC_519] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_980] +file = "HOME/lib/java_api/java/lang/String.java" +line = 316 +begin = 11 +end = 17 + +[JC_981] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_982] +file = "HOME/lib/java_api/java/lang/String.java" +line = 316 +begin = 11 +end = 17 + +[JC_983] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_984] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_750] +file = "HOME/lib/java_api/java/lang/System.java" +line = 700 +begin = 25 +end = 31 + +[JC_985] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_751] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_986] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_752] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_987] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_753] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_988] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1482 +begin = 24 +end = 35 + +[JC_754] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_520] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_989] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_755] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_521] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_756] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 569 +begin = 16 +end = 23 + +[JC_522] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_757] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_523] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_758] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 569 +begin = 16 +end = 23 + +[JC_524] +file = "HOME/lib/java_api/java/lang/System.java" +line = 182 +begin = 31 +end = 38 + +[cons_String_charA_int_int_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 189 +begin = 11 +end = 17 + +[JC_759] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_525] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_526] +file = "HOME/lib/java_api/java/lang/System.java" +line = 182 +begin = 31 +end = 38 + +[JC_527] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_528] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_529] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_990] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1482 +begin = 24 +end = 35 + +[JC_991] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_992] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_993] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_994] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_760] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_995] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_761] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_996] +file = "HOME/lib/java_api/java/lang/String.java" +line = 345 +begin = 11 +end = 17 + +[JC_762] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_997] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_763] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_998] +file = "HOME/lib/java_api/java/lang/String.java" +line = 345 +begin = 11 +end = 17 + +[JC_764] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1239 +begin = 15 +end = 22 + +[JC_530] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_999] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_765] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_531] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_766] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1239 +begin = 15 +end = 22 + +[JC_532] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 403 +begin = 16 +end = 21 + +[JC_767] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_533] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_768] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_534] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 403 +begin = 16 +end = 21 + +[JC_300] +file = "HOME/lib/java_api/java/lang/String.java" +line = 681 +begin = 19 +end = 35 + +[JC_1300] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2152 +begin = 25 +end = 32 + +[JC_769] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_535] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_301] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1301] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_536] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_302] +file = "HOME/lib/java_api/java/lang/String.java" +line = 681 +begin = 19 +end = 35 + +[JC_1302] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2152 +begin = 25 +end = 32 + +[JC_537] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_303] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1303] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_538] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_304] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1304] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_539] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_305] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1305] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_306] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1306] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_307] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1307] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_308] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 277 +begin = 17 +end = 22 + +[JC_1308] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 138 +begin = 16 +end = 21 + +[JC_309] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1309] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_770] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_771] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_772] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 597 +begin = 16 +end = 23 + +[JC_773] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_FilterOutputStream_OutputStream_ensures_default] +name = "Constructor of class FilterOutputStream" +behavior = "default behavior" +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 43 +begin = 11 +end = 29 + +[JC_774] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 597 +begin = 16 +end = 23 + +[JC_540] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1053 +begin = 19 +end = 27 + +[JC_775] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_541] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_776] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_542] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1053 +begin = 19 +end = 27 + +[JC_777] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_543] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_778] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_544] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_310] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 277 +begin = 17 +end = 22 + +[JC_1310] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 138 +begin = 16 +end = 21 + +[JC_779] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_545] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_311] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1311] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_byteA_int_int_int_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 234 +begin = 11 +end = 17 + +[JC_546] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_312] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1312] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_547] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_313] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1313] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_548] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +[JC_314] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1314] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_549] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_315] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1315] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_316] +file = "HOME/lib/java_api/java/lang/String.java" +line = 728 +begin = 15 +end = 24 + +[JC_1316] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 55 +begin = 11 +end = 22 + +[JC_317] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1317] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_318] +file = "HOME/lib/java_api/java/lang/String.java" +line = 728 +begin = 15 +end = 24 + +[JC_1318] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 55 +begin = 11 +end = 22 + +[JC_319] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1319] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_Object_safety] +name = "Constructor of class Object" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_780] +file = "HOME/lib/java_api/java/lang/System.java" +line = 724 +begin = 23 +end = 27 + +[JC_781] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_782] +file = "HOME/lib/java_api/java/lang/System.java" +line = 724 +begin = 23 +end = 27 + +[JC_783] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_784] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_550] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +[JC_785] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_551] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_786] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_552] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_787] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_553] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_788] +file = "HOME/lib/java_api/java/lang/Comparable.java" +line = 121 +begin = 15 +end = 24 + +[JC_554] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_320] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1320] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_789] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_555] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_321] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1321] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_556] +file = "HOME/lib/java_api/java/lang/System.java" +line = 280 +begin = 30 +end = 47 + +[JC_322] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1322] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_557] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_323] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1323] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_558] +file = "HOME/lib/java_api/java/lang/System.java" +line = 280 +begin = 30 +end = 47 + +[JC_324] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[JC_1324] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2177 +begin = 25 +end = 32 + +[JC_559] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_325] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1325] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_326] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[JC_1326] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2177 +begin = 25 +end = 32 + +[JC_327] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1327] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_328] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1328] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_329] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1329] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_790] +file = "HOME/lib/java_api/java/lang/Comparable.java" +line = 121 +begin = 15 +end = 24 + +[JC_791] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_792] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_793] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_794] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_560] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_795] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_561] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_796] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1257 +begin = 15 +end = 22 + +[JC_562] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_797] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_563] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_798] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1257 +begin = 15 +end = 22 + +[JC_564] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 417 +begin = 16 +end = 21 + +[JC_330] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1330] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_799] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_565] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_331] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1331] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_566] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 417 +begin = 16 +end = 21 + +[JC_332] +file = "HOME/lib/java_api/java/lang/System.java" +line = 38 +begin = 31 +end = 46 + +[JC_1332] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 67 +begin = 12 +end = 23 + +[JC_567] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_333] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1333] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_568] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_334] +file = "HOME/lib/java_api/java/lang/System.java" +line = 38 +begin = 31 +end = 46 + +[JC_100] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1334] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 67 +begin = 12 +end = 23 + +[JC_1100] +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 45 +begin = 25 +end = 30 + +[JC_569] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_335] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_101] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 132 +begin = 16 +end = 21 + +[JC_1335] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1101] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_336] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_102] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1336] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1102] +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 45 +begin = 25 +end = 30 + +[JC_337] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_103] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1337] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1103] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_338] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_104] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1338] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1104] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_339] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_105] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1339] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1105] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_106] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1106] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_107] +file = "HOME/tests/java/Hello.jc" +line = 122 +begin = 8 +end = 31 + +[JC_1107] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_PrintStream_OutputStream_boolean_String_ensures_default] +name = "Constructor of class PrintStream" +behavior = "default behavior" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 113 +begin = 11 +end = 22 + +[JC_108] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1108] +file = "HOME/lib/java_api/java/lang/String.java" +line = 481 +begin = 16 +end = 24 + +[JC_109] +file = "HOME/tests/java/Hello.jc" +line = 122 +begin = 8 +end = 31 + +[JC_1109] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_570] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_571] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_572] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1070 +begin = 15 +end = 23 + +[JC_573] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_574] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1070 +begin = 15 +end = 23 + +[JC_340] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 299 +begin = 17 +end = 22 + +[JC_575] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_341] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_576] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_342] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 299 +begin = 17 +end = 22 + +[JC_577] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_343] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_578] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_344] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_110] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1110] +file = "HOME/lib/java_api/java/lang/String.java" +line = 481 +begin = 16 +end = 24 + +[JC_579] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_345] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_111] +file = "HOME/tests/java/Hello.jc" +line = 125 +begin = 11 +end = 103 + +[JC_1111] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_346] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_112] +file = "HOME/tests/java/Hello.jc" +line = 124 +begin = 10 +end = 18 + +[JC_1112] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_347] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_113] +file = "HOME/tests/java/Hello.jc" +line = 125 +begin = 11 +end = 103 + +[JC_1113] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_348] +file = "HOME/lib/java_api/java/lang/System.java" +line = 44 +begin = 12 +end = 18 + +[JC_114] +file = "HOME/tests/java/Hello.jc" +line = 124 +begin = 10 +end = 18 + +[JC_1114] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_349] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_115] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1115] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_116] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1116] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1633 +begin = 18 +end = 30 + +[JC_117] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2271 +begin = 25 +end = 32 + +[JC_1117] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_118] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1118] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1633 +begin = 18 +end = 30 + +[JC_119] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2271 +begin = 25 +end = 32 + +[JC_1119] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_580] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_581] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_582] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_583] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_584] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_350] +file = "HOME/lib/java_api/java/lang/System.java" +line = 44 +begin = 12 +end = 18 + +[JC_585] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_351] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_586] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_352] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_587] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_353] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_588] +file = "HOME/lib/java_api/java/lang/System.java" +line = 374 +begin = 30 +end = 39 + +[JC_354] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_120] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1120] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_589] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_355] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_121] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1121] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_356] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[JC_122] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1122] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_357] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_123] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1123] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_358] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[JC_124] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1124] +file = "HOME/lib/java_api/java/lang/String.java" +line = 532 +begin = 16 +end = 24 + +[cons_String_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 129 +begin = 11 +end = 17 + +[JC_359] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_125] +file = "HOME/tests/java/Hello.jc" +line = 129 +begin = 8 +end = 22 + +[cons_Hello_ensures_default] +name = "Constructor of class Hello" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1125] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_126] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1126] +file = "HOME/lib/java_api/java/lang/String.java" +line = 532 +begin = 16 +end = 24 + +[JC_127] +file = "HOME/tests/java/Hello.jc" +line = 129 +begin = 8 +end = 22 + +[JC_1127] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_128] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1128] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_129] +file = "HOME/tests/java/Hello.jc" +line = 132 +begin = 11 +end = 66 + +[JC_1129] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_byteA_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 391 +begin = 11 +end = 17 + +[cons_PrintStream_OutputStream_boolean_safety] +name = "Constructor of class PrintStream" +behavior = "Safety" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 92 +begin = 11 +end = 22 + +[JC_590] +file = "HOME/lib/java_api/java/lang/System.java" +line = 374 +begin = 30 +end = 39 + +[JC_591] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_592] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_593] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_594] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_360] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_595] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_361] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_596] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 431 +begin = 16 +end = 21 + +[JC_362] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_597] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_363] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_598] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 431 +begin = 16 +end = 21 + +[JC_364] +file = "HOME/lib/java_api/java/lang/String.java" +line = 778 +begin = 15 +end = 24 + +[JC_130] +file = "HOME/tests/java/Hello.jc" +line = 131 +begin = 10 +end = 18 + +[JC_1130] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_599] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_365] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_131] +file = "HOME/tests/java/Hello.jc" +line = 132 +begin = 11 +end = 66 + +[JC_1131] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_366] +file = "HOME/lib/java_api/java/lang/String.java" +line = 778 +begin = 15 +end = 24 + +[JC_132] +file = "HOME/tests/java/Hello.jc" +line = 131 +begin = 10 +end = 18 + +[cons_PrintStream_OutputStream_boolean_ensures_default] +name = "Constructor of class PrintStream" +behavior = "default behavior" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 92 +begin = 11 +end = 22 + +[JC_1132] +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 57 +begin = 16 +end = 21 + +[JC_367] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_133] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1133] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_StringBuffer_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 403 +begin = 11 +end = 17 + +[JC_368] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_134] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1134] +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 57 +begin = 16 +end = 21 + +[JC_369] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_135] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 152 +begin = 16 +end = 21 + +[JC_1135] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_136] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1136] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_137] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 152 +begin = 16 +end = 21 + +[cons_OutputStream_ensures_default] +name = "Constructor of class OutputStream" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1137] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_138] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1138] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_139] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1139] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_370] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_371] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_372] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 318 +begin = 17 +end = 24 + +[cons_OutputStream_safety] +name = "Constructor of class OutputStream" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_373] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_374] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 318 +begin = 17 +end = 24 + +[JC_140] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1140] +file = "HOME/lib/java_api/java/lang/String.java" +line = 572 +begin = 18 +end = 26 + +[JC_375] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_141] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1141] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_376] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_142] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1142] +file = "HOME/lib/java_api/java/lang/String.java" +line = 572 +begin = 18 +end = 26 + +[JC_377] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_143] +file = "HOME/tests/java/Hello.jc" +line = 135 +begin = 8 +end = 31 + +[JC_1143] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_378] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_144] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1144] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_379] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_145] +file = "HOME/tests/java/Hello.jc" +line = 135 +begin = 8 +end = 31 + +[JC_1145] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_146] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1146] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_147] +file = "HOME/tests/java/Hello.jc" +line = 138 +begin = 11 +end = 103 + +[JC_1147] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_148] +file = "HOME/tests/java/Hello.jc" +line = 137 +begin = 10 +end = 18 + +[JC_1148] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1666 +begin = 18 +end = 28 + +[JC_149] +file = "HOME/tests/java/Hello.jc" +line = 138 +begin = 11 +end = 103 + +[JC_1149] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_11] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2204 +begin = 25 +end = 36 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_13] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_380] +file = "HOME/lib/java_api/java/lang/String.java" +line = 846 +begin = 15 +end = 34 + +[JC_14] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_381] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_15] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_382] +file = "HOME/lib/java_api/java/lang/String.java" +line = 846 +begin = 15 +end = 34 + +[JC_16] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_383] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_17] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 75 +begin = 17 +end = 21 + +[JC_384] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_150] +file = "HOME/tests/java/Hello.jc" +line = 137 +begin = 10 +end = 18 + +[JC_18] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1150] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1666 +begin = 18 +end = 28 + +[JC_385] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_151] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_19] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 75 +begin = 17 +end = 21 + +[JC_1151] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_386] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_152] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1152] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_387] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_153] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2285 +begin = 25 +end = 32 + +[JC_1153] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_388] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[JC_154] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1154] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_155] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2285 +begin = 25 +end = 32 + +[JC_389] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1155] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_156] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1156] +file = "HOME/lib/java_api/java/lang/String.java" +line = 591 +begin = 18 +end = 26 + +[JC_157] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1157] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_158] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_PrintStream_OutputStream_ensures_default] +name = "Constructor of class PrintStream" +behavior = "default behavior" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 55 +begin = 11 +end = 22 + +[JC_1158] +file = "HOME/lib/java_api/java/lang/String.java" +line = 591 +begin = 18 +end = 26 + +[JC_159] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1159] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_21] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_22] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_PrintStream_boolean_OutputStream_safety] +name = "Constructor of class PrintStream" +behavior = "Safety" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 67 +begin = 12 +end = 23 + +[JC_23] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_24] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_390] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[JC_25] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 92 +begin = 11 +end = 22 + +[JC_391] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_26] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_392] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_27] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 92 +begin = 11 +end = 22 + +[JC_393] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_28] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_394] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_160] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1160] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_29] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_395] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_161] +file = "HOME/tests/java/Hello.jc" +line = 142 +begin = 8 +end = 24 + +[JC_1161] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_396] +file = "HOME/lib/java_api/java/lang/System.java" +line = 146 +begin = 23 +end = 29 + +[JC_162] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1162] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_397] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_163] +file = "HOME/tests/java/Hello.jc" +line = 142 +begin = 8 +end = 24 + +[JC_1163] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_398] +file = "HOME/lib/java_api/java/lang/System.java" +line = 146 +begin = 23 +end = 29 + +[JC_164] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1164] +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 89 +begin = 16 +end = 21 + +[JC_399] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_165] +file = "HOME/tests/java/Hello.jc" +line = 145 +begin = 11 +end = 66 + +[JC_1165] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_166] +file = "HOME/tests/java/Hello.jc" +line = 144 +begin = 10 +end = 18 + +[JC_1166] +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 89 +begin = 16 +end = 21 + +[JC_167] +file = "HOME/tests/java/Hello.jc" +line = 145 +begin = 11 +end = 66 + +[JC_1167] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_168] +file = "HOME/tests/java/Hello.jc" +line = 144 +begin = 10 +end = 18 + +[JC_1168] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_169] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1169] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_30] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_31] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_32] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_33] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2216 +begin = 25 +end = 32 + +[JC_34] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_35] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2216 +begin = 25 +end = 32 + +[JC_36] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_37] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_38] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_170] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1170] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_39] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_171] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 188 +begin = 19 +end = 29 + +[JC_1171] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_172] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1172] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1750 +begin = 20 +end = 25 + +[JC_173] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 188 +begin = 19 +end = 29 + +[JC_1173] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_174] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1174] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1750 +begin = 20 +end = 25 + +[JC_175] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1175] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_byteA_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 391 +begin = 11 +end = 17 + +[JC_176] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1176] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_177] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1177] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_178] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1178] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_179] +file = "HOME/tests/java/Hello.jc" +line = 148 +begin = 8 +end = 33 + +[JC_1179] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_40] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_41] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 113 +begin = 11 +end = 22 + +[JC_42] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_43] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 113 +begin = 11 +end = 22 + +[JC_44] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_45] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_46] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_47] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_180] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_48] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1180] +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 115 +begin = 16 +end = 21 + +[JC_181] +file = "HOME/tests/java/Hello.jc" +line = 148 +begin = 8 +end = 33 + +[JC_49] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2228 +begin = 25 +end = 32 + +[JC_1181] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_byteA_int_int_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 371 +begin = 11 +end = 17 + +[JC_182] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1182] +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 115 +begin = 16 +end = 21 + +[JC_183] +file = "HOME/tests/java/Hello.jc" +line = 151 +begin = 11 +end = 103 + +[JC_1183] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_184] +file = "HOME/tests/java/Hello.jc" +line = 150 +begin = 10 +end = 18 + +[JC_1184] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_185] +file = "HOME/tests/java/Hello.jc" +line = 151 +begin = 11 +end = 103 + +[JC_1185] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_186] +file = "HOME/tests/java/Hello.jc" +line = 150 +begin = 10 +end = 18 + +[JC_1186] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_187] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1187] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_188] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1188] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1792 +begin = 20 +end = 25 + +[JC_189] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2313 +begin = 25 +end = 31 + +[JC_1189] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_50] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_51] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2228 +begin = 25 +end = 32 + +[JC_52] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_53] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_54] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_int_int_charA_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 413 +begin = 4 +end = 10 + +[JC_55] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_56] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_57] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2243 +begin = 25 +end = 32 + +[JC_190] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_58] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1190] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1792 +begin = 20 +end = 25 + +[JC_191] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2313 +begin = 25 +end = 31 + +[JC_59] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2243 +begin = 25 +end = 32 + +[JC_1191] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_192] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1192] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2191 +begin = 25 +end = 36 + +[JC_193] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1193] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_194] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1194] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_3] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2191 +begin = 25 +end = 36 + +[JC_195] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1195] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_196] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1196] +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 128 +begin = 16 +end = 21 + +[JC_800] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_197] +file = "HOME/tests/java/Hello.jc" +line = 155 +begin = 8 +end = 23 + +[JC_1197] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_801] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_6] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_198] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1198] +file = "HOME/lib/java_api/java/io/OutputStream.java" +line = 128 +begin = 16 +end = 21 + +[JC_802] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_7] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_199] +file = "HOME/tests/java/Hello.jc" +line = 155 +begin = 8 +end = 23 + +[JC_1199] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_803] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_804] +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 40 +begin = 8 +end = 14 + +[JC_9] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2204 +begin = 25 +end = 36 + +[JC_60] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_805] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_61] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_806] +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 40 +begin = 8 +end = 14 + +[JC_62] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_807] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_63] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_808] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_64] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_809] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_65] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 121 +begin = 17 +end = 27 + +[JC_66] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_67] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 121 +begin = 17 +end = 27 + +[Hello_main_ensures_default] +name = "Method main" +behavior = "default behavior" +file = "HOME/tests/java/Hello.java" +line = 34 +begin = 23 +end = 27 + +[JC_68] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_69] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_810] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_811] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_812] +file = "HOME/lib/java_api/java/lang/System.java" +line = 746 +begin = 23 +end = 25 + +[JC_813] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_814] +file = "HOME/lib/java_api/java/lang/System.java" +line = 746 +begin = 23 +end = 25 + +[JC_70] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_815] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_71] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_816] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_72] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_817] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_73] +file = "HOME/tests/java/Hello.jc" +line = 50 +begin = 12 +end = 22 + +[JC_818] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_74] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_byteA_int_int_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 371 +begin = 11 +end = 17 + +[cons_String_byteA_int_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 275 +begin = 11 +end = 17 + +[JC_819] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_75] +file = "HOME/tests/java/Hello.jc" +line = 50 +begin = 12 +end = 22 + +[JC_76] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_byteA_String_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 345 +begin = 11 +end = 17 + +[JC_77] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_78] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_79] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_PrintStream_boolean_OutputStream_ensures_default] +name = "Constructor of class PrintStream" +behavior = "default behavior" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 67 +begin = 12 +end = 23 + +[JC_820] +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 56 +begin = 9 +end = 15 + +[JC_821] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_822] +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 56 +begin = 9 +end = 15 + +[JC_823] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_824] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_80] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_825] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_81] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2257 +begin = 25 +end = 32 + +[JC_826] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_82] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_827] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_83] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2257 +begin = 25 +end = 32 + +[JC_828] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1315 +begin = 15 +end = 26 + +[JC_84] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_829] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_85] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_86] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_87] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_88] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_89] +file = "HOME/tests/java/Hello.jc" +line = 116 +begin = 8 +end = 22 + +[JC_830] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1315 +begin = 15 +end = 26 + +[JC_831] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_832] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_833] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_834] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_600] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_90] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_835] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_601] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_91] +file = "HOME/tests/java/Hello.jc" +line = 116 +begin = 8 +end = 22 + +[JC_836] +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 75 +begin = 17 +end = 28 + +[JC_602] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_92] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_837] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_603] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_93] +file = "HOME/tests/java/Hello.jc" +line = 119 +begin = 11 +end = 66 + +[JC_838] +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 75 +begin = 17 +end = 28 + +[JC_604] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1102 +begin = 15 +end = 22 + +[JC_94] +file = "HOME/tests/java/Hello.jc" +line = 118 +begin = 10 +end = 18 + +[JC_839] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_605] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_95] +file = "HOME/tests/java/Hello.jc" +line = 119 +begin = 11 +end = 66 + +[JC_606] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1102 +begin = 15 +end = 22 + +[JC_96] +file = "HOME/tests/java/Hello.jc" +line = 118 +begin = 10 +end = 18 + +[JC_607] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_97] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_608] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_98] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_609] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_99] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 132 +begin = 16 +end = 21 + +[JC_840] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_841] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_842] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_843] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_844] +file = "HOME/lib/java_api/java/lang/System.java" +line = 768 +begin = 23 +end = 38 + +[JC_610] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_845] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_611] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_846] +file = "HOME/lib/java_api/java/lang/System.java" +line = 768 +begin = 23 +end = 38 + +[JC_612] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 444 +begin = 16 +end = 21 + +[JC_847] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_613] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_848] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_614] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 444 +begin = 16 +end = 21 + +[cons_String_byteA_int_int_String_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 316 +begin = 11 +end = 17 + +[JC_849] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_615] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_616] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_617] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_618] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_charA_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 167 +begin = 11 +end = 17 + +[JC_619] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_850] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_851] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_852] +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 84 +begin = 18 +end = 26 + +[JC_853] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_854] +file = "HOME/lib/java_api/java/lang/CharSequence.java" +line = 84 +begin = 18 +end = 26 + +[JC_620] +file = "HOME/lib/java_api/java/lang/System.java" +line = 389 +begin = 29 +end = 45 + +[JC_855] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_621] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_856] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_622] +file = "HOME/lib/java_api/java/lang/System.java" +line = 389 +begin = 29 +end = 45 + +[JC_857] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_623] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_858] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_624] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_859] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_625] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_626] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_627] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_628] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 461 +begin = 16 +end = 21 + +[JC_629] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_860] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1333 +begin = 15 +end = 26 + +[JC_861] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_862] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1333 +begin = 15 +end = 26 + +[cons_String_String_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 142 +begin = 11 +end = 17 + +[JC_863] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_864] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_630] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 461 +begin = 16 +end = 21 + +[JC_865] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_631] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_866] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_632] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_867] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_633] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_868] +file = "HOME/lib/java_api/java/lang/String.java" +line = 129 +begin = 11 +end = 17 + +[JC_634] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_400] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_869] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_635] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_401] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_636] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1134 +begin = 15 +end = 22 + +[JC_402] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_637] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_403] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_int_int_charA_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 413 +begin = 4 +end = 10 + +[JC_638] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1134 +begin = 15 +end = 22 + +[JC_404] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 349 +begin = 16 +end = 21 + +[JC_639] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_405] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_406] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 349 +begin = 16 +end = 21 + +[JC_407] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_408] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_409] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[Hello_main_safety] +name = "Method main" +behavior = "Safety" +file = "HOME/tests/java/Hello.java" +line = 34 +begin = 23 +end = 27 + +[JC_870] +file = "HOME/lib/java_api/java/lang/String.java" +line = 129 +begin = 11 +end = 17 + +[JC_871] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_872] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_Hello_safety] +name = "Constructor of class Hello" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_873] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_874] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_640] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_875] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_641] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_876] +file = "HOME/lib/java_api/java/lang/System.java" +line = 797 +begin = 23 +end = 42 + +[JC_642] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_877] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_643] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_878] +file = "HOME/lib/java_api/java/lang/System.java" +line = 797 +begin = 23 +end = 42 + +[JC_644] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 474 +begin = 16 +end = 23 + +[JC_410] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_879] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_645] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_411] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_646] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 474 +begin = 16 +end = 23 + +[JC_412] +file = "HOME/lib/java_api/java/lang/String.java" +line = 881 +begin = 19 +end = 32 + +[cons_String_byteA_int_int_int_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 234 +begin = 11 +end = 17 + +[JC_647] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_413] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_648] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_414] +file = "HOME/lib/java_api/java/lang/String.java" +line = 881 +begin = 19 +end = 32 + +[JC_649] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_415] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_416] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_417] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_418] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_419] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_880] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_881] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_882] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_883] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_884] +file = "HOME/lib/java_api/java/lang/String.java" +line = 142 +begin = 11 +end = 17 + +[JC_650] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_885] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_651] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_886] +file = "HOME/lib/java_api/java/lang/String.java" +line = 142 +begin = 11 +end = 17 + +[JC_652] +file = "HOME/lib/java_api/java/lang/System.java" +line = 575 +begin = 25 +end = 36 + +[JC_887] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_653] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_888] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_654] +file = "HOME/lib/java_api/java/lang/System.java" +line = 575 +begin = 25 +end = 36 + +[JC_420] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[JC_889] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_655] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_421] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_656] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_422] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[JC_657] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_423] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_658] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_424] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_659] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_425] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_426] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_427] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_428] +file = "HOME/lib/java_api/java/lang/System.java" +line = 170 +begin = 23 +end = 29 + +[JC_429] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_System_safety] +name = "Constructor of class System" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/System.java" +line = 44 +begin = 12 +end = 18 + +[JC_890] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_891] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_PrintStream_OutputStream_safety] +name = "Constructor of class PrintStream" +behavior = "Safety" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 55 +begin = 11 +end = 22 + +[JC_892] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1351 +begin = 15 +end = 26 + +[JC_893] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_894] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1351 +begin = 15 +end = 26 + +[JC_660] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 485 +begin = 16 +end = 23 + +[JC_895] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_661] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_896] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_662] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 485 +begin = 16 +end = 23 + +[JC_897] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_663] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_898] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_664] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_430] +file = "HOME/lib/java_api/java/lang/System.java" +line = 170 +begin = 23 +end = 29 + +[JC_899] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_665] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_431] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_666] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_432] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_667] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_433] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_668] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1167 +begin = 15 +end = 26 + +[JC_434] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_200] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1200] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_669] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_435] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_201] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1201] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_byteA_String_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 345 +begin = 11 +end = 17 + +[JC_436] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 361 +begin = 16 +end = 21 + +[JC_202] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1202] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_437] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_203] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1203] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_438] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 361 +begin = 16 +end = 21 + +[JC_204] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1204] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_439] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_205] +file = "HOME/tests/java/Hello.jc" +line = 157 +begin = 11 +end = 65 + +[JC_1205] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_206] +file = "HOME/tests/java/Hello.jc" +line = 157 +begin = 11 +end = 65 + +[JC_1206] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_207] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 199 +begin = 19 +end = 27 + +[JC_1207] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_208] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1208] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_209] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 199 +begin = 19 +end = 27 + +[JC_1209] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_670] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1167 +begin = 15 +end = 26 + +[JC_671] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_672] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_673] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_674] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_440] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_675] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_441] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_676] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 499 +begin = 16 +end = 23 + +[JC_442] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_677] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_443] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_678] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 499 +begin = 16 +end = 23 + +[JC_444] +file = "HOME/lib/java_api/java/lang/String.java" +line = 950 +begin = 19 +end = 32 + +[JC_210] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1210] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_679] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_445] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_211] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1211] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_446] +file = "HOME/lib/java_api/java/lang/String.java" +line = 950 +begin = 19 +end = 32 + +[JC_212] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1212] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1904 +begin = 18 +end = 29 + +[JC_447] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_213] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1213] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_448] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_214] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1214] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1904 +begin = 18 +end = 29 + +[JC_449] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_215] +file = "HOME/lib/java_api/java/lang/String.java" +line = 608 +begin = 19 +end = 25 + +[JC_1215] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_216] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1216] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_217] +file = "HOME/lib/java_api/java/lang/String.java" +line = 608 +begin = 19 +end = 25 + +[JC_1217] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_218] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1218] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_219] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1219] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_680] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_681] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_682] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_683] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_684] +file = "HOME/lib/java_api/java/lang/System.java" +line = 614 +begin = 25 +end = 36 + +[JC_450] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_685] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_451] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_686] +file = "HOME/lib/java_api/java/lang/System.java" +line = 614 +begin = 25 +end = 36 + +[JC_452] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[JC_687] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_453] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_688] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_454] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[JC_220] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1220] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 43 +begin = 11 +end = 29 + +[JC_689] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_455] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_221] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1221] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_456] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_222] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1222] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 43 +begin = 11 +end = 29 + +[JC_457] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_223] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[JC_1223] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_458] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_224] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1224] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_459] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_225] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[JC_1225] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_226] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1226] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_227] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1227] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_228] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1228] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2056 +begin = 18 +end = 29 + +[JC_229] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1229] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_690] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_691] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_692] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 513 +begin = 16 +end = 23 + +[JC_693] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_694] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 513 +begin = 16 +end = 23 + +[JC_460] +file = "HOME/lib/java_api/java/lang/System.java" +line = 175 +begin = 24 +end = 31 + +[JC_695] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_461] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_696] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_462] +file = "HOME/lib/java_api/java/lang/System.java" +line = 175 +begin = 24 +end = 31 + +[JC_697] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_463] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_FilterOutputStream_OutputStream_safety] +name = "Constructor of class FilterOutputStream" +behavior = "Safety" +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 43 +begin = 11 +end = 29 + +[JC_698] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_464] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_230] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1230] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2056 +begin = 18 +end = 29 + +[JC_699] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_465] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_231] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 583 +begin = 16 +end = 23 + +[JC_1231] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_466] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_232] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1232] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_467] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_233] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 583 +begin = 16 +end = 23 + +[JC_1233] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_468] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 375 +begin = 16 +end = 21 + +[JC_234] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1234] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1000] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_469] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_235] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1235] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1001] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_236] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1236] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2092 +begin = 18 +end = 22 + +[JC_1002] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_237] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1237] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1003] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_238] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1238] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2092 +begin = 18 +end = 22 + +[JC_1004] +file = "HOME/lib/java_api/java/lang/System.java" +line = 865 +begin = 31 +end = 46 + +[JC_239] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 223 +begin = 16 +end = 21 + +[JC_1239] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1005] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1006] +file = "HOME/lib/java_api/java/lang/System.java" +line = 865 +begin = 31 +end = 46 + +[JC_1007] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1008] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1009] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_470] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 375 +begin = 16 +end = 21 + +[JC_471] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_472] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_String_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 142 +begin = 11 +end = 17 + +[JC_473] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_474] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_240] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1240] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_475] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_241] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 223 +begin = 16 +end = 21 + +[JC_1241] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_476] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1007 +begin = 19 +end = 29 + +[JC_242] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1242] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_477] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_243] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1243] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_478] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1007 +begin = 19 +end = 29 + +[JC_244] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1244] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 59 +begin = 16 +end = 21 + +[JC_1010] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_479] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_245] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1245] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1011] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_246] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1246] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 59 +begin = 16 +end = 21 + +[JC_1012] +file = "HOME/lib/java_api/java/lang/String.java" +line = 371 +begin = 11 +end = 17 + +[JC_247] +file = "HOME/tests/java/Hello.java" +line = 34 +begin = 23 +end = 27 + +[JC_1247] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1013] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_248] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1248] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1014] +file = "HOME/lib/java_api/java/lang/String.java" +line = 371 +begin = 11 +end = 17 + +[JC_249] +file = "HOME/tests/java/Hello.java" +line = 34 +begin = 23 +end = 27 + +[JC_1249] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1015] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1016] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1017] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1018] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1019] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_480] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_481] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_StringBuffer_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 403 +begin = 11 +end = 17 + +[JC_482] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_483] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_484] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[JC_250] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1250] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_485] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_251] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1251] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_486] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[JC_252] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1252] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2112 +begin = 18 +end = 26 + +[JC_487] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_253] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1253] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_488] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_254] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1254] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2112 +begin = 18 +end = 26 + +[JC_1020] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1506 +begin = 18 +end = 24 + +[JC_489] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_255] +kind = UserCall +file = "HOME/tests/java/Hello.jc" +line = 171 +begin = 49 +end = 61 + +[JC_1255] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1021] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_256] +kind = UserCall +file = "HOME/tests/java/Hello.jc" +line = 171 +begin = 10 +end = 62 + +[JC_1256] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1022] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1506 +begin = 18 +end = 24 + +[JC_257] +kind = IndexBounds +file = "HOME/tests/java/Hello.jc" +line = 171 +begin = 10 +end = 62 + +[JC_1257] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1023] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_258] +kind = UserCall +file = "HOME/tests/java/Hello.jc" +line = 171 +begin = 49 +end = 61 + +[JC_1258] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1024] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_259] +kind = UserCall +file = "HOME/tests/java/Hello.jc" +line = 171 +begin = 10 +end = 62 + +[JC_1259] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1025] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1026] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1027] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1028] +file = "HOME/lib/java_api/java/lang/String.java" +line = 391 +begin = 11 +end = 17 + +[JC_1029] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_490] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_491] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_492] +file = "HOME/lib/java_api/java/lang/System.java" +line = 181 +begin = 31 +end = 38 + +[JC_493] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_494] +file = "HOME/lib/java_api/java/lang/System.java" +line = 181 +begin = 31 +end = 38 + +[JC_260] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[JC_1260] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 79 +begin = 16 +end = 21 + +[JC_495] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_261] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1261] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_496] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_262] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[JC_1262] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 79 +begin = 16 +end = 21 + +[JC_497] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_263] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1263] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_498] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_264] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1264] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1030] +file = "HOME/lib/java_api/java/lang/String.java" +line = 391 +begin = 11 +end = 17 + +[JC_499] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_265] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1265] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1031] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_266] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1266] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1032] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_267] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1267] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1033] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_268] +file = "HOME/lib/java_api/java/lang/String.java" +line = 640 +begin = 19 +end = 32 + +[JC_1268] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2123 +begin = 18 +end = 29 + +[JC_1034] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_269] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1269] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1035] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_PrintStream_OutputStream_boolean_String_safety] +name = "Constructor of class PrintStream" +behavior = "Safety" +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 113 +begin = 11 +end = 22 + +[JC_1036] +file = "HOME/lib/java_api/java/lang/System.java" +line = 873 +begin = 31 +end = 46 + +[JC_1037] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1038] +file = "HOME/lib/java_api/java/lang/System.java" +line = 873 +begin = 31 +end = 46 + +[JC_1039] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_270] +file = "HOME/lib/java_api/java/lang/String.java" +line = 640 +begin = 19 +end = 32 + +[JC_1270] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2123 +begin = 18 +end = 29 + +[JC_271] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1271] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_272] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1272] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_273] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1273] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_274] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1274] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1040] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_275] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1275] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1041] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_276] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 254 +begin = 16 +end = 21 + +[JC_1276] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 103 +begin = 16 +end = 21 + +[JC_1042] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_277] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1277] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1043] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_278] +file = "HOME/lib/java_api/java/io/PrintStream.java" +line = 254 +begin = 16 +end = 21 + +[JC_1278] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 103 +begin = 16 +end = 21 + +[JC_1044] +file = "HOME/lib/java_api/java/lang/String.java" +line = 403 +begin = 11 +end = 17 + +[JC_279] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1279] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1045] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1046] +file = "HOME/lib/java_api/java/lang/String.java" +line = 403 +begin = 11 +end = 17 + +[JC_1047] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1048] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1049] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 129 +begin = 11 +end = 17 + +[JC_280] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1280] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_281] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1281] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_282] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1282] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_System_ensures_default] +name = "Constructor of class System" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/System.java" +line = 44 +begin = 12 +end = 18 + +[JC_283] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1283] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_284] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1284] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2138 +begin = 25 +end = 32 + +[JC_1050] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_285] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1285] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1051] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_286] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1286] +file = "HOME/lib/java_api/java/lang/String.java" +line = 2138 +begin = 25 +end = 32 + +[JC_1052] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1546 +begin = 18 +end = 25 + +[JC_287] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1287] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1053] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_288] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1288] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1054] +file = "HOME/lib/java_api/java/lang/String.java" +line = 1546 +begin = 18 +end = 25 + +[JC_289] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1289] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1055] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1056] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1057] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1058] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1059] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_290] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1290] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_291] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1291] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_292] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[JC_1292] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 122 +begin = 16 +end = 21 + +[JC_293] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1293] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_294] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[JC_1294] +file = "HOME/lib/java_api/java/io/FilterOutputStream.java" +line = 122 +begin = 16 +end = 21 + +[JC_1060] +file = "HOME/lib/java_api/java/lang/String.java" +line = 413 +begin = 4 +end = 10 + +[JC_295] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1295] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1061] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_296] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1296] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1062] +file = "HOME/lib/java_api/java/lang/String.java" +line = 413 +begin = 4 +end = 10 + +[JC_900] +file = "HOME/lib/java_api/java/lang/String.java" +line = 167 +begin = 11 +end = 17 + +[JC_297] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1297] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1063] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_901] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_298] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1298] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1064] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_902] +file = "HOME/lib/java_api/java/lang/String.java" +line = 167 +begin = 11 +end = 17 + +[JC_299] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1299] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1065] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_903] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1066] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_904] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1067] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_905] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1068] +file = "HOME/lib/java_api/java/lang/System.java" +line = 882 +begin = 24 +end = 45 + +[JC_906] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1069] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_907] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_908] +file = "HOME/lib/java_api/java/lang/System.java" +line = 820 +begin = 23 +end = 27 + +[cons_Object_ensures_default] +name = "Constructor of class Object" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_909] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1070] +file = "HOME/lib/java_api/java/lang/System.java" +line = 882 +begin = 24 +end = 45 + +[JC_1071] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1072] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_910] +file = "HOME/lib/java_api/java/lang/System.java" +line = 820 +begin = 23 +end = 27 + +[JC_1073] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_911] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1074] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_912] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1075] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_913] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1076] +file = "HOME/lib/java_api/java/lang/String.java" +line = 427 +begin = 15 +end = 21 + +[JC_914] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1077] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_915] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1078] +file = "HOME/lib/java_api/java/lang/String.java" +line = 427 +begin = 15 +end = 21 + +[JC_916] +file = "HOME/lib/java_api/java/lang/String.java" +line = 189 +begin = 11 +end = 17 + +[JC_1079] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_byteA_int_int_String_safety] +name = "Constructor of class String" +behavior = "Safety" +file = "HOME/lib/java_api/java/lang/String.java" +line = 316 +begin = 11 +end = 17 + +[JC_917] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_918] +file = "HOME/lib/java_api/java/lang/String.java" +line = 189 +begin = 11 +end = 17 + +[JC_919] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_String_charA_int_int_ensures_default] +name = "Constructor of class String" +behavior = "default behavior" +file = "HOME/lib/java_api/java/lang/String.java" +line = 189 +begin = 11 +end = 17 + +========== file tests/java/why/Hello.why ========== +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic Exception_tag: -> Object tag_id + +logic Object_tag: -> Object tag_id + +axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) + +logic FilterOutputStream_tag: -> Object tag_id + +logic OutputStream_tag: -> Object tag_id + +axiom FilterOutputStream_parenttag_OutputStream : + parenttag(FilterOutputStream_tag, OutputStream_tag) + +logic Hello_tag: -> Object tag_id + +axiom Hello_parenttag_Object : parenttag(Hello_tag, Object_tag) + +logic InputStream_tag: -> Object tag_id + +axiom InputStream_parenttag_Object : parenttag(InputStream_tag, Object_tag) + +predicate Non_null_Object(x_3:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_3), (0)) + +predicate Non_null_StringM(x_2:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) + +predicate Non_null_byteM(x_0:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_0), neg_int((1))) + +predicate Non_null_charM(x_1:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_1), neg_int((1))) + +axiom Object_int : (int_of_tag(Object_tag) = (1)) + +logic Object_of_pointer_address: unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr : + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom : parenttag(Object_tag, bottom_tag) + +axiom Object_tags : + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. + instanceof(Object_tag_table, x, Object_tag))) + +logic OutputStreamWriter_tag: -> Object tag_id + +axiom OutputStreamWriter_parenttag_Object : + parenttag(OutputStreamWriter_tag, Object_tag) + +axiom OutputStream_parenttag_Object : parenttag(OutputStream_tag, Object_tag) + +logic PrintStream_tag: -> Object tag_id + +axiom PrintStream_parenttag_FilterOutputStream : + parenttag(PrintStream_tag, FilterOutputStream_tag) + +logic StringBuffer_tag: -> Object tag_id + +axiom StringBuffer_parenttag_Object : parenttag(StringBuffer_tag, Object_tag) + +logic StringM_tag: -> Object tag_id + +axiom StringM_parenttag_Object : parenttag(StringM_tag, Object_tag) + +logic String_tag: -> Object tag_id + +axiom String_parenttag_Object : parenttag(String_tag, Object_tag) + +logic long_of_integer: int -> long + +function String_serialVersionUID() : long = + long_of_integer(neg_int((6849794470754667710))) + +logic System_err: -> Object pointer + +logic System_in: -> Object pointer + +logic System_out: -> Object pointer + +logic System_tag: -> Object tag_id + +axiom System_parenttag_Object : parenttag(System_tag, Object_tag) + +logic Throwable_tag: -> Object tag_id + +axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) + +logic byteM_tag: -> Object tag_id + +axiom byteM_parenttag_Object : parenttag(byteM_tag, Object_tag) + +logic integer_of_byte: byte -> int + +logic byte_of_integer: int -> byte + +axiom byte_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_byte(byte_of_integer(x)), x))) + +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + +axiom byte_range : + (forall x:byte. + (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) + +logic charM_tag: -> Object tag_id + +axiom charM_parenttag_Object : parenttag(charM_tag, Object_tag) + +logic integer_of_char: char -> int + +logic char_of_integer: int -> char + +axiom char_coerce : + (forall x:int. + ((le_int((0), x) and le_int(x, (65535))) -> + eq_int(integer_of_char(char_of_integer(x)), x))) + +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + +axiom char_range : + (forall x:char. + (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) + +predicate eq_byte(x:byte, y:byte) = + eq_int(integer_of_byte(x), integer_of_byte(y)) + +predicate eq_char(x:char, y:char) = + eq_int(integer_of_char(x), integer_of_char(y)) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_long: long -> int + +predicate eq_long(x:long, y:long) = + eq_int(integer_of_long(x), integer_of_long(y)) + +logic integer_of_short: short -> int + +predicate eq_short(x:short, y:short) = + eq_int(integer_of_short(x), integer_of_short(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic interface_tag: -> interface tag_id + +axiom interface_int : (int_of_tag(interface_tag) = (1)) + +logic interface_of_pointer_address: unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr : + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom : parenttag(interface_tag, bottom_tag) + +axiom interface_tags : + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + (offset_min(Object_alloc_table, p) <= a) + +predicate left_valid_struct_Exception(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_OutputStream(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_FilterOutputStream(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_OutputStream(p, a, Object_alloc_table) + +predicate left_valid_struct_Hello(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_InputStream(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_OutputStreamWriter(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_PrintStream(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_FilterOutputStream(p, a, Object_alloc_table) + +predicate left_valid_struct_String(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_StringBuffer(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_StringM(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_System(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_Throwable(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_byteM(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_charM(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_interface(p:interface pointer, a:int, + interface_alloc_table:interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +axiom long_coerce : + (forall x:int. + ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> + eq_int(integer_of_long(long_of_integer(x)), x))) + +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + +axiom long_range : + (forall x:long. + (le_int((-9223372036854775808), integer_of_long(x)) + and le_int(integer_of_long(x), (9223372036854775807)))) + +axiom pointer_addr_of_Object_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address : + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + (offset_max(Object_alloc_table, p) >= b) + +predicate right_valid_struct_Exception(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_OutputStream(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_FilterOutputStream(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_OutputStream(p, b, Object_alloc_table) + +predicate right_valid_struct_Hello(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_InputStream(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_OutputStreamWriter(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_PrintStream(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_FilterOutputStream(p, b, Object_alloc_table) + +predicate right_valid_struct_String(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_StringBuffer(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_StringM(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_System(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_Throwable(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_byteM(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_charM(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_interface(p:interface pointer, b:int, + interface_alloc_table:interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer: int -> short + +axiom short_coerce : + (forall x:int. + ((le_int((-32768), x) and le_int(x, (32767))) -> + eq_int(integer_of_short(short_of_integer(x)), x))) + +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + +axiom short_range : + (forall x:short. + (le_int((-32768), integer_of_short(x)) + and le_int(integer_of_short(x), (32767)))) + +predicate strict_valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_OutputStream(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_FilterOutputStream(p:Object pointer, a:int, + b:int, Object_alloc_table:Object alloc_table) = + strict_valid_struct_OutputStream(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Hello(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_InputStream(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_OutputStreamWriter(p:Object pointer, a:int, + b:int, Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_PrintStream(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_FilterOutputStream(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_StringBuffer(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_StringM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_System(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_byteM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_charM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_OutputStream(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_FilterOutputStream(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_OutputStream(p, a, b, Object_alloc_table) + +predicate valid_struct_Hello(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_InputStream(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_OutputStreamWriter(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_PrintStream(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_FilterOutputStream(p, a, b, Object_alloc_table) + +predicate valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_StringBuffer(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_StringM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_System(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_byteM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_charM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +parameter CharSequence_charAt : + this_95:Object pointer -> index:int32 -> { } char { true } + +parameter CharSequence_charAt_requires : + this_95:Object pointer -> index:int32 -> { } char { true } + +parameter CharSequence_length : this_94:Object pointer -> { } int32 { true } + +parameter CharSequence_length_requires : + this_94:Object pointer -> { } int32 { true } + +parameter CharSequence_subSequence : + this_96:Object pointer -> + start:int32 -> end_0:int32 -> { } Object pointer { true } + +parameter CharSequence_subSequence_requires : + this_96:Object pointer -> + start:int32 -> end_0:int32 -> { } Object pointer { true } + +parameter CharSequence_toString : + this_97:Object pointer -> { } Object pointer { true } + +parameter CharSequence_toString_requires : + this_97:Object pointer -> { } Object pointer { true } + +parameter Comparable_compareTo : + this_93:Object pointer -> o:Object pointer -> { } int32 { true } + +parameter Comparable_compareTo_requires : + this_93:Object pointer -> o:Object pointer -> { } int32 { true } + +exception Exception_exc of Object pointer + +parameter Object_alloc_table : Object alloc_table ref + +parameter FilterOutputStream_close : + this_51:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter FilterOutputStream_close_requires : + this_51:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter FilterOutputStream_flush : + this_50:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter FilterOutputStream_flush_requires : + this_50:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter FilterOutputStream_out : (Object, Object pointer) memory ref + +parameter FilterOutputStream_write : + this_49:Object pointer -> + b_4:Object pointer -> + off_0:int32 -> len_0:int32 -> { } unit reads Object_alloc_table { true } + +parameter FilterOutputStream_write_byteA : + this_47:Object pointer -> + b_3:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter FilterOutputStream_write_byteA_requires : + this_47:Object pointer -> + b_3:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter FilterOutputStream_write_int : + this_45:Object pointer -> + b_2:int32 -> { } unit reads Object_alloc_table { true } + +parameter FilterOutputStream_write_int_requires : + this_45:Object pointer -> + b_2:int32 -> { } unit reads Object_alloc_table { true } + +parameter FilterOutputStream_write_requires : + this_49:Object pointer -> + b_4:Object pointer -> + off_0:int32 -> len_0:int32 -> { } unit reads Object_alloc_table { true } + +parameter Hello_main : + argv:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Hello_main_requires : + argv:Object pointer -> { } unit reads Object_alloc_table { true } + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +parameter Object_clone : + this_64:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_clone_requires : + this_64:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_equals : + this_62:Object pointer -> + obj_1:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter Object_equals_requires : + this_62:Object pointer -> + obj_1:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter Object_finalize : + this_78:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_finalize_requires : + this_78:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_hashCode : + this_60:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter Object_hashCode_requires : + this_60:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter Object_notify : + this_68:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notifyAll : + this_70:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notifyAll_requires : + this_70:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notify_requires : + this_68:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_registerNatives : tt:unit -> { } unit { true } + +parameter Object_registerNatives_requires : tt:unit -> { } unit { true } + +parameter Object_tag_table : Object tag_table ref + +parameter Object_toString : + this_66:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_toString_requires : + this_66:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_wait : + this_76:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long : + this_72:Object pointer -> + timeout:long -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_int : + this_74:Object pointer -> + timeout_0:long -> nanos:int32 -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_int_requires : + this_74:Object pointer -> + timeout_0:long -> nanos:int32 -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_requires : + this_72:Object pointer -> + timeout:long -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_requires : + this_76:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter OutputStream_close : + this_41:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter OutputStream_close_requires : + this_41:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter OutputStream_flush : + this_39:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter OutputStream_flush_requires : + this_39:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter OutputStream_write : + this_37:Object pointer -> + b_1:Object pointer -> + off:int32 -> len:int32 -> { } unit reads Object_alloc_table { true } + +parameter OutputStream_write_byteA : + this_35:Object pointer -> + b_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter OutputStream_write_byteA_requires : + this_35:Object pointer -> + b_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter OutputStream_write_int : + this_33:Object pointer -> + b:int32 -> { } unit reads Object_alloc_table { true } + +parameter OutputStream_write_int_requires : + this_33:Object pointer -> + b:int32 -> { } unit reads Object_alloc_table { true } + +parameter OutputStream_write_requires : + this_37:Object pointer -> + b_1:Object pointer -> + off:int32 -> len:int32 -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_autoFlush : (Object, bool) memory ref + +parameter PrintStream_checkError : + this_56:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter PrintStream_checkError_requires : + this_56:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter PrintStream_close : + this_55:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_close_requires : + this_55:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_closing : (Object, bool) memory ref + +parameter PrintStream_ensureOpen : + this_53:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_ensureOpen_requires : + this_53:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_flush : + this_54:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_flush_requires : + this_54:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_init : + this_52:Object pointer -> + osw:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_init_requires : + this_52:Object pointer -> + osw:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_newLine : + this_67:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_newLine_requires : + this_67:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print : + this_82:Object pointer -> + obj:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_String : + this_81:Object pointer -> + s_1:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_String_requires : + this_81:Object pointer -> + s_1:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_boolean : + this_69:Object pointer -> + b_6:bool -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_boolean_requires : + this_69:Object pointer -> + b_6:bool -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_char : + this_71:Object pointer -> + c:char -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_charA : + this_80:Object pointer -> + s_0_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_charA_requires : + this_80:Object pointer -> + s_0_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_char_requires : + this_71:Object pointer -> + c:char -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_double : + this_79:Object pointer -> + d:real -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_double_requires : + this_79:Object pointer -> + d:real -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_float : + this_77:Object pointer -> + f:real -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_float_requires : + this_77:Object pointer -> + f:real -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_int : + this_73:Object pointer -> + i:int32 -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_int_requires : + this_73:Object pointer -> + i:int32 -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_long : + this_75:Object pointer -> + l:long -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_long_requires : + this_75:Object pointer -> + l:long -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_print_requires : + this_82:Object pointer -> + obj:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println : + this_83:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_Object : + this_92:Object pointer -> + x_8_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_Object_requires : + this_92:Object pointer -> + x_8_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_String : + this_91:Object pointer -> + x_7_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_String_requires : + this_91:Object pointer -> + x_7_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_boolean : + this_84:Object pointer -> + x_0_0:bool -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_boolean_requires : + this_84:Object pointer -> + x_0_0:bool -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_char : + this_85:Object pointer -> + x_1_0:char -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_charA : + this_90:Object pointer -> + x_6_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_charA_requires : + this_90:Object pointer -> + x_6_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_char_requires : + this_85:Object pointer -> + x_1_0:char -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_double : + this_89:Object pointer -> + x_5_0:real -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_double_requires : + this_89:Object pointer -> + x_5_0:real -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_float : + this_88:Object pointer -> + x_4_0:real -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_float_requires : + this_88:Object pointer -> + x_4_0:real -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_int : + this_86:Object pointer -> + x_2_0:int32 -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_int_requires : + this_86:Object pointer -> + x_2_0:int32 -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_long : + this_87:Object pointer -> + x_3_0:long -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_long_requires : + this_87:Object pointer -> + x_3_0:long -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_println_requires : + this_83:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_setError : + this_58:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_setError_requires : + this_58:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_trouble : (Object, bool) memory ref + +parameter PrintStream_write_String : + this_65:Object pointer -> + s_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_write_String_requires : + this_65:Object pointer -> + s_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_write_byteA_int_int : + this_61:Object pointer -> + buf:Object pointer -> + off_1:int32 -> len_1:int32 -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_write_byteA_int_int_requires : + this_61:Object pointer -> + buf:Object pointer -> + off_1:int32 -> len_1:int32 -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_write_charA : + this_63:Object pointer -> + buf_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_write_charA_requires : + this_63:Object pointer -> + buf_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_write_int : + this_59:Object pointer -> + b_5:int32 -> { } unit reads Object_alloc_table { true } + +parameter PrintStream_write_int_requires : + this_59:Object pointer -> + b_5:int32 -> { } unit reads Object_alloc_table { true } + +exception Return_label_exc of unit + +parameter StringM_StringP : (Object, Object pointer) memory ref + +parameter String_charAt : + this_99:Object pointer -> + index_0:int32 -> { } char reads Object_alloc_table { true } + +parameter String_charAt_requires : + this_99:Object pointer -> + index_0:int32 -> { } char reads Object_alloc_table { true } + +parameter String_checkBounds : + bytes:Object pointer -> + offset_1:int32 -> length_0:int32 -> { } unit { true } + +parameter String_checkBounds_requires : + bytes:Object pointer -> + offset_1:int32 -> length_0:int32 -> { } unit { true } + +parameter String_compareToIgnoreCase : + this_12:Object pointer -> + str:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_compareToIgnoreCase_requires : + this_12:Object pointer -> + str:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_compareTo_Object : + this_11:Object pointer -> + o_0:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_compareTo_Object_requires : + this_11:Object pointer -> + o_0:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_compareTo_String : + this_10:Object pointer -> + anotherString_0:Object pointer -> + { } int32 reads Object_alloc_table { true } + +parameter String_compareTo_String_requires : + this_10:Object pointer -> + anotherString_0:Object pointer -> + { } int32 reads Object_alloc_table { true } + +parameter String_concat : + this_30:Object pointer -> + str_4:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_concat_requires : + this_30:Object pointer -> + str_4:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_contentEquals : + this_8:Object pointer -> + sb:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_contentEquals_requires : + this_8:Object pointer -> + sb:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_copyValueOf_charA : + data_2:Object pointer -> { } Object pointer { true } + +parameter String_copyValueOf_charA_int_int : + data_1:Object pointer -> + offset_6:int32 -> count_3:int32 -> { } Object pointer { true } + +parameter String_copyValueOf_charA_int_int_requires : + data_1:Object pointer -> + offset_6:int32 -> count_3:int32 -> { } Object pointer { true } + +parameter String_copyValueOf_charA_requires : + data_2:Object pointer -> { } Object pointer { true } + +parameter String_count : (Object, int32) memory ref + +parameter String_endsWith : + this_17:Object pointer -> + suffix:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_endsWith_requires : + this_17:Object pointer -> + suffix:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_equals : + this_7:Object pointer -> + anObject:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_equalsIgnoreCase : + this_9:Object pointer -> + anotherString:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_equalsIgnoreCase_requires : + this_9:Object pointer -> + anotherString:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_equals_requires : + this_7:Object pointer -> + anObject:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_getBytes : + this_103:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_getBytes_String : + this_102:Object pointer -> + charsetName_1:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_getBytes_String_requires : + this_102:Object pointer -> + charsetName_1:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_getBytes_int_int_byteA_int : + this_101:Object pointer -> + srcBegin_0:int32 -> + srcEnd_0:int32 -> + dst_0:Object pointer -> + dstBegin_0:int32 -> { } unit reads Object_alloc_table { true } + +parameter String_getBytes_int_int_byteA_int_requires : + this_101:Object pointer -> + srcBegin_0:int32 -> + srcEnd_0:int32 -> + dst_0:Object pointer -> + dstBegin_0:int32 -> { } unit reads Object_alloc_table { true } + +parameter String_getBytes_requires : + this_103:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_getChars : + this_100:Object pointer -> + srcBegin:int32 -> + srcEnd:int32 -> + dst:Object pointer -> + dstBegin:int32 -> { } unit reads Object_alloc_table { true } + +parameter String_getChars_requires : + this_100:Object pointer -> + srcBegin:int32 -> + srcEnd:int32 -> + dst:Object pointer -> + dstBegin:int32 -> { } unit reads Object_alloc_table { true } + +parameter String_hash : (Object, int32) memory ref + +parameter String_hashCode : + this_18:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_hashCode_requires : + this_18:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_indexOf : + source:Object pointer -> + sourceOffset:int32 -> + sourceCount:int32 -> + target:Object pointer -> + targetOffset:int32 -> + targetCount:int32 -> fromIndex_2:int32 -> { } int32 { true } + +parameter String_indexOf_String : + this_23:Object pointer -> + str_0:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_indexOf_String_int : + this_24:Object pointer -> + str_1:Object pointer -> + fromIndex_1:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_indexOf_String_int_requires : + this_24:Object pointer -> + str_1:Object pointer -> + fromIndex_1:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_indexOf_String_requires : + this_23:Object pointer -> + str_0:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_indexOf_int : + this_19:Object pointer -> + ch:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_indexOf_int_int : + this_20:Object pointer -> + ch_0:int32 -> + fromIndex:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_indexOf_int_int_requires : + this_20:Object pointer -> + ch_0:int32 -> + fromIndex:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_indexOf_int_requires : + this_19:Object pointer -> + ch:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_indexOf_requires : + source:Object pointer -> + sourceOffset:int32 -> + sourceCount:int32 -> + target:Object pointer -> + targetOffset:int32 -> + targetCount:int32 -> fromIndex_2:int32 -> { } int32 { true } + +parameter String_intern : + this_57:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_intern_requires : + this_57:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_lastIndexOf : + source_0:Object pointer -> + sourceOffset_0:int32 -> + sourceCount_0:int32 -> + target_0:Object pointer -> + targetOffset_0:int32 -> + targetCount_0:int32 -> fromIndex_4:int32 -> { } int32 { true } + +parameter String_lastIndexOf_String : + this_25:Object pointer -> + str_2:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_lastIndexOf_String_int : + this_26:Object pointer -> + str_3:Object pointer -> + fromIndex_3:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_lastIndexOf_String_int_requires : + this_26:Object pointer -> + str_3:Object pointer -> + fromIndex_3:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_lastIndexOf_String_requires : + this_25:Object pointer -> + str_2:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_lastIndexOf_int : + this_21:Object pointer -> + ch_1:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_lastIndexOf_int_int : + this_22:Object pointer -> + ch_2:int32 -> + fromIndex_0:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_lastIndexOf_int_int_requires : + this_22:Object pointer -> + ch_2:int32 -> + fromIndex_0:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_lastIndexOf_int_requires : + this_21:Object pointer -> + ch_1:int32 -> { } int32 reads Object_alloc_table { true } + +parameter String_lastIndexOf_requires : + source_0:Object pointer -> + sourceOffset_0:int32 -> + sourceCount_0:int32 -> + target_0:Object pointer -> + targetOffset_0:int32 -> + targetCount_0:int32 -> fromIndex_4:int32 -> { } int32 { true } + +parameter String_length : + this_98:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_length_requires : + this_98:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter String_matches : + this_32:Object pointer -> + regex:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_matches_requires : + this_32:Object pointer -> + regex:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_offset : (Object, int32) memory ref + +parameter String_regionMatches_boolean_int_String_int_int : + this_14:Object pointer -> + ignoreCase:bool -> + toffset_0:int32 -> + other_0:Object pointer -> + ooffset_0:int32 -> + len_3:int32 -> { } bool reads Object_alloc_table { true } + +parameter String_regionMatches_boolean_int_String_int_int_requires : + this_14:Object pointer -> + ignoreCase:bool -> + toffset_0:int32 -> + other_0:Object pointer -> + ooffset_0:int32 -> + len_3:int32 -> { } bool reads Object_alloc_table { true } + +parameter String_regionMatches_int_String_int_int : + this_13:Object pointer -> + toffset:int32 -> + other:Object pointer -> + ooffset:int32 -> + len_2:int32 -> { } bool reads Object_alloc_table { true } + +parameter String_regionMatches_int_String_int_int_requires : + this_13:Object pointer -> + toffset:int32 -> + other:Object pointer -> + ooffset:int32 -> + len_2:int32 -> { } bool reads Object_alloc_table { true } + +parameter String_replace : + this_31:Object pointer -> + oldChar:char -> + newChar:char -> { } Object pointer reads Object_alloc_table { true } + +parameter String_replaceAll : + this_36:Object pointer -> + regex_1:Object pointer -> + replacement_0:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_replaceAll_requires : + this_36:Object pointer -> + regex_1:Object pointer -> + replacement_0:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_replaceFirst : + this_34:Object pointer -> + regex_0:Object pointer -> + replacement:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_replaceFirst_requires : + this_34:Object pointer -> + regex_0:Object pointer -> + replacement:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_replace_requires : + this_31:Object pointer -> + oldChar:char -> + newChar:char -> { } Object pointer reads Object_alloc_table { true } + +parameter String_split_String : + this_40:Object pointer -> + regex_3:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_split_String_int : + this_38:Object pointer -> + regex_2:Object pointer -> + limit:int32 -> { } Object pointer reads Object_alloc_table { true } + +parameter String_split_String_int_requires : + this_38:Object pointer -> + regex_2:Object pointer -> + limit:int32 -> { } Object pointer reads Object_alloc_table { true } + +parameter String_split_String_requires : + this_40:Object pointer -> + regex_3:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_startsWith_String : + this_16:Object pointer -> + prefix_0:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_startsWith_String_int : + this_15:Object pointer -> + prefix:Object pointer -> + toffset_1:int32 -> { } bool reads Object_alloc_table { true } + +parameter String_startsWith_String_int_requires : + this_15:Object pointer -> + prefix:Object pointer -> + toffset_1:int32 -> { } bool reads Object_alloc_table { true } + +parameter String_startsWith_String_requires : + this_16:Object pointer -> + prefix_0:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter String_subSequence : + this_29:Object pointer -> + beginIndex_1:int32 -> + endIndex_0:int32 -> { } Object pointer reads Object_alloc_table { true } + +parameter String_subSequence_requires : + this_29:Object pointer -> + beginIndex_1:int32 -> + endIndex_0:int32 -> { } Object pointer reads Object_alloc_table { true } + +parameter String_substring_int : + this_27:Object pointer -> + beginIndex:int32 -> { } Object pointer reads Object_alloc_table { true } + +parameter String_substring_int_int : + this_28:Object pointer -> + beginIndex_0:int32 -> + endIndex:int32 -> { } Object pointer reads Object_alloc_table { true } + +parameter String_substring_int_int_requires : + this_28:Object pointer -> + beginIndex_0:int32 -> + endIndex:int32 -> { } Object pointer reads Object_alloc_table { true } + +parameter String_substring_int_requires : + this_27:Object pointer -> + beginIndex:int32 -> { } Object pointer reads Object_alloc_table { true } + +parameter String_toCharArray : + this_48:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_toCharArray_requires : + this_48:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_toLowerCase : + this_42:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_toLowerCase_requires : + this_42:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_toString : + this_46:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_toString_requires : + this_46:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_toUpperCase : + this_43:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_toUpperCase_requires : + this_43:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_trim : + this_44:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_trim_requires : + this_44:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter String_value : (Object, Object pointer) memory ref + +parameter String_valueOf : d_0:real -> { } Object pointer { true } + +parameter String_valueOf_Object : + obj_0:Object pointer -> { } Object pointer { true } + +parameter String_valueOf_Object_requires : + obj_0:Object pointer -> { } Object pointer { true } + +parameter String_valueOf_boolean : b_7:bool -> { } Object pointer { true } + +parameter String_valueOf_boolean_requires : + b_7:bool -> { } Object pointer { true } + +parameter String_valueOf_char : c_0:char -> { } Object pointer { true } + +parameter String_valueOf_charA : + data:Object pointer -> { } Object pointer { true } + +parameter String_valueOf_charA_int_int : + data_0:Object pointer -> + offset_5:int32 -> count_2:int32 -> { } Object pointer { true } + +parameter String_valueOf_charA_int_int_requires : + data_0:Object pointer -> + offset_5:int32 -> count_2:int32 -> { } Object pointer { true } + +parameter String_valueOf_charA_requires : + data:Object pointer -> { } Object pointer { true } + +parameter String_valueOf_char_requires : + c_0:char -> { } Object pointer { true } + +parameter String_valueOf_float : f_0:real -> { } Object pointer { true } + +parameter String_valueOf_float_requires : + f_0:real -> { } Object pointer { true } + +parameter String_valueOf_int : i_0:int32 -> { } Object pointer { true } + +parameter String_valueOf_int_requires : + i_0:int32 -> { } Object pointer { true } + +parameter String_valueOf_long : l_0:long -> { } Object pointer { true } + +parameter String_valueOf_long_requires : + l_0:long -> { } Object pointer { true } + +parameter String_valueOf_requires : d_0:real -> { } Object pointer { true } + +parameter System_arraycopy : + src:Object pointer -> + srcPos:int32 -> + dest:Object pointer -> destPos:int32 -> length:int32 -> { } unit { true } + +parameter System_arraycopy_requires : + src:Object pointer -> + srcPos:int32 -> + dest:Object pointer -> destPos:int32 -> length:int32 -> { } unit { true } + +parameter System_checkIO : tt:unit -> { } unit { true } + +parameter System_checkIO_requires : tt:unit -> { } unit { true } + +parameter System_currentTimeMillis : tt:unit -> { } long { true } + +parameter System_currentTimeMillis_requires : tt:unit -> { } long { true } + +parameter System_exit : status:int32 -> { } unit { true } + +parameter System_exit_requires : status:int32 -> { } unit { true } + +parameter System_gc : tt:unit -> { } unit { true } + +parameter System_gc_requires : tt:unit -> { } unit { true } + +parameter System_getProperty_String : + key:Object pointer -> { } Object pointer { true } + +parameter System_getProperty_String_String : + key_0:Object pointer -> def:Object pointer -> { } Object pointer { true } + +parameter System_getProperty_String_String_requires : + key_0:Object pointer -> def:Object pointer -> { } Object pointer { true } + +parameter System_getProperty_String_requires : + key:Object pointer -> { } Object pointer { true } + +parameter System_getenv : name:Object pointer -> { } Object pointer { true } + +parameter System_getenv_requires : + name:Object pointer -> { } Object pointer { true } + +parameter System_identityHashCode : x_11:Object pointer -> { } int32 { true } + +parameter System_identityHashCode_requires : + x_11:Object pointer -> { } int32 { true } + +parameter System_initializeSystemClass : tt:unit -> { } unit { true } + +parameter System_initializeSystemClass_requires : + tt:unit -> { } unit { true } + +parameter System_load : filename:Object pointer -> { } unit { true } + +parameter System_loadLibrary : libname:Object pointer -> { } unit { true } + +parameter System_loadLibrary_requires : + libname:Object pointer -> { } unit { true } + +parameter System_load_requires : filename:Object pointer -> { } unit { true } + +parameter System_mapLibraryName : + libname_0:Object pointer -> { } Object pointer { true } + +parameter System_mapLibraryName_requires : + libname_0:Object pointer -> { } Object pointer { true } + +parameter System_nullInputStream : tt:unit -> { } Object pointer { true } + +parameter System_nullInputStream_requires : + tt:unit -> { } Object pointer { true } + +parameter System_nullPrintStream : tt:unit -> { } Object pointer { true } + +parameter System_nullPrintStream_requires : + tt:unit -> { } Object pointer { true } + +parameter System_registerNatives : tt:unit -> { } unit { true } + +parameter System_registerNatives_requires : tt:unit -> { } unit { true } + +parameter System_runFinalization : tt:unit -> { } unit { true } + +parameter System_runFinalization_requires : tt:unit -> { } unit { true } + +parameter System_runFinalizersOnExit : value_0:bool -> { } unit { true } + +parameter System_runFinalizersOnExit_requires : + value_0:bool -> { } unit { true } + +parameter System_setErr : err:Object pointer -> { } unit { true } + +parameter System_setErr0 : err_0:Object pointer -> { } unit { true } + +parameter System_setErr0_requires : err_0:Object pointer -> { } unit { true } + +parameter System_setErr_requires : err:Object pointer -> { } unit { true } + +parameter System_setOut : out:Object pointer -> { } unit { true } + +parameter System_setOut0 : out_0:Object pointer -> { } unit { true } + +parameter System_setOut0_requires : out_0:Object pointer -> { } unit { true } + +parameter System_setOut_requires : out:Object pointer -> { } unit { true } + +parameter System_setProperty : + key_1:Object pointer -> value:Object pointer -> { } Object pointer { true } + +parameter System_setProperty_requires : + key_1:Object pointer -> value:Object pointer -> { } Object pointer { true } + +exception Throwable_exc of Object pointer + +parameter alloc_struct_Exception : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Exception_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_FilterOutputStream : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_FilterOutputStream(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, + FilterOutputStream_tag)))) } + +parameter alloc_struct_FilterOutputStream_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_FilterOutputStream(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, + FilterOutputStream_tag)))) } + +parameter alloc_struct_Hello : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Hello(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Hello_tag)))) } + +parameter alloc_struct_Hello_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Hello(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Hello_tag)))) } + +parameter alloc_struct_InputStream : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_InputStream(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, InputStream_tag)))) } + +parameter alloc_struct_InputStream_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_InputStream(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, InputStream_tag)))) } + +parameter alloc_struct_Object : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_Object_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_OutputStream : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_OutputStream(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, OutputStream_tag)))) } + +parameter alloc_struct_OutputStreamWriter : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_OutputStreamWriter(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, + OutputStreamWriter_tag)))) } + +parameter alloc_struct_OutputStreamWriter_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_OutputStreamWriter(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, + OutputStreamWriter_tag)))) } + +parameter alloc_struct_OutputStream_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_OutputStream(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, OutputStream_tag)))) } + +parameter alloc_struct_PrintStream : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_PrintStream(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, PrintStream_tag)))) } + +parameter alloc_struct_PrintStream_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_PrintStream(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, PrintStream_tag)))) } + +parameter alloc_struct_String : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_StringBuffer : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_StringBuffer(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, StringBuffer_tag)))) } + +parameter alloc_struct_StringBuffer_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_StringBuffer(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, StringBuffer_tag)))) } + +parameter alloc_struct_StringM : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_StringM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, StringM_tag)))) } + +parameter alloc_struct_StringM_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_StringM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, StringM_tag)))) } + +parameter alloc_struct_String_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_System : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_System(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, System_tag)))) } + +parameter alloc_struct_System_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_System(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, System_tag)))) } + +parameter alloc_struct_Throwable : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_Throwable_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_byteM : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_byteM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, byteM_tag)))) } + +parameter alloc_struct_byteM_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_byteM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, byteM_tag)))) } + +parameter alloc_struct_charM : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_charM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, charM_tag)))) } + +parameter alloc_struct_charM_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_charM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, charM_tag)))) } + +parameter interface_alloc_table : interface alloc_table ref + +parameter interface_tag_table : interface tag_table ref + +parameter alloc_struct_interface : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { } interface pointer writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter alloc_struct_interface_requires : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { ge_int(n, (0))} interface pointer + writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter any_byte : unit -> { } byte { true } + +parameter any_char : unit -> { } char { true } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_long : unit -> { } long { true } + +parameter any_short : unit -> { } short { true } + +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + +parameter byteM_byteP : (Object, byte) memory ref + +parameter byte_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} byte + { eq_int(integer_of_byte(result), x) } + +parameter charM_charP : (Object, char) memory ref + +parameter char_of_integer_ : + x:int -> + { (le_int((0), x) and le_int(x, (65535)))} char + { eq_int(integer_of_char(result), x) } + +parameter cons_FilterOutputStream_OutputStream : + this_106:Object pointer -> + out_1:Object pointer -> + { } unit reads Object_alloc_table writes FilterOutputStream_out { true } + +parameter cons_FilterOutputStream_OutputStream_requires : + this_106:Object pointer -> + out_1:Object pointer -> + { } unit reads Object_alloc_table writes FilterOutputStream_out { true } + +parameter cons_Hello : + this_6:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Hello_requires : + this_6:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Object : + this_111:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Object_requires : + this_111:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_OutputStream : + this_105:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_OutputStream_requires : + this_105:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_PrintStream_OutputStream : + this_107:Object pointer -> + out_2:Object pointer -> + { } unit reads Object_alloc_table + writes PrintStream_autoFlush,PrintStream_closing,PrintStream_trouble + { true } + +parameter cons_PrintStream_OutputStream_boolean : + this_109:Object pointer -> + out_4:Object pointer -> + autoFlush_0:bool -> + { } unit reads Object_alloc_table + writes PrintStream_autoFlush,PrintStream_closing,PrintStream_trouble + { true } + +parameter cons_PrintStream_OutputStream_boolean_String : + this_110:Object pointer -> + out_5:Object pointer -> + autoFlush_1:bool -> + encoding:Object pointer -> + { } unit reads Object_alloc_table + writes PrintStream_autoFlush,PrintStream_closing,PrintStream_trouble + { true } + +parameter cons_PrintStream_OutputStream_boolean_String_requires : + this_110:Object pointer -> + out_5:Object pointer -> + autoFlush_1:bool -> + encoding:Object pointer -> + { } unit reads Object_alloc_table + writes PrintStream_autoFlush,PrintStream_closing,PrintStream_trouble + { true } + +parameter cons_PrintStream_OutputStream_boolean_requires : + this_109:Object pointer -> + out_4:Object pointer -> + autoFlush_0:bool -> + { } unit reads Object_alloc_table + writes PrintStream_autoFlush,PrintStream_closing,PrintStream_trouble + { true } + +parameter cons_PrintStream_OutputStream_requires : + this_107:Object pointer -> + out_2:Object pointer -> + { } unit reads Object_alloc_table + writes PrintStream_autoFlush,PrintStream_closing,PrintStream_trouble + { true } + +parameter cons_PrintStream_boolean_OutputStream : + this_108:Object pointer -> + autoFlush:bool -> + out_3:Object pointer -> + { } unit reads Object_alloc_table + writes PrintStream_autoFlush,PrintStream_closing,PrintStream_trouble + { true } + +parameter cons_PrintStream_boolean_OutputStream_requires : + this_108:Object pointer -> + autoFlush:bool -> + out_3:Object pointer -> + { } unit reads Object_alloc_table + writes PrintStream_autoFlush,PrintStream_closing,PrintStream_trouble + { true } + +parameter cons_String : + this_112:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_String : + this_113:Object pointer -> + original:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_StringBuffer : + this_122:Object pointer -> + buffer:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_StringBuffer_requires : + this_122:Object pointer -> + buffer:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_String_requires : + this_113:Object pointer -> + original:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA : + this_121:Object pointer -> + bytes_3:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_String : + this_119:Object pointer -> + bytes_1:Object pointer -> + charsetName_0:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_String_requires : + this_119:Object pointer -> + bytes_1:Object pointer -> + charsetName_0:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_int : + this_117:Object pointer -> + ascii_0:Object pointer -> + hibyte_0:int32 -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_int_int : + this_120:Object pointer -> + bytes_2:Object pointer -> + offset_3:int32 -> + length_2:int32 -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_int_int_String : + this_118:Object pointer -> + bytes_0:Object pointer -> + offset_2:int32 -> + length_1:int32 -> + charsetName:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_int_int_String_requires : + this_118:Object pointer -> + bytes_0:Object pointer -> + offset_2:int32 -> + length_1:int32 -> + charsetName:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_int_int_int : + this_116:Object pointer -> + ascii:Object pointer -> + hibyte:int32 -> + offset_0:int32 -> + count_0:int32 -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_int_int_int_requires : + this_116:Object pointer -> + ascii:Object pointer -> + hibyte:int32 -> + offset_0:int32 -> + count_0:int32 -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_int_int_requires : + this_120:Object pointer -> + bytes_2:Object pointer -> + offset_3:int32 -> + length_2:int32 -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_int_requires : + this_117:Object pointer -> + ascii_0:Object pointer -> + hibyte_0:int32 -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_byteA_requires : + this_121:Object pointer -> + bytes_3:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_charA : + this_114:Object pointer -> + value_1:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_charA_int_int : + this_115:Object pointer -> + value_2:Object pointer -> + offset:int32 -> + count:int32 -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_charA_int_int_requires : + this_115:Object pointer -> + value_2:Object pointer -> + offset:int32 -> + count:int32 -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_charA_requires : + this_114:Object pointer -> + value_1:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_int_int_charA : + this_123:Object pointer -> + offset_4:int32 -> + count_1:int32 -> + value_3:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_int_int_charA_requires : + this_123:Object pointer -> + offset_4:int32 -> + count_1:int32 -> + value_3:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_String_requires : + this_112:Object pointer -> + { } unit reads Object_alloc_table + writes String_count,String_hash,String_offset,String_value { true } + +parameter cons_System : + this_104:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_System_requires : + this_104:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter java_array_length_StringM : + x_9:Object pointer -> + { } int reads Object_alloc_table + { (JC_185: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_9), (1)))))) } + +parameter java_array_length_StringM_requires : + x_9:Object pointer -> + { } int reads Object_alloc_table + { (JC_185: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_9), (1)))))) } + +parameter java_array_length_byteM : + x_5:Object pointer -> + { } int reads Object_alloc_table + { (JC_113: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_5), (1)))))) } + +parameter java_array_length_byteM_requires : + x_5:Object pointer -> + { } int reads Object_alloc_table + { (JC_113: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_5), (1)))))) } + +parameter java_array_length_charM : + x_7:Object pointer -> + { } int reads Object_alloc_table + { (JC_149: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_7), (1)))))) } + +parameter java_array_length_charM_requires : + x_7:Object pointer -> + { } int reads Object_alloc_table + { (JC_149: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_7), (1)))))) } + +parameter long_of_integer_ : + x:int -> + { (le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807)))} + long { eq_int(integer_of_long(result), x) } + +parameter non_null_Object : + x_10:Object pointer -> + { } bool reads Object_alloc_table + { (JC_206: + (if result then (offset_max(Object_alloc_table, x_10) = (0)) + else (x_10 = null))) } + +parameter non_null_Object_requires : + x_10:Object pointer -> + { } bool reads Object_alloc_table + { (JC_206: + (if result then (offset_max(Object_alloc_table, x_10) = (0)) + else (x_10 = null))) } + +parameter non_null_StringM : + x_8:Object pointer -> + { } bool reads Object_alloc_table + { (JC_167: + (if result then ge_int(offset_max(Object_alloc_table, x_8), neg_int((1))) + else (x_8 = null))) } + +parameter non_null_StringM_requires : + x_8:Object pointer -> + { } bool reads Object_alloc_table + { (JC_167: + (if result then ge_int(offset_max(Object_alloc_table, x_8), neg_int((1))) + else (x_8 = null))) } + +parameter non_null_byteM : + x_4:Object pointer -> + { } bool reads Object_alloc_table + { (JC_95: + (if result then ge_int(offset_max(Object_alloc_table, x_4), neg_int((1))) + else (x_4 = null))) } + +parameter non_null_byteM_requires : + x_4:Object pointer -> + { } bool reads Object_alloc_table + { (JC_95: + (if result then ge_int(offset_max(Object_alloc_table, x_4), neg_int((1))) + else (x_4 = null))) } + +parameter non_null_charM : + x_6:Object pointer -> + { } bool reads Object_alloc_table + { (JC_131: + (if result then ge_int(offset_max(Object_alloc_table, x_6), neg_int((1))) + else (x_6 = null))) } + +parameter non_null_charM_requires : + x_6:Object pointer -> + { } bool reads Object_alloc_table + { (JC_131: + (if result then ge_int(offset_max(Object_alloc_table, x_6), neg_int((1))) + else (x_6 = null))) } + +parameter safe_byte_of_integer_ : + x:int -> { } byte { eq_int(integer_of_byte(result), x) } + +parameter safe_char_of_integer_ : + x:int -> { } char { eq_int(integer_of_char(result), x) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_long_of_integer_ : + x:int -> { } long { eq_int(integer_of_long(result), x) } + +parameter safe_short_of_integer_ : + x:int -> { } short { eq_int(integer_of_short(result), x) } + +parameter short_of_integer_ : + x:int -> + { (le_int((-32768), x) and le_int(x, (32767)))} short + { eq_int(integer_of_short(result), x) } + +let Hello_main_ensures_default = + fun (argv : Object pointer) -> + { left_valid_struct_StringM(argv, (0), Object_alloc_table) } + (init: + try + begin + (K_1: + (let jessie_ = System_out in + (let jessie_ = (JC_258: (any_string_0 void)) in + (JC_259: ((PrintStream_println_String jessie_) jessie_))))); + (raise Return) end with Return -> void end) { (JC_251: true) } + +let Hello_main_safety = + fun (argv : Object pointer) -> + { left_valid_struct_StringM(argv, (0), Object_alloc_table) } + (init: + try + begin + (K_1: + (let jessie_ = System_out in + (let jessie_ = (JC_255: (any_string_0_requires void)) in + (JC_257: + (assert { ge_int(offset_max(Object_alloc_table, jessie_), (0)) }; + (JC_256: ((PrintStream_println_String_requires jessie_) jessie_))))))); + (raise Return) end with Return -> void end) { true } + +let cons_FilterOutputStream_OutputStream_ensures_default = + fun (this_106 : Object pointer) (out_1 : Object pointer) -> + { (left_valid_struct_OutputStream(out_1, (0), Object_alloc_table) + and valid_struct_FilterOutputStream(this_106, (0), (0), + Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + (let jessie_ = null in + begin + (let jessie_ = this_106 in + (((safe_upd_ FilterOutputStream_out) jessie_) jessie_)); + jessie_ end) in void); (raise Return) end with Return -> void end) + { (JC_1224: true) } + +let cons_FilterOutputStream_OutputStream_safety = + fun (this_106 : Object pointer) (out_1 : Object pointer) -> + { (left_valid_struct_OutputStream(out_1, (0), Object_alloc_table) + and valid_struct_FilterOutputStream(this_106, (0), (0), + Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + (let jessie_ = null in + begin + (let jessie_ = this_106 in + (((safe_upd_ FilterOutputStream_out) jessie_) jessie_)); + jessie_ end) in void); (raise Return) end with Return -> void end) + { true } + +let cons_Hello_ensures_default = + fun (this_6 : Object pointer) -> + { valid_struct_Hello(this_6, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_288: true) } + +let cons_Hello_safety = + fun (this_6 : Object pointer) -> + { valid_struct_Hello(this_6, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + +let cons_Object_ensures_default = + fun (this_111 : Object pointer) -> + { valid_struct_Object(this_111, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_584: true) } + +let cons_Object_safety = + fun (this_111 : Object pointer) -> + { valid_struct_Object(this_111, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + +let cons_OutputStream_ensures_default = + fun (this_105 : Object pointer) -> + { valid_struct_OutputStream(this_105, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_1208: true) } + +let cons_OutputStream_safety = + fun (this_105 : Object pointer) -> + { valid_struct_OutputStream(this_105, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + +let cons_PrintStream_OutputStream_boolean_String_ensures_default = + fun (this_110 : Object pointer) (out_5 : Object pointer) (autoFlush_1 : bool) (encoding : Object pointer) -> + { (left_valid_struct_String(encoding, (0), Object_alloc_table) + and (left_valid_struct_OutputStream(out_5, (0), Object_alloc_table) + and valid_struct_PrintStream(this_110, (0), (0), Object_alloc_table))) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = false in + (let jessie_ = this_110 in + (((safe_upd_ PrintStream_autoFlush) jessie_) jessie_))); + (let jessie_ = false in + (let jessie_ = this_110 in + (((safe_upd_ PrintStream_trouble) jessie_) jessie_))); + (let jessie_ = false in + begin + (let jessie_ = this_110 in + (((safe_upd_ PrintStream_closing) jessie_) jessie_)); jessie_ + end) end in void); (raise Return) end with Return -> void end) + { (JC_45: true) } + +let cons_PrintStream_OutputStream_boolean_String_safety = + fun (this_110 : Object pointer) (out_5 : Object pointer) (autoFlush_1 : bool) (encoding : Object pointer) -> + { (left_valid_struct_String(encoding, (0), Object_alloc_table) + and (left_valid_struct_OutputStream(out_5, (0), Object_alloc_table) + and valid_struct_PrintStream(this_110, (0), (0), Object_alloc_table))) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = false in + (let jessie_ = this_110 in + (((safe_upd_ PrintStream_autoFlush) jessie_) jessie_))); + (let jessie_ = false in + (let jessie_ = this_110 in + (((safe_upd_ PrintStream_trouble) jessie_) jessie_))); + (let jessie_ = false in + begin + (let jessie_ = this_110 in + (((safe_upd_ PrintStream_closing) jessie_) jessie_)); jessie_ + end) end in void); (raise Return) end with Return -> void end) + { true } + +let cons_PrintStream_OutputStream_boolean_ensures_default = + fun (this_109 : Object pointer) (out_4 : Object pointer) (autoFlush_0 : bool) -> + { (left_valid_struct_OutputStream(out_4, (0), Object_alloc_table) + and valid_struct_PrintStream(this_109, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = false in + (let jessie_ = this_109 in + (((safe_upd_ PrintStream_autoFlush) jessie_) jessie_))); + (let jessie_ = false in + (let jessie_ = this_109 in + (((safe_upd_ PrintStream_trouble) jessie_) jessie_))); + (let jessie_ = false in + begin + (let jessie_ = this_109 in + (((safe_upd_ PrintStream_closing) jessie_) jessie_)); jessie_ + end) end in void); (raise Return) end with Return -> void end) + { (JC_29: true) } + +let cons_PrintStream_OutputStream_boolean_safety = + fun (this_109 : Object pointer) (out_4 : Object pointer) (autoFlush_0 : bool) -> + { (left_valid_struct_OutputStream(out_4, (0), Object_alloc_table) + and valid_struct_PrintStream(this_109, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = false in + (let jessie_ = this_109 in + (((safe_upd_ PrintStream_autoFlush) jessie_) jessie_))); + (let jessie_ = false in + (let jessie_ = this_109 in + (((safe_upd_ PrintStream_trouble) jessie_) jessie_))); + (let jessie_ = false in + begin + (let jessie_ = this_109 in + (((safe_upd_ PrintStream_closing) jessie_) jessie_)); jessie_ + end) end in void); (raise Return) end with Return -> void end) + { true } + +let cons_PrintStream_OutputStream_ensures_default = + fun (this_107 : Object pointer) (out_2 : Object pointer) -> + { (left_valid_struct_OutputStream(out_2, (0), Object_alloc_table) + and valid_struct_PrintStream(this_107, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = false in + (let jessie_ = this_107 in + (((safe_upd_ PrintStream_autoFlush) jessie_) jessie_))); + (let jessie_ = false in + (let jessie_ = this_107 in + (((safe_upd_ PrintStream_trouble) jessie_) jessie_))); + (let jessie_ = false in + begin + (let jessie_ = this_107 in + (((safe_upd_ PrintStream_closing) jessie_) jessie_)); + jessie_ end) end in void); (raise Return) end with Return -> + void end) { (JC_1320: true) } + +let cons_PrintStream_OutputStream_safety = + fun (this_107 : Object pointer) (out_2 : Object pointer) -> + { (left_valid_struct_OutputStream(out_2, (0), Object_alloc_table) + and valid_struct_PrintStream(this_107, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = false in + (let jessie_ = this_107 in + (((safe_upd_ PrintStream_autoFlush) jessie_) jessie_))); + (let jessie_ = false in + (let jessie_ = this_107 in + (((safe_upd_ PrintStream_trouble) jessie_) jessie_))); + (let jessie_ = false in + begin + (let jessie_ = this_107 in + (((safe_upd_ PrintStream_closing) jessie_) jessie_)); + jessie_ end) end in void); (raise Return) end with Return -> + void end) { true } + +let cons_PrintStream_boolean_OutputStream_ensures_default = + fun (this_108 : Object pointer) (autoFlush : bool) (out_3 : Object pointer) -> + { (left_valid_struct_OutputStream(out_3, (0), Object_alloc_table) + and valid_struct_PrintStream(this_108, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = false in + (let jessie_ = this_108 in + (((safe_upd_ PrintStream_autoFlush) jessie_) jessie_))); + (let jessie_ = false in + (let jessie_ = this_108 in + (((safe_upd_ PrintStream_trouble) jessie_) jessie_))); + (let jessie_ = false in + begin + (let jessie_ = this_108 in + (((safe_upd_ PrintStream_closing) jessie_) jessie_)); + jessie_ end) end in void); (raise Return) end with Return -> + void end) { (JC_1336: true) } + +let cons_PrintStream_boolean_OutputStream_safety = + fun (this_108 : Object pointer) (autoFlush : bool) (out_3 : Object pointer) -> + { (left_valid_struct_OutputStream(out_3, (0), Object_alloc_table) + and valid_struct_PrintStream(this_108, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = false in + (let jessie_ = this_108 in + (((safe_upd_ PrintStream_autoFlush) jessie_) jessie_))); + (let jessie_ = false in + (let jessie_ = this_108 in + (((safe_upd_ PrintStream_trouble) jessie_) jessie_))); + (let jessie_ = false in + begin + (let jessie_ = this_108 in + (((safe_upd_ PrintStream_closing) jessie_) jessie_)); + jessie_ end) end in void); (raise Return) end with Return -> + void end) { true } + +let cons_String_StringBuffer_ensures_default = + fun (this_122 : Object pointer) (buffer : Object pointer) -> + { (left_valid_struct_StringBuffer(buffer, (0), Object_alloc_table) + and valid_struct_String(this_122, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_122 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_122 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_122 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_122 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_1048: true) } + +let cons_String_StringBuffer_safety = + fun (this_122 : Object pointer) (buffer : Object pointer) -> + { (left_valid_struct_StringBuffer(buffer, (0), Object_alloc_table) + and valid_struct_String(this_122, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_122 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_122 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_122 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_122 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_String_ensures_default = + fun (this_113 : Object pointer) (original : Object pointer) -> + { (left_valid_struct_String(original, (0), Object_alloc_table) + and valid_struct_String(this_113, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_113 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_113 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_113 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_113 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_888: true) } + +let cons_String_String_safety = + fun (this_113 : Object pointer) (original : Object pointer) -> + { (left_valid_struct_String(original, (0), Object_alloc_table) + and valid_struct_String(this_113, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_113 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_113 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_113 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_113 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_byteA_String_ensures_default = + fun (this_119 : Object pointer) (bytes_1 : Object pointer) (charsetName_0 : Object pointer) -> + { (left_valid_struct_String(charsetName_0, (0), Object_alloc_table) + and (left_valid_struct_byteM(bytes_1, (0), Object_alloc_table) + and valid_struct_String(this_119, (0), (0), Object_alloc_table))) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_119 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_119 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_119 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_119 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_1000: true) } + +let cons_String_byteA_String_safety = + fun (this_119 : Object pointer) (bytes_1 : Object pointer) (charsetName_0 : Object pointer) -> + { (left_valid_struct_String(charsetName_0, (0), Object_alloc_table) + and (left_valid_struct_byteM(bytes_1, (0), Object_alloc_table) + and valid_struct_String(this_119, (0), (0), Object_alloc_table))) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_119 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_119 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_119 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_119 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_byteA_ensures_default = + fun (this_121 : Object pointer) (bytes_3 : Object pointer) -> + { (left_valid_struct_byteM(bytes_3, (0), Object_alloc_table) + and valid_struct_String(this_121, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_121 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_121 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_121 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_121 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_1032: true) } + +let cons_String_byteA_int_ensures_default = + fun (this_117 : Object pointer) (ascii_0 : Object pointer) (hibyte_0 : int32) -> + { (left_valid_struct_byteM(ascii_0, (0), Object_alloc_table) + and valid_struct_String(this_117, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_117 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_117 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_117 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_117 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_952: true) } + +let cons_String_byteA_int_int_String_ensures_default = + fun (this_118 : Object pointer) (bytes_0 : Object pointer) (offset_2 : int32) (length_1 : int32) (charsetName : Object pointer) -> + { (left_valid_struct_String(charsetName, (0), Object_alloc_table) + and (left_valid_struct_byteM(bytes_0, (0), Object_alloc_table) + and valid_struct_String(this_118, (0), (0), Object_alloc_table))) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_118 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_118 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_118 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_118 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_984: true) } + +let cons_String_byteA_int_int_String_safety = + fun (this_118 : Object pointer) (bytes_0 : Object pointer) (offset_2 : int32) (length_1 : int32) (charsetName : Object pointer) -> + { (left_valid_struct_String(charsetName, (0), Object_alloc_table) + and (left_valid_struct_byteM(bytes_0, (0), Object_alloc_table) + and valid_struct_String(this_118, (0), (0), Object_alloc_table))) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_118 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_118 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_118 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_118 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_byteA_int_int_ensures_default = + fun (this_120 : Object pointer) (bytes_2 : Object pointer) (offset_3 : int32) (length_2 : int32) -> + { (left_valid_struct_byteM(bytes_2, (0), Object_alloc_table) + and valid_struct_String(this_120, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_120 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_120 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_120 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_120 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_1016: true) } + +let cons_String_byteA_int_int_int_ensures_default = + fun (this_116 : Object pointer) (ascii : Object pointer) (hibyte : int32) (offset_0 : int32) (count_0 : int32) -> + { (left_valid_struct_byteM(ascii, (0), Object_alloc_table) + and valid_struct_String(this_116, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_116 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_116 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_116 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_116 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_936: true) } + +let cons_String_byteA_int_int_int_safety = + fun (this_116 : Object pointer) (ascii : Object pointer) (hibyte : int32) (offset_0 : int32) (count_0 : int32) -> + { (left_valid_struct_byteM(ascii, (0), Object_alloc_table) + and valid_struct_String(this_116, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_116 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_116 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_116 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_116 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_byteA_int_int_safety = + fun (this_120 : Object pointer) (bytes_2 : Object pointer) (offset_3 : int32) (length_2 : int32) -> + { (left_valid_struct_byteM(bytes_2, (0), Object_alloc_table) + and valid_struct_String(this_120, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_120 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_120 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_120 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_120 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_byteA_int_safety = + fun (this_117 : Object pointer) (ascii_0 : Object pointer) (hibyte_0 : int32) -> + { (left_valid_struct_byteM(ascii_0, (0), Object_alloc_table) + and valid_struct_String(this_117, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_117 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_117 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_117 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_117 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_byteA_safety = + fun (this_121 : Object pointer) (bytes_3 : Object pointer) -> + { (left_valid_struct_byteM(bytes_3, (0), Object_alloc_table) + and valid_struct_String(this_121, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_121 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_121 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_121 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_121 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_charA_ensures_default = + fun (this_114 : Object pointer) (value_1 : Object pointer) -> + { (left_valid_struct_charM(value_1, (0), Object_alloc_table) + and valid_struct_String(this_114, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_114 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_114 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_114 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_114 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_904: true) } + +let cons_String_charA_int_int_ensures_default = + fun (this_115 : Object pointer) (value_2 : Object pointer) (offset : int32) (count : int32) -> + { (left_valid_struct_charM(value_2, (0), Object_alloc_table) + and valid_struct_String(this_115, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_115 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_115 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_115 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_115 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_920: true) } + +let cons_String_charA_int_int_safety = + fun (this_115 : Object pointer) (value_2 : Object pointer) (offset : int32) (count : int32) -> + { (left_valid_struct_charM(value_2, (0), Object_alloc_table) + and valid_struct_String(this_115, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_115 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_115 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_115 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_115 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_charA_safety = + fun (this_114 : Object pointer) (value_1 : Object pointer) -> + { (left_valid_struct_charM(value_1, (0), Object_alloc_table) + and valid_struct_String(this_114, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_114 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_114 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_114 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_114 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_ensures_default = + fun (this_112 : Object pointer) -> + { valid_struct_String(this_112, (0), (0), Object_alloc_table) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_112 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_112 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_112 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_112 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_872: true) } + +let cons_String_int_int_charA_ensures_default = + fun (this_123 : Object pointer) (offset_4 : int32) (count_1 : int32) (value_3 : Object pointer) -> + { (left_valid_struct_charM(value_3, (0), Object_alloc_table) + and valid_struct_String(this_123, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_123 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_123 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_123 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_123 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) + { (JC_1064: true) } + +let cons_String_int_int_charA_safety = + fun (this_123 : Object pointer) (offset_4 : int32) (count_1 : int32) (value_3 : Object pointer) -> + { (left_valid_struct_charM(value_3, (0), Object_alloc_table) + and valid_struct_String(this_123, (0), (0), Object_alloc_table)) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_123 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_123 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_123 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_123 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) + end in void); (raise Return) end with Return -> void end) { true } + +let cons_String_safety = + fun (this_112 : Object pointer) -> + { valid_struct_String(this_112, (0), (0), Object_alloc_table) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = null in + (let jessie_ = this_112 in + (((safe_upd_ String_value) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_112 in + (((safe_upd_ String_offset) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_112 in + (((safe_upd_ String_count) jessie_) jessie_))); + (let jessie_ = (safe_int32_of_integer_ (0)) in + begin + (let jessie_ = this_112 in + (((safe_upd_ String_hash) jessie_) jessie_)); jessie_ end) end in + void); (raise Return) end with Return -> void end) { true } + +let cons_System_ensures_default = + fun (this_104 : Object pointer) -> + { valid_struct_System(this_104, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_352: true) } + +let cons_System_safety = + fun (this_104 : Object pointer) -> + { valid_struct_System(this_104, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + + +========== make project execution ========== +why --project [...] why/Hello.why +========== file tests/java/why/Hello.wpr ========== + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +========== file tests/java/why/Hello_ctx.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic Exception_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +logic FilterOutputStream_tag : Object tag_id + +logic OutputStream_tag : Object tag_id + +axiom FilterOutputStream_parenttag_OutputStream: + parenttag(FilterOutputStream_tag, OutputStream_tag) + +logic Hello_tag : Object tag_id + +axiom Hello_parenttag_Object: parenttag(Hello_tag, Object_tag) + +logic InputStream_tag : Object tag_id + +axiom InputStream_parenttag_Object: parenttag(InputStream_tag, Object_tag) + +predicate Non_null_Object(x_3: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_3) >= 0) + +predicate Non_null_StringM(x_2: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_2) >= (-1)) + +predicate Non_null_byteM(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= (-1)) + +predicate Non_null_charM(x_1: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_1) >= (-1)) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic OutputStreamWriter_tag : Object tag_id + +axiom OutputStreamWriter_parenttag_Object: parenttag(OutputStreamWriter_tag, + Object_tag) + +axiom OutputStream_parenttag_Object: parenttag(OutputStream_tag, Object_tag) + +logic PrintStream_tag : Object tag_id + +axiom PrintStream_parenttag_FilterOutputStream: parenttag(PrintStream_tag, + FilterOutputStream_tag) + +logic StringBuffer_tag : Object tag_id + +axiom StringBuffer_parenttag_Object: parenttag(StringBuffer_tag, Object_tag) + +logic StringM_tag : Object tag_id + +axiom StringM_parenttag_Object: parenttag(StringM_tag, Object_tag) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic long_of_integer : int -> long + +function String_serialVersionUID() : long = + long_of_integer((-6849794470754667710)) + +logic System_err : Object pointer + +logic System_in : Object pointer + +logic System_out : Object pointer + +logic System_tag : Object tag_id + +axiom System_parenttag_Object: parenttag(System_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic byteM_tag : Object tag_id + +axiom byteM_parenttag_Object: parenttag(byteM_tag, Object_tag) + +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic charM_tag : Object tag_id + +axiom charM_parenttag_Object: parenttag(charM_tag, Object_tag) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_OutputStream(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_FilterOutputStream(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_OutputStream(p, + a, Object_alloc_table) + +predicate left_valid_struct_Hello(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_InputStream(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_OutputStreamWriter(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_PrintStream(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = + left_valid_struct_FilterOutputStream(p, a, Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_StringBuffer(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_StringM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_System(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_byteM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_charM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) + +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_OutputStream(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_FilterOutputStream(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = + right_valid_struct_OutputStream(p, b, Object_alloc_table) + +predicate right_valid_struct_Hello(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_InputStream(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_OutputStreamWriter(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_PrintStream(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = + right_valid_struct_FilterOutputStream(p, b, Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_StringBuffer(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_StringM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_System(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_byteM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_charM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_OutputStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_FilterOutputStream(p: Object pointer, a: int, + b: int, Object_alloc_table: Object alloc_table) = + strict_valid_struct_OutputStream(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Hello(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_InputStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_OutputStreamWriter(p: Object pointer, a: int, + b: int, Object_alloc_table: Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_PrintStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + strict_valid_struct_FilterOutputStream(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_StringBuffer(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_StringM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_System(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_byteM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_charM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_OutputStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_FilterOutputStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_OutputStream(p, a, + b, Object_alloc_table) + +predicate valid_struct_Hello(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_InputStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_OutputStreamWriter(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_PrintStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + valid_struct_FilterOutputStream(p, a, b, Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_StringBuffer(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_StringM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_System(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_byteM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_charM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +========== file tests/java/why/Hello_po1.why ========== +goal Hello_main_safety_po_1: + forall argv:Object pointer. + forall Object_alloc_table:Object alloc_table. + left_valid_struct_StringM(argv, 0, Object_alloc_table) -> + (offset_max(Object_alloc_table, System_out) >= 0) + +========== generation of Simplify VC output ========== +why -simplify [...] why/Hello.why +========== file tests/java/simplify/Hello_why.sx ========== + +;; DO NOT EDIT BELOW THIS LINE + +(BG_PUSH (NEQ |@true| |@false|)) + +(DEFPRED (zwf_zero a b) (AND (<= 0 b) (< a b))) + +(BG_PUSH + ;; Why axiom bool_and_def + (FORALL (a b) + (IFF (EQ (bool_and a b) |@true|) (AND (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_or_def + (FORALL (a b) + (IFF (EQ (bool_or a b) |@true|) (OR (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_xor_def + (FORALL (a b) (IFF (EQ (bool_xor a b) |@true|) (NEQ a b)))) + +(BG_PUSH + ;; Why axiom bool_not_def + (FORALL (a) (IFF (EQ (bool_not a) |@true|) (EQ a |@false|)))) + +(BG_PUSH + ;; Why axiom ite_true + (FORALL (x y) (EQ (ite |@true| x y) x))) + +(BG_PUSH + ;; Why axiom ite_false + (FORALL (x y) (EQ (ite |@false| x y) y))) + +(BG_PUSH + ;; Why axiom lt_int_bool_axiom + (FORALL (x y) (IFF (EQ (lt_int_bool x y) |@true|) (< x y)))) + +(BG_PUSH + ;; Why axiom le_int_bool_axiom + (FORALL (x y) (IFF (EQ (le_int_bool x y) |@true|) (<= x y)))) + +(BG_PUSH + ;; Why axiom gt_int_bool_axiom + (FORALL (x y) (IFF (EQ (gt_int_bool x y) |@true|) (> x y)))) + +(BG_PUSH + ;; Why axiom ge_int_bool_axiom + (FORALL (x y) (IFF (EQ (ge_int_bool x y) |@true|) (>= x y)))) + +(BG_PUSH + ;; Why axiom eq_int_bool_axiom + (FORALL (x y) (IFF (EQ (eq_int_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_int_bool_axiom + (FORALL (x y) (IFF (EQ (neq_int_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom abs_int_pos + (FORALL (x) (IMPLIES (>= x 0) (EQ (abs_int x) x)))) + +(BG_PUSH + ;; Why axiom abs_int_neg + (FORALL (x) (IMPLIES (<= x 0) (EQ (abs_int x) (- 0 x))))) + +(BG_PUSH + ;; Why axiom int_max_is_ge + (FORALL (x y) (AND (>= (int_max x y) x) (>= (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_max_is_some + (FORALL (x y) (OR (EQ (int_max x y) x) (EQ (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_le + (FORALL (x y) (AND (<= (int_min x y) x) (<= (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_some + (FORALL (x y) (OR (EQ (int_min x y) x) (EQ (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom real_of_int_zero + (EQ (real_of_int 0) real_constant_0_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_one + (EQ (real_of_int 1) real_constant_1_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_add + (FORALL (x y) + (EQ (real_of_int (+ x y)) (real_add (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom real_of_int_sub + (FORALL (x y) + (EQ (real_of_int (- x y)) (real_sub (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom truncate_down_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (AND (EQ (le_real (real_of_int (truncate_real_to_int x)) x) |@true|) + (EQ (lt_real x (real_of_int (+ (truncate_real_to_int x) 1))) |@true|))))) + +(BG_PUSH + ;; Why axiom truncate_up_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (AND (EQ (lt_real (real_of_int (- (truncate_real_to_int x) 1)) x) |@true|) + (EQ (le_real x (real_of_int (truncate_real_to_int x))) |@true|))))) + +(BG_PUSH + ;; Why axiom lt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (lt_real_bool x y) |@true|) (EQ (lt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom le_real_bool_axiom + (FORALL (x y) + (IFF (EQ (le_real_bool x y) |@true|) (EQ (le_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom gt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (gt_real_bool x y) |@true|) (EQ (gt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom ge_real_bool_axiom + (FORALL (x y) + (IFF (EQ (ge_real_bool x y) |@true|) (EQ (ge_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom eq_real_bool_axiom + (FORALL (x y) (IFF (EQ (eq_real_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_real_bool_axiom + (FORALL (x y) (IFF (EQ (neq_real_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom real_max_is_ge + (FORALL (x y) + (AND (EQ (ge_real (real_max x y) x) |@true|) + (EQ (ge_real (real_max x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_max_is_some + (FORALL (x y) (OR (EQ (real_max x y) x) (EQ (real_max x y) y)))) + +(BG_PUSH + ;; Why axiom real_min_is_le + (FORALL (x y) + (AND (EQ (le_real (real_min x y) x) |@true|) + (EQ (le_real (real_min x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_min_is_some + (FORALL (x y) (OR (EQ (real_min x y) x) (EQ (real_min x y) y)))) + +(BG_PUSH + ;; Why axiom sqr_real_def + (FORALL (x) (EQ (sqr_real x) (real_mul x x)))) + +(BG_PUSH + ;; Why axiom sqrt_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (ge_real (real_sqrt x) real_constant_0_0e) |@true|)))) + +(BG_PUSH + ;; Why axiom sqrt_sqr + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (sqr_real (real_sqrt x)) x)))) + +(BG_PUSH + ;; Why axiom sqr_sqrt + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (real_sqrt (real_mul x x)) x)))) + +(BG_PUSH + ;; Why axiom abs_real_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) (EQ (real_abs x) x)))) + +(BG_PUSH + ;; Why axiom abs_real_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (EQ (real_abs x) (real_neg x))))) + +(BG_PUSH + ;; Why axiom log_exp + (FORALL (x) (EQ (log (exp x)) x))) + +(BG_PUSH + ;; Why axiom exp_log + (FORALL (x) + (IMPLIES (EQ (gt_real x real_constant_0_0e) |@true|) (EQ (exp (log x)) x)))) + +(BG_PUSH + ;; Why axiom prod_pos + (FORALL (x y) + (AND + (IMPLIES + (AND (EQ (gt_real x real_constant_0_0e) |@true|) + (EQ (gt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|)) + (IMPLIES + (AND (EQ (lt_real x real_constant_0_0e) |@true|) + (EQ (lt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|))))) + +(BG_PUSH + ;; Why axiom abs_minus + (FORALL (x) (EQ (real_abs (real_neg x)) (real_abs x)))) + +(BG_PUSH + ;; Why axiom math_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (math_div x y)) (math_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (math_div x y)) (math_mod x y))))))) + +(BG_PUSH + ;; Why axiom math_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) + (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))))) + +(BG_PUSH + ;; Why axiom computer_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))))) + +(BG_PUSH + ;; Why axiom computer_div_bound + (FORALL (x y) + (IMPLIES (AND (>= x 0) (> y 0)) + (AND (<= 0 (computer_div x y)) (<= (computer_div x y) x))))) + +(BG_PUSH + ;; Why axiom computer_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) (< (abs_int (computer_mod x y)) (abs_int y)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (< (abs_int (computer_mod x y)) (abs_int y)))))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_pos + (FORALL (x y) (IMPLIES (AND (>= x 0) (NEQ y 0)) (>= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_neg + (FORALL (x y) (IMPLIES (AND (<= x 0) (NEQ y 0)) (<= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_rounds_toward_zero + (FORALL (x y) + (IMPLIES (NEQ y 0) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))))) + +(DEFPRED (valid a p) (AND (<= (offset_min a p) 0) (>= (offset_max a p) 0))) + +(DEFPRED (same_block p q) (EQ (base_block p) (base_block q))) + +(BG_PUSH + ;; Why axiom address_injective + (FORALL (p q) (IFF (EQ p q) (EQ (address p) (address q))))) + +(BG_PUSH + ;; Why axiom address_null + (EQ (address null) 0)) + +(BG_PUSH + ;; Why axiom address_shift_lt + (FORALL (p i j) + (IFF (< (address (shift p i)) (address (shift p j))) (< i j)))) + +(BG_PUSH + ;; Why axiom address_shift_le + (FORALL (p i j) + (IFF (<= (address (shift p i)) (address (shift p j))) (<= i j)))) + +(BG_PUSH + ;; Why axiom shift_zero + (FORALL (p) (EQ (shift p 0) p))) + +(BG_PUSH + ;; Why axiom shift_shift + (FORALL (p i j) (EQ (shift (shift p i) j) (shift p (+ i j))))) + +(BG_PUSH + ;; Why axiom offset_max_shift + (FORALL (a p i) (EQ (offset_max a (shift p i)) (- (offset_max a p) i)))) + +(BG_PUSH + ;; Why axiom offset_min_shift + (FORALL (a p i) (EQ (offset_min a (shift p i)) (- (offset_min a p) i)))) + +(BG_PUSH + ;; Why axiom neq_shift + (FORALL (p i j) (IMPLIES (NEQ i j) (NEQ (shift p i) (shift p j)))) + + (FORALL (i j) + (IMPLIES (NEQ i j) (FORALL (p) (NEQ (shift p i) (shift p j)))))) + +(BG_PUSH + ;; Why axiom null_not_valid + (FORALL (a) (NOT (valid a null)))) + +(BG_PUSH + ;; Why axiom null_pointer + (FORALL (a) + (AND (>= (offset_min a null) 0) (<= (offset_max a null) (- 0 2))))) + +(BG_PUSH + ;; Why axiom eq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (eq_pointer_bool p1 p2) |@true|) (EQ p1 p2)))) + +(BG_PUSH + ;; Why axiom neq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (neq_pointer_bool p1 p2) |@true|) (NEQ p1 p2)))) + +(BG_PUSH + ;; Why axiom same_block_shift_right + (FORALL (p q i) (IMPLIES (same_block p q) (same_block p (shift q i)))) + + (FORALL (p q) + (IMPLIES (same_block p q) (FORALL (i) (same_block p (shift q i)))))) + +(BG_PUSH + ;; Why axiom same_block_shift_left + (FORALL (p q i) (IMPLIES (same_block q p) (same_block (shift q i) p))) + + (FORALL (p q) + (IMPLIES (same_block q p) (FORALL (i) (same_block (shift q i) p))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift + (FORALL (p q) (IMPLIES (same_block p q) (EQ p (shift q (sub_pointer p q)))))) + +(BG_PUSH + ;; Why axiom sub_pointer_self + (FORALL (p) (EQ (sub_pointer p p) 0))) + +(BG_PUSH + ;; Why axiom sub_pointer_zero + (FORALL (p q) + (IMPLIES (same_block p q) (IMPLIES (EQ (sub_pointer p q) 0) (EQ p q))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_left + (FORALL (p q i) (EQ (sub_pointer (shift p i) q) (+ (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_right + (FORALL (p q i) (EQ (sub_pointer p (shift q i)) (- (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom select_store_eq + (FORALL (m p1 p2 a) + (IMPLIES (EQ p1 p2) (EQ (select (|why__store| m p1 a) p2) a))) + + (FORALL (p1 p2) + (IMPLIES (EQ p1 p2) (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) a))))) + +(BG_PUSH + ;; Why axiom select_store_neq + (FORALL (m p1 p2 a) + (IMPLIES (NEQ p1 p2) (EQ (select (|why__store| m p1 a) p2) (select m p2)))) + + (FORALL (p1 p2) + (IMPLIES (NEQ p1 p2) + (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) (select m p2)))))) + +(DEFPRED (pset_disjoint ps1 ps2) + (FORALL (p) + (NOT (AND (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|))))) + +(DEFPRED (pset_included ps1 ps2) + (FORALL (p) + (IMPLIES (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|)))) + +(BG_PUSH + ;; Why axiom pset_included_self + (FORALL (ps) (pset_included ps ps))) + +(BG_PUSH + ;; Why axiom pset_included_range + (FORALL (ps a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (pset_included (pset_range ps a b) (pset_range ps c d)))) + + (FORALL (a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (FORALL (ps) (pset_included (pset_range ps a b) (pset_range ps c d)))))) + +(BG_PUSH + ;; Why axiom pset_included_range_all + (FORALL (ps a b c d) (pset_included (pset_range ps a b) (pset_all ps)))) + +(BG_PUSH + ;; Why axiom in_pset_empty + (FORALL (p) (NOT (EQ (in_pset p pset_empty) |@true|)))) + +(BG_PUSH + ;; Why axiom in_pset_singleton + (FORALL (p q) (IFF (EQ (in_pset p (pset_singleton q)) |@true|) (EQ p q)))) + +(BG_PUSH + ;; Why axiom in_pset_deref + (FORALL (p m q) + (IFF (EQ (in_pset p (pset_deref m q)) |@true|) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))))))) + +(BG_PUSH + ;; Why axiom in_pset_all + (FORALL (p q) + (IFF (EQ (in_pset p (pset_all q)) |@true|) + (EXISTS (i) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))) + +(BG_PUSH + ;; Why axiom in_pset_range + (FORALL (p q a b) + (IFF (EQ (in_pset p (pset_range q a b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_left + (FORALL (p q b) + (IFF (EQ (in_pset p (pset_range_left q b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_right + (FORALL (p q a) + (IFF (EQ (in_pset p (pset_range_right q a)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_union + (FORALL (p s1 s2) + (IFF (EQ (in_pset p (pset_union s1 s2)) |@true|) + (OR (EQ (in_pset p s1) |@true|) (EQ (in_pset p s2) |@true|))))) + +(BG_PUSH + ;; Why axiom valid_pset_empty + (FORALL (a) (EQ (valid_pset a pset_empty) |@true|))) + +(BG_PUSH + ;; Why axiom valid_pset_singleton + (FORALL (a p) + (IFF (EQ (valid_pset a (pset_singleton p)) |@true|) (valid a p)))) + +(BG_PUSH + ;; Why axiom valid_pset_deref + (FORALL (a m q) + (IFF (EQ (valid_pset a (pset_deref m q)) |@true|) + (FORALL (r p) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))) (valid a p)))))) + +(BG_PUSH + ;; Why axiom valid_pset_range + (FORALL (a q c d) + (IFF (EQ (valid_pset a (pset_range q c d)) |@true|) + (FORALL (i r) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (AND (<= c i) (<= i d))) + (valid a (shift r i))))))) + +(BG_PUSH + ;; Why axiom valid_pset_union + (FORALL (a s1 s2) + (IFF (EQ (valid_pset a (pset_union s1 s2)) |@true|) + (AND (EQ (valid_pset a s1) |@true|) (EQ (valid_pset a s2) |@true|))))) + +(DEFPRED (not_assigns a m1 m2 l) + (FORALL (p) + (IMPLIES (AND (valid a p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (select m2 p) (select m1 p))))) + +(BG_PUSH + ;; Why axiom not_assigns_refl + (FORALL (a m l) (not_assigns a m m l))) + +(BG_PUSH + ;; Why axiom not_assigns_trans + (FORALL (a m1 m2 m3 l) + (IMPLIES (not_assigns a m1 m2 l) + (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))) + + (FORALL (a m1 m2 l) + (IMPLIES (not_assigns a m1 m2 l) + (FORALL (m3) (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))))) + +(BG_PUSH + ;; Why axiom full_separated_shift1 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift2 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift3 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift4 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom subtag_bool_def + (FORALL (t1 t2) + (IFF (EQ (subtag_bool t1 t2) |@true|) (EQ (subtag t1 t2) |@true|)))) + +(BG_PUSH + ;; Why axiom subtag_refl + (FORALL (t) (EQ (subtag t t) |@true|))) + +(BG_PUSH + ;; Why axiom subtag_parent + (FORALL (t1 t2 t3) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))) + + (FORALL (t1 t2) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (FORALL (t3) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))))) + +(DEFPRED (instanceof a p t) (EQ (subtag (typeof a p) t) |@true|)) + +(BG_PUSH + ;; Why axiom downcast_instanceof + (FORALL (a p s) (IMPLIES (instanceof a p s) (EQ (downcast a p s) p)))) + +(BG_PUSH + ;; Why axiom bottom_tag_axiom + (FORALL (t) (EQ (subtag t bottom_tag) |@true|))) + +(DEFPRED (root_tag t) (EQ (parenttag t bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom root_subtag + (FORALL (a b c) + (IMPLIES (root_tag a) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|))))))) + + (FORALL (a) + (IMPLIES (root_tag a) + (FORALL (b) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (FORALL (c) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|)))))))))) + +(DEFPRED (fully_packed tag_table mutable this) + (EQ (select mutable this) (typeof tag_table this))) + +(BG_PUSH + ;; Why axiom bw_and_not_null + (FORALL (a b) (IMPLIES (NEQ (bw_and a b) 0) (AND (NEQ a 0) (NEQ b 0))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsl a b))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_monotone + (FORALL (a1 a2 b) + (IMPLIES (AND (<= 0 a1) (AND (<= a1 a2) (<= 0 b))) + (<= (lsl a1 b) (lsl a2 b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_decreases + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_positive_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (asr a b))))) + +(BG_PUSH + ;; Why axiom asr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (asr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_lsr_same_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (asr a b) (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsl_of_lsr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsl (lsr a b) b) a)))) + +(BG_PUSH + ;; Why axiom lsr_of_lsl_identity_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (lsr (lsl a b) b) a)))) + +(DEFPRED (alloc_fresh a p n) + (FORALL (i) (IMPLIES (AND (<= 0 i) (< i n)) (NOT (valid a (shift p i)))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_min + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_max + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_not_assigns_empty + (FORALL (a1 a2 m1 m2 l p n) + (IMPLIES + (AND (EQ (alloc_extends a1 a2) |@true|) + (AND (alloc_fresh a1 p n) + (AND (not_assigns a2 m1 m2 l) + (pset_included l (pset_all (pset_singleton p)))))) + (not_assigns a1 m1 m2 pset_empty)))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_min + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_max + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom disj_sym + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) (EQ (disj_mybag s2 s1) |@true|)))) + +(BG_PUSH + ;; Why axiom sub_refl + (FORALL (sa) (EQ (sub_mybag sa sa) |@true|))) + +(BG_PUSH + ;; Why axiom sub_disj + (FORALL (s1 s2 s3) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))) + + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (FORALL (s3) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))))) + +(BG_PUSH + ;; Why axiom sub_in + (FORALL (s1 s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))) + + (FORALL (s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (FORALL (s1) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_refl + (FORALL (sa m) (EQ (frame_between sa m m) |@true|))) + +(BG_PUSH + ;; Why axiom frame_between_gen + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (FORALL (v) (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen2 + (FORALL (sa m1 m2 m3) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub1 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 s13) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (FORALL (m2 m1) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s23 m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub2 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 m1 m2) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s13 s23) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_pointer + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (EQ (select m1 p) (select m2 p))))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (FORALL (v) (EQ (select m1 p) (select m2 p)))))))) + +(BG_PUSH + ;; Why axiom frame_between_sub + (FORALL (sa sb m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (sb) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))))) + +(BG_PUSH + ;; Why axiom Exception_parenttag_Object + (EQ (parenttag Exception_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom FilterOutputStream_parenttag_OutputStream + (EQ (parenttag FilterOutputStream_tag OutputStream_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Hello_parenttag_Object + (EQ (parenttag Hello_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom InputStream_parenttag_Object + (EQ (parenttag InputStream_tag Object_tag) |@true|)) + +(DEFPRED (Non_null_Object x_3 Object_alloc_table) + (>= (offset_max Object_alloc_table x_3) 0)) + +(DEFPRED (Non_null_StringM x_2 Object_alloc_table) + (>= (offset_max Object_alloc_table x_2) (- 0 1))) + +(DEFPRED (Non_null_byteM x_0 Object_alloc_table) + (>= (offset_max Object_alloc_table x_0) (- 0 1))) + +(DEFPRED (Non_null_charM x_1 Object_alloc_table) + (>= (offset_max Object_alloc_table x_1) (- 0 1))) + +(BG_PUSH + ;; Why axiom Object_int + (EQ (int_of_tag Object_tag) 1)) + +(BG_PUSH + ;; Why axiom Object_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (Object_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom Object_parenttag_bottom + (EQ (parenttag Object_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Object_tags + (FORALL (x Object_tag_table) (instanceof Object_tag_table x Object_tag))) + +(BG_PUSH + ;; Why axiom OutputStreamWriter_parenttag_Object + (EQ (parenttag OutputStreamWriter_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom OutputStream_parenttag_Object + (EQ (parenttag OutputStream_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom PrintStream_parenttag_FilterOutputStream + (EQ (parenttag PrintStream_tag FilterOutputStream_tag) |@true|)) + +(BG_PUSH + ;; Why axiom StringBuffer_parenttag_Object + (EQ (parenttag StringBuffer_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom StringM_parenttag_Object + (EQ (parenttag StringM_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom String_parenttag_Object + (EQ (parenttag String_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom String_serialVersionUID_def + (EQ String_serialVersionUID + (long_of_integer (- 0 constant_too_large_6849794470754667710)))) + +(BG_PUSH + ;; Why axiom System_parenttag_Object + (EQ (parenttag System_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Throwable_parenttag_Object + (EQ (parenttag Throwable_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom byteM_parenttag_Object + (EQ (parenttag byteM_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom byte_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 128) x) (<= x 127)) + (EQ (integer_of_byte (byte_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom byte_range + (FORALL (x) + (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) + +(BG_PUSH + ;; Why axiom charM_parenttag_Object + (EQ (parenttag charM_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom char_coerce + (FORALL (x) + (IMPLIES (AND (<= 0 x) (<= x 65535)) + (EQ (integer_of_char (char_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom char_range + (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) + +(DEFPRED (eq_byte x y) (EQ (integer_of_byte x) (integer_of_byte y))) + +(DEFPRED (eq_char x y) (EQ (integer_of_char x) (integer_of_char y))) + +(DEFPRED (eq_int32 x y) (EQ (integer_of_int32 x) (integer_of_int32 y))) + +(DEFPRED (eq_long x y) (EQ (integer_of_long x) (integer_of_long y))) + +(DEFPRED (eq_short x y) (EQ (integer_of_short x) (integer_of_short y))) + +(BG_PUSH + ;; Why axiom int32_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_2147483648) x) + (<= x constant_too_large_2147483647)) + (EQ (integer_of_int32 (int32_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom int32_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) + (<= (integer_of_int32 x) constant_too_large_2147483647)))) + +(BG_PUSH + ;; Why axiom interface_int + (EQ (int_of_tag interface_tag) 1)) + +(BG_PUSH + ;; Why axiom interface_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (interface_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom interface_parenttag_bottom + (EQ (parenttag interface_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom interface_tags + (FORALL (x interface_tag_table) + (instanceof interface_tag_table x interface_tag))) + +(DEFPRED (left_valid_struct_Object p a Object_alloc_table) + (<= (offset_min Object_alloc_table p) a)) + +(DEFPRED (left_valid_struct_Exception p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_OutputStream p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_FilterOutputStream p a Object_alloc_table) + (left_valid_struct_OutputStream p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Hello p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_InputStream p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_OutputStreamWriter p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_PrintStream p a Object_alloc_table) + (left_valid_struct_FilterOutputStream p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_String p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_StringBuffer p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_StringM p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_System p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Throwable p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_byteM p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_charM p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_interface p a interface_alloc_table) + (<= (offset_min interface_alloc_table p) a)) + +(BG_PUSH + ;; Why axiom long_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_9223372036854775808) x) + (<= x constant_too_large_9223372036854775807)) + (EQ (integer_of_long (long_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom long_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) + (<= (integer_of_long x) constant_too_large_9223372036854775807)))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_Object_of_pointer_address + (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_interface_of_pointer_address + (FORALL (p) (EQ p (pointer_address (interface_of_pointer_address p))))) + +(DEFPRED (right_valid_struct_Object p b Object_alloc_table) + (>= (offset_max Object_alloc_table p) b)) + +(DEFPRED (right_valid_struct_Exception p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_OutputStream p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_FilterOutputStream p b Object_alloc_table) + (right_valid_struct_OutputStream p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Hello p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_InputStream p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_OutputStreamWriter p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_PrintStream p b Object_alloc_table) + (right_valid_struct_FilterOutputStream p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_String p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_StringBuffer p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_StringM p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_System p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Throwable p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_byteM p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_charM p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_interface p b interface_alloc_table) + (>= (offset_max interface_alloc_table p) b)) + +(BG_PUSH + ;; Why axiom short_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 32768) x) (<= x 32767)) + (EQ (integer_of_short (short_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom short_range + (FORALL (x) + (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) + +(DEFPRED (strict_valid_root_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_root_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Exception p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_OutputStream p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_FilterOutputStream p a b Object_alloc_table) + (strict_valid_struct_OutputStream p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Hello p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_InputStream p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_OutputStreamWriter p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_PrintStream p a b Object_alloc_table) + (strict_valid_struct_FilterOutputStream p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_String p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_StringBuffer p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_StringM p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_System p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Throwable p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_byteM p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_charM p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_root_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_root_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_struct_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_struct_Exception p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_OutputStream p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_FilterOutputStream p a b Object_alloc_table) + (valid_struct_OutputStream p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Hello p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_InputStream p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_OutputStreamWriter p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_PrintStream p a b Object_alloc_table) + (valid_struct_FilterOutputStream p a b Object_alloc_table)) + +(DEFPRED (valid_struct_String p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_StringBuffer p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_StringM p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_System p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Throwable p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_byteM p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_charM p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +;; Hello_main_safety_po_1, File "why/Hello.why", line 2411, characters 15-69 +(FORALL (argv) +(FORALL (Object_alloc_table) +(IMPLIES (left_valid_struct_StringM argv 0 Object_alloc_table) +(>= (offset_max Object_alloc_table System_out) 0)))) + +========== running Simplify ========== +Running Simplify on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +simplify/Hello_why.sx : ? (0/0/1/0/0) +total : 1 +valid : 0 ( 0%) +invalid : 0 ( 0%) +unknown : 1 (100%) +timeout : 0 ( 0%) +failure : 0 ( 0%) +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/Hello.why +========== file tests/java/why/Hello_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic Exception_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +logic FilterOutputStream_tag : Object tag_id + +logic OutputStream_tag : Object tag_id + +axiom FilterOutputStream_parenttag_OutputStream: + parenttag(FilterOutputStream_tag, OutputStream_tag) + +logic Hello_tag : Object tag_id + +axiom Hello_parenttag_Object: parenttag(Hello_tag, Object_tag) + +logic InputStream_tag : Object tag_id + +axiom InputStream_parenttag_Object: parenttag(InputStream_tag, Object_tag) + +predicate Non_null_Object(x_3: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_3) >= 0) + +predicate Non_null_StringM(x_2: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_2) >= (-1)) + +predicate Non_null_byteM(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= (-1)) + +predicate Non_null_charM(x_1: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_1) >= (-1)) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic OutputStreamWriter_tag : Object tag_id + +axiom OutputStreamWriter_parenttag_Object: parenttag(OutputStreamWriter_tag, + Object_tag) + +axiom OutputStream_parenttag_Object: parenttag(OutputStream_tag, Object_tag) + +logic PrintStream_tag : Object tag_id + +axiom PrintStream_parenttag_FilterOutputStream: parenttag(PrintStream_tag, + FilterOutputStream_tag) + +logic StringBuffer_tag : Object tag_id + +axiom StringBuffer_parenttag_Object: parenttag(StringBuffer_tag, Object_tag) + +logic StringM_tag : Object tag_id + +axiom StringM_parenttag_Object: parenttag(StringM_tag, Object_tag) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic long_of_integer : int -> long + +function String_serialVersionUID() : long = + long_of_integer((-6849794470754667710)) + +logic System_err : Object pointer + +logic System_in : Object pointer + +logic System_out : Object pointer + +logic System_tag : Object tag_id + +axiom System_parenttag_Object: parenttag(System_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic byteM_tag : Object tag_id + +axiom byteM_parenttag_Object: parenttag(byteM_tag, Object_tag) + +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic charM_tag : Object tag_id + +axiom charM_parenttag_Object: parenttag(charM_tag, Object_tag) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_OutputStream(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_FilterOutputStream(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_OutputStream(p, + a, Object_alloc_table) + +predicate left_valid_struct_Hello(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_InputStream(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_OutputStreamWriter(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_PrintStream(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = + left_valid_struct_FilterOutputStream(p, a, Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_StringBuffer(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_StringM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_System(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_byteM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_charM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) + +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_OutputStream(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_FilterOutputStream(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = + right_valid_struct_OutputStream(p, b, Object_alloc_table) + +predicate right_valid_struct_Hello(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_InputStream(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_OutputStreamWriter(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_PrintStream(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = + right_valid_struct_FilterOutputStream(p, b, Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_StringBuffer(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_StringM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_System(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_byteM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_charM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_OutputStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_FilterOutputStream(p: Object pointer, a: int, + b: int, Object_alloc_table: Object alloc_table) = + strict_valid_struct_OutputStream(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Hello(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_InputStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_OutputStreamWriter(p: Object pointer, a: int, + b: int, Object_alloc_table: Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_PrintStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + strict_valid_struct_FilterOutputStream(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_StringBuffer(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_StringM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_System(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_byteM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_charM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_OutputStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_FilterOutputStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_OutputStream(p, a, + b, Object_alloc_table) + +predicate valid_struct_Hello(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_InputStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_OutputStreamWriter(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_PrintStream(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + valid_struct_FilterOutputStream(p, a, b, Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_StringBuffer(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_StringM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_System(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_byteM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_charM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +goal Hello_main_safety_po_1: + forall argv:Object pointer. + forall Object_alloc_table:Object alloc_table. + left_valid_struct_StringM(argv, 0, Object_alloc_table) -> + (offset_max(Object_alloc_table, System_out) >= 0) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/Hello_why.why : ? (0/0/1/0/0) +total : 1 +valid : 0 ( 0%) +invalid : 0 ( 0%) +unknown : 1 (100%) +timeout : 0 ( 0%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/Isqrt.res.oracle why-2.30+dfsg/tests/java/oracle/Isqrt.res.oracle --- why-2.29+dfsg/tests/java/oracle/Isqrt.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Isqrt.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,6146 @@ +========== file tests/java/Isqrt.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + + +//@+ CheckArithOverflow = no + +//@ logic integer sqr(integer x) = x * x; + +class Isqrt { + +/*@ requires x >= 0; + @ ensures \result >= 0 && sqr(\result) <= x && x < sqr(\result + 1); + @*/ +static int isqrt(int x) { + int count = 0, sum = 1; + /*@ loop_invariant count >= 0 && x >= sqr(count) && sum == sqr(count+1); + @ loop_variant x - count; + @*/ + while (sum <= x) sum += 2 * ++count + 1; + return count; +} + +//@ ensures \result == 4; +static int main () { + int r; + r = isqrt(17); + //@ assert r < 4 ==> false; + //@ assert r > 4 ==> false; + return r; +} + +} + +/* +Local Variables: +compile-command: "make Isqrt.why3ml" +End: +*/ + + +========== krakatoa execution ========== +Parsing OK. +Typing OK. +Generating JC function Isqrt_isqrt for method Isqrt.isqrt +Generating JC function Isqrt_main for method Isqrt.main +Generating JC function cons_Isqrt for constructor Isqrt +Generating JC function Object_registerNatives for method Object.registerNatives +Generating JC function Object_hashCode for method Object.hashCode +Generating JC function Object_equals for method Object.equals +Generating JC function Object_clone for method Object.clone +Generating JC function Object_toString for method Object.toString +Generating JC function Object_notify for method Object.notify +Generating JC function Object_notifyAll for method Object.notifyAll +Generating JC function Object_wait_long for method Object.wait +Generating JC function Object_wait_long_int for method Object.wait +Generating JC function Object_wait for method Object.wait +Generating JC function Object_finalize for method Object.finalize +Generating JC function cons_Object for constructor Object +Done. +========== file tests/java/Isqrt.jc ========== +# InvariantPolicy = Arguments +# TerminationPolicy = always +# SeparationPolicy = None +# AnnotationPolicy = None +# AbstractDomain = None + +predicate Non_null_Object{Here}(Object[0..] x) = +(\offset_max(x) >= 0) + +String[0..] any_string() +; + +tag Object = { +} + +tag String = Object with { +} + +tag Throwable = Object with { +} + +tag Exception = Object with { +} + +tag Isqrt = Object with { +} + +type Object = [Object] + +type interface = [interface] + +tag interface = { +} + +boolean non_null_Object(! Object[0..] x) +behavior normal: + ensures (if \result then (\offset_max(x) == 0) else (x == null)); +; + +logic integer sqr(integer x) = +(x * x) + +exception Throwable of Throwable[0..] + +exception Exception of Exception[0..] + +integer Isqrt_isqrt(integer x_0) + requires (K_6 : (x_0 >= 0)); +behavior default: + ensures (K_5 : ((K_4 : ((K_3 : (\result >= 0)) && + (K_2 : (sqr(\result) <= x_0)))) && + (K_1 : (x_0 < sqr((\result + 1)))))); +{ + { + (var integer count = (K_19 : 0)); + + { + (var integer sum = (K_18 : 1)); + + { + loop + behavior default: + invariant (K_11 : ((K_10 : ((K_9 : (count >= 0)) && + (K_8 : (x_0 >= sqr(count))))) && + (K_7 : (sum == sqr((count + 1)))))); + variant (K_12 : (x_0 - count)); + while ((K_17 : (sum <= x_0))) + { (K_16 : sum += (K_15 : ((K_14 : (2 * (K_13 : (++ count)))) + + 1))) + }; + + (return count) + } + } + } +} + +integer Isqrt_main() +behavior default: + ensures (K_20 : (\result == 4)); +{ + { + (var integer r); + + { (r = (K_21 : Isqrt_isqrt(17))); + (K_23 : + (assert (K_22 : ((r < 4) ==> false)))); + (K_25 : + (assert (K_24 : ((r > 4) ==> false)))); + + (return r) + } + } +} + +unit cons_Isqrt(! Isqrt[0] this_1){()} + +unit Object_registerNatives() +; + +integer Object_hashCode(Object[0] this_2) +; + +boolean Object_equals(Object[0] this_3, Object[0..] obj) +; + +Object[0..] Object_clone(Object[0] this_4) +; + +String[0..] Object_toString(Object[0] this_5) +; + +unit Object_notify(Object[0] this_6) +; + +unit Object_notifyAll(Object[0] this_7) +; + +unit Object_wait_long(Object[0] this_8, integer timeout) +; + +unit Object_wait_long_int(Object[0] this_9, integer timeout_0, integer nanos) +; + +unit Object_wait(Object[0] this_10) +; + +unit Object_finalize(Object[0] this_11) +; + +unit cons_Object(! Object[0] this_12){()} + +/* +Local Variables: +mode: java +compile-command: "jessie -why-opt -split-user-conj -locs tests/java/Isqrt.jloc tests/java/Isqrt.jc && make -f tests/java/Isqrt.makefile gui" +End: +*/ +========== file tests/java/Isqrt.jloc ========== +[K_10] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 21 +end = 50 + +[K_11] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 21 +end = 73 + +[K_12] +file = "HOME/tests/java/Isqrt.java" +line = 45 +begin = 20 +end = 29 + +[K_13] +file = "HOME/tests/java/Isqrt.java" +line = 47 +begin = 30 +end = 37 + +[K_14] +file = "HOME/tests/java/Isqrt.java" +line = 47 +begin = 26 +end = 37 + +[K_15] +file = "HOME/tests/java/Isqrt.java" +line = 47 +begin = 26 +end = 41 + +[K_16] +file = "HOME/tests/java/Isqrt.java" +line = 47 +begin = 19 +end = 41 + +[K_17] +file = "HOME/tests/java/Isqrt.java" +line = 47 +begin = 9 +end = 17 + +[K_18] +file = "HOME/tests/java/Isqrt.java" +line = 43 +begin = 23 +end = 24 + +[K_19] +file = "HOME/tests/java/Isqrt.java" +line = 43 +begin = 14 +end = 15 + +[cons_Isqrt] +name = "Constructor of class Isqrt" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[Isqrt_main] +name = "Method main" +file = "HOME/tests/java/Isqrt.java" +line = 52 +begin = 11 +end = 15 + +[K_20] +file = "HOME/tests/java/Isqrt.java" +line = 51 +begin = 12 +end = 24 + +[K_21] +file = "HOME/tests/java/Isqrt.java" +line = 54 +begin = 6 +end = 15 + +[K_22] +file = "HOME/tests/java/Isqrt.java" +line = 55 +begin = 13 +end = 28 + +[K_23] +file = "HOME/tests/java/Isqrt.java" +line = 55 +begin = 13 +end = 28 + +[K_24] +file = "HOME/tests/java/Isqrt.java" +line = 56 +begin = 13 +end = 28 + +[K_1] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 49 +end = 69 + +[K_25] +file = "HOME/tests/java/Isqrt.java" +line = 56 +begin = 13 +end = 28 + +[K_2] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 28 +end = 45 + +[K_3] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 12 +end = 24 + +[Object_equals] +name = "Method equals" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[K_4] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 12 +end = 45 + +[K_5] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 12 +end = 69 + +[K_6] +file = "HOME/tests/java/Isqrt.java" +line = 39 +begin = 13 +end = 19 + +[K_7] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 54 +end = 73 + +[K_8] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 35 +end = 50 + +[K_9] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 21 +end = 31 + +[Object_notify] +name = "Method notify" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[cons_Object] +name = "Constructor of class Object" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[Isqrt_isqrt] +name = "Method isqrt" +file = "HOME/tests/java/Isqrt.java" +line = 42 +begin = 11 +end = 16 + +[Object_wait_long_int] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[Object_wait_long] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[Object_hashCode] +name = "Method hashCode" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[Object_notifyAll] +name = "Method notifyAll" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[Object_toString] +name = "Method toString" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[Object_registerNatives] +name = "Method registerNatives" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[Object_clone] +name = "Method clone" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[Object_wait] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[Object_finalize] +name = "Method finalize" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +========== jessie execution ========== +Generating Why function Isqrt_isqrt +Generating Why function Isqrt_main +Generating Why function cons_Isqrt +Generating Why function cons_Object +========== file tests/java/Isqrt.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Isqrt.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Isqrt.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/Isqrt_why.sx + +project: why/Isqrt.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/Isqrt_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/Isqrt_why.vo + +coq/Isqrt_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/Isqrt_why.v: why/Isqrt.why + @echo 'why -coq [...] why/Isqrt.why' && $(WHY) $(JESSIELIBFILES) why/Isqrt.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/Isqrt_ctx_why.vo + for f in why/*_po*.why; do make -f Isqrt.makefile coq/`basename $$f .why`_why.v ; done + +coq/Isqrt_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/Isqrt_ctx_why.v: why/Isqrt_ctx.why + @echo 'why -coq [...] why/Isqrt_ctx.why' && $(WHY) why/Isqrt_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export Isqrt_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/Isqrt_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/Isqrt_ctx_why.vo + +pvs: pvs/Isqrt_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/Isqrt_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/Isqrt_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/Isqrt_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/Isqrt_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/Isqrt_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/Isqrt_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/Isqrt_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/Isqrt_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/Isqrt_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/Isqrt_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/Isqrt_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/Isqrt_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/Isqrt_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/Isqrt_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: Isqrt.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/Isqrt_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/Isqrt_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: Isqrt.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include Isqrt.depend + +depend: coq/Isqrt_why.v + -$(COQDEP) -I coq coq/Isqrt*_why.v > Isqrt.depend + +clean: + rm -f coq/*.vo + +========== file tests/java/Isqrt.loc ========== +[JC_90] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_91] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_92] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_40] +file = "HOME/tests/java/Isqrt.java" +line = 45 +begin = 20 +end = 29 + +[JC_93] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_41] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 21 +end = 31 + +[JC_94] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[JC_42] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 35 +end = 50 + +[JC_95] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_43] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 54 +end = 73 + +[JC_96] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[JC_44] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 21 +end = 73 + +[JC_150] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +[JC_97] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_45] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_151] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_98] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_46] +file = "HOME/tests/java/Isqrt.jc" +line = 61 +begin = 12 +end = 481 + +[JC_1] +file = "HOME/tests/java/Isqrt.jc" +line = 10 +begin = 12 +end = 22 + +[JC_152] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +[JC_100] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_99] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_47] +file = "HOME/tests/java/Isqrt.jc" +line = 61 +begin = 12 +end = 481 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_153] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_101] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_48] +file = "HOME/tests/java/Isqrt.java" +line = 52 +begin = 11 +end = 15 + +[JC_3] +file = "HOME/tests/java/Isqrt.jc" +line = 10 +begin = 12 +end = 22 + +[JC_154] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_102] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[JC_49] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_155] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_103] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_156] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_104] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[JC_6] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_157] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_105] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_7] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_Object_safety] +name = "Constructor of class Object" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_158] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_106] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_159] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_107] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_9] +file = "HOME/tests/java/Isqrt.jc" +line = 35 +begin = 8 +end = 23 + +[JC_108] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_109] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_50] +file = "HOME/tests/java/Isqrt.java" +line = 52 +begin = 11 +end = 15 + +[JC_51] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_52] +file = "HOME/tests/java/Isqrt.java" +line = 51 +begin = 12 +end = 24 + +[Isqrt_main_ensures_default] +name = "Method main" +behavior = "default behavior" +file = "HOME/tests/java/Isqrt.java" +line = 52 +begin = 11 +end = 15 + +[JC_53] +file = "HOME/tests/java/Isqrt.java" +line = 51 +begin = 12 +end = 24 + +[JC_54] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_160] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_55] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_161] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_56] +kind = UserCall +file = "HOME/tests/java/Isqrt.java" +line = 54 +begin = 6 +end = 15 + +[JC_162] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_110] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[JC_57] +file = "HOME/tests/java/Isqrt.java" +line = 55 +begin = 13 +end = 28 + +[JC_163] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_111] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_58] +file = "HOME/tests/java/Isqrt.java" +line = 56 +begin = 13 +end = 28 + +[JC_164] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_112] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[JC_59] +kind = UserCall +file = "HOME/tests/java/Isqrt.java" +line = 54 +begin = 6 +end = 15 + +[JC_165] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_113] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_114] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_115] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_116] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_117] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_118] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[JC_119] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_60] +file = "HOME/tests/java/Isqrt.java" +line = 55 +begin = 13 +end = 28 + +[JC_61] +file = "HOME/tests/java/Isqrt.java" +line = 56 +begin = 13 +end = 28 + +[JC_62] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_63] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_11] +file = "HOME/tests/java/Isqrt.jc" +line = 35 +begin = 8 +end = 23 + +[JC_64] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_65] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_13] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_66] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_14] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_120] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[JC_67] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_15] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_121] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_68] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_16] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_122] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_69] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_17] +file = "HOME/tests/java/Isqrt.jc" +line = 37 +begin = 11 +end = 65 + +[JC_123] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_18] +file = "HOME/tests/java/Isqrt.jc" +line = 37 +begin = 11 +end = 65 + +[JC_124] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_19] +file = "HOME/tests/java/Isqrt.java" +line = 39 +begin = 13 +end = 19 + +[JC_125] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_126] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[JC_127] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[Isqrt_isqrt_safety] +name = "Method isqrt" +behavior = "Safety" +file = "HOME/tests/java/Isqrt.java" +line = 42 +begin = 11 +end = 16 + +[JC_128] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[JC_129] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_70] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[JC_71] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_72] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_73] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_Isqrt_ensures_default] +name = "Constructor of class Isqrt" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_21] +file = "HOME/tests/java/Isqrt.java" +line = 39 +begin = 13 +end = 19 + +[JC_74] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_22] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_75] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_23] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 12 +end = 24 + +[JC_76] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_24] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 28 +end = 45 + +[cons_Object_ensures_default] +name = "Constructor of class Object" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_130] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_77] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_25] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 49 +end = 69 + +[JC_131] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_78] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[JC_26] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 12 +end = 69 + +[JC_132] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_79] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_27] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 12 +end = 24 + +[JC_133] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_28] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 28 +end = 45 + +[JC_134] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[JC_29] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 49 +end = 69 + +[JC_135] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[Isqrt_main_safety] +name = "Method main" +behavior = "Safety" +file = "HOME/tests/java/Isqrt.java" +line = 52 +begin = 11 +end = 15 + +[JC_136] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[JC_137] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_138] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_139] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_80] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[JC_81] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_Isqrt_safety] +name = "Constructor of class Isqrt" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_82] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_30] +file = "HOME/tests/java/Isqrt.java" +line = 40 +begin = 12 +end = 69 + +[JC_83] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_31] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_84] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_32] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_85] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_33] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 21 +end = 31 + +[JC_86] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[JC_34] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 35 +end = 50 + +[JC_140] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_87] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_35] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 54 +end = 73 + +[JC_141] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_88] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[JC_36] +file = "HOME/tests/java/Isqrt.java" +line = 44 +begin = 21 +end = 73 + +[JC_142] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[JC_89] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[Isqrt_isqrt_ensures_default] +name = "Method isqrt" +behavior = "default behavior" +file = "HOME/tests/java/Isqrt.java" +line = 42 +begin = 11 +end = 16 + +[JC_37] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_143] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_38] +file = "HOME/tests/java/Isqrt.jc" +line = 61 +begin = 12 +end = 481 + +[JC_144] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[JC_39] +file = "HOME/tests/java/Isqrt.jc" +line = 61 +begin = 12 +end = 481 + +[JC_145] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_146] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_147] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_148] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_149] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +========== file tests/java/why/Isqrt.why ========== +type Object + +type interface + +logic Exception_tag: -> Object tag_id + +logic Object_tag: -> Object tag_id + +axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) + +logic Isqrt_tag: -> Object tag_id + +axiom Isqrt_parenttag_Object : parenttag(Isqrt_tag, Object_tag) + +predicate Non_null_Object(x_0:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_0), (0)) + +axiom Object_int : (int_of_tag(Object_tag) = (1)) + +logic Object_of_pointer_address: unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr : + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom : parenttag(Object_tag, bottom_tag) + +axiom Object_tags : + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. + instanceof(Object_tag_table, x, Object_tag))) + +logic String_tag: -> Object tag_id + +axiom String_parenttag_Object : parenttag(String_tag, Object_tag) + +logic Throwable_tag: -> Object tag_id + +axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) + +logic interface_tag: -> interface tag_id + +axiom interface_int : (int_of_tag(interface_tag) = (1)) + +logic interface_of_pointer_address: unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr : + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom : parenttag(interface_tag, bottom_tag) + +axiom interface_tags : + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + (offset_min(Object_alloc_table, p) <= a) + +predicate left_valid_struct_Exception(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_Isqrt(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_String(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_Throwable(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_interface(p:interface pointer, a:int, + interface_alloc_table:interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +axiom pointer_addr_of_Object_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address : + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + (offset_max(Object_alloc_table, p) >= b) + +predicate right_valid_struct_Exception(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_Isqrt(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_String(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_Throwable(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_interface(p:interface pointer, b:int, + interface_alloc_table:interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +function sqr(x_2:int) : int = mul_int(x_2, x_2) + +predicate strict_valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Isqrt(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Isqrt(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +exception Exception_exc of Object pointer + +parameter Isqrt_isqrt : + x_0_0:int -> + { } int + { (JC_30: + ((JC_27: ge_int(result, (0))) + and ((JC_28: le_int(sqr(result), x_0_0)) + and (JC_29: lt_int(x_0_0, sqr(add_int(result, (1)))))))) } + +parameter Isqrt_isqrt_requires : + x_0_0:int -> + { (JC_19: ge_int(x_0_0, (0)))} int + { (JC_30: + ((JC_27: ge_int(result, (0))) + and ((JC_28: le_int(sqr(result), x_0_0)) + and (JC_29: lt_int(x_0_0, sqr(add_int(result, (1)))))))) } + +parameter Isqrt_main : tt:unit -> { } int { (JC_53: (result = (4))) } + +parameter Isqrt_main_requires : + tt:unit -> { } int { (JC_53: (result = (4))) } + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +parameter Object_alloc_table : Object alloc_table ref + +parameter Object_clone : + this_4:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_clone_requires : + this_4:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_equals : + this_3:Object pointer -> + obj:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter Object_equals_requires : + this_3:Object pointer -> + obj:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter Object_finalize : + this_11:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_finalize_requires : + this_11:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_hashCode : + this_2:Object pointer -> { } int reads Object_alloc_table { true } + +parameter Object_hashCode_requires : + this_2:Object pointer -> { } int reads Object_alloc_table { true } + +parameter Object_notify : + this_6:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notifyAll : + this_7:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notifyAll_requires : + this_7:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notify_requires : + this_6:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_registerNatives : tt:unit -> { } unit { true } + +parameter Object_registerNatives_requires : tt:unit -> { } unit { true } + +parameter Object_tag_table : Object tag_table ref + +parameter Object_toString : + this_5:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_toString_requires : + this_5:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_wait : + this_10:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long : + this_8:Object pointer -> + timeout:int -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_int : + this_9:Object pointer -> + timeout_0:int -> nanos:int -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_int_requires : + this_9:Object pointer -> + timeout_0:int -> nanos:int -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_requires : + this_8:Object pointer -> + timeout:int -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_requires : + this_10:Object pointer -> { } unit reads Object_alloc_table { true } + +exception Return_label_exc of unit + +exception Throwable_exc of Object pointer + +parameter alloc_struct_Exception : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Exception_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Isqrt : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Isqrt(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Isqrt_tag)))) } + +parameter alloc_struct_Isqrt_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Isqrt(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Isqrt_tag)))) } + +parameter alloc_struct_Object : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_Object_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_String : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_String_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_Throwable : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_Throwable_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter interface_alloc_table : interface alloc_table ref + +parameter interface_tag_table : interface tag_table ref + +parameter alloc_struct_interface : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { } interface pointer writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter alloc_struct_interface_requires : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { ge_int(n, (0))} interface pointer + writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + +parameter cons_Isqrt : + this_1:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Isqrt_requires : + this_1:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Object : + this_12:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Object_requires : + this_12:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter non_null_Object : + x_1:Object pointer -> + { } bool reads Object_alloc_table + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) + else (x_1 = null))) } + +parameter non_null_Object_requires : + x_1:Object pointer -> + { } bool reads Object_alloc_table + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) + else (x_1 = null))) } + +let Isqrt_isqrt_ensures_default = + fun (x_0_0 : int) -> + { (JC_21: ge_int(x_0_0, (0))) } + (init: + (let return = ref (any_int void) in + try + begin + (let count = ref (K_19: (0)) in + (let sum = ref (K_18: (1)) in + begin + try + (loop_2: + while true do + { invariant + (JC_44: + ((JC_41: ge_int(count, (0))) + and ((JC_42: ge_int(x_0_0, sqr(count))) + and (JC_43: (sum = sqr(add_int(count, (1)))))))) } + begin + [ { } unit { true } ]; + try + begin + (if (K_17: ((le_int_ !sum) x_0_0)) + then + (let jessie_ = + (K_16: + begin + (sum := ((add_int !sum) (K_15: + ((add_int (K_14: + ((mul_int (2)) (K_13: + begin + (count := + ((add_int !count) (1))); + !count end)))) (1))))); + !sum end) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done) with + Loop_exit_exc jessie_ -> void end; (return := !count); + (raise Return) end)); absurd end with Return -> !return end)) + { (JC_26: + ((JC_23: ge_int(result, (0))) + and ((JC_24: le_int(sqr(result), x_0_0)) + and (JC_25: lt_int(x_0_0, sqr(add_int(result, (1)))))))) } + +let Isqrt_isqrt_safety = + fun (x_0_0 : int) -> + { (JC_21: ge_int(x_0_0, (0))) } + (init: + (let return = ref (any_int void) in + try + begin + (let count = ref (K_19: (0)) in + (let sum = ref (K_18: (1)) in + begin + try + (loop_1: + while true do + { invariant (JC_38: true) variant (JC_40 : sub_int(x_0_0, count)) } + begin + [ { } unit reads count,sum + { (JC_36: + ((JC_33: ge_int(count, (0))) + and ((JC_34: ge_int(x_0_0, sqr(count))) + and (JC_35: (sum = sqr(add_int(count, (1)))))))) } ]; + try + begin + (if (K_17: ((le_int_ !sum) x_0_0)) + then + (let jessie_ = + (K_16: + begin + (sum := ((add_int !sum) (K_15: + ((add_int (K_14: + ((mul_int (2)) (K_13: + begin + (count := + ((add_int !count) (1))); + !count end)))) (1))))); + !sum end) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done) with + Loop_exit_exc jessie_ -> void end; (return := !count); + (raise Return) end)); absurd end with Return -> !return end)) + { true } + +let Isqrt_main_ensures_default = + fun (tt : unit) -> + { (JC_51: true) } + (init: + (let return = ref (any_int void) in + try + begin + (let r = ref (any_int void) in + (K_23: + (K_25: + begin + (let jessie_ = + (r := (K_21: + (let jessie_ = (17) in (JC_59: (Isqrt_isqrt jessie_))))) in + void); (assert { (JC_60: (lt_int(r, (4)) -> (false = true))) }; void); + (assert { (JC_61: (gt_int(r, (4)) -> (false = true))) }; void); + (return := !r); (raise Return) end))); absurd end with Return -> + !return end)) { (JC_52: (result = (4))) } + +let Isqrt_main_safety = + fun (tt : unit) -> + { (JC_51: true) } + (init: + (let return = ref (any_int void) in + try + begin + (let r = ref (any_int void) in + (K_23: + (K_25: + begin + (let jessie_ = + (r := (K_21: + (let jessie_ = (17) in + (JC_56: (Isqrt_isqrt_requires jessie_))))) in void); + [ { } unit reads r { (JC_57: (lt_int(r, (4)) -> (false = true))) } ]; + [ { } unit reads r { (JC_58: (gt_int(r, (4)) -> (false = true))) } ]; + (return := !r); (raise Return) end))); absurd end with Return -> + !return end)) { true } + +let cons_Isqrt_ensures_default = + fun (this_1 : Object pointer) -> + { valid_struct_Isqrt(this_1, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_66: true) } + +let cons_Isqrt_safety = + fun (this_1 : Object pointer) -> + { valid_struct_Isqrt(this_1, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + +let cons_Object_ensures_default = + fun (this_12 : Object pointer) -> + { valid_struct_Object(this_12, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_162: true) } + +let cons_Object_safety = + fun (this_12 : Object pointer) -> + { valid_struct_Object(this_12, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + + +========== make project execution ========== +why --project [...] why/Isqrt.why +========== file tests/java/why/Isqrt.wpr ========== + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +========== file tests/java/why/Isqrt_ctx.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type interface + +logic Exception_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +logic Isqrt_tag : Object tag_id + +axiom Isqrt_parenttag_Object: parenttag(Isqrt_tag, Object_tag) + +predicate Non_null_Object(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= 0) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Isqrt(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Isqrt(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +function sqr(x_2: int) : int = (x_2 * x_2) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Isqrt(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Isqrt(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +========== file tests/java/why/Isqrt_po1.why ========== +goal Isqrt_isqrt_ensures_default_po_1: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + ("JC_44": ("JC_41": (0 >= 0))) + +========== file tests/java/why/Isqrt_po10.why ========== +goal Isqrt_isqrt_safety_po_1: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_38": true) -> + ("JC_36": + (("JC_33": (count >= 0)) and + (("JC_34": (x_0_0 >= sqr(count))) and ("JC_35": (sum = sqr((count + 1))))))) -> + (sum <= x_0_0) -> + forall count0:int. + (count0 = (count + 1)) -> + forall sum0:int. + (sum0 = (sum + ((2 * count0) + 1))) -> + (0 <= ("JC_40": (x_0_0 - count))) + +========== file tests/java/why/Isqrt_po11.why ========== +goal Isqrt_isqrt_safety_po_2: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_38": true) -> + ("JC_36": + (("JC_33": (count >= 0)) and + (("JC_34": (x_0_0 >= sqr(count))) and ("JC_35": (sum = sqr((count + 1))))))) -> + (sum <= x_0_0) -> + forall count0:int. + (count0 = (count + 1)) -> + forall sum0:int. + (sum0 = (sum + ((2 * count0) + 1))) -> + (("JC_40": (x_0_0 - count0)) < ("JC_40": (x_0_0 - count))) + +========== file tests/java/why/Isqrt_po12.why ========== +goal Isqrt_main_ensures_default_po_1: + ("JC_51": true) -> + forall result:int. + ("JC_30": + (("JC_27": (result >= 0)) and + (("JC_28": (sqr(result) <= 17)) and ("JC_29": (17 < sqr((result + 1))))))) -> + forall r:int. + (r = result) -> + (r < 4) -> + ("JC_60": (false = true)) + +========== file tests/java/why/Isqrt_po13.why ========== +goal Isqrt_main_ensures_default_po_2: + ("JC_51": true) -> + forall result:int. + ("JC_30": + (("JC_27": (result >= 0)) and + (("JC_28": (sqr(result) <= 17)) and ("JC_29": (17 < sqr((result + 1))))))) -> + forall r:int. + (r = result) -> + ("JC_60": ((r < 4) -> (false = true))) -> + (r > 4) -> + ("JC_61": (false = true)) + +========== file tests/java/why/Isqrt_po14.why ========== +goal Isqrt_main_ensures_default_po_3: + ("JC_51": true) -> + forall result:int. + ("JC_30": + (("JC_27": (result >= 0)) and + (("JC_28": (sqr(result) <= 17)) and ("JC_29": (17 < sqr((result + 1))))))) -> + forall r:int. + (r = result) -> + ("JC_60": ((r < 4) -> (false = true))) -> + ("JC_61": ((r > 4) -> (false = true))) -> + forall return:int. + (return = r) -> + ("JC_52": (return = 4)) + +========== file tests/java/why/Isqrt_po15.why ========== +goal Isqrt_main_safety_po_1: + ("JC_51": true) -> + ("JC_19": (17 >= 0)) + +========== file tests/java/why/Isqrt_po2.why ========== +goal Isqrt_isqrt_ensures_default_po_2: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + ("JC_44": ("JC_42": (x_0_0 >= sqr(0)))) + +========== file tests/java/why/Isqrt_po3.why ========== +goal Isqrt_isqrt_ensures_default_po_3: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + ("JC_44": ("JC_43": (1 = sqr((0 + 1))))) + +========== file tests/java/why/Isqrt_po4.why ========== +goal Isqrt_isqrt_ensures_default_po_4: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum <= x_0_0) -> + forall count0:int. + (count0 = (count + 1)) -> + forall sum0:int. + (sum0 = (sum + ((2 * count0) + 1))) -> + ("JC_44": ("JC_41": (count0 >= 0))) + +========== file tests/java/why/Isqrt_po5.why ========== +goal Isqrt_isqrt_ensures_default_po_5: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum <= x_0_0) -> + forall count0:int. + (count0 = (count + 1)) -> + forall sum0:int. + (sum0 = (sum + ((2 * count0) + 1))) -> + ("JC_44": ("JC_42": (x_0_0 >= sqr(count0)))) + +========== file tests/java/why/Isqrt_po6.why ========== +goal Isqrt_isqrt_ensures_default_po_6: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum <= x_0_0) -> + forall count0:int. + (count0 = (count + 1)) -> + forall sum0:int. + (sum0 = (sum + ((2 * count0) + 1))) -> + ("JC_44": ("JC_43": (sum0 = sqr((count0 + 1))))) + +========== file tests/java/why/Isqrt_po7.why ========== +goal Isqrt_isqrt_ensures_default_po_7: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum > x_0_0) -> + forall return:int. + (return = count) -> + ("JC_26": ("JC_23": (return >= 0))) + +========== file tests/java/why/Isqrt_po8.why ========== +goal Isqrt_isqrt_ensures_default_po_8: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum > x_0_0) -> + forall return:int. + (return = count) -> + ("JC_26": ("JC_24": (sqr(return) <= x_0_0))) + +========== file tests/java/why/Isqrt_po9.why ========== +goal Isqrt_isqrt_ensures_default_po_9: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum > x_0_0) -> + forall return:int. + (return = count) -> + ("JC_26": ("JC_25": (x_0_0 < sqr((return + 1))))) + +========== generation of Simplify VC output ========== +why -simplify [...] why/Isqrt.why +========== file tests/java/simplify/Isqrt_why.sx ========== + +;; DO NOT EDIT BELOW THIS LINE + +(BG_PUSH (NEQ |@true| |@false|)) + +(DEFPRED (zwf_zero a b) (AND (<= 0 b) (< a b))) + +(BG_PUSH + ;; Why axiom bool_and_def + (FORALL (a b) + (IFF (EQ (bool_and a b) |@true|) (AND (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_or_def + (FORALL (a b) + (IFF (EQ (bool_or a b) |@true|) (OR (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_xor_def + (FORALL (a b) (IFF (EQ (bool_xor a b) |@true|) (NEQ a b)))) + +(BG_PUSH + ;; Why axiom bool_not_def + (FORALL (a) (IFF (EQ (bool_not a) |@true|) (EQ a |@false|)))) + +(BG_PUSH + ;; Why axiom ite_true + (FORALL (x y) (EQ (ite |@true| x y) x))) + +(BG_PUSH + ;; Why axiom ite_false + (FORALL (x y) (EQ (ite |@false| x y) y))) + +(BG_PUSH + ;; Why axiom lt_int_bool_axiom + (FORALL (x y) (IFF (EQ (lt_int_bool x y) |@true|) (< x y)))) + +(BG_PUSH + ;; Why axiom le_int_bool_axiom + (FORALL (x y) (IFF (EQ (le_int_bool x y) |@true|) (<= x y)))) + +(BG_PUSH + ;; Why axiom gt_int_bool_axiom + (FORALL (x y) (IFF (EQ (gt_int_bool x y) |@true|) (> x y)))) + +(BG_PUSH + ;; Why axiom ge_int_bool_axiom + (FORALL (x y) (IFF (EQ (ge_int_bool x y) |@true|) (>= x y)))) + +(BG_PUSH + ;; Why axiom eq_int_bool_axiom + (FORALL (x y) (IFF (EQ (eq_int_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_int_bool_axiom + (FORALL (x y) (IFF (EQ (neq_int_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom abs_int_pos + (FORALL (x) (IMPLIES (>= x 0) (EQ (abs_int x) x)))) + +(BG_PUSH + ;; Why axiom abs_int_neg + (FORALL (x) (IMPLIES (<= x 0) (EQ (abs_int x) (- 0 x))))) + +(BG_PUSH + ;; Why axiom int_max_is_ge + (FORALL (x y) (AND (>= (int_max x y) x) (>= (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_max_is_some + (FORALL (x y) (OR (EQ (int_max x y) x) (EQ (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_le + (FORALL (x y) (AND (<= (int_min x y) x) (<= (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_some + (FORALL (x y) (OR (EQ (int_min x y) x) (EQ (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom real_of_int_zero + (EQ (real_of_int 0) real_constant_0_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_one + (EQ (real_of_int 1) real_constant_1_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_add + (FORALL (x y) + (EQ (real_of_int (+ x y)) (real_add (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom real_of_int_sub + (FORALL (x y) + (EQ (real_of_int (- x y)) (real_sub (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom truncate_down_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (AND (EQ (le_real (real_of_int (truncate_real_to_int x)) x) |@true|) + (EQ (lt_real x (real_of_int (+ (truncate_real_to_int x) 1))) |@true|))))) + +(BG_PUSH + ;; Why axiom truncate_up_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (AND (EQ (lt_real (real_of_int (- (truncate_real_to_int x) 1)) x) |@true|) + (EQ (le_real x (real_of_int (truncate_real_to_int x))) |@true|))))) + +(BG_PUSH + ;; Why axiom lt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (lt_real_bool x y) |@true|) (EQ (lt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom le_real_bool_axiom + (FORALL (x y) + (IFF (EQ (le_real_bool x y) |@true|) (EQ (le_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom gt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (gt_real_bool x y) |@true|) (EQ (gt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom ge_real_bool_axiom + (FORALL (x y) + (IFF (EQ (ge_real_bool x y) |@true|) (EQ (ge_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom eq_real_bool_axiom + (FORALL (x y) (IFF (EQ (eq_real_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_real_bool_axiom + (FORALL (x y) (IFF (EQ (neq_real_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom real_max_is_ge + (FORALL (x y) + (AND (EQ (ge_real (real_max x y) x) |@true|) + (EQ (ge_real (real_max x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_max_is_some + (FORALL (x y) (OR (EQ (real_max x y) x) (EQ (real_max x y) y)))) + +(BG_PUSH + ;; Why axiom real_min_is_le + (FORALL (x y) + (AND (EQ (le_real (real_min x y) x) |@true|) + (EQ (le_real (real_min x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_min_is_some + (FORALL (x y) (OR (EQ (real_min x y) x) (EQ (real_min x y) y)))) + +(BG_PUSH + ;; Why axiom sqr_real_def + (FORALL (x) (EQ (sqr_real x) (real_mul x x)))) + +(BG_PUSH + ;; Why axiom sqrt_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (ge_real (real_sqrt x) real_constant_0_0e) |@true|)))) + +(BG_PUSH + ;; Why axiom sqrt_sqr + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (sqr_real (real_sqrt x)) x)))) + +(BG_PUSH + ;; Why axiom sqr_sqrt + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (real_sqrt (real_mul x x)) x)))) + +(BG_PUSH + ;; Why axiom abs_real_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) (EQ (real_abs x) x)))) + +(BG_PUSH + ;; Why axiom abs_real_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (EQ (real_abs x) (real_neg x))))) + +(BG_PUSH + ;; Why axiom log_exp + (FORALL (x) (EQ (log (exp x)) x))) + +(BG_PUSH + ;; Why axiom exp_log + (FORALL (x) + (IMPLIES (EQ (gt_real x real_constant_0_0e) |@true|) (EQ (exp (log x)) x)))) + +(BG_PUSH + ;; Why axiom prod_pos + (FORALL (x y) + (AND + (IMPLIES + (AND (EQ (gt_real x real_constant_0_0e) |@true|) + (EQ (gt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|)) + (IMPLIES + (AND (EQ (lt_real x real_constant_0_0e) |@true|) + (EQ (lt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|))))) + +(BG_PUSH + ;; Why axiom abs_minus + (FORALL (x) (EQ (real_abs (real_neg x)) (real_abs x)))) + +(BG_PUSH + ;; Why axiom math_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (math_div x y)) (math_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (math_div x y)) (math_mod x y))))))) + +(BG_PUSH + ;; Why axiom math_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) + (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))))) + +(BG_PUSH + ;; Why axiom computer_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))))) + +(BG_PUSH + ;; Why axiom computer_div_bound + (FORALL (x y) + (IMPLIES (AND (>= x 0) (> y 0)) + (AND (<= 0 (computer_div x y)) (<= (computer_div x y) x))))) + +(BG_PUSH + ;; Why axiom computer_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) (< (abs_int (computer_mod x y)) (abs_int y)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (< (abs_int (computer_mod x y)) (abs_int y)))))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_pos + (FORALL (x y) (IMPLIES (AND (>= x 0) (NEQ y 0)) (>= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_neg + (FORALL (x y) (IMPLIES (AND (<= x 0) (NEQ y 0)) (<= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_rounds_toward_zero + (FORALL (x y) + (IMPLIES (NEQ y 0) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))))) + +(DEFPRED (valid a p) (AND (<= (offset_min a p) 0) (>= (offset_max a p) 0))) + +(DEFPRED (same_block p q) (EQ (base_block p) (base_block q))) + +(BG_PUSH + ;; Why axiom address_injective + (FORALL (p q) (IFF (EQ p q) (EQ (address p) (address q))))) + +(BG_PUSH + ;; Why axiom address_null + (EQ (address null) 0)) + +(BG_PUSH + ;; Why axiom address_shift_lt + (FORALL (p i j) + (IFF (< (address (shift p i)) (address (shift p j))) (< i j)))) + +(BG_PUSH + ;; Why axiom address_shift_le + (FORALL (p i j) + (IFF (<= (address (shift p i)) (address (shift p j))) (<= i j)))) + +(BG_PUSH + ;; Why axiom shift_zero + (FORALL (p) (EQ (shift p 0) p))) + +(BG_PUSH + ;; Why axiom shift_shift + (FORALL (p i j) (EQ (shift (shift p i) j) (shift p (+ i j))))) + +(BG_PUSH + ;; Why axiom offset_max_shift + (FORALL (a p i) (EQ (offset_max a (shift p i)) (- (offset_max a p) i)))) + +(BG_PUSH + ;; Why axiom offset_min_shift + (FORALL (a p i) (EQ (offset_min a (shift p i)) (- (offset_min a p) i)))) + +(BG_PUSH + ;; Why axiom neq_shift + (FORALL (p i j) (IMPLIES (NEQ i j) (NEQ (shift p i) (shift p j)))) + + (FORALL (i j) + (IMPLIES (NEQ i j) (FORALL (p) (NEQ (shift p i) (shift p j)))))) + +(BG_PUSH + ;; Why axiom null_not_valid + (FORALL (a) (NOT (valid a null)))) + +(BG_PUSH + ;; Why axiom null_pointer + (FORALL (a) + (AND (>= (offset_min a null) 0) (<= (offset_max a null) (- 0 2))))) + +(BG_PUSH + ;; Why axiom eq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (eq_pointer_bool p1 p2) |@true|) (EQ p1 p2)))) + +(BG_PUSH + ;; Why axiom neq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (neq_pointer_bool p1 p2) |@true|) (NEQ p1 p2)))) + +(BG_PUSH + ;; Why axiom same_block_shift_right + (FORALL (p q i) (IMPLIES (same_block p q) (same_block p (shift q i)))) + + (FORALL (p q) + (IMPLIES (same_block p q) (FORALL (i) (same_block p (shift q i)))))) + +(BG_PUSH + ;; Why axiom same_block_shift_left + (FORALL (p q i) (IMPLIES (same_block q p) (same_block (shift q i) p))) + + (FORALL (p q) + (IMPLIES (same_block q p) (FORALL (i) (same_block (shift q i) p))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift + (FORALL (p q) (IMPLIES (same_block p q) (EQ p (shift q (sub_pointer p q)))))) + +(BG_PUSH + ;; Why axiom sub_pointer_self + (FORALL (p) (EQ (sub_pointer p p) 0))) + +(BG_PUSH + ;; Why axiom sub_pointer_zero + (FORALL (p q) + (IMPLIES (same_block p q) (IMPLIES (EQ (sub_pointer p q) 0) (EQ p q))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_left + (FORALL (p q i) (EQ (sub_pointer (shift p i) q) (+ (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_right + (FORALL (p q i) (EQ (sub_pointer p (shift q i)) (- (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom select_store_eq + (FORALL (m p1 p2 a) + (IMPLIES (EQ p1 p2) (EQ (select (|why__store| m p1 a) p2) a))) + + (FORALL (p1 p2) + (IMPLIES (EQ p1 p2) (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) a))))) + +(BG_PUSH + ;; Why axiom select_store_neq + (FORALL (m p1 p2 a) + (IMPLIES (NEQ p1 p2) (EQ (select (|why__store| m p1 a) p2) (select m p2)))) + + (FORALL (p1 p2) + (IMPLIES (NEQ p1 p2) + (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) (select m p2)))))) + +(DEFPRED (pset_disjoint ps1 ps2) + (FORALL (p) + (NOT (AND (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|))))) + +(DEFPRED (pset_included ps1 ps2) + (FORALL (p) + (IMPLIES (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|)))) + +(BG_PUSH + ;; Why axiom pset_included_self + (FORALL (ps) (pset_included ps ps))) + +(BG_PUSH + ;; Why axiom pset_included_range + (FORALL (ps a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (pset_included (pset_range ps a b) (pset_range ps c d)))) + + (FORALL (a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (FORALL (ps) (pset_included (pset_range ps a b) (pset_range ps c d)))))) + +(BG_PUSH + ;; Why axiom pset_included_range_all + (FORALL (ps a b c d) (pset_included (pset_range ps a b) (pset_all ps)))) + +(BG_PUSH + ;; Why axiom in_pset_empty + (FORALL (p) (NOT (EQ (in_pset p pset_empty) |@true|)))) + +(BG_PUSH + ;; Why axiom in_pset_singleton + (FORALL (p q) (IFF (EQ (in_pset p (pset_singleton q)) |@true|) (EQ p q)))) + +(BG_PUSH + ;; Why axiom in_pset_deref + (FORALL (p m q) + (IFF (EQ (in_pset p (pset_deref m q)) |@true|) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))))))) + +(BG_PUSH + ;; Why axiom in_pset_all + (FORALL (p q) + (IFF (EQ (in_pset p (pset_all q)) |@true|) + (EXISTS (i) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))) + +(BG_PUSH + ;; Why axiom in_pset_range + (FORALL (p q a b) + (IFF (EQ (in_pset p (pset_range q a b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_left + (FORALL (p q b) + (IFF (EQ (in_pset p (pset_range_left q b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_right + (FORALL (p q a) + (IFF (EQ (in_pset p (pset_range_right q a)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_union + (FORALL (p s1 s2) + (IFF (EQ (in_pset p (pset_union s1 s2)) |@true|) + (OR (EQ (in_pset p s1) |@true|) (EQ (in_pset p s2) |@true|))))) + +(BG_PUSH + ;; Why axiom valid_pset_empty + (FORALL (a) (EQ (valid_pset a pset_empty) |@true|))) + +(BG_PUSH + ;; Why axiom valid_pset_singleton + (FORALL (a p) + (IFF (EQ (valid_pset a (pset_singleton p)) |@true|) (valid a p)))) + +(BG_PUSH + ;; Why axiom valid_pset_deref + (FORALL (a m q) + (IFF (EQ (valid_pset a (pset_deref m q)) |@true|) + (FORALL (r p) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))) (valid a p)))))) + +(BG_PUSH + ;; Why axiom valid_pset_range + (FORALL (a q c d) + (IFF (EQ (valid_pset a (pset_range q c d)) |@true|) + (FORALL (i r) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (AND (<= c i) (<= i d))) + (valid a (shift r i))))))) + +(BG_PUSH + ;; Why axiom valid_pset_union + (FORALL (a s1 s2) + (IFF (EQ (valid_pset a (pset_union s1 s2)) |@true|) + (AND (EQ (valid_pset a s1) |@true|) (EQ (valid_pset a s2) |@true|))))) + +(DEFPRED (not_assigns a m1 m2 l) + (FORALL (p) + (IMPLIES (AND (valid a p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (select m2 p) (select m1 p))))) + +(BG_PUSH + ;; Why axiom not_assigns_refl + (FORALL (a m l) (not_assigns a m m l))) + +(BG_PUSH + ;; Why axiom not_assigns_trans + (FORALL (a m1 m2 m3 l) + (IMPLIES (not_assigns a m1 m2 l) + (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))) + + (FORALL (a m1 m2 l) + (IMPLIES (not_assigns a m1 m2 l) + (FORALL (m3) (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))))) + +(BG_PUSH + ;; Why axiom full_separated_shift1 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift2 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift3 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift4 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom subtag_bool_def + (FORALL (t1 t2) + (IFF (EQ (subtag_bool t1 t2) |@true|) (EQ (subtag t1 t2) |@true|)))) + +(BG_PUSH + ;; Why axiom subtag_refl + (FORALL (t) (EQ (subtag t t) |@true|))) + +(BG_PUSH + ;; Why axiom subtag_parent + (FORALL (t1 t2 t3) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))) + + (FORALL (t1 t2) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (FORALL (t3) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))))) + +(DEFPRED (instanceof a p t) (EQ (subtag (typeof a p) t) |@true|)) + +(BG_PUSH + ;; Why axiom downcast_instanceof + (FORALL (a p s) (IMPLIES (instanceof a p s) (EQ (downcast a p s) p)))) + +(BG_PUSH + ;; Why axiom bottom_tag_axiom + (FORALL (t) (EQ (subtag t bottom_tag) |@true|))) + +(DEFPRED (root_tag t) (EQ (parenttag t bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom root_subtag + (FORALL (a b c) + (IMPLIES (root_tag a) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|))))))) + + (FORALL (a) + (IMPLIES (root_tag a) + (FORALL (b) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (FORALL (c) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|)))))))))) + +(DEFPRED (fully_packed tag_table mutable this) + (EQ (select mutable this) (typeof tag_table this))) + +(BG_PUSH + ;; Why axiom bw_and_not_null + (FORALL (a b) (IMPLIES (NEQ (bw_and a b) 0) (AND (NEQ a 0) (NEQ b 0))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsl a b))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_monotone + (FORALL (a1 a2 b) + (IMPLIES (AND (<= 0 a1) (AND (<= a1 a2) (<= 0 b))) + (<= (lsl a1 b) (lsl a2 b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_decreases + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_positive_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (asr a b))))) + +(BG_PUSH + ;; Why axiom asr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (asr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_lsr_same_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (asr a b) (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsl_of_lsr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsl (lsr a b) b) a)))) + +(BG_PUSH + ;; Why axiom lsr_of_lsl_identity_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (lsr (lsl a b) b) a)))) + +(DEFPRED (alloc_fresh a p n) + (FORALL (i) (IMPLIES (AND (<= 0 i) (< i n)) (NOT (valid a (shift p i)))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_min + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_max + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_not_assigns_empty + (FORALL (a1 a2 m1 m2 l p n) + (IMPLIES + (AND (EQ (alloc_extends a1 a2) |@true|) + (AND (alloc_fresh a1 p n) + (AND (not_assigns a2 m1 m2 l) + (pset_included l (pset_all (pset_singleton p)))))) + (not_assigns a1 m1 m2 pset_empty)))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_min + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_max + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom disj_sym + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) (EQ (disj_mybag s2 s1) |@true|)))) + +(BG_PUSH + ;; Why axiom sub_refl + (FORALL (sa) (EQ (sub_mybag sa sa) |@true|))) + +(BG_PUSH + ;; Why axiom sub_disj + (FORALL (s1 s2 s3) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))) + + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (FORALL (s3) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))))) + +(BG_PUSH + ;; Why axiom sub_in + (FORALL (s1 s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))) + + (FORALL (s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (FORALL (s1) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_refl + (FORALL (sa m) (EQ (frame_between sa m m) |@true|))) + +(BG_PUSH + ;; Why axiom frame_between_gen + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (FORALL (v) (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen2 + (FORALL (sa m1 m2 m3) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub1 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 s13) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (FORALL (m2 m1) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s23 m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub2 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 m1 m2) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s13 s23) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_pointer + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (EQ (select m1 p) (select m2 p))))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (FORALL (v) (EQ (select m1 p) (select m2 p)))))))) + +(BG_PUSH + ;; Why axiom frame_between_sub + (FORALL (sa sb m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (sb) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))))) + +(BG_PUSH + ;; Why axiom Exception_parenttag_Object + (EQ (parenttag Exception_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Isqrt_parenttag_Object + (EQ (parenttag Isqrt_tag Object_tag) |@true|)) + +(DEFPRED (Non_null_Object x_0 Object_alloc_table) + (>= (offset_max Object_alloc_table x_0) 0)) + +(BG_PUSH + ;; Why axiom Object_int + (EQ (int_of_tag Object_tag) 1)) + +(BG_PUSH + ;; Why axiom Object_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (Object_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom Object_parenttag_bottom + (EQ (parenttag Object_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Object_tags + (FORALL (x Object_tag_table) (instanceof Object_tag_table x Object_tag))) + +(BG_PUSH + ;; Why axiom String_parenttag_Object + (EQ (parenttag String_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Throwable_parenttag_Object + (EQ (parenttag Throwable_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom interface_int + (EQ (int_of_tag interface_tag) 1)) + +(BG_PUSH + ;; Why axiom interface_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (interface_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom interface_parenttag_bottom + (EQ (parenttag interface_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom interface_tags + (FORALL (x interface_tag_table) + (instanceof interface_tag_table x interface_tag))) + +(DEFPRED (left_valid_struct_Object p a Object_alloc_table) + (<= (offset_min Object_alloc_table p) a)) + +(DEFPRED (left_valid_struct_Exception p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Isqrt p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_String p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Throwable p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_interface p a interface_alloc_table) + (<= (offset_min interface_alloc_table p) a)) + +(BG_PUSH + ;; Why axiom pointer_addr_of_Object_of_pointer_address + (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_interface_of_pointer_address + (FORALL (p) (EQ p (pointer_address (interface_of_pointer_address p))))) + +(DEFPRED (right_valid_struct_Object p b Object_alloc_table) + (>= (offset_max Object_alloc_table p) b)) + +(DEFPRED (right_valid_struct_Exception p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Isqrt p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_String p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Throwable p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_interface p b interface_alloc_table) + (>= (offset_max interface_alloc_table p) b)) + +(BG_PUSH + ;; Why axiom sqr_def + (FORALL (x_2) (EQ (sqr x_2) (* x_2 x_2)))) + +(DEFPRED (strict_valid_root_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_root_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Exception p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Isqrt p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_String p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Throwable p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_root_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_root_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_struct_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_struct_Exception p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Isqrt p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_String p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Throwable p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +;; Isqrt_isqrt_ensures_default_po_1, File "HOME/tests/java/Isqrt.java", line 44, characters 21-31 +(FORALL (x_0_0) (IMPLIES (>= x_0_0 0) (>= 0 0))) + +;; Isqrt_isqrt_ensures_default_po_2, File "HOME/tests/java/Isqrt.java", line 44, characters 35-50 +(FORALL (x_0_0) (IMPLIES (>= x_0_0 0) (>= x_0_0 (sqr 0)))) + +;; Isqrt_isqrt_ensures_default_po_3, File "HOME/tests/java/Isqrt.java", line 44, characters 54-73 +(FORALL (x_0_0) (IMPLIES (>= x_0_0 0) (EQ 1 (sqr (+ 0 1))))) + +;; Isqrt_isqrt_ensures_default_po_4, File "HOME/tests/java/Isqrt.java", line 44, characters 21-31 +(FORALL (x_0_0) +(IMPLIES (>= x_0_0 0) +(FORALL (count) +(FORALL (sum) +(IMPLIES (AND (>= count 0) + (AND (>= x_0_0 (sqr count)) (EQ sum (sqr (+ count 1))))) +(IMPLIES (<= sum x_0_0) +(FORALL (count0) +(IMPLIES (EQ count0 (+ count 1)) +(FORALL (sum0) (IMPLIES (EQ sum0 (+ sum (+ (* 2 count0) 1))) (>= count0 0))))))))))) + +;; Isqrt_isqrt_ensures_default_po_5, File "HOME/tests/java/Isqrt.java", line 44, characters 35-50 +(FORALL (x_0_0) +(IMPLIES (>= x_0_0 0) +(FORALL (count) +(FORALL (sum) +(IMPLIES (AND (>= count 0) + (AND (>= x_0_0 (sqr count)) (EQ sum (sqr (+ count 1))))) +(IMPLIES (<= sum x_0_0) +(FORALL (count0) +(IMPLIES (EQ count0 (+ count 1)) +(FORALL (sum0) +(IMPLIES (EQ sum0 (+ sum (+ (* 2 count0) 1))) (>= x_0_0 (sqr count0)))))))))))) + +;; Isqrt_isqrt_ensures_default_po_6, File "HOME/tests/java/Isqrt.java", line 44, characters 54-73 +(FORALL (x_0_0) +(IMPLIES (>= x_0_0 0) +(FORALL (count) +(FORALL (sum) +(IMPLIES (AND (>= count 0) + (AND (>= x_0_0 (sqr count)) (EQ sum (sqr (+ count 1))))) +(IMPLIES (<= sum x_0_0) +(FORALL (count0) +(IMPLIES (EQ count0 (+ count 1)) +(FORALL (sum0) +(IMPLIES (EQ sum0 (+ sum (+ (* 2 count0) 1))) (EQ sum0 (sqr (+ count0 1))))))))))))) + +;; Isqrt_isqrt_ensures_default_po_7, File "HOME/tests/java/Isqrt.java", line 40, characters 12-24 +(FORALL (x_0_0) +(IMPLIES (>= x_0_0 0) +(FORALL (count) +(FORALL (sum) +(IMPLIES (AND (>= count 0) + (AND (>= x_0_0 (sqr count)) (EQ sum (sqr (+ count 1))))) +(IMPLIES (> sum x_0_0) +(FORALL (return) (IMPLIES (EQ return count) (>= return 0))))))))) + +;; Isqrt_isqrt_ensures_default_po_8, File "HOME/tests/java/Isqrt.java", line 40, characters 28-45 +(FORALL (x_0_0) +(IMPLIES (>= x_0_0 0) +(FORALL (count) +(FORALL (sum) +(IMPLIES (AND (>= count 0) + (AND (>= x_0_0 (sqr count)) (EQ sum (sqr (+ count 1))))) +(IMPLIES (> sum x_0_0) +(FORALL (return) (IMPLIES (EQ return count) (<= (sqr return) x_0_0))))))))) + +;; Isqrt_isqrt_ensures_default_po_9, File "HOME/tests/java/Isqrt.java", line 40, characters 49-69 +(FORALL (x_0_0) +(IMPLIES (>= x_0_0 0) +(FORALL (count) +(FORALL (sum) +(IMPLIES (AND (>= count 0) + (AND (>= x_0_0 (sqr count)) (EQ sum (sqr (+ count 1))))) +(IMPLIES (> sum x_0_0) +(FORALL (return) (IMPLIES (EQ return count) (< x_0_0 (sqr (+ return 1))))))))))) + +;; Isqrt_isqrt_safety_po_1, File "HOME/tests/java/Isqrt.java", line 45, characters 20-29 +(FORALL (x_0_0) +(IMPLIES (>= x_0_0 0) +(FORALL (count) +(FORALL (sum) +(IMPLIES TRUE +(IMPLIES (AND (>= count 0) + (AND (>= x_0_0 (sqr count)) (EQ sum (sqr (+ count 1))))) +(IMPLIES (<= sum x_0_0) +(FORALL (count0) +(IMPLIES (EQ count0 (+ count 1)) +(FORALL (sum0) +(IMPLIES (EQ sum0 (+ sum (+ (* 2 count0) 1))) (<= 0 (- x_0_0 count))))))))))))) + +;; Isqrt_isqrt_safety_po_2, File "HOME/tests/java/Isqrt.java", line 45, characters 20-29 +(FORALL (x_0_0) +(IMPLIES (>= x_0_0 0) +(FORALL (count) +(FORALL (sum) +(IMPLIES TRUE +(IMPLIES (AND (>= count 0) + (AND (>= x_0_0 (sqr count)) (EQ sum (sqr (+ count 1))))) +(IMPLIES (<= sum x_0_0) +(FORALL (count0) +(IMPLIES (EQ count0 (+ count 1)) +(FORALL (sum0) +(IMPLIES (EQ sum0 (+ sum (+ (* 2 count0) 1))) +(< (- x_0_0 count0) (- x_0_0 count))))))))))))) + +;; Isqrt_main_ensures_default_po_1, File "HOME/tests/java/Isqrt.java", line 55, characters 13-28 +(IMPLIES TRUE +(FORALL (result) +(IMPLIES (AND (>= result 0) + (AND (<= (sqr result) 17) (< 17 (sqr (+ result 1))))) +(FORALL (r) (IMPLIES (EQ r result) (IMPLIES (< r 4) (EQ |@false| |@true|))))))) + +;; Isqrt_main_ensures_default_po_2, File "HOME/tests/java/Isqrt.java", line 56, characters 13-28 +(IMPLIES TRUE +(FORALL (result) +(IMPLIES (AND (>= result 0) + (AND (<= (sqr result) 17) (< 17 (sqr (+ result 1))))) +(FORALL (r) +(IMPLIES (EQ r result) +(IMPLIES (IMPLIES (< r 4) (EQ |@false| |@true|)) +(IMPLIES (> r 4) (EQ |@false| |@true|)))))))) + +;; Isqrt_main_ensures_default_po_3, File "HOME/tests/java/Isqrt.java", line 51, characters 12-24 +(IMPLIES TRUE +(FORALL (result) +(IMPLIES (AND (>= result 0) + (AND (<= (sqr result) 17) (< 17 (sqr (+ result 1))))) +(FORALL (r) +(IMPLIES (EQ r result) +(IMPLIES (IMPLIES (< r 4) (EQ |@false| |@true|)) +(IMPLIES (IMPLIES (> r 4) (EQ |@false| |@true|)) +(FORALL (return) (IMPLIES (EQ return r) (EQ return 4)))))))))) + +;; Isqrt_main_safety_po_1, File "HOME/tests/java/Isqrt.java", line 54, characters 6-15 +(IMPLIES TRUE (>= 17 0)) + +========== running Simplify ========== +Running Simplify on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +simplify/Isqrt_why.sx : .....?...?.??.. (11/0/4/0/0) +total : 15 +valid : 11 ( 73%) +invalid : 0 ( 0%) +unknown : 4 ( 27%) +timeout : 0 ( 0%) +failure : 0 ( 0%) +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/Isqrt.why +========== file tests/java/why/Isqrt_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type interface + +logic Exception_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +logic Isqrt_tag : Object tag_id + +axiom Isqrt_parenttag_Object: parenttag(Isqrt_tag, Object_tag) + +predicate Non_null_Object(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= 0) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Isqrt(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Isqrt(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +function sqr(x_2: int) : int = (x_2 * x_2) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Isqrt(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Isqrt(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +goal Isqrt_isqrt_ensures_default_po_1: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + ("JC_44": ("JC_41": (0 >= 0))) + +goal Isqrt_isqrt_ensures_default_po_2: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + ("JC_44": ("JC_42": (x_0_0 >= sqr(0)))) + +goal Isqrt_isqrt_ensures_default_po_3: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + ("JC_44": ("JC_43": (1 = sqr((0 + 1))))) + +goal Isqrt_isqrt_ensures_default_po_4: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum <= x_0_0) -> + forall count0:int. + (count0 = (count + 1)) -> + forall sum0:int. + (sum0 = (sum + ((2 * count0) + 1))) -> + ("JC_44": ("JC_41": (count0 >= 0))) + +goal Isqrt_isqrt_ensures_default_po_5: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum <= x_0_0) -> + forall count0:int. + (count0 = (count + 1)) -> + forall sum0:int. + (sum0 = (sum + ((2 * count0) + 1))) -> + ("JC_44": ("JC_42": (x_0_0 >= sqr(count0)))) + +goal Isqrt_isqrt_ensures_default_po_6: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum <= x_0_0) -> + forall count0:int. + (count0 = (count + 1)) -> + forall sum0:int. + (sum0 = (sum + ((2 * count0) + 1))) -> + ("JC_44": ("JC_43": (sum0 = sqr((count0 + 1))))) + +goal Isqrt_isqrt_ensures_default_po_7: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum > x_0_0) -> + forall return:int. + (return = count) -> + ("JC_26": ("JC_23": (return >= 0))) + +goal Isqrt_isqrt_ensures_default_po_8: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum > x_0_0) -> + forall return:int. + (return = count) -> + ("JC_26": ("JC_24": (sqr(return) <= x_0_0))) + +goal Isqrt_isqrt_ensures_default_po_9: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_44": + (("JC_41": (count >= 0)) and + (("JC_42": (x_0_0 >= sqr(count))) and ("JC_43": (sum = sqr((count + 1))))))) -> + (sum > x_0_0) -> + forall return:int. + (return = count) -> + ("JC_26": ("JC_25": (x_0_0 < sqr((return + 1))))) + +goal Isqrt_isqrt_safety_po_1: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_38": true) -> + ("JC_36": + (("JC_33": (count >= 0)) and + (("JC_34": (x_0_0 >= sqr(count))) and ("JC_35": (sum = sqr((count + 1))))))) -> + (sum <= x_0_0) -> + forall count0:int. + (count0 = (count + 1)) -> + forall sum0:int. + (sum0 = (sum + ((2 * count0) + 1))) -> + (0 <= ("JC_40": (x_0_0 - count))) + +goal Isqrt_isqrt_safety_po_2: + forall x_0_0:int. + ("JC_21": (x_0_0 >= 0)) -> + forall count:int. + forall sum:int. + ("JC_38": true) -> + ("JC_36": + (("JC_33": (count >= 0)) and + (("JC_34": (x_0_0 >= sqr(count))) and ("JC_35": (sum = sqr((count + 1))))))) -> + (sum <= x_0_0) -> + forall count0:int. + (count0 = (count + 1)) -> + forall sum0:int. + (sum0 = (sum + ((2 * count0) + 1))) -> + (("JC_40": (x_0_0 - count0)) < ("JC_40": (x_0_0 - count))) + +goal Isqrt_main_ensures_default_po_1: + ("JC_51": true) -> + forall result:int. + ("JC_30": + (("JC_27": (result >= 0)) and + (("JC_28": (sqr(result) <= 17)) and ("JC_29": (17 < sqr((result + 1))))))) -> + forall r:int. + (r = result) -> + (r < 4) -> + ("JC_60": (false = true)) + +goal Isqrt_main_ensures_default_po_2: + ("JC_51": true) -> + forall result:int. + ("JC_30": + (("JC_27": (result >= 0)) and + (("JC_28": (sqr(result) <= 17)) and ("JC_29": (17 < sqr((result + 1))))))) -> + forall r:int. + (r = result) -> + ("JC_60": ((r < 4) -> (false = true))) -> + (r > 4) -> + ("JC_61": (false = true)) + +goal Isqrt_main_ensures_default_po_3: + ("JC_51": true) -> + forall result:int. + ("JC_30": + (("JC_27": (result >= 0)) and + (("JC_28": (sqr(result) <= 17)) and ("JC_29": (17 < sqr((result + 1))))))) -> + forall r:int. + (r = result) -> + ("JC_60": ((r < 4) -> (false = true))) -> + ("JC_61": ((r > 4) -> (false = true))) -> + forall return:int. + (return = r) -> + ("JC_52": (return = 4)) + +goal Isqrt_main_safety_po_1: + ("JC_51": true) -> + ("JC_19": (17 >= 0)) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/Isqrt_why.why : .....?...?..?.. (12/0/3/0/0) +total : 15 +valid : 12 ( 80%) +invalid : 0 ( 0%) +unknown : 3 ( 20%) +timeout : 0 ( 0%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/Literals.res.oracle why-2.30+dfsg/tests/java/oracle/Literals.res.oracle --- why-2.29+dfsg/tests/java/oracle/Literals.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Literals.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,35 @@ ========== file tests/java/Literals.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + class Literals { public static final int x = 0xbad; @@ -11,6 +42,15 @@ } } + + +/* +Local Variables: +compile-command: "make Literals.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -35,11 +75,14 @@ type char = 0..65535 predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) logic int32 Literals_x = 2989 +String[0..] any_string() +; + tag Object = { } @@ -94,7 +137,7 @@ [Literals_f] name = "Method f" file = "HOME/tests/java/Literals.java" -line = 7 +line = 38 begin = 8 end = 9 @@ -107,13 +150,13 @@ [K_1] file = "HOME/tests/java/Literals.java" -line = 5 +line = 36 begin = 16 end = 30 [K_2] file = "HOME/tests/java/Literals.java" -line = 8 +line = 39 begin = 9 end = 14 @@ -135,10 +178,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Literals.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Literals_why.sx @@ -199,6 +243,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Literals_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Literals_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -271,6 +322,9 @@ why3ide: why/Literals_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Literals.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Literals.depend depend: coq/Literals_why.v @@ -282,9 +336,9 @@ ========== file tests/java/Literals.loc ========== [JC_1] file = "HOME/tests/java/Literals.jc" -line = 45 -begin = 8 -end = 23 +line = 23 +begin = 12 +end = 22 [JC_2] file = "HOME/" @@ -294,9 +348,9 @@ [JC_3] file = "HOME/tests/java/Literals.jc" -line = 45 -begin = 8 -end = 23 +line = 23 +begin = 12 +end = 22 [cons_Literals_safety] name = "Constructor of class Literals" @@ -332,7 +386,7 @@ [cons_Literals_ensures_default] name = "Constructor of class Literals" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -346,29 +400,29 @@ [JC_9] file = "HOME/tests/java/Literals.jc" -line = 47 -begin = 11 -end = 65 +line = 48 +begin = 8 +end = 23 [Literals_f_ensures_default] name = "Method f" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Literals.java" -line = 7 +line = 38 begin = 8 end = 9 [JC_10] -file = "HOME/tests/java/Literals.jc" -line = 47 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_11] -file = "HOME/tests/java/Literals.java" -line = 7 +file = "HOME/tests/java/Literals.jc" +line = 48 begin = 8 -end = 9 +end = 23 [JC_12] file = "HOME/" @@ -377,16 +431,16 @@ end = -1 [JC_13] -file = "HOME/tests/java/Literals.java" -line = 7 -begin = 8 -end = 9 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [Literals_f_safety] name = "Method f" behavior = "Safety" file = "HOME/tests/java/Literals.java" -line = 7 +line = 38 begin = 8 end = 9 @@ -397,72 +451,120 @@ end = -1 [JC_15] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_16] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_17] +file = "HOME/tests/java/Literals.jc" +line = 50 +begin = 11 +end = 65 + +[JC_18] +file = "HOME/tests/java/Literals.jc" +line = 50 +begin = 11 +end = 65 + +[JC_19] +file = "HOME/tests/java/Literals.java" +line = 38 +begin = 8 +end = 9 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_21] +file = "HOME/tests/java/Literals.java" +line = 38 +begin = 8 +end = 9 + +[JC_22] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_23] file = "HOME/tests/java/Literals.java" -line = 5 +line = 36 begin = 16 end = 30 -[JC_16] +[JC_24] file = "HOME/tests/java/Literals.java" -line = 5 +line = 36 begin = 16 end = 30 -[JC_17] +[JC_25] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_18] +[JC_26] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_19] +[JC_27] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_20] +[JC_28] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_21] +[JC_29] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_22] +[JC_30] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_23] +[JC_31] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_24] +[JC_32] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_25] +[JC_33] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_26] +[JC_34] file = "HOME/" line = 0 begin = -1 @@ -483,8 +585,6 @@ type short -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id @@ -499,13 +599,9 @@ function Literals_x() : int32 = int32_of_integer((2989)) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -522,14 +618,10 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -543,6 +635,11 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_byte(byte_of_integer(x)), x))) +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + axiom byte_range : (forall x:byte. (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) @@ -556,6 +653,11 @@ ((le_int((0), x) and le_int(x, (65535))) -> eq_int(integer_of_char(char_of_integer(x)), x))) +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + axiom char_range : (forall x:char. (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) @@ -586,6 +688,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -639,6 +746,11 @@ ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> eq_int(integer_of_long(long_of_integer(x)), x))) +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + axiom long_range : (forall x:long. (le_int((-9223372036854775808), integer_of_long(x)) @@ -682,6 +794,11 @@ ((le_int((-32768), x) and le_int(x, (32767))) -> eq_int(integer_of_short(short_of_integer(x)), x))) +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + axiom short_range : (forall x:short. (le_int((-32768), integer_of_short(x)) @@ -723,32 +840,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Literals(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -785,127 +876,29 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +exception Exception_exc of Object pointer + parameter Object_alloc_table : Object alloc_table ref parameter Literals_f : this_0:Object pointer -> { } int32 reads Object_alloc_table - { (JC_16: eq_int(integer_of_int32(result), (13))) } + { (JC_24: (integer_of_int32(result) = (13))) } parameter Literals_f_requires : this_0:Object pointer -> { } int32 reads Object_alloc_table - { (JC_16: eq_int(integer_of_int32(result), (13))) } - -parameter Object_tag_table : Object tag_table ref - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Literals : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Literals(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Literals_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Literals(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + { (JC_24: (integer_of_int32(result) = (13))) } -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_continue_exc of unit -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Loop_exit_exc of unit -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1059,6 +1052,10 @@ parameter any_short : unit -> { } short { true } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter byte_of_integer_ : x:int -> { (le_int((-128), x) and le_int(x, (127)))} byte @@ -1088,15 +1085,15 @@ parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter safe_byte_of_integer_ : @@ -1129,7 +1126,7 @@ (let x_2 = (safe_int32_of_integer_ (K_2: (2989))) in begin (return := (safe_int32_of_integer_ (13))); (raise Return) end); absurd end with Return -> !return end)) - { (JC_15: eq_int(integer_of_int32(result), (13))) } + { (JC_23: (integer_of_int32(result) = (13))) } let Literals_f_safety = fun (this_0 : Object pointer) -> @@ -1146,7 +1143,7 @@ fun (this_1 : Object pointer) -> { valid_struct_Literals(this_1, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_23: true) } + { (JC_31: true) } let cons_Literals_safety = fun (this_1 : Object pointer) -> @@ -1161,9 +1158,9 @@ - + - + @@ -2132,7 +2129,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -2166,6 +2163,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -2178,6 +2179,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -2208,6 +2213,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -2261,6 +2271,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -2305,6 +2319,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -2345,32 +2364,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Literals(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -2418,7 +2411,7 @@ (integer_of_int32(result0) = 13) -> forall return:int32. (return = result0) -> - ("JC_15": (integer_of_int32(return) = 13)) + ("JC_23": (integer_of_int32(return) = 13)) ========== generation of Simplify VC output ========== why -simplify [...] why/Literals.why @@ -3250,7 +3243,7 @@ (EQ Literals_x (int32_of_integer 2989))) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -3283,6 +3276,11 @@ (EQ (integer_of_byte (byte_of_integer x)) x)))) (BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom byte_range (FORALL (x) (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) @@ -3294,6 +3292,11 @@ (EQ (integer_of_char (char_of_integer x)) x)))) (BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom char_range (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) @@ -3316,6 +3319,11 @@ (EQ (integer_of_int32 (int32_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int32_range (FORALL (x) (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) @@ -3365,6 +3373,11 @@ (EQ (integer_of_long (long_of_integer x)) x)))) (BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom long_range (FORALL (x) (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) @@ -3403,6 +3416,11 @@ (EQ (integer_of_short (short_of_integer x)) x)))) (BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom short_range (FORALL (x) (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) @@ -3435,26 +3453,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Literals p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -3483,7 +3481,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; Literals_f_ensures_default_po_1, File "HOME/tests/java/Literals.java", line 5, characters 16-30 +;; Literals_f_ensures_default_po_1, File "HOME/tests/java/Literals.java", line 36, characters 16-30 (FORALL (this_0) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Literals this_0 0 0 Object_alloc_table) @@ -4466,7 +4464,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -4500,6 +4498,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -4512,6 +4514,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -4542,6 +4548,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -4595,6 +4606,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -4639,6 +4654,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -4679,32 +4699,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Literals(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -4751,7 +4745,7 @@ (integer_of_int32(result0) = 13) -> forall return:int32. (return = result0) -> - ("JC_15": (integer_of_int32(return) = 13)) + ("JC_23": (integer_of_int32(return) = 13)) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations diff -Nru why-2.29+dfsg/tests/java/oracle/MacCarthy.res.oracle why-2.30+dfsg/tests/java/oracle/MacCarthy.res.oracle --- why-2.29+dfsg/tests/java/oracle/MacCarthy.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/MacCarthy.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,11 +1,38 @@ ========== file tests/java/MacCarthy.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ /* McCarthy's ``91'' function. */ -//@+ CheckArithOverflow = no - - public class MacCarthy { /*@ decreases 101-n ; @@ -24,7 +51,16 @@ return n - 10; } -}========== krakatoa execution ========== +} + +/* +Local Variables: +compile-command: "make MacCarthy.why3ml" +End: +*/ + + +========== krakatoa execution ========== Parsing OK. Typing OK. Generating JC function MacCarthy_f91 for method MacCarthy.f91 @@ -49,8 +85,21 @@ # AnnotationPolicy = None # AbstractDomain = None +type byte = -128..127 + +type short = -32768..32767 + +type int32 = -2147483648..2147483647 + +type long = -9223372036854775808..9223372036854775807 + +type char = 0..65535 + predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -83,7 +132,7 @@ exception Exception of Exception[0..] -integer MacCarthy_f91(integer n) +int32 MacCarthy_f91(int32 n) decreases (K_3 : (101 - n)); behavior less_than_101: assumes (n <= 100); @@ -92,8 +141,8 @@ assumes (n >= 101); ensures (K_2 : (\result == (n - 10))); { (if (K_8 : (n <= 100)) then - (return (K_7 : MacCarthy_f91((K_6 : MacCarthy_f91((K_5 : (n + 11))))))) else - (return (K_4 : (n - 10)))) + (return (K_7 : MacCarthy_f91((K_6 : MacCarthy_f91((K_5 : ((n + 11) :> int32))))))) else + (return (K_4 : ((n - 10) :> int32)))) } unit cons_MacCarthy(! MacCarthy[0] this_1){()} @@ -101,7 +150,7 @@ unit Object_registerNatives() ; -integer Object_hashCode(Object[0] this_2) +int32 Object_hashCode(Object[0] this_2) ; boolean Object_equals(Object[0] this_3, Object[0..] obj) @@ -119,10 +168,10 @@ unit Object_notifyAll(Object[0] this_7) ; -unit Object_wait_long(Object[0] this_8, integer timeout) +unit Object_wait_long(Object[0] this_8, long timeout) ; -unit Object_wait_long_int(Object[0] this_9, integer timeout_0, integer nanos) +unit Object_wait_long_int(Object[0] this_9, long timeout_0, int32 nanos) ; unit Object_wait(Object[0] this_10) @@ -143,25 +192,25 @@ [MacCarthy_f91] name = "Method f91" file = "HOME/tests/java/MacCarthy.java" -line = 18 +line = 45 begin = 22 end = 25 [K_1] file = "HOME/tests/java/MacCarthy.java" -line = 13 +line = 40 begin = 18 end = 31 [K_2] file = "HOME/tests/java/MacCarthy.java" -line = 16 +line = 43 begin = 18 end = 35 [K_3] file = "HOME/tests/java/MacCarthy.java" -line = 10 +line = 37 begin = 18 end = 23 @@ -174,31 +223,31 @@ [K_4] file = "HOME/tests/java/MacCarthy.java" -line = 23 +line = 50 begin = 12 end = 18 [K_5] file = "HOME/tests/java/MacCarthy.java" -line = 20 +line = 47 begin = 20 end = 26 [K_6] file = "HOME/tests/java/MacCarthy.java" -line = 20 +line = 47 begin = 16 end = 27 [K_7] file = "HOME/tests/java/MacCarthy.java" -line = 20 +line = 47 begin = 12 end = 28 [K_8] file = "HOME/tests/java/MacCarthy.java" -line = 19 +line = 46 begin = 5 end = 13 @@ -305,10 +354,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs MacCarthy.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/MacCarthy_why.sx @@ -369,6 +419,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/MacCarthy_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/MacCarthy_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -441,6 +498,9 @@ why3ide: why/MacCarthy_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: MacCarthy.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include MacCarthy.depend depend: coq/MacCarthy_why.v @@ -469,23 +529,25 @@ end = -1 [JC_40] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = ArithOverflow +file = "HOME/tests/java/MacCarthy.java" +line = 50 +begin = 12 +end = 18 [JC_93] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 267 -begin = 29 -end = 38 - -[JC_41] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_41] +kind = UserCall +file = "HOME/tests/java/MacCarthy.java" +line = 47 +begin = 16 +end = 27 + [JC_94] file = "HOME/" line = 0 @@ -493,22 +555,24 @@ end = -1 [JC_42] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/MacCarthy.java" +line = 47 +begin = 12 +end = 28 [JC_95] file = "HOME/lib/java_api/java/lang/Object.java" -line = 267 +line = 243 begin = 29 -end = 38 +end = 35 [JC_43] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/MacCarthy.java" +line = 47 +begin = 16 +end = 27 [JC_96] file = "HOME/" @@ -517,22 +581,30 @@ end = -1 [JC_44] +kind = UserCall +file = "HOME/tests/java/MacCarthy.java" +line = 47 +begin = 12 +end = 28 + +[JC_150] file = "HOME/" line = 0 begin = -1 end = -1 [JC_97] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 [JC_45] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 22 -begin = 31 -end = 46 +kind = UserCall +file = "HOME/tests/java/MacCarthy.java" +line = 47 +begin = 16 +end = 27 [JC_98] file = "HOME/" @@ -541,16 +613,17 @@ end = -1 [JC_46] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/MacCarthy.java" +line = 47 +begin = 12 +end = 28 [JC_1] file = "HOME/tests/java/MacCarthy.jc" -line = 32 -begin = 8 -end = 23 +line = 20 +begin = 12 +end = 22 [JC_100] file = "HOME/" @@ -565,10 +638,10 @@ end = -1 [JC_47] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 22 -begin = 31 -end = 46 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_2] file = "HOME/" @@ -577,10 +650,10 @@ end = -1 [JC_101] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 333 -begin = 29 -end = 33 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_48] file = "HOME/" @@ -590,9 +663,9 @@ [JC_3] file = "HOME/tests/java/MacCarthy.jc" -line = 32 -begin = 8 -end = 23 +line = 20 +begin = 12 +end = 22 [JC_102] file = "HOME/" @@ -614,9 +687,9 @@ [JC_103] file = "HOME/lib/java_api/java/lang/Object.java" -line = 333 +line = 267 begin = 29 -end = 33 +end = 38 [JC_5] file = "HOME/" @@ -637,10 +710,10 @@ end = -1 [JC_105] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 [JC_7] file = "HOME/" @@ -676,9 +749,9 @@ [JC_9] file = "HOME/tests/java/MacCarthy.jc" -line = 34 -begin = 11 -end = 65 +line = 45 +begin = 8 +end = 23 [JC_108] file = "HOME/" @@ -687,10 +760,10 @@ end = -1 [JC_109] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 386 -begin = 22 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_50] file = "HOME/" @@ -711,10 +784,10 @@ end = -1 [JC_53] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 74 -begin = 22 -end = 30 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_54] file = "HOME/" @@ -724,9 +797,9 @@ [JC_55] file = "HOME/lib/java_api/java/lang/Object.java" -line = 74 -begin = 22 -end = 30 +line = 22 +begin = 31 +end = 46 [JC_56] file = "HOME/" @@ -741,16 +814,16 @@ end = -1 [JC_57] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 [JC_111] file = "HOME/lib/java_api/java/lang/Object.java" -line = 386 -begin = 22 -end = 26 +line = 333 +begin = 29 +end = 33 [JC_58] file = "HOME/" @@ -771,10 +844,10 @@ end = -1 [JC_113] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 [JC_114] file = "HOME/" @@ -795,10 +868,10 @@ end = -1 [JC_117] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 430 -begin = 22 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_118] file = "HOME/" @@ -808,7 +881,7 @@ [JC_119] file = "HOME/lib/java_api/java/lang/Object.java" -line = 430 +line = 386 begin = 22 end = 26 @@ -819,10 +892,10 @@ end = -1 [JC_61] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 122 -begin = 19 -end = 25 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_62] file = "HOME/" @@ -831,22 +904,22 @@ end = -1 [JC_10] -file = "HOME/tests/java/MacCarthy.jc" -line = 34 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_63] file = "HOME/lib/java_api/java/lang/Object.java" -line = 122 -begin = 19 -end = 25 +line = 74 +begin = 22 +end = 30 [JC_11] -file = "HOME/tests/java/MacCarthy.java" -line = 18 -begin = 22 -end = 25 +file = "HOME/tests/java/MacCarthy.jc" +line = 45 +begin = 8 +end = 23 [JC_64] file = "HOME/" @@ -861,17 +934,17 @@ end = -1 [JC_65] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[JC_13] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_13] -file = "HOME/tests/java/MacCarthy.java" -line = 18 -begin = 22 -end = 25 - [JC_66] file = "HOME/" line = 0 @@ -903,10 +976,10 @@ end = -1 [JC_121] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 [JC_68] file = "HOME/" @@ -927,24 +1000,24 @@ end = -1 [JC_69] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 184 -begin = 28 -end = 33 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [MacCarthy_f91_ensures_greater_than_100] name = "Method f91" -behavior = "Normal behavior `greater_than_100'" +behavior = "Behavior `greater_than_100'" file = "HOME/tests/java/MacCarthy.java" -line = 18 +line = 45 begin = 22 end = 25 [JC_17] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/MacCarthy.jc" +line = 47 +begin = 11 +end = 65 [JC_123] file = "HOME/" @@ -953,10 +1026,10 @@ end = -1 [JC_18] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/MacCarthy.jc" +line = 47 +begin = 11 +end = 65 [JC_124] file = "HOME/" @@ -966,15 +1039,15 @@ [JC_19] file = "HOME/tests/java/MacCarthy.java" -line = 13 -begin = 18 -end = 31 +line = 45 +begin = 22 +end = 25 [JC_125] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 481 -begin = 19 -end = 27 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_126] file = "HOME/" @@ -984,9 +1057,9 @@ [JC_127] file = "HOME/lib/java_api/java/lang/Object.java" -line = 481 -begin = 19 -end = 27 +line = 430 +begin = 22 +end = 26 [JC_128] file = "HOME/" @@ -995,16 +1068,16 @@ end = -1 [JC_129] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 [MacCarthy_f91_ensures_default] name = "Method f91" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/MacCarthy.java" -line = 18 +line = 45 begin = 22 end = 25 @@ -1016,9 +1089,9 @@ [JC_71] file = "HOME/lib/java_api/java/lang/Object.java" -line = 184 -begin = 28 -end = 33 +line = 122 +begin = 19 +end = 25 [cons_MacCarthy_safety] name = "Constructor of class MacCarthy" @@ -1035,22 +1108,22 @@ end = -1 [JC_20] -file = "HOME/tests/java/MacCarthy.java" -line = 13 -begin = 18 -end = 31 - -[JC_73] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_73] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + [JC_21] file = "HOME/tests/java/MacCarthy.java" -line = 16 -begin = 18 -end = 35 +line = 45 +begin = 22 +end = 25 [JC_74] file = "HOME/" @@ -1059,10 +1132,10 @@ end = -1 [JC_22] -file = "HOME/tests/java/MacCarthy.java" -line = 16 -begin = 18 -end = 35 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_75] file = "HOME/" @@ -1071,11 +1144,10 @@ end = -1 [JC_23] -kind = UserCall -file = "HOME/tests/java/MacCarthy.java" -line = 20 -begin = 16 -end = 27 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_76] file = "HOME/" @@ -1084,14 +1156,14 @@ end = -1 [JC_24] -file = "HOME/tests/java/MacCarthy.java" -line = 10 -begin = 18 -end = 23 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [cons_Object_ensures_default] name = "Constructor of class Object" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -1104,16 +1176,16 @@ end = -1 [JC_77] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 207 -begin = 18 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_25] -file = "HOME/tests/java/MacCarthy.java" -line = 10 -begin = 18 -end = 23 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_131] file = "HOME/" @@ -1128,11 +1200,10 @@ end = -1 [JC_26] -kind = VarDecr -file = "HOME/tests/java/MacCarthy.java" -line = 20 -begin = 16 -end = 27 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_132] file = "HOME/" @@ -1142,16 +1213,15 @@ [JC_79] file = "HOME/lib/java_api/java/lang/Object.java" -line = 207 -begin = 18 -end = 26 +line = 184 +begin = 28 +end = 33 [JC_27] -kind = UserCall file = "HOME/tests/java/MacCarthy.java" -line = 20 -begin = 12 -end = 28 +line = 40 +begin = 18 +end = 31 [JC_133] file = "HOME/" @@ -1161,9 +1231,9 @@ [JC_28] file = "HOME/tests/java/MacCarthy.java" -line = 10 +line = 40 begin = 18 -end = 23 +end = 31 [JC_134] file = "HOME/" @@ -1173,15 +1243,15 @@ [JC_29] file = "HOME/tests/java/MacCarthy.java" -line = 10 +line = 43 begin = 18 -end = 23 +end = 35 [JC_135] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 [JC_136] file = "HOME/" @@ -1190,10 +1260,10 @@ end = -1 [JC_137] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 [JC_138] file = "HOME/" @@ -1214,10 +1284,10 @@ end = -1 [JC_81] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 [JC_82] file = "HOME/" @@ -1226,11 +1296,10 @@ end = -1 [JC_30] -kind = VarDecr file = "HOME/tests/java/MacCarthy.java" -line = 20 -begin = 12 -end = 28 +line = 43 +begin = 18 +end = 35 [JC_83] file = "HOME/" @@ -1240,27 +1309,27 @@ [MacCarthy_f91_ensures_less_than_101] name = "Method f91" -behavior = "Normal behavior `less_than_101'" +behavior = "Behavior `less_than_101'" file = "HOME/tests/java/MacCarthy.java" -line = 18 +line = 45 begin = 22 end = 25 -[JC_31] -kind = UserCall -file = "HOME/tests/java/MacCarthy.java" -line = 20 -begin = 16 -end = 27 - [MacCarthy_f91_safety] name = "Method f91" behavior = "Safety" file = "HOME/tests/java/MacCarthy.java" -line = 18 +line = 45 begin = 22 end = 25 +[JC_31] +kind = ArithOverflow +file = "HOME/tests/java/MacCarthy.java" +line = 47 +begin = 20 +end = 26 + [JC_84] file = "HOME/" line = 0 @@ -1270,22 +1339,21 @@ [JC_32] kind = UserCall file = "HOME/tests/java/MacCarthy.java" -line = 20 -begin = 12 -end = 28 +line = 47 +begin = 16 +end = 27 [JC_85] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 243 -begin = 29 -end = 35 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_33] -kind = UserCall file = "HOME/tests/java/MacCarthy.java" -line = 20 -begin = 16 -end = 27 +line = 37 +begin = 18 +end = 23 [JC_86] file = "HOME/" @@ -1294,11 +1362,10 @@ end = -1 [JC_34] -kind = UserCall file = "HOME/tests/java/MacCarthy.java" -line = 20 -begin = 12 -end = 28 +line = 37 +begin = 18 +end = 23 [JC_140] file = "HOME/" @@ -1308,17 +1375,23 @@ [JC_87] file = "HOME/lib/java_api/java/lang/Object.java" -line = 243 -begin = 29 -end = 35 +line = 207 +begin = 18 +end = 26 [JC_35] -kind = UserCall +kind = VarDecr file = "HOME/tests/java/MacCarthy.java" -line = 20 +line = 47 begin = 16 end = 27 +[JC_141] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_88] file = "HOME/" line = 0 @@ -1328,29 +1401,72 @@ [JC_36] kind = UserCall file = "HOME/tests/java/MacCarthy.java" -line = 20 +line = 47 begin = 12 end = 28 -[JC_89] +[JC_142] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_89] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + [JC_37] +file = "HOME/tests/java/MacCarthy.java" +line = 37 +begin = 18 +end = 23 + +[JC_143] file = "HOME/" line = 0 begin = -1 end = -1 [JC_38] +file = "HOME/tests/java/MacCarthy.java" +line = 37 +begin = 18 +end = 23 + +[JC_144] file = "HOME/" line = 0 begin = -1 end = -1 [JC_39] +kind = VarDecr +file = "HOME/tests/java/MacCarthy.java" +line = 47 +begin = 12 +end = 28 + +[JC_145] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_146] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_147] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_148] file = "HOME/" line = 0 begin = -1 @@ -1358,7 +1474,13 @@ [cons_MacCarthy_ensures_default] name = "Constructor of class MacCarthy" -behavior = "Default behavior" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_149] file = "HOME/" line = 0 begin = -1 @@ -1367,9 +1489,17 @@ ========== file tests/java/why/MacCarthy.why ========== type Object +type byte + +type char + +type int32 + type interface -exception Exception_exc of Object pointer +type long + +type short logic Exception_tag: -> Object tag_id @@ -1377,17 +1507,13 @@ axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - logic MacCarthy_tag: -> Object tag_id axiom MacCarthy_parenttag_Object : parenttag(MacCarthy_tag, Object_tag) predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -1404,18 +1530,88 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) +logic integer_of_byte: byte -> int + +logic byte_of_integer: int -> byte + +axiom byte_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_byte(byte_of_integer(x)), x))) + +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + +axiom byte_range : + (forall x:byte. + (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) + +logic integer_of_char: char -> int + +logic char_of_integer: int -> char + +axiom char_coerce : + (forall x:int. + ((le_int((0), x) and le_int(x, (65535))) -> + eq_int(integer_of_char(char_of_integer(x)), x))) + +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + +axiom char_range : + (forall x:char. + (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) + +predicate eq_byte(x:byte, y:byte) = + eq_int(integer_of_byte(x), integer_of_byte(y)) + +predicate eq_char(x:char, y:char) = + eq_int(integer_of_char(x), integer_of_char(y)) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_long: long -> int + +predicate eq_long(x:long, y:long) = + eq_int(integer_of_long(x), integer_of_long(y)) + +logic integer_of_short: short -> int + +predicate eq_short(x:short, y:short) = + eq_int(integer_of_short(x), integer_of_short(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + logic interface_tag: -> interface tag_id axiom interface_int : (int_of_tag(interface_tag) = (1)) @@ -1457,6 +1653,23 @@ interface_alloc_table:interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) +logic long_of_integer: int -> long + +axiom long_coerce : + (forall x:int. + ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> + eq_int(integer_of_long(long_of_integer(x)), x))) + +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + +axiom long_range : + (forall x:long. + (le_int((-9223372036854775808), integer_of_long(x)) + and le_int(integer_of_long(x), (9223372036854775807)))) + axiom pointer_addr_of_Object_of_pointer_address : (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -1488,6 +1701,23 @@ interface_alloc_table:interface alloc_table) = (offset_max(interface_alloc_table, p) >= b) +logic short_of_integer: int -> short + +axiom short_coerce : + (forall x:int. + ((le_int((-32768), x) and le_int(x, (32767))) -> + eq_int(integer_of_short(short_of_integer(x)), x))) + +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + +axiom short_range : + (forall x:short. + (le_int((-32768), integer_of_short(x)) + and le_int(integer_of_short(x), (32767)))) + predicate strict_valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) = a) @@ -1524,32 +1754,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_MacCarthy(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1586,17 +1790,29 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter MacCarthy_f91 : - n:int -> - { } int - { ((ge_int(n@, (101)) -> (JC_22: eq_int(result, sub_int(n, (10))))) - and (le_int(n@, (100)) -> (JC_20: eq_int(result, (91))))) } + n:int32 -> + { } int32 + { ((ge_int(integer_of_int32(n), (101)) -> + (JC_30: + (integer_of_int32(result) = sub_int(integer_of_int32(n), (10))))) + and (le_int(integer_of_int32(n), (100)) -> + (JC_28: (integer_of_int32(result) = (91))))) } parameter MacCarthy_f91_requires : - n:int -> - { } int - { ((ge_int(n@, (101)) -> (JC_22: eq_int(result, sub_int(n, (10))))) - and (le_int(n@, (100)) -> (JC_20: eq_int(result, (91))))) } + n:int32 -> + { } int32 + { ((ge_int(integer_of_int32(n), (101)) -> + (JC_30: + (integer_of_int32(result) = sub_int(integer_of_int32(n), (10))))) + and (le_int(integer_of_int32(n), (100)) -> + (JC_28: (integer_of_int32(result) = (91))))) } parameter Object_alloc_table : Object alloc_table ref @@ -1623,10 +1839,10 @@ this_11:Object pointer -> { } unit reads Object_alloc_table { true } parameter Object_hashCode : - this_2:Object pointer -> { } int reads Object_alloc_table { true } + this_2:Object pointer -> { } int32 reads Object_alloc_table { true } parameter Object_hashCode_requires : - this_2:Object pointer -> { } int reads Object_alloc_table { true } + this_2:Object pointer -> { } int32 reads Object_alloc_table { true } parameter Object_notify : this_6:Object pointer -> { } unit reads Object_alloc_table { true } @@ -1659,130 +1875,26 @@ parameter Object_wait_long : this_8:Object pointer -> - timeout:int -> { } unit reads Object_alloc_table { true } + timeout:long -> { } unit reads Object_alloc_table { true } parameter Object_wait_long_int : this_9:Object pointer -> - timeout_0:int -> nanos:int -> { } unit reads Object_alloc_table { true } + timeout_0:long -> nanos:int32 -> { } unit reads Object_alloc_table { true } parameter Object_wait_long_int_requires : this_9:Object pointer -> - timeout_0:int -> nanos:int -> { } unit reads Object_alloc_table { true } + timeout_0:long -> nanos:int32 -> { } unit reads Object_alloc_table { true } parameter Object_wait_long_requires : this_8:Object pointer -> - timeout:int -> { } unit reads Object_alloc_table { true } + timeout:long -> { } unit reads Object_alloc_table { true } parameter Object_wait_requires : this_10:Object pointer -> { } unit reads Object_alloc_table { true } -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_MacCarthy : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_MacCarthy(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_MacCarthy_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_MacCarthy(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1926,6 +2038,30 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_byte : unit -> { } byte { true } + +parameter any_char : unit -> { } char { true } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_long : unit -> { } long { true } + +parameter any_short : unit -> { } short { true } + +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + +parameter byte_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} byte + { eq_int(integer_of_byte(result), x) } + +parameter char_of_integer_ : + x:int -> + { (le_int((0), x) and le_int(x, (65535)))} char + { eq_int(integer_of_char(result), x) } + parameter cons_MacCarthy : this_1:Object pointer -> { } unit reads Object_alloc_table { true } @@ -1938,112 +2074,168 @@ parameter cons_Object_requires : this_12:Object pointer -> { } unit reads Object_alloc_table { true } +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter long_of_integer_ : + x:int -> + { (le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807)))} + long { eq_int(integer_of_long(result), x) } + parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } +parameter safe_byte_of_integer_ : + x:int -> { } byte { eq_int(integer_of_byte(result), x) } + +parameter safe_char_of_integer_ : + x:int -> { } char { eq_int(integer_of_char(result), x) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_long_of_integer_ : + x:int -> { } long { eq_int(integer_of_long(result), x) } + +parameter safe_short_of_integer_ : + x:int -> { } short { eq_int(integer_of_short(result), x) } + +parameter short_of_integer_ : + x:int -> + { (le_int((-32768), x) and le_int(x, (32767)))} short + { eq_int(integer_of_short(result), x) } + let MacCarthy_f91_ensures_default = - fun (n : int) -> - { (JC_14: true) } + fun (n : int32) -> + { (JC_22: true) } (init: - (let return = ref (any_int void) in + (let return = ref (any_int32 void) in try begin - (if (K_8: ((le_int_ n) (100))) + (if (K_8: ((le_int_ (integer_of_int32 n)) (100))) then begin (return := (K_7: (let jessie_ = (K_6: - (let jessie_ = (K_5: ((add_int n) (11))) in - (JC_31: (MacCarthy_f91 jessie_)))) in - (JC_32: (MacCarthy_f91 jessie_))))); (raise Return) end - else begin (return := (K_4: ((sub_int n) (10)))); (raise Return) end); - absurd end with Return -> !return end)) { (JC_15: true) } + (let jessie_ = + (K_5: + (safe_int32_of_integer_ ((add_int (integer_of_int32 n)) (11)))) in + (JC_41: (MacCarthy_f91 jessie_)))) in + (JC_42: (MacCarthy_f91 jessie_))))); (raise Return) end + else + begin + (return := (K_4: + (safe_int32_of_integer_ ((sub_int (integer_of_int32 n)) (10))))); + (raise Return) end); absurd end with Return -> !return end)) + { (JC_23: true) } let MacCarthy_f91_ensures_greater_than_100 = - fun (n : int) -> - { ge_int(n, (101)) } + fun (n : int32) -> + { ge_int(integer_of_int32(n), (101)) } (init: - (let return = ref (any_int void) in + (let return = ref (any_int32 void) in try begin - (if (K_8: ((le_int_ n) (100))) + (if (K_8: ((le_int_ (integer_of_int32 n)) (100))) then begin (return := (K_7: (let jessie_ = (K_6: - (let jessie_ = (K_5: ((add_int n) (11))) in - (JC_35: (MacCarthy_f91 jessie_)))) in - (JC_36: (MacCarthy_f91 jessie_))))); (raise Return) end - else begin (return := (K_4: ((sub_int n) (10)))); (raise Return) end); - absurd end with Return -> !return end)) - { (JC_21: eq_int(result, sub_int(n, (10)))) } + (let jessie_ = + (K_5: + (safe_int32_of_integer_ ((add_int (integer_of_int32 n)) (11)))) in + (JC_45: (MacCarthy_f91 jessie_)))) in + (JC_46: (MacCarthy_f91 jessie_))))); (raise Return) end + else + begin + (return := (K_4: + (safe_int32_of_integer_ ((sub_int (integer_of_int32 n)) (10))))); + (raise Return) end); absurd end with Return -> !return end)) + { (JC_29: (integer_of_int32(result) = sub_int(integer_of_int32(n), (10)))) } let MacCarthy_f91_ensures_less_than_101 = - fun (n : int) -> - { le_int(n, (100)) } + fun (n : int32) -> + { le_int(integer_of_int32(n), (100)) } (init: - (let return = ref (any_int void) in + (let return = ref (any_int32 void) in try begin - (if (K_8: ((le_int_ n) (100))) + (if (K_8: ((le_int_ (integer_of_int32 n)) (100))) then begin (return := (K_7: (let jessie_ = (K_6: - (let jessie_ = (K_5: ((add_int n) (11))) in - (JC_33: (MacCarthy_f91 jessie_)))) in - (JC_34: (MacCarthy_f91 jessie_))))); (raise Return) end - else begin (return := (K_4: ((sub_int n) (10)))); (raise Return) end); - absurd end with Return -> !return end)) - { (JC_19: eq_int(result, (91))) } + (let jessie_ = + (K_5: + (safe_int32_of_integer_ ((add_int (integer_of_int32 n)) (11)))) in + (JC_43: (MacCarthy_f91 jessie_)))) in + (JC_44: (MacCarthy_f91 jessie_))))); (raise Return) end + else + begin + (return := (K_4: + (safe_int32_of_integer_ ((sub_int (integer_of_int32 n)) (10))))); + (raise Return) end); absurd end with Return -> !return end)) + { (JC_27: (integer_of_int32(result) = (91))) } let MacCarthy_f91_safety = - fun (n : int) -> - { (JC_14: true) } + fun (n : int32) -> + { (JC_22: true) } (init: - (let return = ref (any_int void) in + (let return = ref (any_int32 void) in try begin - (if (K_8: ((le_int_ n) (100))) + (if (K_8: ((le_int_ (integer_of_int32 n)) (100))) then begin (return := (K_7: (let jessie_ = (K_6: - (let jessie_ = (K_5: ((add_int n) (11))) in - (JC_26: + (let jessie_ = + (K_5: + (JC_31: + (int32_of_integer_ ((add_int (integer_of_int32 n)) (11))))) in + (JC_35: (check - { zwf_zero((JC_25 : sub_int((101), jessie_)), - (JC_24 : sub_int((101), n))) }; - (JC_23: (MacCarthy_f91_requires jessie_)))))) in - (JC_30: + { zwf_zero((JC_34 : sub_int((101), + integer_of_int32(jessie_))), + (JC_33 : sub_int((101), integer_of_int32(n)))) }; + (JC_32: (MacCarthy_f91_requires jessie_)))))) in + (JC_39: (check - { zwf_zero((JC_29 : sub_int((101), jessie_)), - (JC_28 : sub_int((101), n))) }; - (JC_27: (MacCarthy_f91_requires jessie_))))))); + { zwf_zero((JC_38 : sub_int((101), + integer_of_int32(jessie_))), + (JC_37 : sub_int((101), integer_of_int32(n)))) }; + (JC_36: (MacCarthy_f91_requires jessie_))))))); (raise Return) end - else begin (return := (K_4: ((sub_int n) (10)))); (raise Return) end); - absurd end with Return -> !return end)) { true } + else + begin + (return := (K_4: + (JC_40: + (int32_of_integer_ ((sub_int (integer_of_int32 n)) (10)))))); + (raise Return) end); absurd end with Return -> !return end)) + { true } let cons_MacCarthy_ensures_default = fun (this_1 : Object pointer) -> { valid_struct_MacCarthy(this_1, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_41: true) } + { (JC_51: true) } let cons_MacCarthy_safety = fun (this_1 : Object pointer) -> @@ -2055,7 +2247,7 @@ fun (this_12 : Object pointer) -> { valid_struct_Object(this_12, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_137: true) } + { (JC_147: true) } let cons_Object_safety = fun (this_12 : Object pointer) -> @@ -2072,39 +2264,59 @@ - - + + - - + + - + - + + + + + + + + + + + + + + + + + - + - + - + - + - + - + @@ -3048,8 +3260,18 @@ type Object +type byte + +type char + +type int32 + type interface +type long + +type short + logic Exception_tag : Object tag_id logic Object_tag : Object tag_id @@ -3062,7 +3284,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -3087,6 +3309,77 @@ axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + logic interface_tag : interface tag_id axiom interface_int: (int_of_tag(interface_tag) = 1) @@ -3128,6 +3421,22 @@ interface_alloc_table: interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) +logic long_of_integer : int -> long + +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) + +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) + axiom pointer_addr_of_Object_of_pointer_address: (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -3160,6 +3469,22 @@ interface_alloc_table: interface alloc_table) = (offset_max(interface_alloc_table, p) >= b) +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) = a) and @@ -3196,32 +3521,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_MacCarthy(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -3260,85 +3559,151 @@ ========== file tests/java/why/MacCarthy_po1.why ========== goal MacCarthy_f91_ensures_greater_than_100_po_1: - forall n:int. - (n >= 101) -> - (n <= 100) -> - forall result:int. - ((((n + 11) >= 101) -> ("JC_22": (result = ((n + 11) - 10)))) and - (((n + 11) <= 100) -> ("JC_20": (result = 91)))) -> - forall result0:int. - (((result >= 101) -> ("JC_22": (result0 = (result - 10)))) and - ((result <= 100) -> ("JC_20": (result0 = 91)))) -> - forall return:int. - (return = result0) -> - ("JC_21": (return = (n - 10))) + forall n:int32. + (integer_of_int32(n) >= 101) -> + (integer_of_int32(n) <= 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_30": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_28": (integer_of_int32(result0) = 91)))) -> + forall result1:int32. + (((integer_of_int32(result0) >= 101) -> + ("JC_30": (integer_of_int32(result1) = (integer_of_int32(result0) - 10)))) and + ((integer_of_int32(result0) <= 100) -> + ("JC_28": (integer_of_int32(result1) = 91)))) -> + forall return:int32. + (return = result1) -> + ("JC_29": (integer_of_int32(return) = (integer_of_int32(n) - 10))) + +========== file tests/java/why/MacCarthy_po10.why ========== +goal MacCarthy_f91_safety_po_6: + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + (((-2147483648) <= (integer_of_int32(n) + 11)) and + ((integer_of_int32(n) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_30": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_28": (integer_of_int32(result0) = 91)))) -> + (("JC_38": (101 - integer_of_int32(result0))) < ("JC_37": + (101 - integer_of_int32(n)))) + +========== file tests/java/why/MacCarthy_po11.why ========== +goal MacCarthy_f91_safety_po_7: + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) > 100) -> + ((-2147483648) <= (integer_of_int32(n) - 10)) + +========== file tests/java/why/MacCarthy_po12.why ========== +goal MacCarthy_f91_safety_po_8: + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) > 100) -> + ((integer_of_int32(n) - 10) <= 2147483647) ========== file tests/java/why/MacCarthy_po2.why ========== goal MacCarthy_f91_ensures_greater_than_100_po_2: - forall n:int. - (n >= 101) -> - (n > 100) -> - forall return:int. - (return = (n - 10)) -> - ("JC_21": (return = (n - 10))) + forall n:int32. + (integer_of_int32(n) >= 101) -> + (integer_of_int32(n) > 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) - 10)) -> + forall return:int32. + (return = result) -> + ("JC_29": (integer_of_int32(return) = (integer_of_int32(n) - 10))) ========== file tests/java/why/MacCarthy_po3.why ========== goal MacCarthy_f91_ensures_less_than_101_po_1: - forall n:int. - (n <= 100) -> - (n <= 100) -> - forall result:int. - ((((n + 11) >= 101) -> ("JC_22": (result = ((n + 11) - 10)))) and - (((n + 11) <= 100) -> ("JC_20": (result = 91)))) -> - forall result0:int. - (((result >= 101) -> ("JC_22": (result0 = (result - 10)))) and - ((result <= 100) -> ("JC_20": (result0 = 91)))) -> - forall return:int. - (return = result0) -> - ("JC_19": (return = 91)) + forall n:int32. + (integer_of_int32(n) <= 100) -> + (integer_of_int32(n) <= 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_30": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_28": (integer_of_int32(result0) = 91)))) -> + forall result1:int32. + (((integer_of_int32(result0) >= 101) -> + ("JC_30": (integer_of_int32(result1) = (integer_of_int32(result0) - 10)))) and + ((integer_of_int32(result0) <= 100) -> + ("JC_28": (integer_of_int32(result1) = 91)))) -> + forall return:int32. + (return = result1) -> + ("JC_27": (integer_of_int32(return) = 91)) ========== file tests/java/why/MacCarthy_po4.why ========== goal MacCarthy_f91_ensures_less_than_101_po_2: - forall n:int. - (n <= 100) -> - (n > 100) -> - forall return:int. - (return = (n - 10)) -> - ("JC_19": (return = 91)) + forall n:int32. + (integer_of_int32(n) <= 100) -> + (integer_of_int32(n) > 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) - 10)) -> + forall return:int32. + (return = result) -> + ("JC_27": (integer_of_int32(return) = 91)) ========== file tests/java/why/MacCarthy_po5.why ========== goal MacCarthy_f91_safety_po_1: - forall n:int. - ("JC_14": true) -> - (n <= 100) -> - (0 <= ("JC_24": (101 - n))) + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + ((-2147483648) <= (integer_of_int32(n) + 11)) ========== file tests/java/why/MacCarthy_po6.why ========== goal MacCarthy_f91_safety_po_2: - forall n:int. - ("JC_14": true) -> - (n <= 100) -> - (("JC_25": (101 - (n + 11))) < ("JC_24": (101 - n))) + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + ((integer_of_int32(n) + 11) <= 2147483647) ========== file tests/java/why/MacCarthy_po7.why ========== goal MacCarthy_f91_safety_po_3: - forall n:int. - ("JC_14": true) -> - (n <= 100) -> - forall result:int. - ((((n + 11) >= 101) -> ("JC_22": (result = ((n + 11) - 10)))) and - (((n + 11) <= 100) -> ("JC_20": (result = 91)))) -> - (0 <= ("JC_28": (101 - n))) + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + (((-2147483648) <= (integer_of_int32(n) + 11)) and + ((integer_of_int32(n) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + (0 <= ("JC_33": (101 - integer_of_int32(n)))) ========== file tests/java/why/MacCarthy_po8.why ========== goal MacCarthy_f91_safety_po_4: - forall n:int. - ("JC_14": true) -> - (n <= 100) -> - forall result:int. - ((((n + 11) >= 101) -> ("JC_22": (result = ((n + 11) - 10)))) and - (((n + 11) <= 100) -> ("JC_20": (result = 91)))) -> - (("JC_29": (101 - result)) < ("JC_28": (101 - n))) + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + (((-2147483648) <= (integer_of_int32(n) + 11)) and + ((integer_of_int32(n) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + (("JC_34": (101 - integer_of_int32(result))) < ("JC_33": + (101 - integer_of_int32(n)))) + +========== file tests/java/why/MacCarthy_po9.why ========== +goal MacCarthy_f91_safety_po_5: + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + (((-2147483648) <= (integer_of_int32(n) + 11)) and + ((integer_of_int32(n) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_30": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_28": (integer_of_int32(result0) = 91)))) -> + (0 <= ("JC_37": (101 - integer_of_int32(n)))) ========== generation of Simplify VC output ========== why -simplify [...] why/MacCarthy.why @@ -4166,7 +4531,7 @@ (EQ (parenttag MacCarthy_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -4193,6 +4558,66 @@ (EQ (parenttag Throwable_tag Object_tag) |@true|)) (BG_PUSH + ;; Why axiom byte_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 128) x) (<= x 127)) + (EQ (integer_of_byte (byte_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom byte_range + (FORALL (x) + (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) + +(BG_PUSH + ;; Why axiom char_coerce + (FORALL (x) + (IMPLIES (AND (<= 0 x) (<= x 65535)) + (EQ (integer_of_char (char_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom char_range + (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) + +(DEFPRED (eq_byte x y) (EQ (integer_of_byte x) (integer_of_byte y))) + +(DEFPRED (eq_char x y) (EQ (integer_of_char x) (integer_of_char y))) + +(DEFPRED (eq_int32 x y) (EQ (integer_of_int32 x) (integer_of_int32 y))) + +(DEFPRED (eq_long x y) (EQ (integer_of_long x) (integer_of_long y))) + +(DEFPRED (eq_short x y) (EQ (integer_of_short x) (integer_of_short y))) + +(BG_PUSH + ;; Why axiom int32_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_2147483648) x) + (<= x constant_too_large_2147483647)) + (EQ (integer_of_int32 (int32_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom int32_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) + (<= (integer_of_int32 x) constant_too_large_2147483647)))) + +(BG_PUSH ;; Why axiom interface_int (EQ (int_of_tag interface_tag) 1)) @@ -4228,6 +4653,25 @@ (<= (offset_min interface_alloc_table p) a)) (BG_PUSH + ;; Why axiom long_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_9223372036854775808) x) + (<= x constant_too_large_9223372036854775807)) + (EQ (integer_of_long (long_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom long_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) + (<= (integer_of_long x) constant_too_large_9223372036854775807)))) + +(BG_PUSH ;; Why axiom pointer_addr_of_Object_of_pointer_address (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) @@ -4253,6 +4697,22 @@ (DEFPRED (right_valid_struct_interface p b interface_alloc_table) (>= (offset_max interface_alloc_table p) b)) +(BG_PUSH + ;; Why axiom short_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 32768) x) (<= x 32767)) + (EQ (integer_of_short (short_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom short_range + (FORALL (x) + (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) + (DEFPRED (strict_valid_root_Object p a b Object_alloc_table) (AND (EQ (offset_min Object_alloc_table p) a) (EQ (offset_max Object_alloc_table p) b))) @@ -4281,26 +4741,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_MacCarthy p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -4329,75 +4769,156 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; MacCarthy_f91_ensures_greater_than_100_po_1, File "HOME/tests/java/MacCarthy.java", line 16, characters 18-35 +;; MacCarthy_f91_ensures_greater_than_100_po_1, File "HOME/tests/java/MacCarthy.java", line 43, characters 18-35 (FORALL (n) -(IMPLIES (>= n 101) -(IMPLIES (<= n 100) +(IMPLIES (>= (integer_of_int32 n) 101) +(IMPLIES (<= (integer_of_int32 n) 100) (FORALL (result) -(IMPLIES (AND (IMPLIES (>= (+ n 11) 101) (EQ result (- (+ n 11) 10))) - (IMPLIES (<= (+ n 11) 100) (EQ result 91))) +(IMPLIES (EQ (integer_of_int32 result) (+ (integer_of_int32 n) 11)) (FORALL (result0) -(IMPLIES (AND (IMPLIES (>= result 101) (EQ result0 (- result 10))) - (IMPLIES (<= result 100) (EQ result0 91))) -(FORALL (return) (IMPLIES (EQ return result0) (EQ return (- n 10))))))))))) +(IMPLIES (AND + (IMPLIES (>= (integer_of_int32 result) 101) + (EQ (integer_of_int32 result0) (- (integer_of_int32 result) 10))) + (IMPLIES (<= (integer_of_int32 result) 100) + (EQ (integer_of_int32 result0) 91))) +(FORALL (result1) +(IMPLIES (AND + (IMPLIES (>= (integer_of_int32 result0) 101) + (EQ (integer_of_int32 result1) (- (integer_of_int32 result0) 10))) + (IMPLIES (<= (integer_of_int32 result0) 100) + (EQ (integer_of_int32 result1) 91))) +(FORALL (return) +(IMPLIES (EQ return result1) +(EQ (integer_of_int32 return) (- (integer_of_int32 n) 10))))))))))))) -;; MacCarthy_f91_ensures_greater_than_100_po_2, File "HOME/tests/java/MacCarthy.java", line 16, characters 18-35 +;; MacCarthy_f91_ensures_greater_than_100_po_2, File "HOME/tests/java/MacCarthy.java", line 43, characters 18-35 (FORALL (n) -(IMPLIES (>= n 101) -(IMPLIES (> n 100) -(FORALL (return) (IMPLIES (EQ return (- n 10)) (EQ return (- n 10))))))) +(IMPLIES (>= (integer_of_int32 n) 101) +(IMPLIES (> (integer_of_int32 n) 100) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) (- (integer_of_int32 n) 10)) +(FORALL (return) +(IMPLIES (EQ return result) +(EQ (integer_of_int32 return) (- (integer_of_int32 n) 10))))))))) -;; MacCarthy_f91_ensures_less_than_101_po_1, File "HOME/tests/java/MacCarthy.java", line 13, characters 18-31 +;; MacCarthy_f91_ensures_less_than_101_po_1, File "HOME/tests/java/MacCarthy.java", line 40, characters 18-31 (FORALL (n) -(IMPLIES (<= n 100) -(IMPLIES (<= n 100) +(IMPLIES (<= (integer_of_int32 n) 100) +(IMPLIES (<= (integer_of_int32 n) 100) (FORALL (result) -(IMPLIES (AND (IMPLIES (>= (+ n 11) 101) (EQ result (- (+ n 11) 10))) - (IMPLIES (<= (+ n 11) 100) (EQ result 91))) +(IMPLIES (EQ (integer_of_int32 result) (+ (integer_of_int32 n) 11)) (FORALL (result0) -(IMPLIES (AND (IMPLIES (>= result 101) (EQ result0 (- result 10))) - (IMPLIES (<= result 100) (EQ result0 91))) -(FORALL (return) (IMPLIES (EQ return result0) (EQ return 91)))))))))) +(IMPLIES (AND + (IMPLIES (>= (integer_of_int32 result) 101) + (EQ (integer_of_int32 result0) (- (integer_of_int32 result) 10))) + (IMPLIES (<= (integer_of_int32 result) 100) + (EQ (integer_of_int32 result0) 91))) +(FORALL (result1) +(IMPLIES (AND + (IMPLIES (>= (integer_of_int32 result0) 101) + (EQ (integer_of_int32 result1) (- (integer_of_int32 result0) 10))) + (IMPLIES (<= (integer_of_int32 result0) 100) + (EQ (integer_of_int32 result1) 91))) +(FORALL (return) +(IMPLIES (EQ return result1) (EQ (integer_of_int32 return) 91)))))))))))) + +;; MacCarthy_f91_ensures_less_than_101_po_2, File "HOME/tests/java/MacCarthy.java", line 40, characters 18-31 +(FORALL (n) +(IMPLIES (<= (integer_of_int32 n) 100) +(IMPLIES (> (integer_of_int32 n) 100) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) (- (integer_of_int32 n) 10)) +(FORALL (return) +(IMPLIES (EQ return result) (EQ (integer_of_int32 return) 91)))))))) -;; MacCarthy_f91_ensures_less_than_101_po_2, File "HOME/tests/java/MacCarthy.java", line 13, characters 18-31 +;; MacCarthy_f91_safety_po_1, File "HOME/tests/java/MacCarthy.java", line 47, characters 20-26 (FORALL (n) -(IMPLIES (<= n 100) -(IMPLIES (> n 100) -(FORALL (return) (IMPLIES (EQ return (- n 10)) (EQ return 91)))))) +(IMPLIES TRUE +(IMPLIES (<= (integer_of_int32 n) 100) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 n) 11))))) + +;; MacCarthy_f91_safety_po_2, File "HOME/tests/java/MacCarthy.java", line 47, characters 20-26 +(FORALL (n) +(IMPLIES TRUE +(IMPLIES (<= (integer_of_int32 n) 100) +(<= (+ (integer_of_int32 n) 11) constant_too_large_2147483647)))) -;; MacCarthy_f91_safety_po_1, File "why/MacCarthy.why", line 663, characters 21-115 -(FORALL (n) (IMPLIES TRUE (IMPLIES (<= n 100) (<= 0 (- 101 n))))) +;; MacCarthy_f91_safety_po_3, File "why/MacCarthy.why", line 726, characters 21-190 +(FORALL (n) +(IMPLIES TRUE +(IMPLIES (<= (integer_of_int32 n) 100) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 n) 11)) + (<= (+ (integer_of_int32 n) 11) constant_too_large_2147483647)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) (+ (integer_of_int32 n) 11)) +(<= 0 (- 101 (integer_of_int32 n))))))))) -;; MacCarthy_f91_safety_po_2, File "why/MacCarthy.why", line 663, characters 21-115 +;; MacCarthy_f91_safety_po_4, File "why/MacCarthy.why", line 726, characters 21-190 (FORALL (n) -(IMPLIES TRUE (IMPLIES (<= n 100) (< (- 101 (+ n 11)) (- 101 n))))) +(IMPLIES TRUE +(IMPLIES (<= (integer_of_int32 n) 100) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 n) 11)) + (<= (+ (integer_of_int32 n) 11) constant_too_large_2147483647)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) (+ (integer_of_int32 n) 11)) +(< (- 101 (integer_of_int32 result)) (- 101 (integer_of_int32 n))))))))) -;; MacCarthy_f91_safety_po_3, File "why/MacCarthy.why", line 668, characters 21-115 +;; MacCarthy_f91_safety_po_5, File "why/MacCarthy.why", line 732, characters 21-190 (FORALL (n) (IMPLIES TRUE -(IMPLIES (<= n 100) +(IMPLIES (<= (integer_of_int32 n) 100) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 n) 11)) + (<= (+ (integer_of_int32 n) 11) constant_too_large_2147483647)) (FORALL (result) -(IMPLIES (AND (IMPLIES (>= (+ n 11) 101) (EQ result (- (+ n 11) 10))) - (IMPLIES (<= (+ n 11) 100) (EQ result 91))) -(<= 0 (- 101 n))))))) +(IMPLIES (EQ (integer_of_int32 result) (+ (integer_of_int32 n) 11)) +(FORALL (result0) +(IMPLIES (AND + (IMPLIES (>= (integer_of_int32 result) 101) + (EQ (integer_of_int32 result0) (- (integer_of_int32 result) 10))) + (IMPLIES (<= (integer_of_int32 result) 100) + (EQ (integer_of_int32 result0) 91))) +(<= 0 (- 101 (integer_of_int32 n))))))))))) -;; MacCarthy_f91_safety_po_4, File "why/MacCarthy.why", line 668, characters 21-115 +;; MacCarthy_f91_safety_po_6, File "why/MacCarthy.why", line 732, characters 21-190 (FORALL (n) (IMPLIES TRUE -(IMPLIES (<= n 100) +(IMPLIES (<= (integer_of_int32 n) 100) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 n) 11)) + (<= (+ (integer_of_int32 n) 11) constant_too_large_2147483647)) (FORALL (result) -(IMPLIES (AND (IMPLIES (>= (+ n 11) 101) (EQ result (- (+ n 11) 10))) - (IMPLIES (<= (+ n 11) 100) (EQ result 91))) -(< (- 101 result) (- 101 n))))))) +(IMPLIES (EQ (integer_of_int32 result) (+ (integer_of_int32 n) 11)) +(FORALL (result0) +(IMPLIES (AND + (IMPLIES (>= (integer_of_int32 result) 101) + (EQ (integer_of_int32 result0) (- (integer_of_int32 result) 10))) + (IMPLIES (<= (integer_of_int32 result) 100) + (EQ (integer_of_int32 result0) 91))) +(< (- 101 (integer_of_int32 result0)) (- 101 (integer_of_int32 n))))))))))) + +;; MacCarthy_f91_safety_po_7, File "HOME/tests/java/MacCarthy.java", line 50, characters 12-18 +(FORALL (n) +(IMPLIES TRUE +(IMPLIES (> (integer_of_int32 n) 100) +(<= (- 0 constant_too_large_2147483648) (- (integer_of_int32 n) 10))))) + +;; MacCarthy_f91_safety_po_8, File "HOME/tests/java/MacCarthy.java", line 50, characters 12-18 +(FORALL (n) +(IMPLIES TRUE +(IMPLIES (> (integer_of_int32 n) 100) +(<= (- (integer_of_int32 n) 10) constant_too_large_2147483647)))) ========== running Simplify ========== Running Simplify on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -simplify/MacCarthy_why.sx : ........ (8/0/0/0/0) -total : 8 -valid : 8 (100%) +simplify/MacCarthy_why.sx : .....?....?. (10/0/2/0/0) +total : 12 +valid : 10 ( 83%) invalid : 0 ( 0%) -unknown : 0 ( 0%) +unknown : 2 ( 17%) timeout : 0 ( 0%) failure : 0 ( 0%) ========== generation of alt-ergo VC output ========== @@ -5334,8 +5855,18 @@ type Object +type byte + +type char + +type int32 + type interface +type long + +type short + logic Exception_tag : Object tag_id logic Object_tag : Object tag_id @@ -5348,7 +5879,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -5373,6 +5904,77 @@ axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + logic interface_tag : interface tag_id axiom interface_int: (int_of_tag(interface_tag) = 1) @@ -5414,6 +6016,22 @@ interface_alloc_table: interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) +logic long_of_integer : int -> long + +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) + +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) + axiom pointer_addr_of_Object_of_pointer_address: (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -5446,6 +6064,22 @@ interface_alloc_table: interface alloc_table) = (offset_max(interface_alloc_table, p) >= b) +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) = a) and @@ -5482,32 +6116,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_MacCarthy(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -5545,85 +6153,147 @@ (offset_max(interface_alloc_table, p) >= b)) goal MacCarthy_f91_ensures_greater_than_100_po_1: - forall n:int. - (n >= 101) -> - (n <= 100) -> - forall result:int. - ((((n + 11) >= 101) -> ("JC_22": (result = ((n + 11) - 10)))) and - (((n + 11) <= 100) -> ("JC_20": (result = 91)))) -> - forall result0:int. - (((result >= 101) -> ("JC_22": (result0 = (result - 10)))) and - ((result <= 100) -> ("JC_20": (result0 = 91)))) -> - forall return:int. - (return = result0) -> - ("JC_21": (return = (n - 10))) + forall n:int32. + (integer_of_int32(n) >= 101) -> + (integer_of_int32(n) <= 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_30": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_28": (integer_of_int32(result0) = 91)))) -> + forall result1:int32. + (((integer_of_int32(result0) >= 101) -> + ("JC_30": (integer_of_int32(result1) = (integer_of_int32(result0) - 10)))) and + ((integer_of_int32(result0) <= 100) -> + ("JC_28": (integer_of_int32(result1) = 91)))) -> + forall return:int32. + (return = result1) -> + ("JC_29": (integer_of_int32(return) = (integer_of_int32(n) - 10))) goal MacCarthy_f91_ensures_greater_than_100_po_2: - forall n:int. - (n >= 101) -> - (n > 100) -> - forall return:int. - (return = (n - 10)) -> - ("JC_21": (return = (n - 10))) + forall n:int32. + (integer_of_int32(n) >= 101) -> + (integer_of_int32(n) > 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) - 10)) -> + forall return:int32. + (return = result) -> + ("JC_29": (integer_of_int32(return) = (integer_of_int32(n) - 10))) goal MacCarthy_f91_ensures_less_than_101_po_1: - forall n:int. - (n <= 100) -> - (n <= 100) -> - forall result:int. - ((((n + 11) >= 101) -> ("JC_22": (result = ((n + 11) - 10)))) and - (((n + 11) <= 100) -> ("JC_20": (result = 91)))) -> - forall result0:int. - (((result >= 101) -> ("JC_22": (result0 = (result - 10)))) and - ((result <= 100) -> ("JC_20": (result0 = 91)))) -> - forall return:int. - (return = result0) -> - ("JC_19": (return = 91)) + forall n:int32. + (integer_of_int32(n) <= 100) -> + (integer_of_int32(n) <= 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_30": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_28": (integer_of_int32(result0) = 91)))) -> + forall result1:int32. + (((integer_of_int32(result0) >= 101) -> + ("JC_30": (integer_of_int32(result1) = (integer_of_int32(result0) - 10)))) and + ((integer_of_int32(result0) <= 100) -> + ("JC_28": (integer_of_int32(result1) = 91)))) -> + forall return:int32. + (return = result1) -> + ("JC_27": (integer_of_int32(return) = 91)) goal MacCarthy_f91_ensures_less_than_101_po_2: - forall n:int. - (n <= 100) -> - (n > 100) -> - forall return:int. - (return = (n - 10)) -> - ("JC_19": (return = 91)) + forall n:int32. + (integer_of_int32(n) <= 100) -> + (integer_of_int32(n) > 100) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) - 10)) -> + forall return:int32. + (return = result) -> + ("JC_27": (integer_of_int32(return) = 91)) goal MacCarthy_f91_safety_po_1: - forall n:int. - ("JC_14": true) -> - (n <= 100) -> - (0 <= ("JC_24": (101 - n))) + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + ((-2147483648) <= (integer_of_int32(n) + 11)) goal MacCarthy_f91_safety_po_2: - forall n:int. - ("JC_14": true) -> - (n <= 100) -> - (("JC_25": (101 - (n + 11))) < ("JC_24": (101 - n))) + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + ((integer_of_int32(n) + 11) <= 2147483647) goal MacCarthy_f91_safety_po_3: - forall n:int. - ("JC_14": true) -> - (n <= 100) -> - forall result:int. - ((((n + 11) >= 101) -> ("JC_22": (result = ((n + 11) - 10)))) and - (((n + 11) <= 100) -> ("JC_20": (result = 91)))) -> - (0 <= ("JC_28": (101 - n))) + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + (((-2147483648) <= (integer_of_int32(n) + 11)) and + ((integer_of_int32(n) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + (0 <= ("JC_33": (101 - integer_of_int32(n)))) goal MacCarthy_f91_safety_po_4: - forall n:int. - ("JC_14": true) -> - (n <= 100) -> - forall result:int. - ((((n + 11) >= 101) -> ("JC_22": (result = ((n + 11) - 10)))) and - (((n + 11) <= 100) -> ("JC_20": (result = 91)))) -> - (("JC_29": (101 - result)) < ("JC_28": (101 - n))) + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + (((-2147483648) <= (integer_of_int32(n) + 11)) and + ((integer_of_int32(n) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + (("JC_34": (101 - integer_of_int32(result))) < ("JC_33": + (101 - integer_of_int32(n)))) + +goal MacCarthy_f91_safety_po_5: + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + (((-2147483648) <= (integer_of_int32(n) + 11)) and + ((integer_of_int32(n) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_30": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_28": (integer_of_int32(result0) = 91)))) -> + (0 <= ("JC_37": (101 - integer_of_int32(n)))) + +goal MacCarthy_f91_safety_po_6: + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) <= 100) -> + (((-2147483648) <= (integer_of_int32(n) + 11)) and + ((integer_of_int32(n) + 11) <= 2147483647)) -> + forall result:int32. + (integer_of_int32(result) = (integer_of_int32(n) + 11)) -> + forall result0:int32. + (((integer_of_int32(result) >= 101) -> + ("JC_30": (integer_of_int32(result0) = (integer_of_int32(result) - 10)))) and + ((integer_of_int32(result) <= 100) -> + ("JC_28": (integer_of_int32(result0) = 91)))) -> + (("JC_38": (101 - integer_of_int32(result0))) < ("JC_37": + (101 - integer_of_int32(n)))) + +goal MacCarthy_f91_safety_po_7: + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) > 100) -> + ((-2147483648) <= (integer_of_int32(n) - 10)) + +goal MacCarthy_f91_safety_po_8: + forall n:int32. + ("JC_22": true) -> + (integer_of_int32(n) > 100) -> + ((integer_of_int32(n) - 10) <= 2147483647) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/MacCarthy_why.why : ........ (8/0/0/0/0) -total : 8 -valid : 8 (100%) +why/MacCarthy_why.why : ............ (12/0/0/0/0) +total : 12 +valid : 12 (100%) invalid : 0 ( 0%) unknown : 0 ( 0%) timeout : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/Muller.res.oracle why-2.30+dfsg/tests/java/oracle/Muller.res.oracle --- why-2.29+dfsg/tests/java/oracle/Muller.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Muller.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -2,79 +2,95 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ -//@+ CheckArithOverflow = no //@+ SeparationPolicy = Regions /*@ axiomatic NumOfPos { @ logic integer num_of_pos{L}(integer i,integer j,int t[]); @ axiom num_of_pos_empty{L} : @ \forall integer i j, int t[]; - @ i > j ==> num_of_pos(i,j,t) == 0; + @ i >= j ==> num_of_pos(i,j,t) == 0; @ axiom num_of_pos_true_case{L} : @ \forall integer i j k, int t[]; - @ i <= j && t[j] > 0 ==> + @ i < j && t[j-1] > 0 ==> @ num_of_pos(i,j,t) == num_of_pos(i,j-1,t) + 1; @ axiom num_of_pos_false_case{L} : @ \forall integer i j k, int t[]; - @ i <= j && ! (t[j] > 0) ==> + @ i < j && ! (t[j-1] > 0) ==> @ num_of_pos(i,j,t) == num_of_pos(i,j-1,t); @ } @*/ + +/*@ lemma num_of_pos_non_negative{L} : + @ \forall integer i j, int t[]; 0 <= num_of_pos(i,j,t); + @*/ + +/*@ lemma num_of_pos_additive{L} : + @ \forall integer i j k, int t[]; i <= j <= k ==> + @ num_of_pos(i,k,t) == num_of_pos(i,j,t) + num_of_pos(j,k,t); + @*/ + +/*@ lemma num_of_pos_increasing{L} : + @ \forall integer i j k, int t[]; + @ j <= k ==> num_of_pos(i,j,t) <= num_of_pos(i,k,t); + @*/ + /*@ lemma num_of_pos_strictly_increasing{L} : - @ \forall integer i j k l, int t[]; - @ j < k && k <= l && t[k] > 0 ==> - @ num_of_pos(i,j,t) < num_of_pos(i,l,t); + @ \forall integer i n, int t[]; + @ 0 <= i < n && t[i] > 0 ==> + @ num_of_pos(0,i,t) < num_of_pos(0,n,t); @*/ public class Muller { - /*@ requires t!=null; + /*@ requires t != null; @*/ public static int[] m(int t[]) { int count = 0; - + /*@ loop_invariant - @ 0 <= i && i <= t.length && - @ 0 <= count && count <= i && - @ count == num_of_pos(0,i-1,t) ; + @ 0 <= i <= t.length && + @ 0 <= count <= i && + @ count == num_of_pos(0,i,t) ; @ loop_variant t.length - i; @*/ for (int i=0 ; i < t.length; i++) if (t[i] > 0) count++; - + int u[] = new int[count]; count = 0; - + /*@ loop_invariant - @ 0 <= i && i <= t.length && - @ 0 <= count && count <= i && - @ count == num_of_pos(0,i-1,t); + @ 0 <= i <= t.length && + @ 0 <= count <= i && + @ count == num_of_pos(0,i,t); @ loop_variant t.length - i; @*/ for (int i=0 ; i < t.length; i++) { @@ -82,13 +98,13 @@ } return u; } - + } /* -Local Variables: -compile-command: "make Muller" -End: +Local Variables: +compile-command: "make Muller.why3ml" +End: */ ========== krakatoa execution ========== Parsing OK. @@ -103,11 +119,24 @@ # AnnotationPolicy = None # AbstractDomain = None +type byte = -128..127 + +type short = -32768..32767 + +type int32 = -2147483648..2147483647 + +type long = -9223372036854775808..9223372036854775807 + +type char = 0..65535 + predicate Non_null_intM{Here}(intM[0..] x) = (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -132,7 +161,7 @@ } tag intM = Object with { - integer intP; + int32 intP; } boolean non_null_intM(! intM[0..] x) @@ -162,7 +191,7 @@ (\forall integer j_2; (\forall integer k_0; (\forall intM[0..] t_2; - (((i_2 <= j_2) && (! ((t_2 + j_2).intP > 0))) ==> + (((i_2 < j_2) && (! ((t_2 + (j_2 - 1)).intP > 0))) ==> (num_of_pos{L}(i_2, j_2, t_2) == num_of_pos{L}(i_2, (j_2 - 1), t_2))))))) @@ -171,7 +200,7 @@ (\forall integer j_1; (\forall integer k; (\forall intM[0..] t_1; - (((i_1 <= j_1) && ((t_1 + j_1).intP > 0)) ==> + (((i_1 < j_1) && ((t_1 + (j_1 - 1)).intP > 0)) ==> (num_of_pos{L}(i_1, j_1, t_1) == (num_of_pos{L}(i_1, (j_1 - 1), t_1) + 1))))))) @@ -179,52 +208,70 @@ (\forall integer i_0; (\forall integer j_0; (\forall intM[0..] t_0; - ((i_0 > j_0) ==> (num_of_pos{L}(i_0, j_0, t_0) == 0))))) + ((i_0 >= j_0) ==> (num_of_pos{L}(i_0, j_0, t_0) == 0))))) } -lemma num_of_pos_strictly_increasing{L} : +lemma num_of_pos_non_negative{L} : (\forall integer i_3; (\forall integer j_3; + (\forall intM[0..] t_3; + (0 <= num_of_pos{L}(i_3, j_3, t_3))))) + +lemma num_of_pos_additive{L} : +(\forall integer i_4; + (\forall integer j_4; (\forall integer k_1; - (\forall integer l; - (\forall intM[0..] t_3; - ((((j_3 < k_1) && (k_1 <= l)) && ((t_3 + k_1).intP > 0)) ==> - (num_of_pos{L}(i_3, j_3, t_3) < num_of_pos{L}(i_3, l, t_3)))))))) + (\forall intM[0..] t_4; + (((i_4 <= j_4) && (j_4 <= k_1)) ==> + (num_of_pos{L}(i_4, k_1, t_4) == + (num_of_pos{L}(i_4, j_4, t_4) + num_of_pos{L}(j_4, k_1, t_4)))))))) + +lemma num_of_pos_increasing{L} : +(\forall integer i_5; + (\forall integer j_5; + (\forall integer k_2; + (\forall intM[0..] t_5; + ((j_5 <= k_2) ==> + (num_of_pos{L}(i_5, j_5, t_5) <= num_of_pos{L}(i_5, k_2, t_5))))))) + +lemma num_of_pos_strictly_increasing{L} : +(\forall integer i_6; + (\forall integer n; + (\forall intM[0..] t_6; + ((((0 <= i_6) && (i_6 < n)) && ((t_6 + i_6).intP > 0)) ==> + (num_of_pos{L}(0, i_6, t_6) < num_of_pos{L}(0, n, t_6)))))) exception Throwable of Throwable[0..] exception Exception of Exception[0..] -intM[0..] Muller_m(intM[0..] t_4) - requires (K_1 : Non_null_intM(t_4)); +intM[0..] Muller_m(intM[0..] t_7) + requires (K_1 : Non_null_intM(t_7)); { { - (var integer count = (K_39 : 0)); + (var int32 count = (K_39 : 0)); { { { - (var integer i_4 = (K_2 : 0)); + (var int32 i_7 = (K_2 : 0)); loop behavior default: - invariant (K_11 : ((K_10 : ((K_9 : ((K_8 : ((K_7 : (0 <= - i_4)) && - (K_6 : - (i_4 <= - (\offset_max(t_4) + - 1))))) && - (K_5 : (0 <= count)))) && - (K_4 : (count <= i_4)))) && + invariant (K_11 : ((K_10 : ((K_9 : ((K_8 : (0 <= i_7)) && + (K_7 : (i_7 <= + (\offset_max(t_7) + + 1))))) && + (K_6 : ((K_5 : (0 <= count)) && + (K_4 : (count <= i_7)))))) && (K_3 : (count == - num_of_pos{Here}(0, (i_4 - 1), - t_4))))); + num_of_pos{Here}(0, i_7, t_7))))); - variant (K_12 : ((\offset_max(t_4) + 1) - i_4)); - for ( ; (K_18 : (i_4 < (K_17 : java_array_length_intM(t_4)))) ; - (K_16 : (i_4 ++))) - { (if (K_15 : ((K_14 : (t_4 + i_4).intP) > 0)) then (K_13 : + variant (K_12 : ((\offset_max(t_7) + 1) - i_7)); + for ( ; (K_18 : (i_7 < (K_17 : java_array_length_intM(t_7)))) ; + (K_16 : (i_7 ++))) + { (if (K_15 : ((K_14 : (t_7 + i_7).intP) > 0)) then (K_13 : (count ++)) else ()) } } @@ -237,33 +284,34 @@ { { - (var integer i_5 = (K_19 : 0)); + (var int32 i_8 = (K_19 : 0)); loop behavior default: - invariant (K_28 : ((K_27 : ((K_26 : ((K_25 : ((K_24 : - (0 <= - i_5)) && - (K_23 : - (i_5 <= - (\offset_max(t_4) + - 1))))) && - (K_22 : + invariant (K_28 : ((K_27 : ((K_26 : ((K_25 : (0 <= + i_8)) && + (K_24 : + (i_8 <= + (\offset_max(t_7) + + 1))))) && + (K_23 : ((K_22 : (0 <= - count)))) && - (K_21 : (count <= i_5)))) && + count)) && + (K_21 : + (count <= + i_8)))))) && (K_20 : (count == num_of_pos{Here}( - 0, (i_5 - 1), t_4))))); + 0, i_8, t_7))))); - variant (K_29 : ((\offset_max(t_4) + 1) - i_5)); - for ( ; (K_37 : (i_5 < - (K_36 : java_array_length_intM(t_4)))) ; - (K_35 : (i_5 ++))) - { (if (K_34 : ((K_33 : (t_4 + i_5).intP) > 0)) then + variant (K_29 : ((\offset_max(t_7) + 1) - i_8)); + for ( ; (K_37 : (i_8 < + (K_36 : java_array_length_intM(t_7)))) ; + (K_35 : (i_8 ++))) + { (if (K_34 : ((K_33 : (t_7 + i_8).intP) > 0)) then (K_32 : ((u + (K_30 : (count ++))).intP = (K_31 : - (t_4 + - i_5).intP))) else ()) + (t_7 + + i_8).intP))) else ()) } } }; @@ -286,206 +334,213 @@ ========== file tests/java/Muller.jloc ========== [K_10] file = "HOME/tests/java/Muller.java" -line = 63 +line = 79 begin = 8 -end = 68 +end = 53 [K_11] file = "HOME/tests/java/Muller.java" -line = 63 +line = 79 begin = 8 -end = 109 +end = 91 [K_12] file = "HOME/tests/java/Muller.java" -line = 66 +line = 82 begin = 18 end = 30 [K_13] file = "HOME/tests/java/Muller.java" -line = 68 +line = 84 begin = 49 end = 56 [K_14] file = "HOME/tests/java/Muller.java" -line = 68 +line = 84 begin = 39 end = 43 [K_15] file = "HOME/tests/java/Muller.java" -line = 68 +line = 84 begin = 39 end = 47 [K_16] file = "HOME/tests/java/Muller.java" -line = 68 +line = 84 begin = 30 end = 33 [K_17] file = "HOME/tests/java/Muller.java" -line = 68 +line = 84 begin = 20 end = 28 [K_18] file = "HOME/tests/java/Muller.java" -line = 68 +line = 84 begin = 16 end = 28 [Muller_m] name = "Method m" file = "HOME/tests/java/Muller.java" -line = 59 +line = 75 begin = 24 end = 25 [K_19] file = "HOME/tests/java/Muller.java" -line = 79 +line = 95 begin = 12 end = 13 [K_20] file = "HOME/tests/java/Muller.java" -line = 76 +line = 92 begin = 8 -end = 36 +end = 34 [K_21] file = "HOME/tests/java/Muller.java" -line = 75 -begin = 22 -end = 32 +line = 91 +begin = 13 +end = 23 [K_22] file = "HOME/tests/java/Muller.java" -line = 75 +line = 91 begin = 8 end = 18 +[num_of_pos_non_negative] +name = "Lemma num_of_pos_non_negative" +file = "HOME/tests/java/Muller.java" +line = 51 +begin = 10 +end = 33 + [K_23] file = "HOME/tests/java/Muller.java" -line = 74 -begin = 18 -end = 31 +line = 91 +begin = 8 +end = 23 [K_24] file = "HOME/tests/java/Muller.java" -line = 74 -begin = 8 -end = 14 +line = 90 +begin = 13 +end = 26 [K_1] file = "HOME/tests/java/Muller.java" -line = 57 +line = 73 begin = 17 -end = 24 +end = 26 [K_25] file = "HOME/tests/java/Muller.java" -line = 74 +line = 90 begin = 8 -end = 31 +end = 14 [K_2] file = "HOME/tests/java/Muller.java" -line = 68 +line = 84 begin = 12 end = 13 [K_26] file = "HOME/tests/java/Muller.java" -line = 74 +line = 90 begin = 8 -end = 54 +end = 26 [K_3] file = "HOME/tests/java/Muller.java" -line = 65 +line = 81 begin = 8 -end = 36 +end = 34 [K_27] file = "HOME/tests/java/Muller.java" -line = 74 +line = 90 begin = 8 -end = 68 +end = 53 [K_4] file = "HOME/tests/java/Muller.java" -line = 64 -begin = 22 -end = 32 +line = 80 +begin = 13 +end = 23 [K_28] file = "HOME/tests/java/Muller.java" -line = 74 +line = 90 begin = 8 -end = 109 +end = 91 [K_5] file = "HOME/tests/java/Muller.java" -line = 64 +line = 80 begin = 8 end = 18 [K_29] file = "HOME/tests/java/Muller.java" -line = 77 +line = 93 begin = 18 end = 30 [K_6] file = "HOME/tests/java/Muller.java" -line = 63 -begin = 18 -end = 31 +line = 80 +begin = 8 +end = 23 [K_7] file = "HOME/tests/java/Muller.java" -line = 63 -begin = 8 -end = 14 +line = 79 +begin = 13 +end = 26 [K_8] file = "HOME/tests/java/Muller.java" -line = 63 +line = 79 begin = 8 -end = 31 +end = 14 [K_9] file = "HOME/tests/java/Muller.java" -line = 63 +line = 79 begin = 8 -end = 54 +end = 26 [K_30] file = "HOME/tests/java/Muller.java" -line = 80 +line = 96 begin = 21 end = 28 [K_31] file = "HOME/tests/java/Muller.java" -line = 80 +line = 96 begin = 32 end = 36 [K_32] file = "HOME/tests/java/Muller.java" -line = 80 +line = 96 begin = 19 end = 36 [K_33] file = "HOME/tests/java/Muller.java" -line = 80 +line = 96 begin = 9 end = 13 @@ -498,40 +553,82 @@ [K_34] file = "HOME/tests/java/Muller.java" -line = 80 +line = 96 begin = 9 end = 17 [K_35] file = "HOME/tests/java/Muller.java" -line = 79 +line = 95 begin = 30 end = 33 [K_36] file = "HOME/tests/java/Muller.java" -line = 79 +line = 95 begin = 20 end = 28 [K_37] file = "HOME/tests/java/Muller.java" -line = 79 +line = 95 begin = 16 end = 28 [K_38] file = "HOME/tests/java/Muller.java" -line = 70 +line = 86 begin = 11 end = 25 [K_39] file = "HOME/tests/java/Muller.java" -line = 60 +line = 76 begin = 13 end = 14 +[num_of_pos_empty] +name = "Lemma num_of_pos_empty" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[num_of_pos_true_case] +name = "Lemma num_of_pos_true_case" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[num_of_pos_additive] +name = "Lemma num_of_pos_additive" +file = "HOME/tests/java/Muller.java" +line = 55 +begin = 10 +end = 29 + +[num_of_pos_strictly_increasing] +name = "Lemma num_of_pos_strictly_increasing" +file = "HOME/tests/java/Muller.java" +line = 65 +begin = 10 +end = 40 + +[num_of_pos_increasing] +name = "Lemma num_of_pos_increasing" +file = "HOME/tests/java/Muller.java" +line = 60 +begin = 10 +end = 31 + +[num_of_pos_false_case] +name = "Lemma num_of_pos_false_case" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + ========== jessie execution ========== Generating Why function Muller_m Generating Why function cons_Muller @@ -550,10 +647,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Muller.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Muller_why.sx @@ -614,6 +712,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Muller_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Muller_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -686,6 +791,9 @@ why3ide: why/Muller_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Muller.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Muller.depend depend: coq/Muller_why.v @@ -696,76 +804,83 @@ ========== file tests/java/Muller.loc ========== [JC_90] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = AllocSize +file = "HOME/tests/java/Muller.java" +line = 86 +begin = 11 +end = 25 [JC_91] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Muller.java" +line = 90 +begin = 8 +end = 14 [JC_92] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_40] file = "HOME/tests/java/Muller.java" -line = 63 -begin = 18 -end = 31 +line = 90 +begin = 13 +end = 26 -[JC_93] +[JC_40] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_41] +[JC_93] file = "HOME/tests/java/Muller.java" -line = 64 +line = 91 begin = 8 end = 18 +[JC_41] +file = "HOME/tests/java/Muller.java" +line = 73 +begin = 17 +end = 26 + [JC_94] +file = "HOME/tests/java/Muller.java" +line = 91 +begin = 13 +end = 23 + +[JC_42] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_42] +[JC_95] file = "HOME/tests/java/Muller.java" -line = 64 -begin = 22 -end = 32 +line = 92 +begin = 8 +end = 34 -[JC_95] +[JC_43] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_43] +[JC_96] file = "HOME/tests/java/Muller.java" -line = 65 +line = 90 begin = 8 -end = 36 +end = 91 -[JC_96] +[JC_44] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_44] -file = "HOME/tests/java/Muller.java" -line = 63 -begin = 8 -end = 109 +[JC_97] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_45] file = "HOME/" @@ -773,190 +888,266 @@ begin = -1 end = -1 -[JC_46] -file = "HOME/tests/java/Muller.jc" -line = 111 -begin = 15 -end = 1239 - -[JC_1] -file = "HOME/tests/java/Muller.jc" -line = 39 -begin = 8 -end = 21 - -[JC_47] +[JC_98] file = "HOME/tests/java/Muller.jc" -line = 111 -begin = 15 -end = 1239 +line = 174 +begin = 21 +end = 1740 -[JC_2] +[JC_46] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_48] +[JC_1] +file = "HOME/tests/java/Muller.jc" +line = 23 +begin = 12 +end = 22 + +[JC_100] kind = UserCall file = "HOME/tests/java/Muller.java" -line = 68 +line = 95 begin = 20 end = 28 -[JC_3] +[JC_99] file = "HOME/tests/java/Muller.jc" -line = 39 -begin = 8 -end = 21 +line = 174 +begin = 21 +end = 1740 -[JC_49] -kind = IndexBounds +[JC_47] file = "HOME/tests/java/Muller.java" -line = 68 -begin = 20 -end = 28 +line = 79 +begin = 8 +end = 14 -[JC_4] +[JC_2] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_5] -file = "HOME/tests/java/Muller.jc" -line = 42 -begin = 11 -end = 66 - -[JC_6] -file = "HOME/tests/java/Muller.jc" -line = 41 -begin = 10 -end = 18 +[JC_101] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_7] -file = "HOME/tests/java/Muller.jc" -line = 42 -begin = 11 -end = 66 +[JC_48] +file = "HOME/tests/java/Muller.java" +line = 79 +begin = 13 +end = 26 -[JC_8] +[JC_3] file = "HOME/tests/java/Muller.jc" -line = 41 -begin = 10 -end = 18 +line = 23 +begin = 12 +end = 22 -[JC_9] +[JC_102] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_50] -kind = PointerDeref +[JC_49] file = "HOME/tests/java/Muller.java" -line = 68 -begin = 39 -end = 43 +line = 80 +begin = 8 +end = 18 -[cons_Muller_ensures_default] -name = "Constructor of class Muller" -behavior = "Default behavior" +[JC_4] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_51] -file = "HOME/tests/java/Muller.java" -line = 66 -begin = 18 -end = 30 - -[JC_52] -kind = AllocSize -file = "HOME/tests/java/Muller.java" -line = 70 -begin = 11 -end = 25 - -[cons_Muller_safety] -name = "Constructor of class Muller" -behavior = "Safety" +[JC_103] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_53] -file = "HOME/tests/java/Muller.java" -line = 74 -begin = 8 -end = 14 +[JC_5] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_54] +[JC_104] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_6] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_105] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_7] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_106] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_107] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_9] +file = "HOME/tests/java/Muller.jc" +line = 52 +begin = 8 +end = 21 + +[JC_108] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[num_of_pos_non_negative] +name = "Lemma num_of_pos_non_negative" +behavior = "lemma" file = "HOME/tests/java/Muller.java" -line = 74 -begin = 18 -end = 31 +line = 51 +begin = 10 +end = 33 -[JC_55] +[JC_50] file = "HOME/tests/java/Muller.java" -line = 75 +line = 80 +begin = 13 +end = 23 + +[cons_Muller_ensures_default] +name = "Constructor of class Muller" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_51] +file = "HOME/tests/java/Muller.java" +line = 81 begin = 8 -end = 18 +end = 34 + +[JC_52] +file = "HOME/tests/java/Muller.java" +line = 79 +begin = 8 +end = 91 + +[cons_Muller_safety] +name = "Constructor of class Muller" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_53] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_54] +file = "HOME/tests/java/Muller.jc" +line = 145 +begin = 15 +end = 1030 + +[JC_55] +file = "HOME/tests/java/Muller.jc" +line = 145 +begin = 15 +end = 1030 [JC_56] +kind = UserCall file = "HOME/tests/java/Muller.java" -line = 75 -begin = 22 -end = 32 +line = 84 +begin = 20 +end = 28 [JC_57] +kind = IndexBounds file = "HOME/tests/java/Muller.java" -line = 76 -begin = 8 -end = 36 +line = 84 +begin = 20 +end = 28 [JC_58] +kind = PointerDeref file = "HOME/tests/java/Muller.java" -line = 74 -begin = 8 -end = 109 +line = 84 +begin = 39 +end = 43 [Muller_m_safety] name = "Method m" behavior = "Safety" file = "HOME/tests/java/Muller.java" -line = 59 +line = 75 begin = 24 end = 25 [JC_59] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = ArithOverflow +file = "HOME/tests/java/Muller.jc" +line = 160 +begin = 69 +end = 77 [JC_60] +kind = ArithOverflow file = "HOME/tests/java/Muller.jc" -line = 143 -begin = 21 -end = 1709 +line = 158 +begin = 24 +end = 30 [JC_61] -file = "HOME/tests/java/Muller.jc" -line = 143 -begin = 21 -end = 1709 +file = "HOME/tests/java/Muller.java" +line = 82 +begin = 18 +end = 30 [JC_62] -kind = UserCall +kind = AllocSize file = "HOME/tests/java/Muller.java" -line = 79 -begin = 20 -end = 28 +line = 86 +begin = 11 +end = 25 [JC_10] file = "HOME/" @@ -965,24 +1156,22 @@ end = -1 [JC_63] -kind = IndexBounds file = "HOME/tests/java/Muller.java" -line = 79 -begin = 20 -end = 28 +line = 90 +begin = 8 +end = 14 [JC_11] file = "HOME/tests/java/Muller.jc" -line = 45 +line = 52 begin = 8 -end = 30 +end = 21 [JC_64] -kind = PointerDeref file = "HOME/tests/java/Muller.java" -line = 80 -begin = 9 -end = 13 +line = 90 +begin = 13 +end = 26 [JC_12] file = "HOME/" @@ -991,96 +1180,95 @@ end = -1 [JC_65] -kind = PointerDeref file = "HOME/tests/java/Muller.java" -line = 80 -begin = 32 -end = 36 +line = 91 +begin = 8 +end = 18 [JC_13] file = "HOME/tests/java/Muller.jc" -line = 45 -begin = 8 -end = 30 +line = 55 +begin = 11 +end = 66 [JC_66] -kind = PointerDeref file = "HOME/tests/java/Muller.java" -line = 80 -begin = 19 -end = 36 +line = 91 +begin = 13 +end = 23 [JC_14] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Muller.jc" +line = 54 +begin = 10 +end = 18 [JC_67] file = "HOME/tests/java/Muller.java" -line = 77 -begin = 18 -end = 30 +line = 92 +begin = 8 +end = 34 [JC_15] file = "HOME/tests/java/Muller.jc" -line = 48 +line = 55 begin = 11 -end = 103 +end = 66 [JC_68] file = "HOME/tests/java/Muller.java" -line = 63 +line = 90 begin = 8 -end = 14 +end = 91 [JC_16] file = "HOME/tests/java/Muller.jc" -line = 47 +line = 54 begin = 10 end = 18 [JC_69] -file = "HOME/tests/java/Muller.java" -line = 63 -begin = 18 -end = 31 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_17] -file = "HOME/tests/java/Muller.jc" -line = 48 -begin = 11 -end = 103 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_18] -file = "HOME/tests/java/Muller.jc" -line = 47 -begin = 10 -end = 18 - -[JC_19] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_70] -file = "HOME/tests/java/Muller.java" -line = 64 +[JC_19] +file = "HOME/tests/java/Muller.jc" +line = 58 begin = 8 -end = 18 +end = 30 + +[JC_70] +file = "HOME/tests/java/Muller.jc" +line = 174 +begin = 21 +end = 1740 [JC_71] -file = "HOME/tests/java/Muller.java" -line = 64 -begin = 22 -end = 32 +file = "HOME/tests/java/Muller.jc" +line = 174 +begin = 21 +end = 1740 [JC_72] +kind = UserCall file = "HOME/tests/java/Muller.java" -line = 65 -begin = 8 -end = 36 +line = 95 +begin = 20 +end = 28 [JC_20] file = "HOME/" @@ -1089,22 +1277,24 @@ end = -1 [JC_73] +kind = IndexBounds file = "HOME/tests/java/Muller.java" -line = 63 -begin = 8 -end = 109 +line = 95 +begin = 20 +end = 28 [JC_21] file = "HOME/tests/java/Muller.jc" -line = 52 +line = 58 begin = 8 -end = 23 +end = 30 [JC_74] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = PointerDeref +file = "HOME/tests/java/Muller.java" +line = 96 +begin = 9 +end = 13 [JC_22] file = "HOME/" @@ -1113,68 +1303,70 @@ end = -1 [JC_75] -file = "HOME/tests/java/Muller.jc" -line = 111 -begin = 15 -end = 1239 +kind = PointerDeref +file = "HOME/tests/java/Muller.java" +line = 96 +begin = 32 +end = 36 [JC_23] file = "HOME/tests/java/Muller.jc" -line = 52 -begin = 8 -end = 23 +line = 61 +begin = 11 +end = 103 [JC_76] +kind = ArithOverflow file = "HOME/tests/java/Muller.jc" -line = 111 -begin = 15 -end = 1239 +line = 197 +begin = 47 +end = 55 [JC_24] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - +file = "HOME/tests/java/Muller.jc" +line = 60 +begin = 10 +end = 18 + [num_of_pos_empty] -name = "num_of_pos_empty" +name = "Lemma num_of_pos_empty" behavior = "axiom" -file = "HOME/tests/java/Muller.jc" -line = 79 -begin = 2 -end = 174 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_77] -kind = UserCall +kind = PointerDeref file = "HOME/tests/java/Muller.java" -line = 68 -begin = 20 -end = 28 +line = 96 +begin = 19 +end = 36 [JC_25] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Muller.jc" +line = 61 +begin = 11 +end = 103 [JC_78] -kind = AllocSize -file = "HOME/tests/java/Muller.java" -line = 70 -begin = 11 -end = 25 +kind = ArithOverflow +file = "HOME/tests/java/Muller.jc" +line = 195 +begin = 30 +end = 36 [JC_26] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Muller.jc" +line = 60 +begin = 10 +end = 18 [JC_79] file = "HOME/tests/java/Muller.java" -line = 74 -begin = 8 -end = 14 +line = 93 +begin = 18 +end = 30 [JC_27] file = "HOME/" @@ -1183,12 +1375,12 @@ end = -1 [num_of_pos_true_case] -name = "num_of_pos_true_case" +name = "Lemma num_of_pos_true_case" behavior = "axiom" -file = "HOME/tests/java/Muller.jc" -line = 70 -begin = 2 -end = 303 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_28] file = "HOME/" @@ -1198,51 +1390,59 @@ [JC_29] file = "HOME/tests/java/Muller.jc" -line = 54 -begin = 11 -end = 65 +line = 65 +begin = 8 +end = 23 + +[num_of_pos_additive] +name = "Lemma num_of_pos_additive" +behavior = "lemma" +file = "HOME/tests/java/Muller.java" +line = 55 +begin = 10 +end = 29 [JC_80] file = "HOME/tests/java/Muller.java" -line = 74 -begin = 18 -end = 31 +line = 79 +begin = 8 +end = 14 [JC_81] file = "HOME/tests/java/Muller.java" -line = 75 -begin = 8 -end = 18 +line = 79 +begin = 13 +end = 26 [JC_82] file = "HOME/tests/java/Muller.java" -line = 75 -begin = 22 -end = 32 +line = 80 +begin = 8 +end = 18 [JC_30] -file = "HOME/tests/java/Muller.jc" -line = 54 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_83] file = "HOME/tests/java/Muller.java" -line = 76 -begin = 8 -end = 36 +line = 80 +begin = 13 +end = 23 [JC_31] -file = "HOME/tests/java/Muller.java" -line = 57 -begin = 17 -end = 24 +file = "HOME/tests/java/Muller.jc" +line = 65 +begin = 8 +end = 23 [JC_84] file = "HOME/tests/java/Muller.java" -line = 74 +line = 81 begin = 8 -end = 109 +end = 34 [JC_32] file = "HOME/" @@ -1251,38 +1451,38 @@ end = -1 [num_of_pos_strictly_increasing] -name = "num_of_pos_strictly_increasing" +name = "Lemma num_of_pos_strictly_increasing" behavior = "lemma" -file = "HOME/tests/java/Muller.jc" -line = 87 -begin = 0 -end = 320 +file = "HOME/tests/java/Muller.java" +line = 65 +begin = 10 +end = 40 [Muller_m_ensures_default] name = "Method m" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Muller.java" -line = 59 +line = 75 begin = 24 end = 25 [JC_85] +file = "HOME/tests/java/Muller.java" +line = 79 +begin = 8 +end = 91 + +[JC_33] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_33] -file = "HOME/tests/java/Muller.java" -line = 57 -begin = 17 -end = 24 - [JC_86] -file = "HOME/tests/java/Muller.jc" -line = 143 -begin = 21 -end = 1709 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_34] file = "HOME/" @@ -1292,9 +1492,9 @@ [JC_87] file = "HOME/tests/java/Muller.jc" -line = 143 -begin = 21 -end = 1709 +line = 145 +begin = 15 +end = 1030 [JC_35] file = "HOME/" @@ -1303,11 +1503,10 @@ end = -1 [JC_88] -kind = UserCall -file = "HOME/tests/java/Muller.java" -line = 79 -begin = 20 -end = 28 +file = "HOME/tests/java/Muller.jc" +line = 145 +begin = 15 +end = 1030 [JC_36] file = "HOME/" @@ -1316,43 +1515,60 @@ end = -1 [JC_89] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Muller.java" +line = 84 +begin = 20 +end = 28 [JC_37] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Muller.jc" +line = 67 +begin = 11 +end = 65 [JC_38] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Muller.jc" +line = 67 +begin = 11 +end = 65 + +[num_of_pos_increasing] +name = "Lemma num_of_pos_increasing" +behavior = "lemma" +file = "HOME/tests/java/Muller.java" +line = 60 +begin = 10 +end = 31 [JC_39] file = "HOME/tests/java/Muller.java" -line = 63 -begin = 8 -end = 14 +line = 73 +begin = 17 +end = 26 [num_of_pos_false_case] -name = "num_of_pos_false_case" +name = "Lemma num_of_pos_false_case" behavior = "axiom" -file = "HOME/tests/java/Muller.jc" -line = 61 -begin = 2 -end = 304 +file = "HOME/" +line = 0 +begin = 0 +end = 0 ========== file tests/java/why/Muller.why ========== type Object +type byte + +type char + +type int32 + type interface -exception Exception_exc of Object pointer +type long + +type short logic Exception_tag: -> Object tag_id @@ -1360,17 +1576,13 @@ axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - logic Muller_tag: -> Object tag_id axiom Muller_parenttag_Object : parenttag(Muller_tag, Object_tag) predicate Non_null_Object(x_1:Object pointer, Object_x_2_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_x_2_alloc_table, x_1), (0)) + ge_int(offset_max(Object_x_2_alloc_table, x_1), (0)) predicate Non_null_intM(x_0:Object pointer, Object_x_1_alloc_table:Object alloc_table) = @@ -1391,18 +1603,88 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) +logic integer_of_byte: byte -> int + +logic byte_of_integer: int -> byte + +axiom byte_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_byte(byte_of_integer(x)), x))) + +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + +axiom byte_range : + (forall x:byte. + (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) + +logic integer_of_char: char -> int + +logic char_of_integer: int -> char + +axiom char_coerce : + (forall x:int. + ((le_int((0), x) and le_int(x, (65535))) -> + eq_int(integer_of_char(char_of_integer(x)), x))) + +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + +axiom char_range : + (forall x:char. + (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) + +predicate eq_byte(x:byte, y:byte) = + eq_int(integer_of_byte(x), integer_of_byte(y)) + +predicate eq_char(x:char, y:char) = + eq_int(integer_of_char(x), integer_of_char(y)) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_long: long -> int + +predicate eq_long(x:long, y:long) = + eq_int(integer_of_long(x), integer_of_long(y)) + +logic integer_of_short: short -> int + +predicate eq_short(x:short, y:short) = + eq_int(integer_of_short(x), integer_of_short(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + logic intM_tag: -> Object tag_id axiom intM_parenttag_Object : parenttag(intM_tag, Object_tag) @@ -1452,51 +1734,24 @@ interface_alloc_table:interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) -logic num_of_pos: int, int, Object pointer, (Object, int) memory -> int +logic long_of_integer: int -> long -axiom num_of_pos_empty : - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_0:int. - (forall j_0:int. - (forall t_0:Object pointer. - (gt_int(i_0, j_0) -> - eq_int(num_of_pos(i_0, j_0, t_0, intM_intP_t_6_at_L), (0))))))) - -axiom num_of_pos_false_case : - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_2:int. - (forall j_2:int. - (forall k_0:int. - (forall t_2:Object pointer. - ((le_int(i_2, j_2) - and (not gt_int(select(intM_intP_t_6_at_L, shift(t_2, j_2)), (0)))) -> - eq_int(num_of_pos(i_2, j_2, t_2, intM_intP_t_6_at_L), - num_of_pos(i_2, sub_int(j_2, (1)), t_2, intM_intP_t_6_at_L)))))))) - -lemma num_of_pos_strictly_increasing : - (forall intM_intP_t_3_16_at_L:(Object, int) memory. - (forall i_3:int. - (forall j_3:int. - (forall k_1:int. - (forall l:int. - (forall t_3:Object pointer. - ((lt_int(j_3, k_1) - and (le_int(k_1, l) - and gt_int(select(intM_intP_t_3_16_at_L, shift(t_3, k_1)), (0)))) -> - lt_int(num_of_pos(i_3, j_3, t_3, intM_intP_t_3_16_at_L), - num_of_pos(i_3, l, t_3, intM_intP_t_3_16_at_L))))))))) +axiom long_coerce : + (forall x:int. + ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> + eq_int(integer_of_long(long_of_integer(x)), x))) + +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + +axiom long_range : + (forall x:long. + (le_int((-9223372036854775808), integer_of_long(x)) + and le_int(integer_of_long(x), (9223372036854775807)))) -axiom num_of_pos_true_case : - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_1:int. - (forall j_1:int. - (forall k:int. - (forall t_1:Object pointer. - ((le_int(i_1, j_1) - and gt_int(select(intM_intP_t_6_at_L, shift(t_1, j_1)), (0))) -> - eq_int(num_of_pos(i_1, j_1, t_1, intM_intP_t_6_at_L), - add_int(num_of_pos(i_1, sub_int(j_1, (1)), t_1, intM_intP_t_6_at_L), - (1))))))))) +logic num_of_pos: int, int, Object pointer, (Object, int32) memory -> int axiom pointer_addr_of_Object_of_pointer_address : (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -1533,6 +1788,23 @@ interface_alloc_table:interface alloc_table) = (offset_max(interface_alloc_table, p) >= b) +logic short_of_integer: int -> short + +axiom short_coerce : + (forall x:int. + ((le_int((-32768), x) and le_int(x, (32767))) -> + eq_int(integer_of_short(short_of_integer(x)), x))) + +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + +axiom short_range : + (forall x:short. + (le_int((-32768), integer_of_short(x)) + and le_int(integer_of_short(x), (32767)))) + predicate strict_valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) = a) @@ -1573,36 +1845,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Muller(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1643,160 +1885,127 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +axiom num_of_pos_false_case : + (forall intM_intP_t_8_at_L:(Object, int32) memory. + (forall i_2:int. + (forall j_2:int. + (forall k_0:int. + (forall t_2:Object pointer. + ((lt_int(i_2, j_2) + and (not gt_int(integer_of_int32(select(intM_intP_t_8_at_L, + shift(t_2, sub_int(j_2, (1))))), + (0)))) -> + (num_of_pos(i_2, j_2, t_2, intM_intP_t_8_at_L) = num_of_pos(i_2, + sub_int(j_2, (1)), + t_2, + intM_intP_t_8_at_L)))))))) + +axiom num_of_pos_true_case : + (forall intM_intP_t_8_at_L:(Object, int32) memory. + (forall i_1:int. + (forall j_1:int. + (forall k:int. + (forall t_1:Object pointer. + ((lt_int(i_1, j_1) + and gt_int(integer_of_int32(select(intM_intP_t_8_at_L, + shift(t_1, sub_int(j_1, (1))))), + (0))) -> + (num_of_pos(i_1, j_1, t_1, intM_intP_t_8_at_L) = add_int(num_of_pos(i_1, + sub_int(j_1, + (1)), t_1, + intM_intP_t_8_at_L), + (1))))))))) + +axiom num_of_pos_empty : + (forall intM_intP_t_8_at_L:(Object, int32) memory. + (forall i_0:int. + (forall j_0:int. + (forall t_0:Object pointer. + (ge_int(i_0, j_0) -> + (num_of_pos(i_0, j_0, t_0, intM_intP_t_8_at_L) = (0))))))) + +lemma num_of_pos_non_negative : + (forall intM_intP_t_3_18_at_L:(Object, int32) memory. + (forall i_3:int. + (forall j_3:int. + (forall t_3:Object pointer. + le_int((0), num_of_pos(i_3, j_3, t_3, intM_intP_t_3_18_at_L)))))) + +lemma num_of_pos_additive : + (forall intM_intP_t_4_19_at_L:(Object, int32) memory. + (forall i_4:int. + (forall j_4:int. + (forall k_1:int. + (forall t_4:Object pointer. + ((le_int(i_4, j_4) and le_int(j_4, k_1)) -> + (num_of_pos(i_4, k_1, t_4, intM_intP_t_4_19_at_L) = add_int(num_of_pos(i_4, + j_4, t_4, + intM_intP_t_4_19_at_L), + num_of_pos(j_4, + k_1, t_4, + intM_intP_t_4_19_at_L))))))))) + +lemma num_of_pos_increasing : + (forall intM_intP_t_5_20_at_L:(Object, int32) memory. + (forall i_5:int. + (forall j_5:int. + (forall k_2:int. + (forall t_5:Object pointer. + (le_int(j_5, k_2) -> + le_int(num_of_pos(i_5, j_5, t_5, intM_intP_t_5_20_at_L), + num_of_pos(i_5, k_2, t_5, intM_intP_t_5_20_at_L)))))))) + +lemma num_of_pos_strictly_increasing : + (forall intM_intP_t_6_21_at_L:(Object, int32) memory. + (forall i_6:int. + (forall n:int. + (forall t_6:Object pointer. + ((le_int((0), i_6) + and (lt_int(i_6, n) + and gt_int(integer_of_int32(select(intM_intP_t_6_21_at_L, + shift(t_6, i_6))), + (0)))) -> + lt_int(num_of_pos((0), i_6, t_6, intM_intP_t_6_21_at_L), + num_of_pos((0), n, t_6, intM_intP_t_6_21_at_L))))))) + +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter Muller_m : - t_4:Object pointer -> - Object_Muller_m_9_alloc_table:Object alloc_table ref -> - Object_Muller_m_9_tag_table:Object tag_table ref -> - intM_intP_Muller_m_9:(Object, int) memory ref -> - Object_t_4_7_alloc_table:Object alloc_table -> - intM_intP_t_4_7:(Object, int) memory -> - { } Object pointer reads Object_Muller_m_9_alloc_table - writes Object_Muller_m_9_alloc_table,Object_Muller_m_9_tag_table,intM_intP_Muller_m_9 + t_7:Object pointer -> + Object_Muller_m_11_alloc_table:Object alloc_table ref -> + Object_Muller_m_11_tag_table:Object tag_table ref -> + intM_intP_Muller_m_11:(Object, int32) memory ref -> + Object_t_7_9_alloc_table:Object alloc_table -> + intM_intP_t_7_9:(Object, int32) memory -> + { } Object pointer reads Object_Muller_m_11_alloc_table + writes Object_Muller_m_11_alloc_table,Object_Muller_m_11_tag_table,intM_intP_Muller_m_11 { true } parameter Muller_m_requires : - t_4:Object pointer -> - Object_Muller_m_9_alloc_table:Object alloc_table ref -> - Object_Muller_m_9_tag_table:Object tag_table ref -> - intM_intP_Muller_m_9:(Object, int) memory ref -> - Object_t_4_7_alloc_table:Object alloc_table -> - intM_intP_t_4_7:(Object, int) memory -> - { (JC_31: Non_null_intM(t_4, Object_t_4_7_alloc_table))} - Object pointer reads Object_Muller_m_9_alloc_table - writes Object_Muller_m_9_alloc_table,Object_Muller_m_9_tag_table,intM_intP_Muller_m_9 + t_7:Object pointer -> + Object_Muller_m_11_alloc_table:Object alloc_table ref -> + Object_Muller_m_11_tag_table:Object tag_table ref -> + intM_intP_Muller_m_11:(Object, int32) memory ref -> + Object_t_7_9_alloc_table:Object alloc_table -> + intM_intP_t_7_9:(Object, int32) memory -> + { (JC_39: Non_null_intM(t_7, Object_t_7_9_alloc_table))} + Object pointer reads Object_Muller_m_11_alloc_table + writes Object_Muller_m_11_alloc_table,Object_Muller_m_11_tag_table,intM_intP_Muller_m_11 { true } parameter Object_alloc_table : Object alloc_table ref parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Muller : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Muller(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Muller_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Muller(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_struct_Exception : +parameter alloc_struct_Exception : n:int -> Object_alloc_table:Object alloc_table ref -> Object_tag_table:Object tag_table ref -> @@ -1961,340 +2170,418 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_byte : unit -> { } byte { true } + +parameter any_char : unit -> { } char { true } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_long : unit -> { } long { true } + +parameter any_short : unit -> { } short { true } + +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + +parameter byte_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} byte + { eq_int(integer_of_byte(result), x) } + +parameter char_of_integer_ : + x:int -> + { (le_int((0), x) and le_int(x, (65535)))} char + { eq_int(integer_of_char(result), x) } + parameter cons_Muller : this_0:Object pointer -> - Object_this_0_10_alloc_table:Object alloc_table -> { } unit { true } + Object_this_0_12_alloc_table:Object alloc_table -> { } unit { true } parameter cons_Muller_requires : this_0:Object pointer -> - Object_this_0_10_alloc_table:Object alloc_table -> { } unit { true } + Object_this_0_12_alloc_table:Object alloc_table -> { } unit { true } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } parameter java_array_length_intM : x_3:Object pointer -> - Object_x_4_alloc_table:Object alloc_table -> + Object_x_6_alloc_table:Object alloc_table -> { } int - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, - add_int(offset_max(Object_x_4_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_x_6_alloc_table, x_3), (1)))))) } parameter java_array_length_intM_requires : x_3:Object pointer -> - Object_x_4_alloc_table:Object alloc_table -> + Object_x_6_alloc_table:Object alloc_table -> { } int - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, - add_int(offset_max(Object_x_4_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_x_6_alloc_table, x_3), (1)))))) } + +parameter long_of_integer_ : + x:int -> + { (le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807)))} + long { eq_int(integer_of_long(result), x) } parameter non_null_Object : x_4:Object pointer -> - Object_x_5_alloc_table:Object alloc_table -> + Object_x_7_alloc_table:Object alloc_table -> { } bool - { (JC_30: - (if result then eq_int(offset_max(Object_x_5_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_x_7_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_Object_requires : x_4:Object pointer -> - Object_x_5_alloc_table:Object alloc_table -> + Object_x_7_alloc_table:Object alloc_table -> { } bool - { (JC_30: - (if result then eq_int(offset_max(Object_x_5_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_x_7_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_intM : x_2:Object pointer -> - Object_x_3_alloc_table:Object alloc_table -> + Object_x_5_alloc_table:Object alloc_table -> { } bool - { (JC_7: + { (JC_15: (if result - then ge_int(offset_max(Object_x_3_alloc_table, x_2), neg_int((1))) + then ge_int(offset_max(Object_x_5_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_intM_requires : x_2:Object pointer -> - Object_x_3_alloc_table:Object alloc_table -> + Object_x_5_alloc_table:Object alloc_table -> { } bool - { (JC_7: + { (JC_15: (if result - then ge_int(offset_max(Object_x_3_alloc_table, x_2), neg_int((1))) + then ge_int(offset_max(Object_x_5_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } +parameter safe_byte_of_integer_ : + x:int -> { } byte { eq_int(integer_of_byte(result), x) } + +parameter safe_char_of_integer_ : + x:int -> { } char { eq_int(integer_of_char(result), x) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_long_of_integer_ : + x:int -> { } long { eq_int(integer_of_long(result), x) } + +parameter safe_short_of_integer_ : + x:int -> { } short { eq_int(integer_of_short(result), x) } + +parameter short_of_integer_ : + x:int -> + { (le_int((-32768), x) and le_int(x, (32767)))} short + { eq_int(integer_of_short(result), x) } + let Muller_m_ensures_default = - fun (t_4 : Object pointer) (Object_Muller_m_9_alloc_table : Object alloc_table ref) (Object_Muller_m_9_tag_table : Object tag_table ref) (intM_intP_Muller_m_9 : (Object, int) memory ref) (Object_t_4_7_alloc_table : Object alloc_table) (intM_intP_t_4_7 : (Object, int) memory) -> - { (left_valid_struct_intM(t_4, (0), Object_t_4_7_alloc_table) - and (JC_33: Non_null_intM(t_4, Object_t_4_7_alloc_table))) } + fun (t_7 : Object pointer) (Object_Muller_m_11_alloc_table : Object alloc_table ref) (Object_Muller_m_11_tag_table : Object tag_table ref) (intM_intP_Muller_m_11 : (Object, int32) memory ref) (Object_t_7_9_alloc_table : Object alloc_table) (intM_intP_t_7_9 : (Object, int32) memory) -> + { (left_valid_struct_intM(t_7, (0), Object_t_7_9_alloc_table) + and (JC_41: Non_null_intM(t_7, Object_t_7_9_alloc_table))) } (init: (let return = ref (any_pointer void) in try begin - (let count = ref (K_39: (0)) in + (let count = ref (safe_int32_of_integer_ (K_39: (0))) in begin - (let i_4 = ref (K_2: (0)) in + (let i_7 = ref (safe_int32_of_integer_ (K_2: (0))) in try (loop_3: while true do { invariant - (JC_73: - ((JC_68: le_int((0), i_4)) - and ((JC_69: - le_int(i_4, - add_int(offset_max(Object_t_4_7_alloc_table, t_4), (1)))) - and ((JC_70: le_int((0), count)) - and ((JC_71: le_int(count, i_4)) - and (JC_72: - eq_int(count, - num_of_pos((0), sub_int(i_4, (1)), t_4, - intM_intP_t_4_7)))))))) } + (JC_85: + ((JC_80: le_int((0), integer_of_int32(i_7))) + and ((JC_81: + le_int(integer_of_int32(i_7), + add_int(offset_max(Object_t_7_9_alloc_table, t_7), (1)))) + and ((JC_82: le_int((0), integer_of_int32(count))) + and ((JC_83: + le_int(integer_of_int32(count), + integer_of_int32(i_7))) + and (JC_84: + (integer_of_int32(count) = num_of_pos((0), + integer_of_int32(i_7), + t_7, intM_intP_t_7_9)))))))) + } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_18: - ((lt_int_ !i_4) (K_17: - (let jessie_ = t_4 in - (JC_77: - ((java_array_length_intM jessie_) Object_t_4_7_alloc_table)))))) + ((lt_int_ (integer_of_int32 !i_7)) (K_17: + (let jessie_ = t_7 in + (JC_89: + ((java_array_length_intM jessie_) Object_t_7_9_alloc_table)))))) then (if (K_15: - ((gt_int_ (K_14: - ((safe_acc_ intM_intP_t_4_7) ((shift t_4) !i_4)))) (0))) + ((gt_int_ (integer_of_int32 (K_14: + ((safe_acc_ intM_intP_t_7_9) + ((shift t_7) (integer_of_int32 !i_7)))))) (0))) then (let jessie_ = (K_13: (let jessie_ = !count in begin - (let jessie_ = (count := ((add_int jessie_) (1))) in + (let jessie_ = + (count := (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in void); jessie_ end)) in void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_16: - (let jessie_ = !i_4 in + (let jessie_ = !i_7 in begin - (let jessie_ = (i_4 := ((add_int jessie_) (1))) in void); - jessie_ end)) in void) end end done) with + (let jessie_ = + (i_7 := (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (let u = (K_38: - (JC_78: - (((alloc_struct_intM !count) Object_Muller_m_9_alloc_table) Object_Muller_m_9_tag_table))) in + (JC_90: + (((alloc_struct_intM (integer_of_int32 !count)) Object_Muller_m_11_alloc_table) Object_Muller_m_11_tag_table))) in begin - (let jessie_ = (count := (0)) in void); - (let i_5 = ref (K_19: (0)) in + (let jessie_ = (count := (safe_int32_of_integer_ (0))) in void); + (let i_8 = ref (safe_int32_of_integer_ (K_19: (0))) in try (loop_4: while true do { invariant - (JC_84: - ((JC_79: le_int((0), i_5)) - and ((JC_80: - le_int(i_5, - add_int(offset_max(Object_t_4_7_alloc_table, t_4), (1)))) - and ((JC_81: le_int((0), count)) - and ((JC_82: le_int(count, i_5)) - and (JC_83: - eq_int(count, - num_of_pos((0), sub_int(i_5, (1)), t_4, - intM_intP_t_4_7)))))))) } + (JC_96: + ((JC_91: le_int((0), integer_of_int32(i_8))) + and ((JC_92: + le_int(integer_of_int32(i_8), + add_int(offset_max(Object_t_7_9_alloc_table, t_7), (1)))) + and ((JC_93: le_int((0), integer_of_int32(count))) + and ((JC_94: + le_int(integer_of_int32(count), + integer_of_int32(i_8))) + and (JC_95: + (integer_of_int32(count) = num_of_pos((0), + integer_of_int32(i_8), + t_7, intM_intP_t_7_9)))))))) + } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_37: - ((lt_int_ !i_5) (K_36: - (let jessie_ = t_4 in - (JC_88: - ((java_array_length_intM jessie_) Object_t_4_7_alloc_table)))))) + ((lt_int_ (integer_of_int32 !i_8)) (K_36: + (let jessie_ = t_7 in + (JC_100: + ((java_array_length_intM jessie_) Object_t_7_9_alloc_table)))))) then (if (K_34: - ((gt_int_ (K_33: - ((safe_acc_ intM_intP_t_4_7) ((shift t_4) !i_5)))) (0))) + ((gt_int_ (integer_of_int32 (K_33: + ((safe_acc_ intM_intP_t_7_9) + ((shift t_7) (integer_of_int32 !i_8)))))) (0))) then (let jessie_ = (K_32: (let jessie_ = - (K_31: ((safe_acc_ intM_intP_t_4_7) ((shift t_4) !i_5))) in + (K_31: + ((safe_acc_ intM_intP_t_7_9) ((shift t_7) (integer_of_int32 !i_8)))) in (let jessie_ = u in (let jessie_ = - (K_30: - (let jessie_ = !count in - begin - (let jessie_ = (count := ((add_int jessie_) (1))) in - void); jessie_ end)) in + (integer_of_int32 (K_30: + (let jessie_ = !count in + begin + (let jessie_ = + (count := (safe_int32_of_integer_ + ((add_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end))) in (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ intM_intP_Muller_m_9) jessie_) jessie_)))))) in - void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + (((safe_upd_ intM_intP_Muller_m_11) jessie_) jessie_)))))) in + void) else void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_35: - (let jessie_ = !i_5 in + (let jessie_ = !i_8 in begin - (let jessie_ = (i_5 := ((add_int jessie_) (1))) in void); - jessie_ end)) in void) end end done) with + (let jessie_ = + (i_8 := (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := u); (raise Return) - end) end); absurd end with Return -> !return end)) { (JC_35: true) } + end) end); absurd end with Return -> !return end)) { (JC_43: true) } let Muller_m_safety = - fun (t_4 : Object pointer) (Object_Muller_m_9_alloc_table : Object alloc_table ref) (Object_Muller_m_9_tag_table : Object tag_table ref) (intM_intP_Muller_m_9 : (Object, int) memory ref) (Object_t_4_7_alloc_table : Object alloc_table) (intM_intP_t_4_7 : (Object, int) memory) -> - { (left_valid_struct_intM(t_4, (0), Object_t_4_7_alloc_table) - and (JC_33: Non_null_intM(t_4, Object_t_4_7_alloc_table))) } + fun (t_7 : Object pointer) (Object_Muller_m_11_alloc_table : Object alloc_table ref) (Object_Muller_m_11_tag_table : Object tag_table ref) (intM_intP_Muller_m_11 : (Object, int32) memory ref) (Object_t_7_9_alloc_table : Object alloc_table) (intM_intP_t_7_9 : (Object, int32) memory) -> + { (left_valid_struct_intM(t_7, (0), Object_t_7_9_alloc_table) + and (JC_41: Non_null_intM(t_7, Object_t_7_9_alloc_table))) } (init: (let return = ref (any_pointer void) in try begin - (let count = ref (K_39: (0)) in + (let count = ref (safe_int32_of_integer_ (K_39: (0))) in begin - (let i_4 = ref (K_2: (0)) in + (let i_7 = ref (safe_int32_of_integer_ (K_2: (0))) in try (loop_1: while true do - { invariant (JC_46: true) - variant (JC_51 : sub_int(add_int(offset_max(Object_t_4_7_alloc_table, - t_4), + { invariant (JC_54: true) + variant (JC_61 : sub_int(add_int(offset_max(Object_t_7_9_alloc_table, + t_7), (1)), - i_4)) } + integer_of_int32(i_7))) } begin - [ { } unit reads count,i_4 - { (JC_44: - ((JC_39: le_int((0), i_4)) - and ((JC_40: - le_int(i_4, - add_int(offset_max(Object_t_4_7_alloc_table, t_4), (1)))) - and ((JC_41: le_int((0), count)) - and ((JC_42: le_int(count, i_4)) - and (JC_43: - eq_int(count, - num_of_pos((0), sub_int(i_4, (1)), t_4, - intM_intP_t_4_7)))))))) } ]; + [ { } unit reads count,i_7 + { (JC_52: + ((JC_47: le_int((0), integer_of_int32(i_7))) + and ((JC_48: + le_int(integer_of_int32(i_7), + add_int(offset_max(Object_t_7_9_alloc_table, t_7), (1)))) + and ((JC_49: le_int((0), integer_of_int32(count))) + and ((JC_50: + le_int(integer_of_int32(count), + integer_of_int32(i_7))) + and (JC_51: + (integer_of_int32(count) = num_of_pos((0), + integer_of_int32(i_7), + t_7, + intM_intP_t_7_9)))))))) } ]; try - (let jessie_ = begin (if (K_18: - ((lt_int_ !i_4) (K_17: - (let jessie_ = t_4 in - (JC_49: - (assert - { ge_int(offset_max(Object_t_4_7_alloc_table, - jessie_), - (-1)) }; - (JC_48: - ((java_array_length_intM_requires jessie_) Object_t_4_7_alloc_table)))))))) + ((lt_int_ (integer_of_int32 !i_7)) (K_17: + (let jessie_ = t_7 in + (JC_57: + (assert + { ge_int(offset_max(Object_t_7_9_alloc_table, + jessie_), + (-1)) }; + (JC_56: + ((java_array_length_intM_requires jessie_) Object_t_7_9_alloc_table)))))))) then (if (K_15: - ((gt_int_ (K_14: - (JC_50: - ((((offset_acc_ Object_t_4_7_alloc_table) intM_intP_t_4_7) t_4) !i_4)))) (0))) + ((gt_int_ (integer_of_int32 (K_14: + (JC_58: + ((((offset_acc_ Object_t_7_9_alloc_table) intM_intP_t_7_9) t_7) + (integer_of_int32 !i_7)))))) (0))) then (let jessie_ = (K_13: (let jessie_ = !count in begin - (let jessie_ = (count := ((add_int jessie_) (1))) in + (let jessie_ = + (count := (JC_59: + (int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1))))) in void); jessie_ end)) in void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_16: - (let jessie_ = !i_4 in + (let jessie_ = !i_7 in begin - (let jessie_ = (i_4 := ((add_int jessie_) (1))) in void); - jessie_ end)) in void) end end done) with + (let jessie_ = + (i_7 := (JC_60: + (int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1))))) in + void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (let u = (K_38: - (JC_52: - (((alloc_struct_intM_requires !count) Object_Muller_m_9_alloc_table) Object_Muller_m_9_tag_table))) in + (JC_62: + (((alloc_struct_intM_requires (integer_of_int32 !count)) Object_Muller_m_11_alloc_table) Object_Muller_m_11_tag_table))) in begin - (let jessie_ = (count := (0)) in void); - (let i_5 = ref (K_19: (0)) in + (let jessie_ = (count := (safe_int32_of_integer_ (0))) in void); + (let i_8 = ref (safe_int32_of_integer_ (K_19: (0))) in try (loop_2: while true do - { invariant (JC_60: true) - variant (JC_67 : sub_int(add_int(offset_max(Object_t_4_7_alloc_table, - t_4), + { invariant (JC_70: true) + variant (JC_79 : sub_int(add_int(offset_max(Object_t_7_9_alloc_table, + t_7), (1)), - i_5)) } + integer_of_int32(i_8))) } begin - [ { } unit reads count,i_5 - { (JC_58: - ((JC_53: le_int((0), i_5)) - and ((JC_54: - le_int(i_5, - add_int(offset_max(Object_t_4_7_alloc_table, t_4), (1)))) - and ((JC_55: le_int((0), count)) - and ((JC_56: le_int(count, i_5)) - and (JC_57: - eq_int(count, - num_of_pos((0), sub_int(i_5, (1)), t_4, - intM_intP_t_4_7)))))))) } ]; + [ { } unit reads count,i_8 + { (JC_68: + ((JC_63: le_int((0), integer_of_int32(i_8))) + and ((JC_64: + le_int(integer_of_int32(i_8), + add_int(offset_max(Object_t_7_9_alloc_table, t_7), (1)))) + and ((JC_65: le_int((0), integer_of_int32(count))) + and ((JC_66: + le_int(integer_of_int32(count), + integer_of_int32(i_8))) + and (JC_67: + (integer_of_int32(count) = num_of_pos((0), + integer_of_int32(i_8), + t_7, + intM_intP_t_7_9)))))))) } ]; try - (let jessie_ = begin (if (K_37: - ((lt_int_ !i_5) (K_36: - (let jessie_ = t_4 in - (JC_63: - (assert - { ge_int(offset_max(Object_t_4_7_alloc_table, - jessie_), - (-1)) }; - (JC_62: - ((java_array_length_intM_requires jessie_) Object_t_4_7_alloc_table)))))))) + ((lt_int_ (integer_of_int32 !i_8)) (K_36: + (let jessie_ = t_7 in + (JC_73: + (assert + { ge_int(offset_max(Object_t_7_9_alloc_table, + jessie_), + (-1)) }; + (JC_72: + ((java_array_length_intM_requires jessie_) Object_t_7_9_alloc_table)))))))) then (if (K_34: - ((gt_int_ (K_33: - (JC_64: - ((((offset_acc_ Object_t_4_7_alloc_table) intM_intP_t_4_7) t_4) !i_5)))) (0))) + ((gt_int_ (integer_of_int32 (K_33: + (JC_74: + ((((offset_acc_ Object_t_7_9_alloc_table) intM_intP_t_7_9) t_7) + (integer_of_int32 !i_8)))))) (0))) then (let jessie_ = (K_32: (let jessie_ = (K_31: - (JC_65: - ((((offset_acc_ Object_t_4_7_alloc_table) intM_intP_t_4_7) t_4) !i_5))) in + (JC_75: + ((((offset_acc_ Object_t_7_9_alloc_table) intM_intP_t_7_9) t_7) + (integer_of_int32 !i_8)))) in (let jessie_ = u in (let jessie_ = - (K_30: - (let jessie_ = !count in - begin - (let jessie_ = (count := ((add_int jessie_) (1))) in - void); jessie_ end)) in + (integer_of_int32 (K_30: + (let jessie_ = !count in + begin + (let jessie_ = + (count := (JC_76: + (int32_of_integer_ ((add_int + (integer_of_int32 jessie_)) (1))))) in + void); jessie_ end))) in (let jessie_ = ((shift jessie_) jessie_) in - (JC_66: - (((((offset_upd_ !Object_Muller_m_9_alloc_table) intM_intP_Muller_m_9) jessie_) jessie_) jessie_))))))) in - void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + (JC_77: + (((((offset_upd_ !Object_Muller_m_11_alloc_table) intM_intP_Muller_m_11) jessie_) jessie_) jessie_))))))) in + void) else void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_35: - (let jessie_ = !i_5 in + (let jessie_ = !i_8 in begin - (let jessie_ = (i_5 := ((add_int jessie_) (1))) in void); - jessie_ end)) in void) end end done) with + (let jessie_ = + (i_8 := (JC_78: + (int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1))))) in + void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := u); (raise Return) end) end); absurd end with Return -> !return end)) { true } let cons_Muller_ensures_default = - fun (this_0 : Object pointer) (Object_this_0_10_alloc_table : Object alloc_table) -> - { valid_struct_Muller(this_0, (0), (0), Object_this_0_10_alloc_table) } + fun (this_0 : Object pointer) (Object_this_0_12_alloc_table : Object alloc_table) -> + { valid_struct_Muller(this_0, (0), (0), Object_this_0_12_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_93: true) } + { (JC_105: true) } let cons_Muller_safety = - fun (this_0 : Object pointer) (Object_this_0_10_alloc_table : Object alloc_table) -> - { valid_struct_Muller(this_0, (0), (0), Object_this_0_10_alloc_table) } + fun (this_0 : Object pointer) (Object_this_0_12_alloc_table : Object alloc_table) -> + { valid_struct_Muller(this_0, (0), (0), Object_this_0_12_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) { true } @@ -2303,214 +2590,304 @@ why --project [...] why/Muller.why ========== file tests/java/why/Muller.wpr ========== - + - + - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + - - + + + + + - - + + + + + + - + - + - - + + - - + + - - + + - + - + - + - + - + - + - + - - + + - - + + - - + + - + - + - - + + - - + + - - + + - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -3447,8 +3824,18 @@ type Object +type byte + +type char + +type int32 + type interface +type long + +type short + logic Exception_tag : Object tag_id logic Object_tag : Object tag_id @@ -3461,7 +3848,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_x_2_alloc_table: Object alloc_table) = - (offset_max(Object_x_2_alloc_table, x_1) = 0) + (offset_max(Object_x_2_alloc_table, x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_x_1_alloc_table: Object alloc_table) = @@ -3490,26 +3877,97 @@ axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) -logic intM_tag : Object tag_id +logic integer_of_byte : byte -> int -axiom intM_parenttag_Object: parenttag(intM_tag, Object_tag) +logic byte_of_integer : int -> byte -logic interface_tag : interface tag_id +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) -axiom interface_int: (int_of_tag(interface_tag) = 1) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) -logic interface_of_pointer_address : unit pointer -> interface pointer +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) -axiom interface_of_pointer_address_of_pointer_addr: - (forall p:interface pointer. - (p = interface_of_pointer_address(pointer_address(p)))) +logic integer_of_char : char -> int -axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) +logic char_of_integer : int -> char -axiom interface_tags: - (forall x:interface pointer. - (forall interface_tag_table:interface tag_table. - instanceof(interface_tag_table, x, interface_tag))) +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic intM_tag : Object tag_id + +axiom intM_parenttag_Object: parenttag(intM_tag, Object_tag) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) predicate left_valid_struct_Object(p: Object pointer, a: int, Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, @@ -3539,37 +3997,23 @@ interface_alloc_table: interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) -logic num_of_pos : int, int, Object pointer, (Object, int) memory -> int +logic long_of_integer : int -> long -axiom num_of_pos_empty: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_0:int. - (forall j_0:int. - (forall t_0:Object pointer. - ((i_0 > j_0) -> (num_of_pos(i_0, j_0, t_0, intM_intP_t_6_at_L) = 0)))))) +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) -axiom num_of_pos_false_case: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_2:int. - (forall j_2:int. - (forall k_0:int. - (forall t_2:Object pointer. - (((i_2 <= j_2) and (not (select(intM_intP_t_6_at_L, shift(t_2, - j_2)) > 0))) -> - (num_of_pos(i_2, j_2, t_2, intM_intP_t_6_at_L) = num_of_pos(i_2, - (j_2 - 1), t_2, intM_intP_t_6_at_L)))))))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) -axiom num_of_pos_true_case: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_1:int. - (forall j_1:int. - (forall k:int. - (forall t_1:Object pointer. - (((i_1 <= j_1) and (select(intM_intP_t_6_at_L, shift(t_1, - j_1)) > 0)) -> - (num_of_pos(i_1, j_1, t_1, - intM_intP_t_6_at_L) = (num_of_pos(i_1, (j_1 - 1), t_1, - intM_intP_t_6_at_L) + 1)))))))) +logic num_of_pos : int, int, Object pointer, (Object, int32) memory -> int axiom pointer_addr_of_Object_of_pointer_address: (forall p:unit pointer. @@ -3607,6 +4051,22 @@ interface_alloc_table: interface alloc_table) = (offset_max(interface_alloc_table, p) >= b) +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) = a) and @@ -3647,36 +4107,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Muller(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -3717,1920 +4147,3256 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +axiom num_of_pos_false_case: + (forall intM_intP_t_8_at_L:(Object, int32) memory. + (forall i_2:int. + (forall j_2:int. + (forall k_0:int. + (forall t_2:Object pointer. + (((i_2 < j_2) and + (not (integer_of_int32(select(intM_intP_t_8_at_L, shift(t_2, + (j_2 - 1)))) > 0))) -> + (num_of_pos(i_2, j_2, t_2, intM_intP_t_8_at_L) = num_of_pos(i_2, + (j_2 - 1), t_2, intM_intP_t_8_at_L)))))))) + +axiom num_of_pos_true_case: + (forall intM_intP_t_8_at_L:(Object, int32) memory. + (forall i_1:int. + (forall j_1:int. + (forall k:int. + (forall t_1:Object pointer. + (((i_1 < j_1) and (integer_of_int32(select(intM_intP_t_8_at_L, + shift(t_1, (j_1 - 1)))) > 0)) -> + (num_of_pos(i_1, j_1, t_1, + intM_intP_t_8_at_L) = (num_of_pos(i_1, (j_1 - 1), t_1, + intM_intP_t_8_at_L) + 1)))))))) + +axiom num_of_pos_empty: + (forall intM_intP_t_8_at_L:(Object, int32) memory. + (forall i_0:int. + (forall j_0:int. + (forall t_0:Object pointer. + ((i_0 >= j_0) -> (num_of_pos(i_0, j_0, t_0, + intM_intP_t_8_at_L) = 0)))))) + +========== file tests/java/why/Muller_po1.why ========== +lemma num_of_pos_non_negative: + (forall intM_intP_t_3_18_at_L:(Object, int32) memory. + (forall i_3:int. + (forall j_3:int. + (forall t_3:Object pointer. (0 <= num_of_pos(i_3, j_3, t_3, + intM_intP_t_3_18_at_L)))))) + ========== file tests/java/why/Muller_po10.why ========== -goal Muller_m_ensures_default_po_9: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_71": ("JC_71": (count0 <= i_4_0)))) +goal Muller_m_ensures_default_po_6: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + ("JC_85": ("JC_80": (0 <= integer_of_int32(i_7_0)))) ========== file tests/java/why/Muller_po11.why ========== -goal Muller_m_ensures_default_po_10: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_72": - ("JC_72": (count0 = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_7))))) +goal Muller_m_ensures_default_po_7: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + ("JC_85": + ("JC_81": (integer_of_int32(i_7_0) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) ========== file tests/java/why/Muller_po12.why ========== -goal Muller_m_ensures_default_po_11: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= i_4_0)))) +goal Muller_m_ensures_default_po_8: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + ("JC_85": ("JC_82": (0 <= integer_of_int32(count0)))) ========== file tests/java/why/Muller_po13.why ========== -goal Muller_m_ensures_default_po_12: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_69": - ("JC_69": (i_4_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) +goal Muller_m_ensures_default_po_9: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + ("JC_85": ("JC_83": (integer_of_int32(count0) <= integer_of_int32(i_7_0)))) ========== file tests/java/why/Muller_po14.why ========== -goal Muller_m_ensures_default_po_13: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= count)))) +goal Muller_m_ensures_default_po_10: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + ("JC_85": + ("JC_84": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_7, intM_intP_t_7_9)))) ========== file tests/java/why/Muller_po15.why ========== -goal Muller_m_ensures_default_po_14: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_71": ("JC_71": (count <= i_4_0)))) +goal Muller_m_ensures_default_po_11: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + ("JC_85": ("JC_80": (0 <= integer_of_int32(i_7_0)))) ========== file tests/java/why/Muller_po16.why ========== -goal Muller_m_ensures_default_po_15: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_72": - ("JC_72": (count = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_7))))) +goal Muller_m_ensures_default_po_12: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + ("JC_85": + ("JC_81": (integer_of_int32(i_7_0) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) ========== file tests/java/why/Muller_po17.why ========== -goal Muller_m_ensures_default_po_16: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= 0)))) +goal Muller_m_ensures_default_po_13: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + ("JC_85": ("JC_82": (0 <= integer_of_int32(count)))) ========== file tests/java/why/Muller_po18.why ========== -goal Muller_m_ensures_default_po_17: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - ("JC_84": - ("JC_80": - ("JC_80": (0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) +goal Muller_m_ensures_default_po_14: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + ("JC_85": ("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7_0)))) ========== file tests/java/why/Muller_po19.why ========== -goal Muller_m_ensures_default_po_18: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count0)))) +goal Muller_m_ensures_default_po_15: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + ("JC_85": + ("JC_84": (integer_of_int32(count) = num_of_pos(0, integer_of_int32(i_7_0), + t_7, intM_intP_t_7_9)))) -========== file tests/java/why/Muller_po1.why ========== -lemma num_of_pos_strictly_increasing: - (forall intM_intP_t_3_16_at_L:(Object, int) memory. - (forall i_3:int. - (forall j_3:int. +========== file tests/java/why/Muller_po2.why ========== +lemma num_of_pos_additive: + (forall intM_intP_t_4_19_at_L:(Object, int32) memory. + (forall i_4:int. + (forall j_4:int. (forall k_1:int. - (forall l:int. - (forall t_3:Object pointer. - (((j_3 < k_1) and - ((k_1 <= l) and (select(intM_intP_t_3_16_at_L, shift(t_3, - k_1)) > 0))) -> - (num_of_pos(i_3, j_3, t_3, - intM_intP_t_3_16_at_L) < num_of_pos(i_3, l, t_3, - intM_intP_t_3_16_at_L))))))))) + (forall t_4:Object pointer. + (((i_4 <= j_4) and (j_4 <= k_1)) -> (num_of_pos(i_4, k_1, t_4, + intM_intP_t_4_19_at_L) = (num_of_pos(i_4, j_4, t_4, + intM_intP_t_4_19_at_L) + num_of_pos(j_4, k_1, t_4, + intM_intP_t_4_19_at_L))))))))) ========== file tests/java/why/Muller_po20.why ========== -goal Muller_m_ensures_default_po_19: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - ("JC_84": ("JC_82": ("JC_82": (count0 <= 0)))) +goal Muller_m_ensures_default_po_16: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + ("JC_96": ("JC_91": (0 <= integer_of_int32(result4)))) ========== file tests/java/why/Muller_po21.why ========== -goal Muller_m_ensures_default_po_20: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - ("JC_84": - ("JC_83": - ("JC_83": (count0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_7))))) +goal Muller_m_ensures_default_po_17: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + ("JC_96": + ("JC_92": + (integer_of_int32(result4) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) ========== file tests/java/why/Muller_po22.why ========== -goal Muller_m_ensures_default_po_21: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= i_5_0)))) +goal Muller_m_ensures_default_po_18: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + ("JC_96": ("JC_93": (0 <= integer_of_int32(count0)))) ========== file tests/java/why/Muller_po23.why ========== -goal Muller_m_ensures_default_po_22: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_80": - ("JC_80": (i_5_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) +goal Muller_m_ensures_default_po_19: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + ("JC_96": + ("JC_94": (integer_of_int32(count0) <= integer_of_int32(result4)))) ========== file tests/java/why/Muller_po24.why ========== -goal Muller_m_ensures_default_po_23: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count2)))) +goal Muller_m_ensures_default_po_20: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + ("JC_96": + ("JC_95": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(result4), t_7, intM_intP_t_7_9)))) ========== file tests/java/why/Muller_po25.why ========== -goal Muller_m_ensures_default_po_24: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_82": ("JC_82": (count2 <= i_5_0)))) +goal Muller_m_ensures_default_po_21: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + ("JC_96": ("JC_91": (0 <= integer_of_int32(i_8_0)))) ========== file tests/java/why/Muller_po26.why ========== -goal Muller_m_ensures_default_po_25: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_83": - ("JC_83": (count2 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_7))))) +goal Muller_m_ensures_default_po_22: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + ("JC_96": + ("JC_92": (integer_of_int32(i_8_0) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) ========== file tests/java/why/Muller_po27.why ========== -goal Muller_m_ensures_default_po_26: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= i_5_0)))) +goal Muller_m_ensures_default_po_23: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + ("JC_96": ("JC_93": (0 <= integer_of_int32(count2)))) ========== file tests/java/why/Muller_po28.why ========== -goal Muller_m_ensures_default_po_27: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_80": - ("JC_80": (i_5_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) +goal Muller_m_ensures_default_po_24: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + ("JC_96": ("JC_94": (integer_of_int32(count2) <= integer_of_int32(i_8_0)))) ========== file tests/java/why/Muller_po29.why ========== -goal Muller_m_ensures_default_po_28: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count1)))) +goal Muller_m_ensures_default_po_25: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + ("JC_96": + ("JC_95": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_8_0), t_7, intM_intP_t_7_9)))) -========== file tests/java/why/Muller_po2.why ========== -goal Muller_m_ensures_default_po_1: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= 0)))) +========== file tests/java/why/Muller_po3.why ========== +lemma num_of_pos_increasing: + (forall intM_intP_t_5_20_at_L:(Object, int32) memory. + (forall i_5:int. + (forall j_5:int. + (forall k_2:int. + (forall t_5:Object pointer. + ((j_5 <= k_2) -> (num_of_pos(i_5, j_5, t_5, + intM_intP_t_5_20_at_L) <= num_of_pos(i_5, k_2, t_5, + intM_intP_t_5_20_at_L)))))))) ========== file tests/java/why/Muller_po30.why ========== -goal Muller_m_ensures_default_po_29: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_82": ("JC_82": (count1 <= i_5_0)))) +goal Muller_m_ensures_default_po_26: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + ("JC_96": ("JC_91": (0 <= integer_of_int32(i_8_0)))) ========== file tests/java/why/Muller_po31.why ========== -goal Muller_m_ensures_default_po_30: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_83": - ("JC_83": (count1 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_7))))) +goal Muller_m_ensures_default_po_27: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + ("JC_96": + ("JC_92": (integer_of_int32(i_8_0) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) ========== file tests/java/why/Muller_po32.why ========== -goal Muller_m_safety_po_1: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) +goal Muller_m_ensures_default_po_28: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + ("JC_96": ("JC_93": (0 <= integer_of_int32(count1)))) ========== file tests/java/why/Muller_po33.why ========== -goal Muller_m_safety_po_2: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - (offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) +goal Muller_m_ensures_default_po_29: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + ("JC_96": ("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8_0)))) ========== file tests/java/why/Muller_po34.why ========== -goal Muller_m_safety_po_3: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4)) +goal Muller_m_ensures_default_po_30: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + ("JC_96": + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8_0), t_7, intM_intP_t_7_9)))) ========== file tests/java/why/Muller_po35.why ========== -goal Muller_m_safety_po_4: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - (0 <= ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) +goal Muller_m_safety_po_1: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) ========== file tests/java/why/Muller_po36.why ========== -goal Muller_m_safety_po_5: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - (("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4_0)) < - ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) +goal Muller_m_safety_po_2: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + (offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) ========== file tests/java/why/Muller_po37.why ========== -goal Muller_m_safety_po_6: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - (0 <= ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) +goal Muller_m_safety_po_3: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7)) ========== file tests/java/why/Muller_po38.why ========== -goal Muller_m_safety_po_7: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - (("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4_0)) < - ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) +goal Muller_m_safety_po_4: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + ((-2147483648) <= (integer_of_int32(count) + 1)) ========== file tests/java/why/Muller_po39.why ========== -goal Muller_m_safety_po_8: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) +goal Muller_m_safety_po_5: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + ((integer_of_int32(count) + 1) <= 2147483647) -========== file tests/java/why/Muller_po3.why ========== -goal Muller_m_ensures_default_po_2: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": - ("JC_69": - ("JC_69": (0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) +========== file tests/java/why/Muller_po4.why ========== +lemma num_of_pos_strictly_increasing: + (forall intM_intP_t_6_21_at_L:(Object, int32) memory. + (forall i_6:int. + (forall n:int. + (forall t_6:Object pointer. + (((0 <= i_6) and + ((i_6 < n) and (integer_of_int32(select(intM_intP_t_6_21_at_L, + shift(t_6, i_6))) > 0))) -> + (num_of_pos(0, i_6, t_6, intM_intP_t_6_21_at_L) < num_of_pos(0, n, + t_6, intM_intP_t_6_21_at_L))))))) ========== file tests/java/why/Muller_po40.why ========== -goal Muller_m_safety_po_9: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - (offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) +goal Muller_m_safety_po_6: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + (((-2147483648) <= (integer_of_int32(count) + 1)) and + ((integer_of_int32(count) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + ((-2147483648) <= (integer_of_int32(i_7) + 1)) ========== file tests/java/why/Muller_po41.why ========== -goal Muller_m_safety_po_10: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4)) +goal Muller_m_safety_po_7: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + (((-2147483648) <= (integer_of_int32(count) + 1)) and + ((integer_of_int32(count) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + ((integer_of_int32(i_7) + 1) <= 2147483647) ========== file tests/java/why/Muller_po42.why ========== -goal Muller_m_safety_po_11: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - (offset_min(Object_Muller_m_9_alloc_table0, result0) <= count1) +goal Muller_m_safety_po_8: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + (((-2147483648) <= (integer_of_int32(count) + 1)) and + ((integer_of_int32(count) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + (((-2147483648) <= (integer_of_int32(i_7) + 1)) and + ((integer_of_int32(i_7) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + (0 <= ("JC_61": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7)))) ========== file tests/java/why/Muller_po43.why ========== -goal Muller_m_safety_po_12: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - (count1 <= offset_max(Object_Muller_m_9_alloc_table0, result0)) +goal Muller_m_safety_po_9: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + (((-2147483648) <= (integer_of_int32(count) + 1)) and + ((integer_of_int32(count) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + (((-2147483648) <= (integer_of_int32(i_7) + 1)) and + ((integer_of_int32(i_7) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + (("JC_61": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7_0))) < ("JC_61": + ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7)))) ========== file tests/java/why/Muller_po44.why ========== -goal Muller_m_safety_po_13: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - ((offset_min(Object_Muller_m_9_alloc_table0, result0) <= count1) and - (count1 <= offset_max(Object_Muller_m_9_alloc_table0, result0))) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) +goal Muller_m_safety_po_10: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + ((-2147483648) <= (integer_of_int32(i_7) + 1)) ========== file tests/java/why/Muller_po45.why ========== -goal Muller_m_safety_po_14: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - ((offset_min(Object_Muller_m_9_alloc_table0, result0) <= count1) and - (count1 <= offset_max(Object_Muller_m_9_alloc_table0, result0))) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - (("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5_0)) < - ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) +goal Muller_m_safety_po_11: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + ((integer_of_int32(i_7) + 1) <= 2147483647) ========== file tests/java/why/Muller_po46.why ========== -goal Muller_m_safety_po_15: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) +goal Muller_m_safety_po_12: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_7) + 1)) and + ((integer_of_int32(i_7) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + (0 <= ("JC_61": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7)))) ========== file tests/java/why/Muller_po47.why ========== -goal Muller_m_safety_po_16: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - (("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5_0)) < - ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) +goal Muller_m_safety_po_13: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_7) + 1)) and + ((integer_of_int32(i_7) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + (("JC_61": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7_0))) < ("JC_61": + ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7)))) -========== file tests/java/why/Muller_po4.why ========== -goal Muller_m_ensures_default_po_3: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= 0)))) +========== file tests/java/why/Muller_po48.why ========== +goal Muller_m_safety_po_14: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -========== file tests/java/why/Muller_po5.why ========== -goal Muller_m_ensures_default_po_4: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_71": ("JC_71": (0 <= 0)))) +========== file tests/java/why/Muller_po49.why ========== +goal Muller_m_safety_po_15: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + (offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) -========== file tests/java/why/Muller_po6.why ========== -goal Muller_m_ensures_default_po_5: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": - ("JC_72": ("JC_72": (0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_7))))) +========== file tests/java/why/Muller_po5.why ========== +goal Muller_m_ensures_default_po_1: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + ("JC_85": ("JC_80": (0 <= integer_of_int32(result0)))) -========== file tests/java/why/Muller_po7.why ========== -goal Muller_m_ensures_default_po_6: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= i_4_0)))) +========== file tests/java/why/Muller_po50.why ========== +goal Muller_m_safety_po_16: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7)) + +========== file tests/java/why/Muller_po51.why ========== +goal Muller_m_safety_po_17: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + ((-2147483648) <= (integer_of_int32(count1) + 1)) + +========== file tests/java/why/Muller_po52.why ========== +goal Muller_m_safety_po_18: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + ((integer_of_int32(count1) + 1) <= 2147483647) + +========== file tests/java/why/Muller_po53.why ========== +goal Muller_m_safety_po_19: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + (offset_min(Object_Muller_m_11_alloc_table0, + result2) <= integer_of_int32(count1)) + +========== file tests/java/why/Muller_po54.why ========== +goal Muller_m_safety_po_20: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + (integer_of_int32(count1) <= offset_max(Object_Muller_m_11_alloc_table0, + result2)) + +========== file tests/java/why/Muller_po55.why ========== +goal Muller_m_safety_po_21: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + ((offset_min(Object_Muller_m_11_alloc_table0, + result2) <= integer_of_int32(count1)) and + (integer_of_int32(count1) <= offset_max(Object_Muller_m_11_alloc_table0, + result2))) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + ((-2147483648) <= (integer_of_int32(i_8) + 1)) + +========== file tests/java/why/Muller_po56.why ========== +goal Muller_m_safety_po_22: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + ((offset_min(Object_Muller_m_11_alloc_table0, + result2) <= integer_of_int32(count1)) and + (integer_of_int32(count1) <= offset_max(Object_Muller_m_11_alloc_table0, + result2))) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + ((integer_of_int32(i_8) + 1) <= 2147483647) + +========== file tests/java/why/Muller_po57.why ========== +goal Muller_m_safety_po_23: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + ((offset_min(Object_Muller_m_11_alloc_table0, + result2) <= integer_of_int32(count1)) and + (integer_of_int32(count1) <= offset_max(Object_Muller_m_11_alloc_table0, + result2))) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + (((-2147483648) <= (integer_of_int32(i_8) + 1)) and + ((integer_of_int32(i_8) + 1) <= 2147483647)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + (0 <= ("JC_79": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8)))) + +========== file tests/java/why/Muller_po58.why ========== +goal Muller_m_safety_po_24: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + ((offset_min(Object_Muller_m_11_alloc_table0, + result2) <= integer_of_int32(count1)) and + (integer_of_int32(count1) <= offset_max(Object_Muller_m_11_alloc_table0, + result2))) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + (((-2147483648) <= (integer_of_int32(i_8) + 1)) and + ((integer_of_int32(i_8) + 1) <= 2147483647)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + (("JC_79": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8_0))) < ("JC_79": + ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8)))) + +========== file tests/java/why/Muller_po59.why ========== +goal Muller_m_safety_po_25: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + ((-2147483648) <= (integer_of_int32(i_8) + 1)) + +========== file tests/java/why/Muller_po6.why ========== +goal Muller_m_ensures_default_po_2: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + ("JC_85": + ("JC_81": + (integer_of_int32(result0) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) + +========== file tests/java/why/Muller_po60.why ========== +goal Muller_m_safety_po_26: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + ((integer_of_int32(i_8) + 1) <= 2147483647) + +========== file tests/java/why/Muller_po61.why ========== +goal Muller_m_safety_po_27: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_8) + 1)) and + ((integer_of_int32(i_8) + 1) <= 2147483647)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + (0 <= ("JC_79": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8)))) + +========== file tests/java/why/Muller_po62.why ========== +goal Muller_m_safety_po_28: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_8) + 1)) and + ((integer_of_int32(i_8) + 1) <= 2147483647)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + (("JC_79": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8_0))) < ("JC_79": + ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8)))) + +========== file tests/java/why/Muller_po7.why ========== +goal Muller_m_ensures_default_po_3: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + ("JC_85": ("JC_82": (0 <= integer_of_int32(result)))) ========== file tests/java/why/Muller_po8.why ========== -goal Muller_m_ensures_default_po_7: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_69": - ("JC_69": (i_4_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) +goal Muller_m_ensures_default_po_4: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + ("JC_85": + ("JC_83": (integer_of_int32(result) <= integer_of_int32(result0)))) ========== file tests/java/why/Muller_po9.why ========== -goal Muller_m_ensures_default_po_8: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= count0)))) +goal Muller_m_ensures_default_po_5: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + ("JC_85": + ("JC_84": (integer_of_int32(result) = num_of_pos(0, + integer_of_int32(result0), t_7, intM_intP_t_7_9)))) ========== generation of Simplify VC output ========== why -simplify [...] why/Muller.why @@ -6458,7 +8224,7 @@ (EQ (parenttag Muller_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_x_2_alloc_table) - (EQ (offset_max Object_x_2_alloc_table x_1) 0)) + (>= (offset_max Object_x_2_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_x_1_alloc_table) (>= (offset_max Object_x_1_alloc_table x_0) (- 0 1))) @@ -6488,6 +8254,66 @@ (EQ (parenttag Throwable_tag Object_tag) |@true|)) (BG_PUSH + ;; Why axiom byte_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 128) x) (<= x 127)) + (EQ (integer_of_byte (byte_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom byte_range + (FORALL (x) + (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) + +(BG_PUSH + ;; Why axiom char_coerce + (FORALL (x) + (IMPLIES (AND (<= 0 x) (<= x 65535)) + (EQ (integer_of_char (char_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom char_range + (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) + +(DEFPRED (eq_byte x y) (EQ (integer_of_byte x) (integer_of_byte y))) + +(DEFPRED (eq_char x y) (EQ (integer_of_char x) (integer_of_char y))) + +(DEFPRED (eq_int32 x y) (EQ (integer_of_int32 x) (integer_of_int32 y))) + +(DEFPRED (eq_long x y) (EQ (integer_of_long x) (integer_of_long y))) + +(DEFPRED (eq_short x y) (EQ (integer_of_short x) (integer_of_short y))) + +(BG_PUSH + ;; Why axiom int32_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_2147483648) x) + (<= x constant_too_large_2147483647)) + (EQ (integer_of_int32 (int32_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom int32_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) + (<= (integer_of_int32 x) constant_too_large_2147483647)))) + +(BG_PUSH ;; Why axiom intM_parenttag_Object (EQ (parenttag intM_tag Object_tag) |@true|)) @@ -6530,61 +8356,23 @@ (<= (offset_min interface_alloc_table p) a)) (BG_PUSH - ;; Why axiom num_of_pos_empty - (FORALL (intM_intP_t_6_at_L i_0 j_0 t_0) - (IMPLIES (> i_0 j_0) (EQ (num_of_pos i_0 j_0 t_0 intM_intP_t_6_at_L) 0))) - - (FORALL (i_0 j_0) - (IMPLIES (> i_0 j_0) - (FORALL (intM_intP_t_6_at_L t_0) - (EQ (num_of_pos i_0 j_0 t_0 intM_intP_t_6_at_L) 0))))) - -(BG_PUSH - ;; Why axiom num_of_pos_false_case - (FORALL (intM_intP_t_6_at_L i_2 j_2 k_0 t_2) - (IMPLIES - (AND (<= i_2 j_2) (NOT (> (select intM_intP_t_6_at_L (shift t_2 j_2)) 0))) - (EQ (num_of_pos i_2 j_2 t_2 intM_intP_t_6_at_L) - (num_of_pos i_2 (- j_2 1) t_2 intM_intP_t_6_at_L)))) - - (FORALL (intM_intP_t_6_at_L i_2 j_2 t_2) + ;; Why axiom long_coerce + (FORALL (x) (IMPLIES - (AND (<= i_2 j_2) (NOT (> (select intM_intP_t_6_at_L (shift t_2 j_2)) 0))) - (FORALL (k_0) - (EQ (num_of_pos i_2 j_2 t_2 intM_intP_t_6_at_L) - (num_of_pos i_2 (- j_2 1) t_2 intM_intP_t_6_at_L)))))) - -;; num_of_pos_strictly_increasing, File "HOME/tests/java/Muller.jc", line 87, characters 0-320 -(FORALL (intM_intP_t_3_16_at_L i_3 j_3 k_1 l t_3) -(IMPLIES -(AND (< j_3 k_1) -(AND (<= k_1 l) (> (select intM_intP_t_3_16_at_L (shift t_3 k_1)) 0))) -(< (num_of_pos i_3 j_3 t_3 intM_intP_t_3_16_at_L) (num_of_pos - i_3 l t_3 intM_intP_t_3_16_at_L)))) + (AND (<= (- 0 constant_too_large_9223372036854775808) x) + (<= x constant_too_large_9223372036854775807)) + (EQ (integer_of_long (long_of_integer x)) x)))) (BG_PUSH - ;; lemma num_of_pos_strictly_increasing as axiom -(FORALL (intM_intP_t_3_16_at_L i_3 j_3 k_1 l t_3) -(IMPLIES -(AND (< j_3 k_1) -(AND (<= k_1 l) (> (select intM_intP_t_3_16_at_L (shift t_3 k_1)) 0))) -(< (num_of_pos i_3 j_3 t_3 intM_intP_t_3_16_at_L) (num_of_pos - i_3 l t_3 intM_intP_t_3_16_at_L))))) + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) (BG_PUSH - ;; Why axiom num_of_pos_true_case - (FORALL (intM_intP_t_6_at_L i_1 j_1 k t_1) - (IMPLIES - (AND (<= i_1 j_1) (> (select intM_intP_t_6_at_L (shift t_1 j_1)) 0)) - (EQ (num_of_pos i_1 j_1 t_1 intM_intP_t_6_at_L) - (+ (num_of_pos i_1 (- j_1 1) t_1 intM_intP_t_6_at_L) 1)))) - - (FORALL (intM_intP_t_6_at_L i_1 j_1 t_1) - (IMPLIES - (AND (<= i_1 j_1) (> (select intM_intP_t_6_at_L (shift t_1 j_1)) 0)) - (FORALL (k) - (EQ (num_of_pos i_1 j_1 t_1 intM_intP_t_6_at_L) - (+ (num_of_pos i_1 (- j_1 1) t_1 intM_intP_t_6_at_L) 1)))))) + ;; Why axiom long_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) + (<= (integer_of_long x) constant_too_large_9223372036854775807)))) (BG_PUSH ;; Why axiom pointer_addr_of_Object_of_pointer_address @@ -6615,6 +8403,22 @@ (DEFPRED (right_valid_struct_interface p b interface_alloc_table) (>= (offset_max interface_alloc_table p) b)) +(BG_PUSH + ;; Why axiom short_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 32768) x) (<= x 32767)) + (EQ (integer_of_short (short_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom short_range + (FORALL (x) + (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) + (DEFPRED (strict_valid_root_Object p a b Object_alloc_table) (AND (EQ (offset_min Object_alloc_table p) a) (EQ (offset_max Object_alloc_table p) b))) @@ -6646,29 +8450,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Muller p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -6700,1683 +8481,3253 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; Muller_m_ensures_default_po_1, File "HOME/tests/java/Muller.java", line 63, characters 8-14 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(<= 0 0)))) - -;; Muller_m_ensures_default_po_2, File "HOME/tests/java/Muller.java", line 63, characters 18-31 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(<= 0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1))))) - -;; Muller_m_ensures_default_po_3, File "HOME/tests/java/Muller.java", line 64, characters 8-18 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(<= 0 0)))) - -;; Muller_m_ensures_default_po_4, File "HOME/tests/java/Muller.java", line 64, characters 22-32 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(<= 0 0)))) - -;; Muller_m_ensures_default_po_5, File "HOME/tests/java/Muller.java", line 65, characters 8-36 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(EQ 0 (num_of_pos 0 (- 0 1) t_4 intM_intP_t_4_7)))))) - -;; Muller_m_ensures_default_po_6, File "HOME/tests/java/Muller.java", line 63, characters 8-14 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) +(BG_PUSH + ;; Why axiom num_of_pos_false_case + (FORALL (intM_intP_t_8_at_L i_2 j_2 k_0 t_2) + (IMPLIES + (AND (< i_2 j_2) + (NOT + (> (integer_of_int32 (select intM_intP_t_8_at_L (shift t_2 (- j_2 1)))) 0))) + (EQ (num_of_pos i_2 j_2 t_2 intM_intP_t_8_at_L) + (num_of_pos i_2 (- j_2 1) t_2 intM_intP_t_8_at_L)))) + + (FORALL (intM_intP_t_8_at_L i_2 j_2 t_2) + (IMPLIES + (AND (< i_2 j_2) + (NOT + (> (integer_of_int32 (select intM_intP_t_8_at_L (shift t_2 (- j_2 1)))) 0))) + (FORALL (k_0) + (EQ (num_of_pos i_2 j_2 t_2 intM_intP_t_8_at_L) + (num_of_pos i_2 (- j_2 1) t_2 intM_intP_t_8_at_L)))))) + +(BG_PUSH + ;; Why axiom num_of_pos_true_case + (FORALL (intM_intP_t_8_at_L i_1 j_1 k t_1) + (IMPLIES + (AND (< i_1 j_1) + (> (integer_of_int32 (select intM_intP_t_8_at_L (shift t_1 (- j_1 1)))) 0)) + (EQ (num_of_pos i_1 j_1 t_1 intM_intP_t_8_at_L) + (+ (num_of_pos i_1 (- j_1 1) t_1 intM_intP_t_8_at_L) 1)))) + + (FORALL (intM_intP_t_8_at_L i_1 j_1 t_1) + (IMPLIES + (AND (< i_1 j_1) + (> (integer_of_int32 (select intM_intP_t_8_at_L (shift t_1 (- j_1 1)))) 0)) + (FORALL (k) + (EQ (num_of_pos i_1 j_1 t_1 intM_intP_t_8_at_L) + (+ (num_of_pos i_1 (- j_1 1) t_1 intM_intP_t_8_at_L) 1)))))) + +(BG_PUSH + ;; Why axiom num_of_pos_empty + (FORALL (intM_intP_t_8_at_L i_0 j_0 t_0) + (IMPLIES (>= i_0 j_0) (EQ (num_of_pos i_0 j_0 t_0 intM_intP_t_8_at_L) 0))) + + (FORALL (i_0 j_0) + (IMPLIES (>= i_0 j_0) + (FORALL (intM_intP_t_8_at_L t_0) + (EQ (num_of_pos i_0 j_0 t_0 intM_intP_t_8_at_L) 0))))) + +;; num_of_pos_non_negative, File "HOME/tests/java/Muller.java", line 51, characters 10-33 +(FORALL (intM_intP_t_3_18_at_L i_3 j_3 t_3) +(<= 0 (num_of_pos i_3 j_3 t_3 intM_intP_t_3_18_at_L))) + +(BG_PUSH + ;; lemma num_of_pos_non_negative as axiom +(FORALL (intM_intP_t_3_18_at_L i_3 j_3 t_3) +(<= 0 (num_of_pos i_3 j_3 t_3 intM_intP_t_3_18_at_L)))) + +;; num_of_pos_additive, File "HOME/tests/java/Muller.java", line 55, characters 10-29 +(FORALL (intM_intP_t_4_19_at_L i_4 j_4 k_1 t_4) +(IMPLIES (AND (<= i_4 j_4) (<= j_4 k_1)) +(EQ (num_of_pos i_4 k_1 t_4 intM_intP_t_4_19_at_L) +(+ (num_of_pos i_4 j_4 t_4 intM_intP_t_4_19_at_L) (num_of_pos + j_4 k_1 t_4 intM_intP_t_4_19_at_L))))) + +(BG_PUSH + ;; lemma num_of_pos_additive as axiom +(FORALL (intM_intP_t_4_19_at_L i_4 j_4 k_1 t_4) +(IMPLIES (AND (<= i_4 j_4) (<= j_4 k_1)) +(EQ (num_of_pos i_4 k_1 t_4 intM_intP_t_4_19_at_L) +(+ (num_of_pos i_4 j_4 t_4 intM_intP_t_4_19_at_L) (num_of_pos + j_4 k_1 t_4 intM_intP_t_4_19_at_L)))))) + +;; num_of_pos_increasing, File "HOME/tests/java/Muller.java", line 60, characters 10-31 +(FORALL (intM_intP_t_5_20_at_L i_5 j_5 k_2 t_5) +(IMPLIES (<= j_5 k_2) +(<= (num_of_pos i_5 j_5 t_5 intM_intP_t_5_20_at_L) (num_of_pos + i_5 k_2 t_5 intM_intP_t_5_20_at_L)))) + +(BG_PUSH + ;; lemma num_of_pos_increasing as axiom +(FORALL (intM_intP_t_5_20_at_L i_5 j_5 k_2 t_5) +(IMPLIES (<= j_5 k_2) +(<= (num_of_pos i_5 j_5 t_5 intM_intP_t_5_20_at_L) (num_of_pos + i_5 k_2 t_5 intM_intP_t_5_20_at_L))))) + +;; num_of_pos_strictly_increasing, File "HOME/tests/java/Muller.java", line 65, characters 10-40 +(FORALL (intM_intP_t_6_21_at_L i_6 n t_6) +(IMPLIES +(AND (<= 0 i_6) +(AND (< i_6 n) +(> (integer_of_int32 (select intM_intP_t_6_21_at_L (shift t_6 i_6))) 0))) +(< (num_of_pos 0 i_6 t_6 intM_intP_t_6_21_at_L) (num_of_pos + 0 n t_6 intM_intP_t_6_21_at_L)))) + +(BG_PUSH + ;; lemma num_of_pos_strictly_increasing as axiom +(FORALL (intM_intP_t_6_21_at_L i_6 n t_6) +(IMPLIES +(AND (<= 0 i_6) +(AND (< i_6 n) +(> (integer_of_int32 (select intM_intP_t_6_21_at_L (shift t_6 i_6))) 0))) +(< (num_of_pos 0 i_6 t_6 intM_intP_t_6_21_at_L) (num_of_pos + 0 n t_6 intM_intP_t_6_21_at_L))))) + +;; Muller_m_ensures_default_po_1, File "HOME/tests/java/Muller.java", line 79, characters 8-14 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) (<= 0 (integer_of_int32 result0))))))))) + +;; Muller_m_ensures_default_po_2, File "HOME/tests/java/Muller.java", line 79, characters 13-26 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (> result0 0) -(FORALL (count0) -(IMPLIES (EQ count0 (+ count 1)) -(FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= 0 i_4_0)))))))))))))))))) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(<= (integer_of_int32 result0) (+ (offset_max Object_t_7_9_alloc_table t_7) 1))))))))) + +;; Muller_m_ensures_default_po_3, File "HOME/tests/java/Muller.java", line 80, characters 8-18 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) (<= 0 (integer_of_int32 result))))))))) + +;; Muller_m_ensures_default_po_4, File "HOME/tests/java/Muller.java", line 80, characters 13-23 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(<= (integer_of_int32 result) (integer_of_int32 result0))))))))) -;; Muller_m_ensures_default_po_7, File "HOME/tests/java/Muller.java", line 63, characters 18-31 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) +;; Muller_m_ensures_default_po_5, File "HOME/tests/java/Muller.java", line 81, characters 8-34 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(EQ (integer_of_int32 result) +(num_of_pos 0 (integer_of_int32 result0) t_7 intM_intP_t_7_9)))))))))) + +;; Muller_m_ensures_default_po_6, File "HOME/tests/java/Muller.java", line 79, characters 8-14 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 count) 1)) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) (IMPLIES (EQ i_7_0 result4) (<= 0 (integer_of_int32 i_7_0))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_7, File "HOME/tests/java/Muller.java", line 79, characters 13-26 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 count) 1)) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result4) +(<= (integer_of_int32 i_7_0) (+ (offset_max Object_t_7_9_alloc_table t_7) 1))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_8, File "HOME/tests/java/Muller.java", line 80, characters 8-18 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 count) 1)) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result4) (<= 0 (integer_of_int32 count0))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_9, File "HOME/tests/java/Muller.java", line 80, characters 13-23 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (> result0 0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 count) 1)) (FORALL (count0) -(IMPLIES (EQ count0 (+ count 1)) -(FORALL (i_4_0) -(IMPLIES (EQ i_4_0 (+ i_4 1)) -(<= i_4_0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1))))))))))))))))))) - -;; Muller_m_ensures_default_po_8, File "HOME/tests/java/Muller.java", line 64, characters 8-18 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result4) +(<= (integer_of_int32 count0) (integer_of_int32 i_7_0))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_10, File "HOME/tests/java/Muller.java", line 81, characters 8-34 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (> result0 0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 count) 1)) (FORALL (count0) -(IMPLIES (EQ count0 (+ count 1)) -(FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= 0 count0)))))))))))))))))) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result4) +(EQ (integer_of_int32 count0) +(num_of_pos 0 (integer_of_int32 i_7_0) t_7 intM_intP_t_7_9))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_11, File "HOME/tests/java/Muller.java", line 79, characters 8-14 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (<= (integer_of_int32 result2) 0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) (IMPLIES (EQ i_7_0 result3) (<= 0 (integer_of_int32 i_7_0))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_12, File "HOME/tests/java/Muller.java", line 79, characters 13-26 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (<= (integer_of_int32 result2) 0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result3) +(<= (integer_of_int32 i_7_0) (+ (offset_max Object_t_7_9_alloc_table t_7) 1))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_13, File "HOME/tests/java/Muller.java", line 80, characters 8-18 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (<= (integer_of_int32 result2) 0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) (IMPLIES (EQ i_7_0 result3) (<= 0 (integer_of_int32 count))))))))))))))))))))))) -;; Muller_m_ensures_default_po_9, File "HOME/tests/java/Muller.java", line 64, characters 22-32 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) +;; Muller_m_ensures_default_po_14, File "HOME/tests/java/Muller.java", line 80, characters 13-23 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (<= (integer_of_int32 result2) 0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result3) +(<= (integer_of_int32 count) (integer_of_int32 i_7_0))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_15, File "HOME/tests/java/Muller.java", line 81, characters 8-34 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (<= (integer_of_int32 result2) 0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result3) +(EQ (integer_of_int32 count) +(num_of_pos 0 (integer_of_int32 i_7_0) t_7 intM_intP_t_7_9))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_16, File "HOME/tests/java/Muller.java", line 90, characters 8-14 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (<= 0 (integer_of_int32 result4))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_17, File "HOME/tests/java/Muller.java", line 90, characters 13-26 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(<= (integer_of_int32 result4) (+ (offset_max Object_t_7_9_alloc_table t_7) 1))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_18, File "HOME/tests/java/Muller.java", line 91, characters 8-18 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (<= 0 (integer_of_int32 count0))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_19, File "HOME/tests/java/Muller.java", line 91, characters 13-23 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(<= (integer_of_int32 count0) (integer_of_int32 result4))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_20, File "HOME/tests/java/Muller.java", line 92, characters 8-34 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(EQ (integer_of_int32 count0) +(num_of_pos 0 (integer_of_int32 result4) t_7 intM_intP_t_7_9))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_21, File "HOME/tests/java/Muller.java", line 90, characters 8-14 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(FORALL (count1) +(FORALL (i_8) +(FORALL (intM_intP_Muller_m_11) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(FORALL (intM_intP_Muller_m_11_0) +(IMPLIES (EQ intM_intP_Muller_m_11_0 + (|why__store| + intM_intP_Muller_m_11 (shift result2 (integer_of_int32 count1)) result7)) +(FORALL (result9) +(IMPLIES (EQ (integer_of_int32 result9) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) (IMPLIES (EQ i_8_0 result9) (<= 0 (integer_of_int32 i_8_0))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_22, File "HOME/tests/java/Muller.java", line 90, characters 13-26 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(FORALL (count1) +(FORALL (i_8) +(FORALL (intM_intP_Muller_m_11) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(FORALL (intM_intP_Muller_m_11_0) +(IMPLIES (EQ intM_intP_Muller_m_11_0 + (|why__store| + intM_intP_Muller_m_11 (shift result2 (integer_of_int32 count1)) result7)) +(FORALL (result9) +(IMPLIES (EQ (integer_of_int32 result9) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result9) +(<= (integer_of_int32 i_8_0) (+ (offset_max Object_t_7_9_alloc_table t_7) 1))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_23, File "HOME/tests/java/Muller.java", line 91, characters 8-18 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(FORALL (count1) +(FORALL (i_8) +(FORALL (intM_intP_Muller_m_11) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(FORALL (intM_intP_Muller_m_11_0) +(IMPLIES (EQ intM_intP_Muller_m_11_0 + (|why__store| + intM_intP_Muller_m_11 (shift result2 (integer_of_int32 count1)) result7)) +(FORALL (result9) +(IMPLIES (EQ (integer_of_int32 result9) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result9) (<= 0 (integer_of_int32 count2))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_24, File "HOME/tests/java/Muller.java", line 91, characters 13-23 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(FORALL (count1) +(FORALL (i_8) +(FORALL (intM_intP_Muller_m_11) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(FORALL (intM_intP_Muller_m_11_0) +(IMPLIES (EQ intM_intP_Muller_m_11_0 + (|why__store| + intM_intP_Muller_m_11 (shift result2 (integer_of_int32 count1)) result7)) +(FORALL (result9) +(IMPLIES (EQ (integer_of_int32 result9) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result9) +(<= (integer_of_int32 count2) (integer_of_int32 i_8_0))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_25, File "HOME/tests/java/Muller.java", line 92, characters 8-34 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(FORALL (count1) +(FORALL (i_8) +(FORALL (intM_intP_Muller_m_11) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(FORALL (intM_intP_Muller_m_11_0) +(IMPLIES (EQ intM_intP_Muller_m_11_0 + (|why__store| + intM_intP_Muller_m_11 (shift result2 (integer_of_int32 count1)) result7)) +(FORALL (result9) +(IMPLIES (EQ (integer_of_int32 result9) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result9) +(EQ (integer_of_int32 count2) +(num_of_pos 0 (integer_of_int32 i_8_0) t_7 intM_intP_t_7_9))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_26, File "HOME/tests/java/Muller.java", line 90, characters 8-14 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(FORALL (count1) +(FORALL (i_8) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (<= (integer_of_int32 result6) 0) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) (IMPLIES (EQ i_8_0 result7) (<= 0 (integer_of_int32 i_8_0)))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_27, File "HOME/tests/java/Muller.java", line 90, characters 13-26 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(FORALL (count1) +(FORALL (i_8) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (<= (integer_of_int32 result6) 0) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result7) +(<= (integer_of_int32 i_8_0) (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_28, File "HOME/tests/java/Muller.java", line 91, characters 8-18 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(FORALL (count1) +(FORALL (i_8) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (<= (integer_of_int32 result6) 0) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result7) (<= 0 (integer_of_int32 count1)))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_29, File "HOME/tests/java/Muller.java", line 91, characters 13-23 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(FORALL (count1) +(FORALL (i_8) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (<= (integer_of_int32 result6) 0) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result7) +(<= (integer_of_int32 count1) (integer_of_int32 i_8_0)))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_ensures_default_po_30, File "HOME/tests/java/Muller.java", line 92, characters 8-34 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) +(IMPLIES (AND + (strict_valid_struct_intM + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) + (AND + (EQ (alloc_extends + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) +(FORALL (count0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) +(FORALL (count1) +(FORALL (i_8) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (<= (integer_of_int32 result6) 0) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result7) +(EQ (integer_of_int32 count1) +(num_of_pos 0 (integer_of_int32 i_8_0) t_7 intM_intP_t_7_9)))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_1, File "why/Muller.why", line 902, characters 54-230 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)))))))))))))) + +;; Muller_m_safety_po_2, File "HOME/tests/java/Muller.java", line 84, characters 39-43 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)))))))))))))))))) + +;; Muller_m_safety_po_3, File "HOME/tests/java/Muller.java", line 84, characters 39-43 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7)))))))))))))))))) + +;; Muller_m_safety_po_4, File "HOME/tests/java/Muller.jc", line 160, characters 69-77 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)) + (<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count) 1)))))))))))))))))))))) + +;; Muller_m_safety_po_5, File "HOME/tests/java/Muller.jc", line 160, characters 69-77 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)) + (<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) +(<= (+ (integer_of_int32 count) 1) constant_too_large_2147483647))))))))))))))))))))) + +;; Muller_m_safety_po_6, File "HOME/tests/java/Muller.jc", line 158, characters 24-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (> result0 0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)) + (<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count) 1)) + (<= (+ (integer_of_int32 count) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 count) 1)) (FORALL (count0) -(IMPLIES (EQ count0 (+ count 1)) -(FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= count0 i_4_0)))))))))))))))))) +(IMPLIES (EQ count0 result3) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_7) 1))))))))))))))))))))))))))) -;; Muller_m_ensures_default_po_10, File "HOME/tests/java/Muller.java", line 65, characters 8-36 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) -(FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (> result0 0) -(FORALL (count0) -(IMPLIES (EQ count0 (+ count 1)) -(FORALL (i_4_0) -(IMPLIES (EQ i_4_0 (+ i_4 1)) -(EQ count0 (num_of_pos 0 (- i_4_0 1) t_4 intM_intP_t_4_7))))))))))))))))))) - -;; Muller_m_ensures_default_po_11, File "HOME/tests/java/Muller.java", line 63, characters 8-14 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) -(FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (<= result0 0) -(FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= 0 i_4_0)))))))))))))))) - -;; Muller_m_ensures_default_po_12, File "HOME/tests/java/Muller.java", line 63, characters 18-31 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) -(FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (<= result0 0) -(FORALL (i_4_0) -(IMPLIES (EQ i_4_0 (+ i_4 1)) -(<= i_4_0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1))))))))))))))))) - -;; Muller_m_ensures_default_po_13, File "HOME/tests/java/Muller.java", line 64, characters 8-18 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) -(FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (<= result0 0) -(FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= 0 count)))))))))))))))) - -;; Muller_m_ensures_default_po_14, File "HOME/tests/java/Muller.java", line 64, characters 22-32 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) -(FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (<= result0 0) -(FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= count i_4_0)))))))))))))))) - -;; Muller_m_ensures_default_po_15, File "HOME/tests/java/Muller.java", line 65, characters 8-36 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) -(FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (<= result0 0) -(FORALL (i_4_0) -(IMPLIES (EQ i_4_0 (+ i_4 1)) -(EQ count (num_of_pos 0 (- i_4_0 1) t_4 intM_intP_t_4_7))))))))))))))))) - -;; Muller_m_ensures_default_po_16, File "HOME/tests/java/Muller.java", line 74, characters 8-14 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) +;; Muller_m_safety_po_7, File "HOME/tests/java/Muller.jc", line 158, characters 24-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) -(IMPLIES (AND - (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) (AND - (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) -(FORALL (count0) (IMPLIES (EQ count0 0) (<= 0 0)))))))))))))))))) - -;; Muller_m_ensures_default_po_17, File "HOME/tests/java/Muller.java", line 74, characters 18-31 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) (IMPLIES (AND - (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) - (AND - (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)) + (<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count) 1)) + (<= (+ (integer_of_int32 count) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 count) 1)) (FORALL (count0) -(IMPLIES (EQ count0 0) -(<= 0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1))))))))))))))))))) +(IMPLIES (EQ count0 result3) +(<= (+ (integer_of_int32 i_7) 1) constant_too_large_2147483647)))))))))))))))))))))))))) -;; Muller_m_ensures_default_po_18, File "HOME/tests/java/Muller.java", line 75, characters 8-18 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) +;; Muller_m_safety_po_8, File "HOME/tests/java/Muller.java", line 82, characters 18-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) -(IMPLIES (AND - (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) (AND - (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) -(FORALL (count0) (IMPLIES (EQ count0 0) (<= 0 count0)))))))))))))))))) - -;; Muller_m_ensures_default_po_19, File "HOME/tests/java/Muller.java", line 75, characters 22-32 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) (IMPLIES (AND - (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) - (AND - (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) -(FORALL (count0) (IMPLIES (EQ count0 0) (<= count0 0)))))))))))))))))) - -;; Muller_m_ensures_default_po_20, File "HOME/tests/java/Muller.java", line 76, characters 8-36 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)) + (<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) (IMPLIES (AND - (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) - (AND - (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count) 1)) + (<= (+ (integer_of_int32 count) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 count) 1)) (FORALL (count0) -(IMPLIES (EQ count0 0) -(EQ count0 (num_of_pos 0 (- 0 1) t_4 intM_intP_t_4_7))))))))))))))))))) - -;; Muller_m_ensures_default_po_21, File "HOME/tests/java/Muller.java", line 74, characters 8-14 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) +(IMPLIES (EQ count0 result3) (IMPLIES (AND - (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_7) 1)) + (<= (+ (integer_of_int32 i_7) 1) constant_too_large_2147483647)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result4) +(<= 0 (- (+ (offset_max Object_t_7_9_alloc_table t_7) 1) (integer_of_int32 + i_7))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_9, File "HOME/tests/java/Muller.java", line 82, characters 18-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) (AND - (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) -(FORALL (count0) -(IMPLIES (EQ count0 0) -(FORALL (count1) -(FORALL (i_5) -(FORALL (intM_intP_Muller_m_9) -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)) + (<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7))) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (> result2 0) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (> (integer_of_int32 result2) 0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count) 1)) + (<= (+ (integer_of_int32 count) 1) constant_too_large_2147483647)) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) -(FORALL (count2) -(IMPLIES (EQ count2 (+ count1 1)) -(FORALL (intM_intP_Muller_m_9_0) -(IMPLIES (EQ intM_intP_Muller_m_9_0 - (|why__store| intM_intP_Muller_m_9 (shift result0 count1) result3)) -(FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 i_5_0)))))))))))))))))))))))))))))))))))) - -;; Muller_m_ensures_default_po_22, File "HOME/tests/java/Muller.java", line 74, characters 18-31 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 count) 1)) +(FORALL (count0) +(IMPLIES (EQ count0 result3) (IMPLIES (AND - (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_7) 1)) + (<= (+ (integer_of_int32 i_7) 1) constant_too_large_2147483647)) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result4) +(< (- (+ (offset_max Object_t_7_9_alloc_table t_7) 1) (integer_of_int32 + i_7_0)) (- (+ (offset_max + Object_t_7_9_alloc_table t_7) 1) + (integer_of_int32 + i_7))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_10, File "HOME/tests/java/Muller.jc", line 158, characters 24-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) (AND - (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) -(FORALL (count0) -(IMPLIES (EQ count0 0) -(FORALL (count1) -(FORALL (i_5) -(FORALL (intM_intP_Muller_m_9) -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)) + (<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7))) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (> result2 0) -(FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) -(FORALL (count2) -(IMPLIES (EQ count2 (+ count1 1)) -(FORALL (intM_intP_Muller_m_9_0) -(IMPLIES (EQ intM_intP_Muller_m_9_0 - (|why__store| intM_intP_Muller_m_9 (shift result0 count1) result3)) -(FORALL (i_5_0) -(IMPLIES (EQ i_5_0 (+ i_5 1)) -(<= i_5_0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1))))))))))))))))))))))))))))))))))))) - -;; Muller_m_ensures_default_po_23, File "HOME/tests/java/Muller.java", line 75, characters 8-18 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (<= (integer_of_int32 result2) 0) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_7) 1)))))))))))))))))))))) + +;; Muller_m_safety_po_11, File "HOME/tests/java/Muller.jc", line 158, characters 24-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) (IMPLIES (AND - (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)) + (<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (<= (integer_of_int32 result2) 0) +(<= (+ (integer_of_int32 i_7) 1) constant_too_large_2147483647))))))))))))))))))))) + +;; Muller_m_safety_po_12, File "HOME/tests/java/Muller.java", line 82, characters 18-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) (AND - (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) -(FORALL (count0) -(IMPLIES (EQ count0 0) -(FORALL (count1) -(FORALL (i_5) -(FORALL (intM_intP_Muller_m_9) -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)) + (<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7))) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (> result2 0) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (<= (integer_of_int32 result2) 0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_7) 1)) + (<= (+ (integer_of_int32 i_7) 1) constant_too_large_2147483647)) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) -(FORALL (count2) -(IMPLIES (EQ count2 (+ count1 1)) -(FORALL (intM_intP_Muller_m_9_0) -(IMPLIES (EQ intM_intP_Muller_m_9_0 - (|why__store| intM_intP_Muller_m_9 (shift result0 count1) result3)) -(FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 count2)))))))))))))))))))))))))))))))))))) - -;; Muller_m_ensures_default_po_24, File "HOME/tests/java/Muller.java", line 75, characters 22-32 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result3) +(<= 0 (- (+ (offset_max Object_t_7_9_alloc_table t_7) 1) (integer_of_int32 + i_7)))))))))))))))))))))))))))) + +;; Muller_m_safety_po_13, File "HOME/tests/java/Muller.java", line 82, characters 18-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) -(IMPLIES (AND - (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) (AND - (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) -(FORALL (count0) -(IMPLIES (EQ count0 0) -(FORALL (count1) -(FORALL (i_5) -(FORALL (intM_intP_Muller_m_9) -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_7) result1) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_7)) + (<= (integer_of_int32 i_7) (offset_max Object_t_7_9_alloc_table t_7))) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (> result2 0) +(IMPLIES (EQ result2 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_7)))) +(IMPLIES (<= (integer_of_int32 result2) 0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_7) 1)) + (<= (+ (integer_of_int32 i_7) 1) constant_too_large_2147483647)) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) -(FORALL (count2) -(IMPLIES (EQ count2 (+ count1 1)) -(FORALL (intM_intP_Muller_m_9_0) -(IMPLIES (EQ intM_intP_Muller_m_9_0 - (|why__store| intM_intP_Muller_m_9 (shift result0 count1) result3)) -(FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= count2 i_5_0)))))))))))))))))))))))))))))))))))) - -;; Muller_m_ensures_default_po_25, File "HOME/tests/java/Muller.java", line 76, characters 8-36 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_7) 1)) +(FORALL (i_7_0) +(IMPLIES (EQ i_7_0 result3) +(< (- (+ (offset_max Object_t_7_9_alloc_table t_7) 1) (integer_of_int32 + i_7_0)) (- (+ (offset_max + Object_t_7_9_alloc_table t_7) 1) + (integer_of_int32 + i_7)))))))))))))))))))))))))))) + +;; Muller_m_safety_po_14, File "HOME/tests/java/Muller.java", line 86, characters 11-25 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) (>= (integer_of_int32 count) 0))))))))))))))))) + +;; Muller_m_safety_po_15, File "HOME/tests/java/Muller.java", line 96, characters 9-13 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) -(FORALL (intM_intP_Muller_m_9) -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) +(FORALL (i_8) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_16, File "HOME/tests/java/Muller.java", line 96, characters 9-13 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (> result2 0) -(FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) -(FORALL (count2) -(IMPLIES (EQ count2 (+ count1 1)) -(FORALL (intM_intP_Muller_m_9_0) -(IMPLIES (EQ intM_intP_Muller_m_9_0 - (|why__store| intM_intP_Muller_m_9 (shift result0 count1) result3)) -(FORALL (i_5_0) -(IMPLIES (EQ i_5_0 (+ i_5 1)) -(EQ count2 (num_of_pos 0 (- i_5_0 1) t_4 intM_intP_t_4_7))))))))))))))))))))))))))))))))))))) - -;; Muller_m_ensures_default_po_26, File "HOME/tests/java/Muller.java", line 74, characters 8-14 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) +(FORALL (i_8) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7)))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_17, File "HOME/tests/java/Muller.jc", line 197, characters 47-55 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (<= result2 0) -(FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 i_5_0))))))))))))))))))))))))))))) - -;; Muller_m_ensures_default_po_27, File "HOME/tests/java/Muller.java", line 74, characters 18-31 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) +(FORALL (i_8) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count1) 1))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_18, File "HOME/tests/java/Muller.jc", line 197, characters 47-55 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (<= result2 0) -(FORALL (i_5_0) -(IMPLIES (EQ i_5_0 (+ i_5 1)) -(<= i_5_0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))))))))))))))))))))))))))))) - -;; Muller_m_ensures_default_po_28, File "HOME/tests/java/Muller.java", line 75, characters 8-18 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) +(FORALL (i_8) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(<= (+ (integer_of_int32 count1) 1) constant_too_large_2147483647)))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_19, File "HOME/tests/java/Muller.java", line 96, characters 19-36 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (<= result2 0) -(FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 count1))))))))))))))))))))))))))))) - -;; Muller_m_ensures_default_po_29, File "HOME/tests/java/Muller.java", line 75, characters 22-32 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) +(FORALL (i_8) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count1) 1)) + (<= (+ (integer_of_int32 count1) 1) constant_too_large_2147483647)) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(<= (offset_min Object_Muller_m_11_alloc_table0 result2) (integer_of_int32 + count1)))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_20, File "HOME/tests/java/Muller.java", line 96, characters 19-36 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (<= result2 0) -(FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= count1 i_5_0))))))))))))))))))))))))))))) - -;; Muller_m_ensures_default_po_30, File "HOME/tests/java/Muller.java", line 76, characters 8-36 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(FORALL (result1) -(IMPLIES (AND (<= result1 constant_too_large_2147483647) - (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (<= result2 0) -(FORALL (i_5_0) -(IMPLIES (EQ i_5_0 (+ i_5 1)) -(EQ count1 (num_of_pos 0 (- i_5_0 1) t_4 intM_intP_t_4_7)))))))))))))))))))))))))))))) - -;; Muller_m_safety_po_1, File "why/Muller.why", line 836, characters 35-173 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)))))))))) - -;; Muller_m_safety_po_2, File "HOME/tests/java/Muller.java", line 68, characters 39-43 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) (<= (offset_min Object_t_4_7_alloc_table t_4) i_4))))))))))))) - -;; Muller_m_safety_po_3, File "HOME/tests/java/Muller.java", line 68, characters 39-43 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) (<= i_4 (offset_max Object_t_4_7_alloc_table t_4)))))))))))))) - -;; Muller_m_safety_po_4, File "HOME/tests/java/Muller.java", line 66, characters 18-30 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_4) - (<= i_4 (offset_max Object_t_4_7_alloc_table t_4))) -(FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (> result0 0) -(FORALL (count0) -(IMPLIES (EQ count0 (+ count 1)) -(FORALL (i_4_0) -(IMPLIES (EQ i_4_0 (+ i_4 1)) -(<= 0 (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_4)))))))))))))))))))))) - -;; Muller_m_safety_po_5, File "HOME/tests/java/Muller.java", line 66, characters 18-30 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_4) - (<= i_4 (offset_max Object_t_4_7_alloc_table t_4))) -(FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (> result0 0) -(FORALL (count0) -(IMPLIES (EQ count0 (+ count 1)) -(FORALL (i_4_0) -(IMPLIES (EQ i_4_0 (+ i_4 1)) -(< (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_4_0) (- (+ (offset_max - Object_t_4_7_alloc_table t_4) 1) i_4)))))))))))))))))))))) - -;; Muller_m_safety_po_6, File "HOME/tests/java/Muller.java", line 66, characters 18-30 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_4) - (<= i_4 (offset_max Object_t_4_7_alloc_table t_4))) -(FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (<= result0 0) -(FORALL (i_4_0) -(IMPLIES (EQ i_4_0 (+ i_4 1)) -(<= 0 (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_4)))))))))))))))))))) - -;; Muller_m_safety_po_7, File "HOME/tests/java/Muller.java", line 66, characters 18-30 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_4) - (<= i_4 (offset_max Object_t_4_7_alloc_table t_4))) -(FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) -(IMPLIES (<= result0 0) -(FORALL (i_4_0) -(IMPLIES (EQ i_4_0 (+ i_4 1)) -(< (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_4_0) (- (+ (offset_max - Object_t_4_7_alloc_table t_4) 1) i_4)))))))))))))))))))) - -;; Muller_m_safety_po_8, File "HOME/tests/java/Muller.java", line 70, characters 11-25 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) (>= count 0))))))))))))) - -;; Muller_m_safety_po_9, File "HOME/tests/java/Muller.java", line 80, characters 9-13 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(IMPLIES (>= count 0) +(FORALL (i_8) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count1) 1)) + (<= (+ (integer_of_int32 count1) 1) constant_too_large_2147483647)) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(<= (integer_of_int32 count1) (offset_max + Object_Muller_m_11_alloc_table0 result2)))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_21, File "HOME/tests/java/Muller.jc", line 195, characters 30-36 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) (FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result1) +(IMPLIES (AND (<= result1 constant_too_large_2147483647) + (AND (>= result1 0) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) +(FORALL (i_8) +(FORALL (intM_intP_Muller_m_11) (IMPLIES TRUE -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count1) 1)) + (<= (+ (integer_of_int32 count1) 1) constant_too_large_2147483647)) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(IMPLIES (AND + (<= (offset_min Object_Muller_m_11_alloc_table0 result2) (integer_of_int32 + count1)) + (<= (integer_of_int32 count1) (offset_max + Object_Muller_m_11_alloc_table0 result2))) +(FORALL (intM_intP_Muller_m_11_0) +(IMPLIES (EQ intM_intP_Muller_m_11_0 + (|why__store| + intM_intP_Muller_m_11 (shift result2 (integer_of_int32 count1)) result7)) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_8) 1)))))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_22, File "HOME/tests/java/Muller.jc", line 195, characters 30-36 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) (<= (offset_min Object_t_4_7_alloc_table t_4) i_5))))))))))))))))))))))))))))) - -;; Muller_m_safety_po_10, File "HOME/tests/java/Muller.java", line 80, characters 9-13 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(IMPLIES (>= count 0) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) +(FORALL (i_8) +(FORALL (intM_intP_Muller_m_11) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count1) 1)) + (<= (+ (integer_of_int32 count1) 1) constant_too_large_2147483647)) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(IMPLIES (AND + (<= (offset_min Object_Muller_m_11_alloc_table0 result2) (integer_of_int32 + count1)) + (<= (integer_of_int32 count1) (offset_max + Object_Muller_m_11_alloc_table0 result2))) +(FORALL (intM_intP_Muller_m_11_0) +(IMPLIES (EQ intM_intP_Muller_m_11_0 + (|why__store| + intM_intP_Muller_m_11 (shift result2 (integer_of_int32 count1)) result7)) +(<= (+ (integer_of_int32 i_8) 1) constant_too_large_2147483647))))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_23, File "HOME/tests/java/Muller.java", line 93, characters 18-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) (IMPLIES TRUE -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) (<= i_5 (offset_max Object_t_4_7_alloc_table t_4)))))))))))))))))))))))))))))) - -;; Muller_m_safety_po_11, File "HOME/tests/java/Muller.java", line 80, characters 19-36 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(IMPLIES (>= count 0) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) +(FORALL (i_8) +(FORALL (intM_intP_Muller_m_11) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count1) 1)) + (<= (+ (integer_of_int32 count1) 1) constant_too_large_2147483647)) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(IMPLIES (AND + (<= (offset_min Object_Muller_m_11_alloc_table0 result2) (integer_of_int32 + count1)) + (<= (integer_of_int32 count1) (offset_max + Object_Muller_m_11_alloc_table0 result2))) +(FORALL (intM_intP_Muller_m_11_0) +(IMPLIES (EQ intM_intP_Muller_m_11_0 + (|why__store| + intM_intP_Muller_m_11 (shift result2 (integer_of_int32 count1)) result7)) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_8) 1)) + (<= (+ (integer_of_int32 i_8) 1) constant_too_large_2147483647)) +(FORALL (result9) +(IMPLIES (EQ (integer_of_int32 result9) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result9) +(<= 0 (- (+ (offset_max Object_t_7_9_alloc_table t_7) 1) (integer_of_int32 + i_8)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_24, File "HOME/tests/java/Muller.java", line 93, characters 18-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) (IMPLIES TRUE -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (> result2 0) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) -(FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) -(FORALL (count2) -(IMPLIES (EQ count2 (+ count1 1)) -(<= (offset_min Object_Muller_m_9_alloc_table0 result0) count1)))))))))))))))))))))))))))))))))))))) - -;; Muller_m_safety_po_12, File "HOME/tests/java/Muller.java", line 80, characters 19-36 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(IMPLIES (>= count 0) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) +(FORALL (i_8) +(FORALL (intM_intP_Muller_m_11) (IMPLIES TRUE -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (> (integer_of_int32 result6) 0) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result7) +(IMPLIES (EQ result7 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 count1) 1)) + (<= (+ (integer_of_int32 count1) 1) constant_too_large_2147483647)) +(FORALL (result8) +(IMPLIES (EQ (integer_of_int32 result8) (+ (integer_of_int32 count1) 1)) +(FORALL (count2) +(IMPLIES (EQ count2 result8) +(IMPLIES (AND + (<= (offset_min Object_Muller_m_11_alloc_table0 result2) (integer_of_int32 + count1)) + (<= (integer_of_int32 count1) (offset_max + Object_Muller_m_11_alloc_table0 result2))) +(FORALL (intM_intP_Muller_m_11_0) +(IMPLIES (EQ intM_intP_Muller_m_11_0 + (|why__store| + intM_intP_Muller_m_11 (shift result2 (integer_of_int32 count1)) result7)) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_8) 1)) + (<= (+ (integer_of_int32 i_8) 1) constant_too_large_2147483647)) +(FORALL (result9) +(IMPLIES (EQ (integer_of_int32 result9) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result9) +(< (- (+ (offset_max Object_t_7_9_alloc_table t_7) 1) (integer_of_int32 + i_8_0)) (- (+ (offset_max + Object_t_7_9_alloc_table t_7) 1) + (integer_of_int32 + i_8)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_25, File "HOME/tests/java/Muller.jc", line 195, characters 30-36 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (> result2 0) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) -(FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) -(FORALL (count2) -(IMPLIES (EQ count2 (+ count1 1)) -(<= count1 (offset_max Object_Muller_m_9_alloc_table0 result0))))))))))))))))))))))))))))))))))))))) - -;; Muller_m_safety_po_13, File "HOME/tests/java/Muller.java", line 77, characters 18-30 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(IMPLIES (>= count 0) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) -(FORALL (intM_intP_Muller_m_9) +(FORALL (i_8) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (<= (integer_of_int32 result6) 0) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_8) 1)))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_26, File "HOME/tests/java/Muller.jc", line 195, characters 30-36 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) (IMPLIES TRUE -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (> result2 0) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) -(FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) -(FORALL (count2) -(IMPLIES (EQ count2 (+ count1 1)) -(IMPLIES (AND (<= (offset_min Object_Muller_m_9_alloc_table0 result0) count1) - (<= count1 (offset_max Object_Muller_m_9_alloc_table0 result0))) -(FORALL (intM_intP_Muller_m_9_0) -(IMPLIES (EQ intM_intP_Muller_m_9_0 - (|why__store| intM_intP_Muller_m_9 (shift result0 count1) result3)) -(FORALL (i_5_0) -(IMPLIES (EQ i_5_0 (+ i_5 1)) -(<= 0 (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_5))))))))))))))))))))))))))))))))))))))))))))) - -;; Muller_m_safety_po_14, File "HOME/tests/java/Muller.java", line 77, characters 18-30 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(IMPLIES (>= count 0) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) -(FORALL (intM_intP_Muller_m_9) +(FORALL (i_8) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (<= (integer_of_int32 result6) 0) +(<= (+ (integer_of_int32 i_8) 1) constant_too_large_2147483647))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_27, File "HOME/tests/java/Muller.java", line 93, characters 18-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) (IMPLIES TRUE -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (> result2 0) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) -(FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) -(FORALL (count2) -(IMPLIES (EQ count2 (+ count1 1)) -(IMPLIES (AND (<= (offset_min Object_Muller_m_9_alloc_table0 result0) count1) - (<= count1 (offset_max Object_Muller_m_9_alloc_table0 result0))) -(FORALL (intM_intP_Muller_m_9_0) -(IMPLIES (EQ intM_intP_Muller_m_9_0 - (|why__store| intM_intP_Muller_m_9 (shift result0 count1) result3)) -(FORALL (i_5_0) -(IMPLIES (EQ i_5_0 (+ i_5 1)) -(< (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_5_0) (- (+ (offset_max - Object_t_4_7_alloc_table t_4) 1) i_5))))))))))))))))))))))))))))))))))))))))))))) - -;; Muller_m_safety_po_15, File "HOME/tests/java/Muller.java", line 77, characters 18-30 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(IMPLIES (>= count 0) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) +(FORALL (i_8) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (<= (integer_of_int32 result6) 0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_8) 1)) + (<= (+ (integer_of_int32 i_8) 1) constant_too_large_2147483647)) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result7) +(<= 0 (- (+ (offset_max Object_t_7_9_alloc_table t_7) 1) (integer_of_int32 + i_8)))))))))))))))))))))))))))))))))))))))))))))))) + +;; Muller_m_safety_po_28, File "HOME/tests/java/Muller.java", line 93, characters 18-30 +(FORALL (t_7) +(FORALL (Object_t_7_9_alloc_table) +(FORALL (intM_intP_t_7_9) +(FORALL (Object_Muller_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_7 0 Object_t_7_9_alloc_table) + (Non_null_intM t_7 Object_t_7_9_alloc_table)) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 0) +(FORALL (count) +(FORALL (i_7) (IMPLIES TRUE -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) +(IMPLIES (AND (<= 0 (integer_of_int32 i_7)) + (AND + (<= (integer_of_int32 i_7) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count)) + (AND (<= (integer_of_int32 count) (integer_of_int32 i_7)) + (EQ (integer_of_int32 count) + (num_of_pos 0 (integer_of_int32 i_7) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) -(FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (<= result2 0) -(FORALL (i_5_0) -(IMPLIES (EQ i_5_0 (+ i_5 1)) -(<= 0 (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_5)))))))))))))))))))))))))))))))))))) - -;; Muller_m_safety_po_16, File "HOME/tests/java/Muller.java", line 77, characters 18-30 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_Muller_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(FORALL (count) -(FORALL (i_4) -(IMPLIES TRUE -(IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count) - (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result) -(IMPLIES (AND (<= result constant_too_large_2147483647) - (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (>= i_4 result) -(IMPLIES (>= count 0) -(FORALL (result0) -(FORALL (Object_Muller_m_9_alloc_table0) -(FORALL (Object_Muller_m_9_tag_table) + (EQ result1 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (>= (integer_of_int32 i_7) result1) +(IMPLIES (>= (integer_of_int32 count) 0) +(FORALL (result2) +(FORALL (Object_Muller_m_11_alloc_table0) +(FORALL (Object_Muller_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_Muller_m_9_alloc_table0) + result2 0 (- (integer_of_int32 count) 1) Object_Muller_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_Muller_m_9_alloc_table Object_Muller_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_Muller_m_9_alloc_table result0 count) - (instanceof Object_Muller_m_9_tag_table result0 intM_tag)))) + Object_Muller_m_11_alloc_table Object_Muller_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh + Object_Muller_m_11_alloc_table result2 (integer_of_int32 count)) + (instanceof Object_Muller_m_11_tag_table result2 intM_tag)))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) 0) (FORALL (count0) -(IMPLIES (EQ count0 0) +(IMPLIES (EQ count0 result3) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) 0) (FORALL (count1) -(FORALL (i_5) +(FORALL (i_8) (IMPLIES TRUE -(IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) - (AND (<= 0 count1) - (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) -(FORALL (result1) -(IMPLIES (AND (<= result1 constant_too_large_2147483647) - (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) -(FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) -(IMPLIES (<= result2 0) -(FORALL (i_5_0) -(IMPLIES (EQ i_5_0 (+ i_5 1)) -(< (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_5_0) (- (+ (offset_max - Object_t_4_7_alloc_table t_4) 1) i_5)))))))))))))))))))))))))))))))))))) +(IMPLIES (AND (<= 0 (integer_of_int32 i_8)) + (AND + (<= (integer_of_int32 i_8) (+ (offset_max + Object_t_7_9_alloc_table t_7) 1)) + (AND (<= 0 (integer_of_int32 count1)) + (AND (<= (integer_of_int32 count1) (integer_of_int32 i_8)) + (EQ (integer_of_int32 count1) + (num_of_pos 0 (integer_of_int32 i_8) t_7 intM_intP_t_7_9)))))) +(IMPLIES (>= (offset_max Object_t_7_9_alloc_table t_7) (- 0 1)) +(FORALL (result5) +(IMPLIES (AND (<= result5 constant_too_large_2147483647) + (AND (>= result5 0) + (EQ result5 (+ (offset_max Object_t_7_9_alloc_table t_7) 1)))) +(IMPLIES (< (integer_of_int32 i_8) result5) +(IMPLIES (AND + (<= (offset_min Object_t_7_9_alloc_table t_7) (integer_of_int32 i_8)) + (<= (integer_of_int32 i_8) (offset_max Object_t_7_9_alloc_table t_7))) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP_t_7_9 (shift t_7 (integer_of_int32 i_8)))) +(IMPLIES (<= (integer_of_int32 result6) 0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_8) 1)) + (<= (+ (integer_of_int32 i_8) 1) constant_too_large_2147483647)) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 i_8) 1)) +(FORALL (i_8_0) +(IMPLIES (EQ i_8_0 result7) +(< (- (+ (offset_max Object_t_7_9_alloc_table t_7) 1) (integer_of_int32 + i_8_0)) (- (+ (offset_max + Object_t_7_9_alloc_table t_7) 1) + (integer_of_int32 + i_8)))))))))))))))))))))))))))))))))))))))))))))))) ========== running Simplify ========== Running Simplify on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -simplify/Muller_why.sx : ?.............................................. (46/0/1/0/0) -total : 47 -valid : 46 ( 98%) +simplify/Muller_why.sx : ????.......................................................... (58/0/4/0/0) +total : 62 +valid : 58 ( 94%) invalid : 0 ( 0%) -unknown : 1 ( 2%) +unknown : 4 ( 6%) timeout : 0 ( 0%) failure : 0 ( 0%) ========== generation of alt-ergo VC output ========== @@ -9313,8 +12664,18 @@ type Object +type byte + +type char + +type int32 + type interface +type long + +type short + logic Exception_tag : Object tag_id logic Object_tag : Object tag_id @@ -9327,7 +12688,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_x_2_alloc_table: Object alloc_table) = - (offset_max(Object_x_2_alloc_table, x_1) = 0) + (offset_max(Object_x_2_alloc_table, x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_x_1_alloc_table: Object alloc_table) = @@ -9356,6 +12717,77 @@ axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + logic intM_tag : Object tag_id axiom intM_parenttag_Object: parenttag(intM_tag, Object_tag) @@ -9405,65 +12837,23 @@ interface_alloc_table: interface alloc_table) = (offset_min(interface_alloc_table, p) <= a) -logic num_of_pos : int, int, Object pointer, (Object, int) memory -> int - -axiom num_of_pos_empty: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_0:int. - (forall j_0:int. - (forall t_0:Object pointer. - ((i_0 > j_0) -> (num_of_pos(i_0, j_0, t_0, intM_intP_t_6_at_L) = 0)))))) - -axiom num_of_pos_false_case: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_2:int. - (forall j_2:int. - (forall k_0:int. - (forall t_2:Object pointer. - (((i_2 <= j_2) and (not (select(intM_intP_t_6_at_L, shift(t_2, - j_2)) > 0))) -> - (num_of_pos(i_2, j_2, t_2, intM_intP_t_6_at_L) = num_of_pos(i_2, - (j_2 - 1), t_2, intM_intP_t_6_at_L)))))))) +logic long_of_integer : int -> long -goal num_of_pos_strictly_increasing: - (forall intM_intP_t_3_16_at_L:(Object, int) memory. - (forall i_3:int. - (forall j_3:int. - (forall k_1:int. - (forall l:int. - (forall t_3:Object pointer. - (((j_3 < k_1) and - ((k_1 <= l) and (select(intM_intP_t_3_16_at_L, shift(t_3, - k_1)) > 0))) -> - (num_of_pos(i_3, j_3, t_3, - intM_intP_t_3_16_at_L) < num_of_pos(i_3, l, t_3, - intM_intP_t_3_16_at_L))))))))) +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) -axiom num_of_pos_strictly_increasing_as_axiom: - (forall intM_intP_t_3_16_at_L:(Object, int) memory. - (forall i_3:int. - (forall j_3:int. - (forall k_1:int. - (forall l:int. - (forall t_3:Object pointer. - (((j_3 < k_1) and - ((k_1 <= l) and (select(intM_intP_t_3_16_at_L, shift(t_3, - k_1)) > 0))) -> - (num_of_pos(i_3, j_3, t_3, - intM_intP_t_3_16_at_L) < num_of_pos(i_3, l, t_3, - intM_intP_t_3_16_at_L))))))))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) -axiom num_of_pos_true_case: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_1:int. - (forall j_1:int. - (forall k:int. - (forall t_1:Object pointer. - (((i_1 <= j_1) and (select(intM_intP_t_6_at_L, shift(t_1, - j_1)) > 0)) -> - (num_of_pos(i_1, j_1, t_1, - intM_intP_t_6_at_L) = (num_of_pos(i_1, (j_1 - 1), t_1, - intM_intP_t_6_at_L) + 1)))))))) +logic num_of_pos : int, int, Object pointer, (Object, int32) memory -> int axiom pointer_addr_of_Object_of_pointer_address: (forall p:unit pointer. @@ -9501,6 +12891,22 @@ interface_alloc_table: interface alloc_table) = (offset_max(interface_alloc_table, p) >= b) +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) = a) and @@ -9541,36 +12947,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Muller(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -9611,1867 +12987,3241 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +axiom num_of_pos_false_case: + (forall intM_intP_t_8_at_L:(Object, int32) memory. + (forall i_2:int. + (forall j_2:int. + (forall k_0:int. + (forall t_2:Object pointer. + (((i_2 < j_2) and + (not (integer_of_int32(select(intM_intP_t_8_at_L, shift(t_2, + (j_2 - 1)))) > 0))) -> + (num_of_pos(i_2, j_2, t_2, intM_intP_t_8_at_L) = num_of_pos(i_2, + (j_2 - 1), t_2, intM_intP_t_8_at_L)))))))) + +axiom num_of_pos_true_case: + (forall intM_intP_t_8_at_L:(Object, int32) memory. + (forall i_1:int. + (forall j_1:int. + (forall k:int. + (forall t_1:Object pointer. + (((i_1 < j_1) and (integer_of_int32(select(intM_intP_t_8_at_L, + shift(t_1, (j_1 - 1)))) > 0)) -> + (num_of_pos(i_1, j_1, t_1, + intM_intP_t_8_at_L) = (num_of_pos(i_1, (j_1 - 1), t_1, + intM_intP_t_8_at_L) + 1)))))))) + +axiom num_of_pos_empty: + (forall intM_intP_t_8_at_L:(Object, int32) memory. + (forall i_0:int. + (forall j_0:int. + (forall t_0:Object pointer. + ((i_0 >= j_0) -> (num_of_pos(i_0, j_0, t_0, + intM_intP_t_8_at_L) = 0)))))) + +goal num_of_pos_non_negative: + (forall intM_intP_t_3_18_at_L:(Object, int32) memory. + (forall i_3:int. + (forall j_3:int. + (forall t_3:Object pointer. (0 <= num_of_pos(i_3, j_3, t_3, + intM_intP_t_3_18_at_L)))))) + +axiom num_of_pos_non_negative_as_axiom: + (forall intM_intP_t_3_18_at_L:(Object, int32) memory. + (forall i_3:int. + (forall j_3:int. + (forall t_3:Object pointer. (0 <= num_of_pos(i_3, j_3, t_3, + intM_intP_t_3_18_at_L)))))) + +goal num_of_pos_additive: + (forall intM_intP_t_4_19_at_L:(Object, int32) memory. + (forall i_4:int. + (forall j_4:int. + (forall k_1:int. + (forall t_4:Object pointer. + (((i_4 <= j_4) and (j_4 <= k_1)) -> (num_of_pos(i_4, k_1, t_4, + intM_intP_t_4_19_at_L) = (num_of_pos(i_4, j_4, t_4, + intM_intP_t_4_19_at_L) + num_of_pos(j_4, k_1, t_4, + intM_intP_t_4_19_at_L))))))))) + +axiom num_of_pos_additive_as_axiom: + (forall intM_intP_t_4_19_at_L:(Object, int32) memory. + (forall i_4:int. + (forall j_4:int. + (forall k_1:int. + (forall t_4:Object pointer. + (((i_4 <= j_4) and (j_4 <= k_1)) -> (num_of_pos(i_4, k_1, t_4, + intM_intP_t_4_19_at_L) = (num_of_pos(i_4, j_4, t_4, + intM_intP_t_4_19_at_L) + num_of_pos(j_4, k_1, t_4, + intM_intP_t_4_19_at_L))))))))) + +goal num_of_pos_increasing: + (forall intM_intP_t_5_20_at_L:(Object, int32) memory. + (forall i_5:int. + (forall j_5:int. + (forall k_2:int. + (forall t_5:Object pointer. + ((j_5 <= k_2) -> (num_of_pos(i_5, j_5, t_5, + intM_intP_t_5_20_at_L) <= num_of_pos(i_5, k_2, t_5, + intM_intP_t_5_20_at_L)))))))) + +axiom num_of_pos_increasing_as_axiom: + (forall intM_intP_t_5_20_at_L:(Object, int32) memory. + (forall i_5:int. + (forall j_5:int. + (forall k_2:int. + (forall t_5:Object pointer. + ((j_5 <= k_2) -> (num_of_pos(i_5, j_5, t_5, + intM_intP_t_5_20_at_L) <= num_of_pos(i_5, k_2, t_5, + intM_intP_t_5_20_at_L)))))))) + +goal num_of_pos_strictly_increasing: + (forall intM_intP_t_6_21_at_L:(Object, int32) memory. + (forall i_6:int. + (forall n:int. + (forall t_6:Object pointer. + (((0 <= i_6) and + ((i_6 < n) and (integer_of_int32(select(intM_intP_t_6_21_at_L, + shift(t_6, i_6))) > 0))) -> + (num_of_pos(0, i_6, t_6, intM_intP_t_6_21_at_L) < num_of_pos(0, n, + t_6, intM_intP_t_6_21_at_L))))))) + +axiom num_of_pos_strictly_increasing_as_axiom: + (forall intM_intP_t_6_21_at_L:(Object, int32) memory. + (forall i_6:int. + (forall n:int. + (forall t_6:Object pointer. + (((0 <= i_6) and + ((i_6 < n) and (integer_of_int32(select(intM_intP_t_6_21_at_L, + shift(t_6, i_6))) > 0))) -> + (num_of_pos(0, i_6, t_6, intM_intP_t_6_21_at_L) < num_of_pos(0, n, + t_6, intM_intP_t_6_21_at_L))))))) + goal Muller_m_ensures_default_po_1: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= 0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + ("JC_85": ("JC_80": (0 <= integer_of_int32(result0)))) goal Muller_m_ensures_default_po_2: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": - ("JC_69": - ("JC_69": (0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + ("JC_85": + ("JC_81": + (integer_of_int32(result0) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) goal Muller_m_ensures_default_po_3: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= 0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + ("JC_85": ("JC_82": (0 <= integer_of_int32(result)))) goal Muller_m_ensures_default_po_4: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_71": ("JC_71": (0 <= 0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + ("JC_85": + ("JC_83": (integer_of_int32(result) <= integer_of_int32(result0)))) goal Muller_m_ensures_default_po_5: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": - ("JC_72": ("JC_72": (0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_7))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + ("JC_85": + ("JC_84": (integer_of_int32(result) = num_of_pos(0, + integer_of_int32(result0), t_7, intM_intP_t_7_9)))) goal Muller_m_ensures_default_po_6: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= i_4_0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + ("JC_85": ("JC_80": (0 <= integer_of_int32(i_7_0)))) goal Muller_m_ensures_default_po_7: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_69": - ("JC_69": (i_4_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + ("JC_85": + ("JC_81": (integer_of_int32(i_7_0) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) goal Muller_m_ensures_default_po_8: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= count0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + ("JC_85": ("JC_82": (0 <= integer_of_int32(count0)))) goal Muller_m_ensures_default_po_9: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_71": ("JC_71": (count0 <= i_4_0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + ("JC_85": ("JC_83": (integer_of_int32(count0) <= integer_of_int32(i_7_0)))) goal Muller_m_ensures_default_po_10: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_72": - ("JC_72": (count0 = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_7))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + ("JC_85": + ("JC_84": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(i_7_0), t_7, intM_intP_t_7_9)))) goal Muller_m_ensures_default_po_11: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= i_4_0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + ("JC_85": ("JC_80": (0 <= integer_of_int32(i_7_0)))) goal Muller_m_ensures_default_po_12: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_69": - ("JC_69": (i_4_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + ("JC_85": + ("JC_81": (integer_of_int32(i_7_0) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) goal Muller_m_ensures_default_po_13: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= count)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + ("JC_85": ("JC_82": (0 <= integer_of_int32(count)))) goal Muller_m_ensures_default_po_14: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_71": ("JC_71": (count <= i_4_0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + ("JC_85": ("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7_0)))) goal Muller_m_ensures_default_po_15: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_72": - ("JC_72": (count = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_7))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + ("JC_85": + ("JC_84": (integer_of_int32(count) = num_of_pos(0, integer_of_int32(i_7_0), + t_7, intM_intP_t_7_9)))) goal Muller_m_ensures_default_po_16: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= 0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + ("JC_96": ("JC_91": (0 <= integer_of_int32(result4)))) goal Muller_m_ensures_default_po_17: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - ("JC_84": - ("JC_80": - ("JC_80": (0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + ("JC_96": + ("JC_92": + (integer_of_int32(result4) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) goal Muller_m_ensures_default_po_18: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + ("JC_96": ("JC_93": (0 <= integer_of_int32(count0)))) goal Muller_m_ensures_default_po_19: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - ("JC_84": ("JC_82": ("JC_82": (count0 <= 0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + ("JC_96": + ("JC_94": (integer_of_int32(count0) <= integer_of_int32(result4)))) goal Muller_m_ensures_default_po_20: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - ("JC_84": - ("JC_83": - ("JC_83": (count0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_7))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + ("JC_96": + ("JC_95": (integer_of_int32(count0) = num_of_pos(0, + integer_of_int32(result4), t_7, intM_intP_t_7_9)))) goal Muller_m_ensures_default_po_21: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= i_5_0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + ("JC_96": ("JC_91": (0 <= integer_of_int32(i_8_0)))) goal Muller_m_ensures_default_po_22: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_80": - ("JC_80": (i_5_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + ("JC_96": + ("JC_92": (integer_of_int32(i_8_0) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) goal Muller_m_ensures_default_po_23: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count2)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + ("JC_96": ("JC_93": (0 <= integer_of_int32(count2)))) goal Muller_m_ensures_default_po_24: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_82": ("JC_82": (count2 <= i_5_0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + ("JC_96": ("JC_94": (integer_of_int32(count2) <= integer_of_int32(i_8_0)))) goal Muller_m_ensures_default_po_25: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_83": - ("JC_83": (count2 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_7))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + ("JC_96": + ("JC_95": (integer_of_int32(count2) = num_of_pos(0, + integer_of_int32(i_8_0), t_7, intM_intP_t_7_9)))) goal Muller_m_ensures_default_po_26: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= i_5_0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + ("JC_96": ("JC_91": (0 <= integer_of_int32(i_8_0)))) goal Muller_m_ensures_default_po_27: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_80": - ("JC_80": (i_5_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + ("JC_96": + ("JC_92": (integer_of_int32(i_8_0) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1)))) goal Muller_m_ensures_default_po_28: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count1)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + ("JC_96": ("JC_93": (0 <= integer_of_int32(count1)))) goal Muller_m_ensures_default_po_29: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_82": ("JC_82": (count1 <= i_5_0)))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + ("JC_96": ("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8_0)))) goal Muller_m_ensures_default_po_30: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_83": - ("JC_83": (count1 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_7))))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_85": + (("JC_80": (0 <= integer_of_int32(i_7))) and + (("JC_81": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_82": (0 <= integer_of_int32(count))) and + (("JC_83": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_84": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_96": + (("JC_91": (0 <= integer_of_int32(i_8))) and + (("JC_92": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_93": (0 <= integer_of_int32(count1))) and + (("JC_94": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + ("JC_96": + ("JC_95": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8_0), t_7, intM_intP_t_7_9)))) goal Muller_m_safety_po_1: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) goal Muller_m_safety_po_2: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - (offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + (offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) goal Muller_m_safety_po_3: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4)) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7)) goal Muller_m_safety_po_4: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - (0 <= ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + ((-2147483648) <= (integer_of_int32(count) + 1)) goal Muller_m_safety_po_5: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 > 0) -> - forall count0:int. - (count0 = (count + 1)) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - (("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4_0)) < - ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + ((integer_of_int32(count) + 1) <= 2147483647) goal Muller_m_safety_po_6: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - (0 <= ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + (((-2147483648) <= (integer_of_int32(count) + 1)) and + ((integer_of_int32(count) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + ((-2147483648) <= (integer_of_int32(i_7) + 1)) goal Muller_m_safety_po_7: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> - (result0 <= 0) -> - forall i_4_0:int. - (i_4_0 = (i_4 + 1)) -> - (("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4_0)) < - ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + (((-2147483648) <= (integer_of_int32(count) + 1)) and + ((integer_of_int32(count) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + ((integer_of_int32(i_7) + 1) <= 2147483647) goal Muller_m_safety_po_8: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + (((-2147483648) <= (integer_of_int32(count) + 1)) and + ((integer_of_int32(count) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + (((-2147483648) <= (integer_of_int32(i_7) + 1)) and + ((integer_of_int32(i_7) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + (0 <= ("JC_61": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7)))) goal Muller_m_safety_po_9: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - (offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) > 0) -> + (((-2147483648) <= (integer_of_int32(count) + 1)) and + ((integer_of_int32(count) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(count) + 1)) -> + forall count0:int32. + (count0 = result3) -> + (((-2147483648) <= (integer_of_int32(i_7) + 1)) and + ((integer_of_int32(i_7) + 1) <= 2147483647)) -> + forall result4:int32. + (integer_of_int32(result4) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result4) -> + (("JC_61": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7_0))) < ("JC_61": + ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7)))) goal Muller_m_safety_po_10: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4)) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + ((-2147483648) <= (integer_of_int32(i_7) + 1)) goal Muller_m_safety_po_11: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - (offset_min(Object_Muller_m_9_alloc_table0, result0) <= count1) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + ((integer_of_int32(i_7) + 1) <= 2147483647) goal Muller_m_safety_po_12: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - (count1 <= offset_max(Object_Muller_m_9_alloc_table0, result0)) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_7) + 1)) and + ((integer_of_int32(i_7) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + (0 <= ("JC_61": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7)))) goal Muller_m_safety_po_13: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - ((offset_min(Object_Muller_m_9_alloc_table0, result0) <= count1) and - (count1 <= offset_max(Object_Muller_m_9_alloc_table0, result0))) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) < result1) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_7)) and + (integer_of_int32(i_7) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result2:int32. + (result2 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_7)))) -> + (integer_of_int32(result2) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_7) + 1)) and + ((integer_of_int32(i_7) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_7) + 1)) -> + forall i_7_0:int32. + (i_7_0 = result3) -> + (("JC_61": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7_0))) < ("JC_61": + ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_7)))) goal Muller_m_safety_po_14: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - forall intM_intP_Muller_m_9:(Object, - int) memory. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - forall count2:int. - (count2 = (count1 + 1)) -> - ((offset_min(Object_Muller_m_9_alloc_table0, result0) <= count1) and - (count1 <= offset_max(Object_Muller_m_9_alloc_table0, result0))) -> - forall intM_intP_Muller_m_9_0:(Object, - int) memory. - (intM_intP_Muller_m_9_0 = store(intM_intP_Muller_m_9, shift(result0, - count1), result3)) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - (("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5_0)) < - ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) goal Muller_m_safety_po_15: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + (offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) goal Muller_m_safety_po_16: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, - int) memory. - forall Object_Muller_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_4 >= result) -> - (count >= 0) -> - forall result0:Object pointer. - forall Object_Muller_m_9_alloc_table0:Object alloc_table. - forall Object_Muller_m_9_tag_table:Object tag_table. - (strict_valid_struct_intM(result0, 0, (count - 1), - Object_Muller_m_9_alloc_table0) and - (alloc_extends(Object_Muller_m_9_alloc_table, - Object_Muller_m_9_alloc_table0) and - (alloc_fresh(Object_Muller_m_9_alloc_table, result0, count) and - instanceof(Object_Muller_m_9_tag_table, result0, intM_tag)))) -> - forall count0:int. - (count0 = 0) -> - forall count1:int. - forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> - forall result1:int. - ("JC_17": - ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, - t_4) + 1))))) -> - (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> - forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> - (result2 <= 0) -> - forall i_5_0:int. - (i_5_0 = (i_5 + 1)) -> - (("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5_0)) < - ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7)) + +goal Muller_m_safety_po_17: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + ((-2147483648) <= (integer_of_int32(count1) + 1)) + +goal Muller_m_safety_po_18: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + ((integer_of_int32(count1) + 1) <= 2147483647) + +goal Muller_m_safety_po_19: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + (offset_min(Object_Muller_m_11_alloc_table0, + result2) <= integer_of_int32(count1)) + +goal Muller_m_safety_po_20: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + (integer_of_int32(count1) <= offset_max(Object_Muller_m_11_alloc_table0, + result2)) + +goal Muller_m_safety_po_21: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + ((offset_min(Object_Muller_m_11_alloc_table0, + result2) <= integer_of_int32(count1)) and + (integer_of_int32(count1) <= offset_max(Object_Muller_m_11_alloc_table0, + result2))) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + ((-2147483648) <= (integer_of_int32(i_8) + 1)) + +goal Muller_m_safety_po_22: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + ((offset_min(Object_Muller_m_11_alloc_table0, + result2) <= integer_of_int32(count1)) and + (integer_of_int32(count1) <= offset_max(Object_Muller_m_11_alloc_table0, + result2))) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + ((integer_of_int32(i_8) + 1) <= 2147483647) + +goal Muller_m_safety_po_23: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + ((offset_min(Object_Muller_m_11_alloc_table0, + result2) <= integer_of_int32(count1)) and + (integer_of_int32(count1) <= offset_max(Object_Muller_m_11_alloc_table0, + result2))) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + (((-2147483648) <= (integer_of_int32(i_8) + 1)) and + ((integer_of_int32(i_8) + 1) <= 2147483647)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + (0 <= ("JC_79": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8)))) + +goal Muller_m_safety_po_24: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + forall intM_intP_Muller_m_11:(Object, + int32) memory. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) > 0) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result7:int32. + (result7 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (((-2147483648) <= (integer_of_int32(count1) + 1)) and + ((integer_of_int32(count1) + 1) <= 2147483647)) -> + forall result8:int32. + (integer_of_int32(result8) = (integer_of_int32(count1) + 1)) -> + forall count2:int32. + (count2 = result8) -> + ((offset_min(Object_Muller_m_11_alloc_table0, + result2) <= integer_of_int32(count1)) and + (integer_of_int32(count1) <= offset_max(Object_Muller_m_11_alloc_table0, + result2))) -> + forall intM_intP_Muller_m_11_0:(Object, + int32) memory. + (intM_intP_Muller_m_11_0 = store(intM_intP_Muller_m_11, shift(result2, + integer_of_int32(count1)), result7)) -> + (((-2147483648) <= (integer_of_int32(i_8) + 1)) and + ((integer_of_int32(i_8) + 1) <= 2147483647)) -> + forall result9:int32. + (integer_of_int32(result9) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result9) -> + (("JC_79": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8_0))) < ("JC_79": + ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8)))) + +goal Muller_m_safety_po_25: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + ((-2147483648) <= (integer_of_int32(i_8) + 1)) + +goal Muller_m_safety_po_26: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + ((integer_of_int32(i_8) + 1) <= 2147483647) + +goal Muller_m_safety_po_27: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_8) + 1)) and + ((integer_of_int32(i_8) + 1) <= 2147483647)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + (0 <= ("JC_79": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8)))) + +goal Muller_m_safety_po_28: + forall t_7:Object pointer. + forall Object_t_7_9_alloc_table:Object alloc_table. + forall intM_intP_t_7_9:(Object, + int32) memory. + forall Object_Muller_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_7, 0, Object_t_7_9_alloc_table) and + ("JC_41": Non_null_intM(t_7, Object_t_7_9_alloc_table))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall result0:int32. + (integer_of_int32(result0) = 0) -> + forall count:int32. + forall i_7:int32. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= integer_of_int32(i_7))) and + (("JC_48": (integer_of_int32(i_7) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_49": (0 <= integer_of_int32(count))) and + (("JC_50": (integer_of_int32(count) <= integer_of_int32(i_7))) and + ("JC_51": (integer_of_int32(count) = num_of_pos(0, + integer_of_int32(i_7), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result1:int. + ("JC_25": + ((result1 <= 2147483647) and + ((result1 >= 0) and (result1 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_7) >= result1) -> + (integer_of_int32(count) >= 0) -> + forall result2:Object pointer. + forall Object_Muller_m_11_alloc_table0:Object alloc_table. + forall Object_Muller_m_11_tag_table:Object tag_table. + (strict_valid_struct_intM(result2, 0, (integer_of_int32(count) - 1), + Object_Muller_m_11_alloc_table0) and + (alloc_extends(Object_Muller_m_11_alloc_table, + Object_Muller_m_11_alloc_table0) and + (alloc_fresh(Object_Muller_m_11_alloc_table, result2, + integer_of_int32(count)) and instanceof(Object_Muller_m_11_tag_table, + result2, intM_tag)))) -> + forall result3:int32. + (integer_of_int32(result3) = 0) -> + forall count0:int32. + (count0 = result3) -> + forall result4:int32. + (integer_of_int32(result4) = 0) -> + forall count1:int32. + forall i_8:int32. + ("JC_70": true) -> + ("JC_68": + (("JC_63": (0 <= integer_of_int32(i_8))) and + (("JC_64": (integer_of_int32(i_8) <= (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))) and + (("JC_65": (0 <= integer_of_int32(count1))) and + (("JC_66": (integer_of_int32(count1) <= integer_of_int32(i_8))) and + ("JC_67": (integer_of_int32(count1) = num_of_pos(0, + integer_of_int32(i_8), t_7, intM_intP_t_7_9)))))))) -> + (offset_max(Object_t_7_9_alloc_table, t_7) >= (-1)) -> + forall result5:int. + ("JC_25": + ((result5 <= 2147483647) and + ((result5 >= 0) and (result5 = (offset_max(Object_t_7_9_alloc_table, + t_7) + 1))))) -> + (integer_of_int32(i_8) < result5) -> + ((offset_min(Object_t_7_9_alloc_table, t_7) <= integer_of_int32(i_8)) and + (integer_of_int32(i_8) <= offset_max(Object_t_7_9_alloc_table, t_7))) -> + forall result6:int32. + (result6 = select(intM_intP_t_7_9, shift(t_7, integer_of_int32(i_8)))) -> + (integer_of_int32(result6) <= 0) -> + (((-2147483648) <= (integer_of_int32(i_8) + 1)) and + ((integer_of_int32(i_8) + 1) <= 2147483647)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(i_8) + 1)) -> + forall i_8_0:int32. + (i_8_0 = result7) -> + (("JC_79": ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8_0))) < ("JC_79": + ((offset_max(Object_t_7_9_alloc_table, + t_7) + 1) - integer_of_int32(i_8)))) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/Muller_why.why : ?.............................................. (46/0/1/0/0) -total : 47 -valid : 46 ( 98%) +why/Muller_why.why : ?#?#.......................................................... (58/0/2/2/0) +total : 62 +valid : 58 ( 94%) invalid : 0 ( 0%) -unknown : 1 ( 2%) -timeout : 0 ( 0%) +unknown : 2 ( 3%) +timeout : 2 ( 3%) failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/MullerTheory.res.oracle why-2.30+dfsg/tests/java/oracle/MullerTheory.res.oracle --- why-2.29+dfsg/tests/java/oracle/MullerTheory.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/MullerTheory.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,35 @@ ========== file tests/java/MullerTheory.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + /* File Muller.java */ //@+ CheckArithOverflow = no @@ -63,7 +94,10 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -241,245 +275,266 @@ ========== file tests/java/MullerTheory.jloc ========== [K_10] file = "HOME/tests/java/MullerTheory.java" -line = 22 +line = 53 begin = 8 end = 54 [K_11] file = "HOME/tests/java/MullerTheory.java" -line = 22 +line = 53 begin = 8 end = 95 [K_12] file = "HOME/tests/java/MullerTheory.java" -line = 25 +line = 56 begin = 18 end = 30 [K_13] file = "HOME/tests/java/MullerTheory.java" -line = 27 +line = 58 begin = 49 end = 56 [K_14] file = "HOME/tests/java/MullerTheory.java" -line = 27 +line = 58 begin = 39 end = 43 [K_15] file = "HOME/tests/java/MullerTheory.java" -line = 27 +line = 58 begin = 39 end = 47 [K_16] file = "HOME/tests/java/MullerTheory.java" -line = 27 +line = 58 begin = 30 end = 33 [K_17] file = "HOME/tests/java/MullerTheory.java" -line = 27 +line = 58 begin = 20 end = 28 [K_18] file = "HOME/tests/java/MullerTheory.java" -line = 27 +line = 58 begin = 16 end = 28 [K_19] file = "HOME/tests/java/MullerTheory.java" -line = 38 +line = 69 begin = 12 end = 13 [K_20] file = "HOME/tests/java/MullerTheory.java" -line = 35 +line = 66 begin = 8 end = 36 [K_21] file = "HOME/tests/java/MullerTheory.java" -line = 34 +line = 65 begin = 13 end = 23 [K_22] file = "HOME/tests/java/MullerTheory.java" -line = 34 +line = 65 begin = 8 end = 18 [K_23] file = "HOME/tests/java/MullerTheory.java" -line = 34 +line = 65 begin = 8 end = 23 [K_24] file = "HOME/tests/java/MullerTheory.java" -line = 33 +line = 64 begin = 13 end = 26 [K_1] file = "HOME/tests/java/MullerTheory.java" -line = 16 +line = 47 begin = 17 end = 24 [K_25] file = "HOME/tests/java/MullerTheory.java" -line = 33 +line = 64 begin = 8 end = 14 [K_2] file = "HOME/tests/java/MullerTheory.java" -line = 27 +line = 58 begin = 12 end = 13 [K_26] file = "HOME/tests/java/MullerTheory.java" -line = 33 +line = 64 begin = 8 end = 26 [K_3] file = "HOME/tests/java/MullerTheory.java" -line = 24 +line = 55 begin = 8 end = 36 [K_27] file = "HOME/tests/java/MullerTheory.java" -line = 33 +line = 64 begin = 8 end = 54 [K_4] file = "HOME/tests/java/MullerTheory.java" -line = 23 +line = 54 begin = 13 end = 23 [K_28] file = "HOME/tests/java/MullerTheory.java" -line = 33 +line = 64 begin = 8 end = 95 [K_5] file = "HOME/tests/java/MullerTheory.java" -line = 23 +line = 54 begin = 8 end = 18 [K_29] file = "HOME/tests/java/MullerTheory.java" -line = 36 +line = 67 begin = 18 end = 30 [K_6] file = "HOME/tests/java/MullerTheory.java" -line = 23 +line = 54 begin = 8 end = 23 [K_7] file = "HOME/tests/java/MullerTheory.java" -line = 22 +line = 53 begin = 13 end = 26 [K_8] file = "HOME/tests/java/MullerTheory.java" -line = 22 +line = 53 begin = 8 end = 14 [MullerTheory_m] name = "Method m" file = "HOME/tests/java/MullerTheory.java" -line = 18 +line = 49 begin = 24 end = 25 [K_9] file = "HOME/tests/java/MullerTheory.java" -line = 22 +line = 53 begin = 8 end = 26 [K_30] file = "HOME/tests/java/MullerTheory.java" -line = 39 +line = 70 begin = 21 end = 28 [K_31] file = "HOME/tests/java/MullerTheory.java" -line = 39 +line = 70 begin = 32 end = 36 [K_32] file = "HOME/tests/java/MullerTheory.java" -line = 39 +line = 70 begin = 19 end = 36 [K_33] file = "HOME/tests/java/MullerTheory.java" -line = 39 +line = 70 begin = 9 end = 13 [K_34] file = "HOME/tests/java/MullerTheory.java" -line = 39 +line = 70 begin = 9 end = 17 [K_35] file = "HOME/tests/java/MullerTheory.java" -line = 38 +line = 69 begin = 30 end = 33 [K_36] file = "HOME/tests/java/MullerTheory.java" -line = 38 +line = 69 begin = 20 end = 28 [K_37] file = "HOME/tests/java/MullerTheory.java" -line = 38 +line = 69 begin = 16 end = 28 [K_38] file = "HOME/tests/java/MullerTheory.java" -line = 29 +line = 60 begin = 11 end = 25 [K_39] file = "HOME/tests/java/MullerTheory.java" -line = 19 +line = 50 begin = 13 end = 14 +[num_of_pos_empty] +name = "Lemma num_of_pos_empty" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[num_of_pos_true_case] +name = "Lemma num_of_pos_true_case" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[num_of_pos_strictly_increasing] +name = "Lemma num_of_pos_strictly_increasing" +file = "HOME/tests/java/MullerTheory.java" +line = 39 +begin = 10 +end = 40 + [cons_MullerTheory] name = "Constructor of class MullerTheory" file = "HOME/" @@ -487,6 +542,13 @@ begin = -1 end = -1 +[num_of_pos_false_case] +name = "Lemma num_of_pos_false_case" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + ========== jessie execution ========== Generating Why function MullerTheory_m Generating Why function cons_MullerTheory @@ -505,10 +567,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs MullerTheory.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/MullerTheory_why.sx @@ -569,6 +632,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/MullerTheory_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/MullerTheory_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -641,6 +711,9 @@ why3ide: why/MullerTheory_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: MullerTheory.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include MullerTheory.depend depend: coq/MullerTheory_why.v @@ -651,29 +724,29 @@ ========== file tests/java/MullerTheory.loc ========== [JC_90] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/MullerTheory.java" +line = 65 +begin = 13 +end = 23 [JC_91] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/MullerTheory.java" +line = 66 +begin = 8 +end = 36 [JC_92] +file = "HOME/tests/java/MullerTheory.java" +line = 64 +begin = 8 +end = 95 + +[JC_40] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_40] -file = "HOME/tests/java/MullerTheory.java" -line = 22 -begin = 13 -end = 26 - [JC_93] file = "HOME/" line = 0 @@ -682,45 +755,52 @@ [JC_41] file = "HOME/tests/java/MullerTheory.java" -line = 23 -begin = 8 -end = 18 +line = 47 +begin = 17 +end = 24 [JC_94] +file = "HOME/tests/java/MullerTheory.jc" +line = 144 +begin = 21 +end = 1746 + +[JC_42] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_42] -file = "HOME/tests/java/MullerTheory.java" -line = 23 -begin = 13 -end = 23 - [JC_95] +file = "HOME/tests/java/MullerTheory.jc" +line = 144 +begin = 21 +end = 1746 + +[JC_43] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_43] +[JC_96] +kind = UserCall file = "HOME/tests/java/MullerTheory.java" -line = 24 -begin = 8 -end = 36 +line = 69 +begin = 20 +end = 28 -[JC_96] +[JC_44] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_44] -file = "HOME/tests/java/MullerTheory.java" -line = 22 -begin = 8 -end = 95 +[JC_97] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_45] file = "HOME/" @@ -728,23 +808,41 @@ begin = -1 end = -1 +[JC_98] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_46] -file = "HOME/tests/java/MullerTheory.jc" -line = 111 -begin = 15 -end = 1099 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_1] file = "HOME/tests/java/MullerTheory.jc" -line = 39 -begin = 8 -end = 21 +line = 13 +begin = 12 +end = 22 + +[JC_100] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_99] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_47] -file = "HOME/tests/java/MullerTheory.jc" -line = 111 -begin = 15 -end = 1099 +file = "HOME/tests/java/MullerTheory.java" +line = 53 +begin = 8 +end = 14 [JC_2] file = "HOME/" @@ -752,25 +850,35 @@ begin = -1 end = -1 +[JC_101] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_48] -kind = UserCall file = "HOME/tests/java/MullerTheory.java" -line = 27 -begin = 20 -end = 28 +line = 53 +begin = 13 +end = 26 [JC_3] file = "HOME/tests/java/MullerTheory.jc" -line = 39 -begin = 8 -end = 21 +line = 13 +begin = 12 +end = 22 + +[JC_102] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_49] -kind = IndexBounds file = "HOME/tests/java/MullerTheory.java" -line = 27 -begin = 20 -end = 28 +line = 54 +begin = 8 +end = 18 [JC_4] file = "HOME/" @@ -778,132 +886,145 @@ begin = -1 end = -1 +[JC_103] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_5] -file = "HOME/tests/java/MullerTheory.jc" -line = 42 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_104] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_6] -file = "HOME/tests/java/MullerTheory.jc" -line = 41 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_7] -file = "HOME/tests/java/MullerTheory.jc" -line = 42 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [MullerTheory_m_safety] name = "Method m" behavior = "Safety" file = "HOME/tests/java/MullerTheory.java" -line = 18 +line = 49 begin = 24 end = 25 [JC_8] -file = "HOME/tests/java/MullerTheory.jc" -line = 41 -begin = 10 -end = 18 - -[JC_9] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_9] +file = "HOME/tests/java/MullerTheory.jc" +line = 42 +begin = 8 +end = 21 + [JC_50] -kind = PointerDeref file = "HOME/tests/java/MullerTheory.java" -line = 27 -begin = 39 -end = 43 +line = 54 +begin = 13 +end = 23 [JC_51] file = "HOME/tests/java/MullerTheory.java" -line = 25 -begin = 18 -end = 30 +line = 55 +begin = 8 +end = 36 [JC_52] -kind = AllocSize file = "HOME/tests/java/MullerTheory.java" -line = 29 -begin = 11 -end = 25 +line = 53 +begin = 8 +end = 95 [JC_53] -file = "HOME/tests/java/MullerTheory.java" -line = 33 -begin = 8 -end = 14 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_54] -file = "HOME/tests/java/MullerTheory.java" -line = 33 -begin = 13 -end = 26 +file = "HOME/tests/java/MullerTheory.jc" +line = 114 +begin = 15 +end = 1099 [JC_55] -file = "HOME/tests/java/MullerTheory.java" -line = 34 -begin = 8 -end = 18 +file = "HOME/tests/java/MullerTheory.jc" +line = 114 +begin = 15 +end = 1099 [JC_56] +kind = UserCall file = "HOME/tests/java/MullerTheory.java" -line = 34 -begin = 13 -end = 23 +line = 58 +begin = 20 +end = 28 [JC_57] +kind = IndexBounds file = "HOME/tests/java/MullerTheory.java" -line = 35 -begin = 8 -end = 36 +line = 58 +begin = 20 +end = 28 [JC_58] +kind = PointerDeref file = "HOME/tests/java/MullerTheory.java" -line = 33 -begin = 8 -end = 95 +line = 58 +begin = 39 +end = 43 [JC_59] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - +file = "HOME/tests/java/MullerTheory.java" +line = 56 +begin = 18 +end = 30 + [cons_MullerTheory_ensures_default] name = "Constructor of class MullerTheory" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 end = -1 [JC_60] -file = "HOME/tests/java/MullerTheory.jc" -line = 141 -begin = 21 -end = 1746 +kind = AllocSize +file = "HOME/tests/java/MullerTheory.java" +line = 60 +begin = 11 +end = 25 [JC_61] -file = "HOME/tests/java/MullerTheory.jc" -line = 141 -begin = 21 -end = 1746 +file = "HOME/tests/java/MullerTheory.java" +line = 64 +begin = 8 +end = 14 [JC_62] -kind = UserCall file = "HOME/tests/java/MullerTheory.java" -line = 38 -begin = 20 -end = 28 +line = 64 +begin = 13 +end = 26 [JC_10] file = "HOME/" @@ -912,24 +1033,22 @@ end = -1 [JC_63] -kind = IndexBounds file = "HOME/tests/java/MullerTheory.java" -line = 38 -begin = 20 -end = 28 +line = 65 +begin = 8 +end = 18 [JC_11] file = "HOME/tests/java/MullerTheory.jc" -line = 45 +line = 42 begin = 8 -end = 30 +end = 21 [JC_64] -kind = PointerDeref file = "HOME/tests/java/MullerTheory.java" -line = 39 -begin = 9 -end = 13 +line = 65 +begin = 13 +end = 23 [JC_12] file = "HOME/" @@ -938,96 +1057,97 @@ end = -1 [JC_65] -kind = PointerDeref file = "HOME/tests/java/MullerTheory.java" -line = 39 -begin = 32 +line = 66 +begin = 8 end = 36 [JC_13] file = "HOME/tests/java/MullerTheory.jc" line = 45 -begin = 8 -end = 30 +begin = 11 +end = 66 [JC_66] -kind = PointerDeref file = "HOME/tests/java/MullerTheory.java" -line = 39 -begin = 19 -end = 36 +line = 64 +begin = 8 +end = 95 [JC_14] +file = "HOME/tests/java/MullerTheory.jc" +line = 44 +begin = 10 +end = 18 + +[JC_67] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_67] -file = "HOME/tests/java/MullerTheory.java" -line = 36 -begin = 18 -end = 30 - [JC_15] file = "HOME/tests/java/MullerTheory.jc" -line = 48 +line = 45 begin = 11 -end = 103 +end = 66 [JC_68] -file = "HOME/tests/java/MullerTheory.java" -line = 22 -begin = 8 -end = 14 +file = "HOME/tests/java/MullerTheory.jc" +line = 144 +begin = 21 +end = 1746 [JC_16] file = "HOME/tests/java/MullerTheory.jc" -line = 47 +line = 44 begin = 10 end = 18 [JC_69] -file = "HOME/tests/java/MullerTheory.java" -line = 22 -begin = 13 -end = 26 +file = "HOME/tests/java/MullerTheory.jc" +line = 144 +begin = 21 +end = 1746 [JC_17] -file = "HOME/tests/java/MullerTheory.jc" -line = 48 -begin = 11 -end = 103 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_18] -file = "HOME/tests/java/MullerTheory.jc" -line = 47 -begin = 10 -end = 18 - -[JC_19] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_19] +file = "HOME/tests/java/MullerTheory.jc" +line = 48 +begin = 8 +end = 30 + [JC_70] +kind = UserCall file = "HOME/tests/java/MullerTheory.java" -line = 23 -begin = 8 -end = 18 +line = 69 +begin = 20 +end = 28 [JC_71] +kind = IndexBounds file = "HOME/tests/java/MullerTheory.java" -line = 23 -begin = 13 -end = 23 +line = 69 +begin = 20 +end = 28 [JC_72] +kind = PointerDeref file = "HOME/tests/java/MullerTheory.java" -line = 24 -begin = 8 -end = 36 +line = 70 +begin = 9 +end = 13 [JC_20] file = "HOME/" @@ -1036,22 +1156,24 @@ end = -1 [JC_73] +kind = PointerDeref file = "HOME/tests/java/MullerTheory.java" -line = 22 -begin = 8 -end = 95 +line = 70 +begin = 32 +end = 36 [JC_21] file = "HOME/tests/java/MullerTheory.jc" -line = 52 +line = 48 begin = 8 -end = 23 +end = 30 [JC_74] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = PointerDeref +file = "HOME/tests/java/MullerTheory.java" +line = 70 +begin = 19 +end = 36 [JC_22] file = "HOME/" @@ -1060,70 +1182,68 @@ end = -1 [JC_75] -file = "HOME/tests/java/MullerTheory.jc" -line = 111 -begin = 15 -end = 1099 +file = "HOME/tests/java/MullerTheory.java" +line = 67 +begin = 18 +end = 30 [JC_23] file = "HOME/tests/java/MullerTheory.jc" -line = 52 -begin = 8 -end = 23 +line = 51 +begin = 11 +end = 103 [JC_76] -file = "HOME/tests/java/MullerTheory.jc" -line = 111 -begin = 15 -end = 1099 +file = "HOME/tests/java/MullerTheory.java" +line = 53 +begin = 8 +end = 14 [JC_24] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/MullerTheory.jc" +line = 50 +begin = 10 +end = 18 [num_of_pos_empty] -name = "num_of_pos_empty" +name = "Lemma num_of_pos_empty" behavior = "axiom" -file = "HOME/tests/java/MullerTheory.jc" -line = 79 -begin = 2 -end = 174 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_77] -kind = UserCall file = "HOME/tests/java/MullerTheory.java" -line = 27 -begin = 20 -end = 28 +line = 53 +begin = 13 +end = 26 [JC_25] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/MullerTheory.jc" +line = 51 +begin = 11 +end = 103 [MullerTheory_m_ensures_default] name = "Method m" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/MullerTheory.java" -line = 18 +line = 49 begin = 24 end = 25 [JC_78] -kind = AllocSize file = "HOME/tests/java/MullerTheory.java" -line = 29 -begin = 11 -end = 25 +line = 54 +begin = 8 +end = 18 [JC_26] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/MullerTheory.jc" +line = 50 +begin = 10 +end = 18 [cons_MullerTheory_safety] name = "Constructor of class MullerTheory" @@ -1135,9 +1255,9 @@ [JC_79] file = "HOME/tests/java/MullerTheory.java" -line = 33 -begin = 8 -end = 14 +line = 54 +begin = 13 +end = 23 [JC_27] file = "HOME/" @@ -1146,12 +1266,12 @@ end = -1 [num_of_pos_true_case] -name = "num_of_pos_true_case" +name = "Lemma num_of_pos_true_case" behavior = "axiom" -file = "HOME/tests/java/MullerTheory.jc" -line = 70 -begin = 2 -end = 303 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_28] file = "HOME/" @@ -1161,51 +1281,51 @@ [JC_29] file = "HOME/tests/java/MullerTheory.jc" -line = 54 -begin = 11 -end = 65 +line = 55 +begin = 8 +end = 23 [JC_80] file = "HOME/tests/java/MullerTheory.java" -line = 33 -begin = 13 -end = 26 +line = 55 +begin = 8 +end = 36 [JC_81] file = "HOME/tests/java/MullerTheory.java" -line = 34 +line = 53 begin = 8 -end = 18 +end = 95 [JC_82] -file = "HOME/tests/java/MullerTheory.java" -line = 34 -begin = 13 -end = 23 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_30] -file = "HOME/tests/java/MullerTheory.jc" -line = 54 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_83] -file = "HOME/tests/java/MullerTheory.java" -line = 35 -begin = 8 -end = 36 +file = "HOME/tests/java/MullerTheory.jc" +line = 114 +begin = 15 +end = 1099 [JC_31] -file = "HOME/tests/java/MullerTheory.java" -line = 16 -begin = 17 -end = 24 +file = "HOME/tests/java/MullerTheory.jc" +line = 55 +begin = 8 +end = 23 [JC_84] -file = "HOME/tests/java/MullerTheory.java" -line = 33 -begin = 8 -end = 95 +file = "HOME/tests/java/MullerTheory.jc" +line = 114 +begin = 15 +end = 1099 [JC_32] file = "HOME/" @@ -1214,30 +1334,32 @@ end = -1 [num_of_pos_strictly_increasing] -name = "num_of_pos_strictly_increasing" +name = "Lemma num_of_pos_strictly_increasing" behavior = "lemma" -file = "HOME/tests/java/MullerTheory.jc" -line = 87 -begin = 0 -end = 320 +file = "HOME/tests/java/MullerTheory.java" +line = 39 +begin = 10 +end = 40 [JC_85] +kind = UserCall +file = "HOME/tests/java/MullerTheory.java" +line = 58 +begin = 20 +end = 28 + +[JC_33] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_33] -file = "HOME/tests/java/MullerTheory.java" -line = 16 -begin = 17 -end = 24 - [JC_86] -file = "HOME/tests/java/MullerTheory.jc" -line = 141 -begin = 21 -end = 1746 +kind = AllocSize +file = "HOME/tests/java/MullerTheory.java" +line = 60 +begin = 11 +end = 25 [JC_34] file = "HOME/" @@ -1246,10 +1368,10 @@ end = -1 [JC_87] -file = "HOME/tests/java/MullerTheory.jc" -line = 141 -begin = 21 -end = 1746 +file = "HOME/tests/java/MullerTheory.java" +line = 64 +begin = 8 +end = 14 [JC_35] file = "HOME/" @@ -1258,11 +1380,10 @@ end = -1 [JC_88] -kind = UserCall file = "HOME/tests/java/MullerTheory.java" -line = 38 -begin = 20 -end = 28 +line = 64 +begin = 13 +end = 26 [JC_36] file = "HOME/" @@ -1271,61 +1392,55 @@ end = -1 [JC_89] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/MullerTheory.java" +line = 65 +begin = 8 +end = 18 [JC_37] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/MullerTheory.jc" +line = 57 +begin = 11 +end = 65 [JC_38] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/MullerTheory.jc" +line = 57 +begin = 11 +end = 65 [JC_39] file = "HOME/tests/java/MullerTheory.java" -line = 22 -begin = 8 -end = 14 +line = 47 +begin = 17 +end = 24 [num_of_pos_false_case] -name = "num_of_pos_false_case" +name = "Lemma num_of_pos_false_case" behavior = "axiom" -file = "HOME/tests/java/MullerTheory.jc" -line = 61 -begin = 2 -end = 304 +file = "HOME/" +line = 0 +begin = 0 +end = 0 ========== file tests/java/why/MullerTheory.why ========== type Object type interface -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - logic MullerTheory_tag: -> Object tag_id axiom MullerTheory_parenttag_Object : parenttag(MullerTheory_tag, Object_tag) predicate Non_null_Object(x_1:Object pointer, Object_x_2_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_x_2_alloc_table, x_1), (0)) + ge_int(offset_max(Object_x_2_alloc_table, x_1), (0)) predicate Non_null_intM(x_0:Object pointer, Object_x_1_alloc_table:Object alloc_table) = @@ -1346,14 +1461,10 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -1409,50 +1520,6 @@ logic num_of_pos: int, int, Object pointer, (Object, int) memory -> int -axiom num_of_pos_empty : - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_0:int. - (forall j_0:int. - (forall t_0:Object pointer. - (gt_int(i_0, j_0) -> - eq_int(num_of_pos(i_0, j_0, t_0, intM_intP_t_6_at_L), (0))))))) - -axiom num_of_pos_false_case : - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_2:int. - (forall j_2:int. - (forall k_0:int. - (forall t_2:Object pointer. - ((le_int(i_2, j_2) - and (not gt_int(select(intM_intP_t_6_at_L, shift(t_2, j_2)), (0)))) -> - eq_int(num_of_pos(i_2, j_2, t_2, intM_intP_t_6_at_L), - num_of_pos(i_2, sub_int(j_2, (1)), t_2, intM_intP_t_6_at_L)))))))) - -lemma num_of_pos_strictly_increasing : - (forall intM_intP_t_3_16_at_L:(Object, int) memory. - (forall i_3:int. - (forall j_3:int. - (forall k_1:int. - (forall l:int. - (forall t_3:Object pointer. - ((lt_int(j_3, k_1) - and (le_int(k_1, l) - and gt_int(select(intM_intP_t_3_16_at_L, shift(t_3, k_1)), (0)))) -> - lt_int(num_of_pos(i_3, j_3, t_3, intM_intP_t_3_16_at_L), - num_of_pos(i_3, l, t_3, intM_intP_t_3_16_at_L))))))))) - -axiom num_of_pos_true_case : - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_1:int. - (forall j_1:int. - (forall k:int. - (forall t_1:Object pointer. - ((le_int(i_1, j_1) - and gt_int(select(intM_intP_t_6_at_L, shift(t_1, j_1)), (0))) -> - eq_int(num_of_pos(i_1, j_1, t_1, intM_intP_t_6_at_L), - add_int(num_of_pos(i_1, sub_int(j_1, (1)), t_1, intM_intP_t_6_at_L), - (1))))))))) - axiom pointer_addr_of_Object_of_pointer_address : (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -1528,36 +1595,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_MullerTheory(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1598,158 +1635,90 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +axiom num_of_pos_false_case : + (forall intM_intP_t_8_at_L:(Object, int) memory. + (forall i_2:int. + (forall j_2:int. + (forall k_0:int. + (forall t_2:Object pointer. + ((le_int(i_2, j_2) + and (not gt_int(select(intM_intP_t_8_at_L, shift(t_2, j_2)), (0)))) -> + (num_of_pos(i_2, j_2, t_2, intM_intP_t_8_at_L) = num_of_pos(i_2, + sub_int(j_2, (1)), + t_2, + intM_intP_t_8_at_L)))))))) + +axiom num_of_pos_true_case : + (forall intM_intP_t_8_at_L:(Object, int) memory. + (forall i_1:int. + (forall j_1:int. + (forall k:int. + (forall t_1:Object pointer. + ((le_int(i_1, j_1) + and gt_int(select(intM_intP_t_8_at_L, shift(t_1, j_1)), (0))) -> + (num_of_pos(i_1, j_1, t_1, intM_intP_t_8_at_L) = add_int(num_of_pos(i_1, + sub_int(j_1, + (1)), t_1, + intM_intP_t_8_at_L), + (1))))))))) + +axiom num_of_pos_empty : + (forall intM_intP_t_8_at_L:(Object, int) memory. + (forall i_0:int. + (forall j_0:int. + (forall t_0:Object pointer. + (gt_int(i_0, j_0) -> + (num_of_pos(i_0, j_0, t_0, intM_intP_t_8_at_L) = (0))))))) + +lemma num_of_pos_strictly_increasing : + (forall intM_intP_t_3_18_at_L:(Object, int) memory. + (forall i_3:int. + (forall j_3:int. + (forall k_1:int. + (forall l:int. + (forall t_3:Object pointer. + ((lt_int(j_3, k_1) + and (le_int(k_1, l) + and gt_int(select(intM_intP_t_3_18_at_L, shift(t_3, k_1)), (0)))) -> + lt_int(num_of_pos(i_3, j_3, t_3, intM_intP_t_3_18_at_L), + num_of_pos(i_3, l, t_3, intM_intP_t_3_18_at_L))))))))) + +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter MullerTheory_m : t_4:Object pointer -> - Object_MullerTheory_m_9_alloc_table:Object alloc_table ref -> - Object_MullerTheory_m_9_tag_table:Object tag_table ref -> - intM_intP_MullerTheory_m_9:(Object, int) memory ref -> - Object_t_4_7_alloc_table:Object alloc_table -> - intM_intP_t_4_7:(Object, int) memory -> - { } Object pointer reads Object_MullerTheory_m_9_alloc_table - writes Object_MullerTheory_m_9_alloc_table,Object_MullerTheory_m_9_tag_table,intM_intP_MullerTheory_m_9 + Object_MullerTheory_m_11_alloc_table:Object alloc_table ref -> + Object_MullerTheory_m_11_tag_table:Object tag_table ref -> + intM_intP_MullerTheory_m_11:(Object, int) memory ref -> + Object_t_4_9_alloc_table:Object alloc_table -> + intM_intP_t_4_9:(Object, int) memory -> + { } Object pointer reads Object_MullerTheory_m_11_alloc_table + writes Object_MullerTheory_m_11_alloc_table,Object_MullerTheory_m_11_tag_table,intM_intP_MullerTheory_m_11 { true } parameter MullerTheory_m_requires : t_4:Object pointer -> - Object_MullerTheory_m_9_alloc_table:Object alloc_table ref -> - Object_MullerTheory_m_9_tag_table:Object tag_table ref -> - intM_intP_MullerTheory_m_9:(Object, int) memory ref -> - Object_t_4_7_alloc_table:Object alloc_table -> - intM_intP_t_4_7:(Object, int) memory -> - { (JC_31: Non_null_intM(t_4, Object_t_4_7_alloc_table))} - Object pointer reads Object_MullerTheory_m_9_alloc_table - writes Object_MullerTheory_m_9_alloc_table,Object_MullerTheory_m_9_tag_table,intM_intP_MullerTheory_m_9 + Object_MullerTheory_m_11_alloc_table:Object alloc_table ref -> + Object_MullerTheory_m_11_tag_table:Object tag_table ref -> + intM_intP_MullerTheory_m_11:(Object, int) memory ref -> + Object_t_4_9_alloc_table:Object alloc_table -> + intM_intP_t_4_9:(Object, int) memory -> + { (JC_39: Non_null_intM(t_4, Object_t_4_9_alloc_table))} + Object pointer reads Object_MullerTheory_m_11_alloc_table + writes Object_MullerTheory_m_11_alloc_table,Object_MullerTheory_m_11_tag_table,intM_intP_MullerTheory_m_11 { true } parameter Object_alloc_table : Object alloc_table ref parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_MullerTheory : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_MullerTheory(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_MullerTheory_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_MullerTheory(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1916,72 +1885,74 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_MullerTheory : this_0:Object pointer -> - Object_this_0_10_alloc_table:Object alloc_table -> { } unit { true } + Object_this_0_12_alloc_table:Object alloc_table -> { } unit { true } parameter cons_MullerTheory_requires : this_0:Object pointer -> - Object_this_0_10_alloc_table:Object alloc_table -> { } unit { true } + Object_this_0_12_alloc_table:Object alloc_table -> { } unit { true } parameter java_array_length_intM : x_3:Object pointer -> - Object_x_4_alloc_table:Object alloc_table -> + Object_x_6_alloc_table:Object alloc_table -> { } int - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, - add_int(offset_max(Object_x_4_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_x_6_alloc_table, x_3), (1)))))) } parameter java_array_length_intM_requires : x_3:Object pointer -> - Object_x_4_alloc_table:Object alloc_table -> + Object_x_6_alloc_table:Object alloc_table -> { } int - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, - add_int(offset_max(Object_x_4_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_x_6_alloc_table, x_3), (1)))))) } parameter non_null_Object : x_4:Object pointer -> - Object_x_5_alloc_table:Object alloc_table -> + Object_x_7_alloc_table:Object alloc_table -> { } bool - { (JC_30: - (if result then eq_int(offset_max(Object_x_5_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_x_7_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_Object_requires : x_4:Object pointer -> - Object_x_5_alloc_table:Object alloc_table -> + Object_x_7_alloc_table:Object alloc_table -> { } bool - { (JC_30: - (if result then eq_int(offset_max(Object_x_5_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_x_7_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_intM : x_2:Object pointer -> - Object_x_3_alloc_table:Object alloc_table -> + Object_x_5_alloc_table:Object alloc_table -> { } bool - { (JC_7: + { (JC_15: (if result - then ge_int(offset_max(Object_x_3_alloc_table, x_2), neg_int((1))) + then ge_int(offset_max(Object_x_5_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_intM_requires : x_2:Object pointer -> - Object_x_3_alloc_table:Object alloc_table -> + Object_x_5_alloc_table:Object alloc_table -> { } bool - { (JC_7: + { (JC_15: (if result - then ge_int(offset_max(Object_x_3_alloc_table, x_2), neg_int((1))) + then ge_int(offset_max(Object_x_5_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } let MullerTheory_m_ensures_default = - fun (t_4 : Object pointer) (Object_MullerTheory_m_9_alloc_table : Object alloc_table ref) (Object_MullerTheory_m_9_tag_table : Object tag_table ref) (intM_intP_MullerTheory_m_9 : (Object, int) memory ref) (Object_t_4_7_alloc_table : Object alloc_table) (intM_intP_t_4_7 : (Object, int) memory) -> - { (left_valid_struct_intM(t_4, (0), Object_t_4_7_alloc_table) - and (JC_33: Non_null_intM(t_4, Object_t_4_7_alloc_table))) } + fun (t_4 : Object pointer) (Object_MullerTheory_m_11_alloc_table : Object alloc_table ref) (Object_MullerTheory_m_11_tag_table : Object tag_table ref) (intM_intP_MullerTheory_m_11 : (Object, int) memory ref) (Object_t_4_9_alloc_table : Object alloc_table) (intM_intP_t_4_9 : (Object, int) memory) -> + { (left_valid_struct_intM(t_4, (0), Object_t_4_9_alloc_table) + and (JC_41: Non_null_intM(t_4, Object_t_4_9_alloc_table))) } (init: (let return = ref (any_pointer void) in try @@ -1993,31 +1964,29 @@ (loop_3: while true do { invariant - (JC_73: - ((JC_68: le_int((0), i_4)) - and ((JC_69: + (JC_81: + ((JC_76: le_int((0), i_4)) + and ((JC_77: le_int(i_4, - add_int(offset_max(Object_t_4_7_alloc_table, t_4), (1)))) - and ((JC_70: le_int((0), count)) - and ((JC_71: le_int(count, i_4)) - and (JC_72: - eq_int(count, - num_of_pos((0), sub_int(i_4, (1)), t_4, - intM_intP_t_4_7)))))))) } + add_int(offset_max(Object_t_4_9_alloc_table, t_4), (1)))) + and ((JC_78: le_int((0), count)) + and ((JC_79: le_int(count, i_4)) + and (JC_80: + (count = num_of_pos((0), sub_int(i_4, (1)), t_4, + intM_intP_t_4_9)))))))) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_18: ((lt_int_ !i_4) (K_17: (let jessie_ = t_4 in - (JC_77: - ((java_array_length_intM jessie_) Object_t_4_7_alloc_table)))))) + (JC_85: + ((java_array_length_intM jessie_) Object_t_4_9_alloc_table)))))) then (if (K_15: ((gt_int_ (K_14: - ((safe_acc_ intM_intP_t_4_7) ((shift t_4) !i_4)))) (0))) + ((safe_acc_ intM_intP_t_4_9) ((shift t_4) !i_4)))) (0))) then (let jessie_ = (K_13: @@ -2025,8 +1994,8 @@ begin (let jessie_ = (count := ((add_int jessie_) (1))) in void); jessie_ end)) in void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_16: @@ -2037,8 +2006,8 @@ Loop_exit_exc jessie_ -> void end); (let u = (K_38: - (JC_78: - (((alloc_struct_intM !count) Object_MullerTheory_m_9_alloc_table) Object_MullerTheory_m_9_tag_table))) in + (JC_86: + (((alloc_struct_intM !count) Object_MullerTheory_m_11_alloc_table) Object_MullerTheory_m_11_tag_table))) in begin (let jessie_ = (count := (0)) in void); (let i_5 = ref (K_19: (0)) in @@ -2046,36 +2015,34 @@ (loop_4: while true do { invariant - (JC_84: - ((JC_79: le_int((0), i_5)) - and ((JC_80: + (JC_92: + ((JC_87: le_int((0), i_5)) + and ((JC_88: le_int(i_5, - add_int(offset_max(Object_t_4_7_alloc_table, t_4), (1)))) - and ((JC_81: le_int((0), count)) - and ((JC_82: le_int(count, i_5)) - and (JC_83: - eq_int(count, - num_of_pos((0), sub_int(i_5, (1)), t_4, - intM_intP_t_4_7)))))))) } + add_int(offset_max(Object_t_4_9_alloc_table, t_4), (1)))) + and ((JC_89: le_int((0), count)) + and ((JC_90: le_int(count, i_5)) + and (JC_91: + (count = num_of_pos((0), sub_int(i_5, (1)), t_4, + intM_intP_t_4_9)))))))) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_37: ((lt_int_ !i_5) (K_36: (let jessie_ = t_4 in - (JC_88: - ((java_array_length_intM jessie_) Object_t_4_7_alloc_table)))))) + (JC_96: + ((java_array_length_intM jessie_) Object_t_4_9_alloc_table)))))) then (if (K_34: ((gt_int_ (K_33: - ((safe_acc_ intM_intP_t_4_7) ((shift t_4) !i_5)))) (0))) + ((safe_acc_ intM_intP_t_4_9) ((shift t_4) !i_5)))) (0))) then (let jessie_ = (K_32: (let jessie_ = - (K_31: ((safe_acc_ intM_intP_t_4_7) ((shift t_4) !i_5))) in + (K_31: ((safe_acc_ intM_intP_t_4_9) ((shift t_4) !i_5))) in (let jessie_ = u in (let jessie_ = (K_30: @@ -2084,10 +2051,9 @@ (let jessie_ = (count := ((add_int jessie_) (1))) in void); jessie_ end)) in (let jessie_ = ((shift jessie_) jessie_) in - (((safe_upd_ intM_intP_MullerTheory_m_9) jessie_) jessie_)))))) in - void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + (((safe_upd_ intM_intP_MullerTheory_m_11) jessie_) jessie_)))))) in + void) else void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_35: @@ -2096,12 +2062,12 @@ (let jessie_ = (i_5 := ((add_int jessie_) (1))) in void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end); (return := u); (raise Return) - end) end); absurd end with Return -> !return end)) { (JC_35: true) } + end) end); absurd end with Return -> !return end)) { (JC_43: true) } let MullerTheory_m_safety = - fun (t_4 : Object pointer) (Object_MullerTheory_m_9_alloc_table : Object alloc_table ref) (Object_MullerTheory_m_9_tag_table : Object tag_table ref) (intM_intP_MullerTheory_m_9 : (Object, int) memory ref) (Object_t_4_7_alloc_table : Object alloc_table) (intM_intP_t_4_7 : (Object, int) memory) -> - { (left_valid_struct_intM(t_4, (0), Object_t_4_7_alloc_table) - and (JC_33: Non_null_intM(t_4, Object_t_4_7_alloc_table))) } + fun (t_4 : Object pointer) (Object_MullerTheory_m_11_alloc_table : Object alloc_table ref) (Object_MullerTheory_m_11_tag_table : Object tag_table ref) (intM_intP_MullerTheory_m_11 : (Object, int) memory ref) (Object_t_4_9_alloc_table : Object alloc_table) (intM_intP_t_4_9 : (Object, int) memory) -> + { (left_valid_struct_intM(t_4, (0), Object_t_4_9_alloc_table) + and (JC_41: Non_null_intM(t_4, Object_t_4_9_alloc_table))) } (init: (let return = ref (any_pointer void) in try @@ -2112,42 +2078,40 @@ try (loop_1: while true do - { invariant (JC_46: true) - variant (JC_51 : sub_int(add_int(offset_max(Object_t_4_7_alloc_table, + { invariant (JC_54: true) + variant (JC_59 : sub_int(add_int(offset_max(Object_t_4_9_alloc_table, t_4), (1)), i_4)) } begin [ { } unit reads count,i_4 - { (JC_44: - ((JC_39: le_int((0), i_4)) - and ((JC_40: + { (JC_52: + ((JC_47: le_int((0), i_4)) + and ((JC_48: le_int(i_4, - add_int(offset_max(Object_t_4_7_alloc_table, t_4), (1)))) - and ((JC_41: le_int((0), count)) - and ((JC_42: le_int(count, i_4)) - and (JC_43: - eq_int(count, - num_of_pos((0), sub_int(i_4, (1)), t_4, - intM_intP_t_4_7)))))))) } ]; + add_int(offset_max(Object_t_4_9_alloc_table, t_4), (1)))) + and ((JC_49: le_int((0), count)) + and ((JC_50: le_int(count, i_4)) + and (JC_51: + (count = num_of_pos((0), sub_int(i_4, (1)), + t_4, intM_intP_t_4_9)))))))) } ]; try - (let jessie_ = begin (if (K_18: ((lt_int_ !i_4) (K_17: (let jessie_ = t_4 in - (JC_49: + (JC_57: (assert - { ge_int(offset_max(Object_t_4_7_alloc_table, + { ge_int(offset_max(Object_t_4_9_alloc_table, jessie_), (-1)) }; - (JC_48: - ((java_array_length_intM_requires jessie_) Object_t_4_7_alloc_table)))))))) + (JC_56: + ((java_array_length_intM_requires jessie_) Object_t_4_9_alloc_table)))))))) then (if (K_15: ((gt_int_ (K_14: - (JC_50: - ((((offset_acc_ Object_t_4_7_alloc_table) intM_intP_t_4_7) t_4) !i_4)))) (0))) + (JC_58: + ((((offset_acc_ Object_t_4_9_alloc_table) intM_intP_t_4_9) t_4) !i_4)))) (0))) then (let jessie_ = (K_13: @@ -2155,8 +2119,8 @@ begin (let jessie_ = (count := ((add_int jessie_) (1))) in void); jessie_ end)) in void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_16: @@ -2167,57 +2131,55 @@ Loop_exit_exc jessie_ -> void end); (let u = (K_38: - (JC_52: - (((alloc_struct_intM_requires !count) Object_MullerTheory_m_9_alloc_table) Object_MullerTheory_m_9_tag_table))) in + (JC_60: + (((alloc_struct_intM_requires !count) Object_MullerTheory_m_11_alloc_table) Object_MullerTheory_m_11_tag_table))) in begin (let jessie_ = (count := (0)) in void); (let i_5 = ref (K_19: (0)) in try (loop_2: while true do - { invariant (JC_60: true) - variant (JC_67 : sub_int(add_int(offset_max(Object_t_4_7_alloc_table, + { invariant (JC_68: true) + variant (JC_75 : sub_int(add_int(offset_max(Object_t_4_9_alloc_table, t_4), (1)), i_5)) } begin [ { } unit reads count,i_5 - { (JC_58: - ((JC_53: le_int((0), i_5)) - and ((JC_54: + { (JC_66: + ((JC_61: le_int((0), i_5)) + and ((JC_62: le_int(i_5, - add_int(offset_max(Object_t_4_7_alloc_table, t_4), (1)))) - and ((JC_55: le_int((0), count)) - and ((JC_56: le_int(count, i_5)) - and (JC_57: - eq_int(count, - num_of_pos((0), sub_int(i_5, (1)), t_4, - intM_intP_t_4_7)))))))) } ]; + add_int(offset_max(Object_t_4_9_alloc_table, t_4), (1)))) + and ((JC_63: le_int((0), count)) + and ((JC_64: le_int(count, i_5)) + and (JC_65: + (count = num_of_pos((0), sub_int(i_5, (1)), + t_4, intM_intP_t_4_9)))))))) } ]; try - (let jessie_ = begin (if (K_37: ((lt_int_ !i_5) (K_36: (let jessie_ = t_4 in - (JC_63: + (JC_71: (assert - { ge_int(offset_max(Object_t_4_7_alloc_table, + { ge_int(offset_max(Object_t_4_9_alloc_table, jessie_), (-1)) }; - (JC_62: - ((java_array_length_intM_requires jessie_) Object_t_4_7_alloc_table)))))))) + (JC_70: + ((java_array_length_intM_requires jessie_) Object_t_4_9_alloc_table)))))))) then (if (K_34: ((gt_int_ (K_33: - (JC_64: - ((((offset_acc_ Object_t_4_7_alloc_table) intM_intP_t_4_7) t_4) !i_5)))) (0))) + (JC_72: + ((((offset_acc_ Object_t_4_9_alloc_table) intM_intP_t_4_9) t_4) !i_5)))) (0))) then (let jessie_ = (K_32: (let jessie_ = (K_31: - (JC_65: - ((((offset_acc_ Object_t_4_7_alloc_table) intM_intP_t_4_7) t_4) !i_5))) in + (JC_73: + ((((offset_acc_ Object_t_4_9_alloc_table) intM_intP_t_4_9) t_4) !i_5))) in (let jessie_ = u in (let jessie_ = (K_30: @@ -2226,11 +2188,10 @@ (let jessie_ = (count := ((add_int jessie_) (1))) in void); jessie_ end)) in (let jessie_ = ((shift jessie_) jessie_) in - (JC_66: - (((((offset_upd_ !Object_MullerTheory_m_9_alloc_table) intM_intP_MullerTheory_m_9) jessie_) jessie_) jessie_))))))) in - void) else void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + (JC_74: + (((((offset_upd_ !Object_MullerTheory_m_11_alloc_table) intM_intP_MullerTheory_m_11) jessie_) jessie_) jessie_))))))) in + void) else void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_35: @@ -2242,14 +2203,14 @@ end) end); absurd end with Return -> !return end)) { true } let cons_MullerTheory_ensures_default = - fun (this_0 : Object pointer) (Object_this_0_10_alloc_table : Object alloc_table) -> - { valid_struct_MullerTheory(this_0, (0), (0), Object_this_0_10_alloc_table) } + fun (this_0 : Object pointer) (Object_this_0_12_alloc_table : Object alloc_table) -> + { valid_struct_MullerTheory(this_0, (0), (0), Object_this_0_12_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_93: true) } + { (JC_101: true) } let cons_MullerTheory_safety = - fun (this_0 : Object pointer) (Object_this_0_10_alloc_table : Object alloc_table) -> - { valid_struct_MullerTheory(this_0, (0), (0), Object_this_0_10_alloc_table) } + fun (this_0 : Object pointer) (Object_this_0_12_alloc_table : Object alloc_table) -> + { valid_struct_MullerTheory(this_0, (0), (0), Object_this_0_12_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) { true } @@ -2261,211 +2222,211 @@ - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + + + + + - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + + + + @@ -3416,7 +3377,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_x_2_alloc_table: Object alloc_table) = - (offset_max(Object_x_2_alloc_table, x_1) = 0) + (offset_max(Object_x_2_alloc_table, x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_x_1_alloc_table: Object alloc_table) = @@ -3496,36 +3457,6 @@ logic num_of_pos : int, int, Object pointer, (Object, int) memory -> int -axiom num_of_pos_empty: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_0:int. - (forall j_0:int. - (forall t_0:Object pointer. - ((i_0 > j_0) -> (num_of_pos(i_0, j_0, t_0, intM_intP_t_6_at_L) = 0)))))) - -axiom num_of_pos_false_case: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_2:int. - (forall j_2:int. - (forall k_0:int. - (forall t_2:Object pointer. - (((i_2 <= j_2) and (not (select(intM_intP_t_6_at_L, shift(t_2, - j_2)) > 0))) -> - (num_of_pos(i_2, j_2, t_2, intM_intP_t_6_at_L) = num_of_pos(i_2, - (j_2 - 1), t_2, intM_intP_t_6_at_L)))))))) - -axiom num_of_pos_true_case: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_1:int. - (forall j_1:int. - (forall k:int. - (forall t_1:Object pointer. - (((i_1 <= j_1) and (select(intM_intP_t_6_at_L, shift(t_1, - j_1)) > 0)) -> - (num_of_pos(i_1, j_1, t_1, - intM_intP_t_6_at_L) = (num_of_pos(i_1, (j_1 - 1), t_1, - intM_intP_t_6_at_L) + 1)))))))) - axiom pointer_addr_of_Object_of_pointer_address: (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -3602,36 +3533,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_MullerTheory(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -3672,1920 +3573,1938 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +axiom num_of_pos_false_case: + (forall intM_intP_t_8_at_L:(Object, int) memory. + (forall i_2:int. + (forall j_2:int. + (forall k_0:int. + (forall t_2:Object pointer. + (((i_2 <= j_2) and (not (select(intM_intP_t_8_at_L, shift(t_2, + j_2)) > 0))) -> + (num_of_pos(i_2, j_2, t_2, intM_intP_t_8_at_L) = num_of_pos(i_2, + (j_2 - 1), t_2, intM_intP_t_8_at_L)))))))) + +axiom num_of_pos_true_case: + (forall intM_intP_t_8_at_L:(Object, int) memory. + (forall i_1:int. + (forall j_1:int. + (forall k:int. + (forall t_1:Object pointer. + (((i_1 <= j_1) and (select(intM_intP_t_8_at_L, shift(t_1, + j_1)) > 0)) -> + (num_of_pos(i_1, j_1, t_1, + intM_intP_t_8_at_L) = (num_of_pos(i_1, (j_1 - 1), t_1, + intM_intP_t_8_at_L) + 1)))))))) + +axiom num_of_pos_empty: + (forall intM_intP_t_8_at_L:(Object, int) memory. + (forall i_0:int. + (forall j_0:int. + (forall t_0:Object pointer. + ((i_0 > j_0) -> (num_of_pos(i_0, j_0, t_0, intM_intP_t_8_at_L) = 0)))))) + +========== file tests/java/why/MullerTheory_po1.why ========== +lemma num_of_pos_strictly_increasing: + (forall intM_intP_t_3_18_at_L:(Object, int) memory. + (forall i_3:int. + (forall j_3:int. + (forall k_1:int. + (forall l:int. + (forall t_3:Object pointer. + (((j_3 < k_1) and + ((k_1 <= l) and (select(intM_intP_t_3_18_at_L, shift(t_3, + k_1)) > 0))) -> + (num_of_pos(i_3, j_3, t_3, + intM_intP_t_3_18_at_L) < num_of_pos(i_3, l, t_3, + intM_intP_t_3_18_at_L))))))))) + ========== file tests/java/why/MullerTheory_po10.why ========== goal MullerTheory_m_ensures_default_po_9: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_71": ("JC_71": (count0 <= i_4_0)))) + ("JC_81": ("JC_79": (count0 <= i_4_0))) ========== file tests/java/why/MullerTheory_po11.why ========== goal MullerTheory_m_ensures_default_po_10: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_72": - ("JC_72": (count0 = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_7))))) + ("JC_81": + ("JC_80": (count0 = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_9)))) ========== file tests/java/why/MullerTheory_po12.why ========== goal MullerTheory_m_ensures_default_po_11: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= i_4_0)))) + ("JC_81": ("JC_76": (0 <= i_4_0))) ========== file tests/java/why/MullerTheory_po13.why ========== goal MullerTheory_m_ensures_default_po_12: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_69": - ("JC_69": (i_4_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + ("JC_81": + ("JC_77": (i_4_0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) ========== file tests/java/why/MullerTheory_po14.why ========== goal MullerTheory_m_ensures_default_po_13: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= count)))) + ("JC_81": ("JC_78": (0 <= count))) ========== file tests/java/why/MullerTheory_po15.why ========== goal MullerTheory_m_ensures_default_po_14: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_71": ("JC_71": (count <= i_4_0)))) + ("JC_81": ("JC_79": (count <= i_4_0))) ========== file tests/java/why/MullerTheory_po16.why ========== goal MullerTheory_m_ensures_default_po_15: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_72": - ("JC_72": (count = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_7))))) + ("JC_81": + ("JC_80": (count = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_9)))) ========== file tests/java/why/MullerTheory_po17.why ========== goal MullerTheory_m_ensures_default_po_16: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= 0)))) + ("JC_92": ("JC_87": (0 <= 0))) ========== file tests/java/why/MullerTheory_po18.why ========== goal MullerTheory_m_ensures_default_po_17: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> - ("JC_84": - ("JC_80": - ("JC_80": (0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + ("JC_92": + ("JC_88": (0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) ========== file tests/java/why/MullerTheory_po19.why ========== goal MullerTheory_m_ensures_default_po_18: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count0)))) + ("JC_92": ("JC_89": (0 <= count0))) -========== file tests/java/why/MullerTheory_po1.why ========== -lemma num_of_pos_strictly_increasing: - (forall intM_intP_t_3_16_at_L:(Object, int) memory. - (forall i_3:int. - (forall j_3:int. - (forall k_1:int. - (forall l:int. - (forall t_3:Object pointer. - (((j_3 < k_1) and - ((k_1 <= l) and (select(intM_intP_t_3_16_at_L, shift(t_3, - k_1)) > 0))) -> - (num_of_pos(i_3, j_3, t_3, - intM_intP_t_3_16_at_L) < num_of_pos(i_3, l, t_3, - intM_intP_t_3_16_at_L))))))))) +========== file tests/java/why/MullerTheory_po2.why ========== +goal MullerTheory_m_ensures_default_po_1: + forall t_4:Object pointer. + forall Object_t_4_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + ("JC_81": ("JC_76": (0 <= 0))) ========== file tests/java/why/MullerTheory_po20.why ========== goal MullerTheory_m_ensures_default_po_19: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> - ("JC_84": ("JC_82": ("JC_82": (count0 <= 0)))) + ("JC_92": ("JC_90": (count0 <= 0))) ========== file tests/java/why/MullerTheory_po21.why ========== goal MullerTheory_m_ensures_default_po_20: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> - ("JC_84": - ("JC_83": - ("JC_83": (count0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_7))))) + ("JC_92": + ("JC_91": (count0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_9)))) ========== file tests/java/why/MullerTheory_po22.why ========== goal MullerTheory_m_ensures_default_po_21: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= i_5_0)))) + ("JC_92": ("JC_87": (0 <= i_5_0))) ========== file tests/java/why/MullerTheory_po23.why ========== goal MullerTheory_m_ensures_default_po_22: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_80": - ("JC_80": (i_5_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + ("JC_92": + ("JC_88": (i_5_0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) ========== file tests/java/why/MullerTheory_po24.why ========== goal MullerTheory_m_ensures_default_po_23: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count2)))) + ("JC_92": ("JC_89": (0 <= count2))) ========== file tests/java/why/MullerTheory_po25.why ========== goal MullerTheory_m_ensures_default_po_24: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_82": ("JC_82": (count2 <= i_5_0)))) + ("JC_92": ("JC_90": (count2 <= i_5_0))) ========== file tests/java/why/MullerTheory_po26.why ========== goal MullerTheory_m_ensures_default_po_25: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_83": - ("JC_83": (count2 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_7))))) + ("JC_92": + ("JC_91": (count2 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_9)))) ========== file tests/java/why/MullerTheory_po27.why ========== goal MullerTheory_m_ensures_default_po_26: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= i_5_0)))) + ("JC_92": ("JC_87": (0 <= i_5_0))) ========== file tests/java/why/MullerTheory_po28.why ========== goal MullerTheory_m_ensures_default_po_27: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_80": - ("JC_80": (i_5_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + ("JC_92": + ("JC_88": (i_5_0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) ========== file tests/java/why/MullerTheory_po29.why ========== goal MullerTheory_m_ensures_default_po_28: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count1)))) + ("JC_92": ("JC_89": (0 <= count1))) -========== file tests/java/why/MullerTheory_po2.why ========== -goal MullerTheory_m_ensures_default_po_1: +========== file tests/java/why/MullerTheory_po3.why ========== +goal MullerTheory_m_ensures_default_po_2: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= 0)))) + forall Object_t_4_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + ("JC_81": + ("JC_77": (0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) ========== file tests/java/why/MullerTheory_po30.why ========== goal MullerTheory_m_ensures_default_po_29: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_82": ("JC_82": (count1 <= i_5_0)))) + ("JC_92": ("JC_90": (count1 <= i_5_0))) ========== file tests/java/why/MullerTheory_po31.why ========== goal MullerTheory_m_ensures_default_po_30: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_83": - ("JC_83": (count1 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_7))))) + ("JC_92": + ("JC_91": (count1 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_9)))) ========== file tests/java/why/MullerTheory_po32.why ========== goal MullerTheory_m_safety_po_1: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) ========== file tests/java/why/MullerTheory_po33.why ========== goal MullerTheory_m_safety_po_2: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - (offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) + (offset_min(Object_t_4_9_alloc_table, t_4) <= i_4) ========== file tests/java/why/MullerTheory_po34.why ========== goal MullerTheory_m_safety_po_3: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4)) + (i_4 <= offset_max(Object_t_4_9_alloc_table, t_4)) ========== file tests/java/why/MullerTheory_po35.why ========== goal MullerTheory_m_safety_po_4: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_4) and + (i_4 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - (0 <= ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + (0 <= ("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4))) ========== file tests/java/why/MullerTheory_po36.why ========== goal MullerTheory_m_safety_po_5: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_4) and + (i_4 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - (("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4_0)) < - ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + (("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4_0)) < + ("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4))) ========== file tests/java/why/MullerTheory_po37.why ========== goal MullerTheory_m_safety_po_6: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_4) and + (i_4 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - (0 <= ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + (0 <= ("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4))) ========== file tests/java/why/MullerTheory_po38.why ========== goal MullerTheory_m_safety_po_7: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_4) and + (i_4 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - (("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4_0)) < - ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + (("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4_0)) < + ("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4))) ========== file tests/java/why/MullerTheory_po39.why ========== goal MullerTheory_m_safety_po_8: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -========== file tests/java/why/MullerTheory_po3.why ========== -goal MullerTheory_m_ensures_default_po_2: +========== file tests/java/why/MullerTheory_po4.why ========== +goal MullerTheory_m_ensures_default_po_3: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": - ("JC_69": - ("JC_69": (0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + forall Object_t_4_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + ("JC_81": ("JC_78": (0 <= 0))) ========== file tests/java/why/MullerTheory_po40.why ========== goal MullerTheory_m_safety_po_9: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - (offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) + (offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) ========== file tests/java/why/MullerTheory_po41.why ========== goal MullerTheory_m_safety_po_10: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4)) + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4)) ========== file tests/java/why/MullerTheory_po42.why ========== goal MullerTheory_m_safety_po_11: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - (offset_min(Object_MullerTheory_m_9_alloc_table0, result0) <= count1) + (offset_min(Object_MullerTheory_m_11_alloc_table0, result0) <= count1) ========== file tests/java/why/MullerTheory_po43.why ========== goal MullerTheory_m_safety_po_12: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - (count1 <= offset_max(Object_MullerTheory_m_9_alloc_table0, result0)) + (count1 <= offset_max(Object_MullerTheory_m_11_alloc_table0, result0)) ========== file tests/java/why/MullerTheory_po44.why ========== goal MullerTheory_m_safety_po_13: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - ((offset_min(Object_MullerTheory_m_9_alloc_table0, result0) <= count1) and - (count1 <= offset_max(Object_MullerTheory_m_9_alloc_table0, result0))) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + ((offset_min(Object_MullerTheory_m_11_alloc_table0, result0) <= count1) and + (count1 <= offset_max(Object_MullerTheory_m_11_alloc_table0, result0))) -> + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + (0 <= ("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5))) ========== file tests/java/why/MullerTheory_po45.why ========== goal MullerTheory_m_safety_po_14: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - ((offset_min(Object_MullerTheory_m_9_alloc_table0, result0) <= count1) and - (count1 <= offset_max(Object_MullerTheory_m_9_alloc_table0, result0))) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + ((offset_min(Object_MullerTheory_m_11_alloc_table0, result0) <= count1) and + (count1 <= offset_max(Object_MullerTheory_m_11_alloc_table0, result0))) -> + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5_0)) < - ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + (("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5_0)) < + ("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5))) ========== file tests/java/why/MullerTheory_po46.why ========== goal MullerTheory_m_safety_po_15: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + (0 <= ("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5))) ========== file tests/java/why/MullerTheory_po47.why ========== goal MullerTheory_m_safety_po_16: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5_0)) < - ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) - -========== file tests/java/why/MullerTheory_po4.why ========== -goal MullerTheory_m_ensures_default_po_3: - forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= 0)))) + (("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5_0)) < + ("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5))) ========== file tests/java/why/MullerTheory_po5.why ========== goal MullerTheory_m_ensures_default_po_4: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_71": ("JC_71": (0 <= 0)))) + forall Object_t_4_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + ("JC_81": ("JC_79": (0 <= 0))) ========== file tests/java/why/MullerTheory_po6.why ========== goal MullerTheory_m_ensures_default_po_5: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": - ("JC_72": ("JC_72": (0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_7))))) + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + ("JC_81": ("JC_80": (0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_9)))) ========== file tests/java/why/MullerTheory_po7.why ========== goal MullerTheory_m_ensures_default_po_6: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= i_4_0)))) + ("JC_81": ("JC_76": (0 <= i_4_0))) ========== file tests/java/why/MullerTheory_po8.why ========== goal MullerTheory_m_ensures_default_po_7: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_69": - ("JC_69": (i_4_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + ("JC_81": + ("JC_77": (i_4_0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) ========== file tests/java/why/MullerTheory_po9.why ========== goal MullerTheory_m_ensures_default_po_8: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= count0)))) + ("JC_81": ("JC_78": (0 <= count0))) ========== generation of Simplify VC output ========== why -simplify [...] why/MullerTheory.why @@ -6413,7 +6332,7 @@ (EQ (parenttag MullerTheory_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_x_2_alloc_table) - (EQ (offset_max Object_x_2_alloc_table x_1) 0)) + (>= (offset_max Object_x_2_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_x_1_alloc_table) (>= (offset_max Object_x_1_alloc_table x_0) (- 0 1))) @@ -6485,63 +6404,6 @@ (<= (offset_min interface_alloc_table p) a)) (BG_PUSH - ;; Why axiom num_of_pos_empty - (FORALL (intM_intP_t_6_at_L i_0 j_0 t_0) - (IMPLIES (> i_0 j_0) (EQ (num_of_pos i_0 j_0 t_0 intM_intP_t_6_at_L) 0))) - - (FORALL (i_0 j_0) - (IMPLIES (> i_0 j_0) - (FORALL (intM_intP_t_6_at_L t_0) - (EQ (num_of_pos i_0 j_0 t_0 intM_intP_t_6_at_L) 0))))) - -(BG_PUSH - ;; Why axiom num_of_pos_false_case - (FORALL (intM_intP_t_6_at_L i_2 j_2 k_0 t_2) - (IMPLIES - (AND (<= i_2 j_2) (NOT (> (select intM_intP_t_6_at_L (shift t_2 j_2)) 0))) - (EQ (num_of_pos i_2 j_2 t_2 intM_intP_t_6_at_L) - (num_of_pos i_2 (- j_2 1) t_2 intM_intP_t_6_at_L)))) - - (FORALL (intM_intP_t_6_at_L i_2 j_2 t_2) - (IMPLIES - (AND (<= i_2 j_2) (NOT (> (select intM_intP_t_6_at_L (shift t_2 j_2)) 0))) - (FORALL (k_0) - (EQ (num_of_pos i_2 j_2 t_2 intM_intP_t_6_at_L) - (num_of_pos i_2 (- j_2 1) t_2 intM_intP_t_6_at_L)))))) - -;; num_of_pos_strictly_increasing, File "HOME/tests/java/MullerTheory.jc", line 87, characters 0-320 -(FORALL (intM_intP_t_3_16_at_L i_3 j_3 k_1 l t_3) -(IMPLIES -(AND (< j_3 k_1) -(AND (<= k_1 l) (> (select intM_intP_t_3_16_at_L (shift t_3 k_1)) 0))) -(< (num_of_pos i_3 j_3 t_3 intM_intP_t_3_16_at_L) (num_of_pos - i_3 l t_3 intM_intP_t_3_16_at_L)))) - -(BG_PUSH - ;; lemma num_of_pos_strictly_increasing as axiom -(FORALL (intM_intP_t_3_16_at_L i_3 j_3 k_1 l t_3) -(IMPLIES -(AND (< j_3 k_1) -(AND (<= k_1 l) (> (select intM_intP_t_3_16_at_L (shift t_3 k_1)) 0))) -(< (num_of_pos i_3 j_3 t_3 intM_intP_t_3_16_at_L) (num_of_pos - i_3 l t_3 intM_intP_t_3_16_at_L))))) - -(BG_PUSH - ;; Why axiom num_of_pos_true_case - (FORALL (intM_intP_t_6_at_L i_1 j_1 k t_1) - (IMPLIES - (AND (<= i_1 j_1) (> (select intM_intP_t_6_at_L (shift t_1 j_1)) 0)) - (EQ (num_of_pos i_1 j_1 t_1 intM_intP_t_6_at_L) - (+ (num_of_pos i_1 (- j_1 1) t_1 intM_intP_t_6_at_L) 1)))) - - (FORALL (intM_intP_t_6_at_L i_1 j_1 t_1) - (IMPLIES - (AND (<= i_1 j_1) (> (select intM_intP_t_6_at_L (shift t_1 j_1)) 0)) - (FORALL (k) - (EQ (num_of_pos i_1 j_1 t_1 intM_intP_t_6_at_L) - (+ (num_of_pos i_1 (- j_1 1) t_1 intM_intP_t_6_at_L) 1)))))) - -(BG_PUSH ;; Why axiom pointer_addr_of_Object_of_pointer_address (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) @@ -6601,29 +6463,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_MullerTheory p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -6655,1683 +6494,1765 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; MullerTheory_m_ensures_default_po_1, File "HOME/tests/java/MullerTheory.java", line 22, characters 8-14 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(BG_PUSH + ;; Why axiom num_of_pos_false_case + (FORALL (intM_intP_t_8_at_L i_2 j_2 k_0 t_2) + (IMPLIES + (AND (<= i_2 j_2) (NOT (> (select intM_intP_t_8_at_L (shift t_2 j_2)) 0))) + (EQ (num_of_pos i_2 j_2 t_2 intM_intP_t_8_at_L) + (num_of_pos i_2 (- j_2 1) t_2 intM_intP_t_8_at_L)))) + + (FORALL (intM_intP_t_8_at_L i_2 j_2 t_2) + (IMPLIES + (AND (<= i_2 j_2) (NOT (> (select intM_intP_t_8_at_L (shift t_2 j_2)) 0))) + (FORALL (k_0) + (EQ (num_of_pos i_2 j_2 t_2 intM_intP_t_8_at_L) + (num_of_pos i_2 (- j_2 1) t_2 intM_intP_t_8_at_L)))))) + +(BG_PUSH + ;; Why axiom num_of_pos_true_case + (FORALL (intM_intP_t_8_at_L i_1 j_1 k t_1) + (IMPLIES + (AND (<= i_1 j_1) (> (select intM_intP_t_8_at_L (shift t_1 j_1)) 0)) + (EQ (num_of_pos i_1 j_1 t_1 intM_intP_t_8_at_L) + (+ (num_of_pos i_1 (- j_1 1) t_1 intM_intP_t_8_at_L) 1)))) + + (FORALL (intM_intP_t_8_at_L i_1 j_1 t_1) + (IMPLIES + (AND (<= i_1 j_1) (> (select intM_intP_t_8_at_L (shift t_1 j_1)) 0)) + (FORALL (k) + (EQ (num_of_pos i_1 j_1 t_1 intM_intP_t_8_at_L) + (+ (num_of_pos i_1 (- j_1 1) t_1 intM_intP_t_8_at_L) 1)))))) + +(BG_PUSH + ;; Why axiom num_of_pos_empty + (FORALL (intM_intP_t_8_at_L i_0 j_0 t_0) + (IMPLIES (> i_0 j_0) (EQ (num_of_pos i_0 j_0 t_0 intM_intP_t_8_at_L) 0))) + + (FORALL (i_0 j_0) + (IMPLIES (> i_0 j_0) + (FORALL (intM_intP_t_8_at_L t_0) + (EQ (num_of_pos i_0 j_0 t_0 intM_intP_t_8_at_L) 0))))) + +;; num_of_pos_strictly_increasing, File "HOME/tests/java/MullerTheory.java", line 39, characters 10-40 +(FORALL (intM_intP_t_3_18_at_L i_3 j_3 k_1 l t_3) +(IMPLIES +(AND (< j_3 k_1) +(AND (<= k_1 l) (> (select intM_intP_t_3_18_at_L (shift t_3 k_1)) 0))) +(< (num_of_pos i_3 j_3 t_3 intM_intP_t_3_18_at_L) (num_of_pos + i_3 l t_3 intM_intP_t_3_18_at_L)))) + +(BG_PUSH + ;; lemma num_of_pos_strictly_increasing as axiom +(FORALL (intM_intP_t_3_18_at_L i_3 j_3 k_1 l t_3) +(IMPLIES +(AND (< j_3 k_1) +(AND (<= k_1 l) (> (select intM_intP_t_3_18_at_L (shift t_3 k_1)) 0))) +(< (num_of_pos i_3 j_3 t_3 intM_intP_t_3_18_at_L) (num_of_pos + i_3 l t_3 intM_intP_t_3_18_at_L))))) + +;; MullerTheory_m_ensures_default_po_1, File "HOME/tests/java/MullerTheory.java", line 53, characters 8-14 +(FORALL (t_4) +(FORALL (Object_t_4_9_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (<= 0 0)))) -;; MullerTheory_m_ensures_default_po_2, File "HOME/tests/java/MullerTheory.java", line 22, characters 13-26 +;; MullerTheory_m_ensures_default_po_2, File "HOME/tests/java/MullerTheory.java", line 53, characters 13-26 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(<= 0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1))))) - -;; MullerTheory_m_ensures_default_po_3, File "HOME/tests/java/MullerTheory.java", line 23, characters 8-18 -(FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) +(<= 0 (+ (offset_max Object_t_4_9_alloc_table t_4) 1))))) + +;; MullerTheory_m_ensures_default_po_3, File "HOME/tests/java/MullerTheory.java", line 54, characters 8-18 +(FORALL (t_4) +(FORALL (Object_t_4_9_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (<= 0 0)))) -;; MullerTheory_m_ensures_default_po_4, File "HOME/tests/java/MullerTheory.java", line 23, characters 13-23 +;; MullerTheory_m_ensures_default_po_4, File "HOME/tests/java/MullerTheory.java", line 54, characters 13-23 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (<= 0 0)))) -;; MullerTheory_m_ensures_default_po_5, File "HOME/tests/java/MullerTheory.java", line 24, characters 8-36 +;; MullerTheory_m_ensures_default_po_5, File "HOME/tests/java/MullerTheory.java", line 55, characters 8-36 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) -(EQ 0 (num_of_pos 0 (- 0 1) t_4 intM_intP_t_4_7)))))) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) +(EQ 0 (num_of_pos 0 (- 0 1) t_4 intM_intP_t_4_9)))))) -;; MullerTheory_m_ensures_default_po_6, File "HOME/tests/java/MullerTheory.java", line 22, characters 8-14 +;; MullerTheory_m_ensures_default_po_6, File "HOME/tests/java/MullerTheory.java", line 53, characters 8-14 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (> result0 0) (FORALL (count0) (IMPLIES (EQ count0 (+ count 1)) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= 0 i_4_0)))))))))))))))))) -;; MullerTheory_m_ensures_default_po_7, File "HOME/tests/java/MullerTheory.java", line 22, characters 13-26 +;; MullerTheory_m_ensures_default_po_7, File "HOME/tests/java/MullerTheory.java", line 53, characters 13-26 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (> result0 0) (FORALL (count0) (IMPLIES (EQ count0 (+ count 1)) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) -(<= i_4_0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1))))))))))))))))))) +(<= i_4_0 (+ (offset_max Object_t_4_9_alloc_table t_4) 1))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_8, File "HOME/tests/java/MullerTheory.java", line 23, characters 8-18 +;; MullerTheory_m_ensures_default_po_8, File "HOME/tests/java/MullerTheory.java", line 54, characters 8-18 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (> result0 0) (FORALL (count0) (IMPLIES (EQ count0 (+ count 1)) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= 0 count0)))))))))))))))))) -;; MullerTheory_m_ensures_default_po_9, File "HOME/tests/java/MullerTheory.java", line 23, characters 13-23 +;; MullerTheory_m_ensures_default_po_9, File "HOME/tests/java/MullerTheory.java", line 54, characters 13-23 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (> result0 0) (FORALL (count0) (IMPLIES (EQ count0 (+ count 1)) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= count0 i_4_0)))))))))))))))))) -;; MullerTheory_m_ensures_default_po_10, File "HOME/tests/java/MullerTheory.java", line 24, characters 8-36 +;; MullerTheory_m_ensures_default_po_10, File "HOME/tests/java/MullerTheory.java", line 55, characters 8-36 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (> result0 0) (FORALL (count0) (IMPLIES (EQ count0 (+ count 1)) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) -(EQ count0 (num_of_pos 0 (- i_4_0 1) t_4 intM_intP_t_4_7))))))))))))))))))) +(EQ count0 (num_of_pos 0 (- i_4_0 1) t_4 intM_intP_t_4_9))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_11, File "HOME/tests/java/MullerTheory.java", line 22, characters 8-14 +;; MullerTheory_m_ensures_default_po_11, File "HOME/tests/java/MullerTheory.java", line 53, characters 8-14 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (<= result0 0) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= 0 i_4_0)))))))))))))))) -;; MullerTheory_m_ensures_default_po_12, File "HOME/tests/java/MullerTheory.java", line 22, characters 13-26 +;; MullerTheory_m_ensures_default_po_12, File "HOME/tests/java/MullerTheory.java", line 53, characters 13-26 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (<= result0 0) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) -(<= i_4_0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1))))))))))))))))) +(<= i_4_0 (+ (offset_max Object_t_4_9_alloc_table t_4) 1))))))))))))))))) -;; MullerTheory_m_ensures_default_po_13, File "HOME/tests/java/MullerTheory.java", line 23, characters 8-18 +;; MullerTheory_m_ensures_default_po_13, File "HOME/tests/java/MullerTheory.java", line 54, characters 8-18 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (<= result0 0) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= 0 count)))))))))))))))) -;; MullerTheory_m_ensures_default_po_14, File "HOME/tests/java/MullerTheory.java", line 23, characters 13-23 +;; MullerTheory_m_ensures_default_po_14, File "HOME/tests/java/MullerTheory.java", line 54, characters 13-23 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (<= result0 0) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) (<= count i_4_0)))))))))))))))) -;; MullerTheory_m_ensures_default_po_15, File "HOME/tests/java/MullerTheory.java", line 24, characters 8-36 +;; MullerTheory_m_ensures_default_po_15, File "HOME/tests/java/MullerTheory.java", line 55, characters 8-36 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (<= result0 0) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) -(EQ count (num_of_pos 0 (- i_4_0 1) t_4 intM_intP_t_4_7))))))))))))))))) +(EQ count (num_of_pos 0 (- i_4_0 1) t_4 intM_intP_t_4_9))))))))))))))))) -;; MullerTheory_m_ensures_default_po_16, File "HOME/tests/java/MullerTheory.java", line 33, characters 8-14 +;; MullerTheory_m_ensures_default_po_16, File "HOME/tests/java/MullerTheory.java", line 64, characters 8-14 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (<= 0 0)))))))))))))))))) -;; MullerTheory_m_ensures_default_po_17, File "HOME/tests/java/MullerTheory.java", line 33, characters 13-26 +;; MullerTheory_m_ensures_default_po_17, File "HOME/tests/java/MullerTheory.java", line 64, characters 13-26 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) -(<= 0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1))))))))))))))))))) +(<= 0 (+ (offset_max Object_t_4_9_alloc_table t_4) 1))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_18, File "HOME/tests/java/MullerTheory.java", line 34, characters 8-18 +;; MullerTheory_m_ensures_default_po_18, File "HOME/tests/java/MullerTheory.java", line 65, characters 8-18 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (<= 0 count0)))))))))))))))))) -;; MullerTheory_m_ensures_default_po_19, File "HOME/tests/java/MullerTheory.java", line 34, characters 13-23 +;; MullerTheory_m_ensures_default_po_19, File "HOME/tests/java/MullerTheory.java", line 65, characters 13-23 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (<= count0 0)))))))))))))))))) -;; MullerTheory_m_ensures_default_po_20, File "HOME/tests/java/MullerTheory.java", line 35, characters 8-36 +;; MullerTheory_m_ensures_default_po_20, File "HOME/tests/java/MullerTheory.java", line 66, characters 8-36 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) -(EQ count0 (num_of_pos 0 (- 0 1) t_4 intM_intP_t_4_7))))))))))))))))))) +(EQ count0 (num_of_pos 0 (- 0 1) t_4 intM_intP_t_4_9))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_21, File "HOME/tests/java/MullerTheory.java", line 33, characters 8-14 +;; MullerTheory_m_ensures_default_po_21, File "HOME/tests/java/MullerTheory.java", line 64, characters 8-14 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) -(FORALL (intM_intP_MullerTheory_m_9) +(FORALL (intM_intP_MullerTheory_m_11) (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (> result2 0) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result3 (select intM_intP_t_4_9 (shift t_4 i_5))) (FORALL (count2) (IMPLIES (EQ count2 (+ count1 1)) -(FORALL (intM_intP_MullerTheory_m_9_0) -(IMPLIES (EQ intM_intP_MullerTheory_m_9_0 +(FORALL (intM_intP_MullerTheory_m_11_0) +(IMPLIES (EQ intM_intP_MullerTheory_m_11_0 (|why__store| - intM_intP_MullerTheory_m_9 (shift result0 count1) result3)) + intM_intP_MullerTheory_m_11 (shift result0 count1) result3)) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 i_5_0)))))))))))))))))))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_22, File "HOME/tests/java/MullerTheory.java", line 33, characters 13-26 +;; MullerTheory_m_ensures_default_po_22, File "HOME/tests/java/MullerTheory.java", line 64, characters 13-26 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) -(FORALL (intM_intP_MullerTheory_m_9) +(FORALL (intM_intP_MullerTheory_m_11) (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (> result2 0) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result3 (select intM_intP_t_4_9 (shift t_4 i_5))) (FORALL (count2) (IMPLIES (EQ count2 (+ count1 1)) -(FORALL (intM_intP_MullerTheory_m_9_0) -(IMPLIES (EQ intM_intP_MullerTheory_m_9_0 +(FORALL (intM_intP_MullerTheory_m_11_0) +(IMPLIES (EQ intM_intP_MullerTheory_m_11_0 (|why__store| - intM_intP_MullerTheory_m_9 (shift result0 count1) result3)) + intM_intP_MullerTheory_m_11 (shift result0 count1) result3)) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) -(<= i_5_0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1))))))))))))))))))))))))))))))))))))) +(<= i_5_0 (+ (offset_max Object_t_4_9_alloc_table t_4) 1))))))))))))))))))))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_23, File "HOME/tests/java/MullerTheory.java", line 34, characters 8-18 +;; MullerTheory_m_ensures_default_po_23, File "HOME/tests/java/MullerTheory.java", line 65, characters 8-18 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) -(FORALL (intM_intP_MullerTheory_m_9) +(FORALL (intM_intP_MullerTheory_m_11) (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (> result2 0) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result3 (select intM_intP_t_4_9 (shift t_4 i_5))) (FORALL (count2) (IMPLIES (EQ count2 (+ count1 1)) -(FORALL (intM_intP_MullerTheory_m_9_0) -(IMPLIES (EQ intM_intP_MullerTheory_m_9_0 +(FORALL (intM_intP_MullerTheory_m_11_0) +(IMPLIES (EQ intM_intP_MullerTheory_m_11_0 (|why__store| - intM_intP_MullerTheory_m_9 (shift result0 count1) result3)) + intM_intP_MullerTheory_m_11 (shift result0 count1) result3)) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 count2)))))))))))))))))))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_24, File "HOME/tests/java/MullerTheory.java", line 34, characters 13-23 +;; MullerTheory_m_ensures_default_po_24, File "HOME/tests/java/MullerTheory.java", line 65, characters 13-23 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) -(FORALL (intM_intP_MullerTheory_m_9) +(FORALL (intM_intP_MullerTheory_m_11) (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (> result2 0) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result3 (select intM_intP_t_4_9 (shift t_4 i_5))) (FORALL (count2) (IMPLIES (EQ count2 (+ count1 1)) -(FORALL (intM_intP_MullerTheory_m_9_0) -(IMPLIES (EQ intM_intP_MullerTheory_m_9_0 +(FORALL (intM_intP_MullerTheory_m_11_0) +(IMPLIES (EQ intM_intP_MullerTheory_m_11_0 (|why__store| - intM_intP_MullerTheory_m_9 (shift result0 count1) result3)) + intM_intP_MullerTheory_m_11 (shift result0 count1) result3)) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= count2 i_5_0)))))))))))))))))))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_25, File "HOME/tests/java/MullerTheory.java", line 35, characters 8-36 +;; MullerTheory_m_ensures_default_po_25, File "HOME/tests/java/MullerTheory.java", line 66, characters 8-36 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) -(FORALL (intM_intP_MullerTheory_m_9) +(FORALL (intM_intP_MullerTheory_m_11) (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (> result2 0) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result3 (select intM_intP_t_4_9 (shift t_4 i_5))) (FORALL (count2) (IMPLIES (EQ count2 (+ count1 1)) -(FORALL (intM_intP_MullerTheory_m_9_0) -(IMPLIES (EQ intM_intP_MullerTheory_m_9_0 +(FORALL (intM_intP_MullerTheory_m_11_0) +(IMPLIES (EQ intM_intP_MullerTheory_m_11_0 (|why__store| - intM_intP_MullerTheory_m_9 (shift result0 count1) result3)) + intM_intP_MullerTheory_m_11 (shift result0 count1) result3)) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) -(EQ count2 (num_of_pos 0 (- i_5_0 1) t_4 intM_intP_t_4_7))))))))))))))))))))))))))))))))))))) +(EQ count2 (num_of_pos 0 (- i_5_0 1) t_4 intM_intP_t_4_9))))))))))))))))))))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_26, File "HOME/tests/java/MullerTheory.java", line 33, characters 8-14 +;; MullerTheory_m_ensures_default_po_26, File "HOME/tests/java/MullerTheory.java", line 64, characters 8-14 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (<= result2 0) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 i_5_0))))))))))))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_27, File "HOME/tests/java/MullerTheory.java", line 33, characters 13-26 +;; MullerTheory_m_ensures_default_po_27, File "HOME/tests/java/MullerTheory.java", line 64, characters 13-26 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (<= result2 0) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) -(<= i_5_0 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))))))))))))))))))))))))))))) +(<= i_5_0 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))))))))))))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_28, File "HOME/tests/java/MullerTheory.java", line 34, characters 8-18 +;; MullerTheory_m_ensures_default_po_28, File "HOME/tests/java/MullerTheory.java", line 65, characters 8-18 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (<= result2 0) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= 0 count1))))))))))))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_29, File "HOME/tests/java/MullerTheory.java", line 34, characters 13-23 +;; MullerTheory_m_ensures_default_po_29, File "HOME/tests/java/MullerTheory.java", line 65, characters 13-23 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (<= result2 0) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) (<= count1 i_5_0))))))))))))))))))))))))))))) -;; MullerTheory_m_ensures_default_po_30, File "HOME/tests/java/MullerTheory.java", line 35, characters 8-36 +;; MullerTheory_m_ensures_default_po_30, File "HOME/tests/java/MullerTheory.java", line 66, characters 8-36 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (<= result2 0) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) -(EQ count1 (num_of_pos 0 (- i_5_0 1) t_4 intM_intP_t_4_7)))))))))))))))))))))))))))))) +(EQ count1 (num_of_pos 0 (- i_5_0 1) t_4 intM_intP_t_4_9)))))))))))))))))))))))))))))) -;; MullerTheory_m_safety_po_1, File "why/MullerTheory.why", line 836, characters 35-173 +;; MullerTheory_m_safety_po_1, File "why/MullerTheory.why", line 679, characters 35-173 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)))))))))) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)))))))))) -;; MullerTheory_m_safety_po_2, File "HOME/tests/java/MullerTheory.java", line 27, characters 39-43 +;; MullerTheory_m_safety_po_2, File "HOME/tests/java/MullerTheory.java", line 58, characters 39-43 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) (<= (offset_min Object_t_4_7_alloc_table t_4) i_4))))))))))))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) +(IMPLIES (< i_4 result) (<= (offset_min Object_t_4_9_alloc_table t_4) i_4))))))))))))) -;; MullerTheory_m_safety_po_3, File "HOME/tests/java/MullerTheory.java", line 27, characters 39-43 +;; MullerTheory_m_safety_po_3, File "HOME/tests/java/MullerTheory.java", line 58, characters 39-43 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_4 result) (<= i_4 (offset_max Object_t_4_7_alloc_table t_4)))))))))))))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) +(IMPLIES (< i_4 result) (<= i_4 (offset_max Object_t_4_9_alloc_table t_4)))))))))))))) -;; MullerTheory_m_safety_po_4, File "HOME/tests/java/MullerTheory.java", line 25, characters 18-30 +;; MullerTheory_m_safety_po_4, File "HOME/tests/java/MullerTheory.java", line 56, characters 18-30 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_4) - (<= i_4 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_4) + (<= i_4 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (> result0 0) (FORALL (count0) (IMPLIES (EQ count0 (+ count 1)) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) -(<= 0 (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_4)))))))))))))))))))))) +(<= 0 (- (+ (offset_max Object_t_4_9_alloc_table t_4) 1) i_4)))))))))))))))))))))) -;; MullerTheory_m_safety_po_5, File "HOME/tests/java/MullerTheory.java", line 25, characters 18-30 +;; MullerTheory_m_safety_po_5, File "HOME/tests/java/MullerTheory.java", line 56, characters 18-30 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_4) - (<= i_4 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_4) + (<= i_4 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (> result0 0) (FORALL (count0) (IMPLIES (EQ count0 (+ count 1)) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) -(< (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_4_0) (- (+ (offset_max - Object_t_4_7_alloc_table t_4) 1) i_4)))))))))))))))))))))) +(< (- (+ (offset_max Object_t_4_9_alloc_table t_4) 1) i_4_0) (- (+ (offset_max + Object_t_4_9_alloc_table t_4) 1) i_4)))))))))))))))))))))) -;; MullerTheory_m_safety_po_6, File "HOME/tests/java/MullerTheory.java", line 25, characters 18-30 +;; MullerTheory_m_safety_po_6, File "HOME/tests/java/MullerTheory.java", line 56, characters 18-30 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_4) - (<= i_4 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_4) + (<= i_4 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (<= result0 0) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) -(<= 0 (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_4)))))))))))))))))))) +(<= 0 (- (+ (offset_max Object_t_4_9_alloc_table t_4) 1) i_4)))))))))))))))))))) -;; MullerTheory_m_safety_po_7, File "HOME/tests/java/MullerTheory.java", line 25, characters 18-30 +;; MullerTheory_m_safety_po_7, File "HOME/tests/java/MullerTheory.java", line 56, characters 18-30 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_4 result) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_4) - (<= i_4 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_4) + (<= i_4 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result0) -(IMPLIES (EQ result0 (select intM_intP_t_4_7 (shift t_4 i_4))) +(IMPLIES (EQ result0 (select intM_intP_t_4_9 (shift t_4 i_4))) (IMPLIES (<= result0 0) (FORALL (i_4_0) (IMPLIES (EQ i_4_0 (+ i_4 1)) -(< (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_4_0) (- (+ (offset_max - Object_t_4_7_alloc_table t_4) 1) i_4)))))))))))))))))))) +(< (- (+ (offset_max Object_t_4_9_alloc_table t_4) 1) i_4_0) (- (+ (offset_max + Object_t_4_9_alloc_table t_4) 1) i_4)))))))))))))))))))) -;; MullerTheory_m_safety_po_8, File "HOME/tests/java/MullerTheory.java", line 29, characters 11-25 +;; MullerTheory_m_safety_po_8, File "HOME/tests/java/MullerTheory.java", line 60, characters 11-25 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (>= count 0))))))))))))) -;; MullerTheory_m_safety_po_9, File "HOME/tests/java/MullerTheory.java", line 39, characters 9-13 +;; MullerTheory_m_safety_po_9, File "HOME/tests/java/MullerTheory.java", line 70, characters 9-13 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (IMPLIES (>= count 0) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) (<= (offset_min Object_t_4_7_alloc_table t_4) i_5))))))))))))))))))))))))))))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) +(IMPLIES (< i_5 result1) (<= (offset_min Object_t_4_9_alloc_table t_4) i_5))))))))))))))))))))))))))))) -;; MullerTheory_m_safety_po_10, File "HOME/tests/java/MullerTheory.java", line 39, characters 9-13 +;; MullerTheory_m_safety_po_10, File "HOME/tests/java/MullerTheory.java", line 70, characters 9-13 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (IMPLIES (>= count 0) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) -(IMPLIES (< i_5 result1) (<= i_5 (offset_max Object_t_4_7_alloc_table t_4)))))))))))))))))))))))))))))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) +(IMPLIES (< i_5 result1) (<= i_5 (offset_max Object_t_4_9_alloc_table t_4)))))))))))))))))))))))))))))) -;; MullerTheory_m_safety_po_11, File "HOME/tests/java/MullerTheory.java", line 39, characters 19-36 +;; MullerTheory_m_safety_po_11, File "HOME/tests/java/MullerTheory.java", line 70, characters 19-36 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (IMPLIES (>= count 0) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_5) + (<= i_5 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (> result2 0) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_5) + (<= i_5 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result3 (select intM_intP_t_4_9 (shift t_4 i_5))) (FORALL (count2) (IMPLIES (EQ count2 (+ count1 1)) -(<= (offset_min Object_MullerTheory_m_9_alloc_table0 result0) count1)))))))))))))))))))))))))))))))))))))) +(<= (offset_min Object_MullerTheory_m_11_alloc_table0 result0) count1)))))))))))))))))))))))))))))))))))))) -;; MullerTheory_m_safety_po_12, File "HOME/tests/java/MullerTheory.java", line 39, characters 19-36 +;; MullerTheory_m_safety_po_12, File "HOME/tests/java/MullerTheory.java", line 70, characters 19-36 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (IMPLIES (>= count 0) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_5) + (<= i_5 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (> result2 0) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_5) + (<= i_5 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result3 (select intM_intP_t_4_9 (shift t_4 i_5))) (FORALL (count2) (IMPLIES (EQ count2 (+ count1 1)) -(<= count1 (offset_max Object_MullerTheory_m_9_alloc_table0 result0))))))))))))))))))))))))))))))))))))))) +(<= count1 (offset_max Object_MullerTheory_m_11_alloc_table0 result0))))))))))))))))))))))))))))))))))))))) -;; MullerTheory_m_safety_po_13, File "HOME/tests/java/MullerTheory.java", line 36, characters 18-30 +;; MullerTheory_m_safety_po_13, File "HOME/tests/java/MullerTheory.java", line 67, characters 18-30 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (IMPLIES (>= count 0) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) -(FORALL (intM_intP_MullerTheory_m_9) +(FORALL (intM_intP_MullerTheory_m_11) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_5) + (<= i_5 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (> result2 0) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_5) + (<= i_5 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result3 (select intM_intP_t_4_9 (shift t_4 i_5))) (FORALL (count2) (IMPLIES (EQ count2 (+ count1 1)) (IMPLIES (AND - (<= (offset_min Object_MullerTheory_m_9_alloc_table0 result0) count1) - (<= count1 (offset_max Object_MullerTheory_m_9_alloc_table0 result0))) -(FORALL (intM_intP_MullerTheory_m_9_0) -(IMPLIES (EQ intM_intP_MullerTheory_m_9_0 + (<= (offset_min Object_MullerTheory_m_11_alloc_table0 result0) count1) + (<= count1 (offset_max + Object_MullerTheory_m_11_alloc_table0 result0))) +(FORALL (intM_intP_MullerTheory_m_11_0) +(IMPLIES (EQ intM_intP_MullerTheory_m_11_0 (|why__store| - intM_intP_MullerTheory_m_9 (shift result0 count1) result3)) + intM_intP_MullerTheory_m_11 (shift result0 count1) result3)) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) -(<= 0 (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_5))))))))))))))))))))))))))))))))))))))))))))) +(<= 0 (- (+ (offset_max Object_t_4_9_alloc_table t_4) 1) i_5))))))))))))))))))))))))))))))))))))))))))))) -;; MullerTheory_m_safety_po_14, File "HOME/tests/java/MullerTheory.java", line 36, characters 18-30 +;; MullerTheory_m_safety_po_14, File "HOME/tests/java/MullerTheory.java", line 67, characters 18-30 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (IMPLIES (>= count 0) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) -(FORALL (intM_intP_MullerTheory_m_9) +(FORALL (intM_intP_MullerTheory_m_11) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_5) + (<= i_5 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (> result2 0) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_5) + (<= i_5 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result3) -(IMPLIES (EQ result3 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result3 (select intM_intP_t_4_9 (shift t_4 i_5))) (FORALL (count2) (IMPLIES (EQ count2 (+ count1 1)) (IMPLIES (AND - (<= (offset_min Object_MullerTheory_m_9_alloc_table0 result0) count1) - (<= count1 (offset_max Object_MullerTheory_m_9_alloc_table0 result0))) -(FORALL (intM_intP_MullerTheory_m_9_0) -(IMPLIES (EQ intM_intP_MullerTheory_m_9_0 + (<= (offset_min Object_MullerTheory_m_11_alloc_table0 result0) count1) + (<= count1 (offset_max + Object_MullerTheory_m_11_alloc_table0 result0))) +(FORALL (intM_intP_MullerTheory_m_11_0) +(IMPLIES (EQ intM_intP_MullerTheory_m_11_0 (|why__store| - intM_intP_MullerTheory_m_9 (shift result0 count1) result3)) + intM_intP_MullerTheory_m_11 (shift result0 count1) result3)) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) -(< (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_5_0) (- (+ (offset_max - Object_t_4_7_alloc_table t_4) 1) i_5))))))))))))))))))))))))))))))))))))))))))))) +(< (- (+ (offset_max Object_t_4_9_alloc_table t_4) 1) i_5_0) (- (+ (offset_max + Object_t_4_9_alloc_table t_4) 1) i_5))))))))))))))))))))))))))))))))))))))))))))) -;; MullerTheory_m_safety_po_15, File "HOME/tests/java/MullerTheory.java", line 36, characters 18-30 +;; MullerTheory_m_safety_po_15, File "HOME/tests/java/MullerTheory.java", line 67, characters 18-30 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (IMPLIES (>= count 0) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_5) + (<= i_5 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (<= result2 0) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) -(<= 0 (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_5)))))))))))))))))))))))))))))))))))) +(<= 0 (- (+ (offset_max Object_t_4_9_alloc_table t_4) 1) i_5)))))))))))))))))))))))))))))))))))) -;; MullerTheory_m_safety_po_16, File "HOME/tests/java/MullerTheory.java", line 36, characters 18-30 +;; MullerTheory_m_safety_po_16, File "HOME/tests/java/MullerTheory.java", line 67, characters 18-30 (FORALL (t_4) -(FORALL (Object_t_4_7_alloc_table) -(FORALL (intM_intP_t_4_7) -(FORALL (Object_MullerTheory_m_9_alloc_table) -(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_7_alloc_table) - (Non_null_intM t_4 Object_t_4_7_alloc_table)) +(FORALL (Object_t_4_9_alloc_table) +(FORALL (intM_intP_t_4_9) +(FORALL (Object_MullerTheory_m_11_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_4 0 Object_t_4_9_alloc_table) + (Non_null_intM t_4 Object_t_4_9_alloc_table)) (FORALL (count) (FORALL (i_4) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_4) - (AND (<= i_4 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_4 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count) (AND (<= count i_4) - (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count (num_of_pos 0 (- i_4 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result) (IMPLIES (AND (<= result constant_too_large_2147483647) (AND (>= result 0) - (EQ result (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (>= i_4 result) (IMPLIES (>= count 0) (FORALL (result0) -(FORALL (Object_MullerTheory_m_9_alloc_table0) -(FORALL (Object_MullerTheory_m_9_tag_table) +(FORALL (Object_MullerTheory_m_11_alloc_table0) +(FORALL (Object_MullerTheory_m_11_tag_table) (IMPLIES (AND (strict_valid_struct_intM - result0 0 (- count 1) Object_MullerTheory_m_9_alloc_table0) + result0 0 (- count 1) Object_MullerTheory_m_11_alloc_table0) (AND (EQ (alloc_extends - Object_MullerTheory_m_9_alloc_table Object_MullerTheory_m_9_alloc_table0) |@true|) - (AND (alloc_fresh Object_MullerTheory_m_9_alloc_table result0 count) - (instanceof Object_MullerTheory_m_9_tag_table result0 intM_tag)))) + Object_MullerTheory_m_11_alloc_table Object_MullerTheory_m_11_alloc_table0) |@true|) + (AND + (alloc_fresh Object_MullerTheory_m_11_alloc_table result0 count) + (instanceof Object_MullerTheory_m_11_tag_table result0 intM_tag)))) (FORALL (count0) (IMPLIES (EQ count0 0) (FORALL (count1) (FORALL (i_5) (IMPLIES TRUE (IMPLIES (AND (<= 0 i_5) - (AND (<= i_5 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)) + (AND (<= i_5 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)) (AND (<= 0 count1) (AND (<= count1 i_5) - (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_7)))))) -(IMPLIES (>= (offset_max Object_t_4_7_alloc_table t_4) (- 0 1)) + (EQ count1 (num_of_pos 0 (- i_5 1) t_4 intM_intP_t_4_9)))))) +(IMPLIES (>= (offset_max Object_t_4_9_alloc_table t_4) (- 0 1)) (FORALL (result1) (IMPLIES (AND (<= result1 constant_too_large_2147483647) (AND (>= result1 0) - (EQ result1 (+ (offset_max Object_t_4_7_alloc_table t_4) 1)))) + (EQ result1 (+ (offset_max Object_t_4_9_alloc_table t_4) 1)))) (IMPLIES (< i_5 result1) -(IMPLIES (AND (<= (offset_min Object_t_4_7_alloc_table t_4) i_5) - (<= i_5 (offset_max Object_t_4_7_alloc_table t_4))) +(IMPLIES (AND (<= (offset_min Object_t_4_9_alloc_table t_4) i_5) + (<= i_5 (offset_max Object_t_4_9_alloc_table t_4))) (FORALL (result2) -(IMPLIES (EQ result2 (select intM_intP_t_4_7 (shift t_4 i_5))) +(IMPLIES (EQ result2 (select intM_intP_t_4_9 (shift t_4 i_5))) (IMPLIES (<= result2 0) (FORALL (i_5_0) (IMPLIES (EQ i_5_0 (+ i_5 1)) -(< (- (+ (offset_max Object_t_4_7_alloc_table t_4) 1) i_5_0) (- (+ (offset_max - Object_t_4_7_alloc_table t_4) 1) i_5)))))))))))))))))))))))))))))))))))) +(< (- (+ (offset_max Object_t_4_9_alloc_table t_4) 1) i_5_0) (- (+ (offset_max + Object_t_4_9_alloc_table t_4) 1) i_5)))))))))))))))))))))))))))))))))))) ========== running Simplify ========== Running Simplify on proof obligations @@ -9291,7 +9212,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_x_2_alloc_table: Object alloc_table) = - (offset_max(Object_x_2_alloc_table, x_1) = 0) + (offset_max(Object_x_2_alloc_table, x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_x_1_alloc_table: Object alloc_table) = @@ -9371,64 +9292,6 @@ logic num_of_pos : int, int, Object pointer, (Object, int) memory -> int -axiom num_of_pos_empty: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_0:int. - (forall j_0:int. - (forall t_0:Object pointer. - ((i_0 > j_0) -> (num_of_pos(i_0, j_0, t_0, intM_intP_t_6_at_L) = 0)))))) - -axiom num_of_pos_false_case: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_2:int. - (forall j_2:int. - (forall k_0:int. - (forall t_2:Object pointer. - (((i_2 <= j_2) and (not (select(intM_intP_t_6_at_L, shift(t_2, - j_2)) > 0))) -> - (num_of_pos(i_2, j_2, t_2, intM_intP_t_6_at_L) = num_of_pos(i_2, - (j_2 - 1), t_2, intM_intP_t_6_at_L)))))))) - -goal num_of_pos_strictly_increasing: - (forall intM_intP_t_3_16_at_L:(Object, int) memory. - (forall i_3:int. - (forall j_3:int. - (forall k_1:int. - (forall l:int. - (forall t_3:Object pointer. - (((j_3 < k_1) and - ((k_1 <= l) and (select(intM_intP_t_3_16_at_L, shift(t_3, - k_1)) > 0))) -> - (num_of_pos(i_3, j_3, t_3, - intM_intP_t_3_16_at_L) < num_of_pos(i_3, l, t_3, - intM_intP_t_3_16_at_L))))))))) - -axiom num_of_pos_strictly_increasing_as_axiom: - (forall intM_intP_t_3_16_at_L:(Object, int) memory. - (forall i_3:int. - (forall j_3:int. - (forall k_1:int. - (forall l:int. - (forall t_3:Object pointer. - (((j_3 < k_1) and - ((k_1 <= l) and (select(intM_intP_t_3_16_at_L, shift(t_3, - k_1)) > 0))) -> - (num_of_pos(i_3, j_3, t_3, - intM_intP_t_3_16_at_L) < num_of_pos(i_3, l, t_3, - intM_intP_t_3_16_at_L))))))))) - -axiom num_of_pos_true_case: - (forall intM_intP_t_6_at_L:(Object, int) memory. - (forall i_1:int. - (forall j_1:int. - (forall k:int. - (forall t_1:Object pointer. - (((i_1 <= j_1) and (select(intM_intP_t_6_at_L, shift(t_1, - j_1)) > 0)) -> - (num_of_pos(i_1, j_1, t_1, - intM_intP_t_6_at_L) = (num_of_pos(i_1, (j_1 - 1), t_1, - intM_intP_t_6_at_L) + 1)))))))) - axiom pointer_addr_of_Object_of_pointer_address: (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) @@ -9505,36 +9368,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_MullerTheory(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -9575,1859 +9408,1905 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +axiom num_of_pos_false_case: + (forall intM_intP_t_8_at_L:(Object, int) memory. + (forall i_2:int. + (forall j_2:int. + (forall k_0:int. + (forall t_2:Object pointer. + (((i_2 <= j_2) and (not (select(intM_intP_t_8_at_L, shift(t_2, + j_2)) > 0))) -> + (num_of_pos(i_2, j_2, t_2, intM_intP_t_8_at_L) = num_of_pos(i_2, + (j_2 - 1), t_2, intM_intP_t_8_at_L)))))))) + +axiom num_of_pos_true_case: + (forall intM_intP_t_8_at_L:(Object, int) memory. + (forall i_1:int. + (forall j_1:int. + (forall k:int. + (forall t_1:Object pointer. + (((i_1 <= j_1) and (select(intM_intP_t_8_at_L, shift(t_1, + j_1)) > 0)) -> + (num_of_pos(i_1, j_1, t_1, + intM_intP_t_8_at_L) = (num_of_pos(i_1, (j_1 - 1), t_1, + intM_intP_t_8_at_L) + 1)))))))) + +axiom num_of_pos_empty: + (forall intM_intP_t_8_at_L:(Object, int) memory. + (forall i_0:int. + (forall j_0:int. + (forall t_0:Object pointer. + ((i_0 > j_0) -> (num_of_pos(i_0, j_0, t_0, intM_intP_t_8_at_L) = 0)))))) + +goal num_of_pos_strictly_increasing: + (forall intM_intP_t_3_18_at_L:(Object, int) memory. + (forall i_3:int. + (forall j_3:int. + (forall k_1:int. + (forall l:int. + (forall t_3:Object pointer. + (((j_3 < k_1) and + ((k_1 <= l) and (select(intM_intP_t_3_18_at_L, shift(t_3, + k_1)) > 0))) -> + (num_of_pos(i_3, j_3, t_3, + intM_intP_t_3_18_at_L) < num_of_pos(i_3, l, t_3, + intM_intP_t_3_18_at_L))))))))) + +axiom num_of_pos_strictly_increasing_as_axiom: + (forall intM_intP_t_3_18_at_L:(Object, int) memory. + (forall i_3:int. + (forall j_3:int. + (forall k_1:int. + (forall l:int. + (forall t_3:Object pointer. + (((j_3 < k_1) and + ((k_1 <= l) and (select(intM_intP_t_3_18_at_L, shift(t_3, + k_1)) > 0))) -> + (num_of_pos(i_3, j_3, t_3, + intM_intP_t_3_18_at_L) < num_of_pos(i_3, l, t_3, + intM_intP_t_3_18_at_L))))))))) + goal MullerTheory_m_ensures_default_po_1: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= 0)))) + forall Object_t_4_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + ("JC_81": ("JC_76": (0 <= 0))) goal MullerTheory_m_ensures_default_po_2: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": - ("JC_69": - ("JC_69": (0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + forall Object_t_4_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + ("JC_81": + ("JC_77": (0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) goal MullerTheory_m_ensures_default_po_3: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= 0)))) + forall Object_t_4_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + ("JC_81": ("JC_78": (0 <= 0))) goal MullerTheory_m_ensures_default_po_4: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": ("JC_71": ("JC_71": (0 <= 0)))) + forall Object_t_4_9_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + ("JC_81": ("JC_79": (0 <= 0))) goal MullerTheory_m_ensures_default_po_5: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - ("JC_73": - ("JC_72": ("JC_72": (0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_7))))) + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + ("JC_81": ("JC_80": (0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_9)))) goal MullerTheory_m_ensures_default_po_6: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= i_4_0)))) + ("JC_81": ("JC_76": (0 <= i_4_0))) goal MullerTheory_m_ensures_default_po_7: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_69": - ("JC_69": (i_4_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + ("JC_81": + ("JC_77": (i_4_0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) goal MullerTheory_m_ensures_default_po_8: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= count0)))) + ("JC_81": ("JC_78": (0 <= count0))) goal MullerTheory_m_ensures_default_po_9: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_71": ("JC_71": (count0 <= i_4_0)))) + ("JC_81": ("JC_79": (count0 <= i_4_0))) goal MullerTheory_m_ensures_default_po_10: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_72": - ("JC_72": (count0 = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_7))))) + ("JC_81": + ("JC_80": (count0 = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_9)))) goal MullerTheory_m_ensures_default_po_11: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_68": ("JC_68": (0 <= i_4_0)))) + ("JC_81": ("JC_76": (0 <= i_4_0))) goal MullerTheory_m_ensures_default_po_12: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_69": - ("JC_69": (i_4_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + ("JC_81": + ("JC_77": (i_4_0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) goal MullerTheory_m_ensures_default_po_13: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_70": ("JC_70": (0 <= count)))) + ("JC_81": ("JC_78": (0 <= count))) goal MullerTheory_m_ensures_default_po_14: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": ("JC_71": ("JC_71": (count <= i_4_0)))) + ("JC_81": ("JC_79": (count <= i_4_0))) goal MullerTheory_m_ensures_default_po_15: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - ("JC_73": - ("JC_72": - ("JC_72": (count = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_7))))) + ("JC_81": + ("JC_80": (count = num_of_pos(0, (i_4_0 - 1), t_4, intM_intP_t_4_9)))) goal MullerTheory_m_ensures_default_po_16: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= 0)))) + ("JC_92": ("JC_87": (0 <= 0))) goal MullerTheory_m_ensures_default_po_17: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> - ("JC_84": - ("JC_80": - ("JC_80": (0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + ("JC_92": + ("JC_88": (0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) goal MullerTheory_m_ensures_default_po_18: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count0)))) + ("JC_92": ("JC_89": (0 <= count0))) goal MullerTheory_m_ensures_default_po_19: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> - ("JC_84": ("JC_82": ("JC_82": (count0 <= 0)))) + ("JC_92": ("JC_90": (count0 <= 0))) goal MullerTheory_m_ensures_default_po_20: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> - ("JC_84": - ("JC_83": - ("JC_83": (count0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_7))))) + ("JC_92": + ("JC_91": (count0 = num_of_pos(0, (0 - 1), t_4, intM_intP_t_4_9)))) goal MullerTheory_m_ensures_default_po_21: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= i_5_0)))) + ("JC_92": ("JC_87": (0 <= i_5_0))) goal MullerTheory_m_ensures_default_po_22: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_80": - ("JC_80": (i_5_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + ("JC_92": + ("JC_88": (i_5_0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) goal MullerTheory_m_ensures_default_po_23: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count2)))) + ("JC_92": ("JC_89": (0 <= count2))) goal MullerTheory_m_ensures_default_po_24: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_82": ("JC_82": (count2 <= i_5_0)))) + ("JC_92": ("JC_90": (count2 <= i_5_0))) goal MullerTheory_m_ensures_default_po_25: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_83": - ("JC_83": (count2 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_7))))) + ("JC_92": + ("JC_91": (count2 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_9)))) goal MullerTheory_m_ensures_default_po_26: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_79": ("JC_79": (0 <= i_5_0)))) + ("JC_92": ("JC_87": (0 <= i_5_0))) goal MullerTheory_m_ensures_default_po_27: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_80": - ("JC_80": (i_5_0 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))))) + ("JC_92": + ("JC_88": (i_5_0 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1)))) goal MullerTheory_m_ensures_default_po_28: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_81": ("JC_81": (0 <= count1)))) + ("JC_92": ("JC_89": (0 <= count1))) goal MullerTheory_m_ensures_default_po_29: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": ("JC_82": ("JC_82": (count1 <= i_5_0)))) + ("JC_92": ("JC_90": (count1 <= i_5_0))) goal MullerTheory_m_ensures_default_po_30: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_73": - (("JC_68": (0 <= i_4)) and - (("JC_69": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_70": (0 <= count)) and - (("JC_71": (count <= i_4)) and - ("JC_72": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_81": + (("JC_76": (0 <= i_4)) and + (("JC_77": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_78": (0 <= count)) and + (("JC_79": (count <= i_4)) and + ("JC_80": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_84": - (("JC_79": (0 <= i_5)) and - (("JC_80": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_81": (0 <= count1)) and - (("JC_82": (count1 <= i_5)) and - ("JC_83": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> + ("JC_92": + (("JC_87": (0 <= i_5)) and + (("JC_88": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_89": (0 <= count1)) and + (("JC_90": (count1 <= i_5)) and + ("JC_91": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - ("JC_84": - ("JC_83": - ("JC_83": (count1 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_7))))) + ("JC_92": + ("JC_91": (count1 = num_of_pos(0, (i_5_0 - 1), t_4, intM_intP_t_4_9)))) goal MullerTheory_m_safety_po_1: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) goal MullerTheory_m_safety_po_2: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - (offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) + (offset_min(Object_t_4_9_alloc_table, t_4) <= i_4) goal MullerTheory_m_safety_po_3: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4)) + (i_4 <= offset_max(Object_t_4_9_alloc_table, t_4)) goal MullerTheory_m_safety_po_4: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_4) and + (i_4 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - (0 <= ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + (0 <= ("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4))) goal MullerTheory_m_safety_po_5: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_4) and + (i_4 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 > 0) -> forall count0:int. (count0 = (count + 1)) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - (("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4_0)) < - ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + (("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4_0)) < + ("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4))) goal MullerTheory_m_safety_po_6: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_4) and + (i_4 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - (0 <= ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + (0 <= ("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4))) goal MullerTheory_m_safety_po_7: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 < result) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_4) and - (i_4 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_4) and + (i_4 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result0:int. - (result0 = select(intM_intP_t_4_7, shift(t_4, i_4))) -> + (result0 = select(intM_intP_t_4_9, shift(t_4, i_4))) -> (result0 <= 0) -> forall i_4_0:int. (i_4_0 = (i_4 + 1)) -> - (("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4_0)) < - ("JC_51": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_4))) + (("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4_0)) < + ("JC_59": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_4))) goal MullerTheory_m_safety_po_8: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> forall count:int. forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) goal MullerTheory_m_safety_po_9: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - (offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) + (offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) goal MullerTheory_m_safety_po_10: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4)) + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4)) goal MullerTheory_m_safety_po_11: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - (offset_min(Object_MullerTheory_m_9_alloc_table0, result0) <= count1) + (offset_min(Object_MullerTheory_m_11_alloc_table0, result0) <= count1) goal MullerTheory_m_safety_po_12: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - (count1 <= offset_max(Object_MullerTheory_m_9_alloc_table0, result0)) + (count1 <= offset_max(Object_MullerTheory_m_11_alloc_table0, result0)) goal MullerTheory_m_safety_po_13: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - ((offset_min(Object_MullerTheory_m_9_alloc_table0, result0) <= count1) and - (count1 <= offset_max(Object_MullerTheory_m_9_alloc_table0, result0))) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + ((offset_min(Object_MullerTheory_m_11_alloc_table0, result0) <= count1) and + (count1 <= offset_max(Object_MullerTheory_m_11_alloc_table0, result0))) -> + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + (0 <= ("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5))) goal MullerTheory_m_safety_po_14: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - forall intM_intP_MullerTheory_m_9:(Object, + forall intM_intP_MullerTheory_m_11:(Object, int) memory. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 > 0) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result3:int. - (result3 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result3 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> forall count2:int. (count2 = (count1 + 1)) -> - ((offset_min(Object_MullerTheory_m_9_alloc_table0, result0) <= count1) and - (count1 <= offset_max(Object_MullerTheory_m_9_alloc_table0, result0))) -> - forall intM_intP_MullerTheory_m_9_0:(Object, + ((offset_min(Object_MullerTheory_m_11_alloc_table0, result0) <= count1) and + (count1 <= offset_max(Object_MullerTheory_m_11_alloc_table0, result0))) -> + forall intM_intP_MullerTheory_m_11_0:(Object, int) memory. - (intM_intP_MullerTheory_m_9_0 = store(intM_intP_MullerTheory_m_9, + (intM_intP_MullerTheory_m_11_0 = store(intM_intP_MullerTheory_m_11, shift(result0, count1), result3)) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5_0)) < - ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + (("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5_0)) < + ("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5))) goal MullerTheory_m_safety_po_15: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (0 <= ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + (0 <= ("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5))) goal MullerTheory_m_safety_po_16: forall t_4:Object pointer. - forall Object_t_4_7_alloc_table:Object alloc_table. - forall intM_intP_t_4_7:(Object, + forall Object_t_4_9_alloc_table:Object alloc_table. + forall intM_intP_t_4_9:(Object, int) memory. - forall Object_MullerTheory_m_9_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_4, 0, Object_t_4_7_alloc_table) and - ("JC_33": Non_null_intM(t_4, Object_t_4_7_alloc_table))) -> - forall count:int. - forall i_4:int. - ("JC_46": true) -> - ("JC_44": - (("JC_39": (0 <= i_4)) and - (("JC_40": (i_4 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_41": (0 <= count)) and - (("JC_42": (count <= i_4)) and - ("JC_43": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + forall Object_MullerTheory_m_11_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_4, 0, Object_t_4_9_alloc_table) and + ("JC_41": Non_null_intM(t_4, Object_t_4_9_alloc_table))) -> + forall count:int. + forall i_4:int. + ("JC_54": true) -> + ("JC_52": + (("JC_47": (0 <= i_4)) and + (("JC_48": (i_4 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_49": (0 <= count)) and + (("JC_50": (count <= i_4)) and + ("JC_51": (count = num_of_pos(0, (i_4 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_t_4_7_alloc_table, + ((result >= 0) and (result = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_4 >= result) -> (count >= 0) -> forall result0:Object pointer. - forall Object_MullerTheory_m_9_alloc_table0:Object alloc_table. - forall Object_MullerTheory_m_9_tag_table:Object tag_table. + forall Object_MullerTheory_m_11_alloc_table0:Object alloc_table. + forall Object_MullerTheory_m_11_tag_table:Object tag_table. (strict_valid_struct_intM(result0, 0, (count - 1), - Object_MullerTheory_m_9_alloc_table0) and - (alloc_extends(Object_MullerTheory_m_9_alloc_table, - Object_MullerTheory_m_9_alloc_table0) and - (alloc_fresh(Object_MullerTheory_m_9_alloc_table, result0, count) and - instanceof(Object_MullerTheory_m_9_tag_table, result0, intM_tag)))) -> + Object_MullerTheory_m_11_alloc_table0) and + (alloc_extends(Object_MullerTheory_m_11_alloc_table, + Object_MullerTheory_m_11_alloc_table0) and + (alloc_fresh(Object_MullerTheory_m_11_alloc_table, result0, count) and + instanceof(Object_MullerTheory_m_11_tag_table, result0, intM_tag)))) -> forall count0:int. (count0 = 0) -> forall count1:int. forall i_5:int. - ("JC_60": true) -> - ("JC_58": - (("JC_53": (0 <= i_5)) and - (("JC_54": (i_5 <= (offset_max(Object_t_4_7_alloc_table, t_4) + 1))) and - (("JC_55": (0 <= count1)) and - (("JC_56": (count1 <= i_5)) and - ("JC_57": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_7)))))))) -> - (offset_max(Object_t_4_7_alloc_table, t_4) >= (-1)) -> + ("JC_68": true) -> + ("JC_66": + (("JC_61": (0 <= i_5)) and + (("JC_62": (i_5 <= (offset_max(Object_t_4_9_alloc_table, t_4) + 1))) and + (("JC_63": (0 <= count1)) and + (("JC_64": (count1 <= i_5)) and + ("JC_65": (count1 = num_of_pos(0, (i_5 - 1), t_4, intM_intP_t_4_9)))))))) -> + (offset_max(Object_t_4_9_alloc_table, t_4) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and - ((result1 >= 0) and (result1 = (offset_max(Object_t_4_7_alloc_table, + ((result1 >= 0) and (result1 = (offset_max(Object_t_4_9_alloc_table, t_4) + 1))))) -> (i_5 < result1) -> - ((offset_min(Object_t_4_7_alloc_table, t_4) <= i_5) and - (i_5 <= offset_max(Object_t_4_7_alloc_table, t_4))) -> + ((offset_min(Object_t_4_9_alloc_table, t_4) <= i_5) and + (i_5 <= offset_max(Object_t_4_9_alloc_table, t_4))) -> forall result2:int. - (result2 = select(intM_intP_t_4_7, shift(t_4, i_5))) -> + (result2 = select(intM_intP_t_4_9, shift(t_4, i_5))) -> (result2 <= 0) -> forall i_5_0:int. (i_5_0 = (i_5 + 1)) -> - (("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5_0)) < - ("JC_67": ((offset_max(Object_t_4_7_alloc_table, t_4) + 1) - i_5))) + (("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5_0)) < + ("JC_75": ((offset_max(Object_t_4_9_alloc_table, t_4) + 1) - i_5))) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations diff -Nru why-2.29+dfsg/tests/java/oracle/NameConflicts.res.oracle why-2.30+dfsg/tests/java/oracle/NameConflicts.res.oracle --- why-2.29+dfsg/tests/java/oracle/NameConflicts.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/NameConflicts.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/java/NameConflicts.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ class NameConflicts { @@ -22,6 +52,14 @@ } + +/* +Local Variables: +compile-command: "make NameConflicts.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -48,7 +86,10 @@ type char = 0..65535 predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -118,45 +159,45 @@ [NameConflicts_field] name = "Method field" file = "HOME/tests/java/NameConflicts.java" -line = 20 +line = 50 begin = 8 end = 13 [K_1] file = "HOME/tests/java/NameConflicts.java" -line = 7 +line = 37 begin = 1 end = 11 [K_2] file = "HOME/tests/java/NameConflicts.java" -line = 11 +line = 41 begin = 18 end = 30 [K_3] file = "HOME/tests/java/NameConflicts.java" -line = 14 +line = 44 begin = 14 end = 15 [K_4] file = "HOME/tests/java/NameConflicts.java" -line = 20 +line = 50 begin = 25 end = 30 [NameConflicts_setI] name = "Method setI" file = "HOME/tests/java/NameConflicts.java" -line = 6 +line = 36 begin = 9 end = 13 [NameConflicts_m] name = "Method m" file = "HOME/tests/java/NameConflicts.java" -line = 13 +line = 43 begin = 8 end = 9 @@ -187,10 +228,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs NameConflicts.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/NameConflicts_why.sx @@ -251,6 +293,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/NameConflicts_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/NameConflicts_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -323,6 +372,9 @@ why3ide: why/NameConflicts_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: NameConflicts.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include NameConflicts.depend depend: coq/NameConflicts_why.v @@ -362,11 +414,29 @@ begin = -1 end = -1 +[JC_45] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_46] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_1] file = "HOME/tests/java/NameConflicts.jc" -line = 44 -begin = 8 -end = 23 +line = 20 +begin = 12 +end = 22 + +[JC_47] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_2] file = "HOME/" @@ -374,11 +444,23 @@ begin = -1 end = -1 +[JC_48] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_3] file = "HOME/tests/java/NameConflicts.jc" -line = 44 -begin = 8 -end = 23 +line = 20 +begin = 12 +end = 22 + +[JC_49] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_4] file = "HOME/" @@ -408,7 +490,7 @@ name = "Method setI" behavior = "Safety" file = "HOME/tests/java/NameConflicts.java" -line = 6 +line = 36 begin = 9 end = 13 @@ -420,21 +502,39 @@ [JC_9] file = "HOME/tests/java/NameConflicts.jc" -line = 46 -begin = 11 -end = 65 +line = 47 +begin = 8 +end = 23 + +[JC_50] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_51] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_52] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_10] -file = "HOME/tests/java/NameConflicts.jc" -line = 46 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_11] -file = "HOME/tests/java/NameConflicts.java" -line = 6 -begin = 9 -end = 13 +file = "HOME/tests/java/NameConflicts.jc" +line = 47 +begin = 8 +end = 23 [JC_12] file = "HOME/" @@ -443,10 +543,10 @@ end = -1 [JC_13] -file = "HOME/tests/java/NameConflicts.java" -line = 6 -begin = 9 -end = 13 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_14] file = "HOME/" @@ -456,7 +556,7 @@ [cons_NameConflicts_ensures_default] name = "Constructor of class NameConflicts" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -470,9 +570,9 @@ [NameConflicts_setI_ensures_default] name = "Method setI" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/NameConflicts.java" -line = 6 +line = 36 begin = 9 end = 13 @@ -483,22 +583,22 @@ end = -1 [JC_17] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/NameConflicts.jc" +line = 49 +begin = 11 +end = 65 [JC_18] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/NameConflicts.jc" +line = 49 +begin = 11 +end = 65 [JC_19] file = "HOME/tests/java/NameConflicts.java" -line = 13 -begin = 8 -end = 9 +line = 36 +begin = 9 +end = 13 [JC_20] file = "HOME/" @@ -508,9 +608,9 @@ [JC_21] file = "HOME/tests/java/NameConflicts.java" -line = 13 -begin = 8 -end = 9 +line = 36 +begin = 9 +end = 13 [JC_22] file = "HOME/" @@ -544,27 +644,27 @@ [JC_27] file = "HOME/tests/java/NameConflicts.java" -line = 11 -begin = 18 -end = 30 +line = 43 +begin = 8 +end = 9 [JC_28] -file = "HOME/tests/java/NameConflicts.java" -line = 11 -begin = 18 -end = 30 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_29] file = "HOME/tests/java/NameConflicts.java" -line = 20 +line = 43 begin = 8 -end = 13 +end = 9 [NameConflicts_m_ensures_default] name = "Method m" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/NameConflicts.java" -line = 13 +line = 43 begin = 8 end = 9 @@ -572,15 +672,15 @@ name = "Method field" behavior = "Safety" file = "HOME/tests/java/NameConflicts.java" -line = 20 +line = 50 begin = 8 end = 13 [NameConflicts_field_ensures_default] name = "Method field" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/NameConflicts.java" -line = 20 +line = 50 begin = 8 end = 13 @@ -590,55 +690,55 @@ begin = -1 end = -1 -[JC_31] -file = "HOME/tests/java/NameConflicts.java" -line = 20 -begin = 8 -end = 13 - [NameConflicts_m_safety] name = "Method m" behavior = "Safety" file = "HOME/tests/java/NameConflicts.java" -line = 13 +line = 43 begin = 8 end = 9 -[JC_32] +[JC_31] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_33] +[JC_32] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_34] +[JC_33] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_35] +[JC_34] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_35] +file = "HOME/tests/java/NameConflicts.java" +line = 41 +begin = 18 +end = 30 + [JC_36] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/NameConflicts.java" +line = 41 +begin = 18 +end = 30 [JC_37] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/NameConflicts.java" +line = 50 +begin = 8 +end = 13 [JC_38] file = "HOME/" @@ -647,16 +747,16 @@ end = -1 [JC_39] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/NameConflicts.java" +line = 50 +begin = 8 +end = 13 [NameConflicts_m_ensures_normal] name = "Method m" -behavior = "Normal behavior `normal'" +behavior = "Behavior `normal'" file = "HOME/tests/java/NameConflicts.java" -line = 13 +line = 43 begin = 8 end = 9 @@ -683,18 +783,12 @@ type short -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - logic NameConflicts_tag: -> Object tag_id axiom NameConflicts_parenttag_Object : @@ -702,7 +796,7 @@ predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -719,14 +813,10 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -740,6 +830,11 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_byte(byte_of_integer(x)), x))) +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + axiom byte_range : (forall x:byte. (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) @@ -753,6 +848,11 @@ ((le_int((0), x) and le_int(x, (65535))) -> eq_int(integer_of_char(char_of_integer(x)), x))) +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + axiom char_range : (forall x:char. (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) @@ -785,6 +885,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -838,6 +943,11 @@ ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> eq_int(integer_of_long(long_of_integer(x)), x))) +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + axiom long_range : (forall x:long. (le_int((-9223372036854775808), integer_of_long(x)) @@ -881,6 +991,11 @@ ((le_int((-32768), x) and le_int(x, (32767))) -> eq_int(integer_of_short(short_of_integer(x)), x))) +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + axiom short_range : (forall x:short. (le_int((-32768), integer_of_short(x)) @@ -922,32 +1037,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NameConflicts(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -984,6 +1073,12 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter NameConflicts_field : (Object, int32) memory ref parameter Object_alloc_table : Object alloc_table ref @@ -1001,12 +1096,12 @@ parameter NameConflicts_m : this_1:Object pointer -> { } int32 reads Object_alloc_table - { (JC_28: eq_int(integer_of_int32(result), (0))) } + { (JC_36: (integer_of_int32(result) = (0))) } parameter NameConflicts_m_requires : this_1:Object pointer -> { } int32 reads Object_alloc_table - { (JC_28: eq_int(integer_of_int32(result), (0))) } + { (JC_36: (integer_of_int32(result) = (0))) } parameter NameConflicts_setI : this_2:Object pointer -> @@ -1020,113 +1115,9 @@ parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_NameConflicts : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_NameConflicts(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_NameConflicts_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_NameConflicts(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1280,6 +1271,10 @@ parameter any_short : unit -> { } short { true } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter byte_of_integer_ : x:int -> { (le_int((-128), x) and le_int(x, (127)))} byte @@ -1313,15 +1308,15 @@ parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter safe_byte_of_integer_ : @@ -1353,7 +1348,7 @@ begin (return := (K_4: ((safe_acc_ !NameConflicts_field) this_0))); (raise Return); absurd end with Return -> !return end)) - { (JC_33: true) } + { (JC_41: true) } let NameConflicts_field_safety = fun (this_0 : Object pointer) -> @@ -1374,7 +1369,7 @@ begin (let result_0 = (safe_int32_of_integer_ (K_3: (0))) in begin (return := (safe_int32_of_integer_ (0))); (raise Return) end); - absurd end with Return -> !return end)) { (JC_23: true) } + absurd end with Return -> !return end)) { (JC_31: true) } let NameConflicts_m_ensures_normal = fun (this_1 : Object pointer) -> @@ -1386,7 +1381,7 @@ (let result_0 = (safe_int32_of_integer_ (K_3: (0))) in begin (return := (safe_int32_of_integer_ (0))); (raise Return) end); absurd end with Return -> !return end)) - { (JC_27: eq_int(integer_of_int32(result), (0))) } + { (JC_35: (integer_of_int32(result) = (0))) } let NameConflicts_m_safety = fun (this_1 : Object pointer) -> @@ -1411,7 +1406,7 @@ begin (let jessie_ = this_2 in (((safe_upd_ NameConflicts_i) jessie_) jessie_)); jessie_ end)) in - void); (raise Return) end with Return -> void end) { (JC_15: true) } + void); (raise Return) end with Return -> void end) { (JC_23: true) } let NameConflicts_setI_safety = fun (this_2 : Object pointer) (i : int32) -> @@ -1443,7 +1438,7 @@ (let jessie_ = this_3 in (((safe_upd_ NameConflicts_field) jessie_) jessie_)); jessie_ end) end in void); (raise Return) end with Return -> void end) - { (JC_41: true) } + { (JC_49: true) } let cons_NameConflicts_safety = fun (this_3 : Object pointer) -> @@ -1473,9 +1468,9 @@ - + - + @@ -2444,7 +2439,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -2478,6 +2473,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -2490,6 +2489,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -2522,6 +2525,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -2575,6 +2583,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -2619,6 +2631,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -2659,32 +2676,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NameConflicts(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -2732,7 +2723,7 @@ (integer_of_int32(result0) = 0) -> forall return:int32. (return = result0) -> - ("JC_27": (integer_of_int32(return) = 0)) + ("JC_35": (integer_of_int32(return) = 0)) ========== generation of Simplify VC output ========== why -simplify [...] why/NameConflicts.why @@ -3560,7 +3551,7 @@ (EQ (parenttag NameConflicts_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -3593,6 +3584,11 @@ (EQ (integer_of_byte (byte_of_integer x)) x)))) (BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom byte_range (FORALL (x) (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) @@ -3604,6 +3600,11 @@ (EQ (integer_of_char (char_of_integer x)) x)))) (BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom char_range (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) @@ -3626,6 +3627,11 @@ (EQ (integer_of_int32 (int32_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int32_range (FORALL (x) (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) @@ -3675,6 +3681,11 @@ (EQ (integer_of_long (long_of_integer x)) x)))) (BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom long_range (FORALL (x) (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) @@ -3713,6 +3724,11 @@ (EQ (integer_of_short (short_of_integer x)) x)))) (BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom short_range (FORALL (x) (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) @@ -3745,26 +3761,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_NameConflicts p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -3793,7 +3789,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; NameConflicts_m_ensures_normal_po_1, File "HOME/tests/java/NameConflicts.java", line 11, characters 18-30 +;; NameConflicts_m_ensures_normal_po_1, File "HOME/tests/java/NameConflicts.java", line 41, characters 18-30 (FORALL (this_1) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_NameConflicts this_1 0 0 Object_alloc_table) @@ -4773,7 +4769,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -4807,6 +4803,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -4819,6 +4819,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -4851,6 +4855,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -4904,6 +4913,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -4948,6 +4961,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -4988,32 +5006,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NameConflicts(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -5060,7 +5052,7 @@ (integer_of_int32(result0) = 0) -> forall return:int32. (return = result0) -> - ("JC_27": (integer_of_int32(return) = 0)) + ("JC_35": (integer_of_int32(return) = 0)) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations diff -Nru why-2.29+dfsg/tests/java/oracle/Negate.err.oracle why-2.30+dfsg/tests/java/oracle/Negate.err.oracle --- why-2.29+dfsg/tests/java/oracle/Negate.err.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Negate.err.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,2 +1 @@ DOTDOT -File "tests/java/Negate.java", line 16, characters 5-17: syntax error (parse error in annotation) diff -Nru why-2.29+dfsg/tests/java/oracle/Negate.res.oracle why-2.30+dfsg/tests/java/oracle/Negate.res.oracle --- why-2.29+dfsg/tests/java/oracle/Negate.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Negate.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/java/Negate.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ CheckArithOverflow = no @@ -11,18 +41,6297 @@ @*/ static void negate(int t[]) { int i = 0; - /*@ loop_invariant - @ 0 <= i <= t.length && - @ (\forall integer k; 0 <= k < i ==> t[k] == -\at(t[k],Pre)) ; - @ loop_assigns t[0..i-1]; - @ loop_variant t.length-i; + /*@ loop_invariant + @ 0 <= i <= t.length && + @ (\forall integer k; 0 <= k < i ==> t[k] == -\at(t[k],Pre)) && + @ (\forall integer k; i <= k < t.length ==> t[k] == \at(t[k],Pre)) ; + @ // TODO: replace previous invariant by loop_assigns t[0..i-1]; + @ loop_variant t.length-i; @*/ while (i < t.length) { t[i] = -t[i]; i++; } - + } } + + + +/* +Local Variables: +compile-command: "make Negate.why3ml" +End: +*/ + ========== krakatoa execution ========== +Parsing OK. +Typing OK. +Generating JC function negate_negate for method negate.negate +Generating JC function cons_negate for constructor negate +Done. +========== file tests/java/Negate.jc ========== +# InvariantPolicy = Arguments +# TerminationPolicy = always +# SeparationPolicy = None +# AnnotationPolicy = None +# AbstractDomain = None + +predicate Non_null_intM{Here}(intM[0..] x) = +(\offset_max(x) >= -1) + +predicate Non_null_Object{Here}(Object[0..] x) = +(\offset_max(x) >= 0) + +String[0..] any_string() +; + +tag Object = { +} + +tag String = Object with { +} + +tag Throwable = Object with { +} + +tag Exception = Object with { +} + +tag negate = Object with { +} + +type Object = [Object] + +type interface = [interface] + +tag interface = { +} + +tag intM = Object with { + integer intP; +} + +boolean non_null_intM(! intM[0..] x) +behavior default: + assigns \nothing; + ensures (if \result then (\offset_max(x) >= -1) else (x == null)); +; + +integer java_array_length_intM(! intM[0..-1] x) +behavior default: + assigns \nothing; + ensures ((\result <= 2147483647) && + ((\result >= 0) && (\result == (\offset_max(x) + 1)))); +; + +boolean non_null_Object(! Object[0..] x) +behavior normal: + ensures (if \result then (\offset_max(x) == 0) else (x == null)); +; + +exception Throwable of Throwable[0..] + +exception Exception of Exception[0..] + +unit negate_negate(intM[0..] t) + requires (K_2 : Non_null_intM(t)); +behavior default: + assigns (t + [0..((\offset_max(t) + 1) - 1)]).intP; + ensures (K_1 : (\forall integer k; + (((0 <= k) && (k < (\offset_max(t) + 1))) ==> + ((t + k).intP == (- \at((t + k).intP,Old)))))); +{ + { + (var integer i = (K_17 : 0)); + + loop + behavior default: + invariant (K_9 : ((K_8 : ((K_7 : ((K_6 : (0 <= i)) && + (K_5 : (i <= (\offset_max(t) + 1))))) && + (K_4 : (\forall integer k_0; + (((0 <= k_0) && (k_0 < i)) ==> + ((t + k_0).intP == + (- \at((t + k_0).intP,Pre)))))))) && + (K_3 : (\forall integer k_1; + (((i <= k_1) && + (k_1 < (\offset_max(t) + 1))) ==> + ((t + k_1).intP == + \at((t + k_1).intP,Pre))))))); + variant (K_10 : ((\offset_max(t) + 1) - i)); + while ((K_16 : (i < (K_15 : java_array_length_intM(t))))) + { + { (K_13 : ((t + i).intP = (K_12 : (- (K_11 : (t + i).intP))))); + (K_14 : (i ++)) + } + } + } +} + +unit cons_negate(! negate[0] this_0){()} + +/* +Local Variables: +mode: java +compile-command: "jessie -why-opt -split-user-conj -locs tests/java/Negate.jloc tests/java/Negate.jc && make -f tests/java/Negate.makefile gui" +End: +*/ +========== file tests/java/Negate.jloc ========== +[K_10] +file = "HOME/tests/java/Negate.java" +line = 48 +begin = 18 +end = 28 + +[K_11] +file = "HOME/tests/java/Negate.java" +line = 51 +begin = 13 +end = 17 + +[K_12] +file = "HOME/tests/java/Negate.java" +line = 51 +begin = 12 +end = 17 + +[K_13] +file = "HOME/tests/java/Negate.java" +line = 51 +begin = 5 +end = 17 + +[K_14] +file = "HOME/tests/java/Negate.java" +line = 52 +begin = 5 +end = 8 + +[K_15] +file = "HOME/tests/java/Negate.java" +line = 50 +begin = 12 +end = 20 + +[K_16] +file = "HOME/tests/java/Negate.java" +line = 50 +begin = 8 +end = 20 + +[K_17] +file = "HOME/tests/java/Negate.java" +line = 42 +begin = 9 +end = 10 + +[K_1] +file = "HOME/tests/java/Negate.java" +line = 39 +begin = 16 +end = 76 + +[K_2] +file = "HOME/tests/java/Negate.java" +line = 37 +begin = 17 +end = 26 + +[K_3] +file = "HOME/tests/java/Negate.java" +line = 46 +begin = 8 +end = 70 + +[K_4] +file = "HOME/tests/java/Negate.java" +line = 45 +begin = 8 +end = 64 + +[K_5] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 12 +end = 25 + +[K_6] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 7 +end = 13 + +[K_7] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 7 +end = 25 + +[K_8] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 7 +end = 94 + +[K_9] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 7 +end = 169 + +[cons_negate] +name = "Constructor of class negate" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[negate_negate] +name = "Method negate" +file = "HOME/tests/java/Negate.java" +line = 41 +begin = 16 +end = 22 + +========== jessie execution ========== +Generating Why function negate_negate +Generating Why function cons_negate +========== file tests/java/Negate.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Negate.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Negate.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/Negate_why.sx + +project: why/Negate.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/Negate_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/Negate_why.vo + +coq/Negate_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/Negate_why.v: why/Negate.why + @echo 'why -coq [...] why/Negate.why' && $(WHY) $(JESSIELIBFILES) why/Negate.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/Negate_ctx_why.vo + for f in why/*_po*.why; do make -f Negate.makefile coq/`basename $$f .why`_why.v ; done + +coq/Negate_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/Negate_ctx_why.v: why/Negate_ctx.why + @echo 'why -coq [...] why/Negate_ctx.why' && $(WHY) why/Negate_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export Negate_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/Negate_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/Negate_ctx_why.vo + +pvs: pvs/Negate_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/Negate_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/Negate_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/Negate_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/Negate_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/Negate_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/Negate_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/Negate_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/Negate_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/Negate_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/Negate_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/Negate_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/Negate_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/Negate_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/Negate_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: Negate.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/Negate_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/Negate_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: Negate.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include Negate.depend + +depend: coq/Negate_why.v + -$(COQDEP) -I coq coq/Negate*_why.v > Negate.depend + +clean: + rm -f coq/*.vo + +========== file tests/java/Negate.loc ========== +[JC_40] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_41] +file = "HOME/tests/java/Negate.java" +line = 37 +begin = 17 +end = 26 + +[JC_42] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_43] +file = "HOME/tests/java/Negate.java" +line = 39 +begin = 16 +end = 76 + +[JC_44] +file = "HOME/tests/java/Negate.java" +line = 41 +begin = 16 +end = 22 + +[JC_45] +file = "HOME/tests/java/Negate.jc" +line = 66 +begin = 9 +end = 16 + +[negate_negate_safety] +name = "Method negate" +behavior = "Safety" +file = "HOME/tests/java/Negate.java" +line = 41 +begin = 16 +end = 22 + +[JC_46] +file = "HOME/tests/java/Negate.java" +line = 39 +begin = 16 +end = 76 + +[JC_1] +file = "HOME/tests/java/Negate.jc" +line = 13 +begin = 12 +end = 22 + +[JC_47] +file = "HOME/tests/java/Negate.java" +line = 41 +begin = 16 +end = 22 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_negate_ensures_default] +name = "Constructor of class negate" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_48] +file = "HOME/tests/java/Negate.jc" +line = 66 +begin = 9 +end = 16 + +[JC_3] +file = "HOME/tests/java/Negate.jc" +line = 13 +begin = 12 +end = 22 + +[JC_49] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_6] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_7] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_9] +file = "HOME/tests/java/Negate.jc" +line = 42 +begin = 8 +end = 21 + +[JC_50] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_51] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 7 +end = 13 + +[JC_52] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 12 +end = 25 + +[JC_53] +file = "HOME/tests/java/Negate.java" +line = 45 +begin = 8 +end = 64 + +[JC_54] +file = "HOME/tests/java/Negate.java" +line = 46 +begin = 8 +end = 70 + +[JC_55] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 7 +end = 169 + +[JC_56] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_57] +file = "HOME/tests/java/Negate.jc" +line = 75 +begin = 6 +end = 1025 + +[JC_58] +file = "HOME/tests/java/Negate.jc" +line = 75 +begin = 6 +end = 1025 + +[JC_59] +kind = UserCall +file = "HOME/tests/java/Negate.java" +line = 50 +begin = 12 +end = 20 + +[cons_negate_safety] +name = "Constructor of class negate" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_60] +kind = IndexBounds +file = "HOME/tests/java/Negate.java" +line = 50 +begin = 12 +end = 20 + +[JC_61] +kind = PointerDeref +file = "HOME/tests/java/Negate.java" +line = 51 +begin = 13 +end = 17 + +[JC_62] +kind = PointerDeref +file = "HOME/tests/java/Negate.jc" +line = 91 +begin = 21 +end = 70 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_63] +file = "HOME/tests/java/Negate.java" +line = 48 +begin = 18 +end = 28 + +[JC_11] +file = "HOME/tests/java/Negate.jc" +line = 42 +begin = 8 +end = 21 + +[JC_64] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 7 +end = 13 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_65] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 12 +end = 25 + +[JC_13] +file = "HOME/tests/java/Negate.jc" +line = 45 +begin = 11 +end = 66 + +[JC_66] +file = "HOME/tests/java/Negate.java" +line = 45 +begin = 8 +end = 64 + +[JC_14] +file = "HOME/tests/java/Negate.jc" +line = 44 +begin = 10 +end = 18 + +[JC_67] +file = "HOME/tests/java/Negate.java" +line = 46 +begin = 8 +end = 70 + +[JC_15] +file = "HOME/tests/java/Negate.jc" +line = 45 +begin = 11 +end = 66 + +[JC_68] +file = "HOME/tests/java/Negate.java" +line = 44 +begin = 7 +end = 169 + +[JC_16] +file = "HOME/tests/java/Negate.jc" +line = 44 +begin = 10 +end = 18 + +[JC_69] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_17] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_18] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_19] +file = "HOME/tests/java/Negate.jc" +line = 48 +begin = 8 +end = 30 + +[JC_70] +file = "HOME/tests/java/Negate.jc" +line = 75 +begin = 6 +end = 1025 + +[JC_71] +file = "HOME/tests/java/Negate.jc" +line = 75 +begin = 6 +end = 1025 + +[JC_72] +kind = UserCall +file = "HOME/tests/java/Negate.java" +line = 50 +begin = 12 +end = 20 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_73] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_21] +file = "HOME/tests/java/Negate.jc" +line = 48 +begin = 8 +end = 30 + +[JC_74] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_22] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_75] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_23] +file = "HOME/tests/java/Negate.jc" +line = 51 +begin = 11 +end = 103 + +[JC_76] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_24] +file = "HOME/tests/java/Negate.jc" +line = 50 +begin = 10 +end = 18 + +[JC_77] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_25] +file = "HOME/tests/java/Negate.jc" +line = 51 +begin = 11 +end = 103 + +[JC_78] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[negate_negate_ensures_default] +name = "Method negate" +behavior = "default behavior" +file = "HOME/tests/java/Negate.java" +line = 41 +begin = 16 +end = 22 + +[JC_26] +file = "HOME/tests/java/Negate.jc" +line = 50 +begin = 10 +end = 18 + +[JC_79] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_27] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_28] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_29] +file = "HOME/tests/java/Negate.jc" +line = 55 +begin = 8 +end = 23 + +[JC_80] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_30] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_31] +file = "HOME/tests/java/Negate.jc" +line = 55 +begin = 8 +end = 23 + +[JC_32] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_33] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_34] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_35] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_36] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_37] +file = "HOME/tests/java/Negate.jc" +line = 57 +begin = 11 +end = 65 + +[JC_38] +file = "HOME/tests/java/Negate.jc" +line = 57 +begin = 11 +end = 65 + +[JC_39] +file = "HOME/tests/java/Negate.java" +line = 37 +begin = 17 +end = 26 + +========== file tests/java/why/Negate.why ========== +type Object + +type interface + +logic Exception_tag: -> Object tag_id + +logic Object_tag: -> Object tag_id + +axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) + +predicate Non_null_Object(x_1:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_1), (0)) + +predicate Non_null_intM(x_0:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_0), neg_int((1))) + +axiom Object_int : (int_of_tag(Object_tag) = (1)) + +logic Object_of_pointer_address: unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr : + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom : parenttag(Object_tag, bottom_tag) + +axiom Object_tags : + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. + instanceof(Object_tag_table, x, Object_tag))) + +logic String_tag: -> Object tag_id + +axiom String_parenttag_Object : parenttag(String_tag, Object_tag) + +logic Throwable_tag: -> Object tag_id + +axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) + +logic intM_tag: -> Object tag_id + +axiom intM_parenttag_Object : parenttag(intM_tag, Object_tag) + +logic interface_tag: -> interface tag_id + +axiom interface_int : (int_of_tag(interface_tag) = (1)) + +logic interface_of_pointer_address: unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr : + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom : parenttag(interface_tag, bottom_tag) + +axiom interface_tags : + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + (offset_min(Object_alloc_table, p) <= a) + +predicate left_valid_struct_Exception(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_String(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_Throwable(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_intM(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_interface(p:interface pointer, a:int, + interface_alloc_table:interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +predicate left_valid_struct_negate(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +logic negate_tag: -> Object tag_id + +axiom negate_parenttag_Object : parenttag(negate_tag, Object_tag) + +axiom pointer_addr_of_Object_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address : + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + (offset_max(Object_alloc_table, p) >= b) + +predicate right_valid_struct_Exception(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_String(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_Throwable(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_intM(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_interface(p:interface pointer, b:int, + interface_alloc_table:interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +predicate right_valid_struct_negate(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate strict_valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_intM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_negate(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_intM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_negate(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +parameter Object_alloc_table : Object alloc_table ref + +parameter Object_tag_table : Object tag_table ref + +exception Return_label_exc of unit + +exception Throwable_exc of Object pointer + +parameter alloc_struct_Exception : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Exception_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Object : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_Object_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_String : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_String_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_Throwable : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_Throwable_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_intM : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_intM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, intM_tag)))) } + +parameter alloc_struct_intM_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_intM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, intM_tag)))) } + +parameter interface_alloc_table : interface alloc_table ref + +parameter interface_tag_table : interface tag_table ref + +parameter alloc_struct_interface : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { } interface pointer writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter alloc_struct_interface_requires : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { ge_int(n, (0))} interface pointer + writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter alloc_struct_negate : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_negate(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, negate_tag)))) } + +parameter alloc_struct_negate_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_negate(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, negate_tag)))) } + +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + +parameter cons_negate : + this_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_negate_requires : + this_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter intM_intP : (Object, int) memory ref + +parameter java_array_length_intM : + x_3:Object pointer -> + { } int reads Object_alloc_table + { (JC_25: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + +parameter java_array_length_intM_requires : + x_3:Object pointer -> + { } int reads Object_alloc_table + { (JC_25: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + +parameter negate_negate : + t:Object pointer -> + { } unit reads Object_alloc_table,intM_intP writes intM_intP + { (JC_48: + ((JC_46: + (forall k:int. + ((le_int((0), k) + and lt_int(k, add_int(offset_max(Object_alloc_table, t), (1)))) -> + (select(intM_intP, shift(t, k)) = neg_int(select(intM_intP@, + shift(t, k))))))) + and (JC_47: + not_assigns(Object_alloc_table@, intM_intP@, intM_intP, + pset_range(pset_singleton(t), (0), + sub_int(add_int(offset_max(Object_alloc_table@, t), (1)), (1))))))) } + +parameter negate_negate_requires : + t:Object pointer -> + { (JC_39: Non_null_intM(t, Object_alloc_table))} unit + reads Object_alloc_table,intM_intP writes intM_intP + { (JC_48: + ((JC_46: + (forall k:int. + ((le_int((0), k) + and lt_int(k, add_int(offset_max(Object_alloc_table, t), (1)))) -> + (select(intM_intP, shift(t, k)) = neg_int(select(intM_intP@, + shift(t, k))))))) + and (JC_47: + not_assigns(Object_alloc_table@, intM_intP@, intM_intP, + pset_range(pset_singleton(t), (0), + sub_int(add_int(offset_max(Object_alloc_table@, t), (1)), (1))))))) } + +parameter non_null_Object : + x_4:Object pointer -> + { } bool reads Object_alloc_table + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) + else (x_4 = null))) } + +parameter non_null_Object_requires : + x_4:Object pointer -> + { } bool reads Object_alloc_table + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) + else (x_4 = null))) } + +parameter non_null_intM : + x_2:Object pointer -> + { } bool reads Object_alloc_table + { (JC_15: + (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) + else (x_2 = null))) } + +parameter non_null_intM_requires : + x_2:Object pointer -> + { } bool reads Object_alloc_table + { (JC_15: + (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) + else (x_2 = null))) } + +let cons_negate_ensures_default = + fun (this_0 : Object pointer) -> + { valid_struct_negate(this_0, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_77: true) } + +let cons_negate_safety = + fun (this_0 : Object pointer) -> + { valid_struct_negate(this_0, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + +let negate_negate_ensures_default = + fun (t : Object pointer) -> + { (left_valid_struct_intM(t, (0), Object_alloc_table) + and (JC_41: Non_null_intM(t, Object_alloc_table))) } + (init: + try + begin + (let i = ref (K_17: (0)) in + try + (loop_2: + while true do + { invariant + ((JC_68: + ((JC_64: le_int((0), i)) + and ((JC_65: + le_int(i, add_int(offset_max(Object_alloc_table, t), (1)))) + and ((JC_66: + (forall k_0:int. + ((le_int((0), k_0) and lt_int(k_0, i)) -> + (select(intM_intP, shift(t, k_0)) = neg_int(select(intM_intP@init, + shift(t, + k_0))))))) + and (JC_67: + (forall k_1:int. + ((le_int(i, k_1) + and lt_int(k_1, + add_int(offset_max(Object_alloc_table, t), (1)))) -> + (select(intM_intP, shift(t, k_1)) = select(intM_intP@init, + shift(t, k_1)))))))))) + and (JC_70: + not_assigns(Object_alloc_table@init, intM_intP@init, intM_intP, + pset_range(pset_singleton(t), (0), + sub_int(add_int(offset_max(Object_alloc_table@init, t), (1)), + (1)))))) } + begin + [ { } unit { true } ]; + try + begin + (if (K_16: + ((lt_int_ !i) (K_15: + (let jessie_ = t in + (JC_72: (java_array_length_intM jessie_)))))) + then + (let jessie_ = + (K_13: + begin + (let jessie_ = + (let jessie_ = + (K_12: + (neg_int (K_11: ((safe_acc_ !intM_intP) ((shift t) !i))))) in + (let jessie_ = t in + (let jessie_ = !i in + (let jessie_ = ((shift jessie_) jessie_) in + (((safe_upd_ intM_intP) jessie_) jessie_))))) in void); + (K_14: + (let jessie_ = !i in + begin + (let jessie_ = (i := ((add_int jessie_) (1))) in void); + jessie_ end)) end) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done) with + Loop_exit_exc jessie_ -> void end); (raise Return) end with Return -> + void end) + { (JC_45: + ((JC_43: + (forall k:int. + ((le_int((0), k) + and lt_int(k, add_int(offset_max(Object_alloc_table, t), (1)))) -> + (select(intM_intP, shift(t, k)) = neg_int(select(intM_intP@, + shift(t, k))))))) + and (JC_44: + not_assigns(Object_alloc_table@, intM_intP@, intM_intP, + pset_range(pset_singleton(t), (0), + sub_int(add_int(offset_max(Object_alloc_table@, t), (1)), (1))))))) } + +let negate_negate_safety = + fun (t : Object pointer) -> + { (left_valid_struct_intM(t, (0), Object_alloc_table) + and (JC_41: Non_null_intM(t, Object_alloc_table))) } + (init: + try + begin + (let i = ref (K_17: (0)) in + try + (loop_1: + while true do + { invariant (JC_57: true) + variant (JC_63 : sub_int(add_int(offset_max(Object_alloc_table, t), + (1)), + i)) } + begin + [ { } unit reads Object_alloc_table,i,intM_intP + { (JC_55: + ((JC_51: le_int((0), i)) + and ((JC_52: + le_int(i, add_int(offset_max(Object_alloc_table, t), (1)))) + and ((JC_53: + (forall k_0:int. + ((le_int((0), k_0) and lt_int(k_0, i)) -> + (select(intM_intP, shift(t, k_0)) = neg_int(select(intM_intP@init, + shift(t, + k_0))))))) + and (JC_54: + (forall k_1:int. + ((le_int(i, k_1) + and lt_int(k_1, + add_int(offset_max(Object_alloc_table, t), + (1)))) -> + (select(intM_intP, shift(t, k_1)) = select(intM_intP@init, + shift(t, k_1)))))))))) } ]; + try + begin + (if (K_16: + ((lt_int_ !i) (K_15: + (let jessie_ = t in + (JC_60: + (assert + { ge_int(offset_max(Object_alloc_table, + jessie_), + (-1)) }; + (JC_59: + (java_array_length_intM_requires jessie_)))))))) + then + (let jessie_ = + (K_13: + begin + (let jessie_ = + (let jessie_ = + (K_12: + (neg_int (K_11: + (JC_61: + ((((offset_acc_ !Object_alloc_table) !intM_intP) t) !i))))) in + (let jessie_ = t in + (let jessie_ = !i in + (let jessie_ = ((shift jessie_) jessie_) in + (JC_62: + (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)))))) in + void); + (K_14: + (let jessie_ = !i in + begin + (let jessie_ = (i := ((add_int jessie_) (1))) in void); + jessie_ end)) end) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> void end end done) with + Loop_exit_exc jessie_ -> void end); (raise Return) end with Return -> + void end) { true } + + +========== make project execution ========== +why --project [...] why/Negate.why +========== file tests/java/why/Negate.wpr ========== + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +========== file tests/java/why/Negate_ctx.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type interface + +logic Exception_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +predicate Non_null_Object(x_1: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_1) >= 0) + +predicate Non_null_intM(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= (-1)) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic intM_tag : Object tag_id + +axiom intM_parenttag_Object: parenttag(intM_tag, Object_tag) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_intM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +predicate left_valid_struct_negate(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +logic negate_tag : Object tag_id + +axiom negate_parenttag_Object: parenttag(negate_tag, Object_tag) + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_intM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +predicate right_valid_struct_negate(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_negate(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_negate(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +========== file tests/java/why/Negate_po1.why ========== +goal negate_negate_ensures_default_po_1: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + ("JC_68": ("JC_64": (0 <= 0))) + +========== file tests/java/why/Negate_po10.why ========== +goal negate_negate_ensures_default_po_10: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i >= result) -> + forall k:int. + ((0 <= k) and (k < (offset_max(Object_alloc_table, t) + 1))) -> + ("JC_45": + ("JC_43": (select(intM_intP0, shift(t, k)) = (-select(intM_intP, shift(t, + k)))))) + +========== file tests/java/why/Negate_po11.why ========== +goal negate_negate_safety_po_1: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + ("JC_57": true) -> + ("JC_55": + (("JC_51": (0 <= i)) and + (("JC_52": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_53": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_54": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) -> + (offset_max(Object_alloc_table, t) >= (-1)) + +========== file tests/java/why/Negate_po12.why ========== +goal negate_negate_safety_po_2: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + ("JC_57": true) -> + ("JC_55": + (("JC_51": (0 <= i)) and + (("JC_52": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_53": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_54": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) -> + (offset_max(Object_alloc_table, t) >= (-1)) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + (offset_min(Object_alloc_table, t) <= i) + +========== file tests/java/why/Negate_po13.why ========== +goal negate_negate_safety_po_3: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + ("JC_57": true) -> + ("JC_55": + (("JC_51": (0 <= i)) and + (("JC_52": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_53": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_54": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) -> + (offset_max(Object_alloc_table, t) >= (-1)) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + (i <= offset_max(Object_alloc_table, t)) + +========== file tests/java/why/Negate_po14.why ========== +goal negate_negate_safety_po_4: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + ("JC_57": true) -> + ("JC_55": + (("JC_51": (0 <= i)) and + (("JC_52": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_53": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_54": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) -> + (offset_max(Object_alloc_table, t) >= (-1)) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + ((offset_min(Object_alloc_table, t) <= i) and + (i <= offset_max(Object_alloc_table, t))) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + ((offset_min(Object_alloc_table, t) <= i) and + (i <= offset_max(Object_alloc_table, t))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + (0 <= ("JC_63": ((offset_max(Object_alloc_table, t) + 1) - i))) + +========== file tests/java/why/Negate_po15.why ========== +goal negate_negate_safety_po_5: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + ("JC_57": true) -> + ("JC_55": + (("JC_51": (0 <= i)) and + (("JC_52": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_53": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_54": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) -> + (offset_max(Object_alloc_table, t) >= (-1)) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + ((offset_min(Object_alloc_table, t) <= i) and + (i <= offset_max(Object_alloc_table, t))) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + ((offset_min(Object_alloc_table, t) <= i) and + (i <= offset_max(Object_alloc_table, t))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + (("JC_63": ((offset_max(Object_alloc_table, t) + 1) - i0)) < ("JC_63": + ((offset_max(Object_alloc_table, + t) + 1) - i))) + +========== file tests/java/why/Negate_po2.why ========== +goal negate_negate_ensures_default_po_2: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + ("JC_68": ("JC_65": (0 <= (offset_max(Object_alloc_table, t) + 1)))) + +========== file tests/java/why/Negate_po3.why ========== +goal negate_negate_ensures_default_po_3: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall k_0:int. + ((0 <= k_0) and (k_0 < 0)) -> + ("JC_68": + ("JC_66": (select(intM_intP, shift(t, k_0)) = (-select(intM_intP, shift(t, + k_0)))))) + +========== file tests/java/why/Negate_po4.why ========== +goal negate_negate_ensures_default_po_4: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1)))) + +========== file tests/java/why/Negate_po5.why ========== +goal negate_negate_ensures_default_po_5: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + ("JC_68": ("JC_64": (0 <= i0))) + +========== file tests/java/why/Negate_po6.why ========== +goal negate_negate_ensures_default_po_6: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + ("JC_68": ("JC_65": (i0 <= (offset_max(Object_alloc_table, t) + 1)))) + +========== file tests/java/why/Negate_po7.why ========== +goal negate_negate_ensures_default_po_7: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + forall k_0:int. + ((0 <= k_0) and (k_0 < i0)) -> + ("JC_68": + ("JC_66": (select(intM_intP1, shift(t, k_0)) = (-select(intM_intP, shift(t, + k_0)))))) + +========== file tests/java/why/Negate_po8.why ========== +goal negate_negate_ensures_default_po_8: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + forall k_1:int. + ((i0 <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + ("JC_68": + ("JC_67": (select(intM_intP1, shift(t, k_1)) = select(intM_intP, shift(t, + k_1))))) + +========== file tests/java/why/Negate_po9.why ========== +goal negate_negate_ensures_default_po_9: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP1, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1)))) + +========== generation of Simplify VC output ========== +why -simplify [...] why/Negate.why +========== file tests/java/simplify/Negate_why.sx ========== + +;; DO NOT EDIT BELOW THIS LINE + +(BG_PUSH (NEQ |@true| |@false|)) + +(DEFPRED (zwf_zero a b) (AND (<= 0 b) (< a b))) + +(BG_PUSH + ;; Why axiom bool_and_def + (FORALL (a b) + (IFF (EQ (bool_and a b) |@true|) (AND (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_or_def + (FORALL (a b) + (IFF (EQ (bool_or a b) |@true|) (OR (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_xor_def + (FORALL (a b) (IFF (EQ (bool_xor a b) |@true|) (NEQ a b)))) + +(BG_PUSH + ;; Why axiom bool_not_def + (FORALL (a) (IFF (EQ (bool_not a) |@true|) (EQ a |@false|)))) + +(BG_PUSH + ;; Why axiom ite_true + (FORALL (x y) (EQ (ite |@true| x y) x))) + +(BG_PUSH + ;; Why axiom ite_false + (FORALL (x y) (EQ (ite |@false| x y) y))) + +(BG_PUSH + ;; Why axiom lt_int_bool_axiom + (FORALL (x y) (IFF (EQ (lt_int_bool x y) |@true|) (< x y)))) + +(BG_PUSH + ;; Why axiom le_int_bool_axiom + (FORALL (x y) (IFF (EQ (le_int_bool x y) |@true|) (<= x y)))) + +(BG_PUSH + ;; Why axiom gt_int_bool_axiom + (FORALL (x y) (IFF (EQ (gt_int_bool x y) |@true|) (> x y)))) + +(BG_PUSH + ;; Why axiom ge_int_bool_axiom + (FORALL (x y) (IFF (EQ (ge_int_bool x y) |@true|) (>= x y)))) + +(BG_PUSH + ;; Why axiom eq_int_bool_axiom + (FORALL (x y) (IFF (EQ (eq_int_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_int_bool_axiom + (FORALL (x y) (IFF (EQ (neq_int_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom abs_int_pos + (FORALL (x) (IMPLIES (>= x 0) (EQ (abs_int x) x)))) + +(BG_PUSH + ;; Why axiom abs_int_neg + (FORALL (x) (IMPLIES (<= x 0) (EQ (abs_int x) (- 0 x))))) + +(BG_PUSH + ;; Why axiom int_max_is_ge + (FORALL (x y) (AND (>= (int_max x y) x) (>= (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_max_is_some + (FORALL (x y) (OR (EQ (int_max x y) x) (EQ (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_le + (FORALL (x y) (AND (<= (int_min x y) x) (<= (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_some + (FORALL (x y) (OR (EQ (int_min x y) x) (EQ (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom real_of_int_zero + (EQ (real_of_int 0) real_constant_0_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_one + (EQ (real_of_int 1) real_constant_1_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_add + (FORALL (x y) + (EQ (real_of_int (+ x y)) (real_add (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom real_of_int_sub + (FORALL (x y) + (EQ (real_of_int (- x y)) (real_sub (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom truncate_down_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (AND (EQ (le_real (real_of_int (truncate_real_to_int x)) x) |@true|) + (EQ (lt_real x (real_of_int (+ (truncate_real_to_int x) 1))) |@true|))))) + +(BG_PUSH + ;; Why axiom truncate_up_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (AND (EQ (lt_real (real_of_int (- (truncate_real_to_int x) 1)) x) |@true|) + (EQ (le_real x (real_of_int (truncate_real_to_int x))) |@true|))))) + +(BG_PUSH + ;; Why axiom lt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (lt_real_bool x y) |@true|) (EQ (lt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom le_real_bool_axiom + (FORALL (x y) + (IFF (EQ (le_real_bool x y) |@true|) (EQ (le_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom gt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (gt_real_bool x y) |@true|) (EQ (gt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom ge_real_bool_axiom + (FORALL (x y) + (IFF (EQ (ge_real_bool x y) |@true|) (EQ (ge_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom eq_real_bool_axiom + (FORALL (x y) (IFF (EQ (eq_real_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_real_bool_axiom + (FORALL (x y) (IFF (EQ (neq_real_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom real_max_is_ge + (FORALL (x y) + (AND (EQ (ge_real (real_max x y) x) |@true|) + (EQ (ge_real (real_max x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_max_is_some + (FORALL (x y) (OR (EQ (real_max x y) x) (EQ (real_max x y) y)))) + +(BG_PUSH + ;; Why axiom real_min_is_le + (FORALL (x y) + (AND (EQ (le_real (real_min x y) x) |@true|) + (EQ (le_real (real_min x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_min_is_some + (FORALL (x y) (OR (EQ (real_min x y) x) (EQ (real_min x y) y)))) + +(BG_PUSH + ;; Why axiom sqr_real_def + (FORALL (x) (EQ (sqr_real x) (real_mul x x)))) + +(BG_PUSH + ;; Why axiom sqrt_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (ge_real (real_sqrt x) real_constant_0_0e) |@true|)))) + +(BG_PUSH + ;; Why axiom sqrt_sqr + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (sqr_real (real_sqrt x)) x)))) + +(BG_PUSH + ;; Why axiom sqr_sqrt + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (real_sqrt (real_mul x x)) x)))) + +(BG_PUSH + ;; Why axiom abs_real_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) (EQ (real_abs x) x)))) + +(BG_PUSH + ;; Why axiom abs_real_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (EQ (real_abs x) (real_neg x))))) + +(BG_PUSH + ;; Why axiom log_exp + (FORALL (x) (EQ (log (exp x)) x))) + +(BG_PUSH + ;; Why axiom exp_log + (FORALL (x) + (IMPLIES (EQ (gt_real x real_constant_0_0e) |@true|) (EQ (exp (log x)) x)))) + +(BG_PUSH + ;; Why axiom prod_pos + (FORALL (x y) + (AND + (IMPLIES + (AND (EQ (gt_real x real_constant_0_0e) |@true|) + (EQ (gt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|)) + (IMPLIES + (AND (EQ (lt_real x real_constant_0_0e) |@true|) + (EQ (lt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|))))) + +(BG_PUSH + ;; Why axiom abs_minus + (FORALL (x) (EQ (real_abs (real_neg x)) (real_abs x)))) + +(BG_PUSH + ;; Why axiom math_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (math_div x y)) (math_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (math_div x y)) (math_mod x y))))))) + +(BG_PUSH + ;; Why axiom math_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) + (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))))) + +(BG_PUSH + ;; Why axiom computer_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))))) + +(BG_PUSH + ;; Why axiom computer_div_bound + (FORALL (x y) + (IMPLIES (AND (>= x 0) (> y 0)) + (AND (<= 0 (computer_div x y)) (<= (computer_div x y) x))))) + +(BG_PUSH + ;; Why axiom computer_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) (< (abs_int (computer_mod x y)) (abs_int y)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (< (abs_int (computer_mod x y)) (abs_int y)))))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_pos + (FORALL (x y) (IMPLIES (AND (>= x 0) (NEQ y 0)) (>= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_neg + (FORALL (x y) (IMPLIES (AND (<= x 0) (NEQ y 0)) (<= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_rounds_toward_zero + (FORALL (x y) + (IMPLIES (NEQ y 0) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))))) + +(DEFPRED (valid a p) (AND (<= (offset_min a p) 0) (>= (offset_max a p) 0))) + +(DEFPRED (same_block p q) (EQ (base_block p) (base_block q))) + +(BG_PUSH + ;; Why axiom address_injective + (FORALL (p q) (IFF (EQ p q) (EQ (address p) (address q))))) + +(BG_PUSH + ;; Why axiom address_null + (EQ (address null) 0)) + +(BG_PUSH + ;; Why axiom address_shift_lt + (FORALL (p i j) + (IFF (< (address (shift p i)) (address (shift p j))) (< i j)))) + +(BG_PUSH + ;; Why axiom address_shift_le + (FORALL (p i j) + (IFF (<= (address (shift p i)) (address (shift p j))) (<= i j)))) + +(BG_PUSH + ;; Why axiom shift_zero + (FORALL (p) (EQ (shift p 0) p))) + +(BG_PUSH + ;; Why axiom shift_shift + (FORALL (p i j) (EQ (shift (shift p i) j) (shift p (+ i j))))) + +(BG_PUSH + ;; Why axiom offset_max_shift + (FORALL (a p i) (EQ (offset_max a (shift p i)) (- (offset_max a p) i)))) + +(BG_PUSH + ;; Why axiom offset_min_shift + (FORALL (a p i) (EQ (offset_min a (shift p i)) (- (offset_min a p) i)))) + +(BG_PUSH + ;; Why axiom neq_shift + (FORALL (p i j) (IMPLIES (NEQ i j) (NEQ (shift p i) (shift p j)))) + + (FORALL (i j) + (IMPLIES (NEQ i j) (FORALL (p) (NEQ (shift p i) (shift p j)))))) + +(BG_PUSH + ;; Why axiom null_not_valid + (FORALL (a) (NOT (valid a null)))) + +(BG_PUSH + ;; Why axiom null_pointer + (FORALL (a) + (AND (>= (offset_min a null) 0) (<= (offset_max a null) (- 0 2))))) + +(BG_PUSH + ;; Why axiom eq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (eq_pointer_bool p1 p2) |@true|) (EQ p1 p2)))) + +(BG_PUSH + ;; Why axiom neq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (neq_pointer_bool p1 p2) |@true|) (NEQ p1 p2)))) + +(BG_PUSH + ;; Why axiom same_block_shift_right + (FORALL (p q i) (IMPLIES (same_block p q) (same_block p (shift q i)))) + + (FORALL (p q) + (IMPLIES (same_block p q) (FORALL (i) (same_block p (shift q i)))))) + +(BG_PUSH + ;; Why axiom same_block_shift_left + (FORALL (p q i) (IMPLIES (same_block q p) (same_block (shift q i) p))) + + (FORALL (p q) + (IMPLIES (same_block q p) (FORALL (i) (same_block (shift q i) p))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift + (FORALL (p q) (IMPLIES (same_block p q) (EQ p (shift q (sub_pointer p q)))))) + +(BG_PUSH + ;; Why axiom sub_pointer_self + (FORALL (p) (EQ (sub_pointer p p) 0))) + +(BG_PUSH + ;; Why axiom sub_pointer_zero + (FORALL (p q) + (IMPLIES (same_block p q) (IMPLIES (EQ (sub_pointer p q) 0) (EQ p q))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_left + (FORALL (p q i) (EQ (sub_pointer (shift p i) q) (+ (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_right + (FORALL (p q i) (EQ (sub_pointer p (shift q i)) (- (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom select_store_eq + (FORALL (m p1 p2 a) + (IMPLIES (EQ p1 p2) (EQ (select (|why__store| m p1 a) p2) a))) + + (FORALL (p1 p2) + (IMPLIES (EQ p1 p2) (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) a))))) + +(BG_PUSH + ;; Why axiom select_store_neq + (FORALL (m p1 p2 a) + (IMPLIES (NEQ p1 p2) (EQ (select (|why__store| m p1 a) p2) (select m p2)))) + + (FORALL (p1 p2) + (IMPLIES (NEQ p1 p2) + (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) (select m p2)))))) + +(DEFPRED (pset_disjoint ps1 ps2) + (FORALL (p) + (NOT (AND (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|))))) + +(DEFPRED (pset_included ps1 ps2) + (FORALL (p) + (IMPLIES (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|)))) + +(BG_PUSH + ;; Why axiom pset_included_self + (FORALL (ps) (pset_included ps ps))) + +(BG_PUSH + ;; Why axiom pset_included_range + (FORALL (ps a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (pset_included (pset_range ps a b) (pset_range ps c d)))) + + (FORALL (a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (FORALL (ps) (pset_included (pset_range ps a b) (pset_range ps c d)))))) + +(BG_PUSH + ;; Why axiom pset_included_range_all + (FORALL (ps a b c d) (pset_included (pset_range ps a b) (pset_all ps)))) + +(BG_PUSH + ;; Why axiom in_pset_empty + (FORALL (p) (NOT (EQ (in_pset p pset_empty) |@true|)))) + +(BG_PUSH + ;; Why axiom in_pset_singleton + (FORALL (p q) (IFF (EQ (in_pset p (pset_singleton q)) |@true|) (EQ p q)))) + +(BG_PUSH + ;; Why axiom in_pset_deref + (FORALL (p m q) + (IFF (EQ (in_pset p (pset_deref m q)) |@true|) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))))))) + +(BG_PUSH + ;; Why axiom in_pset_all + (FORALL (p q) + (IFF (EQ (in_pset p (pset_all q)) |@true|) + (EXISTS (i) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))) + +(BG_PUSH + ;; Why axiom in_pset_range + (FORALL (p q a b) + (IFF (EQ (in_pset p (pset_range q a b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_left + (FORALL (p q b) + (IFF (EQ (in_pset p (pset_range_left q b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_right + (FORALL (p q a) + (IFF (EQ (in_pset p (pset_range_right q a)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_union + (FORALL (p s1 s2) + (IFF (EQ (in_pset p (pset_union s1 s2)) |@true|) + (OR (EQ (in_pset p s1) |@true|) (EQ (in_pset p s2) |@true|))))) + +(BG_PUSH + ;; Why axiom valid_pset_empty + (FORALL (a) (EQ (valid_pset a pset_empty) |@true|))) + +(BG_PUSH + ;; Why axiom valid_pset_singleton + (FORALL (a p) + (IFF (EQ (valid_pset a (pset_singleton p)) |@true|) (valid a p)))) + +(BG_PUSH + ;; Why axiom valid_pset_deref + (FORALL (a m q) + (IFF (EQ (valid_pset a (pset_deref m q)) |@true|) + (FORALL (r p) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))) (valid a p)))))) + +(BG_PUSH + ;; Why axiom valid_pset_range + (FORALL (a q c d) + (IFF (EQ (valid_pset a (pset_range q c d)) |@true|) + (FORALL (i r) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (AND (<= c i) (<= i d))) + (valid a (shift r i))))))) + +(BG_PUSH + ;; Why axiom valid_pset_union + (FORALL (a s1 s2) + (IFF (EQ (valid_pset a (pset_union s1 s2)) |@true|) + (AND (EQ (valid_pset a s1) |@true|) (EQ (valid_pset a s2) |@true|))))) + +(DEFPRED (not_assigns a m1 m2 l) + (FORALL (p) + (IMPLIES (AND (valid a p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (select m2 p) (select m1 p))))) + +(BG_PUSH + ;; Why axiom not_assigns_refl + (FORALL (a m l) (not_assigns a m m l))) + +(BG_PUSH + ;; Why axiom not_assigns_trans + (FORALL (a m1 m2 m3 l) + (IMPLIES (not_assigns a m1 m2 l) + (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))) + + (FORALL (a m1 m2 l) + (IMPLIES (not_assigns a m1 m2 l) + (FORALL (m3) (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))))) + +(BG_PUSH + ;; Why axiom full_separated_shift1 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift2 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift3 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift4 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom subtag_bool_def + (FORALL (t1 t2) + (IFF (EQ (subtag_bool t1 t2) |@true|) (EQ (subtag t1 t2) |@true|)))) + +(BG_PUSH + ;; Why axiom subtag_refl + (FORALL (t) (EQ (subtag t t) |@true|))) + +(BG_PUSH + ;; Why axiom subtag_parent + (FORALL (t1 t2 t3) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))) + + (FORALL (t1 t2) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (FORALL (t3) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))))) + +(DEFPRED (instanceof a p t) (EQ (subtag (typeof a p) t) |@true|)) + +(BG_PUSH + ;; Why axiom downcast_instanceof + (FORALL (a p s) (IMPLIES (instanceof a p s) (EQ (downcast a p s) p)))) + +(BG_PUSH + ;; Why axiom bottom_tag_axiom + (FORALL (t) (EQ (subtag t bottom_tag) |@true|))) + +(DEFPRED (root_tag t) (EQ (parenttag t bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom root_subtag + (FORALL (a b c) + (IMPLIES (root_tag a) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|))))))) + + (FORALL (a) + (IMPLIES (root_tag a) + (FORALL (b) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (FORALL (c) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|)))))))))) + +(DEFPRED (fully_packed tag_table mutable this) + (EQ (select mutable this) (typeof tag_table this))) + +(BG_PUSH + ;; Why axiom bw_and_not_null + (FORALL (a b) (IMPLIES (NEQ (bw_and a b) 0) (AND (NEQ a 0) (NEQ b 0))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsl a b))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_monotone + (FORALL (a1 a2 b) + (IMPLIES (AND (<= 0 a1) (AND (<= a1 a2) (<= 0 b))) + (<= (lsl a1 b) (lsl a2 b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_decreases + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_positive_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (asr a b))))) + +(BG_PUSH + ;; Why axiom asr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (asr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_lsr_same_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (asr a b) (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsl_of_lsr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsl (lsr a b) b) a)))) + +(BG_PUSH + ;; Why axiom lsr_of_lsl_identity_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (lsr (lsl a b) b) a)))) + +(DEFPRED (alloc_fresh a p n) + (FORALL (i) (IMPLIES (AND (<= 0 i) (< i n)) (NOT (valid a (shift p i)))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_min + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_max + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_not_assigns_empty + (FORALL (a1 a2 m1 m2 l p n) + (IMPLIES + (AND (EQ (alloc_extends a1 a2) |@true|) + (AND (alloc_fresh a1 p n) + (AND (not_assigns a2 m1 m2 l) + (pset_included l (pset_all (pset_singleton p)))))) + (not_assigns a1 m1 m2 pset_empty)))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_min + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_max + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom disj_sym + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) (EQ (disj_mybag s2 s1) |@true|)))) + +(BG_PUSH + ;; Why axiom sub_refl + (FORALL (sa) (EQ (sub_mybag sa sa) |@true|))) + +(BG_PUSH + ;; Why axiom sub_disj + (FORALL (s1 s2 s3) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))) + + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (FORALL (s3) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))))) + +(BG_PUSH + ;; Why axiom sub_in + (FORALL (s1 s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))) + + (FORALL (s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (FORALL (s1) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_refl + (FORALL (sa m) (EQ (frame_between sa m m) |@true|))) + +(BG_PUSH + ;; Why axiom frame_between_gen + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (FORALL (v) (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen2 + (FORALL (sa m1 m2 m3) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub1 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 s13) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (FORALL (m2 m1) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s23 m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub2 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 m1 m2) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s13 s23) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_pointer + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (EQ (select m1 p) (select m2 p))))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (FORALL (v) (EQ (select m1 p) (select m2 p)))))))) + +(BG_PUSH + ;; Why axiom frame_between_sub + (FORALL (sa sb m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (sb) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))))) + +(BG_PUSH + ;; Why axiom Exception_parenttag_Object + (EQ (parenttag Exception_tag Object_tag) |@true|)) + +(DEFPRED (Non_null_Object x_1 Object_alloc_table) + (>= (offset_max Object_alloc_table x_1) 0)) + +(DEFPRED (Non_null_intM x_0 Object_alloc_table) + (>= (offset_max Object_alloc_table x_0) (- 0 1))) + +(BG_PUSH + ;; Why axiom Object_int + (EQ (int_of_tag Object_tag) 1)) + +(BG_PUSH + ;; Why axiom Object_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (Object_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom Object_parenttag_bottom + (EQ (parenttag Object_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Object_tags + (FORALL (x Object_tag_table) (instanceof Object_tag_table x Object_tag))) + +(BG_PUSH + ;; Why axiom String_parenttag_Object + (EQ (parenttag String_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Throwable_parenttag_Object + (EQ (parenttag Throwable_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom intM_parenttag_Object + (EQ (parenttag intM_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom interface_int + (EQ (int_of_tag interface_tag) 1)) + +(BG_PUSH + ;; Why axiom interface_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (interface_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom interface_parenttag_bottom + (EQ (parenttag interface_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom interface_tags + (FORALL (x interface_tag_table) + (instanceof interface_tag_table x interface_tag))) + +(DEFPRED (left_valid_struct_Object p a Object_alloc_table) + (<= (offset_min Object_alloc_table p) a)) + +(DEFPRED (left_valid_struct_Exception p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_String p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Throwable p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_intM p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_interface p a interface_alloc_table) + (<= (offset_min interface_alloc_table p) a)) + +(DEFPRED (left_valid_struct_negate p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(BG_PUSH + ;; Why axiom negate_parenttag_Object + (EQ (parenttag negate_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom pointer_addr_of_Object_of_pointer_address + (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_interface_of_pointer_address + (FORALL (p) (EQ p (pointer_address (interface_of_pointer_address p))))) + +(DEFPRED (right_valid_struct_Object p b Object_alloc_table) + (>= (offset_max Object_alloc_table p) b)) + +(DEFPRED (right_valid_struct_Exception p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_String p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Throwable p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_intM p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_interface p b interface_alloc_table) + (>= (offset_max interface_alloc_table p) b)) + +(DEFPRED (right_valid_struct_negate p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (strict_valid_root_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_root_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Exception p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_String p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Throwable p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_intM p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_negate p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_root_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_root_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_struct_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_struct_Exception p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_String p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Throwable p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_intM p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_struct_negate p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +;; negate_negate_ensures_default_po_1, File "HOME/tests/java/Negate.java", line 44, characters 7-13 +(FORALL (t) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(<= 0 0)))) + +;; negate_negate_ensures_default_po_2, File "HOME/tests/java/Negate.java", line 44, characters 12-25 +(FORALL (t) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(<= 0 (+ (offset_max Object_alloc_table t) 1))))) + +;; negate_negate_ensures_default_po_3, File "HOME/tests/java/Negate.java", line 45, characters 8-64 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (k_0) +(IMPLIES (AND (<= 0 k_0) (< k_0 0)) +(EQ (select intM_intP (shift t k_0)) (- 0 (select intM_intP (shift t k_0)))))))))) + +;; negate_negate_ensures_default_po_4, File "HOME/tests/java/Negate.jc", line 75, characters 6-1025 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(not_assigns +Object_alloc_table intM_intP intM_intP (pset_range + (pset_singleton t) 0 (- (+ (offset_max + Object_alloc_table t) 1) 1))))))) + +;; negate_negate_ensures_default_po_5, File "HOME/tests/java/Negate.java", line 44, characters 7-13 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES (AND + (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) + (not_assigns + Object_alloc_table intM_intP intM_intP0 (pset_range + (pset_singleton t) 0 + (- (+ (offset_max + Object_alloc_table t) 1) 1)))) +(FORALL (result) +(IMPLIES (AND (<= result constant_too_large_2147483647) + (AND (>= result 0) + (EQ result (+ (offset_max Object_alloc_table t) 1)))) +(IMPLIES (< i result) +(FORALL (result0) +(IMPLIES (EQ result0 (select intM_intP0 (shift t i))) +(FORALL (intM_intP1) +(IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t i) (- 0 result0))) +(FORALL (i0) (IMPLIES (EQ i0 (+ i 1)) (<= 0 i0))))))))))))))))) + +;; negate_negate_ensures_default_po_6, File "HOME/tests/java/Negate.java", line 44, characters 12-25 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES (AND + (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) + (not_assigns + Object_alloc_table intM_intP intM_intP0 (pset_range + (pset_singleton t) 0 + (- (+ (offset_max + Object_alloc_table t) 1) 1)))) +(FORALL (result) +(IMPLIES (AND (<= result constant_too_large_2147483647) + (AND (>= result 0) + (EQ result (+ (offset_max Object_alloc_table t) 1)))) +(IMPLIES (< i result) +(FORALL (result0) +(IMPLIES (EQ result0 (select intM_intP0 (shift t i))) +(FORALL (intM_intP1) +(IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t i) (- 0 result0))) +(FORALL (i0) +(IMPLIES (EQ i0 (+ i 1)) (<= i0 (+ (offset_max Object_alloc_table t) 1)))))))))))))))))) + +;; negate_negate_ensures_default_po_7, File "HOME/tests/java/Negate.java", line 45, characters 8-64 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES (AND + (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) + (not_assigns + Object_alloc_table intM_intP intM_intP0 (pset_range + (pset_singleton t) 0 + (- (+ (offset_max + Object_alloc_table t) 1) 1)))) +(FORALL (result) +(IMPLIES (AND (<= result constant_too_large_2147483647) + (AND (>= result 0) + (EQ result (+ (offset_max Object_alloc_table t) 1)))) +(IMPLIES (< i result) +(FORALL (result0) +(IMPLIES (EQ result0 (select intM_intP0 (shift t i))) +(FORALL (intM_intP1) +(IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t i) (- 0 result0))) +(FORALL (i0) +(IMPLIES (EQ i0 (+ i 1)) +(FORALL (k_0) +(IMPLIES (AND (<= 0 k_0) (< k_0 i0)) +(EQ (select intM_intP1 (shift t k_0)) (- 0 (select intM_intP (shift t k_0)))))))))))))))))))))) + +;; negate_negate_ensures_default_po_8, File "HOME/tests/java/Negate.java", line 46, characters 8-70 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES (AND + (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) + (not_assigns + Object_alloc_table intM_intP intM_intP0 (pset_range + (pset_singleton t) 0 + (- (+ (offset_max + Object_alloc_table t) 1) 1)))) +(FORALL (result) +(IMPLIES (AND (<= result constant_too_large_2147483647) + (AND (>= result 0) + (EQ result (+ (offset_max Object_alloc_table t) 1)))) +(IMPLIES (< i result) +(FORALL (result0) +(IMPLIES (EQ result0 (select intM_intP0 (shift t i))) +(FORALL (intM_intP1) +(IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t i) (- 0 result0))) +(FORALL (i0) +(IMPLIES (EQ i0 (+ i 1)) +(FORALL (k_1) +(IMPLIES (AND (<= i0 k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) +(EQ (select intM_intP1 (shift t k_1)) (select intM_intP (shift t k_1))))))))))))))))))))) + +;; negate_negate_ensures_default_po_9, File "HOME/tests/java/Negate.jc", line 75, characters 6-1025 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES (AND + (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) + (not_assigns + Object_alloc_table intM_intP intM_intP0 (pset_range + (pset_singleton t) 0 + (- (+ (offset_max + Object_alloc_table t) 1) 1)))) +(FORALL (result) +(IMPLIES (AND (<= result constant_too_large_2147483647) + (AND (>= result 0) + (EQ result (+ (offset_max Object_alloc_table t) 1)))) +(IMPLIES (< i result) +(FORALL (result0) +(IMPLIES (EQ result0 (select intM_intP0 (shift t i))) +(FORALL (intM_intP1) +(IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t i) (- 0 result0))) +(FORALL (i0) +(IMPLIES (EQ i0 (+ i 1)) +(not_assigns +Object_alloc_table intM_intP intM_intP1 (pset_range + (pset_singleton t) 0 (- (+ (offset_max + Object_alloc_table t) 1) 1))))))))))))))))))) + +;; negate_negate_ensures_default_po_10, File "HOME/tests/java/Negate.java", line 39, characters 16-76 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES (AND + (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) + (not_assigns + Object_alloc_table intM_intP intM_intP0 (pset_range + (pset_singleton t) 0 + (- (+ (offset_max + Object_alloc_table t) 1) 1)))) +(FORALL (result) +(IMPLIES (AND (<= result constant_too_large_2147483647) + (AND (>= result 0) + (EQ result (+ (offset_max Object_alloc_table t) 1)))) +(IMPLIES (>= i result) +(FORALL (k) +(IMPLIES (AND (<= 0 k) (< k (+ (offset_max Object_alloc_table t) 1))) +(EQ (select intM_intP0 (shift t k)) (- 0 (select intM_intP (shift t k)))))))))))))))) + +;; negate_negate_safety_po_1, File "why/Negate.why", line 605, characters 31-154 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) +(>= (offset_max Object_alloc_table t) (- 0 1)))))))))) + +;; negate_negate_safety_po_2, File "HOME/tests/java/Negate.java", line 51, characters 13-17 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) +(IMPLIES (>= (offset_max Object_alloc_table t) (- 0 1)) +(FORALL (result) +(IMPLIES (AND (<= result constant_too_large_2147483647) + (AND (>= result 0) + (EQ result (+ (offset_max Object_alloc_table t) 1)))) +(IMPLIES (< i result) (<= (offset_min Object_alloc_table t) i))))))))))))) + +;; negate_negate_safety_po_3, File "HOME/tests/java/Negate.java", line 51, characters 13-17 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) +(IMPLIES (>= (offset_max Object_alloc_table t) (- 0 1)) +(FORALL (result) +(IMPLIES (AND (<= result constant_too_large_2147483647) + (AND (>= result 0) + (EQ result (+ (offset_max Object_alloc_table t) 1)))) +(IMPLIES (< i result) (<= i (offset_max Object_alloc_table t)))))))))))))) + +;; negate_negate_safety_po_4, File "HOME/tests/java/Negate.java", line 48, characters 18-28 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) +(IMPLIES (>= (offset_max Object_alloc_table t) (- 0 1)) +(FORALL (result) +(IMPLIES (AND (<= result constant_too_large_2147483647) + (AND (>= result 0) + (EQ result (+ (offset_max Object_alloc_table t) 1)))) +(IMPLIES (< i result) +(IMPLIES (AND (<= (offset_min Object_alloc_table t) i) + (<= i (offset_max Object_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intM_intP0 (shift t i))) +(IMPLIES (AND (<= (offset_min Object_alloc_table t) i) + (<= i (offset_max Object_alloc_table t))) +(FORALL (intM_intP1) +(IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t i) (- 0 result0))) +(FORALL (i0) +(IMPLIES (EQ i0 (+ i 1)) +(<= 0 (- (+ (offset_max Object_alloc_table t) 1) i)))))))))))))))))))))) + +;; negate_negate_safety_po_5, File "HOME/tests/java/Negate.java", line 48, characters 18-28 +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (Non_null_intM t Object_alloc_table)) +(FORALL (i) +(FORALL (intM_intP0) +(IMPLIES TRUE +(IMPLIES (AND (<= 0 i) + (AND (<= i (+ (offset_max Object_alloc_table t) 1)) + (AND + (FORALL (k_0) + (IMPLIES (AND (<= 0 k_0) (< k_0 i)) + (EQ (select intM_intP0 (shift t k_0)) + (- 0 (select intM_intP (shift t k_0)))))) + (FORALL (k_1) + (IMPLIES + (AND (<= i k_1) (< k_1 (+ (offset_max Object_alloc_table t) 1))) + (EQ (select intM_intP0 (shift t k_1)) + (select intM_intP (shift t k_1)))))))) +(IMPLIES (>= (offset_max Object_alloc_table t) (- 0 1)) +(FORALL (result) +(IMPLIES (AND (<= result constant_too_large_2147483647) + (AND (>= result 0) + (EQ result (+ (offset_max Object_alloc_table t) 1)))) +(IMPLIES (< i result) +(IMPLIES (AND (<= (offset_min Object_alloc_table t) i) + (<= i (offset_max Object_alloc_table t))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intM_intP0 (shift t i))) +(IMPLIES (AND (<= (offset_min Object_alloc_table t) i) + (<= i (offset_max Object_alloc_table t))) +(FORALL (intM_intP1) +(IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t i) (- 0 result0))) +(FORALL (i0) +(IMPLIES (EQ i0 (+ i 1)) +(< (- (+ (offset_max Object_alloc_table t) 1) i0) (- (+ (offset_max + Object_alloc_table t) 1) i)))))))))))))))))))))) + +========== running Simplify ========== +Running Simplify on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +simplify/Negate_why.sx : ............... (15/0/0/0/0) +total : 15 +valid : 15 (100%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 0 ( 0%) +failure : 0 ( 0%) +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/Negate.why +========== file tests/java/why/Negate_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type interface + +logic Exception_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +predicate Non_null_Object(x_1: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_1) >= 0) + +predicate Non_null_intM(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= (-1)) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic intM_tag : Object tag_id + +axiom intM_parenttag_Object: parenttag(intM_tag, Object_tag) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_intM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +predicate left_valid_struct_negate(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +logic negate_tag : Object tag_id + +axiom negate_parenttag_Object: parenttag(negate_tag, Object_tag) + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_intM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +predicate right_valid_struct_negate(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_negate(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_negate(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +goal negate_negate_ensures_default_po_1: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + ("JC_68": ("JC_64": (0 <= 0))) + +goal negate_negate_ensures_default_po_2: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + ("JC_68": ("JC_65": (0 <= (offset_max(Object_alloc_table, t) + 1)))) + +goal negate_negate_ensures_default_po_3: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall k_0:int. + ((0 <= k_0) and (k_0 < 0)) -> + ("JC_68": + ("JC_66": (select(intM_intP, shift(t, k_0)) = (-select(intM_intP, shift(t, + k_0)))))) + +goal negate_negate_ensures_default_po_4: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1)))) + +goal negate_negate_ensures_default_po_5: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + ("JC_68": ("JC_64": (0 <= i0))) + +goal negate_negate_ensures_default_po_6: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + ("JC_68": ("JC_65": (i0 <= (offset_max(Object_alloc_table, t) + 1)))) + +goal negate_negate_ensures_default_po_7: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + forall k_0:int. + ((0 <= k_0) and (k_0 < i0)) -> + ("JC_68": + ("JC_66": (select(intM_intP1, shift(t, k_0)) = (-select(intM_intP, shift(t, + k_0)))))) + +goal negate_negate_ensures_default_po_8: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + forall k_1:int. + ((i0 <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + ("JC_68": + ("JC_67": (select(intM_intP1, shift(t, k_1)) = select(intM_intP, shift(t, + k_1))))) + +goal negate_negate_ensures_default_po_9: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP1, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1)))) + +goal negate_negate_ensures_default_po_10: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + (("JC_68": + (("JC_64": (0 <= i)) and + (("JC_65": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_66": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_67": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) and + ("JC_70": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_range(pset_singleton(t), 0, ((offset_max(Object_alloc_table, + t) + 1) - 1))))) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i >= result) -> + forall k:int. + ((0 <= k) and (k < (offset_max(Object_alloc_table, t) + 1))) -> + ("JC_45": + ("JC_43": (select(intM_intP0, shift(t, k)) = (-select(intM_intP, shift(t, + k)))))) + +goal negate_negate_safety_po_1: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + ("JC_57": true) -> + ("JC_55": + (("JC_51": (0 <= i)) and + (("JC_52": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_53": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_54": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) -> + (offset_max(Object_alloc_table, t) >= (-1)) + +goal negate_negate_safety_po_2: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + ("JC_57": true) -> + ("JC_55": + (("JC_51": (0 <= i)) and + (("JC_52": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_53": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_54": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) -> + (offset_max(Object_alloc_table, t) >= (-1)) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + (offset_min(Object_alloc_table, t) <= i) + +goal negate_negate_safety_po_3: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + ("JC_57": true) -> + ("JC_55": + (("JC_51": (0 <= i)) and + (("JC_52": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_53": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_54": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) -> + (offset_max(Object_alloc_table, t) >= (-1)) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + (i <= offset_max(Object_alloc_table, t)) + +goal negate_negate_safety_po_4: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + ("JC_57": true) -> + ("JC_55": + (("JC_51": (0 <= i)) and + (("JC_52": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_53": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_54": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) -> + (offset_max(Object_alloc_table, t) >= (-1)) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + ((offset_min(Object_alloc_table, t) <= i) and + (i <= offset_max(Object_alloc_table, t))) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + ((offset_min(Object_alloc_table, t) <= i) and + (i <= offset_max(Object_alloc_table, t))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + (0 <= ("JC_63": ((offset_max(Object_alloc_table, t) + 1) - i))) + +goal negate_negate_safety_po_5: + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + ("JC_41": Non_null_intM(t, Object_alloc_table))) -> + forall i:int. + forall intM_intP0:(Object, + int) memory. + ("JC_57": true) -> + ("JC_55": + (("JC_51": (0 <= i)) and + (("JC_52": (i <= (offset_max(Object_alloc_table, t) + 1))) and + (("JC_53": + (forall k_0:int. + (((0 <= k_0) and (k_0 < i)) -> (select(intM_intP0, shift(t, + k_0)) = (-select(intM_intP, shift(t, k_0))))))) and + ("JC_54": + (forall k_1:int. + (((i <= k_1) and (k_1 < (offset_max(Object_alloc_table, t) + 1))) -> + (select(intM_intP0, shift(t, k_1)) = select(intM_intP, shift(t, + k_1)))))))))) -> + (offset_max(Object_alloc_table, t) >= (-1)) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t) + 1))))) -> + (i < result) -> + ((offset_min(Object_alloc_table, t) <= i) and + (i <= offset_max(Object_alloc_table, t))) -> + forall result0:int. + (result0 = select(intM_intP0, shift(t, i))) -> + ((offset_min(Object_alloc_table, t) <= i) and + (i <= offset_max(Object_alloc_table, t))) -> + forall intM_intP1:(Object, + int) memory. + (intM_intP1 = store(intM_intP0, shift(t, i), (-result0))) -> + forall i0:int. + (i0 = (i + 1)) -> + (("JC_63": ((offset_max(Object_alloc_table, t) + 1) - i0)) < ("JC_63": + ((offset_max(Object_alloc_table, + t) + 1) - i))) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/Negate_why.why : ............... (15/0/0/0/0) +total : 15 +valid : 15 (100%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 0 ( 0%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/PreAndOld.res.oracle why-2.30+dfsg/tests/java/oracle/PreAndOld.res.oracle --- why-2.29+dfsg/tests/java/oracle/PreAndOld.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/PreAndOld.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/java/PreAndOld.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ CheckArithOverflow = no @@ -9,7 +39,7 @@ class PreAndOld { static int y; - + /*@ ensures \result == \old(f(x)) @ && \result == f{Old}(x) @ && \result == \at(f(x),Pre); @@ -20,7 +50,16 @@ return x+tmp; } } - + + + + + +/* +Local Variables: +compile-command: "make PreAndOld.why3ml" +End: +*/ ========== krakatoa execution ========== Parsing OK. @@ -36,7 +75,10 @@ # AbstractDomain = None predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -101,50 +143,50 @@ ========== file tests/java/PreAndOld.jloc ========== [K_1] file = "HOME/tests/java/PreAndOld.java" -line = 14 +line = 44 begin = 16 end = 40 [K_2] file = "HOME/tests/java/PreAndOld.java" -line = 13 +line = 43 begin = 16 end = 36 [K_3] file = "HOME/tests/java/PreAndOld.java" -line = 12 +line = 42 begin = 16 end = 37 [K_4] file = "HOME/tests/java/PreAndOld.java" -line = 12 +line = 42 begin = 16 end = 74 [K_5] file = "HOME/tests/java/PreAndOld.java" -line = 12 +line = 42 begin = 16 end = 115 [K_6] file = "HOME/tests/java/PreAndOld.java" -line = 19 +line = 49 begin = 15 end = 20 [K_7] file = "HOME/tests/java/PreAndOld.java" -line = 17 +line = 47 begin = 18 end = 19 [PreAndOld_g] name = "Method g" file = "HOME/tests/java/PreAndOld.java" -line = 16 +line = 46 begin = 8 end = 9 @@ -173,10 +215,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs PreAndOld.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/PreAndOld_why.sx @@ -237,6 +280,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/PreAndOld_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/PreAndOld_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -309,6 +359,9 @@ why3ide: why/PreAndOld_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: PreAndOld.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include PreAndOld.depend depend: coq/PreAndOld_why.v @@ -318,11 +371,17 @@ rm -f coq/*.vo ========== file tests/java/PreAndOld.loc ========== +[JC_40] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_1] file = "HOME/tests/java/PreAndOld.jc" -line = 32 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 [JC_2] file = "HOME/" @@ -332,9 +391,9 @@ [JC_3] file = "HOME/tests/java/PreAndOld.jc" -line = 32 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 [JC_4] file = "HOME/" @@ -368,13 +427,13 @@ [JC_9] file = "HOME/tests/java/PreAndOld.jc" -line = 34 -begin = 11 -end = 65 +line = 35 +begin = 8 +end = 23 [cons_PreAndOld_ensures_default] name = "Constructor of class PreAndOld" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -382,31 +441,31 @@ [PreAndOld_g_ensures_default] name = "Method g" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/PreAndOld.java" -line = 16 +line = 46 begin = 8 end = 9 [JC_10] -file = "HOME/tests/java/PreAndOld.jc" -line = 34 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [PreAndOld_g_safety] name = "Method g" behavior = "Safety" file = "HOME/tests/java/PreAndOld.java" -line = 16 +line = 46 begin = 8 end = 9 [JC_11] -file = "HOME/tests/java/PreAndOld.java" -line = 16 +file = "HOME/tests/java/PreAndOld.jc" +line = 35 begin = 8 -end = 9 +end = 23 [JC_12] file = "HOME/" @@ -415,128 +474,170 @@ end = -1 [JC_13] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_14] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_15] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_16] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_17] +file = "HOME/tests/java/PreAndOld.jc" +line = 37 +begin = 11 +end = 65 + +[JC_18] +file = "HOME/tests/java/PreAndOld.jc" +line = 37 +begin = 11 +end = 65 + +[JC_19] file = "HOME/tests/java/PreAndOld.java" -line = 16 +line = 46 begin = 8 end = 9 -[JC_14] +[JC_20] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_15] +[JC_21] +file = "HOME/tests/java/PreAndOld.java" +line = 46 +begin = 8 +end = 9 + +[JC_22] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_23] file = "HOME/tests/java/PreAndOld.java" -line = 12 +line = 42 begin = 16 end = 37 -[JC_16] +[JC_24] file = "HOME/tests/java/PreAndOld.java" -line = 13 +line = 43 begin = 16 end = 36 -[JC_17] +[JC_25] file = "HOME/tests/java/PreAndOld.java" -line = 14 +line = 44 begin = 16 end = 40 -[JC_18] +[JC_26] file = "HOME/tests/java/PreAndOld.java" -line = 12 +line = 42 begin = 16 end = 115 -[JC_19] +[JC_27] file = "HOME/tests/java/PreAndOld.java" -line = 12 +line = 42 begin = 16 end = 37 -[JC_20] +[JC_28] file = "HOME/tests/java/PreAndOld.java" -line = 13 +line = 43 begin = 16 end = 36 -[JC_21] +[JC_29] file = "HOME/tests/java/PreAndOld.java" -line = 14 +line = 44 begin = 16 end = 40 -[JC_22] +[JC_30] file = "HOME/tests/java/PreAndOld.java" -line = 12 +line = 42 begin = 16 end = 115 -[JC_23] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_24] +[JC_31] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_25] +[JC_32] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_26] +[cons_PreAndOld_safety] +name = "Constructor of class PreAndOld" +behavior = "Safety" file = "HOME/" line = 0 begin = -1 end = -1 -[JC_27] +[JC_33] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_28] +[JC_34] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_29] +[JC_35] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_30] +[JC_36] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_31] +[JC_37] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_32] +[JC_38] file = "HOME/" line = 0 begin = -1 end = -1 -[cons_PreAndOld_safety] -name = "Constructor of class PreAndOld" -behavior = "Safety" +[JC_39] file = "HOME/" line = 0 begin = -1 @@ -547,21 +648,15 @@ type interface -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -582,14 +677,10 @@ axiom PreAndOld_parenttag_Object : parenttag(PreAndOld_tag, Object_tag) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -704,32 +795,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PreAndOld(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -766,6 +831,12 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter Object_alloc_table : Object alloc_table ref parameter Object_tag_table : Object tag_table ref @@ -776,127 +847,23 @@ this_0:Object pointer -> x_2:int -> { } int reads Object_alloc_table,PreAndOld_y writes PreAndOld_y - { (JC_22: - ((JC_19: eq_int(result, f(x_2@, PreAndOld_y@))) - and ((JC_20: eq_int(result, f(x_2, PreAndOld_y@))) - and (JC_21: eq_int(result, f(x_2@, PreAndOld_y@)))))) } + { (JC_30: + ((JC_27: (result = f(x_2, PreAndOld_y@))) + and ((JC_28: (result = f(x_2, PreAndOld_y@))) + and (JC_29: (result = f(x_2, PreAndOld_y@)))))) } parameter PreAndOld_g_requires : this_0:Object pointer -> x_2:int -> { } int reads Object_alloc_table,PreAndOld_y writes PreAndOld_y - { (JC_22: - ((JC_19: eq_int(result, f(x_2@, PreAndOld_y@))) - and ((JC_20: eq_int(result, f(x_2, PreAndOld_y@))) - and (JC_21: eq_int(result, f(x_2@, PreAndOld_y@)))))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_PreAndOld : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_PreAndOld(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_PreAndOld_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_PreAndOld(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + { (JC_30: + ((JC_27: (result = f(x_2, PreAndOld_y@))) + and ((JC_28: (result = f(x_2, PreAndOld_y@))) + and (JC_29: (result = f(x_2, PreAndOld_y@)))))) } -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1040,6 +1007,10 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_PreAndOld : this_1:Object pointer -> { } unit reads Object_alloc_table { true } @@ -1049,15 +1020,15 @@ parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } let PreAndOld_g_ensures_default = @@ -1072,10 +1043,10 @@ (let jessie_ = (PreAndOld_y := (12)) in void); (return := (K_6: ((add_int x_2) tmp))); (raise Return) end); absurd end with Return -> !return end)) - { (JC_18: - ((JC_15: eq_int(result, f(x_2@, PreAndOld_y@))) - and ((JC_16: eq_int(result, f(x_2, PreAndOld_y@))) - and (JC_17: eq_int(result, f(x_2@, PreAndOld_y@)))))) } + { (JC_26: + ((JC_23: (result = f(x_2, PreAndOld_y@))) + and ((JC_24: (result = f(x_2, PreAndOld_y@))) + and (JC_25: (result = f(x_2, PreAndOld_y@)))))) } let PreAndOld_g_safety = fun (this_0 : Object pointer) (x_2 : int) -> @@ -1094,7 +1065,7 @@ fun (this_1 : Object pointer) -> { valid_struct_PreAndOld(this_1, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_29: true) } + { (JC_37: true) } let cons_PreAndOld_safety = fun (this_1 : Object pointer) -> @@ -1109,17 +1080,17 @@ - + - + - + - + @@ -2070,7 +2041,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -2210,32 +2181,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PreAndOld(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -2283,7 +2228,7 @@ (PreAndOld_y0 = 12) -> forall return:int. (return = (x_2 + PreAndOld_y)) -> - ("JC_18": ("JC_15": ("JC_15": (return = f(x_2, PreAndOld_y))))) + ("JC_26": ("JC_23": (return = f(x_2, PreAndOld_y)))) ========== file tests/java/why/PreAndOld_po2.why ========== goal PreAndOld_g_ensures_default_po_2: @@ -2296,7 +2241,7 @@ (PreAndOld_y0 = 12) -> forall return:int. (return = (x_2 + PreAndOld_y)) -> - ("JC_18": ("JC_16": ("JC_16": (return = f(x_2, PreAndOld_y))))) + ("JC_26": ("JC_24": (return = f(x_2, PreAndOld_y)))) ========== file tests/java/why/PreAndOld_po3.why ========== goal PreAndOld_g_ensures_default_po_3: @@ -2309,7 +2254,7 @@ (PreAndOld_y0 = 12) -> forall return:int. (return = (x_2 + PreAndOld_y)) -> - ("JC_18": ("JC_17": ("JC_17": (return = f(x_2, PreAndOld_y))))) + ("JC_26": ("JC_25": (return = f(x_2, PreAndOld_y)))) ========== generation of Simplify VC output ========== why -simplify [...] why/PreAndOld.why @@ -3133,7 +3078,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -3257,26 +3202,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_PreAndOld p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -3305,7 +3230,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; PreAndOld_g_ensures_default_po_1, File "HOME/tests/java/PreAndOld.java", line 12, characters 16-37 +;; PreAndOld_g_ensures_default_po_1, File "HOME/tests/java/PreAndOld.java", line 42, characters 16-37 (FORALL (this_0) (FORALL (x_2) (FORALL (Object_alloc_table) @@ -3316,7 +3241,7 @@ (FORALL (return) (IMPLIES (EQ return (+ x_2 PreAndOld_y)) (EQ return (f x_2 PreAndOld_y))))))))))) -;; PreAndOld_g_ensures_default_po_2, File "HOME/tests/java/PreAndOld.java", line 13, characters 16-36 +;; PreAndOld_g_ensures_default_po_2, File "HOME/tests/java/PreAndOld.java", line 43, characters 16-36 (FORALL (this_0) (FORALL (x_2) (FORALL (Object_alloc_table) @@ -3327,7 +3252,7 @@ (FORALL (return) (IMPLIES (EQ return (+ x_2 PreAndOld_y)) (EQ return (f x_2 PreAndOld_y))))))))))) -;; PreAndOld_g_ensures_default_po_3, File "HOME/tests/java/PreAndOld.java", line 14, characters 16-40 +;; PreAndOld_g_ensures_default_po_3, File "HOME/tests/java/PreAndOld.java", line 44, characters 16-40 (FORALL (this_0) (FORALL (x_2) (FORALL (Object_alloc_table) @@ -4292,7 +4217,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -4432,32 +4357,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PreAndOld(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -4504,7 +4403,7 @@ (PreAndOld_y0 = 12) -> forall return:int. (return = (x_2 + PreAndOld_y)) -> - ("JC_18": ("JC_15": ("JC_15": (return = f(x_2, PreAndOld_y))))) + ("JC_26": ("JC_23": (return = f(x_2, PreAndOld_y)))) goal PreAndOld_g_ensures_default_po_2: forall this_0:Object pointer. @@ -4516,7 +4415,7 @@ (PreAndOld_y0 = 12) -> forall return:int. (return = (x_2 + PreAndOld_y)) -> - ("JC_18": ("JC_16": ("JC_16": (return = f(x_2, PreAndOld_y))))) + ("JC_26": ("JC_24": (return = f(x_2, PreAndOld_y)))) goal PreAndOld_g_ensures_default_po_3: forall this_0:Object pointer. @@ -4528,7 +4427,7 @@ (PreAndOld_y0 = 12) -> forall return:int. (return = (x_2 + PreAndOld_y)) -> - ("JC_18": ("JC_17": ("JC_17": (return = f(x_2, PreAndOld_y))))) + ("JC_26": ("JC_25": (return = f(x_2, PreAndOld_y)))) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations diff -Nru why-2.29+dfsg/tests/java/oracle/Purse.res.oracle why-2.30+dfsg/tests/java/oracle/Purse.res.oracle --- why-2.29+dfsg/tests/java/oracle/Purse.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Purse.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -2,30 +2,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ //@+ CheckArithOverflow = no @@ -38,7 +40,7 @@ } public class Purse { - + private int balance; //@ invariant balance_non_negative: balance >= 0; @@ -79,6 +81,15 @@ } + + +/* +Local Variables: +compile-command: "make Purse.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -113,7 +124,7 @@ # AbstractDomain = None predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) logic integer Throwable_serialVersionUID = -3042686055658047285 @@ -121,6 +132,9 @@ logic integer Exception_serialVersionUID = -3387516993124229948 +String[0..] any_string() +; + tag Object = { } @@ -297,62 +311,62 @@ ========== file tests/java/Purse.jloc ========== [K_10] file = "HOME/tests/java/Purse.java" -line = 65 +line = 67 begin = 38 end = 55 [K_11] file = "HOME/tests/java/Purse.java" -line = 60 +line = 62 begin = 17 end = 23 [K_12] file = "HOME/tests/java/Purse.java" -line = 69 +line = 71 begin = 22 end = 29 [Purse_withdraw] name = "Method withdraw" file = "HOME/tests/java/Purse.java" -line = 67 +line = 69 begin = 16 end = 24 [K_13] file = "HOME/tests/java/Purse.java" -line = 69 +line = 71 begin = 22 end = 33 [K_14] file = "HOME/tests/java/Purse.java" -line = 69 +line = 71 begin = 12 end = 33 [K_15] file = "HOME/tests/java/Purse.java" -line = 68 +line = 70 begin = 12 end = 19 [K_16] file = "HOME/tests/java/Purse.java" -line = 68 +line = 70 begin = 12 end = 24 [K_17] file = "HOME/tests/java/Purse.java" -line = 74 +line = 76 begin = 16 end = 34 [K_18] file = "HOME/tests/java/Purse.java" -line = 76 +line = 78 begin = 15 end = 22 @@ -373,7 +387,7 @@ [cons_NoCreditException] name = "Constructor of class NoCreditException" file = "HOME/tests/java/Purse.java" -line = 35 +line = 37 begin = 11 end = 28 @@ -387,19 +401,19 @@ [Purse_getBalance] name = "Method getBalance" file = "HOME/tests/java/Purse.java" -line = 75 +line = 77 begin = 15 end = 25 [K_1] file = "HOME/tests/java/Purse.java" -line = 44 +line = 46 begin = 17 end = 21 [K_2] file = "HOME/tests/java/Purse.java" -line = 46 +line = 48 begin = 16 end = 28 @@ -412,43 +426,43 @@ [K_3] file = "HOME/tests/java/Purse.java" -line = 49 +line = 51 begin = 8 end = 19 [K_4] file = "HOME/tests/java/Purse.java" -line = 54 +line = 56 begin = 16 end = 44 [K_5] file = "HOME/tests/java/Purse.java" -line = 52 +line = 54 begin = 17 end = 23 [K_6] file = "HOME/tests/java/Purse.java" -line = 57 +line = 59 begin = 8 end = 20 [K_7] file = "HOME/tests/java/Purse.java" -line = 62 +line = 64 begin = 38 end = 66 [K_8] file = "HOME/tests/java/Purse.java" -line = 62 +line = 64 begin = 16 end = 34 [K_9] file = "HOME/tests/java/Purse.java" -line = 62 +line = 64 begin = 16 end = 66 @@ -511,7 +525,7 @@ [Purse_credit] name = "Method credit" file = "HOME/tests/java/Purse.java" -line = 56 +line = 58 begin = 16 end = 22 @@ -532,7 +546,7 @@ [cons_Purse] name = "Constructor of class Purse" file = "HOME/tests/java/Purse.java" -line = 48 +line = 50 begin = 11 end = 16 @@ -586,10 +600,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Purse.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Purse_why.sx @@ -650,6 +665,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Purse_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Purse_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -722,6 +744,9 @@ why3ide: why/Purse_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Purse.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Purse.depend depend: coq/Purse_why.v @@ -747,7 +772,7 @@ name = "Constructor of class Purse" behavior = "Safety" file = "HOME/tests/java/Purse.java" -line = 48 +line = 50 begin = 11 end = 16 @@ -771,9 +796,9 @@ [JC_107] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 645 -begin = 23 -end = 41 +line = 562 +begin = 41 +end = 57 [JC_41] file = "HOME/" @@ -794,28 +819,29 @@ end = -1 [JC_220] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Purse.jc" +line = 166 +begin = 27 +end = 55 [JC_109] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 645 -begin = 23 -end = 41 +line = 562 +begin = 41 +end = 57 [JC_43] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 251 -begin = 18 -end = 28 +line = 239 +begin = 11 +end = 20 [JC_221] -file = "HOME/tests/java/Purse.java" -line = 74 -begin = 16 -end = 34 +file = "HOME/tests/java/Purse.jc" +line = 172 +begin = 17 +end = 55 [JC_44] file = "HOME/" @@ -824,22 +850,24 @@ end = -1 [JC_222] -file = "HOME/tests/java/Purse.java" -line = 74 -begin = 16 -end = 34 +kind = AllocSize +file = "HOME/tests/java/Purse.jc" +line = 163 +begin = 43 +end = 67 [JC_45] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 251 -begin = 18 -end = 28 +line = 239 +begin = 11 +end = 20 [JC_223] -file = "HOME/tests/java/Purse.java" -line = 75 -begin = 15 -end = 25 +kind = UserCall +file = "HOME/tests/java/Purse.jc" +line = 166 +begin = 27 +end = 55 [JC_46] file = "HOME/" @@ -848,14 +876,14 @@ end = -1 [JC_224] -file = "HOME/tests/java/Purse.java" -line = 75 -begin = 15 -end = 25 +file = "HOME/tests/java/Purse.jc" +line = 172 +begin = 17 +end = 55 [cons_Exception_Throwable_ensures_default] name = "Constructor of class Exception" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/java_api/java/lang/Exception.java" line = 76 begin = 11 @@ -867,18 +895,48 @@ begin = -1 end = -1 +[JC_225] +file = "HOME/tests/java/Purse.java" +line = 77 +begin = 15 +end = 25 + [JC_48] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_226] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_49] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_227] +file = "HOME/tests/java/Purse.java" +line = 77 +begin = 15 +end = 25 + +[JC_228] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_229] +file = "HOME/tests/java/Purse.java" +line = 76 +begin = 16 +end = 34 + [JC_110] file = "HOME/" line = 0 @@ -911,17 +969,17 @@ [cons_Exception_String_Throwable_ensures_default] name = "Constructor of class Exception" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/java_api/java/lang/Exception.java" line = 58 begin = 11 end = 20 [JC_115] -file = "HOME/lib/java_api/java/lang/Exception.java" -line = 28 -begin = 11 -end = 20 +file = "HOME/lib/java_api/java/lang/Throwable.java" +line = 645 +begin = 23 +end = 41 [JC_116] file = "HOME/" @@ -936,16 +994,16 @@ end = -1 [JC_117] -file = "HOME/lib/java_api/java/lang/Exception.java" -line = 28 -begin = 11 -end = 20 +file = "HOME/lib/java_api/java/lang/Throwable.java" +line = 645 +begin = 23 +end = 41 [JC_51] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 265 +line = 251 begin = 18 -end = 37 +end = 28 [JC_118] file = "HOME/" @@ -959,6 +1017,12 @@ begin = -1 end = -1 +[JC_230] +file = "HOME/tests/java/Purse.java" +line = 76 +begin = 16 +end = 34 + [JC_119] file = "HOME/" line = 0 @@ -967,9 +1031,15 @@ [JC_53] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 265 +line = 251 begin = 18 -end = 37 +end = 28 + +[JC_231] +file = "HOME/tests/java/Purse.java" +line = 77 +begin = 15 +end = 25 [JC_54] file = "HOME/" @@ -977,6 +1047,12 @@ begin = -1 end = -1 +[JC_232] +file = "HOME/tests/java/Purse.java" +line = 77 +begin = 15 +end = 25 + [JC_55] file = "HOME/" line = 0 @@ -991,9 +1067,9 @@ [Purse_credit_ensures_default] name = "Method credit" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Purse.java" -line = 56 +line = 58 begin = 16 end = 22 @@ -1007,7 +1083,7 @@ name = "Method withdraw" behavior = "Safety" file = "HOME/tests/java/Purse.java" -line = 67 +line = 69 begin = 16 end = 24 @@ -1019,9 +1095,9 @@ [JC_59] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 289 -begin = 21 -end = 29 +line = 265 +begin = 18 +end = 37 [cons_Throwable_Throwable_safety] name = "Constructor of class Throwable" @@ -1051,7 +1127,7 @@ [JC_123] file = "HOME/lib/java_api/java/lang/Exception.java" -line = 40 +line = 28 begin = 11 end = 20 @@ -1063,7 +1139,7 @@ [JC_125] file = "HOME/lib/java_api/java/lang/Exception.java" -line = 40 +line = 28 begin = 11 end = 20 @@ -1087,9 +1163,9 @@ [JC_61] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 289 -begin = 21 -end = 29 +line = 265 +begin = 18 +end = 37 [JC_128] file = "HOME/" @@ -1143,9 +1219,9 @@ [JC_67] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 317 -begin = 34 -end = 43 +line = 289 +begin = 21 +end = 29 [JC_68] file = "HOME/" @@ -1155,9 +1231,9 @@ [JC_69] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 317 -begin = 34 -end = 43 +line = 289 +begin = 21 +end = 29 [JC_130] file = "HOME/" @@ -1167,7 +1243,7 @@ [JC_131] file = "HOME/lib/java_api/java/lang/Exception.java" -line = 58 +line = 40 begin = 11 end = 20 @@ -1187,7 +1263,7 @@ [JC_133] file = "HOME/lib/java_api/java/lang/Exception.java" -line = 58 +line = 40 begin = 11 end = 20 @@ -1241,7 +1317,7 @@ [JC_139] file = "HOME/lib/java_api/java/lang/Exception.java" -line = 76 +line = 58 begin = 11 end = 20 @@ -1259,9 +1335,9 @@ [JC_75] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 341 -begin = 18 -end = 26 +line = 317 +begin = 34 +end = 43 [JC_76] file = "HOME/" @@ -1271,9 +1347,9 @@ [JC_77] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 341 -begin = 18 -end = 26 +line = 317 +begin = 34 +end = 43 [JC_78] file = "HOME/" @@ -1295,7 +1371,7 @@ [JC_141] file = "HOME/lib/java_api/java/lang/Exception.java" -line = 76 +line = 58 begin = 11 end = 20 @@ -1336,10 +1412,10 @@ end = -1 [JC_147] -file = "HOME/tests/java/Purse.java" -line = 35 +file = "HOME/lib/java_api/java/lang/Exception.java" +line = 76 begin = 11 -end = 28 +end = 20 [JC_81] file = "HOME/" @@ -1360,16 +1436,16 @@ end = -1 [JC_149] -file = "HOME/tests/java/Purse.java" -line = 35 +file = "HOME/lib/java_api/java/lang/Exception.java" +line = 76 begin = 11 -end = 28 +end = 20 [JC_83] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 450 -begin = 16 -end = 31 +line = 341 +begin = 18 +end = 26 [JC_84] file = "HOME/" @@ -1379,13 +1455,13 @@ [JC_85] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 450 -begin = 16 -end = 31 +line = 341 +begin = 18 +end = 26 [cons_Throwable_String_ensures_default] name = "Constructor of class Throwable" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/java_api/java/lang/Throwable.java" line = 194 begin = 11 @@ -1393,9 +1469,9 @@ [Purse_getBalance_ensures_default] name = "Method getBalance" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Purse.java" -line = 75 +line = 77 begin = 15 end = 25 @@ -1419,9 +1495,9 @@ [JC_1] file = "HOME/tests/java/Purse.jc" -line = 49 -begin = 8 -end = 23 +line = 16 +begin = 12 +end = 22 [JC_89] file = "HOME/" @@ -1437,7 +1513,7 @@ [cons_Exception_String_ensures_default] name = "Constructor of class Exception" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/java_api/java/lang/Exception.java" line = 40 begin = 11 @@ -1445,9 +1521,9 @@ [JC_3] file = "HOME/tests/java/Purse.jc" -line = 49 -begin = 8 -end = 23 +line = 16 +begin = 12 +end = 22 [JC_4] file = "HOME/" @@ -1487,9 +1563,9 @@ [Purse_withdraw_ensures_default] name = "Method withdraw" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Purse.java" -line = 67 +line = 69 begin = 16 end = 24 @@ -1507,9 +1583,9 @@ [JC_9] file = "HOME/tests/java/Purse.jc" -line = 51 -begin = 11 -end = 65 +line = 52 +begin = 8 +end = 23 [JC_153] file = "HOME/" @@ -1535,15 +1611,15 @@ name = "Constructor of class NoCreditException" behavior = "Safety" file = "HOME/tests/java/Purse.java" -line = 35 +line = 37 begin = 11 end = 28 [JC_155] file = "HOME/tests/java/Purse.java" -line = 48 +line = 37 begin = 11 -end = 16 +end = 28 [JC_156] file = "HOME/" @@ -1559,13 +1635,13 @@ [JC_157] file = "HOME/tests/java/Purse.java" -line = 48 +line = 37 begin = 11 -end = 16 +end = 28 [JC_91] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 459 +line = 450 begin = 16 end = 31 @@ -1582,14 +1658,14 @@ end = -1 [JC_159] -file = "HOME/tests/java/Purse.java" -line = 46 -begin = 16 -end = 28 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_93] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 459 +line = 450 begin = 16 end = 31 @@ -1625,67 +1701,67 @@ [JC_99] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 562 -begin = 41 -end = 57 +line = 459 +begin = 16 +end = 31 [cons_Purse_ensures_default] name = "Constructor of class Purse" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Purse.java" -line = 48 +line = 50 begin = 11 end = 16 [Purse_withdraw_exsures_amount_too_large] name = "Method withdraw" -behavior = "Exceptional behavior `amount_too_large'" +behavior = "Behavior `amount_too_large'" file = "HOME/tests/java/Purse.java" -line = 67 +line = 69 begin = 16 end = 24 [JC_160] -file = "HOME/tests/java/Purse.java" -line = 48 -begin = 11 -end = 16 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_161] -file = "HOME/tests/java/Purse.jc" -line = 129 -begin = 9 -end = 16 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_162] -file = "HOME/tests/java/Purse.java" -line = 46 -begin = 16 -end = 28 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_163] file = "HOME/tests/java/Purse.java" -line = 48 +line = 50 begin = 11 end = 16 [JC_164] -file = "HOME/tests/java/Purse.jc" -line = 129 -begin = 9 -end = 16 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_165] file = "HOME/tests/java/Purse.java" -line = 48 +line = 50 begin = 11 end = 16 [JC_166] -file = "HOME/tests/java/Purse.java" -line = 48 -begin = 11 -end = 16 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [cons_Throwable_String_Throwable_safety] name = "Constructor of class Throwable" @@ -1697,7 +1773,7 @@ [cons_Throwable_String_Throwable_ensures_default] name = "Constructor of class Throwable" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/java_api/java/lang/Throwable.java" line = 216 begin = 11 @@ -1705,33 +1781,33 @@ [JC_167] file = "HOME/tests/java/Purse.java" -line = 52 -begin = 17 -end = 23 +line = 48 +begin = 16 +end = 28 [JC_168] file = "HOME/tests/java/Purse.java" -line = 56 -begin = 16 -end = 22 +line = 50 +begin = 11 +end = 16 [JC_169] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Purse.jc" +line = 132 +begin = 9 +end = 16 [cons_NoCreditException_ensures_default] name = "Constructor of class NoCreditException" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Purse.java" -line = 35 +line = 37 begin = 11 end = 28 [cons_Exception_ensures_default] name = "Constructor of class Exception" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/java_api/java/lang/Exception.java" line = 28 begin = 11 @@ -1739,52 +1815,52 @@ [JC_170] file = "HOME/tests/java/Purse.java" -line = 52 -begin = 17 -end = 23 +line = 48 +begin = 16 +end = 28 [JC_171] file = "HOME/tests/java/Purse.java" -line = 56 -begin = 16 -end = 22 +line = 50 +begin = 11 +end = 16 [JC_172] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Purse.jc" +line = 132 +begin = 9 +end = 16 [JC_173] file = "HOME/tests/java/Purse.java" -line = 54 -begin = 16 -end = 44 +line = 50 +begin = 11 +end = 16 [JC_174] file = "HOME/tests/java/Purse.java" -line = 56 -begin = 16 -end = 22 - -[JC_175] -file = "HOME/tests/java/Purse.jc" -line = 138 -begin = 9 +line = 50 +begin = 11 end = 16 -[JC_176] +[JC_175] file = "HOME/tests/java/Purse.java" line = 54 -begin = 16 -end = 44 +begin = 17 +end = 23 -[JC_177] +[JC_176] file = "HOME/tests/java/Purse.java" -line = 56 +line = 58 begin = 16 end = 22 +[JC_177] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [cons_Exception_String_safety] name = "Constructor of class Exception" behavior = "Safety" @@ -1794,28 +1870,28 @@ end = 20 [JC_178] -file = "HOME/tests/java/Purse.jc" -line = 138 -begin = 9 -end = 16 +file = "HOME/tests/java/Purse.java" +line = 54 +begin = 17 +end = 23 [JC_179] file = "HOME/tests/java/Purse.java" -line = 56 +line = 58 begin = 16 end = 22 [JC_10] -file = "HOME/tests/java/Purse.jc" -line = 51 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_11] -file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 179 -begin = 11 -end = 20 +file = "HOME/tests/java/Purse.jc" +line = 52 +begin = 8 +end = 23 [JC_12] file = "HOME/" @@ -1824,10 +1900,10 @@ end = -1 [JC_13] -file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 179 -begin = 11 -end = 20 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_14] file = "HOME/" @@ -1848,48 +1924,48 @@ end = -1 [JC_17] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Purse.jc" +line = 54 +begin = 11 +end = 65 [Purse_credit_safety] name = "Method credit" behavior = "Safety" file = "HOME/tests/java/Purse.java" -line = 56 +line = 58 begin = 16 end = 22 [JC_180] -file = "HOME/tests/java/Purse.java" -line = 56 -begin = 16 -end = 22 - -[JC_18] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_18] +file = "HOME/tests/java/Purse.jc" +line = 54 +begin = 11 +end = 65 + [JC_181] file = "HOME/tests/java/Purse.java" -line = 60 -begin = 17 -end = 23 +line = 56 +begin = 16 +end = 44 [JC_19] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 194 +line = 179 begin = 11 end = 20 [JC_182] file = "HOME/tests/java/Purse.java" -line = 67 +line = 58 begin = 16 -end = 24 +end = 22 [cons_Exception_String_Throwable_safety] name = "Constructor of class Exception" @@ -1900,58 +1976,58 @@ end = 20 [JC_183] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Purse.jc" +line = 141 +begin = 9 +end = 16 [JC_184] file = "HOME/tests/java/Purse.java" -line = 60 -begin = 17 -end = 23 +line = 56 +begin = 16 +end = 44 [JC_185] file = "HOME/tests/java/Purse.java" -line = 67 +line = 58 begin = 16 -end = 24 +end = 22 [JC_186] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Purse.jc" +line = 141 +begin = 9 +end = 16 [JC_187] file = "HOME/tests/java/Purse.java" -line = 62 +line = 58 begin = 16 -end = 34 +end = 22 [JC_188] file = "HOME/tests/java/Purse.java" -line = 62 -begin = 38 -end = 66 +line = 58 +begin = 16 +end = 22 [Purse_getBalance_safety] name = "Method getBalance" behavior = "Safety" file = "HOME/tests/java/Purse.java" -line = 75 +line = 77 begin = 15 end = 25 [JC_189] file = "HOME/tests/java/Purse.java" line = 62 -begin = 16 -end = 66 +begin = 17 +end = 23 [cons_Throwable_ensures_default] name = "Constructor of class Throwable" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/java_api/java/lang/Throwable.java" line = 179 begin = 11 @@ -1965,7 +2041,7 @@ [JC_21] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 194 +line = 179 begin = 11 end = 20 @@ -1977,9 +2053,9 @@ [JC_200] file = "HOME/tests/java/Purse.java" -line = 67 +line = 64 begin = 16 -end = 24 +end = 34 [JC_23] file = "HOME/" @@ -1989,9 +2065,9 @@ [JC_201] file = "HOME/tests/java/Purse.java" -line = 67 -begin = 16 -end = 24 +line = 64 +begin = 38 +end = 66 [JC_24] file = "HOME/" @@ -2000,10 +2076,10 @@ end = -1 [JC_202] -file = "HOME/tests/java/Purse.jc" -line = 150 -begin = 9 -end = 25 +file = "HOME/tests/java/Purse.java" +line = 64 +begin = 16 +end = 66 [JC_25] file = "HOME/" @@ -2013,9 +2089,9 @@ [JC_203] file = "HOME/tests/java/Purse.java" -line = 65 -begin = 38 -end = 55 +line = 69 +begin = 16 +end = 24 [JC_26] file = "HOME/" @@ -2024,14 +2100,14 @@ end = -1 [JC_204] -file = "HOME/tests/java/Purse.java" -line = 67 -begin = 16 -end = 24 +file = "HOME/tests/java/Purse.jc" +line = 149 +begin = 9 +end = 16 [JC_27] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 216 +line = 194 begin = 11 end = 20 @@ -2045,13 +2121,13 @@ [JC_205] file = "HOME/tests/java/Purse.java" -line = 67 +line = 69 begin = 16 end = 24 [JC_190] file = "HOME/tests/java/Purse.java" -line = 67 +line = 69 begin = 16 end = 24 @@ -2062,91 +2138,88 @@ end = -1 [JC_206] -file = "HOME/tests/java/Purse.jc" -line = 150 -begin = 9 -end = 25 +file = "HOME/tests/java/Purse.java" +line = 69 +begin = 16 +end = 24 [JC_191] -file = "HOME/tests/java/Purse.jc" -line = 146 -begin = 9 -end = 16 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_29] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 216 +line = 194 begin = 11 end = 20 [JC_207] -kind = AllocSize -file = "HOME/tests/java/Purse.jc" -line = 160 -begin = 43 -end = 67 +file = "HOME/tests/java/Purse.java" +line = 67 +begin = 38 +end = 55 [JC_192] file = "HOME/tests/java/Purse.java" line = 62 -begin = 16 -end = 34 +begin = 17 +end = 23 [JC_208] -kind = IndexBounds -file = "HOME/tests/java/Purse.jc" -line = 160 -begin = 10 -end = 68 +file = "HOME/tests/java/Purse.java" +line = 69 +begin = 16 +end = 24 [JC_193] file = "HOME/tests/java/Purse.java" -line = 62 -begin = 38 -end = 66 +line = 69 +begin = 16 +end = 24 [JC_209] -kind = UserCall -file = "HOME/tests/java/Purse.jc" -line = 163 -begin = 27 -end = 55 - -[JC_194] file = "HOME/tests/java/Purse.java" -line = 62 +line = 69 begin = 16 -end = 66 +end = 24 + +[JC_194] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_195] file = "HOME/tests/java/Purse.java" -line = 67 +line = 64 begin = 16 -end = 24 +end = 34 -[JC_196] -file = "HOME/tests/java/Purse.jc" -line = 146 -begin = 9 -end = 16 +[JC_196] +file = "HOME/tests/java/Purse.java" +line = 64 +begin = 38 +end = 66 [JC_197] file = "HOME/tests/java/Purse.java" -line = 67 +line = 64 begin = 16 -end = 24 +end = 66 [JC_198] file = "HOME/tests/java/Purse.java" -line = 67 +line = 69 begin = 16 end = 24 [JC_199] -file = "HOME/tests/java/Purse.java" -line = 65 -begin = 38 -end = 55 +file = "HOME/tests/java/Purse.jc" +line = 149 +begin = 9 +end = 16 [JC_30] file = "HOME/" @@ -2168,9 +2241,9 @@ [JC_210] file = "HOME/tests/java/Purse.jc" -line = 169 -begin = 17 -end = 55 +line = 153 +begin = 9 +end = 25 [JC_33] file = "HOME/" @@ -2179,11 +2252,10 @@ end = -1 [JC_211] -kind = AllocSize -file = "HOME/tests/java/Purse.jc" -line = 160 -begin = 43 -end = 67 +file = "HOME/tests/java/Purse.java" +line = 67 +begin = 38 +end = 55 [JC_34] file = "HOME/" @@ -2192,23 +2264,22 @@ end = -1 [JC_212] -kind = UserCall -file = "HOME/tests/java/Purse.jc" -line = 163 -begin = 27 -end = 55 +file = "HOME/tests/java/Purse.java" +line = 69 +begin = 16 +end = 24 [JC_35] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 239 +line = 216 begin = 11 end = 20 [JC_213] -file = "HOME/tests/java/Purse.jc" -line = 169 -begin = 17 -end = 55 +file = "HOME/tests/java/Purse.java" +line = 69 +begin = 16 +end = 24 [JC_36] file = "HOME/" @@ -2217,32 +2288,31 @@ end = -1 [JC_214] -kind = AllocSize file = "HOME/tests/java/Purse.jc" -line = 160 -begin = 43 -end = 67 +line = 153 +begin = 9 +end = 25 [JC_37] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 239 +line = 216 begin = 11 end = 20 [cons_Throwable_Throwable_ensures_default] name = "Constructor of class Throwable" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/java_api/java/lang/Throwable.java" line = 239 begin = 11 end = 20 [JC_215] -kind = UserCall +kind = AllocSize file = "HOME/tests/java/Purse.jc" line = 163 -begin = 27 -end = 55 +begin = 43 +end = 67 [JC_38] file = "HOME/" @@ -2251,10 +2321,11 @@ end = -1 [JC_216] +kind = IndexBounds file = "HOME/tests/java/Purse.jc" -line = 169 -begin = 17 -end = 55 +line = 163 +begin = 10 +end = 68 [JC_39] file = "HOME/" @@ -2263,22 +2334,24 @@ end = -1 [JC_217] -file = "HOME/tests/java/Purse.java" -line = 75 -begin = 15 -end = 25 +kind = UserCall +file = "HOME/tests/java/Purse.jc" +line = 166 +begin = 27 +end = 55 [JC_218] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Purse.jc" +line = 172 +begin = 17 +end = 55 [JC_219] -file = "HOME/tests/java/Purse.java" -line = 75 -begin = 15 -end = 25 +kind = AllocSize +file = "HOME/tests/java/Purse.jc" +line = 163 +begin = 43 +end = 67 [JC_100] file = "HOME/" @@ -2288,9 +2361,9 @@ [JC_101] file = "HOME/lib/java_api/java/lang/Throwable.java" -line = 562 -begin = 41 -end = 57 +line = 459 +begin = 16 +end = 31 [JC_102] file = "HOME/" @@ -2303,8 +2376,6 @@ type interface -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Throwable_tag: -> Object tag_id @@ -2313,12 +2384,6 @@ function Exception_serialVersionUID() : int = neg_int((3387516993124229948)) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - -exception NoCreditException_exc of Object pointer - logic NoCreditException_tag: -> Object tag_id axiom NoCreditException_parenttag_Exception : @@ -2326,7 +2391,7 @@ predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) logic Object_tag: -> Object tag_id @@ -2353,14 +2418,10 @@ axiom Purse_parenttag_Object : parenttag(Purse_tag, Object_tag) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) function Throwable_serialVersionUID() : int = neg_int((3042686055658047285)) @@ -2501,40 +2562,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Throwable(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NoCreditException(p:unit pointer, a:int, - b:int, bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Exception(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PrintStream(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Purse(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -2579,6 +2606,14 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +exception NoCreditException_exc of Object pointer + parameter Object_alloc_table : Object alloc_table ref parameter Object_tag_table : Object tag_table ref @@ -2589,43 +2624,45 @@ this_6:Object pointer -> s_0_0:int -> { } unit reads Object_alloc_table,Purse_balance writes Purse_balance - { ((JC_180: balance_non_negative(this_6, Purse_balance)) - and (JC_178: - ((JC_176: - eq_int(select(Purse_balance, this_6), - add_int(select(Purse_balance@, this_6@), s_0_0))) - and (JC_177: + { ((JC_188: balance_non_negative(this_6, Purse_balance)) + and (JC_186: + ((JC_184: + (select(Purse_balance, this_6) = add_int(select(Purse_balance@, + this_6), + s_0_0))) + and (JC_185: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, - pset_singleton(this_6@)))))) } + pset_singleton(this_6)))))) } parameter Purse_credit_requires : this_6:Object pointer -> s_0_0:int -> - { (JC_168: - ((JC_167: ge_int(s_0_0, (0))) + { (JC_176: + ((JC_175: ge_int(s_0_0, (0))) and balance_non_negative(this_6, Purse_balance)))} unit reads Object_alloc_table,Purse_balance writes Purse_balance - { ((JC_180: balance_non_negative(this_6, Purse_balance)) - and (JC_178: - ((JC_176: - eq_int(select(Purse_balance, this_6), - add_int(select(Purse_balance@, this_6@), s_0_0))) - and (JC_177: + { ((JC_188: balance_non_negative(this_6, Purse_balance)) + and (JC_186: + ((JC_184: + (select(Purse_balance, this_6) = add_int(select(Purse_balance@, + this_6), + s_0_0))) + and (JC_185: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, - pset_singleton(this_6@)))))) } + pset_singleton(this_6)))))) } parameter Purse_getBalance : this_4:Object pointer -> { } int reads Object_alloc_table,Purse_balance - { ((JC_224: balance_non_negative(this_4, Purse_balance)) - and (JC_222: eq_int(result, select(Purse_balance, this_4)))) } + { ((JC_232: balance_non_negative(this_4, Purse_balance)) + and (JC_230: (result = select(Purse_balance, this_4)))) } parameter Purse_getBalance_requires : this_4:Object pointer -> - { (JC_217: balance_non_negative(this_4, Purse_balance))} int + { (JC_225: balance_non_negative(this_4, Purse_balance))} int reads Object_alloc_table,Purse_balance - { ((JC_224: balance_non_negative(this_4, Purse_balance)) - and (JC_222: eq_int(result, select(Purse_balance, this_4)))) } + { ((JC_232: balance_non_negative(this_4, Purse_balance)) + and (JC_230: (result = select(Purse_balance, this_4)))) } parameter Purse_withdraw : this_5:Object pointer -> @@ -2633,59 +2670,65 @@ { } unit reads Object_alloc_table,Purse_balance writes Object_alloc_table,Object_tag_table,Purse_balance raises NoCreditException_exc - { ((JC_198: balance_non_negative(this_5, Purse_balance)) - and (JC_196: - ((JC_194: - ((JC_192: le_int(s_1, select(Purse_balance@, this_5@))) - and (JC_193: - eq_int(select(Purse_balance, this_5), - sub_int(select(Purse_balance@, this_5@), s_1))))) - and (JC_195: + { ((JC_206: balance_non_negative(this_5, Purse_balance)) + and (JC_204: + ((JC_202: + ((JC_200: le_int(s_1, select(Purse_balance@, this_5))) + and (JC_201: + (select(Purse_balance, this_5) = sub_int(select(Purse_balance@, + this_5), + s_1))))) + and (JC_203: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, - pset_singleton(this_5@)))))) + pset_singleton(this_5)))))) | NoCreditException_exc => - (JC_206: - ((JC_204: - ((JC_203: gt_int(s_1, select(Purse_balance@, this_5@))) + (JC_214: + ((JC_212: + ((JC_211: gt_int(s_1, select(Purse_balance@, this_5))) and balance_non_negative(this_5, Purse_balance))) - and (JC_205: + and (JC_213: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, pset_empty)))) } parameter Purse_withdraw_requires : this_5:Object pointer -> s_1:int -> - { (JC_182: - ((JC_181: ge_int(s_1, (0))) + { (JC_190: + ((JC_189: ge_int(s_1, (0))) and balance_non_negative(this_5, Purse_balance)))} unit reads Object_alloc_table,Purse_balance writes Object_alloc_table,Object_tag_table,Purse_balance raises NoCreditException_exc - { ((JC_198: balance_non_negative(this_5, Purse_balance)) - and (JC_196: - ((JC_194: - ((JC_192: le_int(s_1, select(Purse_balance@, this_5@))) - and (JC_193: - eq_int(select(Purse_balance, this_5), - sub_int(select(Purse_balance@, this_5@), s_1))))) - and (JC_195: + { ((JC_206: balance_non_negative(this_5, Purse_balance)) + and (JC_204: + ((JC_202: + ((JC_200: le_int(s_1, select(Purse_balance@, this_5))) + and (JC_201: + (select(Purse_balance, this_5) = sub_int(select(Purse_balance@, + this_5), + s_1))))) + and (JC_203: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, - pset_singleton(this_5@)))))) + pset_singleton(this_5)))))) | NoCreditException_exc => - (JC_206: - ((JC_204: - ((JC_203: gt_int(s_1, select(Purse_balance@, this_5@))) + (JC_214: + ((JC_212: + ((JC_211: gt_int(s_1, select(Purse_balance@, this_5))) and balance_non_negative(this_5, Purse_balance))) - and (JC_205: + and (JC_213: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, pset_empty)))) } +exception Return_label_exc of unit + parameter Throwable_backtrace : (Object, Object pointer) memory ref parameter Throwable_cause : (Object, Object pointer) memory ref parameter Throwable_detailMessage : (Object, Object pointer) memory ref +exception Throwable_exc of Object pointer + parameter Throwable_fillInStackTrace : this_15:Object pointer -> { } Object pointer reads Object_alloc_table { true } @@ -2756,150 +2799,6 @@ this_12:Object pointer -> { } Object pointer reads Object_alloc_table { true } -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_NoCreditException : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_NoCreditException(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_NoCreditException_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_NoCreditException(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_PrintStream : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_PrintStream(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_PrintStream_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_PrintStream(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Purse : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Purse(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Purse_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Purse(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - parameter alloc_struct_Exception : n:int -> Object_alloc_table:Object alloc_table ref -> @@ -3088,6 +2987,10 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_Exception : this_21:Object pointer -> { } unit reads Object_alloc_table { true } @@ -3129,22 +3032,22 @@ parameter cons_Purse : this_7:Object pointer -> { } unit reads Object_alloc_table,Purse_balance writes Purse_balance - { ((JC_166: balance_non_negative(this_7, Purse_balance)) - and (JC_164: - ((JC_162: eq_int(select(Purse_balance, this_7), (0))) - and (JC_163: + { ((JC_174: balance_non_negative(this_7, Purse_balance)) + and (JC_172: + ((JC_170: (select(Purse_balance, this_7) = (0))) + and (JC_171: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, - pset_singleton(this_7@)))))) } + pset_singleton(this_7)))))) } parameter cons_Purse_requires : this_7:Object pointer -> { } unit reads Object_alloc_table,Purse_balance writes Purse_balance - { ((JC_166: balance_non_negative(this_7, Purse_balance)) - and (JC_164: - ((JC_162: eq_int(select(Purse_balance, this_7), (0))) - and (JC_163: + { ((JC_174: balance_non_negative(this_7, Purse_balance)) + and (JC_172: + ((JC_170: (select(Purse_balance, this_7) = (0))) + and (JC_171: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, - pset_singleton(this_7@)))))) } + pset_singleton(this_7)))))) } parameter cons_Throwable : this_17:Object pointer -> @@ -3205,22 +3108,22 @@ parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } let Purse_credit_ensures_default = fun (this_6 : Object pointer) (s_0_0 : int) -> { (valid_struct_Purse(this_6, (0), (0), Object_alloc_table) - and (JC_171: - ((JC_170: ge_int(s_0_0, (0))) + and (JC_179: + ((JC_178: ge_int(s_0_0, (0))) and balance_non_negative(this_6, Purse_balance)))) } (init: try @@ -3233,19 +3136,19 @@ (let jessie_ = this_6 in (((safe_upd_ Purse_balance) jessie_) jessie_)); jessie_ end)) in void); (raise Return) end with Return -> void end) - { (JC_175: - ((JC_173: - eq_int(select(Purse_balance, this_6), - add_int(select(Purse_balance@, this_6@), s_0_0))) - and (JC_174: + { (JC_183: + ((JC_181: + (select(Purse_balance, this_6) = add_int(select(Purse_balance@, this_6), + s_0_0))) + and (JC_182: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, - pset_singleton(this_6@))))) } + pset_singleton(this_6))))) } let Purse_credit_safety = fun (this_6 : Object pointer) (s_0_0 : int) -> { (valid_struct_Purse(this_6, (0), (0), Object_alloc_table) - and (JC_171: - ((JC_170: ge_int(s_0_0, (0))) + and (JC_179: + ((JC_178: ge_int(s_0_0, (0))) and balance_non_negative(this_6, Purse_balance)))) } (init: try @@ -3258,37 +3161,37 @@ (let jessie_ = this_6 in (((safe_upd_ Purse_balance) jessie_) jessie_)); jessie_ end)) in void); (raise Return) end with Return -> void end) - { (JC_179: balance_non_negative(this_6, Purse_balance)) } + { (JC_187: balance_non_negative(this_6, Purse_balance)) } let Purse_getBalance_ensures_default = fun (this_4 : Object pointer) -> { (valid_struct_Purse(this_4, (0), (0), Object_alloc_table) - and (JC_219: balance_non_negative(this_4, Purse_balance))) } + and (JC_227: balance_non_negative(this_4, Purse_balance))) } (init: (let return = ref (any_int void) in try begin (return := (K_18: ((safe_acc_ !Purse_balance) this_4))); (raise Return); absurd end with Return -> !return end)) - { (JC_221: eq_int(result, select(Purse_balance, this_4))) } + { (JC_229: (result = select(Purse_balance, this_4))) } let Purse_getBalance_safety = fun (this_4 : Object pointer) -> { (valid_struct_Purse(this_4, (0), (0), Object_alloc_table) - and (JC_219: balance_non_negative(this_4, Purse_balance))) } + and (JC_227: balance_non_negative(this_4, Purse_balance))) } (init: (let return = ref (any_int void) in try begin (return := (K_18: ((safe_acc_ !Purse_balance) this_4))); (raise Return); absurd end with Return -> !return end)) - { (JC_223: balance_non_negative(this_4, Purse_balance)) } + { (JC_231: balance_non_negative(this_4, Purse_balance)) } let Purse_withdraw_ensures_default = fun (this_5 : Object pointer) (s_1 : int) -> { (valid_struct_Purse(this_5, (0), (0), Object_alloc_table) - and (JC_185: - ((JC_184: ge_int(s_1, (0))) + and (JC_193: + ((JC_192: ge_int(s_1, (0))) and balance_non_negative(this_5, Purse_balance)))) } (init: try @@ -3300,35 +3203,35 @@ (let jessie_ = this_5 in (((safe_upd_ Purse_balance) jessie_) jessie_))) else - (let jessie_ = (let java_thrown_exception = (let this = - (JC_211: + (JC_219: (((alloc_struct_NoCreditException (1)) Object_alloc_table) Object_tag_table)) in (let tt = (let jessie_ = this in - (JC_212: (cons_NoCreditException jessie_))) in this)) in + (JC_220: (cons_NoCreditException jessie_))) in this)) in begin (assert - { (JC_213: + { (JC_221: Non_null_Object(java_thrown_exception, Object_alloc_table)) }; - void); (raise (NoCreditException_exc java_thrown_exception)) end) in - void)); (raise Return) end with Return -> void end) - { (JC_191: - ((JC_189: - ((JC_187: le_int(s_1, select(Purse_balance@, this_5@))) - and (JC_188: - eq_int(select(Purse_balance, this_5), - sub_int(select(Purse_balance@, this_5@), s_1))))) - and (JC_190: + void); (raise (NoCreditException_exc java_thrown_exception)) end)); + (raise Return) end with Return -> void end) + { (JC_199: + ((JC_197: + ((JC_195: le_int(s_1, select(Purse_balance@, this_5))) + and (JC_196: + (select(Purse_balance, this_5) = sub_int(select(Purse_balance@, + this_5), + s_1))))) + and (JC_198: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, - pset_singleton(this_5@))))) | NoCreditException_exc => true } + pset_singleton(this_5))))) | NoCreditException_exc => true } let Purse_withdraw_exsures_amount_too_large = fun (this_5 : Object pointer) (s_1 : int) -> { (valid_struct_Purse(this_5, (0), (0), Object_alloc_table) - and (JC_185: - ((JC_184: ge_int(s_1, (0))) + and (JC_193: + ((JC_192: ge_int(s_1, (0))) and balance_non_negative(this_5, Purse_balance)))) } (init: try @@ -3340,35 +3243,34 @@ (let jessie_ = this_5 in (((safe_upd_ Purse_balance) jessie_) jessie_))) else - (let jessie_ = (let java_thrown_exception = (let this = - (JC_214: + (JC_222: (((alloc_struct_NoCreditException (1)) Object_alloc_table) Object_tag_table)) in (let tt = (let jessie_ = this in - (JC_215: (cons_NoCreditException jessie_))) in this)) in + (JC_223: (cons_NoCreditException jessie_))) in this)) in begin [ { } unit reads Object_alloc_table - { (JC_216: + { (JC_224: Non_null_Object(java_thrown_exception, Object_alloc_table)) } ]; - (raise (NoCreditException_exc java_thrown_exception)) end) in void)); + (raise (NoCreditException_exc java_thrown_exception)) end)); (raise Return) end with Return -> void end) { true | NoCreditException_exc => - (JC_202: - ((JC_200: - ((JC_199: gt_int(s_1, select(Purse_balance@, this_5@))) + (JC_210: + ((JC_208: + ((JC_207: gt_int(s_1, select(Purse_balance@, this_5))) and balance_non_negative(this_5, Purse_balance))) - and (JC_201: + and (JC_209: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, pset_empty)))) } let Purse_withdraw_safety = fun (this_5 : Object pointer) (s_1 : int) -> { (valid_struct_Purse(this_5, (0), (0), Object_alloc_table) - and (JC_185: - ((JC_184: ge_int(s_1, (0))) + and (JC_193: + ((JC_192: ge_int(s_1, (0))) and balance_non_negative(this_5, Purse_balance)))) } (init: try @@ -3380,25 +3282,24 @@ (let jessie_ = this_5 in (((safe_upd_ Purse_balance) jessie_) jessie_))) else - (let jessie_ = (let java_thrown_exception = (let this = (let jessie_ = - (JC_207: + (JC_215: (((alloc_struct_NoCreditException_requires (1)) Object_alloc_table) Object_tag_table)) in - (JC_208: + (JC_216: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (0)) }; jessie_))) in (let tt = (let jessie_ = this in - (JC_209: (cons_NoCreditException_requires jessie_))) in this)) in + (JC_217: (cons_NoCreditException_requires jessie_))) in this)) in begin [ { } unit reads Object_alloc_table - { (JC_210: + { (JC_218: Non_null_Object(java_thrown_exception, Object_alloc_table)) } ]; - (raise (NoCreditException_exc java_thrown_exception)) end) in void)); + (raise (NoCreditException_exc java_thrown_exception)) end)); (raise Return) end with Return -> void end) - { (JC_197: balance_non_negative(this_5, Purse_balance)) + { (JC_205: balance_non_negative(this_5, Purse_balance)) | NoCreditException_exc => true } let cons_Exception_String_Throwable_ensures_default = @@ -3407,7 +3308,7 @@ and (left_valid_struct_String(message_2, (0), Object_alloc_table) and valid_struct_Exception(this_23, (0), (0), Object_alloc_table))) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_135: true) } + { (JC_143: true) } let cons_Exception_String_Throwable_safety = fun (this_23 : Object pointer) (message_2 : Object pointer) (cause_2 : Object pointer) -> @@ -3422,7 +3323,7 @@ { (left_valid_struct_String(message_1, (0), Object_alloc_table) and valid_struct_Exception(this_22, (0), (0), Object_alloc_table)) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_127: true) } + { (JC_135: true) } let cons_Exception_String_safety = fun (this_22 : Object pointer) (message_1 : Object pointer) -> @@ -3436,7 +3337,7 @@ { (left_valid_struct_Throwable(cause_3, (0), Object_alloc_table) and valid_struct_Exception(this_24, (0), (0), Object_alloc_table)) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_143: true) } + { (JC_151: true) } let cons_Exception_Throwable_safety = fun (this_24 : Object pointer) (cause_3 : Object pointer) -> @@ -3449,7 +3350,7 @@ fun (this_21 : Object pointer) -> { valid_struct_Exception(this_21, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_119: true) } + { (JC_127: true) } let cons_Exception_safety = fun (this_21 : Object pointer) -> @@ -3461,7 +3362,7 @@ fun (this_2 : Object pointer) -> { valid_struct_NoCreditException(this_2, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_151: true) } + { (JC_159: true) } let cons_NoCreditException_safety = fun (this_2 : Object pointer) -> @@ -3486,11 +3387,11 @@ (let jessie_ = this_7 in (((safe_upd_ Purse_balance) jessie_) jessie_)); jessie_ end)) end in void); (raise Return) end with Return -> void end) - { (JC_161: - ((JC_159: eq_int(select(Purse_balance, this_7), (0))) - and (JC_160: + { (JC_169: + ((JC_167: (select(Purse_balance, this_7) = (0))) + and (JC_168: not_assigns(Object_alloc_table@, Purse_balance@, Purse_balance, - pset_singleton(this_7@))))) } + pset_singleton(this_7))))) } let cons_Purse_safety = fun (this_7 : Object pointer) -> @@ -3509,7 +3410,7 @@ (let jessie_ = this_7 in (((safe_upd_ Purse_balance) jessie_) jessie_)); jessie_ end)) end in void); (raise Return) end with Return -> void end) - { (JC_165: balance_non_negative(this_7, Purse_balance)) } + { (JC_173: balance_non_negative(this_7, Purse_balance)) } let cons_Throwable_String_Throwable_ensures_default = fun (this_19 : Object pointer) (message_0 : Object pointer) (cause : Object pointer) -> @@ -3532,7 +3433,7 @@ (let jessie_ = this_19 in (((safe_upd_ Throwable_cause) jessie_) jessie_)); jessie_ end) end in void); (raise Return) end with Return -> void end) - { (JC_31: true) } + { (JC_39: true) } let cons_Throwable_String_Throwable_safety = fun (this_19 : Object pointer) (message_0 : Object pointer) (cause : Object pointer) -> @@ -3576,7 +3477,7 @@ (let jessie_ = this_18 in (((safe_upd_ Throwable_cause) jessie_) jessie_)); jessie_ end) end in void); (raise Return) end with Return -> void end) - { (JC_23: true) } + { (JC_31: true) } let cons_Throwable_String_safety = fun (this_18 : Object pointer) (message : Object pointer) -> @@ -3619,7 +3520,7 @@ (let jessie_ = this_20 in (((safe_upd_ Throwable_cause) jessie_) jessie_)); jessie_ end) end in void); (raise Return) end with Return -> void end) - { (JC_39: true) } + { (JC_47: true) } let cons_Throwable_Throwable_safety = fun (this_20 : Object pointer) (cause_0 : Object pointer) -> @@ -3662,7 +3563,7 @@ (let jessie_ = this_17 in (((safe_upd_ Throwable_cause) jessie_) jessie_)); jessie_ end) end in void); (raise Return) end with Return -> void end) - { (JC_15: true) } + { (JC_23: true) } let cons_Throwable_safety = fun (this_17 : Object pointer) -> @@ -3691,78 +3592,78 @@ + + + + + + + + + + + + + + + + + + - + - + - + - + - + - + - - - - - - - - - - - + - - - - - - - - - + - + - - - - - - - + - + - + + + + + + + @@ -3772,19 +3673,19 @@ - - - - - - - + - + - + + + + + + + @@ -4745,7 +4646,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) logic Object_tag : Object tag_id @@ -4916,40 +4817,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Throwable(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NoCreditException(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Exception(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PrintStream(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Purse(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -4994,6 +4861,25 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/Purse_po1.why ========== +goal Purse_credit_ensures_default_po_1: + forall this_6:Object pointer. + forall s_0_0:int. + forall Object_alloc_table:Object alloc_table. + forall Purse_balance:(Object, + int) memory. + (valid_struct_Purse(this_6, 0, 0, Object_alloc_table) and + ("JC_179": + (("JC_178": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> + forall result:int. + (result = select(Purse_balance, this_6)) -> + forall Purse_balance0:(Object, + int) memory. + (Purse_balance0 = store(Purse_balance, this_6, (result + s_0_0))) -> + ("JC_183": + ("JC_181": (select(Purse_balance0, this_6) = (select(Purse_balance, + this_6) + s_0_0)))) + ========== file tests/java/why/Purse_po10.why ========== goal Purse_withdraw_exsures_amount_too_large_po_2: forall this_5:Object pointer. @@ -5002,8 +4888,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -5015,8 +4901,8 @@ (alloc_extends(Object_alloc_table, Object_alloc_table0) and (alloc_fresh(Object_alloc_table, result0, 1) and instanceof(Object_tag_table, result0, NoCreditException_tag)))) -> - ("JC_216": Non_null_Object(result0, Object_alloc_table0)) -> - ("JC_202": ("JC_200": balance_non_negative(this_5, Purse_balance))) + ("JC_224": Non_null_Object(result0, Object_alloc_table0)) -> + ("JC_210": ("JC_208": balance_non_negative(this_5, Purse_balance))) ========== file tests/java/why/Purse_po11.why ========== goal Purse_withdraw_exsures_amount_too_large_po_3: @@ -5026,8 +4912,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -5039,11 +4925,10 @@ (alloc_extends(Object_alloc_table, Object_alloc_table0) and (alloc_fresh(Object_alloc_table, result0, 1) and instanceof(Object_tag_table, result0, NoCreditException_tag)))) -> - ("JC_216": Non_null_Object(result0, Object_alloc_table0)) -> - ("JC_202": - ("JC_201": - ("JC_201": not_assigns(Object_alloc_table, Purse_balance, Purse_balance, - pset_empty)))) + ("JC_224": Non_null_Object(result0, Object_alloc_table0)) -> + ("JC_210": + ("JC_209": not_assigns(Object_alloc_table, Purse_balance, Purse_balance, + pset_empty))) ========== file tests/java/why/Purse_po12.why ========== goal Purse_withdraw_safety_po_1: @@ -5053,8 +4938,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result >= s_1) -> @@ -5063,7 +4948,7 @@ forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_5, (result0 - s_1))) -> - ("JC_197": balance_non_negative(this_5, Purse_balance0)) + ("JC_205": balance_non_negative(this_5, Purse_balance0)) ========== file tests/java/why/Purse_po13.why ========== goal Purse_withdraw_safety_po_2: @@ -5073,8 +4958,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -5088,8 +4973,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -5117,7 +5002,7 @@ forall Purse_balance1:(Object, int) memory. (Purse_balance1 = store(Purse_balance0, this_7, 0)) -> - ("JC_161": ("JC_159": ("JC_159": (select(Purse_balance1, this_7) = 0)))) + ("JC_169": ("JC_167": (select(Purse_balance1, this_7) = 0))) ========== file tests/java/why/Purse_po16.why ========== goal cons_Purse_ensures_default_po_2: @@ -5132,10 +5017,9 @@ forall Purse_balance1:(Object, int) memory. (Purse_balance1 = store(Purse_balance0, this_7, 0)) -> - ("JC_161": - ("JC_160": - ("JC_160": not_assigns(Object_alloc_table, Purse_balance, Purse_balance1, - pset_singleton(this_7))))) + ("JC_169": + ("JC_168": not_assigns(Object_alloc_table, Purse_balance, Purse_balance1, + pset_singleton(this_7)))) ========== file tests/java/why/Purse_po17.why ========== goal cons_Purse_safety_po_1: @@ -5150,27 +5034,7 @@ forall Purse_balance1:(Object, int) memory. (Purse_balance1 = store(Purse_balance0, this_7, 0)) -> - ("JC_165": balance_non_negative(this_7, Purse_balance1)) - -========== file tests/java/why/Purse_po1.why ========== -goal Purse_credit_ensures_default_po_1: - forall this_6:Object pointer. - forall s_0_0:int. - forall Object_alloc_table:Object alloc_table. - forall Purse_balance:(Object, - int) memory. - (valid_struct_Purse(this_6, 0, 0, Object_alloc_table) and - ("JC_171": - (("JC_170": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> - forall result:int. - (result = select(Purse_balance, this_6)) -> - forall Purse_balance0:(Object, - int) memory. - (Purse_balance0 = store(Purse_balance, this_6, (result + s_0_0))) -> - ("JC_175": - ("JC_173": - ("JC_173": (select(Purse_balance0, this_6) = (select(Purse_balance, - this_6) + s_0_0))))) + ("JC_173": balance_non_negative(this_7, Purse_balance1)) ========== file tests/java/why/Purse_po2.why ========== goal Purse_credit_ensures_default_po_2: @@ -5180,17 +5044,16 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_6, 0, 0, Object_alloc_table) and - ("JC_171": - (("JC_170": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> + ("JC_179": + (("JC_178": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_6)) -> forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_6, (result + s_0_0))) -> - ("JC_175": - ("JC_174": - ("JC_174": not_assigns(Object_alloc_table, Purse_balance, Purse_balance0, - pset_singleton(this_6))))) + ("JC_183": + ("JC_182": not_assigns(Object_alloc_table, Purse_balance, Purse_balance0, + pset_singleton(this_6)))) ========== file tests/java/why/Purse_po3.why ========== goal Purse_credit_safety_po_1: @@ -5200,14 +5063,14 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_6, 0, 0, Object_alloc_table) and - ("JC_171": - (("JC_170": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> + ("JC_179": + (("JC_178": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_6)) -> forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_6, (result + s_0_0))) -> - ("JC_179": balance_non_negative(this_6, Purse_balance0)) + ("JC_187": balance_non_negative(this_6, Purse_balance0)) ========== file tests/java/why/Purse_po4.why ========== goal Purse_getBalance_ensures_default_po_1: @@ -5216,12 +5079,12 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_4, 0, 0, Object_alloc_table) and - ("JC_219": balance_non_negative(this_4, Purse_balance))) -> + ("JC_227": balance_non_negative(this_4, Purse_balance))) -> forall result:int. (result = select(Purse_balance, this_4)) -> forall return:int. (return = result) -> - ("JC_221": (return = select(Purse_balance, this_4))) + ("JC_229": (return = select(Purse_balance, this_4))) ========== file tests/java/why/Purse_po5.why ========== goal Purse_withdraw_ensures_default_po_1: @@ -5231,8 +5094,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result >= s_1) -> @@ -5241,8 +5104,7 @@ forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_5, (result0 - s_1))) -> - ("JC_191": - ("JC_189": ("JC_187": ("JC_187": (s_1 <= select(Purse_balance, this_5)))))) + ("JC_199": ("JC_197": ("JC_195": (s_1 <= select(Purse_balance, this_5))))) ========== file tests/java/why/Purse_po6.why ========== goal Purse_withdraw_ensures_default_po_2: @@ -5252,8 +5114,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result >= s_1) -> @@ -5262,11 +5124,10 @@ forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_5, (result0 - s_1))) -> - ("JC_191": - ("JC_189": - ("JC_188": - ("JC_188": (select(Purse_balance0, this_5) = (select(Purse_balance, - this_5) - s_1)))))) + ("JC_199": + ("JC_197": + ("JC_196": (select(Purse_balance0, this_5) = (select(Purse_balance, + this_5) - s_1))))) ========== file tests/java/why/Purse_po7.why ========== goal Purse_withdraw_ensures_default_po_3: @@ -5276,8 +5137,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result >= s_1) -> @@ -5286,10 +5147,9 @@ forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_5, (result0 - s_1))) -> - ("JC_191": - ("JC_190": - ("JC_190": not_assigns(Object_alloc_table, Purse_balance, Purse_balance0, - pset_singleton(this_5))))) + ("JC_199": + ("JC_198": not_assigns(Object_alloc_table, Purse_balance, Purse_balance0, + pset_singleton(this_5)))) ========== file tests/java/why/Purse_po8.why ========== goal Purse_withdraw_ensures_default_po_4: @@ -5299,8 +5159,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -5312,7 +5172,7 @@ (alloc_extends(Object_alloc_table, Object_alloc_table0) and (alloc_fresh(Object_alloc_table, result0, 1) and instanceof(Object_tag_table, result0, NoCreditException_tag)))) -> - ("JC_213": ("JC_213": Non_null_Object(result0, Object_alloc_table0))) + ("JC_221": Non_null_Object(result0, Object_alloc_table0)) ========== file tests/java/why/Purse_po9.why ========== goal Purse_withdraw_exsures_amount_too_large_po_1: @@ -5322,8 +5182,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -5335,9 +5195,8 @@ (alloc_extends(Object_alloc_table, Object_alloc_table0) and (alloc_fresh(Object_alloc_table, result0, 1) and instanceof(Object_tag_table, result0, NoCreditException_tag)))) -> - ("JC_216": Non_null_Object(result0, Object_alloc_table0)) -> - ("JC_202": - ("JC_200": ("JC_199": ("JC_199": (s_1 > select(Purse_balance, this_5)))))) + ("JC_224": Non_null_Object(result0, Object_alloc_table0)) -> + ("JC_210": ("JC_208": ("JC_207": (s_1 > select(Purse_balance, this_5))))) ========== generation of Simplify VC output ========== why -simplify [...] why/Purse.why @@ -6169,7 +6028,7 @@ (EQ (parenttag NoCreditException_tag Exception_tag) |@true|)) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -6317,32 +6176,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Throwable p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_NoCreditException p a b bitvector_alloc_table) - (valid_bitvector_struct_Exception p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_PrintStream p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Purse p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -6377,7 +6210,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; Purse_credit_ensures_default_po_1, File "HOME/tests/java/Purse.java", line 54, characters 16-44 +;; Purse_credit_ensures_default_po_1, File "HOME/tests/java/Purse.java", line 56, characters 16-44 (FORALL (this_6) (FORALL (s_0_0) (FORALL (Object_alloc_table) @@ -6391,7 +6224,7 @@ (|why__store| Purse_balance this_6 (+ result s_0_0))) (EQ (select Purse_balance0 this_6) (+ (select Purse_balance this_6) s_0_0))))))))))) -;; Purse_credit_ensures_default_po_2, File "HOME/tests/java/Purse.java", line 56, characters 16-22 +;; Purse_credit_ensures_default_po_2, File "HOME/tests/java/Purse.java", line 58, characters 16-22 (FORALL (this_6) (FORALL (s_0_0) (FORALL (Object_alloc_table) @@ -6406,7 +6239,7 @@ (not_assigns Object_alloc_table Purse_balance Purse_balance0 (pset_singleton this_6))))))))))) -;; Purse_credit_safety_po_1, File "HOME/tests/java/Purse.java", line 56, characters 16-22 +;; Purse_credit_safety_po_1, File "HOME/tests/java/Purse.java", line 58, characters 16-22 (FORALL (this_6) (FORALL (s_0_0) (FORALL (Object_alloc_table) @@ -6420,7 +6253,7 @@ (|why__store| Purse_balance this_6 (+ result s_0_0))) (balance_non_negative this_6 Purse_balance0)))))))))) -;; Purse_getBalance_ensures_default_po_1, File "HOME/tests/java/Purse.java", line 74, characters 16-34 +;; Purse_getBalance_ensures_default_po_1, File "HOME/tests/java/Purse.java", line 76, characters 16-34 (FORALL (this_4) (FORALL (Object_alloc_table) (FORALL (Purse_balance) @@ -6431,7 +6264,7 @@ (FORALL (return) (IMPLIES (EQ return result) (EQ return (select Purse_balance this_4)))))))))) -;; Purse_withdraw_ensures_default_po_1, File "HOME/tests/java/Purse.java", line 62, characters 16-34 +;; Purse_withdraw_ensures_default_po_1, File "HOME/tests/java/Purse.java", line 64, characters 16-34 (FORALL (this_5) (FORALL (s_1) (FORALL (Object_alloc_table) @@ -6448,7 +6281,7 @@ (|why__store| Purse_balance this_5 (- result0 s_1))) (<= s_1 (select Purse_balance this_5)))))))))))))) -;; Purse_withdraw_ensures_default_po_2, File "HOME/tests/java/Purse.java", line 62, characters 38-66 +;; Purse_withdraw_ensures_default_po_2, File "HOME/tests/java/Purse.java", line 64, characters 38-66 (FORALL (this_5) (FORALL (s_1) (FORALL (Object_alloc_table) @@ -6465,7 +6298,7 @@ (|why__store| Purse_balance this_5 (- result0 s_1))) (EQ (select Purse_balance0 this_5) (- (select Purse_balance this_5) s_1)))))))))))))) -;; Purse_withdraw_ensures_default_po_3, File "HOME/tests/java/Purse.java", line 67, characters 16-24 +;; Purse_withdraw_ensures_default_po_3, File "HOME/tests/java/Purse.java", line 69, characters 16-24 (FORALL (this_5) (FORALL (s_1) (FORALL (Object_alloc_table) @@ -6483,7 +6316,7 @@ (not_assigns Object_alloc_table Purse_balance Purse_balance0 (pset_singleton this_5)))))))))))))) -;; Purse_withdraw_ensures_default_po_4, File "HOME/tests/java/Purse.jc", line 169, characters 17-55 +;; Purse_withdraw_ensures_default_po_4, File "HOME/tests/java/Purse.jc", line 172, characters 17-55 (FORALL (this_5) (FORALL (s_1) (FORALL (Object_alloc_table) @@ -6505,7 +6338,7 @@ (instanceof Object_tag_table result0 NoCreditException_tag)))) (Non_null_Object result0 Object_alloc_table0))))))))))))) -;; Purse_withdraw_exsures_amount_too_large_po_1, File "HOME/tests/java/Purse.java", line 65, characters 38-55 +;; Purse_withdraw_exsures_amount_too_large_po_1, File "HOME/tests/java/Purse.java", line 67, characters 38-55 (FORALL (this_5) (FORALL (s_1) (FORALL (Object_alloc_table) @@ -6528,7 +6361,7 @@ (IMPLIES (Non_null_Object result0 Object_alloc_table0) (> s_1 (select Purse_balance this_5))))))))))))))) -;; Purse_withdraw_exsures_amount_too_large_po_2, File "HOME/tests/java/Purse.java", line 67, characters 16-24 +;; Purse_withdraw_exsures_amount_too_large_po_2, File "HOME/tests/java/Purse.java", line 69, characters 16-24 (FORALL (this_5) (FORALL (s_1) (FORALL (Object_alloc_table) @@ -6551,7 +6384,7 @@ (IMPLIES (Non_null_Object result0 Object_alloc_table0) (balance_non_negative this_5 Purse_balance)))))))))))))) -;; Purse_withdraw_exsures_amount_too_large_po_3, File "HOME/tests/java/Purse.java", line 67, characters 16-24 +;; Purse_withdraw_exsures_amount_too_large_po_3, File "HOME/tests/java/Purse.java", line 69, characters 16-24 (FORALL (this_5) (FORALL (s_1) (FORALL (Object_alloc_table) @@ -6574,7 +6407,7 @@ (IMPLIES (Non_null_Object result0 Object_alloc_table0) (not_assigns Object_alloc_table Purse_balance Purse_balance pset_empty)))))))))))))) -;; Purse_withdraw_safety_po_1, File "HOME/tests/java/Purse.java", line 67, characters 16-24 +;; Purse_withdraw_safety_po_1, File "HOME/tests/java/Purse.java", line 69, characters 16-24 (FORALL (this_5) (FORALL (s_1) (FORALL (Object_alloc_table) @@ -6591,7 +6424,7 @@ (|why__store| Purse_balance this_5 (- result0 s_1))) (balance_non_negative this_5 Purse_balance0))))))))))))) -;; Purse_withdraw_safety_po_2, File "HOME/tests/java/Purse.jc", line 160, characters 43-67 +;; Purse_withdraw_safety_po_2, File "HOME/tests/java/Purse.jc", line 163, characters 43-67 (FORALL (this_5) (FORALL (s_1) (FORALL (Object_alloc_table) @@ -6602,7 +6435,7 @@ (IMPLIES (EQ result (select Purse_balance this_5)) (IMPLIES (< result s_1) (>= 1 0))))))))) -;; Purse_withdraw_safety_po_3, File "why/Purse.why", line 1089, characters 16-71 +;; Purse_withdraw_safety_po_3, File "why/Purse.why", line 917, characters 16-71 (FORALL (this_5) (FORALL (s_1) (FORALL (Object_alloc_table) @@ -6625,7 +6458,7 @@ (instanceof Object_tag_table result0 NoCreditException_tag)))) (>= (offset_max Object_alloc_table0 result0) 0)))))))))))))) -;; cons_Purse_ensures_default_po_1, File "HOME/tests/java/Purse.java", line 46, characters 16-28 +;; cons_Purse_ensures_default_po_1, File "HOME/tests/java/Purse.java", line 48, characters 16-28 (FORALL (this_7) (FORALL (Object_alloc_table) (FORALL (Purse_balance) @@ -6636,7 +6469,7 @@ (IMPLIES (EQ Purse_balance1 (|why__store| Purse_balance0 this_7 0)) (EQ (select Purse_balance1 this_7) 0))))))))) -;; cons_Purse_ensures_default_po_2, File "HOME/tests/java/Purse.java", line 48, characters 11-16 +;; cons_Purse_ensures_default_po_2, File "HOME/tests/java/Purse.java", line 50, characters 11-16 (FORALL (this_7) (FORALL (Object_alloc_table) (FORALL (Purse_balance) @@ -6648,7 +6481,7 @@ (not_assigns Object_alloc_table Purse_balance Purse_balance1 (pset_singleton this_7)))))))))) -;; cons_Purse_safety_po_1, File "HOME/tests/java/Purse.java", line 48, characters 11-16 +;; cons_Purse_safety_po_1, File "HOME/tests/java/Purse.java", line 50, characters 11-16 (FORALL (this_7) (FORALL (Object_alloc_table) (FORALL (Purse_balance) @@ -7620,7 +7453,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) logic Object_tag : Object tag_id @@ -7791,40 +7624,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Throwable(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NoCreditException(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Exception(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PrintStream(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Purse(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -7876,17 +7675,16 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_6, 0, 0, Object_alloc_table) and - ("JC_171": - (("JC_170": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> + ("JC_179": + (("JC_178": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_6)) -> forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_6, (result + s_0_0))) -> - ("JC_175": - ("JC_173": - ("JC_173": (select(Purse_balance0, this_6) = (select(Purse_balance, - this_6) + s_0_0))))) + ("JC_183": + ("JC_181": (select(Purse_balance0, this_6) = (select(Purse_balance, + this_6) + s_0_0)))) goal Purse_credit_ensures_default_po_2: forall this_6:Object pointer. @@ -7895,17 +7693,16 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_6, 0, 0, Object_alloc_table) and - ("JC_171": - (("JC_170": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> + ("JC_179": + (("JC_178": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_6)) -> forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_6, (result + s_0_0))) -> - ("JC_175": - ("JC_174": - ("JC_174": not_assigns(Object_alloc_table, Purse_balance, Purse_balance0, - pset_singleton(this_6))))) + ("JC_183": + ("JC_182": not_assigns(Object_alloc_table, Purse_balance, Purse_balance0, + pset_singleton(this_6)))) goal Purse_credit_safety_po_1: forall this_6:Object pointer. @@ -7914,14 +7711,14 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_6, 0, 0, Object_alloc_table) and - ("JC_171": - (("JC_170": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> + ("JC_179": + (("JC_178": (s_0_0 >= 0)) and balance_non_negative(this_6, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_6)) -> forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_6, (result + s_0_0))) -> - ("JC_179": balance_non_negative(this_6, Purse_balance0)) + ("JC_187": balance_non_negative(this_6, Purse_balance0)) goal Purse_getBalance_ensures_default_po_1: forall this_4:Object pointer. @@ -7929,12 +7726,12 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_4, 0, 0, Object_alloc_table) and - ("JC_219": balance_non_negative(this_4, Purse_balance))) -> + ("JC_227": balance_non_negative(this_4, Purse_balance))) -> forall result:int. (result = select(Purse_balance, this_4)) -> forall return:int. (return = result) -> - ("JC_221": (return = select(Purse_balance, this_4))) + ("JC_229": (return = select(Purse_balance, this_4))) goal Purse_withdraw_ensures_default_po_1: forall this_5:Object pointer. @@ -7943,8 +7740,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result >= s_1) -> @@ -7953,8 +7750,7 @@ forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_5, (result0 - s_1))) -> - ("JC_191": - ("JC_189": ("JC_187": ("JC_187": (s_1 <= select(Purse_balance, this_5)))))) + ("JC_199": ("JC_197": ("JC_195": (s_1 <= select(Purse_balance, this_5))))) goal Purse_withdraw_ensures_default_po_2: forall this_5:Object pointer. @@ -7963,8 +7759,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result >= s_1) -> @@ -7973,11 +7769,10 @@ forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_5, (result0 - s_1))) -> - ("JC_191": - ("JC_189": - ("JC_188": - ("JC_188": (select(Purse_balance0, this_5) = (select(Purse_balance, - this_5) - s_1)))))) + ("JC_199": + ("JC_197": + ("JC_196": (select(Purse_balance0, this_5) = (select(Purse_balance, + this_5) - s_1))))) goal Purse_withdraw_ensures_default_po_3: forall this_5:Object pointer. @@ -7986,8 +7781,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result >= s_1) -> @@ -7996,10 +7791,9 @@ forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_5, (result0 - s_1))) -> - ("JC_191": - ("JC_190": - ("JC_190": not_assigns(Object_alloc_table, Purse_balance, Purse_balance0, - pset_singleton(this_5))))) + ("JC_199": + ("JC_198": not_assigns(Object_alloc_table, Purse_balance, Purse_balance0, + pset_singleton(this_5)))) goal Purse_withdraw_ensures_default_po_4: forall this_5:Object pointer. @@ -8008,8 +7802,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -8021,7 +7815,7 @@ (alloc_extends(Object_alloc_table, Object_alloc_table0) and (alloc_fresh(Object_alloc_table, result0, 1) and instanceof(Object_tag_table, result0, NoCreditException_tag)))) -> - ("JC_213": ("JC_213": Non_null_Object(result0, Object_alloc_table0))) + ("JC_221": Non_null_Object(result0, Object_alloc_table0)) goal Purse_withdraw_exsures_amount_too_large_po_1: forall this_5:Object pointer. @@ -8030,8 +7824,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -8043,9 +7837,8 @@ (alloc_extends(Object_alloc_table, Object_alloc_table0) and (alloc_fresh(Object_alloc_table, result0, 1) and instanceof(Object_tag_table, result0, NoCreditException_tag)))) -> - ("JC_216": Non_null_Object(result0, Object_alloc_table0)) -> - ("JC_202": - ("JC_200": ("JC_199": ("JC_199": (s_1 > select(Purse_balance, this_5)))))) + ("JC_224": Non_null_Object(result0, Object_alloc_table0)) -> + ("JC_210": ("JC_208": ("JC_207": (s_1 > select(Purse_balance, this_5))))) goal Purse_withdraw_exsures_amount_too_large_po_2: forall this_5:Object pointer. @@ -8054,8 +7847,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -8067,8 +7860,8 @@ (alloc_extends(Object_alloc_table, Object_alloc_table0) and (alloc_fresh(Object_alloc_table, result0, 1) and instanceof(Object_tag_table, result0, NoCreditException_tag)))) -> - ("JC_216": Non_null_Object(result0, Object_alloc_table0)) -> - ("JC_202": ("JC_200": balance_non_negative(this_5, Purse_balance))) + ("JC_224": Non_null_Object(result0, Object_alloc_table0)) -> + ("JC_210": ("JC_208": balance_non_negative(this_5, Purse_balance))) goal Purse_withdraw_exsures_amount_too_large_po_3: forall this_5:Object pointer. @@ -8077,8 +7870,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -8090,11 +7883,10 @@ (alloc_extends(Object_alloc_table, Object_alloc_table0) and (alloc_fresh(Object_alloc_table, result0, 1) and instanceof(Object_tag_table, result0, NoCreditException_tag)))) -> - ("JC_216": Non_null_Object(result0, Object_alloc_table0)) -> - ("JC_202": - ("JC_201": - ("JC_201": not_assigns(Object_alloc_table, Purse_balance, Purse_balance, - pset_empty)))) + ("JC_224": Non_null_Object(result0, Object_alloc_table0)) -> + ("JC_210": + ("JC_209": not_assigns(Object_alloc_table, Purse_balance, Purse_balance, + pset_empty))) goal Purse_withdraw_safety_po_1: forall this_5:Object pointer. @@ -8103,8 +7895,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result >= s_1) -> @@ -8113,7 +7905,7 @@ forall Purse_balance0:(Object, int) memory. (Purse_balance0 = store(Purse_balance, this_5, (result0 - s_1))) -> - ("JC_197": balance_non_negative(this_5, Purse_balance0)) + ("JC_205": balance_non_negative(this_5, Purse_balance0)) goal Purse_withdraw_safety_po_2: forall this_5:Object pointer. @@ -8122,8 +7914,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -8136,8 +7928,8 @@ forall Purse_balance:(Object, int) memory. (valid_struct_Purse(this_5, 0, 0, Object_alloc_table) and - ("JC_185": - (("JC_184": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> + ("JC_193": + (("JC_192": (s_1 >= 0)) and balance_non_negative(this_5, Purse_balance)))) -> forall result:int. (result = select(Purse_balance, this_5)) -> (result < s_1) -> @@ -8164,7 +7956,7 @@ forall Purse_balance1:(Object, int) memory. (Purse_balance1 = store(Purse_balance0, this_7, 0)) -> - ("JC_161": ("JC_159": ("JC_159": (select(Purse_balance1, this_7) = 0)))) + ("JC_169": ("JC_167": (select(Purse_balance1, this_7) = 0))) goal cons_Purse_ensures_default_po_2: forall this_7:Object pointer. @@ -8178,10 +7970,9 @@ forall Purse_balance1:(Object, int) memory. (Purse_balance1 = store(Purse_balance0, this_7, 0)) -> - ("JC_161": - ("JC_160": - ("JC_160": not_assigns(Object_alloc_table, Purse_balance, Purse_balance1, - pset_singleton(this_7))))) + ("JC_169": + ("JC_168": not_assigns(Object_alloc_table, Purse_balance, Purse_balance1, + pset_singleton(this_7)))) goal cons_Purse_safety_po_1: forall this_7:Object pointer. @@ -8195,7 +7986,7 @@ forall Purse_balance1:(Object, int) memory. (Purse_balance1 = store(Purse_balance0, this_7, 0)) -> - ("JC_165": balance_non_negative(this_7, Purse_balance1)) + ("JC_173": balance_non_negative(this_7, Purse_balance1)) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations diff -Nru why-2.29+dfsg/tests/java/oracle/SelectionSort.err.oracle why-2.30+dfsg/tests/java/oracle/SelectionSort.err.oracle --- why-2.29+dfsg/tests/java/oracle/SelectionSort.err.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/SelectionSort.err.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,7 @@ +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file +Warning: recursive definition of Permut in generated file diff -Nru why-2.29+dfsg/tests/java/oracle/SelectionSort.res.oracle why-2.30+dfsg/tests/java/oracle/SelectionSort.res.oracle --- why-2.29+dfsg/tests/java/oracle/SelectionSort.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/SelectionSort.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,16167 @@ +========== file tests/java/SelectionSort.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +/*@ predicate Sorted{L}(int a[], integer l, integer h) = + @ \forall integer i j; l <= i <= j < h ==> a[i] <= a[j] ; + @*/ + +/*@ predicate Swap{L1,L2}(int a[], integer i, integer j) = + @ \at(a[i],L1) == \at(a[j],L2) && + @ \at(a[j],L1) == \at(a[i],L2) && + @ \forall integer k; k != i && k != j ==> \at(a[k],L1) == \at(a[k],L2); + @*/ + +/*@ inductive Permut{L1,L2}(int a[], integer l, integer h) { + @ case Permut_refl{L}: + @ \forall int a[], integer l h; Permut{L,L}(a, l, h) ; + @ case Permut_sym{L1,L2}: + @ \forall int a[], integer l h; + @ Permut{L1,L2}(a, l, h) ==> Permut{L2,L1}(a, l, h) ; + @ case Permut_trans{L1,L2,L3}: + @ \forall int a[], integer l h; + @ Permut{L1,L2}(a, l, h) && Permut{L2,L3}(a, l, h) ==> + @ Permut{L1,L3}(a, l, h) ; + @ case Permut_swap{L1,L2}: + @ \forall int a[], integer l h i j; + @ l <= i <= h && l <= j <= h && Swap{L1,L2}(a, i, j) ==> + @ Permut{L1,L2}(a, l, h) ; + @ } + @*/ + +class SelectionSort { + + /*@ requires t != null && + @ 0 <= i < t.length && 0 <= j < t.length; + @ assigns t[i],t[j]; + @ ensures Swap{Old,Here}(t,i,j); + @*/ + void swap(int t[], int i, int j) { + int tmp = t[i]; + t[i] = t[j]; + t[j] = tmp; + } + + /*@ requires t != null; + @ behavior sorted: + @ ensures Sorted(t,0,t.length); + @ behavior permutation: + @ ensures Permut{Old,Here}(t,0,t.length-1); + @*/ + void sort(int t[]) { + int i,j; + int mi,mv; + /*@ loop_invariant 0 <= i; + @ for sorted: + @ loop_invariant Sorted(t,0,i) && + @ (\forall integer k1 k2 ; + @ 0 <= k1 < i <= k2 < t.length ==> t[k1] <= t[k2]) ; + @ for permutation: + @ loop_invariant Permut{Pre,Here}(t,0,t.length-1); + @ loop_variant t.length - i; + @*/ + for (i=0; i t[k] >= mv); + @ // useless ! for permutation: + @ // loop_invariant Permut{Pre,Here}(t,0,t.length-1); + @ loop_variant t.length - j; + @*/ + for (j=i+1; j < t.length; j++) { + if (t[j] < mv) { + mi = j ; mv = t[j]; + } + } + Before: + swap(t,i,mi); + //@ for permutation: assert Permut{Before,Here}(t,0,t.length-1); + } + } + +} + + + +/* +Local Variables: +compile-command: "make SelectionSort.why3ml" +End: +*/ + + +========== krakatoa execution ========== +Parsing OK. +Typing OK. +Generating JC function SelectionSort_swap for method SelectionSort.swap +Generating JC function SelectionSort_sort for method SelectionSort.sort +Generating JC function cons_SelectionSort for constructor SelectionSort +Generating JC function Object_registerNatives for method Object.registerNatives +Generating JC function Object_hashCode for method Object.hashCode +Generating JC function Object_equals for method Object.equals +Generating JC function Object_clone for method Object.clone +Generating JC function Object_toString for method Object.toString +Generating JC function Object_notify for method Object.notify +Generating JC function Object_notifyAll for method Object.notifyAll +Generating JC function Object_wait_long for method Object.wait +Generating JC function Object_wait_long_int for method Object.wait +Generating JC function Object_wait for method Object.wait +Generating JC function Object_finalize for method Object.finalize +Generating JC function cons_Object for constructor Object +Done. +========== file tests/java/SelectionSort.jc ========== +# InvariantPolicy = Arguments +# TerminationPolicy = always +# SeparationPolicy = None +# AnnotationPolicy = None +# AbstractDomain = None + +type byte = -128..127 + +type short = -32768..32767 + +type int32 = -2147483648..2147483647 + +type long = -9223372036854775808..9223372036854775807 + +type char = 0..65535 + +predicate Non_null_intM{Here}(intM[0..] x) = +(\offset_max(x) >= -1) + +predicate Non_null_Object{Here}(Object[0..] x) = +(\offset_max(x) >= 0) + +String[0..] any_string() +; + +tag Object = { +} + +tag String = Object with { +} + +tag Throwable = Object with { +} + +tag Exception = Object with { +} + +tag SelectionSort = Object with { +} + +type Object = [Object] + +type interface = [interface] + +tag interface = { +} + +tag intM = Object with { + int32 intP; +} + +boolean non_null_intM(! intM[0..] x) +behavior default: + assigns \nothing; + ensures (if \result then (\offset_max(x) >= -1) else (x == null)); +; + +integer java_array_length_intM(! intM[0..-1] x) +behavior default: + assigns \nothing; + ensures ((\result <= 2147483647) && + ((\result >= 0) && (\result == (\offset_max(x) + 1)))); +; + +boolean non_null_Object(! Object[0..] x) +behavior normal: + ensures (if \result then (\offset_max(x) == 0) else (x == null)); +; + +predicate Sorted{L}(intM[0..] a, integer l, integer h) = +(\forall integer i; + (\forall integer j; + ((((l <= i) && (i <= j)) && (j < h)) ==> ((a + i).intP <= (a + j).intP)))) + +predicate Swap{L1, L2}(intM[0..] a_0, integer i_0, integer j_0) = +(((\at((a_0 + i_0).intP,L1) == \at((a_0 + j_0).intP,L2)) && + (\at((a_0 + j_0).intP,L1) == \at((a_0 + i_0).intP,L2))) && + (\forall integer k; + (((k != i_0) && (k != j_0)) ==> + (\at((a_0 + k).intP,L1) == \at((a_0 + k).intP,L2))))) + +predicate Permut{L1, L2}(intM[0..] a_1, integer l_0, integer h_0) { +case Permut_refl{L}: (\forall intM[0..] a_2; + (\forall integer l_1; + (\forall integer h_1; + Permut{L, L}(a_2, l_1, h_1)))); + + case Permut_sym{L1, L2}: (\forall intM[0..] a_3; + (\forall integer l_2; + (\forall integer h_2; + (Permut{L1, + L2}(a_3, l_2, h_2) ==> + Permut{L2, + L1}(a_3, l_2, h_2))))); + + case Permut_trans{L1, L2, L3}: (\forall intM[0..] a_4; + (\forall integer l_3; + (\forall integer h_3; + ((Permut{L1, + L2}(a_4, l_3, h_3) && + Permut{L2, + L3}(a_4, l_3, h_3)) ==> + Permut{L1, + L3}(a_4, l_3, h_3))))); + + case Permut_swap{L1, L2}: (\forall intM[0..] a_5; + (\forall integer l_4; + (\forall integer h_4; + (\forall integer i_1; + (\forall integer j_1; + (((((l_4 <= i_1) && (i_1 <= h_4)) && + ((l_4 <= j_1) && (j_1 <= h_4))) && + Swap{L1, + L2}(a_5, i_1, j_1)) ==> + Permut{L1, + L2}(a_5, l_4, h_4))))))); + +} + +exception Throwable of Throwable[0..] + +exception Exception of Exception[0..] + +unit SelectionSort_swap(SelectionSort[0] this_2, intM[0..] t, int32 i_2, + int32 j_2) + requires (K_10 : ((K_9 : ((K_8 : Non_null_intM(t)) && + (K_7 : ((K_6 : (0 <= i_2)) && + (K_5 : (i_2 < (\offset_max(t) + 1))))))) && + (K_4 : ((K_3 : (0 <= j_2)) && + (K_2 : (j_2 < (\offset_max(t) + 1))))))); +behavior default: + assigns (t + [i_2..i_2]).intP, + (t + [j_2..j_2]).intP; + ensures (K_1 : Swap{Old, Here}(t, i_2, j_2)); +{ + { + (var int32 tmp = (K_14 : (t + i_2).intP)); + + { (K_12 : ((t + i_2).intP = (K_11 : (t + j_2).intP))); + (K_13 : ((t + j_2).intP = tmp)) + } + } +} + +unit SelectionSort_sort(SelectionSort[0] this_0, intM[0..] t_0) + requires (K_17 : Non_null_intM(t_0)); +behavior sorted: + ensures (K_15 : Sorted{Here}(t_0, 0, (\offset_max(t_0) + 1))); +behavior permutation: + ensures (K_16 : Permut{Old, Here}(t_0, 0, ((\offset_max(t_0) + 1) - 1))); +{ + { + (var int32 i_3); + + { + (var int32 j_3); + + { + (var int32 mi); + + { + (var int32 mv); + + loop + behavior default: + invariant (K_18 : (0 <= i_3)); + behavior sorted: + invariant (K_21 : ((K_20 : Sorted{Here}(t_0, 0, i_3)) && + (K_19 : (\forall integer k1; + (\forall integer k2; + (((((0 <= k1) && (k1 < i_3)) && + (i_3 <= k2)) && + (k2 < + (\offset_max(t_0) + 1))) ==> + ((t_0 + k1).intP <= + (t_0 + k2).intP))))))); + behavior permutation: + invariant (K_22 : Permut{Pre, + Here}(t_0, 0, ((\offset_max(t_0) + 1) - 1))); + + variant (K_23 : ((\offset_max(t_0) + 1) - i_3)); + for ((i_3 = 0) ; (K_47 : (i_3 < + (K_46 : (((K_45 : java_array_length_intM( + t_0)) - + 1) :> int32)))) ; + (K_44 : (i_3 ++))) + { + { (mv = (K_24 : (t_0 + i_3).intP)); + (mi = i_3); + + loop + behavior default: + invariant (K_29 : ((K_28 : (i_3 < j_3)) && + (K_27 : ((K_26 : (i_3 <= mi)) && + (K_25 : (mi < + (\offset_max(t_0) + + 1))))))); + behavior sorted: + invariant (K_32 : ((K_31 : (mv == (t_0 + mi).intP)) && + (K_30 : (\forall integer k_0; + (((i_3 <= k_0) && + (k_0 < j_3)) ==> + ((t_0 + k_0).intP >= + mv)))))); + + variant (K_33 : ((\offset_max(t_0) + 1) - j_3)); + for ((j_3 = (K_40 : ((i_3 + 1) :> int32))) ; (K_39 : + (j_3 < + (K_38 : java_array_length_intM( + t_0)))) ; + (K_37 : (j_3 ++))) + { (if (K_36 : ((K_35 : (t_0 + j_3).intP) < mv)) then + { (mi = j_3); + (mv = (K_34 : (t_0 + j_3).intP)) + } else ()) + }; + (Before : + { (K_41 : SelectionSort_swap(this_0, t_0, i_3, mi)); + (K_43 : + (assert for permutation: (K_42 : Permut{Before, + Here}(t_0, 0, + ((\offset_max(t_0) + + 1) - + 1))))) + }) + } + } + } + } + } + } +} + +unit cons_SelectionSort(! SelectionSort[0] this_3){()} + +unit Object_registerNatives() +; + +int32 Object_hashCode(Object[0] this_4) +; + +boolean Object_equals(Object[0] this_5, Object[0..] obj) +; + +Object[0..] Object_clone(Object[0] this_6) +; + +String[0..] Object_toString(Object[0] this_7) +; + +unit Object_notify(Object[0] this_8) +; + +unit Object_notifyAll(Object[0] this_9) +; + +unit Object_wait_long(Object[0] this_10, long timeout) +; + +unit Object_wait_long_int(Object[0] this_11, long timeout_0, int32 nanos) +; + +unit Object_wait(Object[0] this_12) +; + +unit Object_finalize(Object[0] this_13) +; + +unit cons_Object(! Object[0] this_14){()} + +/* +Local Variables: +mode: java +compile-command: "jessie -why-opt -split-user-conj -locs tests/java/SelectionSort.jloc tests/java/SelectionSort.jc && make -f tests/java/SelectionSort.makefile gui" +End: +*/ +========== file tests/java/SelectionSort.jloc ========== +[K_10] +file = "HOME/tests/java/SelectionSort.java" +line = 61 +begin = 17 +end = 80 + +[K_11] +file = "HOME/tests/java/SelectionSort.java" +line = 68 +begin = 8 +end = 12 + +[K_12] +file = "HOME/tests/java/SelectionSort.java" +line = 68 +begin = 1 +end = 12 + +[K_13] +file = "HOME/tests/java/SelectionSort.java" +line = 69 +begin = 1 +end = 11 + +[K_14] +file = "HOME/tests/java/SelectionSort.java" +line = 67 +begin = 11 +end = 15 + +[K_15] +file = "HOME/tests/java/SelectionSort.java" +line = 74 +begin = 18 +end = 38 + +[K_16] +file = "HOME/tests/java/SelectionSort.java" +line = 76 +begin = 18 +end = 50 + +[K_17] +file = "HOME/tests/java/SelectionSort.java" +line = 72 +begin = 17 +end = 26 + +[K_18] +file = "HOME/tests/java/SelectionSort.java" +line = 81 +begin = 20 +end = 26 + +[K_19] +file = "HOME/tests/java/SelectionSort.java" +line = 84 +begin = 8 +end = 90 + +[K_20] +file = "HOME/tests/java/SelectionSort.java" +line = 83 +begin = 21 +end = 34 + +[K_21] +file = "HOME/tests/java/SelectionSort.java" +line = 83 +begin = 21 +end = 130 + +[K_22] +file = "HOME/tests/java/SelectionSort.java" +line = 87 +begin = 22 +end = 54 + +[K_23] +file = "HOME/tests/java/SelectionSort.java" +line = 88 +begin = 18 +end = 30 + +[K_24] +file = "HOME/tests/java/SelectionSort.java" +line = 92 +begin = 10 +end = 14 + +[K_1] +file = "HOME/tests/java/SelectionSort.java" +line = 64 +begin = 16 +end = 37 + +[K_25] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 38 +end = 51 + +[K_2] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 37 +end = 49 + +[K_26] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 33 +end = 40 + +[K_3] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 32 +end = 38 + +[Object_equals] +name = "Method equals" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[K_27] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 33 +end = 51 + +[K_4] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 32 +end = 49 + +[K_28] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 24 +end = 29 + +[K_5] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 16 +end = 28 + +[K_29] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 24 +end = 51 + +[K_6] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 11 +end = 17 + +[K_7] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 11 +end = 28 + +[K_8] +file = "HOME/tests/java/SelectionSort.java" +line = 61 +begin = 17 +end = 26 + +[K_9] +file = "HOME/tests/java/SelectionSort.java" +line = 61 +begin = 17 +end = 59 + +[Object_notify] +name = "Method notify" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[cons_SelectionSort] +name = "Constructor of class SelectionSort" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_Object] +name = "Constructor of class Object" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[SelectionSort_swap] +name = "Method swap" +file = "HOME/tests/java/SelectionSort.java" +line = 66 +begin = 9 +end = 13 + +[K_30] +file = "HOME/tests/java/SelectionSort.java" +line = 96 +begin = 12 +end = 56 + +[K_31] +file = "HOME/tests/java/SelectionSort.java" +line = 95 +begin = 25 +end = 36 + +[K_32] +file = "HOME/tests/java/SelectionSort.java" +line = 95 +begin = 25 +end = 97 + +[K_33] +file = "HOME/tests/java/SelectionSort.java" +line = 99 +begin = 22 +end = 34 + +[K_34] +file = "HOME/tests/java/SelectionSort.java" +line = 103 +begin = 20 +end = 24 + +[K_35] +file = "HOME/tests/java/SelectionSort.java" +line = 102 +begin = 6 +end = 10 + +[K_36] +file = "HOME/tests/java/SelectionSort.java" +line = 102 +begin = 6 +end = 15 + +[K_37] +file = "HOME/tests/java/SelectionSort.java" +line = 101 +begin = 31 +end = 34 + +[K_38] +file = "HOME/tests/java/SelectionSort.java" +line = 101 +begin = 21 +end = 29 + +[Object_wait_long_int] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[K_39] +file = "HOME/tests/java/SelectionSort.java" +line = 101 +begin = 17 +end = 29 + +[Object_wait_long] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[Object_hashCode] +name = "Method hashCode" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[Object_notifyAll] +name = "Method notifyAll" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[K_40] +file = "HOME/tests/java/SelectionSort.java" +line = 101 +begin = 12 +end = 15 + +[K_41] +file = "HOME/tests/java/SelectionSort.java" +line = 107 +begin = 5 +end = 17 + +[K_42] +file = "HOME/tests/java/SelectionSort.java" +line = 108 +begin = 33 +end = 68 + +[K_43] +file = "HOME/tests/java/SelectionSort.java" +line = 108 +begin = 33 +end = 68 + +[K_44] +file = "HOME/tests/java/SelectionSort.java" +line = 90 +begin = 25 +end = 28 + +[Object_toString] +name = "Method toString" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[K_45] +file = "HOME/tests/java/SelectionSort.java" +line = 90 +begin = 13 +end = 21 + +[K_46] +file = "HOME/tests/java/SelectionSort.java" +line = 90 +begin = 13 +end = 23 + +[K_47] +file = "HOME/tests/java/SelectionSort.java" +line = 90 +begin = 11 +end = 23 + +[Object_registerNatives] +name = "Method registerNatives" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[Object_clone] +name = "Method clone" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[Object_wait] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[SelectionSort_sort] +name = "Method sort" +file = "HOME/tests/java/SelectionSort.java" +line = 78 +begin = 9 +end = 13 + +[Object_finalize] +name = "Method finalize" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +========== jessie execution ========== +Generating Why function SelectionSort_swap +Generating Why function SelectionSort_sort +Generating Why function cons_SelectionSort +Generating Why function cons_Object +========== file tests/java/SelectionSort.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs SelectionSort.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs SelectionSort.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/SelectionSort_why.sx + +project: why/SelectionSort.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/SelectionSort_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/SelectionSort_why.vo + +coq/SelectionSort_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/SelectionSort_why.v: why/SelectionSort.why + @echo 'why -coq [...] why/SelectionSort.why' && $(WHY) $(JESSIELIBFILES) why/SelectionSort.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/SelectionSort_ctx_why.vo + for f in why/*_po*.why; do make -f SelectionSort.makefile coq/`basename $$f .why`_why.v ; done + +coq/SelectionSort_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/SelectionSort_ctx_why.v: why/SelectionSort_ctx.why + @echo 'why -coq [...] why/SelectionSort_ctx.why' && $(WHY) why/SelectionSort_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export SelectionSort_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/SelectionSort_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/SelectionSort_ctx_why.vo + +pvs: pvs/SelectionSort_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/SelectionSort_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/SelectionSort_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/SelectionSort_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/SelectionSort_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/SelectionSort_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/SelectionSort_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/SelectionSort_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/SelectionSort_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/SelectionSort_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/SelectionSort_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/SelectionSort_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/SelectionSort_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/SelectionSort_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/SelectionSort_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: SelectionSort.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/SelectionSort_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/SelectionSort_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: SelectionSort.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include SelectionSort.depend + +depend: coq/SelectionSort_why.v + -$(COQDEP) -I coq coq/SelectionSort*_why.v > SelectionSort.depend + +clean: + rm -f coq/*.vo + +========== file tests/java/SelectionSort.loc ========== +[JC_103] +file = "HOME/tests/java/SelectionSort.java" +line = 81 +begin = 20 +end = 26 + +[JC_104] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[SelectionSort_sort_ensures_sorted] +name = "Method sort" +behavior = "Behavior `sorted'" +file = "HOME/tests/java/SelectionSort.java" +line = 78 +begin = 9 +end = 13 + +[JC_105] +file = "HOME/tests/java/SelectionSort.jc" +line = 164 +begin = 15 +end = 3584 + +[JC_106] +file = "HOME/tests/java/SelectionSort.jc" +line = 164 +begin = 15 +end = 3584 + +[JC_40] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 11 +end = 17 + +[JC_107] +kind = UserCall +file = "HOME/tests/java/SelectionSort.java" +line = 90 +begin = 13 +end = 21 + +[JC_41] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 16 +end = 28 + +[JC_108] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 24 +end = 29 + +[JC_42] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 32 +end = 38 + +[JC_220] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_109] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 33 +end = 40 + +[JC_43] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 37 +end = 49 + +[JC_221] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[JC_44] +file = "HOME/tests/java/SelectionSort.java" +line = 61 +begin = 17 +end = 80 + +[JC_222] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_45] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_223] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_46] +file = "HOME/tests/java/SelectionSort.java" +line = 61 +begin = 17 +end = 26 + +[JC_224] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_47] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 11 +end = 17 + +[JC_225] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_48] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 16 +end = 28 + +[JC_226] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_49] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 32 +end = 38 + +[JC_227] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[JC_228] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_229] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[JC_110] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 38 +end = 51 + +[JC_111] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 24 +end = 51 + +[JC_112] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_113] +file = "HOME/tests/java/SelectionSort.jc" +line = 191 +begin = 21 +end = 1600 + +[JC_114] +file = "HOME/tests/java/SelectionSort.jc" +line = 191 +begin = 21 +end = 1600 + +[JC_115] +kind = UserCall +file = "HOME/tests/java/SelectionSort.java" +line = 101 +begin = 21 +end = 29 + +[JC_116] +kind = UserCall +file = "HOME/tests/java/SelectionSort.jc" +line = 218 +begin = 32 +end = 72 + +[JC_50] +file = "HOME/tests/java/SelectionSort.java" +line = 62 +begin = 37 +end = 49 + +[JC_117] +file = "HOME/tests/java/SelectionSort.java" +line = 108 +begin = 33 +end = 68 + +[JC_51] +file = "HOME/tests/java/SelectionSort.java" +line = 61 +begin = 17 +end = 80 + +[JC_118] +file = "HOME/tests/java/SelectionSort.java" +line = 83 +begin = 21 +end = 34 + +[JC_52] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_230] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_119] +file = "HOME/tests/java/SelectionSort.java" +line = 84 +begin = 8 +end = 90 + +[JC_53] +file = "HOME/tests/java/SelectionSort.java" +line = 64 +begin = 16 +end = 37 + +[JC_231] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_54] +file = "HOME/tests/java/SelectionSort.java" +line = 66 +begin = 9 +end = 13 + +[JC_232] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_55] +file = "HOME/tests/java/SelectionSort.jc" +line = 131 +begin = 9 +end = 16 + +[JC_233] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_56] +file = "HOME/tests/java/SelectionSort.java" +line = 64 +begin = 16 +end = 37 + +[JC_234] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_57] +file = "HOME/tests/java/SelectionSort.java" +line = 66 +begin = 9 +end = 13 + +[JC_235] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[JC_58] +file = "HOME/tests/java/SelectionSort.jc" +line = 131 +begin = 9 +end = 16 + +[JC_236] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_59] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_237] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[JC_238] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_239] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_120] +file = "HOME/tests/java/SelectionSort.java" +line = 83 +begin = 21 +end = 130 + +[SelectionSort_sort_ensures_default] +name = "Method sort" +behavior = "default behavior" +file = "HOME/tests/java/SelectionSort.java" +line = 78 +begin = 9 +end = 13 + +[JC_121] +file = "HOME/tests/java/SelectionSort.java" +line = 81 +begin = 20 +end = 26 + +[JC_122] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_123] +file = "HOME/tests/java/SelectionSort.jc" +line = 164 +begin = 15 +end = 3584 + +[JC_124] +file = "HOME/tests/java/SelectionSort.jc" +line = 164 +begin = 15 +end = 3584 + +[JC_125] +kind = UserCall +file = "HOME/tests/java/SelectionSort.java" +line = 90 +begin = 13 +end = 21 + +[JC_126] +file = "HOME/tests/java/SelectionSort.java" +line = 95 +begin = 25 +end = 36 + +[JC_60] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_127] +file = "HOME/tests/java/SelectionSort.java" +line = 96 +begin = 12 +end = 56 + +[JC_61] +kind = PointerDeref +file = "HOME/tests/java/SelectionSort.java" +line = 67 +begin = 11 +end = 15 + +[JC_128] +file = "HOME/tests/java/SelectionSort.java" +line = 95 +begin = 25 +end = 97 + +[JC_62] +kind = PointerDeref +file = "HOME/tests/java/SelectionSort.java" +line = 68 +begin = 8 +end = 12 + +[JC_240] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_129] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 24 +end = 29 + +[JC_63] +kind = PointerDeref +file = "HOME/tests/java/SelectionSort.jc" +line = 139 +begin = 18 +end = 58 + +[JC_241] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_64] +kind = PointerDeref +file = "HOME/tests/java/SelectionSort.jc" +line = 140 +begin = 18 +end = 38 + +[JC_242] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_65] +file = "HOME/tests/java/SelectionSort.java" +line = 72 +begin = 17 +end = 26 + +[JC_243] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +[JC_66] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_244] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_67] +file = "HOME/tests/java/SelectionSort.java" +line = 72 +begin = 17 +end = 26 + +[JC_245] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +[JC_68] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_246] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_69] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_247] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_248] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_249] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_130] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 33 +end = 40 + +[JC_131] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 38 +end = 51 + +[JC_132] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 24 +end = 51 + +[JC_133] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_134] +file = "HOME/tests/java/SelectionSort.jc" +line = 191 +begin = 21 +end = 1600 + +[JC_135] +file = "HOME/tests/java/SelectionSort.jc" +line = 191 +begin = 21 +end = 1600 + +[JC_136] +kind = UserCall +file = "HOME/tests/java/SelectionSort.java" +line = 101 +begin = 21 +end = 29 + +[JC_70] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_137] +kind = UserCall +file = "HOME/tests/java/SelectionSort.jc" +line = 218 +begin = 32 +end = 72 + +[JC_71] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_138] +file = "HOME/tests/java/SelectionSort.java" +line = 108 +begin = 33 +end = 68 + +[JC_72] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_250] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_139] +file = "HOME/tests/java/SelectionSort.java" +line = 87 +begin = 22 +end = 54 + +[JC_73] +file = "HOME/tests/java/SelectionSort.java" +line = 74 +begin = 18 +end = 38 + +[JC_251] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_74] +file = "HOME/tests/java/SelectionSort.java" +line = 74 +begin = 18 +end = 38 + +[JC_252] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_75] +file = "HOME/tests/java/SelectionSort.java" +line = 76 +begin = 18 +end = 50 + +[JC_253] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_76] +file = "HOME/tests/java/SelectionSort.java" +line = 76 +begin = 18 +end = 50 + +[JC_254] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_77] +file = "HOME/tests/java/SelectionSort.java" +line = 81 +begin = 20 +end = 26 + +[JC_255] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_78] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_256] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_79] +file = "HOME/tests/java/SelectionSort.jc" +line = 164 +begin = 15 +end = 3584 + +[JC_257] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_258] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_140] +file = "HOME/tests/java/SelectionSort.java" +line = 81 +begin = 20 +end = 26 + +[JC_141] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[SelectionSort_sort_ensures_permutation] +name = "Method sort" +behavior = "Behavior `permutation'" +file = "HOME/tests/java/SelectionSort.java" +line = 78 +begin = 9 +end = 13 + +[JC_142] +file = "HOME/tests/java/SelectionSort.jc" +line = 164 +begin = 15 +end = 3584 + +[JC_143] +file = "HOME/tests/java/SelectionSort.jc" +line = 164 +begin = 15 +end = 3584 + +[JC_144] +kind = UserCall +file = "HOME/tests/java/SelectionSort.java" +line = 90 +begin = 13 +end = 21 + +[cons_SelectionSort_ensures_default] +name = "Constructor of class SelectionSort" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_145] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 24 +end = 29 + +[cons_Object_safety] +name = "Constructor of class Object" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_146] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 33 +end = 40 + +[JC_80] +file = "HOME/tests/java/SelectionSort.jc" +line = 164 +begin = 15 +end = 3584 + +[JC_147] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 38 +end = 51 + +[JC_81] +kind = UserCall +file = "HOME/tests/java/SelectionSort.java" +line = 90 +begin = 13 +end = 21 + +[JC_148] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 24 +end = 51 + +[SelectionSort_swap_ensures_default] +name = "Method swap" +behavior = "default behavior" +file = "HOME/tests/java/SelectionSort.java" +line = 66 +begin = 9 +end = 13 + +[JC_82] +kind = IndexBounds +file = "HOME/tests/java/SelectionSort.java" +line = 90 +begin = 13 +end = 21 + +[JC_149] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_83] +kind = ArithOverflow +file = "HOME/tests/java/SelectionSort.java" +line = 90 +begin = 13 +end = 23 + +[JC_84] +kind = PointerDeref +file = "HOME/tests/java/SelectionSort.java" +line = 92 +begin = 10 +end = 14 + +[JC_85] +kind = ArithOverflow +file = "HOME/tests/java/SelectionSort.java" +line = 101 +begin = 12 +end = 15 + +[JC_86] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 24 +end = 29 + +[JC_87] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 33 +end = 40 + +[JC_88] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 38 +end = 51 + +[JC_1] +file = "HOME/tests/java/SelectionSort.jc" +line = 23 +begin = 12 +end = 22 + +[JC_89] +file = "HOME/tests/java/SelectionSort.java" +line = 93 +begin = 24 +end = 51 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_3] +file = "HOME/tests/java/SelectionSort.jc" +line = 23 +begin = 12 +end = 22 + +[cons_SelectionSort_safety] +name = "Constructor of class SelectionSort" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_5] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_6] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_150] +file = "HOME/tests/java/SelectionSort.jc" +line = 191 +begin = 21 +end = 1600 + +[JC_7] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_151] +file = "HOME/tests/java/SelectionSort.jc" +line = 191 +begin = 21 +end = 1600 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_152] +kind = UserCall +file = "HOME/tests/java/SelectionSort.java" +line = 101 +begin = 21 +end = 29 + +[JC_9] +file = "HOME/tests/java/SelectionSort.jc" +line = 52 +begin = 8 +end = 21 + +[JC_153] +kind = UserCall +file = "HOME/tests/java/SelectionSort.jc" +line = 218 +begin = 32 +end = 72 + +[JC_154] +file = "HOME/tests/java/SelectionSort.java" +line = 108 +begin = 33 +end = 68 + +[JC_155] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_156] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_90] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_157] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_91] +file = "HOME/tests/java/SelectionSort.jc" +line = 191 +begin = 21 +end = 1600 + +[JC_158] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_92] +file = "HOME/tests/java/SelectionSort.jc" +line = 191 +begin = 21 +end = 1600 + +[JC_159] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_93] +kind = UserCall +file = "HOME/tests/java/SelectionSort.java" +line = 101 +begin = 21 +end = 29 + +[JC_94] +kind = IndexBounds +file = "HOME/tests/java/SelectionSort.java" +line = 101 +begin = 21 +end = 29 + +[JC_95] +kind = PointerDeref +file = "HOME/tests/java/SelectionSort.java" +line = 102 +begin = 6 +end = 10 + +[JC_96] +kind = PointerDeref +file = "HOME/tests/java/SelectionSort.java" +line = 103 +begin = 20 +end = 24 + +[JC_97] +kind = ArithOverflow +file = "HOME/tests/java/SelectionSort.jc" +line = 211 +begin = 30 +end = 36 + +[JC_98] +file = "HOME/tests/java/SelectionSort.java" +line = 99 +begin = 22 +end = 34 + +[JC_99] +kind = UserCall +file = "HOME/tests/java/SelectionSort.jc" +line = 218 +begin = 32 +end = 72 + +[JC_160] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_161] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_162] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_163] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[JC_164] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_165] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[JC_166] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_167] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_168] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_169] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_170] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_171] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[JC_172] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_173] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[JC_174] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_175] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_176] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_177] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_178] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_179] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_11] +file = "HOME/tests/java/SelectionSort.jc" +line = 52 +begin = 8 +end = 21 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_13] +file = "HOME/tests/java/SelectionSort.jc" +line = 55 +begin = 11 +end = 66 + +[JC_14] +file = "HOME/tests/java/SelectionSort.jc" +line = 54 +begin = 10 +end = 18 + +[JC_15] +file = "HOME/tests/java/SelectionSort.jc" +line = 55 +begin = 11 +end = 66 + +[JC_16] +file = "HOME/tests/java/SelectionSort.jc" +line = 54 +begin = 10 +end = 18 + +[JC_17] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_180] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_18] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_181] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[JC_19] +file = "HOME/tests/java/SelectionSort.jc" +line = 58 +begin = 8 +end = 30 + +[JC_182] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[SelectionSort_swap_safety] +name = "Method swap" +behavior = "Safety" +file = "HOME/tests/java/SelectionSort.java" +line = 66 +begin = 9 +end = 13 + +[JC_183] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_184] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_185] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_186] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_187] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[JC_188] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_189] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_21] +file = "HOME/tests/java/SelectionSort.jc" +line = 58 +begin = 8 +end = 30 + +[JC_22] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_Object_ensures_default] +name = "Constructor of class Object" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_200] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_23] +file = "HOME/tests/java/SelectionSort.jc" +line = 61 +begin = 11 +end = 103 + +[JC_201] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_24] +file = "HOME/tests/java/SelectionSort.jc" +line = 60 +begin = 10 +end = 18 + +[JC_202] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_25] +file = "HOME/tests/java/SelectionSort.jc" +line = 61 +begin = 11 +end = 103 + +[JC_203] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[JC_26] +file = "HOME/tests/java/SelectionSort.jc" +line = 60 +begin = 10 +end = 18 + +[JC_204] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_27] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_205] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[JC_190] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_28] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_206] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_191] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_29] +file = "HOME/tests/java/SelectionSort.jc" +line = 65 +begin = 8 +end = 23 + +[JC_207] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_192] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_208] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_193] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_209] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_194] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_195] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[JC_196] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_197] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[JC_198] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_199] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_30] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_31] +file = "HOME/tests/java/SelectionSort.jc" +line = 65 +begin = 8 +end = 23 + +[JC_32] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_210] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_33] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_211] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[JC_34] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_212] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_35] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_213] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[JC_36] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_214] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_37] +file = "HOME/tests/java/SelectionSort.jc" +line = 67 +begin = 11 +end = 65 + +[JC_215] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_38] +file = "HOME/tests/java/SelectionSort.jc" +line = 67 +begin = 11 +end = 65 + +[JC_216] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_39] +file = "HOME/tests/java/SelectionSort.java" +line = 61 +begin = 17 +end = 26 + +[JC_217] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_218] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_219] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[SelectionSort_sort_safety] +name = "Method sort" +behavior = "Safety" +file = "HOME/tests/java/SelectionSort.java" +line = 78 +begin = 9 +end = 13 + +[JC_100] +file = "HOME/tests/java/SelectionSort.java" +line = 108 +begin = 33 +end = 68 + +[JC_101] +kind = ArithOverflow +file = "HOME/tests/java/SelectionSort.jc" +line = 186 +begin = 24 +end = 30 + +[JC_102] +file = "HOME/tests/java/SelectionSort.java" +line = 88 +begin = 18 +end = 30 + +========== file tests/java/why/SelectionSort.why ========== +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic Exception_tag: -> Object tag_id + +logic Object_tag: -> Object tag_id + +axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) + +predicate Non_null_Object(x_1:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_1), (0)) + +predicate Non_null_intM(x_0:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_0), neg_int((1))) + +axiom Object_int : (int_of_tag(Object_tag) = (1)) + +logic Object_of_pointer_address: unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr : + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom : parenttag(Object_tag, bottom_tag) + +axiom Object_tags : + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. + instanceof(Object_tag_table, x, Object_tag))) + +logic integer_of_int32: int32 -> int + +predicate Swap(a_0:Object pointer, i_0:int, j_0:int, + intM_intP_at_L2:(Object, int32) memory, + intM_intP_at_L1:(Object, int32) memory) = + ((integer_of_int32(select(intM_intP_at_L1, shift(a_0, i_0))) = integer_of_int32( + select(intM_intP_at_L2, + shift(a_0, + j_0)))) + and ((integer_of_int32(select(intM_intP_at_L1, shift(a_0, j_0))) = integer_of_int32( + select(intM_intP_at_L2, + shift(a_0, + i_0)))) + and (forall k:int. + (((k <> i_0) and (k <> j_0)) -> + (integer_of_int32(select(intM_intP_at_L1, shift(a_0, k))) = + integer_of_int32(select(intM_intP_at_L2, shift(a_0, k)))))))) + +inductive Permut: Object pointer, int, int, (Object, int32) memory, + (Object, int32) memory -> prop = + | Permut_refl: (forall intM_intP_at_L:(Object, int32) memory. + (forall a_2:Object pointer. + (forall l_1:int. + (forall h_1:int. + Permut(a_2, l_1, h_1, intM_intP_at_L, intM_intP_at_L))))) + | Permut_sym: (forall intM_intP_at_L2:(Object, int32) memory. + (forall intM_intP_at_L1:(Object, int32) memory. + (forall a_3:Object pointer. + (forall l_2:int. + (forall h_2:int. + (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> + Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) + | Permut_trans: (forall intM_intP_at_L3:(Object, int32) memory. + (forall intM_intP_at_L2:(Object, int32) memory. + (forall intM_intP_at_L1:(Object, int32) memory. + (forall a_4:Object pointer. + (forall l_3:int. + (forall h_3:int. + ((Permut(a_4, l_3, h_3, intM_intP_at_L2, + intM_intP_at_L1) + and Permut(a_4, l_3, h_3, intM_intP_at_L3, + intM_intP_at_L2)) -> + Permut(a_4, l_3, h_3, intM_intP_at_L3, + intM_intP_at_L1)))))))) + | Permut_swap: (forall intM_intP_at_L2:(Object, int32) memory. + (forall intM_intP_at_L1:(Object, int32) memory. + (forall a_5:Object pointer. + (forall l_4:int. + (forall h_4:int. + (forall i_1:int. + (forall j_1:int. + ((le_int(l_4, i_1) + and (le_int(i_1, h_4) + and (le_int(l_4, j_1) + and (le_int(j_1, h_4) + and Swap(a_5, i_1, j_1, intM_intP_at_L2, + intM_intP_at_L1))))) -> + Permut(a_5, l_4, h_4, intM_intP_at_L2, + intM_intP_at_L1))))))))) + +logic SelectionSort_tag: -> Object tag_id + +axiom SelectionSort_parenttag_Object : + parenttag(SelectionSort_tag, Object_tag) + +predicate Sorted(a:Object pointer, l:int, h:int, + intM_intP_at_L:(Object, int32) memory) = + (forall i:int. + (forall j:int. + ((le_int(l, i) and (le_int(i, j) and lt_int(j, h))) -> + le_int(integer_of_int32(select(intM_intP_at_L, shift(a, i))), + integer_of_int32(select(intM_intP_at_L, shift(a, j))))))) + +logic String_tag: -> Object tag_id + +axiom String_parenttag_Object : parenttag(String_tag, Object_tag) + +logic Throwable_tag: -> Object tag_id + +axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) + +logic integer_of_byte: byte -> int + +logic byte_of_integer: int -> byte + +axiom byte_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_byte(byte_of_integer(x)), x))) + +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + +axiom byte_range : + (forall x:byte. + (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) + +logic integer_of_char: char -> int + +logic char_of_integer: int -> char + +axiom char_coerce : + (forall x:int. + ((le_int((0), x) and le_int(x, (65535))) -> + eq_int(integer_of_char(char_of_integer(x)), x))) + +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + +axiom char_range : + (forall x:char. + (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) + +predicate eq_byte(x:byte, y:byte) = + eq_int(integer_of_byte(x), integer_of_byte(y)) + +predicate eq_char(x:char, y:char) = + eq_int(integer_of_char(x), integer_of_char(y)) + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_long: long -> int + +predicate eq_long(x:long, y:long) = + eq_int(integer_of_long(x), integer_of_long(y)) + +logic integer_of_short: short -> int + +predicate eq_short(x:short, y:short) = + eq_int(integer_of_short(x), integer_of_short(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic intM_tag: -> Object tag_id + +axiom intM_parenttag_Object : parenttag(intM_tag, Object_tag) + +logic interface_tag: -> interface tag_id + +axiom interface_int : (int_of_tag(interface_tag) = (1)) + +logic interface_of_pointer_address: unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr : + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom : parenttag(interface_tag, bottom_tag) + +axiom interface_tags : + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + (offset_min(Object_alloc_table, p) <= a) + +predicate left_valid_struct_Exception(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_SelectionSort(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_String(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_Throwable(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_intM(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_interface(p:interface pointer, a:int, + interface_alloc_table:interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +logic long_of_integer: int -> long + +axiom long_coerce : + (forall x:int. + ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> + eq_int(integer_of_long(long_of_integer(x)), x))) + +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + +axiom long_range : + (forall x:long. + (le_int((-9223372036854775808), integer_of_long(x)) + and le_int(integer_of_long(x), (9223372036854775807)))) + +axiom pointer_addr_of_Object_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address : + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + (offset_max(Object_alloc_table, p) >= b) + +predicate right_valid_struct_Exception(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_SelectionSort(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_String(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_Throwable(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_intM(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_interface(p:interface pointer, b:int, + interface_alloc_table:interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer: int -> short + +axiom short_coerce : + (forall x:int. + ((le_int((-32768), x) and le_int(x, (32767))) -> + eq_int(integer_of_short(short_of_integer(x)), x))) + +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + +axiom short_range : + (forall x:short. + (le_int((-32768), integer_of_short(x)) + and le_int(integer_of_short(x), (32767)))) + +predicate strict_valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_SelectionSort(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_intM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_SelectionSort(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_intM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +parameter Object_alloc_table : Object alloc_table ref + +parameter Object_clone : + this_6:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_clone_requires : + this_6:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_equals : + this_5:Object pointer -> + obj:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter Object_equals_requires : + this_5:Object pointer -> + obj:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter Object_finalize : + this_13:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_finalize_requires : + this_13:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_hashCode : + this_4:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter Object_hashCode_requires : + this_4:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter Object_notify : + this_8:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notifyAll : + this_9:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notifyAll_requires : + this_9:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notify_requires : + this_8:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_registerNatives : tt:unit -> { } unit { true } + +parameter Object_registerNatives_requires : tt:unit -> { } unit { true } + +parameter Object_tag_table : Object tag_table ref + +parameter Object_toString : + this_7:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_toString_requires : + this_7:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_wait : + this_12:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long : + this_10:Object pointer -> + timeout:long -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_int : + this_11:Object pointer -> + timeout_0:long -> nanos:int32 -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_int_requires : + this_11:Object pointer -> + timeout_0:long -> nanos:int32 -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_requires : + this_10:Object pointer -> + timeout:long -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_requires : + this_12:Object pointer -> { } unit reads Object_alloc_table { true } + +exception Return_label_exc of unit + +parameter intM_intP : (Object, int32) memory ref + +parameter SelectionSort_sort : + this_0:Object pointer -> + t_0:Object pointer -> + { } unit reads Object_alloc_table,intM_intP writes intM_intP + { ((JC_76: + Permut(t_0, (0), + sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), + intM_intP, intM_intP@)) + and (JC_74: + Sorted(t_0, (0), add_int(offset_max(Object_alloc_table, t_0), (1)), + intM_intP))) } + +parameter SelectionSort_sort_requires : + this_0:Object pointer -> + t_0:Object pointer -> + { (JC_65: Non_null_intM(t_0, Object_alloc_table))} unit + reads Object_alloc_table,intM_intP writes intM_intP + { ((JC_76: + Permut(t_0, (0), + sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), + intM_intP, intM_intP@)) + and (JC_74: + Sorted(t_0, (0), add_int(offset_max(Object_alloc_table, t_0), (1)), + intM_intP))) } + +parameter SelectionSort_swap : + this_2:Object pointer -> + t:Object pointer -> + i_2:int32 -> + j_2:int32 -> + { } unit reads Object_alloc_table,intM_intP writes intM_intP + { (JC_58: + ((JC_56: + Swap(t, integer_of_int32(i_2), integer_of_int32(j_2), intM_intP, + intM_intP@)) + and (JC_57: + not_assigns(Object_alloc_table@, intM_intP@, intM_intP, + pset_union(pset_range(pset_singleton(t), integer_of_int32(j_2), + integer_of_int32(j_2)), + pset_range(pset_singleton(t), integer_of_int32(i_2), + integer_of_int32(i_2))))))) } + +parameter SelectionSort_swap_requires : + this_2:Object pointer -> + t:Object pointer -> + i_2:int32 -> + j_2:int32 -> + { (JC_44: + ((JC_39: Non_null_intM(t, Object_alloc_table)) + and ((JC_40: le_int((0), integer_of_int32(i_2))) + and ((JC_41: + lt_int(integer_of_int32(i_2), + add_int(offset_max(Object_alloc_table, t), (1)))) + and ((JC_42: le_int((0), integer_of_int32(j_2))) + and (JC_43: + lt_int(integer_of_int32(j_2), + add_int(offset_max(Object_alloc_table, t), (1)))))))))} + unit reads Object_alloc_table,intM_intP writes intM_intP + { (JC_58: + ((JC_56: + Swap(t, integer_of_int32(i_2), integer_of_int32(j_2), intM_intP, + intM_intP@)) + and (JC_57: + not_assigns(Object_alloc_table@, intM_intP@, intM_intP, + pset_union(pset_range(pset_singleton(t), integer_of_int32(j_2), + integer_of_int32(j_2)), + pset_range(pset_singleton(t), integer_of_int32(i_2), + integer_of_int32(i_2))))))) } + +exception Throwable_exc of Object pointer + +parameter alloc_struct_Exception : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Exception_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Object : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_Object_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_SelectionSort : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_SelectionSort(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, SelectionSort_tag)))) } + +parameter alloc_struct_SelectionSort_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_SelectionSort(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, SelectionSort_tag)))) } + +parameter alloc_struct_String : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_String_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_Throwable : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_Throwable_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_intM : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_intM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, intM_tag)))) } + +parameter alloc_struct_intM_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_intM(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, intM_tag)))) } + +parameter interface_alloc_table : interface alloc_table ref + +parameter interface_tag_table : interface tag_table ref + +parameter alloc_struct_interface : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { } interface pointer writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter alloc_struct_interface_requires : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { ge_int(n, (0))} interface pointer + writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter any_byte : unit -> { } byte { true } + +parameter any_char : unit -> { } char { true } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_long : unit -> { } long { true } + +parameter any_short : unit -> { } short { true } + +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + +parameter byte_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} byte + { eq_int(integer_of_byte(result), x) } + +parameter char_of_integer_ : + x:int -> + { (le_int((0), x) and le_int(x, (65535)))} char + { eq_int(integer_of_char(result), x) } + +parameter cons_Object : + this_14:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Object_requires : + this_14:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_SelectionSort : + this_3:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_SelectionSort_requires : + this_3:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter java_array_length_intM : + x_3:Object pointer -> + { } int reads Object_alloc_table + { (JC_25: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + +parameter java_array_length_intM_requires : + x_3:Object pointer -> + { } int reads Object_alloc_table + { (JC_25: + (le_int(result, (2147483647)) + and (ge_int(result, (0)) + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + +parameter long_of_integer_ : + x:int -> + { (le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807)))} + long { eq_int(integer_of_long(result), x) } + +parameter non_null_Object : + x_4:Object pointer -> + { } bool reads Object_alloc_table + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) + else (x_4 = null))) } + +parameter non_null_Object_requires : + x_4:Object pointer -> + { } bool reads Object_alloc_table + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) + else (x_4 = null))) } + +parameter non_null_intM : + x_2:Object pointer -> + { } bool reads Object_alloc_table + { (JC_15: + (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) + else (x_2 = null))) } + +parameter non_null_intM_requires : + x_2:Object pointer -> + { } bool reads Object_alloc_table + { (JC_15: + (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) + else (x_2 = null))) } + +parameter safe_byte_of_integer_ : + x:int -> { } byte { eq_int(integer_of_byte(result), x) } + +parameter safe_char_of_integer_ : + x:int -> { } char { eq_int(integer_of_char(result), x) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_long_of_integer_ : + x:int -> { } long { eq_int(integer_of_long(result), x) } + +parameter safe_short_of_integer_ : + x:int -> { } short { eq_int(integer_of_short(result), x) } + +parameter short_of_integer_ : + x:int -> + { (le_int((-32768), x) and le_int(x, (32767)))} short + { eq_int(integer_of_short(result), x) } + +let SelectionSort_sort_ensures_default = + fun (this_0 : Object pointer) (t_0 : Object pointer) -> + { (left_valid_struct_intM(t_0, (0), Object_alloc_table) + and (valid_struct_SelectionSort(this_0, (0), (0), Object_alloc_table) + and (JC_67: Non_null_intM(t_0, Object_alloc_table)))) } + (init: + try + begin + (let i_3 = ref (any_int32 void) in + (let j_3 = ref (any_int32 void) in + (let mi = ref (any_int32 void) in + (let mv = ref (any_int32 void) in + begin + (let jessie_ = (i_3 := (safe_int32_of_integer_ (0))) in void); + try + (loop_3: + while true do + { invariant (JC_103: le_int((0), integer_of_int32(i_3))) } + begin + [ { } unit { true } ]; + try + begin + (if (K_47: + ((lt_int_ (integer_of_int32 !i_3)) (integer_of_int32 + (K_46: + (safe_int32_of_integer_ + ((sub_int (K_45: + (let jessie_ = + t_0 in + (JC_107: + (java_array_length_intM jessie_))))) (1))))))) + then + begin + (let jessie_ = + (mv := (K_24: + ((safe_acc_ !intM_intP) ((shift t_0) (integer_of_int32 !i_3))))) in + void); (let jessie_ = (mi := !i_3) in void); + (let jessie_ = + (j_3 := (K_40: + (safe_int32_of_integer_ ((add_int (integer_of_int32 !i_3)) (1))))) in + void); + try + (loop_4: + while true do + { invariant + (JC_111: + ((JC_108: + lt_int(integer_of_int32(i_3), integer_of_int32(j_3))) + and ((JC_109: + le_int(integer_of_int32(i_3), integer_of_int32(mi))) + and (JC_110: + lt_int(integer_of_int32(mi), + add_int(offset_max(Object_alloc_table, t_0), (1))))))) + } + begin + [ { } unit { true } ]; + try + begin + (if (K_39: + ((lt_int_ (integer_of_int32 !j_3)) (K_38: + (let jessie_ = + t_0 in + (JC_115: + (java_array_length_intM jessie_)))))) + then + (if (K_36: + ((lt_int_ (integer_of_int32 (K_35: + ((safe_acc_ !intM_intP) + ((shift t_0) (integer_of_int32 !j_3)))))) + (integer_of_int32 !mv))) + then + (let jessie_ = + begin + (let jessie_ = (mi := !j_3) in void); + (mv := (K_34: + ((safe_acc_ !intM_intP) ((shift t_0) (integer_of_int32 !j_3))))); + !mv end in void) else void) + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> + (let jessie_ = + (K_37: + (let jessie_ = !j_3 in + begin + (let jessie_ = + (j_3 := (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end)) in void) end end done) with + Loop_exit_exc jessie_ -> void end; + (Before: + (K_41: + (let jessie_ = this_0 in + (let jessie_ = t_0 in + (let jessie_ = !i_3 in + (let jessie_ = !mi in + (JC_116: + ((((SelectionSort_swap jessie_) jessie_) jessie_) jessie_)))))))) + end else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> + (let jessie_ = + (K_44: + (let jessie_ = !i_3 in + begin + (let jessie_ = + (i_3 := (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end)) in void) end end done) with + Loop_exit_exc jessie_ -> void end end)))); (raise Return) end with + Return -> void end) { (JC_69: true) } + +let SelectionSort_sort_ensures_permutation = + fun (this_0 : Object pointer) (t_0 : Object pointer) -> + { (left_valid_struct_intM(t_0, (0), Object_alloc_table) + and (valid_struct_SelectionSort(this_0, (0), (0), Object_alloc_table) + and (JC_67: Non_null_intM(t_0, Object_alloc_table)))) } + (init: + try + begin + (let i_3 = ref (any_int32 void) in + (let j_3 = ref (any_int32 void) in + (let mi = ref (any_int32 void) in + (let mv = ref (any_int32 void) in + begin + (let jessie_ = (i_3 := (safe_int32_of_integer_ (0))) in void); + try + (loop_7: + while true do + { invariant + (JC_139: + Permut(t_0, (0), + sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), + intM_intP, intM_intP@init)) } + begin + [ { } unit reads i_3 + { (JC_140: le_int((0), integer_of_int32(i_3))) } ]; + try + begin + (if (K_47: + ((lt_int_ (integer_of_int32 !i_3)) (integer_of_int32 + (K_46: + (safe_int32_of_integer_ + ((sub_int (K_45: + (let jessie_ = + t_0 in + (JC_144: + (java_array_length_intM jessie_))))) (1))))))) + then + (Before: + (K_41: + begin + (let jessie_ = + (mv := (K_24: + ((safe_acc_ !intM_intP) ((shift t_0) (integer_of_int32 !i_3))))) in + void); (let jessie_ = (mi := !i_3) in void); + (let jessie_ = + (j_3 := (K_40: + (safe_int32_of_integer_ ((add_int (integer_of_int32 !i_3)) (1))))) in + void); + try + (loop_8: + while true do + { invariant (JC_150: true) } + begin + [ { } unit reads Object_alloc_table,i_3,j_3,mi + { (JC_148: + ((JC_145: + lt_int(integer_of_int32(i_3), integer_of_int32(j_3))) + and ((JC_146: + le_int(integer_of_int32(i_3), + integer_of_int32(mi))) + and (JC_147: + lt_int(integer_of_int32(mi), + add_int(offset_max(Object_alloc_table, t_0), + (1))))))) } ]; + try + begin + (if (K_39: + ((lt_int_ (integer_of_int32 !j_3)) (K_38: + (let jessie_ = + t_0 in + (JC_152: + (java_array_length_intM jessie_)))))) + then + (if (K_36: + ((lt_int_ (integer_of_int32 (K_35: + ((safe_acc_ !intM_intP) + ((shift t_0) (integer_of_int32 !j_3)))))) + (integer_of_int32 !mv))) + then + (let jessie_ = + begin + (let jessie_ = (mi := !j_3) in void); + (mv := (K_34: + ((safe_acc_ !intM_intP) ((shift t_0) (integer_of_int32 !j_3))))); + !mv end in void) else void) + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> + (let jessie_ = + (K_37: + (let jessie_ = !j_3 in + begin + (let jessie_ = + (j_3 := (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end)) in void) end end done) with + Loop_exit_exc jessie_ -> void end; + (let jessie_ = this_0 in + (let jessie_ = t_0 in + (let jessie_ = !i_3 in + (let jessie_ = !mi in + (JC_153: + ((((SelectionSort_swap jessie_) jessie_) jessie_) jessie_)))))); + (K_43: + (assert + { (JC_154: + Permut(t_0, (0), + sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), + (1)), intM_intP, intM_intP@Before)) }; void)) end)) + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> + (let jessie_ = + (K_44: + (let jessie_ = !i_3 in + begin + (let jessie_ = + (i_3 := (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end)) in void) end end done) with + Loop_exit_exc jessie_ -> void end end)))); (raise Return) end with + Return -> void end) + { (JC_75: + Permut(t_0, (0), + sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), + intM_intP, intM_intP@)) } + +let SelectionSort_sort_ensures_sorted = + fun (this_0 : Object pointer) (t_0 : Object pointer) -> + { (left_valid_struct_intM(t_0, (0), Object_alloc_table) + and (valid_struct_SelectionSort(this_0, (0), (0), Object_alloc_table) + and (JC_67: Non_null_intM(t_0, Object_alloc_table)))) } + (init: + try + begin + (let i_3 = ref (any_int32 void) in + (let j_3 = ref (any_int32 void) in + (let mi = ref (any_int32 void) in + (let mv = ref (any_int32 void) in + begin + (let jessie_ = (i_3 := (safe_int32_of_integer_ (0))) in void); + try + (loop_5: + while true do + { invariant + (JC_120: + ((JC_118: Sorted(t_0, (0), integer_of_int32(i_3), intM_intP)) + and (JC_119: + (forall k1:int. + (forall k2:int. + ((le_int((0), k1) + and (lt_int(k1, integer_of_int32(i_3)) + and (le_int(integer_of_int32(i_3), k2) + and lt_int(k2, + add_int(offset_max(Object_alloc_table, t_0), + (1)))))) -> + le_int(integer_of_int32(select(intM_intP, shift(t_0, k1))), + integer_of_int32(select(intM_intP, shift(t_0, k2)))))))))) + } + begin + [ { } unit reads i_3 + { (JC_121: le_int((0), integer_of_int32(i_3))) } ]; + try + begin + (if (K_47: + ((lt_int_ (integer_of_int32 !i_3)) (integer_of_int32 + (K_46: + (safe_int32_of_integer_ + ((sub_int (K_45: + (let jessie_ = + t_0 in + (JC_125: + (java_array_length_intM jessie_))))) (1))))))) + then + begin + (let jessie_ = + (mv := (K_24: + ((safe_acc_ !intM_intP) ((shift t_0) (integer_of_int32 !i_3))))) in + void); (let jessie_ = (mi := !i_3) in void); + (let jessie_ = + (j_3 := (K_40: + (safe_int32_of_integer_ ((add_int (integer_of_int32 !i_3)) (1))))) in + void); + try + (loop_6: + while true do + { invariant + (JC_128: + ((JC_126: + (integer_of_int32(mv) = integer_of_int32(select(intM_intP, + shift(t_0, + integer_of_int32(mi)))))) + and (JC_127: + (forall k_0:int. + ((le_int(integer_of_int32(i_3), k_0) + and lt_int(k_0, integer_of_int32(j_3))) -> + ge_int(integer_of_int32(select(intM_intP, + shift(t_0, k_0))), + integer_of_int32(mv))))))) } + begin + [ { } unit reads Object_alloc_table,i_3,j_3,mi + { (JC_132: + ((JC_129: + lt_int(integer_of_int32(i_3), integer_of_int32(j_3))) + and ((JC_130: + le_int(integer_of_int32(i_3), + integer_of_int32(mi))) + and (JC_131: + lt_int(integer_of_int32(mi), + add_int(offset_max(Object_alloc_table, t_0), + (1))))))) } ]; + try + begin + (if (K_39: + ((lt_int_ (integer_of_int32 !j_3)) (K_38: + (let jessie_ = + t_0 in + (JC_136: + (java_array_length_intM jessie_)))))) + then + (if (K_36: + ((lt_int_ (integer_of_int32 (K_35: + ((safe_acc_ !intM_intP) + ((shift t_0) (integer_of_int32 !j_3)))))) + (integer_of_int32 !mv))) + then + (let jessie_ = + begin + (let jessie_ = (mi := !j_3) in void); + (mv := (K_34: + ((safe_acc_ !intM_intP) ((shift t_0) (integer_of_int32 !j_3))))); + !mv end in void) else void) + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> + (let jessie_ = + (K_37: + (let jessie_ = !j_3 in + begin + (let jessie_ = + (j_3 := (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end)) in void) end end done) with + Loop_exit_exc jessie_ -> void end; + (Before: + (K_41: + (let jessie_ = this_0 in + (let jessie_ = t_0 in + (let jessie_ = !i_3 in + (let jessie_ = !mi in + (JC_137: + ((((SelectionSort_swap jessie_) jessie_) jessie_) jessie_)))))))) + end else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> + (let jessie_ = + (K_44: + (let jessie_ = !i_3 in + begin + (let jessie_ = + (i_3 := (safe_int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1)))) in + void); jessie_ end)) in void) end end done) with + Loop_exit_exc jessie_ -> void end end)))); (raise Return) end with + Return -> void end) + { (JC_73: + Sorted(t_0, (0), add_int(offset_max(Object_alloc_table, t_0), (1)), + intM_intP)) } + +let SelectionSort_sort_safety = + fun (this_0 : Object pointer) (t_0 : Object pointer) -> + { (left_valid_struct_intM(t_0, (0), Object_alloc_table) + and (valid_struct_SelectionSort(this_0, (0), (0), Object_alloc_table) + and (JC_67: Non_null_intM(t_0, Object_alloc_table)))) } + (init: + try + begin + (let i_3 = ref (any_int32 void) in + (let j_3 = ref (any_int32 void) in + (let mi = ref (any_int32 void) in + (let mv = ref (any_int32 void) in + begin + (let jessie_ = (i_3 := (safe_int32_of_integer_ (0))) in void); + try + (loop_1: + while true do + { invariant (JC_79: true) + variant (JC_102 : sub_int(add_int(offset_max(Object_alloc_table, + t_0), + (1)), + integer_of_int32(i_3))) } + begin + [ { } unit reads i_3 + { (JC_77: le_int((0), integer_of_int32(i_3))) } ]; + try + begin + (if (K_47: + ((lt_int_ (integer_of_int32 !i_3)) (integer_of_int32 + (K_46: + (JC_83: + (int32_of_integer_ + ((sub_int (K_45: + (let jessie_ = + t_0 in + (JC_82: + (assert + { ge_int( + offset_max(Object_alloc_table, + jessie_), + (-1)) }; + (JC_81: + (java_array_length_intM_requires jessie_))))))) (1)))))))) + then + begin + (let jessie_ = + (mv := (K_24: + (JC_84: + ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) + (integer_of_int32 !i_3))))) in void); + (let jessie_ = (mi := !i_3) in void); + (let jessie_ = + (j_3 := (K_40: + (JC_85: + (int32_of_integer_ ((add_int (integer_of_int32 !i_3)) (1)))))) in + void); + try + (loop_2: + while true do + { invariant (JC_91: true) + variant (JC_98 : sub_int(add_int(offset_max(Object_alloc_table, + t_0), + (1)), + integer_of_int32(j_3))) } + begin + [ { } unit reads Object_alloc_table,i_3,j_3,mi + { (JC_89: + ((JC_86: + lt_int(integer_of_int32(i_3), integer_of_int32(j_3))) + and ((JC_87: + le_int(integer_of_int32(i_3), + integer_of_int32(mi))) + and (JC_88: + lt_int(integer_of_int32(mi), + add_int(offset_max(Object_alloc_table, t_0), + (1))))))) } ]; + try + begin + (if (K_39: + ((lt_int_ (integer_of_int32 !j_3)) (K_38: + (let jessie_ = + t_0 in + (JC_94: + (assert + { ge_int(offset_max(Object_alloc_table, + jessie_), + (-1)) }; + (JC_93: + (java_array_length_intM_requires jessie_)))))))) + then + (if (K_36: + ((lt_int_ (integer_of_int32 (K_35: + (JC_95: + ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) + (integer_of_int32 !j_3)))))) + (integer_of_int32 !mv))) + then + (let jessie_ = + begin + (let jessie_ = (mi := !j_3) in void); + (mv := (K_34: + (JC_96: + ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) + (integer_of_int32 !j_3))))); !mv end in void) + else void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> + (let jessie_ = + (K_37: + (let jessie_ = !j_3 in + begin + (let jessie_ = + (j_3 := (JC_97: + (int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1))))) in + void); jessie_ end)) in void) end end done) with + Loop_exit_exc jessie_ -> void end; + (Before: + (K_41: + (let jessie_ = this_0 in + (let jessie_ = t_0 in + (let jessie_ = !i_3 in + (let jessie_ = !mi in + (JC_99: + ((((SelectionSort_swap_requires jessie_) jessie_) jessie_) jessie_)))))))) + end else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with + Loop_continue_exc jessie_ -> + (let jessie_ = + (K_44: + (let jessie_ = !i_3 in + begin + (let jessie_ = + (i_3 := (JC_101: + (int32_of_integer_ ((add_int (integer_of_int32 jessie_)) (1))))) in + void); jessie_ end)) in void) end end done) with + Loop_exit_exc jessie_ -> void end end)))); (raise Return) end with + Return -> void end) { true } + +let SelectionSort_swap_ensures_default = + fun (this_2 : Object pointer) (t : Object pointer) (i_2 : int32) (j_2 : int32) -> + { (left_valid_struct_intM(t, (0), Object_alloc_table) + and (valid_struct_SelectionSort(this_2, (0), (0), Object_alloc_table) + and (JC_51: + ((JC_46: Non_null_intM(t, Object_alloc_table)) + and ((JC_47: le_int((0), integer_of_int32(i_2))) + and ((JC_48: + lt_int(integer_of_int32(i_2), + add_int(offset_max(Object_alloc_table, t), (1)))) + and ((JC_49: le_int((0), integer_of_int32(j_2))) + and (JC_50: + lt_int(integer_of_int32(j_2), + add_int(offset_max(Object_alloc_table, t), (1))))))))))) } + (init: + try + begin + (let jessie_ = + (let tmp = + (K_14: ((safe_acc_ !intM_intP) ((shift t) (integer_of_int32 i_2)))) in + (K_12: + begin + (let jessie_ = + (let jessie_ = + (K_11: ((safe_acc_ !intM_intP) ((shift t) (integer_of_int32 j_2)))) in + (let jessie_ = t in + (let jessie_ = (integer_of_int32 i_2) in + (let jessie_ = ((shift jessie_) jessie_) in + (((safe_upd_ intM_intP) jessie_) jessie_))))) in void); + (K_13: + (let jessie_ = tmp in + (let jessie_ = t in + (let jessie_ = (integer_of_int32 j_2) in + (let jessie_ = ((shift jessie_) jessie_) in + begin (((safe_upd_ intM_intP) jessie_) jessie_); jessie_ end))))) + end)) in void); (raise Return) end with Return -> void end) + { (JC_55: + ((JC_53: + Swap(t, integer_of_int32(i_2), integer_of_int32(j_2), intM_intP, + intM_intP@)) + and (JC_54: + not_assigns(Object_alloc_table@, intM_intP@, intM_intP, + pset_union(pset_range(pset_singleton(t), integer_of_int32(j_2), + integer_of_int32(j_2)), + pset_range(pset_singleton(t), integer_of_int32(i_2), + integer_of_int32(i_2))))))) } + +let SelectionSort_swap_safety = + fun (this_2 : Object pointer) (t : Object pointer) (i_2 : int32) (j_2 : int32) -> + { (left_valid_struct_intM(t, (0), Object_alloc_table) + and (valid_struct_SelectionSort(this_2, (0), (0), Object_alloc_table) + and (JC_51: + ((JC_46: Non_null_intM(t, Object_alloc_table)) + and ((JC_47: le_int((0), integer_of_int32(i_2))) + and ((JC_48: + lt_int(integer_of_int32(i_2), + add_int(offset_max(Object_alloc_table, t), (1)))) + and ((JC_49: le_int((0), integer_of_int32(j_2))) + and (JC_50: + lt_int(integer_of_int32(j_2), + add_int(offset_max(Object_alloc_table, t), (1))))))))))) } + (init: + try + begin + (let jessie_ = + (let tmp = + (K_14: + (JC_61: + ((((offset_acc_ !Object_alloc_table) !intM_intP) t) (integer_of_int32 i_2)))) in + (K_12: + begin + (let jessie_ = + (let jessie_ = + (K_11: + (JC_62: + ((((offset_acc_ !Object_alloc_table) !intM_intP) t) (integer_of_int32 j_2)))) in + (let jessie_ = t in + (let jessie_ = (integer_of_int32 i_2) in + (let jessie_ = ((shift jessie_) jessie_) in + (JC_63: + (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)))))) in + void); + (K_13: + (let jessie_ = tmp in + (let jessie_ = t in + (let jessie_ = (integer_of_int32 j_2) in + (let jessie_ = ((shift jessie_) jessie_) in + begin + (JC_64: + (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)); + jessie_ end))))) end)) in void); (raise Return) end with Return -> + void end) { true } + +let cons_Object_ensures_default = + fun (this_14 : Object pointer) -> + { valid_struct_Object(this_14, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_255: true) } + +let cons_Object_safety = + fun (this_14 : Object pointer) -> + { valid_struct_Object(this_14, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + +let cons_SelectionSort_ensures_default = + fun (this_3 : Object pointer) -> + { valid_struct_SelectionSort(this_3, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_159: true) } + +let cons_SelectionSort_safety = + fun (this_3 : Object pointer) -> + { valid_struct_SelectionSort(this_3, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + + +========== make project execution ========== +why --project [...] why/SelectionSort.why +========== file tests/java/why/SelectionSort.wpr ========== + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +========== file tests/java/why/SelectionSort_ctx.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic Exception_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +predicate Non_null_Object(x_1: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_1) >= 0) + +predicate Non_null_intM(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= (-1)) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic integer_of_int32 : int32 -> int + +predicate Swap(a_0: Object pointer, i_0: int, j_0: int, + intM_intP_at_L2: (Object, int32) memory, intM_intP_at_L1: (Object, + int32) memory) = + ((integer_of_int32(select(intM_intP_at_L1, shift(a_0, + i_0))) = integer_of_int32(select(intM_intP_at_L2, shift(a_0, j_0)))) and + ((integer_of_int32(select(intM_intP_at_L1, shift(a_0, + j_0))) = integer_of_int32(select(intM_intP_at_L2, shift(a_0, i_0)))) and + (forall k:int. + (((k <> i_0) and (k <> j_0)) -> + (integer_of_int32(select(intM_intP_at_L1, shift(a_0, + k))) = integer_of_int32(select(intM_intP_at_L2, shift(a_0, k)))))))) + +inductive Permut: Object pointer, int, int, (Object, int32) memory, (Object, + int32) memory -> prop = + | Permut_refl: (forall intM_intP_at_L:(Object, int32) memory. + (forall a_2:Object pointer. + (forall l_1:int. + (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, + intM_intP_at_L))))) + | Permut_sym: (forall intM_intP_at_L2:(Object, int32) memory. + (forall intM_intP_at_L1:(Object, int32) memory. + (forall a_3:Object pointer. + (forall l_2:int. + (forall h_2:int. + (Permut(a_3, l_2, h_2, intM_intP_at_L2, + intM_intP_at_L1) -> Permut(a_3, l_2, h_2, + intM_intP_at_L1, intM_intP_at_L2))))))) + | Permut_trans: (forall intM_intP_at_L3:(Object, int32) memory. + (forall intM_intP_at_L2:(Object, int32) memory. + (forall intM_intP_at_L1:(Object, int32) memory. + (forall a_4:Object pointer. + (forall l_3:int. + (forall h_3:int. + ((Permut(a_4, l_3, h_3, intM_intP_at_L2, + intM_intP_at_L1) and Permut(a_4, l_3, h_3, + intM_intP_at_L3, intM_intP_at_L2)) -> + Permut(a_4, l_3, h_3, intM_intP_at_L3, + intM_intP_at_L1)))))))) + | Permut_swap: (forall intM_intP_at_L2:(Object, int32) memory. + (forall intM_intP_at_L1:(Object, int32) memory. + (forall a_5:Object pointer. + (forall l_4:int. + (forall h_4:int. + (forall i_1:int. + (forall j_1:int. + (((l_4 <= i_1) and + ((i_1 <= h_4) and + ((l_4 <= j_1) and + ((j_1 <= h_4) and Swap(a_5, i_1, j_1, + intM_intP_at_L2, intM_intP_at_L1))))) -> + Permut(a_5, l_4, h_4, intM_intP_at_L2, + intM_intP_at_L1))))))))) + + + +logic SelectionSort_tag : Object tag_id + +axiom SelectionSort_parenttag_Object: parenttag(SelectionSort_tag, + Object_tag) + +predicate Sorted(a: Object pointer, l: int, h: int, intM_intP_at_L: (Object, + int32) memory) = + (forall i:int. + (forall j:int. + (((l <= i) and ((i <= j) and (j < h))) -> + (integer_of_int32(select(intM_intP_at_L, shift(a, + i))) <= integer_of_int32(select(intM_intP_at_L, shift(a, j))))))) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic intM_tag : Object tag_id + +axiom intM_parenttag_Object: parenttag(intM_tag, Object_tag) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_SelectionSort(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_intM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +logic long_of_integer : int -> long + +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) + +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_SelectionSort(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_intM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_SelectionSort(p: Object pointer, a: int, + b: int, Object_alloc_table: Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_SelectionSort(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +========== file tests/java/why/SelectionSort_po1.why ========== +goal SelectionSort_sort_ensures_default_po_1: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + ("JC_103": (0 <= integer_of_int32(i_3))) + +========== file tests/java/why/SelectionSort_po10.why ========== +goal SelectionSort_sort_ensures_default_po_10: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + ("JC_111": + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))) + +========== file tests/java/why/SelectionSort_po11.why ========== +goal SelectionSort_sort_ensures_default_po_11: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + forall intM_intP0:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP0, intM_intP)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + ("JC_103": (0 <= integer_of_int32(i_3_1))) + +========== file tests/java/why/SelectionSort_po12.why ========== +goal SelectionSort_sort_ensures_permutation_po_1: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + ("JC_139": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP, intM_intP)) + +========== file tests/java/why/SelectionSort_po13.why ========== +goal SelectionSort_sort_ensures_permutation_po_2: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_139": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP)) -> + ("JC_140": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_150": true) -> + ("JC_148": + (("JC_145": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_146": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_147": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + forall intM_intP1:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + ("JC_154": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP1, intM_intP0)) + +========== file tests/java/why/SelectionSort_po14.why ========== +goal SelectionSort_sort_ensures_permutation_po_3: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_139": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP)) -> + ("JC_140": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_150": true) -> + ("JC_148": + (("JC_145": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_146": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_147": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + forall intM_intP1:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + ("JC_154": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP1, intM_intP0)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + ("JC_139": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP1, intM_intP)) + +========== file tests/java/why/SelectionSort_po15.why ========== +goal SelectionSort_sort_ensures_sorted_po_1: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + ("JC_120": ("JC_118": Sorted(t_0, 0, integer_of_int32(i_3), intM_intP))) + +========== file tests/java/why/SelectionSort_po16.why ========== +goal SelectionSort_sort_ensures_sorted_po_2: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < integer_of_int32(i_3)) and + ((integer_of_int32(i_3) <= k2) and (k2 < (offset_max(Object_alloc_table, + t_0) + 1))))) -> + ("JC_120": + ("JC_119": (integer_of_int32(select(intM_intP, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP, shift(t_0, k2)))))) + +========== file tests/java/why/SelectionSort_po17.why ========== +goal SelectionSort_sort_ensures_sorted_po_3: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + ("JC_128": + ("JC_126": (integer_of_int32(mv) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi))))))) + +========== file tests/java/why/SelectionSort_po18.why ========== +goal SelectionSort_sort_ensures_sorted_po_4: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall k_0:int. + ((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3))) -> + ("JC_128": + ("JC_127": (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv)))) + +========== file tests/java/why/SelectionSort_po19.why ========== +goal SelectionSort_sort_ensures_sorted_po_5: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_128": + (("JC_126": (integer_of_int32(mv0) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi0)))))) and + ("JC_127": + (forall k_0:int. + (((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_0))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0))))))) -> + ("JC_132": + (("JC_129": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_130": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_131": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP0, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + forall result6:int32. + (result6 = select(intM_intP0, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + ("JC_128": + ("JC_126": (integer_of_int32(mv1) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi1))))))) + +========== file tests/java/why/SelectionSort_po2.why ========== +goal SelectionSort_sort_ensures_default_po_2: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + ("JC_111": ("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3)))) + +========== file tests/java/why/SelectionSort_po20.why ========== +goal SelectionSort_sort_ensures_sorted_po_6: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_128": + (("JC_126": (integer_of_int32(mv0) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi0)))))) and + ("JC_127": + (forall k_0:int. + (((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_0))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0))))))) -> + ("JC_132": + (("JC_129": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_130": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_131": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP0, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + forall result6:int32. + (result6 = select(intM_intP0, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + forall k_0:int. + ((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_1))) -> + ("JC_128": + ("JC_127": (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv1)))) + +========== file tests/java/why/SelectionSort_po21.why ========== +goal SelectionSort_sort_ensures_sorted_po_7: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_128": + (("JC_126": (integer_of_int32(mv0) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi0)))))) and + ("JC_127": + (forall k_0:int. + (((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_0))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0))))))) -> + ("JC_132": + (("JC_129": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_130": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_131": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP0, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + forall k_0:int. + ((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_1))) -> + ("JC_128": + ("JC_127": (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0)))) + +========== file tests/java/why/SelectionSort_po22.why ========== +goal SelectionSort_sort_ensures_sorted_po_8: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_128": + (("JC_126": (integer_of_int32(mv0) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi0)))))) and + ("JC_127": + (forall k_0:int. + (((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_0))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0))))))) -> + ("JC_132": + (("JC_129": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_130": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_131": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + forall intM_intP1:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + ("JC_120": ("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_1), intM_intP1))) + +========== file tests/java/why/SelectionSort_po23.why ========== +goal SelectionSort_sort_ensures_sorted_po_9: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_128": + (("JC_126": (integer_of_int32(mv0) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi0)))))) and + ("JC_127": + (forall k_0:int. + (((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_0))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0))))))) -> + ("JC_132": + (("JC_129": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_130": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_131": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + forall intM_intP1:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < integer_of_int32(i_3_1)) and + ((integer_of_int32(i_3_1) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + ("JC_120": + ("JC_119": (integer_of_int32(select(intM_intP1, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP1, shift(t_0, k2)))))) + +========== file tests/java/why/SelectionSort_po24.why ========== +goal SelectionSort_sort_ensures_sorted_po_10: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) >= integer_of_int32(result1)) -> + ("JC_73": Sorted(t_0, 0, (offset_max(Object_alloc_table, t_0) + 1), + intM_intP0)) + +========== file tests/java/why/SelectionSort_po25.why ========== +goal SelectionSort_sort_safety_po_1: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) + +========== file tests/java/why/SelectionSort_po26.why ========== +goal SelectionSort_sort_safety_po_2: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + ((-2147483648) <= (result0 - 1)) + +========== file tests/java/why/SelectionSort_po27.why ========== +goal SelectionSort_sort_safety_po_3: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + ((result0 - 1) <= 2147483647) + +========== file tests/java/why/SelectionSort_po28.why ========== +goal SelectionSort_sort_safety_po_4: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + (offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) + +========== file tests/java/why/SelectionSort_po29.why ========== +goal SelectionSort_sort_safety_po_5: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0)) + +========== file tests/java/why/SelectionSort_po3.why ========== +goal SelectionSort_sort_ensures_default_po_3: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + ("JC_111": ("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi)))) + +========== file tests/java/why/SelectionSort_po30.why ========== +goal SelectionSort_sort_safety_po_6: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + ((-2147483648) <= (integer_of_int32(i_3_0) + 1)) + +========== file tests/java/why/SelectionSort_po31.why ========== +goal SelectionSort_sort_safety_po_7: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + ((integer_of_int32(i_3_0) + 1) <= 2147483647) + +========== file tests/java/why/SelectionSort_po32.why ========== +goal SelectionSort_sort_safety_po_8: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + (offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) + +========== file tests/java/why/SelectionSort_po33.why ========== +goal SelectionSort_sort_safety_po_9: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0)) + +========== file tests/java/why/SelectionSort_po34.why ========== +goal SelectionSort_sort_safety_po_10: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + ((-2147483648) <= (integer_of_int32(j_3_0) + 1)) + +========== file tests/java/why/SelectionSort_po35.why ========== +goal SelectionSort_sort_safety_po_11: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + ((integer_of_int32(j_3_0) + 1) <= 2147483647) + +========== file tests/java/why/SelectionSort_po36.why ========== +goal SelectionSort_sort_safety_po_12: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + (((-2147483648) <= (integer_of_int32(j_3_0) + 1)) and + ((integer_of_int32(j_3_0) + 1) <= 2147483647)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + (0 <= ("JC_98": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_0)))) + +========== file tests/java/why/SelectionSort_po37.why ========== +goal SelectionSort_sort_safety_po_13: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + (((-2147483648) <= (integer_of_int32(j_3_0) + 1)) and + ((integer_of_int32(j_3_0) + 1) <= 2147483647)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + (("JC_98": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_1))) < ("JC_98": + ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_0)))) + +========== file tests/java/why/SelectionSort_po38.why ========== +goal SelectionSort_sort_safety_po_14: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + ((-2147483648) <= (integer_of_int32(j_3_0) + 1)) + +========== file tests/java/why/SelectionSort_po39.why ========== +goal SelectionSort_sort_safety_po_15: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + ((integer_of_int32(j_3_0) + 1) <= 2147483647) + +========== file tests/java/why/SelectionSort_po4.why ========== +goal SelectionSort_sort_ensures_default_po_4: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + ("JC_111": + ("JC_110": (integer_of_int32(mi) < (offset_max(Object_alloc_table, + t_0) + 1)))) + +========== file tests/java/why/SelectionSort_po40.why ========== +goal SelectionSort_sort_safety_po_16: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + (((-2147483648) <= (integer_of_int32(j_3_0) + 1)) and + ((integer_of_int32(j_3_0) + 1) <= 2147483647)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + (0 <= ("JC_98": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_0)))) + +========== file tests/java/why/SelectionSort_po41.why ========== +goal SelectionSort_sort_safety_po_17: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + (((-2147483648) <= (integer_of_int32(j_3_0) + 1)) and + ((integer_of_int32(j_3_0) + 1) <= 2147483647)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + (("JC_98": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_1))) < ("JC_98": + ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_0)))) + +========== file tests/java/why/SelectionSort_po42.why ========== +goal SelectionSort_sort_safety_po_18: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": ("JC_39": Non_null_intM(t_0, Object_alloc_table))) + +========== file tests/java/why/SelectionSort_po43.why ========== +goal SelectionSort_sort_safety_po_19: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": + ("JC_41": (integer_of_int32(i_3_0) < (offset_max(Object_alloc_table, + t_0) + 1)))) + +========== file tests/java/why/SelectionSort_po44.why ========== +goal SelectionSort_sort_safety_po_20: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": ("JC_42": (0 <= integer_of_int32(mi0)))) + +========== file tests/java/why/SelectionSort_po45.why ========== +goal SelectionSort_sort_safety_po_21: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": + ("JC_43": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))) + +========== file tests/java/why/SelectionSort_po46.why ========== +goal SelectionSort_sort_safety_po_22: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": + (("JC_39": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_40": (0 <= integer_of_int32(i_3_0))) and + (("JC_41": (integer_of_int32(i_3_0) < (offset_max(Object_alloc_table, + t_0) + 1))) and + (("JC_42": (0 <= integer_of_int32(mi0))) and + ("JC_43": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))))) -> + forall intM_intP0:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP0, intM_intP)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + (0 <= ("JC_102": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(i_3_0)))) + +========== file tests/java/why/SelectionSort_po47.why ========== +goal SelectionSort_sort_safety_po_23: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": + (("JC_39": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_40": (0 <= integer_of_int32(i_3_0))) and + (("JC_41": (integer_of_int32(i_3_0) < (offset_max(Object_alloc_table, + t_0) + 1))) and + (("JC_42": (0 <= integer_of_int32(mi0))) and + ("JC_43": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))))) -> + forall intM_intP0:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP0, intM_intP)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + (("JC_102": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(i_3_1))) < ("JC_102": + ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(i_3_0)))) + +========== file tests/java/why/SelectionSort_po48.why ========== +goal SelectionSort_swap_ensures_default_po_1: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + forall result:int32. + (result = select(intM_intP, shift(t, integer_of_int32(i_2)))) -> + forall result0:int32. + (result0 = select(intM_intP, shift(t, integer_of_int32(j_2)))) -> + forall intM_intP0:(Object, + int32) memory. + (intM_intP0 = store(intM_intP, shift(t, integer_of_int32(i_2)), + result0)) -> + forall intM_intP1:(Object, + int32) memory. + (intM_intP1 = store(intM_intP0, shift(t, integer_of_int32(j_2)), + result)) -> + ("JC_55": + ("JC_53": Swap(t, integer_of_int32(i_2), integer_of_int32(j_2), intM_intP1, + intM_intP))) + +========== file tests/java/why/SelectionSort_po49.why ========== +goal SelectionSort_swap_ensures_default_po_2: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + forall result:int32. + (result = select(intM_intP, shift(t, integer_of_int32(i_2)))) -> + forall result0:int32. + (result0 = select(intM_intP, shift(t, integer_of_int32(j_2)))) -> + forall intM_intP0:(Object, + int32) memory. + (intM_intP0 = store(intM_intP, shift(t, integer_of_int32(i_2)), + result0)) -> + forall intM_intP1:(Object, + int32) memory. + (intM_intP1 = store(intM_intP0, shift(t, integer_of_int32(j_2)), + result)) -> + ("JC_55": + ("JC_54": not_assigns(Object_alloc_table, intM_intP, intM_intP1, + pset_union(pset_range(pset_singleton(t), integer_of_int32(j_2), + integer_of_int32(j_2)), pset_range(pset_singleton(t), + integer_of_int32(i_2), integer_of_int32(i_2)))))) + +========== file tests/java/why/SelectionSort_po5.why ========== +goal SelectionSort_sort_ensures_default_po_5: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + ("JC_111": ("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_1)))) + +========== file tests/java/why/SelectionSort_po50.why ========== +goal SelectionSort_swap_safety_po_1: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + (offset_min(Object_alloc_table, t) <= integer_of_int32(i_2)) + +========== file tests/java/why/SelectionSort_po51.why ========== +goal SelectionSort_swap_safety_po_2: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + (integer_of_int32(i_2) <= offset_max(Object_alloc_table, t)) + +========== file tests/java/why/SelectionSort_po52.why ========== +goal SelectionSort_swap_safety_po_3: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + ((offset_min(Object_alloc_table, t) <= integer_of_int32(i_2)) and + (integer_of_int32(i_2) <= offset_max(Object_alloc_table, t))) -> + forall result:int32. + (result = select(intM_intP, shift(t, integer_of_int32(i_2)))) -> + (offset_min(Object_alloc_table, t) <= integer_of_int32(j_2)) + +========== file tests/java/why/SelectionSort_po53.why ========== +goal SelectionSort_swap_safety_po_4: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + ((offset_min(Object_alloc_table, t) <= integer_of_int32(i_2)) and + (integer_of_int32(i_2) <= offset_max(Object_alloc_table, t))) -> + forall result:int32. + (result = select(intM_intP, shift(t, integer_of_int32(i_2)))) -> + (integer_of_int32(j_2) <= offset_max(Object_alloc_table, t)) + +========== file tests/java/why/SelectionSort_po6.why ========== +goal SelectionSort_sort_ensures_default_po_6: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + ("JC_111": ("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi1)))) + +========== file tests/java/why/SelectionSort_po7.why ========== +goal SelectionSort_sort_ensures_default_po_7: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + ("JC_111": + ("JC_110": (integer_of_int32(mi1) < (offset_max(Object_alloc_table, + t_0) + 1)))) + +========== file tests/java/why/SelectionSort_po8.why ========== +goal SelectionSort_sort_ensures_default_po_8: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + ("JC_111": ("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_1)))) + +========== file tests/java/why/SelectionSort_po9.why ========== +goal SelectionSort_sort_ensures_default_po_9: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + ("JC_111": ("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0)))) + +========== generation of Simplify VC output ========== +why -simplify [...] why/SelectionSort.why +========== file tests/java/simplify/SelectionSort_why.sx ========== + +;; DO NOT EDIT BELOW THIS LINE + +(BG_PUSH (NEQ |@true| |@false|)) + +(DEFPRED (zwf_zero a b) (AND (<= 0 b) (< a b))) + +(BG_PUSH + ;; Why axiom bool_and_def + (FORALL (a b) + (IFF (EQ (bool_and a b) |@true|) (AND (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_or_def + (FORALL (a b) + (IFF (EQ (bool_or a b) |@true|) (OR (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_xor_def + (FORALL (a b) (IFF (EQ (bool_xor a b) |@true|) (NEQ a b)))) + +(BG_PUSH + ;; Why axiom bool_not_def + (FORALL (a) (IFF (EQ (bool_not a) |@true|) (EQ a |@false|)))) + +(BG_PUSH + ;; Why axiom ite_true + (FORALL (x y) (EQ (ite |@true| x y) x))) + +(BG_PUSH + ;; Why axiom ite_false + (FORALL (x y) (EQ (ite |@false| x y) y))) + +(BG_PUSH + ;; Why axiom lt_int_bool_axiom + (FORALL (x y) (IFF (EQ (lt_int_bool x y) |@true|) (< x y)))) + +(BG_PUSH + ;; Why axiom le_int_bool_axiom + (FORALL (x y) (IFF (EQ (le_int_bool x y) |@true|) (<= x y)))) + +(BG_PUSH + ;; Why axiom gt_int_bool_axiom + (FORALL (x y) (IFF (EQ (gt_int_bool x y) |@true|) (> x y)))) + +(BG_PUSH + ;; Why axiom ge_int_bool_axiom + (FORALL (x y) (IFF (EQ (ge_int_bool x y) |@true|) (>= x y)))) + +(BG_PUSH + ;; Why axiom eq_int_bool_axiom + (FORALL (x y) (IFF (EQ (eq_int_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_int_bool_axiom + (FORALL (x y) (IFF (EQ (neq_int_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom abs_int_pos + (FORALL (x) (IMPLIES (>= x 0) (EQ (abs_int x) x)))) + +(BG_PUSH + ;; Why axiom abs_int_neg + (FORALL (x) (IMPLIES (<= x 0) (EQ (abs_int x) (- 0 x))))) + +(BG_PUSH + ;; Why axiom int_max_is_ge + (FORALL (x y) (AND (>= (int_max x y) x) (>= (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_max_is_some + (FORALL (x y) (OR (EQ (int_max x y) x) (EQ (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_le + (FORALL (x y) (AND (<= (int_min x y) x) (<= (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_some + (FORALL (x y) (OR (EQ (int_min x y) x) (EQ (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom real_of_int_zero + (EQ (real_of_int 0) real_constant_0_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_one + (EQ (real_of_int 1) real_constant_1_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_add + (FORALL (x y) + (EQ (real_of_int (+ x y)) (real_add (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom real_of_int_sub + (FORALL (x y) + (EQ (real_of_int (- x y)) (real_sub (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom truncate_down_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (AND (EQ (le_real (real_of_int (truncate_real_to_int x)) x) |@true|) + (EQ (lt_real x (real_of_int (+ (truncate_real_to_int x) 1))) |@true|))))) + +(BG_PUSH + ;; Why axiom truncate_up_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (AND (EQ (lt_real (real_of_int (- (truncate_real_to_int x) 1)) x) |@true|) + (EQ (le_real x (real_of_int (truncate_real_to_int x))) |@true|))))) + +(BG_PUSH + ;; Why axiom lt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (lt_real_bool x y) |@true|) (EQ (lt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom le_real_bool_axiom + (FORALL (x y) + (IFF (EQ (le_real_bool x y) |@true|) (EQ (le_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom gt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (gt_real_bool x y) |@true|) (EQ (gt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom ge_real_bool_axiom + (FORALL (x y) + (IFF (EQ (ge_real_bool x y) |@true|) (EQ (ge_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom eq_real_bool_axiom + (FORALL (x y) (IFF (EQ (eq_real_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_real_bool_axiom + (FORALL (x y) (IFF (EQ (neq_real_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom real_max_is_ge + (FORALL (x y) + (AND (EQ (ge_real (real_max x y) x) |@true|) + (EQ (ge_real (real_max x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_max_is_some + (FORALL (x y) (OR (EQ (real_max x y) x) (EQ (real_max x y) y)))) + +(BG_PUSH + ;; Why axiom real_min_is_le + (FORALL (x y) + (AND (EQ (le_real (real_min x y) x) |@true|) + (EQ (le_real (real_min x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_min_is_some + (FORALL (x y) (OR (EQ (real_min x y) x) (EQ (real_min x y) y)))) + +(BG_PUSH + ;; Why axiom sqr_real_def + (FORALL (x) (EQ (sqr_real x) (real_mul x x)))) + +(BG_PUSH + ;; Why axiom sqrt_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (ge_real (real_sqrt x) real_constant_0_0e) |@true|)))) + +(BG_PUSH + ;; Why axiom sqrt_sqr + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (sqr_real (real_sqrt x)) x)))) + +(BG_PUSH + ;; Why axiom sqr_sqrt + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (real_sqrt (real_mul x x)) x)))) + +(BG_PUSH + ;; Why axiom abs_real_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) (EQ (real_abs x) x)))) + +(BG_PUSH + ;; Why axiom abs_real_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (EQ (real_abs x) (real_neg x))))) + +(BG_PUSH + ;; Why axiom log_exp + (FORALL (x) (EQ (log (exp x)) x))) + +(BG_PUSH + ;; Why axiom exp_log + (FORALL (x) + (IMPLIES (EQ (gt_real x real_constant_0_0e) |@true|) (EQ (exp (log x)) x)))) + +(BG_PUSH + ;; Why axiom prod_pos + (FORALL (x y) + (AND + (IMPLIES + (AND (EQ (gt_real x real_constant_0_0e) |@true|) + (EQ (gt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|)) + (IMPLIES + (AND (EQ (lt_real x real_constant_0_0e) |@true|) + (EQ (lt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|))))) + +(BG_PUSH + ;; Why axiom abs_minus + (FORALL (x) (EQ (real_abs (real_neg x)) (real_abs x)))) + +(BG_PUSH + ;; Why axiom math_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (math_div x y)) (math_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (math_div x y)) (math_mod x y))))))) + +(BG_PUSH + ;; Why axiom math_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) + (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))))) + +(BG_PUSH + ;; Why axiom computer_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))))) + +(BG_PUSH + ;; Why axiom computer_div_bound + (FORALL (x y) + (IMPLIES (AND (>= x 0) (> y 0)) + (AND (<= 0 (computer_div x y)) (<= (computer_div x y) x))))) + +(BG_PUSH + ;; Why axiom computer_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) (< (abs_int (computer_mod x y)) (abs_int y)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (< (abs_int (computer_mod x y)) (abs_int y)))))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_pos + (FORALL (x y) (IMPLIES (AND (>= x 0) (NEQ y 0)) (>= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_neg + (FORALL (x y) (IMPLIES (AND (<= x 0) (NEQ y 0)) (<= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_rounds_toward_zero + (FORALL (x y) + (IMPLIES (NEQ y 0) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))))) + +(DEFPRED (valid a p) (AND (<= (offset_min a p) 0) (>= (offset_max a p) 0))) + +(DEFPRED (same_block p q) (EQ (base_block p) (base_block q))) + +(BG_PUSH + ;; Why axiom address_injective + (FORALL (p q) (IFF (EQ p q) (EQ (address p) (address q))))) + +(BG_PUSH + ;; Why axiom address_null + (EQ (address null) 0)) + +(BG_PUSH + ;; Why axiom address_shift_lt + (FORALL (p i j) + (IFF (< (address (shift p i)) (address (shift p j))) (< i j)))) + +(BG_PUSH + ;; Why axiom address_shift_le + (FORALL (p i j) + (IFF (<= (address (shift p i)) (address (shift p j))) (<= i j)))) + +(BG_PUSH + ;; Why axiom shift_zero + (FORALL (p) (EQ (shift p 0) p))) + +(BG_PUSH + ;; Why axiom shift_shift + (FORALL (p i j) (EQ (shift (shift p i) j) (shift p (+ i j))))) + +(BG_PUSH + ;; Why axiom offset_max_shift + (FORALL (a p i) (EQ (offset_max a (shift p i)) (- (offset_max a p) i)))) + +(BG_PUSH + ;; Why axiom offset_min_shift + (FORALL (a p i) (EQ (offset_min a (shift p i)) (- (offset_min a p) i)))) + +(BG_PUSH + ;; Why axiom neq_shift + (FORALL (p i j) (IMPLIES (NEQ i j) (NEQ (shift p i) (shift p j)))) + + (FORALL (i j) + (IMPLIES (NEQ i j) (FORALL (p) (NEQ (shift p i) (shift p j)))))) + +(BG_PUSH + ;; Why axiom null_not_valid + (FORALL (a) (NOT (valid a null)))) + +(BG_PUSH + ;; Why axiom null_pointer + (FORALL (a) + (AND (>= (offset_min a null) 0) (<= (offset_max a null) (- 0 2))))) + +(BG_PUSH + ;; Why axiom eq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (eq_pointer_bool p1 p2) |@true|) (EQ p1 p2)))) + +(BG_PUSH + ;; Why axiom neq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (neq_pointer_bool p1 p2) |@true|) (NEQ p1 p2)))) + +(BG_PUSH + ;; Why axiom same_block_shift_right + (FORALL (p q i) (IMPLIES (same_block p q) (same_block p (shift q i)))) + + (FORALL (p q) + (IMPLIES (same_block p q) (FORALL (i) (same_block p (shift q i)))))) + +(BG_PUSH + ;; Why axiom same_block_shift_left + (FORALL (p q i) (IMPLIES (same_block q p) (same_block (shift q i) p))) + + (FORALL (p q) + (IMPLIES (same_block q p) (FORALL (i) (same_block (shift q i) p))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift + (FORALL (p q) (IMPLIES (same_block p q) (EQ p (shift q (sub_pointer p q)))))) + +(BG_PUSH + ;; Why axiom sub_pointer_self + (FORALL (p) (EQ (sub_pointer p p) 0))) + +(BG_PUSH + ;; Why axiom sub_pointer_zero + (FORALL (p q) + (IMPLIES (same_block p q) (IMPLIES (EQ (sub_pointer p q) 0) (EQ p q))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_left + (FORALL (p q i) (EQ (sub_pointer (shift p i) q) (+ (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_right + (FORALL (p q i) (EQ (sub_pointer p (shift q i)) (- (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom select_store_eq + (FORALL (m p1 p2 a) + (IMPLIES (EQ p1 p2) (EQ (select (|why__store| m p1 a) p2) a))) + + (FORALL (p1 p2) + (IMPLIES (EQ p1 p2) (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) a))))) + +(BG_PUSH + ;; Why axiom select_store_neq + (FORALL (m p1 p2 a) + (IMPLIES (NEQ p1 p2) (EQ (select (|why__store| m p1 a) p2) (select m p2)))) + + (FORALL (p1 p2) + (IMPLIES (NEQ p1 p2) + (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) (select m p2)))))) + +(DEFPRED (pset_disjoint ps1 ps2) + (FORALL (p) + (NOT (AND (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|))))) + +(DEFPRED (pset_included ps1 ps2) + (FORALL (p) + (IMPLIES (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|)))) + +(BG_PUSH + ;; Why axiom pset_included_self + (FORALL (ps) (pset_included ps ps))) + +(BG_PUSH + ;; Why axiom pset_included_range + (FORALL (ps a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (pset_included (pset_range ps a b) (pset_range ps c d)))) + + (FORALL (a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (FORALL (ps) (pset_included (pset_range ps a b) (pset_range ps c d)))))) + +(BG_PUSH + ;; Why axiom pset_included_range_all + (FORALL (ps a b c d) (pset_included (pset_range ps a b) (pset_all ps)))) + +(BG_PUSH + ;; Why axiom in_pset_empty + (FORALL (p) (NOT (EQ (in_pset p pset_empty) |@true|)))) + +(BG_PUSH + ;; Why axiom in_pset_singleton + (FORALL (p q) (IFF (EQ (in_pset p (pset_singleton q)) |@true|) (EQ p q)))) + +(BG_PUSH + ;; Why axiom in_pset_deref + (FORALL (p m q) + (IFF (EQ (in_pset p (pset_deref m q)) |@true|) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))))))) + +(BG_PUSH + ;; Why axiom in_pset_all + (FORALL (p q) + (IFF (EQ (in_pset p (pset_all q)) |@true|) + (EXISTS (i) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))) + +(BG_PUSH + ;; Why axiom in_pset_range + (FORALL (p q a b) + (IFF (EQ (in_pset p (pset_range q a b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_left + (FORALL (p q b) + (IFF (EQ (in_pset p (pset_range_left q b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_right + (FORALL (p q a) + (IFF (EQ (in_pset p (pset_range_right q a)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_union + (FORALL (p s1 s2) + (IFF (EQ (in_pset p (pset_union s1 s2)) |@true|) + (OR (EQ (in_pset p s1) |@true|) (EQ (in_pset p s2) |@true|))))) + +(BG_PUSH + ;; Why axiom valid_pset_empty + (FORALL (a) (EQ (valid_pset a pset_empty) |@true|))) + +(BG_PUSH + ;; Why axiom valid_pset_singleton + (FORALL (a p) + (IFF (EQ (valid_pset a (pset_singleton p)) |@true|) (valid a p)))) + +(BG_PUSH + ;; Why axiom valid_pset_deref + (FORALL (a m q) + (IFF (EQ (valid_pset a (pset_deref m q)) |@true|) + (FORALL (r p) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))) (valid a p)))))) + +(BG_PUSH + ;; Why axiom valid_pset_range + (FORALL (a q c d) + (IFF (EQ (valid_pset a (pset_range q c d)) |@true|) + (FORALL (i r) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (AND (<= c i) (<= i d))) + (valid a (shift r i))))))) + +(BG_PUSH + ;; Why axiom valid_pset_union + (FORALL (a s1 s2) + (IFF (EQ (valid_pset a (pset_union s1 s2)) |@true|) + (AND (EQ (valid_pset a s1) |@true|) (EQ (valid_pset a s2) |@true|))))) + +(DEFPRED (not_assigns a m1 m2 l) + (FORALL (p) + (IMPLIES (AND (valid a p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (select m2 p) (select m1 p))))) + +(BG_PUSH + ;; Why axiom not_assigns_refl + (FORALL (a m l) (not_assigns a m m l))) + +(BG_PUSH + ;; Why axiom not_assigns_trans + (FORALL (a m1 m2 m3 l) + (IMPLIES (not_assigns a m1 m2 l) + (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))) + + (FORALL (a m1 m2 l) + (IMPLIES (not_assigns a m1 m2 l) + (FORALL (m3) (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))))) + +(BG_PUSH + ;; Why axiom full_separated_shift1 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift2 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift3 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift4 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom subtag_bool_def + (FORALL (t1 t2) + (IFF (EQ (subtag_bool t1 t2) |@true|) (EQ (subtag t1 t2) |@true|)))) + +(BG_PUSH + ;; Why axiom subtag_refl + (FORALL (t) (EQ (subtag t t) |@true|))) + +(BG_PUSH + ;; Why axiom subtag_parent + (FORALL (t1 t2 t3) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))) + + (FORALL (t1 t2) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (FORALL (t3) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))))) + +(DEFPRED (instanceof a p t) (EQ (subtag (typeof a p) t) |@true|)) + +(BG_PUSH + ;; Why axiom downcast_instanceof + (FORALL (a p s) (IMPLIES (instanceof a p s) (EQ (downcast a p s) p)))) + +(BG_PUSH + ;; Why axiom bottom_tag_axiom + (FORALL (t) (EQ (subtag t bottom_tag) |@true|))) + +(DEFPRED (root_tag t) (EQ (parenttag t bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom root_subtag + (FORALL (a b c) + (IMPLIES (root_tag a) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|))))))) + + (FORALL (a) + (IMPLIES (root_tag a) + (FORALL (b) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (FORALL (c) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|)))))))))) + +(DEFPRED (fully_packed tag_table mutable this) + (EQ (select mutable this) (typeof tag_table this))) + +(BG_PUSH + ;; Why axiom bw_and_not_null + (FORALL (a b) (IMPLIES (NEQ (bw_and a b) 0) (AND (NEQ a 0) (NEQ b 0))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsl a b))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_monotone + (FORALL (a1 a2 b) + (IMPLIES (AND (<= 0 a1) (AND (<= a1 a2) (<= 0 b))) + (<= (lsl a1 b) (lsl a2 b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_decreases + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_positive_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (asr a b))))) + +(BG_PUSH + ;; Why axiom asr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (asr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_lsr_same_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (asr a b) (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsl_of_lsr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsl (lsr a b) b) a)))) + +(BG_PUSH + ;; Why axiom lsr_of_lsl_identity_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (lsr (lsl a b) b) a)))) + +(DEFPRED (alloc_fresh a p n) + (FORALL (i) (IMPLIES (AND (<= 0 i) (< i n)) (NOT (valid a (shift p i)))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_min + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_max + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_not_assigns_empty + (FORALL (a1 a2 m1 m2 l p n) + (IMPLIES + (AND (EQ (alloc_extends a1 a2) |@true|) + (AND (alloc_fresh a1 p n) + (AND (not_assigns a2 m1 m2 l) + (pset_included l (pset_all (pset_singleton p)))))) + (not_assigns a1 m1 m2 pset_empty)))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_min + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_max + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom disj_sym + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) (EQ (disj_mybag s2 s1) |@true|)))) + +(BG_PUSH + ;; Why axiom sub_refl + (FORALL (sa) (EQ (sub_mybag sa sa) |@true|))) + +(BG_PUSH + ;; Why axiom sub_disj + (FORALL (s1 s2 s3) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))) + + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (FORALL (s3) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))))) + +(BG_PUSH + ;; Why axiom sub_in + (FORALL (s1 s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))) + + (FORALL (s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (FORALL (s1) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_refl + (FORALL (sa m) (EQ (frame_between sa m m) |@true|))) + +(BG_PUSH + ;; Why axiom frame_between_gen + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (FORALL (v) (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen2 + (FORALL (sa m1 m2 m3) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub1 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 s13) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (FORALL (m2 m1) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s23 m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub2 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 m1 m2) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s13 s23) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_pointer + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (EQ (select m1 p) (select m2 p))))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (FORALL (v) (EQ (select m1 p) (select m2 p)))))))) + +(BG_PUSH + ;; Why axiom frame_between_sub + (FORALL (sa sb m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (sb) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))))) + +(BG_PUSH + ;; Why axiom Exception_parenttag_Object + (EQ (parenttag Exception_tag Object_tag) |@true|)) + +(DEFPRED (Non_null_Object x_1 Object_alloc_table) + (>= (offset_max Object_alloc_table x_1) 0)) + +(DEFPRED (Non_null_intM x_0 Object_alloc_table) + (>= (offset_max Object_alloc_table x_0) (- 0 1))) + +(BG_PUSH + ;; Why axiom Object_int + (EQ (int_of_tag Object_tag) 1)) + +(BG_PUSH + ;; Why axiom Object_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (Object_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom Object_parenttag_bottom + (EQ (parenttag Object_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Object_tags + (FORALL (x Object_tag_table) (instanceof Object_tag_table x Object_tag))) + +(DEFPRED (Swap a_0 i_0 j_0 intM_intP_at_L2 intM_intP_at_L1) + (AND + (EQ (integer_of_int32 (select intM_intP_at_L1 (shift a_0 i_0))) + (integer_of_int32 (select intM_intP_at_L2 (shift a_0 j_0)))) + (AND + (EQ (integer_of_int32 (select intM_intP_at_L1 (shift a_0 j_0))) + (integer_of_int32 (select intM_intP_at_L2 (shift a_0 i_0)))) + (FORALL (k) + (IMPLIES (AND (NEQ k i_0) (NEQ k j_0)) + (EQ (integer_of_int32 (select intM_intP_at_L1 (shift a_0 k))) + (integer_of_int32 (select intM_intP_at_L2 (shift a_0 k))))))))) + +(BG_PUSH + ;; Why axiom Permut_inversion + (FORALL (aux_1 aux_2 aux_3 aux_4 aux_5) + (IMPLIES (EQ (Permut aux_1 aux_2 aux_3 aux_4 aux_5) |@true|) + (OR + (EXISTS (intM_intP_at_L) + (EXISTS (a_2) + (EXISTS (l_1) + (EXISTS (h_1) + (AND (EQ aux_1 a_2) + (AND (EQ aux_2 l_1) + (AND (EQ aux_3 h_1) + (AND (EQ aux_4 intM_intP_at_L) (EQ aux_5 intM_intP_at_L))))))))) + (OR + (EXISTS (intM_intP_at_L2) + (EXISTS (intM_intP_at_L1) + (EXISTS (a_3) + (EXISTS (l_2) + (EXISTS (h_2) + (AND (EQ (Permut a_3 l_2 h_2 intM_intP_at_L2 intM_intP_at_L1) |@true|) + (AND (EQ aux_1 a_3) + (AND (EQ aux_2 l_2) + (AND (EQ aux_3 h_2) + (AND (EQ aux_4 intM_intP_at_L1) (EQ aux_5 intM_intP_at_L2))))))))))) + (OR + (EXISTS (intM_intP_at_L3) + (EXISTS (intM_intP_at_L2) + (EXISTS (intM_intP_at_L1) + (EXISTS (a_4) + (EXISTS (l_3) + (EXISTS (h_3) + (AND + (AND (EQ (Permut a_4 l_3 h_3 intM_intP_at_L2 intM_intP_at_L1) |@true|) + (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L2) |@true|)) + (AND (EQ aux_1 a_4) + (AND (EQ aux_2 l_3) + (AND (EQ aux_3 h_3) + (AND (EQ aux_4 intM_intP_at_L3) (EQ aux_5 intM_intP_at_L1)))))))))))) + (EXISTS (intM_intP_at_L2) + (EXISTS (intM_intP_at_L1) + (EXISTS (a_5) + (EXISTS (l_4) + (EXISTS (h_4) + (EXISTS (i_1) + (EXISTS (j_1) + (AND + (AND (<= l_4 i_1) + (AND (<= i_1 h_4) + (AND (<= l_4 j_1) + (AND (<= j_1 h_4) (Swap a_5 i_1 j_1 intM_intP_at_L2 intM_intP_at_L1))))) + (AND (EQ aux_1 a_5) + (AND (EQ aux_2 l_4) + (AND (EQ aux_3 h_4) + (AND (EQ aux_4 intM_intP_at_L2) (EQ aux_5 intM_intP_at_L1))))))))))))))))))) + +(BG_PUSH + ;; Why axiom Permut_refl + (FORALL (intM_intP_at_L a_2 l_1 h_1) + (EQ (Permut a_2 l_1 h_1 intM_intP_at_L intM_intP_at_L) |@true|))) + +(BG_PUSH + ;; Why axiom Permut_sym + (FORALL (intM_intP_at_L2 intM_intP_at_L1 a_3 l_2 h_2) + (IMPLIES (EQ (Permut a_3 l_2 h_2 intM_intP_at_L2 intM_intP_at_L1) |@true|) + (EQ (Permut a_3 l_2 h_2 intM_intP_at_L1 intM_intP_at_L2) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_trans + (FORALL (intM_intP_at_L3 intM_intP_at_L2 intM_intP_at_L1 a_4 l_3 h_3) + (IMPLIES + (AND (EQ (Permut a_4 l_3 h_3 intM_intP_at_L2 intM_intP_at_L1) |@true|) + (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L2) |@true|)) + (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L1) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_swap + (FORALL (intM_intP_at_L2 intM_intP_at_L1 a_5 l_4 h_4 i_1 j_1) + (IMPLIES + (AND (<= l_4 i_1) + (AND (<= i_1 h_4) + (AND (<= l_4 j_1) + (AND (<= j_1 h_4) (Swap a_5 i_1 j_1 intM_intP_at_L2 intM_intP_at_L1))))) + (EQ (Permut a_5 l_4 h_4 intM_intP_at_L2 intM_intP_at_L1) |@true|)))) + +(BG_PUSH + ;; Why axiom SelectionSort_parenttag_Object + (EQ (parenttag SelectionSort_tag Object_tag) |@true|)) + +(DEFPRED (Sorted a l h intM_intP_at_L) + (FORALL (i j) + (IMPLIES (AND (<= l i) (AND (<= i j) (< j h))) + (<= (integer_of_int32 (select intM_intP_at_L (shift a i))) (integer_of_int32 + (select + intM_intP_at_L + (shift a j))))))) + +(BG_PUSH + ;; Why axiom String_parenttag_Object + (EQ (parenttag String_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Throwable_parenttag_Object + (EQ (parenttag Throwable_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom byte_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 128) x) (<= x 127)) + (EQ (integer_of_byte (byte_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom byte_range + (FORALL (x) + (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) + +(BG_PUSH + ;; Why axiom char_coerce + (FORALL (x) + (IMPLIES (AND (<= 0 x) (<= x 65535)) + (EQ (integer_of_char (char_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom char_range + (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) + +(DEFPRED (eq_byte x y) (EQ (integer_of_byte x) (integer_of_byte y))) + +(DEFPRED (eq_char x y) (EQ (integer_of_char x) (integer_of_char y))) + +(DEFPRED (eq_int32 x y) (EQ (integer_of_int32 x) (integer_of_int32 y))) + +(DEFPRED (eq_long x y) (EQ (integer_of_long x) (integer_of_long y))) + +(DEFPRED (eq_short x y) (EQ (integer_of_short x) (integer_of_short y))) + +(BG_PUSH + ;; Why axiom int32_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_2147483648) x) + (<= x constant_too_large_2147483647)) + (EQ (integer_of_int32 (int32_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom int32_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) + (<= (integer_of_int32 x) constant_too_large_2147483647)))) + +(BG_PUSH + ;; Why axiom intM_parenttag_Object + (EQ (parenttag intM_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom interface_int + (EQ (int_of_tag interface_tag) 1)) + +(BG_PUSH + ;; Why axiom interface_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (interface_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom interface_parenttag_bottom + (EQ (parenttag interface_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom interface_tags + (FORALL (x interface_tag_table) + (instanceof interface_tag_table x interface_tag))) + +(DEFPRED (left_valid_struct_Object p a Object_alloc_table) + (<= (offset_min Object_alloc_table p) a)) + +(DEFPRED (left_valid_struct_Exception p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_SelectionSort p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_String p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Throwable p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_intM p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_interface p a interface_alloc_table) + (<= (offset_min interface_alloc_table p) a)) + +(BG_PUSH + ;; Why axiom long_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_9223372036854775808) x) + (<= x constant_too_large_9223372036854775807)) + (EQ (integer_of_long (long_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom long_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) + (<= (integer_of_long x) constant_too_large_9223372036854775807)))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_Object_of_pointer_address + (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_interface_of_pointer_address + (FORALL (p) (EQ p (pointer_address (interface_of_pointer_address p))))) + +(DEFPRED (right_valid_struct_Object p b Object_alloc_table) + (>= (offset_max Object_alloc_table p) b)) + +(DEFPRED (right_valid_struct_Exception p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_SelectionSort p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_String p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Throwable p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_intM p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_interface p b interface_alloc_table) + (>= (offset_max interface_alloc_table p) b)) + +(BG_PUSH + ;; Why axiom short_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 32768) x) (<= x 32767)) + (EQ (integer_of_short (short_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom short_range + (FORALL (x) + (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) + +(DEFPRED (strict_valid_root_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_root_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Exception p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_SelectionSort p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_String p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Throwable p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_intM p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_root_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_root_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_struct_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_struct_Exception p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_SelectionSort p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_String p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Throwable p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_intM p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +;; SelectionSort_sort_ensures_default_po_1, File "HOME/tests/java/SelectionSort.java", line 81, characters 20-26 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) (IMPLIES (EQ i_3 result) (<= 0 (integer_of_int32 i_3)))))))))) + +;; SelectionSort_sort_ensures_default_po_2, File "HOME/tests/java/SelectionSort.java", line 93, characters 24-29 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(< (integer_of_int32 i_3_0) (integer_of_int32 j_3)))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_default_po_3, File "HOME/tests/java/SelectionSort.java", line 93, characters 33-40 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(<= (integer_of_int32 i_3_0) (integer_of_int32 mi)))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_default_po_4, File "HOME/tests/java/SelectionSort.java", line 93, characters 38-51 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(< (integer_of_int32 mi) (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_default_po_5, File "HOME/tests/java/SelectionSort.java", line 93, characters 24-29 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (< (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_3_0) +(FORALL (result6) +(IMPLIES (EQ result6 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result6) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result7) +(< (integer_of_int32 i_3_0) (integer_of_int32 j_3_1)))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_default_po_6, File "HOME/tests/java/SelectionSort.java", line 93, characters 33-40 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (< (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_3_0) +(FORALL (result6) +(IMPLIES (EQ result6 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result6) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result7) +(<= (integer_of_int32 i_3_0) (integer_of_int32 mi1)))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_default_po_7, File "HOME/tests/java/SelectionSort.java", line 93, characters 38-51 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (< (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_3_0) +(FORALL (result6) +(IMPLIES (EQ result6 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result6) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result7) +(< (integer_of_int32 mi1) (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_default_po_8, File "HOME/tests/java/SelectionSort.java", line 93, characters 24-29 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (>= (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (result6) +(IMPLIES (EQ (integer_of_int32 result6) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result6) +(< (integer_of_int32 i_3_0) (integer_of_int32 j_3_1)))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_default_po_9, File "HOME/tests/java/SelectionSort.java", line 93, characters 33-40 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (>= (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (result6) +(IMPLIES (EQ (integer_of_int32 result6) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result6) +(<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_default_po_10, File "HOME/tests/java/SelectionSort.java", line 93, characters 38-51 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (>= (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (result6) +(IMPLIES (EQ (integer_of_int32 result6) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result6) +(< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_default_po_11, File "HOME/tests/java/SelectionSort.java", line 81, characters 20-26 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) +(FORALL (intM_intP0) +(IMPLIES (AND + (Swap + t_0 (integer_of_int32 i_3_0) (integer_of_int32 mi0) intM_intP0 intM_intP) + (not_assigns + Object_alloc_table intM_intP intM_intP0 (pset_union + (pset_range + (pset_singleton t_0) + (integer_of_int32 mi0) + (integer_of_int32 mi0)) + (pset_range + (pset_singleton t_0) + (integer_of_int32 i_3_0) + (integer_of_int32 i_3_0))))) +(FORALL (result5) +(IMPLIES (EQ (integer_of_int32 result5) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (i_3_1) (IMPLIES (EQ i_3_1 result5) (<= 0 (integer_of_int32 i_3_1)))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_permutation_po_1, File "HOME/tests/java/SelectionSort.java", line 87, characters 22-54 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(EQ (Permut +t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP intM_intP) |@true|)))))))))) + +;; SelectionSort_sort_ensures_permutation_po_2, File "HOME/tests/java/SelectionSort.java", line 108, characters 33-68 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP0) +(IMPLIES (EQ (Permut + t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP0 intM_intP) |@true|) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP0 (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) +(FORALL (intM_intP1) +(IMPLIES (AND + (Swap + t_0 (integer_of_int32 i_3_0) (integer_of_int32 mi0) intM_intP1 intM_intP0) + (not_assigns + Object_alloc_table intM_intP0 intM_intP1 (pset_union + (pset_range + (pset_singleton t_0) + (integer_of_int32 mi0) + (integer_of_int32 mi0)) + (pset_range + (pset_singleton t_0) + (integer_of_int32 i_3_0) + (integer_of_int32 i_3_0))))) +(EQ (Permut +t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP1 intM_intP0) |@true|)))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_permutation_po_3, File "HOME/tests/java/SelectionSort.java", line 87, characters 22-54 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP0) +(IMPLIES (EQ (Permut + t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP0 intM_intP) |@true|) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP0 (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) +(FORALL (intM_intP1) +(IMPLIES (AND + (Swap + t_0 (integer_of_int32 i_3_0) (integer_of_int32 mi0) intM_intP1 intM_intP0) + (not_assigns + Object_alloc_table intM_intP0 intM_intP1 (pset_union + (pset_range + (pset_singleton t_0) + (integer_of_int32 mi0) + (integer_of_int32 mi0)) + (pset_range + (pset_singleton t_0) + (integer_of_int32 i_3_0) + (integer_of_int32 i_3_0))))) +(IMPLIES (EQ (Permut + t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP1 intM_intP0) |@true|) +(FORALL (result5) +(IMPLIES (EQ (integer_of_int32 result5) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (i_3_1) +(IMPLIES (EQ i_3_1 result5) +(EQ (Permut +t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP1 intM_intP) |@true|))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_sorted_po_1, File "HOME/tests/java/SelectionSort.java", line 83, characters 21-34 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) (Sorted t_0 0 (integer_of_int32 i_3) intM_intP)))))))))) + +;; SelectionSort_sort_ensures_sorted_po_2, File "HOME/tests/java/SelectionSort.java", line 84, characters 8-90 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (k1) +(FORALL (k2) +(IMPLIES (AND (<= 0 k1) + (AND (< k1 (integer_of_int32 i_3)) + (AND (<= (integer_of_int32 i_3) k2) + (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) +(<= (integer_of_int32 (select intM_intP (shift t_0 k1))) (integer_of_int32 + (select + intM_intP (shift + t_0 k2)))))))))))))))) + +;; SelectionSort_sort_ensures_sorted_po_3, File "HOME/tests/java/SelectionSort.java", line 95, characters 25-36 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP0) +(IMPLIES (AND (Sorted t_0 0 (integer_of_int32 i_3_0) intM_intP0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) + (AND (< k1 (integer_of_int32 i_3_0)) + (AND (<= (integer_of_int32 i_3_0) k2) + (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) + (<= (integer_of_int32 (select intM_intP0 (shift t_0 k1))) (integer_of_int32 + (select + intM_intP0 + (shift + t_0 k2))))))) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP0 (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(EQ (integer_of_int32 mv) +(integer_of_int32 (select intM_intP0 (shift t_0 (integer_of_int32 mi)))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_sorted_po_4, File "HOME/tests/java/SelectionSort.java", line 96, characters 12-56 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP0) +(IMPLIES (AND (Sorted t_0 0 (integer_of_int32 i_3_0) intM_intP0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) + (AND (< k1 (integer_of_int32 i_3_0)) + (AND (<= (integer_of_int32 i_3_0) k2) + (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) + (<= (integer_of_int32 (select intM_intP0 (shift t_0 k1))) (integer_of_int32 + (select + intM_intP0 + (shift + t_0 k2))))))) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP0 (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (k_0) +(IMPLIES (AND (<= (integer_of_int32 i_3_0) k_0) + (< k_0 (integer_of_int32 j_3))) +(>= (integer_of_int32 (select intM_intP0 (shift t_0 k_0))) (integer_of_int32 + mv))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_sorted_po_5, File "HOME/tests/java/SelectionSort.java", line 95, characters 25-36 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP0) +(IMPLIES (AND (Sorted t_0 0 (integer_of_int32 i_3_0) intM_intP0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) + (AND (< k1 (integer_of_int32 i_3_0)) + (AND (<= (integer_of_int32 i_3_0) k2) + (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) + (<= (integer_of_int32 (select intM_intP0 (shift t_0 k1))) (integer_of_int32 + (select + intM_intP0 + (shift + t_0 k2))))))) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP0 (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND + (EQ (integer_of_int32 mv0) + (integer_of_int32 + (select intM_intP0 (shift t_0 (integer_of_int32 mi0))))) + (FORALL (k_0) + (IMPLIES + (AND (<= (integer_of_int32 i_3_0) k_0) + (< k_0 (integer_of_int32 j_3_0))) + (>= (integer_of_int32 (select intM_intP0 (shift t_0 k_0))) (integer_of_int32 + mv0))))) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(FORALL (result5) +(IMPLIES (EQ result5 + (select intM_intP0 (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (< (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_3_0) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP0 (shift t_0 (integer_of_int32 j_3_0)))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result6) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result7) +(EQ (integer_of_int32 mv1) +(integer_of_int32 (select intM_intP0 (shift t_0 (integer_of_int32 mi1))))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_sorted_po_6, File "HOME/tests/java/SelectionSort.java", line 96, characters 12-56 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP0) +(IMPLIES (AND (Sorted t_0 0 (integer_of_int32 i_3_0) intM_intP0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) + (AND (< k1 (integer_of_int32 i_3_0)) + (AND (<= (integer_of_int32 i_3_0) k2) + (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) + (<= (integer_of_int32 (select intM_intP0 (shift t_0 k1))) (integer_of_int32 + (select + intM_intP0 + (shift + t_0 k2))))))) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP0 (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND + (EQ (integer_of_int32 mv0) + (integer_of_int32 + (select intM_intP0 (shift t_0 (integer_of_int32 mi0))))) + (FORALL (k_0) + (IMPLIES + (AND (<= (integer_of_int32 i_3_0) k_0) + (< k_0 (integer_of_int32 j_3_0))) + (>= (integer_of_int32 (select intM_intP0 (shift t_0 k_0))) (integer_of_int32 + mv0))))) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(FORALL (result5) +(IMPLIES (EQ result5 + (select intM_intP0 (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (< (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_3_0) +(FORALL (result6) +(IMPLIES (EQ result6 + (select intM_intP0 (shift t_0 (integer_of_int32 j_3_0)))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result6) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result7) +(FORALL (k_0) +(IMPLIES (AND (<= (integer_of_int32 i_3_0) k_0) + (< k_0 (integer_of_int32 j_3_1))) +(>= (integer_of_int32 (select intM_intP0 (shift t_0 k_0))) (integer_of_int32 + mv1)))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_sorted_po_7, File "HOME/tests/java/SelectionSort.java", line 96, characters 12-56 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP0) +(IMPLIES (AND (Sorted t_0 0 (integer_of_int32 i_3_0) intM_intP0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) + (AND (< k1 (integer_of_int32 i_3_0)) + (AND (<= (integer_of_int32 i_3_0) k2) + (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) + (<= (integer_of_int32 (select intM_intP0 (shift t_0 k1))) (integer_of_int32 + (select + intM_intP0 + (shift + t_0 k2))))))) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP0 (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND + (EQ (integer_of_int32 mv0) + (integer_of_int32 + (select intM_intP0 (shift t_0 (integer_of_int32 mi0))))) + (FORALL (k_0) + (IMPLIES + (AND (<= (integer_of_int32 i_3_0) k_0) + (< k_0 (integer_of_int32 j_3_0))) + (>= (integer_of_int32 (select intM_intP0 (shift t_0 k_0))) (integer_of_int32 + mv0))))) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(FORALL (result5) +(IMPLIES (EQ result5 + (select intM_intP0 (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (>= (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (result6) +(IMPLIES (EQ (integer_of_int32 result6) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result6) +(FORALL (k_0) +(IMPLIES (AND (<= (integer_of_int32 i_3_0) k_0) + (< k_0 (integer_of_int32 j_3_1))) +(>= (integer_of_int32 (select intM_intP0 (shift t_0 k_0))) (integer_of_int32 + mv0)))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_sorted_po_8, File "HOME/tests/java/SelectionSort.java", line 83, characters 21-34 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP0) +(IMPLIES (AND (Sorted t_0 0 (integer_of_int32 i_3_0) intM_intP0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) + (AND (< k1 (integer_of_int32 i_3_0)) + (AND (<= (integer_of_int32 i_3_0) k2) + (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) + (<= (integer_of_int32 (select intM_intP0 (shift t_0 k1))) (integer_of_int32 + (select + intM_intP0 + (shift + t_0 k2))))))) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP0 (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND + (EQ (integer_of_int32 mv0) + (integer_of_int32 + (select intM_intP0 (shift t_0 (integer_of_int32 mi0))))) + (FORALL (k_0) + (IMPLIES + (AND (<= (integer_of_int32 i_3_0) k_0) + (< k_0 (integer_of_int32 j_3_0))) + (>= (integer_of_int32 (select intM_intP0 (shift t_0 k_0))) (integer_of_int32 + mv0))))) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) +(FORALL (intM_intP1) +(IMPLIES (AND + (Swap + t_0 (integer_of_int32 i_3_0) (integer_of_int32 mi0) intM_intP1 intM_intP0) + (not_assigns + Object_alloc_table intM_intP0 intM_intP1 (pset_union + (pset_range + (pset_singleton t_0) + (integer_of_int32 mi0) + (integer_of_int32 mi0)) + (pset_range + (pset_singleton t_0) + (integer_of_int32 i_3_0) + (integer_of_int32 i_3_0))))) +(FORALL (result5) +(IMPLIES (EQ (integer_of_int32 result5) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (i_3_1) +(IMPLIES (EQ i_3_1 result5) +(Sorted t_0 0 (integer_of_int32 i_3_1) intM_intP1)))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_sorted_po_9, File "HOME/tests/java/SelectionSort.java", line 84, characters 8-90 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP0) +(IMPLIES (AND (Sorted t_0 0 (integer_of_int32 i_3_0) intM_intP0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) + (AND (< k1 (integer_of_int32 i_3_0)) + (AND (<= (integer_of_int32 i_3_0) k2) + (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) + (<= (integer_of_int32 (select intM_intP0 (shift t_0 k1))) (integer_of_int32 + (select + intM_intP0 + (shift + t_0 k2))))))) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(FORALL (result2) +(IMPLIES (EQ result2 + (select intM_intP0 (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES (AND + (EQ (integer_of_int32 mv0) + (integer_of_int32 + (select intM_intP0 (shift t_0 (integer_of_int32 mi0))))) + (FORALL (k_0) + (IMPLIES + (AND (<= (integer_of_int32 i_3_0) k_0) + (< k_0 (integer_of_int32 j_3_0))) + (>= (integer_of_int32 (select intM_intP0 (shift t_0 k_0))) (integer_of_int32 + mv0))))) +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) +(FORALL (intM_intP1) +(IMPLIES (AND + (Swap + t_0 (integer_of_int32 i_3_0) (integer_of_int32 mi0) intM_intP1 intM_intP0) + (not_assigns + Object_alloc_table intM_intP0 intM_intP1 (pset_union + (pset_range + (pset_singleton t_0) + (integer_of_int32 mi0) + (integer_of_int32 mi0)) + (pset_range + (pset_singleton t_0) + (integer_of_int32 i_3_0) + (integer_of_int32 i_3_0))))) +(FORALL (result5) +(IMPLIES (EQ (integer_of_int32 result5) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (i_3_1) +(IMPLIES (EQ i_3_1 result5) +(FORALL (k1) +(FORALL (k2) +(IMPLIES (AND (<= 0 k1) + (AND (< k1 (integer_of_int32 i_3_1)) + (AND (<= (integer_of_int32 i_3_1) k2) + (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) +(<= (integer_of_int32 (select intM_intP1 (shift t_0 k1))) (integer_of_int32 + (select + intM_intP1 + (shift t_0 k2)))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_ensures_sorted_po_10, File "HOME/tests/java/SelectionSort.java", line 74, characters 18-38 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP0) +(IMPLIES (AND (Sorted t_0 0 (integer_of_int32 i_3_0) intM_intP0) + (FORALL (k1 k2) + (IMPLIES + (AND (<= 0 k1) + (AND (< k1 (integer_of_int32 i_3_0)) + (AND (<= (integer_of_int32 i_3_0) k2) + (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) + (<= (integer_of_int32 (select intM_intP0 (shift t_0 k1))) (integer_of_int32 + (select + intM_intP0 + (shift + t_0 k2))))))) +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (>= (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(Sorted t_0 0 (+ (offset_max Object_alloc_table t_0) 1) intM_intP0)))))))))))))))))) + +;; SelectionSort_sort_safety_po_1, File "why/SelectionSort.why", line 1240, characters 65-316 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(>= (offset_max Object_alloc_table t_0) (- 0 1))))))))))))) + +;; SelectionSort_sort_safety_po_2, File "HOME/tests/java/SelectionSort.java", line 90, characters 13-23 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(<= (- 0 constant_too_large_2147483648) (- result0 1)))))))))))))))) + +;; SelectionSort_sort_safety_po_3, File "HOME/tests/java/SelectionSort.java", line 90, characters 13-23 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(<= (- result0 1) constant_too_large_2147483647))))))))))))))) + +;; SelectionSort_sort_safety_po_4, File "HOME/tests/java/SelectionSort.java", line 92, characters 10-14 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)))))))))))))))))))) + +;; SelectionSort_sort_safety_po_5, File "HOME/tests/java/SelectionSort.java", line 92, characters 10-14 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0)))))))))))))))))))) + +;; SelectionSort_sort_safety_po_6, File "HOME/tests/java/SelectionSort.java", line 101, characters 12-15 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_7, File "HOME/tests/java/SelectionSort.java", line 101, characters 12-15 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_8, File "HOME/tests/java/SelectionSort.java", line 102, characters 6-10 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_9, File "HOME/tests/java/SelectionSort.java", line 102, characters 6-10 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_10, File "HOME/tests/java/SelectionSort.jc", line 211, characters 30-36 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (< (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_3_0) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result6) +(IMPLIES (EQ result6 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result6) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 j_3_0) 1))))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_11, File "HOME/tests/java/SelectionSort.jc", line 211, characters 30-36 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (< (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_3_0) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result6) +(IMPLIES (EQ result6 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result6) +(<= (+ (integer_of_int32 j_3_0) 1) constant_too_large_2147483647)))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_12, File "HOME/tests/java/SelectionSort.java", line 99, characters 22-34 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (< (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_3_0) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result6) +(IMPLIES (EQ result6 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result6) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 j_3_0) 1)) + (<= (+ (integer_of_int32 j_3_0) 1) constant_too_large_2147483647)) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result7) +(<= 0 (- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 j_3_0))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_13, File "HOME/tests/java/SelectionSort.java", line 99, characters 22-34 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (< (integer_of_int32 result5) (integer_of_int32 mv0)) +(FORALL (mi1) +(IMPLIES (EQ mi1 j_3_0) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result6) +(IMPLIES (EQ result6 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(FORALL (mv1) +(IMPLIES (EQ mv1 result6) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 j_3_0) 1)) + (<= (+ (integer_of_int32 j_3_0) 1) constant_too_large_2147483647)) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result7) +(< (- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 j_3_1)) +(- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 j_3_0))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_14, File "HOME/tests/java/SelectionSort.jc", line 211, characters 30-36 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (>= (integer_of_int32 result5) (integer_of_int32 mv0)) +(<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 j_3_0) 1)))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_15, File "HOME/tests/java/SelectionSort.jc", line 211, characters 30-36 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (>= (integer_of_int32 result5) (integer_of_int32 mv0)) +(<= (+ (integer_of_int32 j_3_0) 1) constant_too_large_2147483647))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_16, File "HOME/tests/java/SelectionSort.java", line 99, characters 22-34 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (>= (integer_of_int32 result5) (integer_of_int32 mv0)) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 j_3_0) 1)) + (<= (+ (integer_of_int32 j_3_0) 1) constant_too_large_2147483647)) +(FORALL (result6) +(IMPLIES (EQ (integer_of_int32 result6) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result6) +(<= 0 (- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 j_3_0)))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_17, File "HOME/tests/java/SelectionSort.java", line 99, characters 22-34 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(FORALL (mv0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (< (integer_of_int32 j_3_0) result4) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 j_3_0)) + (<= (integer_of_int32 j_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result5) +(IMPLIES (EQ result5 (select intM_intP (shift t_0 (integer_of_int32 j_3_0)))) +(IMPLIES (>= (integer_of_int32 result5) (integer_of_int32 mv0)) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 j_3_0) 1)) + (<= (+ (integer_of_int32 j_3_0) 1) constant_too_large_2147483647)) +(FORALL (result6) +(IMPLIES (EQ (integer_of_int32 result6) (+ (integer_of_int32 j_3_0) 1)) +(FORALL (j_3_1) +(IMPLIES (EQ j_3_1 result6) +(< (- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 j_3_1)) +(- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 j_3_0)))))))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_18, File "HOME/tests/java/SelectionSort.jc", line 218, characters 32-72 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) +(Non_null_intM t_0 Object_alloc_table)))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_19, File "HOME/tests/java/SelectionSort.jc", line 218, characters 32-72 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) +(< (integer_of_int32 i_3_0) (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_20, File "HOME/tests/java/SelectionSort.jc", line 218, characters 32-72 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) (<= 0 (integer_of_int32 mi0))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_21, File "HOME/tests/java/SelectionSort.jc", line 218, characters 32-72 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) +(< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_22, File "HOME/tests/java/SelectionSort.java", line 88, characters 18-30 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) +(IMPLIES (AND (Non_null_intM t_0 Object_alloc_table) + (AND (<= 0 (integer_of_int32 i_3_0)) + (AND + (< (integer_of_int32 i_3_0) (+ (offset_max Object_alloc_table t_0) 1)) + (AND (<= 0 (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))))) +(FORALL (intM_intP0) +(IMPLIES (AND + (Swap + t_0 (integer_of_int32 i_3_0) (integer_of_int32 mi0) intM_intP0 intM_intP) + (not_assigns + Object_alloc_table intM_intP intM_intP0 (pset_union + (pset_range + (pset_singleton t_0) + (integer_of_int32 mi0) + (integer_of_int32 mi0)) + (pset_range + (pset_singleton t_0) + (integer_of_int32 i_3_0) + (integer_of_int32 i_3_0))))) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result5) +(IMPLIES (EQ (integer_of_int32 result5) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (i_3_1) +(IMPLIES (EQ i_3_1 result5) +(<= 0 (- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 i_3_0)))))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_sort_safety_po_23, File "HOME/tests/java/SelectionSort.java", line 88, characters 18-30 +(FORALL (this_0) +(FORALL (t_0) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t_0 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_0 0 0 Object_alloc_table) + (Non_null_intM t_0 Object_alloc_table))) +(FORALL (result) +(IMPLIES (EQ (integer_of_int32 result) 0) +(FORALL (i_3) +(IMPLIES (EQ i_3 result) +(FORALL (i_3_0) +(FORALL (intM_intP) +(IMPLIES TRUE +(IMPLIES (<= 0 (integer_of_int32 i_3_0)) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result0) +(IMPLIES (AND (<= result0 constant_too_large_2147483647) + (AND (>= result0 0) + (EQ result0 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (AND (<= (- 0 constant_too_large_2147483648) (- result0 1)) + (<= (- result0 1) constant_too_large_2147483647)) +(FORALL (result1) +(IMPLIES (EQ (integer_of_int32 result1) (- result0 1)) +(IMPLIES (< (integer_of_int32 i_3_0) (integer_of_int32 result1)) +(IMPLIES (AND + (<= (offset_min Object_alloc_table t_0) (integer_of_int32 i_3_0)) + (<= (integer_of_int32 i_3_0) (offset_max Object_alloc_table t_0))) +(FORALL (result2) +(IMPLIES (EQ result2 (select intM_intP (shift t_0 (integer_of_int32 i_3_0)))) +(FORALL (mv) +(IMPLIES (EQ mv result2) +(FORALL (mi) +(IMPLIES (EQ mi i_3_0) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (j_3) +(IMPLIES (EQ j_3 result3) +(FORALL (j_3_0) +(FORALL (mi0) +(IMPLIES TRUE +(IMPLIES (AND (< (integer_of_int32 i_3_0) (integer_of_int32 j_3_0)) + (AND (<= (integer_of_int32 i_3_0) (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (offset_max Object_alloc_table t_0) (- 0 1)) +(FORALL (result4) +(IMPLIES (AND (<= result4 constant_too_large_2147483647) + (AND (>= result4 0) + (EQ result4 (+ (offset_max Object_alloc_table t_0) 1)))) +(IMPLIES (>= (integer_of_int32 j_3_0) result4) +(IMPLIES (AND (Non_null_intM t_0 Object_alloc_table) + (AND (<= 0 (integer_of_int32 i_3_0)) + (AND + (< (integer_of_int32 i_3_0) (+ (offset_max Object_alloc_table t_0) 1)) + (AND (<= 0 (integer_of_int32 mi0)) + (< (integer_of_int32 mi0) (+ (offset_max Object_alloc_table t_0) 1)))))) +(FORALL (intM_intP0) +(IMPLIES (AND + (Swap + t_0 (integer_of_int32 i_3_0) (integer_of_int32 mi0) intM_intP0 intM_intP) + (not_assigns + Object_alloc_table intM_intP intM_intP0 (pset_union + (pset_range + (pset_singleton t_0) + (integer_of_int32 mi0) + (integer_of_int32 mi0)) + (pset_range + (pset_singleton t_0) + (integer_of_int32 i_3_0) + (integer_of_int32 i_3_0))))) +(IMPLIES (AND + (<= (- 0 constant_too_large_2147483648) (+ (integer_of_int32 i_3_0) 1)) + (<= (+ (integer_of_int32 i_3_0) 1) constant_too_large_2147483647)) +(FORALL (result5) +(IMPLIES (EQ (integer_of_int32 result5) (+ (integer_of_int32 i_3_0) 1)) +(FORALL (i_3_1) +(IMPLIES (EQ i_3_1 result5) +(< (- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 i_3_1)) +(- (+ (offset_max Object_alloc_table t_0) 1) (integer_of_int32 i_3_0)))))))))))))))))))))))))))))))))))))))))))))))))) + +;; SelectionSort_swap_ensures_default_po_1, File "HOME/tests/java/SelectionSort.java", line 64, characters 16-37 +(FORALL (this_2) +(FORALL (t) +(FORALL (i_2) +(FORALL (j_2) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_2 0 0 Object_alloc_table) + (AND (Non_null_intM t Object_alloc_table) + (AND (<= 0 (integer_of_int32 i_2)) + (AND + (< (integer_of_int32 i_2) (+ (offset_max Object_alloc_table t) 1)) + (AND (<= 0 (integer_of_int32 j_2)) + (< (integer_of_int32 j_2) (+ (offset_max Object_alloc_table t) 1)))))))) +(FORALL (result) +(IMPLIES (EQ result (select intM_intP (shift t (integer_of_int32 i_2)))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intM_intP (shift t (integer_of_int32 j_2)))) +(FORALL (intM_intP0) +(IMPLIES (EQ intM_intP0 + (|why__store| intM_intP (shift t (integer_of_int32 i_2)) result0)) +(FORALL (intM_intP1) +(IMPLIES (EQ intM_intP1 + (|why__store| intM_intP0 (shift t (integer_of_int32 j_2)) result)) +(Swap t (integer_of_int32 i_2) (integer_of_int32 j_2) intM_intP1 intM_intP)))))))))))))))) + +;; SelectionSort_swap_ensures_default_po_2, File "HOME/tests/java/SelectionSort.java", line 66, characters 9-13 +(FORALL (this_2) +(FORALL (t) +(FORALL (i_2) +(FORALL (j_2) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_2 0 0 Object_alloc_table) + (AND (Non_null_intM t Object_alloc_table) + (AND (<= 0 (integer_of_int32 i_2)) + (AND + (< (integer_of_int32 i_2) (+ (offset_max Object_alloc_table t) 1)) + (AND (<= 0 (integer_of_int32 j_2)) + (< (integer_of_int32 j_2) (+ (offset_max Object_alloc_table t) 1)))))))) +(FORALL (result) +(IMPLIES (EQ result (select intM_intP (shift t (integer_of_int32 i_2)))) +(FORALL (result0) +(IMPLIES (EQ result0 (select intM_intP (shift t (integer_of_int32 j_2)))) +(FORALL (intM_intP0) +(IMPLIES (EQ intM_intP0 + (|why__store| intM_intP (shift t (integer_of_int32 i_2)) result0)) +(FORALL (intM_intP1) +(IMPLIES (EQ intM_intP1 + (|why__store| intM_intP0 (shift t (integer_of_int32 j_2)) result)) +(not_assigns +Object_alloc_table intM_intP intM_intP1 (pset_union + (pset_range + (pset_singleton t) (integer_of_int32 + j_2) (integer_of_int32 + j_2)) + (pset_range + (pset_singleton t) (integer_of_int32 + i_2) (integer_of_int32 + i_2))))))))))))))))))) + +;; SelectionSort_swap_safety_po_1, File "HOME/tests/java/SelectionSort.java", line 67, characters 11-15 +(FORALL (this_2) +(FORALL (t) +(FORALL (i_2) +(FORALL (j_2) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_2 0 0 Object_alloc_table) + (AND (Non_null_intM t Object_alloc_table) + (AND (<= 0 (integer_of_int32 i_2)) + (AND + (< (integer_of_int32 i_2) (+ (offset_max Object_alloc_table t) 1)) + (AND (<= 0 (integer_of_int32 j_2)) + (< (integer_of_int32 j_2) (+ (offset_max Object_alloc_table t) 1)))))))) +(<= (offset_min Object_alloc_table t) (integer_of_int32 i_2)))))))) + +;; SelectionSort_swap_safety_po_2, File "HOME/tests/java/SelectionSort.java", line 67, characters 11-15 +(FORALL (this_2) +(FORALL (t) +(FORALL (i_2) +(FORALL (j_2) +(FORALL (Object_alloc_table) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_2 0 0 Object_alloc_table) + (AND (Non_null_intM t Object_alloc_table) + (AND (<= 0 (integer_of_int32 i_2)) + (AND + (< (integer_of_int32 i_2) (+ (offset_max Object_alloc_table t) 1)) + (AND (<= 0 (integer_of_int32 j_2)) + (< (integer_of_int32 j_2) (+ (offset_max Object_alloc_table t) 1)))))))) +(<= (integer_of_int32 i_2) (offset_max Object_alloc_table t)))))))) + +;; SelectionSort_swap_safety_po_3, File "HOME/tests/java/SelectionSort.java", line 68, characters 8-12 +(FORALL (this_2) +(FORALL (t) +(FORALL (i_2) +(FORALL (j_2) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_2 0 0 Object_alloc_table) + (AND (Non_null_intM t Object_alloc_table) + (AND (<= 0 (integer_of_int32 i_2)) + (AND + (< (integer_of_int32 i_2) (+ (offset_max Object_alloc_table t) 1)) + (AND (<= 0 (integer_of_int32 j_2)) + (< (integer_of_int32 j_2) (+ (offset_max Object_alloc_table t) 1)))))))) +(IMPLIES (AND (<= (offset_min Object_alloc_table t) (integer_of_int32 i_2)) + (<= (integer_of_int32 i_2) (offset_max Object_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intM_intP (shift t (integer_of_int32 i_2)))) +(<= (offset_min Object_alloc_table t) (integer_of_int32 j_2)))))))))))) + +;; SelectionSort_swap_safety_po_4, File "HOME/tests/java/SelectionSort.java", line 68, characters 8-12 +(FORALL (this_2) +(FORALL (t) +(FORALL (i_2) +(FORALL (j_2) +(FORALL (Object_alloc_table) +(FORALL (intM_intP) +(IMPLIES (AND (left_valid_struct_intM t 0 Object_alloc_table) + (AND (valid_struct_SelectionSort this_2 0 0 Object_alloc_table) + (AND (Non_null_intM t Object_alloc_table) + (AND (<= 0 (integer_of_int32 i_2)) + (AND + (< (integer_of_int32 i_2) (+ (offset_max Object_alloc_table t) 1)) + (AND (<= 0 (integer_of_int32 j_2)) + (< (integer_of_int32 j_2) (+ (offset_max Object_alloc_table t) 1)))))))) +(IMPLIES (AND (<= (offset_min Object_alloc_table t) (integer_of_int32 i_2)) + (<= (integer_of_int32 i_2) (offset_max Object_alloc_table t))) +(FORALL (result) +(IMPLIES (EQ result (select intM_intP (shift t (integer_of_int32 i_2)))) +(<= (integer_of_int32 j_2) (offset_max Object_alloc_table t)))))))))))) + +========== running Simplify ========== +Running Simplify on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +simplify/SelectionSort_why.sx : .........................?........................... (52/0/1/0/0) +total : 53 +valid : 52 ( 98%) +invalid : 0 ( 0%) +unknown : 1 ( 2%) +timeout : 0 ( 0%) +failure : 0 ( 0%) +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/SelectionSort.why +========== file tests/java/why/SelectionSort_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic Exception_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +predicate Non_null_Object(x_1: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_1) >= 0) + +predicate Non_null_intM(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= (-1)) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic integer_of_int32 : int32 -> int + +predicate Swap(a_0: Object pointer, i_0: int, j_0: int, + intM_intP_at_L2: (Object, int32) memory, intM_intP_at_L1: (Object, + int32) memory) = + ((integer_of_int32(select(intM_intP_at_L1, shift(a_0, + i_0))) = integer_of_int32(select(intM_intP_at_L2, shift(a_0, j_0)))) and + ((integer_of_int32(select(intM_intP_at_L1, shift(a_0, + j_0))) = integer_of_int32(select(intM_intP_at_L2, shift(a_0, i_0)))) and + (forall k:int. + (((k <> i_0) and (k <> j_0)) -> + (integer_of_int32(select(intM_intP_at_L1, shift(a_0, + k))) = integer_of_int32(select(intM_intP_at_L2, shift(a_0, k)))))))) + +logic Permut : Object pointer, int, int, (Object, int32) memory, (Object, +int32) memory -> prop + +axiom Permut_inversion: + (forall aux_1:Object pointer. + (forall aux_2:int. + (forall aux_3:int. + (forall aux_4:(Object, int32) memory. + (forall aux_5:(Object, int32) memory [Permut(aux_1, aux_2, aux_3, + aux_4, aux_5)]. + (Permut(aux_1, aux_2, aux_3, aux_4, aux_5) -> + ((exists intM_intP_at_L:(Object, int32) memory. + (exists a_2:Object pointer. + (exists l_1:int. + (exists h_1:int. + ((aux_1 = a_2) and + ((aux_2 = l_1) and + ((aux_3 = h_1) and + ((aux_4 = intM_intP_at_L) and + (aux_5 = intM_intP_at_L))))))))) or + ((exists intM_intP_at_L2:(Object, int32) memory. + (exists intM_intP_at_L1:(Object, int32) memory. + (exists a_3:Object pointer. + (exists l_2:int. + (exists h_2:int. + (Permut(a_3, l_2, h_2, intM_intP_at_L2, + intM_intP_at_L1) and + ((aux_1 = a_3) and + ((aux_2 = l_2) and + ((aux_3 = h_2) and + ((aux_4 = intM_intP_at_L1) and + (aux_5 = intM_intP_at_L2))))))))))) or + ((exists intM_intP_at_L3:(Object, int32) memory. + (exists intM_intP_at_L2:(Object, int32) memory. + (exists intM_intP_at_L1:(Object, int32) memory. + (exists a_4:Object pointer. + (exists l_3:int. + (exists h_3:int. + ((Permut(a_4, l_3, h_3, intM_intP_at_L2, + intM_intP_at_L1) and Permut(a_4, l_3, h_3, + intM_intP_at_L3, intM_intP_at_L2)) and + ((aux_1 = a_4) and + ((aux_2 = l_3) and + ((aux_3 = h_3) and + ((aux_4 = intM_intP_at_L3) and + (aux_5 = intM_intP_at_L1)))))))))))) or + (exists intM_intP_at_L2:(Object, int32) memory. + (exists intM_intP_at_L1:(Object, int32) memory. + (exists a_5:Object pointer. + (exists l_4:int. + (exists h_4:int. + (exists i_1:int. + (exists j_1:int. + (((l_4 <= i_1) and + ((i_1 <= h_4) and + ((l_4 <= j_1) and + ((j_1 <= h_4) and Swap(a_5, i_1, j_1, + intM_intP_at_L2, intM_intP_at_L1))))) and + ((aux_1 = a_5) and + ((aux_2 = l_4) and + ((aux_3 = h_4) and + ((aux_4 = intM_intP_at_L2) and + (aux_5 = intM_intP_at_L1)))))))))))))))))))))) + +axiom Permut_refl: + (forall intM_intP_at_L:(Object, int32) memory. + (forall a_2:Object pointer. + (forall l_1:int. + (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, + intM_intP_at_L))))) + +axiom Permut_sym: + (forall intM_intP_at_L2:(Object, int32) memory. + (forall intM_intP_at_L1:(Object, int32) memory. + (forall a_3:Object pointer. + (forall l_2:int. + (forall h_2:int. + (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> + Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) + +axiom Permut_trans: + (forall intM_intP_at_L3:(Object, int32) memory. + (forall intM_intP_at_L2:(Object, int32) memory. + (forall intM_intP_at_L1:(Object, int32) memory. + (forall a_4:Object pointer. + (forall l_3:int. + (forall h_3:int. + ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) and + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) + +axiom Permut_swap: + (forall intM_intP_at_L2:(Object, int32) memory. + (forall intM_intP_at_L1:(Object, int32) memory. + (forall a_5:Object pointer. + (forall l_4:int. + (forall h_4:int. + (forall i_1:int. + (forall j_1:int. + (((l_4 <= i_1) and + ((i_1 <= h_4) and + ((l_4 <= j_1) and + ((j_1 <= h_4) and Swap(a_5, i_1, j_1, intM_intP_at_L2, + intM_intP_at_L1))))) -> + Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) + +logic SelectionSort_tag : Object tag_id + +axiom SelectionSort_parenttag_Object: parenttag(SelectionSort_tag, + Object_tag) + +predicate Sorted(a: Object pointer, l: int, h: int, intM_intP_at_L: (Object, + int32) memory) = + (forall i:int. + (forall j:int. + (((l <= i) and ((i <= j) and (j < h))) -> + (integer_of_int32(select(intM_intP_at_L, shift(a, + i))) <= integer_of_int32(select(intM_intP_at_L, shift(a, j))))))) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic intM_tag : Object tag_id + +axiom intM_parenttag_Object: parenttag(intM_tag, Object_tag) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_SelectionSort(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_intM(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +logic long_of_integer : int -> long + +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) + +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_SelectionSort(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_intM(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_SelectionSort(p: Object pointer, a: int, + b: int, Object_alloc_table: Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_SelectionSort(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +goal SelectionSort_sort_ensures_default_po_1: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + ("JC_103": (0 <= integer_of_int32(i_3))) + +goal SelectionSort_sort_ensures_default_po_2: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + ("JC_111": ("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3)))) + +goal SelectionSort_sort_ensures_default_po_3: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + ("JC_111": ("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi)))) + +goal SelectionSort_sort_ensures_default_po_4: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + ("JC_111": + ("JC_110": (integer_of_int32(mi) < (offset_max(Object_alloc_table, + t_0) + 1)))) + +goal SelectionSort_sort_ensures_default_po_5: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + ("JC_111": ("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_1)))) + +goal SelectionSort_sort_ensures_default_po_6: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + ("JC_111": ("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi1)))) + +goal SelectionSort_sort_ensures_default_po_7: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + ("JC_111": + ("JC_110": (integer_of_int32(mi1) < (offset_max(Object_alloc_table, + t_0) + 1)))) + +goal SelectionSort_sort_ensures_default_po_8: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + ("JC_111": ("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_1)))) + +goal SelectionSort_sort_ensures_default_po_9: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + ("JC_111": ("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0)))) + +goal SelectionSort_sort_ensures_default_po_10: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + ("JC_111": + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))) + +goal SelectionSort_sort_ensures_default_po_11: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_103": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_111": + (("JC_108": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_109": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_110": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + forall intM_intP0:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP0, intM_intP)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + ("JC_103": (0 <= integer_of_int32(i_3_1))) + +goal SelectionSort_sort_ensures_permutation_po_1: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + ("JC_139": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP, intM_intP)) + +goal SelectionSort_sort_ensures_permutation_po_2: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_139": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP)) -> + ("JC_140": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_150": true) -> + ("JC_148": + (("JC_145": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_146": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_147": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + forall intM_intP1:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + ("JC_154": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP1, intM_intP0)) + +goal SelectionSort_sort_ensures_permutation_po_3: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_139": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP)) -> + ("JC_140": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_150": true) -> + ("JC_148": + (("JC_145": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_146": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_147": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + forall intM_intP1:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + ("JC_154": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP1, intM_intP0)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + ("JC_139": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP1, intM_intP)) + +goal SelectionSort_sort_ensures_sorted_po_1: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + ("JC_120": ("JC_118": Sorted(t_0, 0, integer_of_int32(i_3), intM_intP))) + +goal SelectionSort_sort_ensures_sorted_po_2: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < integer_of_int32(i_3)) and + ((integer_of_int32(i_3) <= k2) and (k2 < (offset_max(Object_alloc_table, + t_0) + 1))))) -> + ("JC_120": + ("JC_119": (integer_of_int32(select(intM_intP, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP, shift(t_0, k2)))))) + +goal SelectionSort_sort_ensures_sorted_po_3: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + ("JC_128": + ("JC_126": (integer_of_int32(mv) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi))))))) + +goal SelectionSort_sort_ensures_sorted_po_4: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall k_0:int. + ((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3))) -> + ("JC_128": + ("JC_127": (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv)))) + +goal SelectionSort_sort_ensures_sorted_po_5: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_128": + (("JC_126": (integer_of_int32(mv0) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi0)))))) and + ("JC_127": + (forall k_0:int. + (((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_0))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0))))))) -> + ("JC_132": + (("JC_129": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_130": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_131": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP0, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + forall result6:int32. + (result6 = select(intM_intP0, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + ("JC_128": + ("JC_126": (integer_of_int32(mv1) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi1))))))) + +goal SelectionSort_sort_ensures_sorted_po_6: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_128": + (("JC_126": (integer_of_int32(mv0) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi0)))))) and + ("JC_127": + (forall k_0:int. + (((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_0))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0))))))) -> + ("JC_132": + (("JC_129": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_130": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_131": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP0, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + forall result6:int32. + (result6 = select(intM_intP0, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + forall k_0:int. + ((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_1))) -> + ("JC_128": + ("JC_127": (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv1)))) + +goal SelectionSort_sort_ensures_sorted_po_7: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_128": + (("JC_126": (integer_of_int32(mv0) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi0)))))) and + ("JC_127": + (forall k_0:int. + (((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_0))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0))))))) -> + ("JC_132": + (("JC_129": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_130": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_131": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + forall result5:int32. + (result5 = select(intM_intP0, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + forall k_0:int. + ((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_1))) -> + ("JC_128": + ("JC_127": (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0)))) + +goal SelectionSort_sort_ensures_sorted_po_8: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_128": + (("JC_126": (integer_of_int32(mv0) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi0)))))) and + ("JC_127": + (forall k_0:int. + (((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_0))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0))))))) -> + ("JC_132": + (("JC_129": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_130": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_131": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + forall intM_intP1:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + ("JC_120": ("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_1), intM_intP1))) + +goal SelectionSort_sort_ensures_sorted_po_9: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + forall result2:int32. + (result2 = select(intM_intP0, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_128": + (("JC_126": (integer_of_int32(mv0) = integer_of_int32(select(intM_intP0, + shift(t_0, integer_of_int32(mi0)))))) and + ("JC_127": + (forall k_0:int. + (((integer_of_int32(i_3_0) <= k_0) and (k_0 < integer_of_int32(j_3_0))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k_0))) >= integer_of_int32(mv0))))))) -> + ("JC_132": + (("JC_129": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_130": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_131": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + forall intM_intP1:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < integer_of_int32(i_3_1)) and + ((integer_of_int32(i_3_1) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + ("JC_120": + ("JC_119": (integer_of_int32(select(intM_intP1, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP1, shift(t_0, k2)))))) + +goal SelectionSort_sort_ensures_sorted_po_10: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP0:(Object, + int32) memory. + ("JC_120": + (("JC_118": Sorted(t_0, 0, integer_of_int32(i_3_0), intM_intP0)) and + ("JC_119": + (forall k1:int. + (forall k2:int. + (((0 <= k1) and + ((k1 < integer_of_int32(i_3_0)) and + ((integer_of_int32(i_3_0) <= k2) and + (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(select(intM_intP0, shift(t_0, + k1))) <= integer_of_int32(select(intM_intP0, shift(t_0, k2)))))))))) -> + ("JC_121": (0 <= integer_of_int32(i_3_0))) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) >= integer_of_int32(result1)) -> + ("JC_73": Sorted(t_0, 0, (offset_max(Object_alloc_table, t_0) + 1), + intM_intP0)) + +goal SelectionSort_sort_safety_po_1: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) + +goal SelectionSort_sort_safety_po_2: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + ((-2147483648) <= (result0 - 1)) + +goal SelectionSort_sort_safety_po_3: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + ((result0 - 1) <= 2147483647) + +goal SelectionSort_sort_safety_po_4: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + (offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) + +goal SelectionSort_sort_safety_po_5: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0)) + +goal SelectionSort_sort_safety_po_6: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + ((-2147483648) <= (integer_of_int32(i_3_0) + 1)) + +goal SelectionSort_sort_safety_po_7: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + ((integer_of_int32(i_3_0) + 1) <= 2147483647) + +goal SelectionSort_sort_safety_po_8: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + (offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) + +goal SelectionSort_sort_safety_po_9: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0)) + +goal SelectionSort_sort_safety_po_10: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + ((-2147483648) <= (integer_of_int32(j_3_0) + 1)) + +goal SelectionSort_sort_safety_po_11: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + ((integer_of_int32(j_3_0) + 1) <= 2147483647) + +goal SelectionSort_sort_safety_po_12: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + (((-2147483648) <= (integer_of_int32(j_3_0) + 1)) and + ((integer_of_int32(j_3_0) + 1) <= 2147483647)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + (0 <= ("JC_98": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_0)))) + +goal SelectionSort_sort_safety_po_13: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) < integer_of_int32(mv0)) -> + forall mi1:int32. + (mi1 = j_3_0) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result6:int32. + (result6 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + forall mv1:int32. + (mv1 = result6) -> + (((-2147483648) <= (integer_of_int32(j_3_0) + 1)) and + ((integer_of_int32(j_3_0) + 1) <= 2147483647)) -> + forall result7:int32. + (integer_of_int32(result7) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result7) -> + (("JC_98": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_1))) < ("JC_98": + ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_0)))) + +goal SelectionSort_sort_safety_po_14: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + ((-2147483648) <= (integer_of_int32(j_3_0) + 1)) + +goal SelectionSort_sort_safety_po_15: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + ((integer_of_int32(j_3_0) + 1) <= 2147483647) + +goal SelectionSort_sort_safety_po_16: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + (((-2147483648) <= (integer_of_int32(j_3_0) + 1)) and + ((integer_of_int32(j_3_0) + 1) <= 2147483647)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + (0 <= ("JC_98": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_0)))) + +goal SelectionSort_sort_safety_po_17: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + forall mv0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) < result4) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(j_3_0)) and + (integer_of_int32(j_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result5:int32. + (result5 = select(intM_intP, shift(t_0, integer_of_int32(j_3_0)))) -> + (integer_of_int32(result5) >= integer_of_int32(mv0)) -> + (((-2147483648) <= (integer_of_int32(j_3_0) + 1)) and + ((integer_of_int32(j_3_0) + 1) <= 2147483647)) -> + forall result6:int32. + (integer_of_int32(result6) = (integer_of_int32(j_3_0) + 1)) -> + forall j_3_1:int32. + (j_3_1 = result6) -> + (("JC_98": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_1))) < ("JC_98": + ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(j_3_0)))) + +goal SelectionSort_sort_safety_po_18: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": ("JC_39": Non_null_intM(t_0, Object_alloc_table))) + +goal SelectionSort_sort_safety_po_19: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": + ("JC_41": (integer_of_int32(i_3_0) < (offset_max(Object_alloc_table, + t_0) + 1)))) + +goal SelectionSort_sort_safety_po_20: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": ("JC_42": (0 <= integer_of_int32(mi0)))) + +goal SelectionSort_sort_safety_po_21: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": + ("JC_43": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))) + +goal SelectionSort_sort_safety_po_22: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": + (("JC_39": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_40": (0 <= integer_of_int32(i_3_0))) and + (("JC_41": (integer_of_int32(i_3_0) < (offset_max(Object_alloc_table, + t_0) + 1))) and + (("JC_42": (0 <= integer_of_int32(mi0))) and + ("JC_43": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))))) -> + forall intM_intP0:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP0, intM_intP)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + (0 <= ("JC_102": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(i_3_0)))) + +goal SelectionSort_sort_safety_po_23: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall i_3:int32. + (i_3 = result) -> + forall i_3_0:int32. + forall intM_intP:(Object, + int32) memory. + ("JC_79": true) -> + ("JC_77": (0 <= integer_of_int32(i_3_0))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result0:int. + ("JC_25": + ((result0 <= 2147483647) and + ((result0 >= 0) and (result0 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (((-2147483648) <= (result0 - 1)) and ((result0 - 1) <= 2147483647)) -> + forall result1:int32. + (integer_of_int32(result1) = (result0 - 1)) -> + (integer_of_int32(i_3_0) < integer_of_int32(result1)) -> + ((offset_min(Object_alloc_table, t_0) <= integer_of_int32(i_3_0)) and + (integer_of_int32(i_3_0) <= offset_max(Object_alloc_table, t_0))) -> + forall result2:int32. + (result2 = select(intM_intP, shift(t_0, integer_of_int32(i_3_0)))) -> + forall mv:int32. + (mv = result2) -> + forall mi:int32. + (mi = i_3_0) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result3:int32. + (integer_of_int32(result3) = (integer_of_int32(i_3_0) + 1)) -> + forall j_3:int32. + (j_3 = result3) -> + forall j_3_0:int32. + forall mi0:int32. + ("JC_91": true) -> + ("JC_89": + (("JC_86": (integer_of_int32(i_3_0) < integer_of_int32(j_3_0))) and + (("JC_87": (integer_of_int32(i_3_0) <= integer_of_int32(mi0))) and + ("JC_88": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))) -> + (offset_max(Object_alloc_table, t_0) >= (-1)) -> + forall result4:int. + ("JC_25": + ((result4 <= 2147483647) and + ((result4 >= 0) and (result4 = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (integer_of_int32(j_3_0) >= result4) -> + ("JC_44": + (("JC_39": Non_null_intM(t_0, Object_alloc_table)) and + (("JC_40": (0 <= integer_of_int32(i_3_0))) and + (("JC_41": (integer_of_int32(i_3_0) < (offset_max(Object_alloc_table, + t_0) + 1))) and + (("JC_42": (0 <= integer_of_int32(mi0))) and + ("JC_43": (integer_of_int32(mi0) < (offset_max(Object_alloc_table, + t_0) + 1)))))))) -> + forall intM_intP0:(Object, + int32) memory. + ("JC_58": + (("JC_56": Swap(t_0, integer_of_int32(i_3_0), integer_of_int32(mi0), + intM_intP0, intM_intP)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + pset_union(pset_range(pset_singleton(t_0), integer_of_int32(mi0), + integer_of_int32(mi0)), pset_range(pset_singleton(t_0), + integer_of_int32(i_3_0), integer_of_int32(i_3_0))))))) -> + (((-2147483648) <= (integer_of_int32(i_3_0) + 1)) and + ((integer_of_int32(i_3_0) + 1) <= 2147483647)) -> + forall result5:int32. + (integer_of_int32(result5) = (integer_of_int32(i_3_0) + 1)) -> + forall i_3_1:int32. + (i_3_1 = result5) -> + (("JC_102": ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(i_3_1))) < ("JC_102": + ((offset_max(Object_alloc_table, + t_0) + 1) - integer_of_int32(i_3_0)))) + +goal SelectionSort_swap_ensures_default_po_1: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + forall result:int32. + (result = select(intM_intP, shift(t, integer_of_int32(i_2)))) -> + forall result0:int32. + (result0 = select(intM_intP, shift(t, integer_of_int32(j_2)))) -> + forall intM_intP0:(Object, + int32) memory. + (intM_intP0 = store(intM_intP, shift(t, integer_of_int32(i_2)), + result0)) -> + forall intM_intP1:(Object, + int32) memory. + (intM_intP1 = store(intM_intP0, shift(t, integer_of_int32(j_2)), + result)) -> + ("JC_55": + ("JC_53": Swap(t, integer_of_int32(i_2), integer_of_int32(j_2), intM_intP1, + intM_intP))) + +goal SelectionSort_swap_ensures_default_po_2: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + forall result:int32. + (result = select(intM_intP, shift(t, integer_of_int32(i_2)))) -> + forall result0:int32. + (result0 = select(intM_intP, shift(t, integer_of_int32(j_2)))) -> + forall intM_intP0:(Object, + int32) memory. + (intM_intP0 = store(intM_intP, shift(t, integer_of_int32(i_2)), + result0)) -> + forall intM_intP1:(Object, + int32) memory. + (intM_intP1 = store(intM_intP0, shift(t, integer_of_int32(j_2)), + result)) -> + ("JC_55": + ("JC_54": not_assigns(Object_alloc_table, intM_intP, intM_intP1, + pset_union(pset_range(pset_singleton(t), integer_of_int32(j_2), + integer_of_int32(j_2)), pset_range(pset_singleton(t), + integer_of_int32(i_2), integer_of_int32(i_2)))))) + +goal SelectionSort_swap_safety_po_1: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + (offset_min(Object_alloc_table, t) <= integer_of_int32(i_2)) + +goal SelectionSort_swap_safety_po_2: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + (integer_of_int32(i_2) <= offset_max(Object_alloc_table, t)) + +goal SelectionSort_swap_safety_po_3: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + ((offset_min(Object_alloc_table, t) <= integer_of_int32(i_2)) and + (integer_of_int32(i_2) <= offset_max(Object_alloc_table, t))) -> + forall result:int32. + (result = select(intM_intP, shift(t, integer_of_int32(i_2)))) -> + (offset_min(Object_alloc_table, t) <= integer_of_int32(j_2)) + +goal SelectionSort_swap_safety_po_4: + forall this_2:Object pointer. + forall t:Object pointer. + forall i_2:int32. + forall j_2:int32. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int32) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SelectionSort(this_2, 0, 0, Object_alloc_table) and + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= integer_of_int32(i_2))) and + (("JC_48": (integer_of_int32(i_2) < (offset_max(Object_alloc_table, + t) + 1))) and + (("JC_49": (0 <= integer_of_int32(j_2))) and + ("JC_50": (integer_of_int32(j_2) < (offset_max(Object_alloc_table, + t) + 1)))))))))) -> + ((offset_min(Object_alloc_table, t) <= integer_of_int32(i_2)) and + (integer_of_int32(i_2) <= offset_max(Object_alloc_table, t))) -> + forall result:int32. + (result = select(intM_intP, shift(t, integer_of_int32(i_2)))) -> + (integer_of_int32(j_2) <= offset_max(Object_alloc_table, t)) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/SelectionSort_why.why : ................................................#.... (52/0/0/1/0) +total : 53 +valid : 52 ( 98%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 1 ( 2%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/SideEffects.res.oracle why-2.30+dfsg/tests/java/oracle/SideEffects.res.oracle --- why-2.29+dfsg/tests/java/oracle/SideEffects.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/SideEffects.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/java/SideEffects.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ CheckArithOverflow = no @@ -9,17 +39,25 @@ void m1(int t[]) { int i = 0; t[i++] = 1; - //@ assert t[0] == 1 && i == 1; + //@ assert t[0] == 1 && i == 1; t[++i] = 2; - //@ assert t[0] == 1 && t[2] == 2 && i == 2; + //@ assert t[0] == 1 && t[2] == 2 && i == 2; t[--i] = 3; - //@ assert t[0] == 1 && t[2] == 2 && t[1] == 3 && i == 1; + //@ assert t[0] == 1 && t[2] == 2 && t[1] == 3 && i == 1; t[i--] = 4; - //@ assert t[0] == 1 && t[2] == 2 && t[1] == 4 && i == 0; + //@ assert t[0] == 1 && t[2] == 2 && t[1] == 4 && i == 0; } } + +/* +Local Variables: +compile-command: "make SideEffects.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -37,7 +75,10 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -128,175 +169,175 @@ ========== file tests/java/SideEffects.jloc ========== [K_10] file = "HOME/tests/java/SideEffects.java" -line = 13 +line = 43 begin = 38 end = 44 [K_11] file = "HOME/tests/java/SideEffects.java" -line = 13 +line = 43 begin = 25 end = 34 [K_12] file = "HOME/tests/java/SideEffects.java" -line = 13 +line = 43 begin = 12 end = 21 [K_13] file = "HOME/tests/java/SideEffects.java" -line = 13 +line = 43 begin = 12 end = 34 [K_14] file = "HOME/tests/java/SideEffects.java" -line = 13 +line = 43 begin = 12 end = 44 [K_15] file = "HOME/tests/java/SideEffects.java" -line = 13 +line = 43 begin = 12 end = 44 [K_16] file = "HOME/tests/java/SideEffects.java" -line = 14 +line = 44 begin = 3 end = 6 [K_17] file = "HOME/tests/java/SideEffects.java" -line = 14 +line = 44 begin = 1 end = 11 [K_18] file = "HOME/tests/java/SideEffects.java" -line = 15 +line = 45 begin = 51 end = 57 [K_19] file = "HOME/tests/java/SideEffects.java" -line = 15 +line = 45 begin = 38 end = 47 [K_20] file = "HOME/tests/java/SideEffects.java" -line = 15 +line = 45 begin = 25 end = 34 [K_21] file = "HOME/tests/java/SideEffects.java" -line = 15 +line = 45 begin = 12 end = 21 [K_22] file = "HOME/tests/java/SideEffects.java" -line = 15 +line = 45 begin = 12 end = 34 [K_23] file = "HOME/tests/java/SideEffects.java" -line = 15 +line = 45 begin = 12 end = 47 [K_24] file = "HOME/tests/java/SideEffects.java" -line = 15 +line = 45 begin = 12 end = 57 [K_1] file = "HOME/tests/java/SideEffects.java" -line = 6 +line = 36 begin = 17 end = 30 [K_25] file = "HOME/tests/java/SideEffects.java" -line = 15 +line = 45 begin = 12 end = 57 [K_2] file = "HOME/tests/java/SideEffects.java" -line = 10 +line = 40 begin = 3 end = 6 [K_26] file = "HOME/tests/java/SideEffects.java" -line = 16 +line = 46 begin = 3 end = 6 [K_3] file = "HOME/tests/java/SideEffects.java" -line = 10 +line = 40 begin = 1 end = 11 [K_27] file = "HOME/tests/java/SideEffects.java" -line = 16 +line = 46 begin = 1 end = 11 [K_4] file = "HOME/tests/java/SideEffects.java" -line = 11 +line = 41 begin = 25 end = 31 [K_28] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 47 begin = 51 end = 57 [K_5] file = "HOME/tests/java/SideEffects.java" -line = 11 +line = 41 begin = 12 end = 21 [K_29] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 47 begin = 38 end = 47 [K_6] file = "HOME/tests/java/SideEffects.java" -line = 11 +line = 41 begin = 12 end = 31 [K_7] file = "HOME/tests/java/SideEffects.java" -line = 11 +line = 41 begin = 12 end = 31 [K_8] file = "HOME/tests/java/SideEffects.java" -line = 12 +line = 42 begin = 3 end = 6 [K_9] file = "HOME/tests/java/SideEffects.java" -line = 12 +line = 42 begin = 1 end = 11 @@ -309,50 +350,50 @@ [K_30] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 47 begin = 25 end = 34 [K_31] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 47 begin = 12 end = 21 [K_32] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 47 begin = 12 end = 34 [K_33] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 47 begin = 12 end = 47 [K_34] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 47 begin = 12 end = 57 [K_35] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 47 begin = 12 end = 57 [K_36] file = "HOME/tests/java/SideEffects.java" -line = 9 +line = 39 begin = 9 end = 10 [SideEffects_m1] name = "Method m1" file = "HOME/tests/java/SideEffects.java" -line = 8 +line = 38 begin = 9 end = 11 @@ -374,10 +415,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs SideEffects.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/SideEffects_why.sx @@ -438,6 +480,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/SideEffects_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/SideEffects_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -510,6 +559,9 @@ why3ide: why/SideEffects_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: SideEffects.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include SideEffects.depend depend: coq/SideEffects_why.v @@ -519,68 +571,86 @@ rm -f coq/*.vo ========== file tests/java/SideEffects.loc ========== +[JC_90] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_91] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_92] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_40] -file = "HOME/tests/java/SideEffects.java" -line = 11 -begin = 12 -end = 21 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_41] file = "HOME/tests/java/SideEffects.java" -line = 11 -begin = 25 -end = 31 +line = 36 +begin = 17 +end = 30 [JC_42] -file = "HOME/tests/java/SideEffects.java" -line = 11 -begin = 12 -end = 31 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_43] -kind = PointerDeref -file = "HOME/tests/java/SideEffects.jc" -line = 70 -begin = 17 -end = 46 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_44] -file = "HOME/tests/java/SideEffects.java" -line = 13 -begin = 12 -end = 21 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_45] -file = "HOME/tests/java/SideEffects.java" -line = 13 -begin = 25 -end = 34 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_46] -file = "HOME/tests/java/SideEffects.java" -line = 13 -begin = 38 -end = 44 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_1] file = "HOME/tests/java/SideEffects.jc" -line = 39 -begin = 8 -end = 21 +line = 13 +begin = 12 +end = 22 [cons_SideEffects_ensures_default] name = "Constructor of class SideEffects" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 end = -1 [JC_47] -file = "HOME/tests/java/SideEffects.java" -line = 13 -begin = 12 -end = 44 +kind = PointerDeref +file = "HOME/tests/java/SideEffects.jc" +line = 70 +begin = 17 +end = 46 [JC_2] file = "HOME/" @@ -589,23 +659,22 @@ end = -1 [JC_48] -kind = PointerDeref -file = "HOME/tests/java/SideEffects.jc" -line = 75 -begin = 18 -end = 48 +file = "HOME/tests/java/SideEffects.java" +line = 41 +begin = 12 +end = 21 [JC_3] file = "HOME/tests/java/SideEffects.jc" -line = 39 -begin = 8 -end = 21 +line = 13 +begin = 12 +end = 22 [JC_49] file = "HOME/tests/java/SideEffects.java" -line = 15 -begin = 12 -end = 21 +line = 41 +begin = 25 +end = 31 [JC_4] file = "HOME/" @@ -614,121 +683,123 @@ end = -1 [JC_5] -file = "HOME/tests/java/SideEffects.jc" -line = 42 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_6] -file = "HOME/tests/java/SideEffects.jc" -line = 41 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_7] -file = "HOME/tests/java/SideEffects.jc" -line = 42 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_8] -file = "HOME/tests/java/SideEffects.jc" -line = 41 -begin = 10 -end = 18 - -[JC_9] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_9] +file = "HOME/tests/java/SideEffects.jc" +line = 42 +begin = 8 +end = 21 + [JC_50] file = "HOME/tests/java/SideEffects.java" -line = 15 -begin = 25 -end = 34 +line = 41 +begin = 12 +end = 31 [JC_51] -file = "HOME/tests/java/SideEffects.java" -line = 15 -begin = 38 -end = 47 +kind = PointerDeref +file = "HOME/tests/java/SideEffects.jc" +line = 73 +begin = 17 +end = 46 [JC_52] file = "HOME/tests/java/SideEffects.java" -line = 15 -begin = 51 -end = 57 +line = 43 +begin = 12 +end = 21 [JC_53] file = "HOME/tests/java/SideEffects.java" -line = 15 -begin = 12 -end = 57 +line = 43 +begin = 25 +end = 34 [JC_54] +file = "HOME/tests/java/SideEffects.java" +line = 43 +begin = 38 +end = 44 + +[JC_55] +file = "HOME/tests/java/SideEffects.java" +line = 43 +begin = 12 +end = 44 + +[JC_56] kind = PointerDeref file = "HOME/tests/java/SideEffects.jc" -line = 81 +line = 78 begin = 18 end = 48 -[JC_55] +[JC_57] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 45 begin = 12 end = 21 -[JC_56] +[JC_58] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 45 begin = 25 end = 34 -[JC_57] +[JC_59] file = "HOME/tests/java/SideEffects.java" -line = 17 +line = 45 begin = 38 end = 47 -[JC_58] -file = "HOME/tests/java/SideEffects.java" -line = 17 -begin = 51 -end = 57 - -[JC_59] -file = "HOME/tests/java/SideEffects.java" -line = 17 -begin = 12 -end = 57 - [SideEffects_m1_safety] name = "Method m1" behavior = "Safety" file = "HOME/tests/java/SideEffects.java" -line = 8 +line = 38 begin = 9 end = 11 [JC_60] file = "HOME/tests/java/SideEffects.java" -line = 11 -begin = 12 -end = 21 +line = 45 +begin = 51 +end = 57 [JC_61] file = "HOME/tests/java/SideEffects.java" -line = 11 -begin = 25 -end = 31 +line = 45 +begin = 12 +end = 57 [JC_62] -file = "HOME/tests/java/SideEffects.java" -line = 11 -begin = 12 -end = 31 +kind = PointerDeref +file = "HOME/tests/java/SideEffects.jc" +line = 84 +begin = 18 +end = 48 [JC_10] file = "HOME/" @@ -738,19 +809,19 @@ [JC_63] file = "HOME/tests/java/SideEffects.java" -line = 13 +line = 47 begin = 12 end = 21 [JC_11] file = "HOME/tests/java/SideEffects.jc" -line = 45 +line = 42 begin = 8 -end = 30 +end = 21 [JC_64] file = "HOME/tests/java/SideEffects.java" -line = 13 +line = 47 begin = 25 end = 34 @@ -762,93 +833,93 @@ [JC_65] file = "HOME/tests/java/SideEffects.java" -line = 13 +line = 47 begin = 38 -end = 44 +end = 47 [JC_13] file = "HOME/tests/java/SideEffects.jc" line = 45 -begin = 8 -end = 30 +begin = 11 +end = 66 [JC_66] file = "HOME/tests/java/SideEffects.java" -line = 13 -begin = 12 -end = 44 +line = 47 +begin = 51 +end = 57 [JC_14] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/SideEffects.jc" +line = 44 +begin = 10 +end = 18 [JC_67] file = "HOME/tests/java/SideEffects.java" -line = 15 +line = 47 begin = 12 -end = 21 +end = 57 [JC_15] file = "HOME/tests/java/SideEffects.jc" -line = 48 +line = 45 begin = 11 -end = 103 +end = 66 [JC_68] file = "HOME/tests/java/SideEffects.java" -line = 15 -begin = 25 -end = 34 +line = 41 +begin = 12 +end = 21 [JC_16] file = "HOME/tests/java/SideEffects.jc" -line = 47 +line = 44 begin = 10 end = 18 [JC_69] file = "HOME/tests/java/SideEffects.java" -line = 15 -begin = 38 -end = 47 +line = 41 +begin = 25 +end = 31 [JC_17] -file = "HOME/tests/java/SideEffects.jc" -line = 48 -begin = 11 -end = 103 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_18] -file = "HOME/tests/java/SideEffects.jc" -line = 47 -begin = 10 -end = 18 - -[JC_19] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_19] +file = "HOME/tests/java/SideEffects.jc" +line = 48 +begin = 8 +end = 30 + [JC_70] file = "HOME/tests/java/SideEffects.java" -line = 15 -begin = 51 -end = 57 +line = 41 +begin = 12 +end = 31 [JC_71] file = "HOME/tests/java/SideEffects.java" -line = 15 +line = 43 begin = 12 -end = 57 +end = 21 [JC_72] file = "HOME/tests/java/SideEffects.java" -line = 17 -begin = 12 -end = 21 +line = 43 +begin = 25 +end = 34 [JC_20] file = "HOME/" @@ -858,21 +929,21 @@ [JC_73] file = "HOME/tests/java/SideEffects.java" -line = 17 -begin = 25 -end = 34 +line = 43 +begin = 38 +end = 44 [JC_21] file = "HOME/tests/java/SideEffects.jc" -line = 52 +line = 48 begin = 8 -end = 23 +end = 30 [JC_74] file = "HOME/tests/java/SideEffects.java" -line = 17 -begin = 38 -end = 47 +line = 43 +begin = 12 +end = 44 [JC_22] file = "HOME/" @@ -882,57 +953,57 @@ [JC_75] file = "HOME/tests/java/SideEffects.java" -line = 17 -begin = 51 -end = 57 +line = 45 +begin = 12 +end = 21 [JC_23] file = "HOME/tests/java/SideEffects.jc" -line = 52 -begin = 8 -end = 23 +line = 51 +begin = 11 +end = 103 [JC_76] file = "HOME/tests/java/SideEffects.java" -line = 17 -begin = 12 -end = 57 +line = 45 +begin = 25 +end = 34 [JC_24] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/SideEffects.jc" +line = 50 +begin = 10 +end = 18 [JC_77] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/SideEffects.java" +line = 45 +begin = 38 +end = 47 [JC_25] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/SideEffects.jc" +line = 51 +begin = 11 +end = 103 [JC_78] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/SideEffects.java" +line = 45 +begin = 51 +end = 57 [JC_26] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/SideEffects.jc" +line = 50 +begin = 10 +end = 18 [JC_79] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/SideEffects.java" +line = 45 +begin = 12 +end = 57 [JC_27] file = "HOME/" @@ -948,73 +1019,91 @@ [JC_29] file = "HOME/tests/java/SideEffects.jc" -line = 54 -begin = 11 -end = 65 +line = 55 +begin = 8 +end = 23 [SideEffects_m1_ensures_default] name = "Method m1" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/SideEffects.java" -line = 8 +line = 38 begin = 9 end = 11 [JC_80] +file = "HOME/tests/java/SideEffects.java" +line = 47 +begin = 12 +end = 21 + +[JC_81] +file = "HOME/tests/java/SideEffects.java" +line = 47 +begin = 25 +end = 34 + +[JC_82] +file = "HOME/tests/java/SideEffects.java" +line = 47 +begin = 38 +end = 47 + +[JC_30] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_81] +[JC_83] +file = "HOME/tests/java/SideEffects.java" +line = 47 +begin = 51 +end = 57 + +[JC_31] +file = "HOME/tests/java/SideEffects.jc" +line = 55 +begin = 8 +end = 23 + +[JC_84] +file = "HOME/tests/java/SideEffects.java" +line = 47 +begin = 12 +end = 57 + +[JC_32] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_82] +[JC_85] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_30] -file = "HOME/tests/java/SideEffects.jc" -line = 54 -begin = 11 -end = 65 - -[JC_83] +[JC_33] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_31] -file = "HOME/tests/java/SideEffects.java" -line = 6 -begin = 17 -end = 30 - -[JC_84] +[JC_86] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_32] +[JC_34] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_33] -file = "HOME/tests/java/SideEffects.java" -line = 6 -begin = 17 -end = 30 - -[JC_34] +[JC_87] file = "HOME/" line = 0 begin = -1 @@ -1026,18 +1115,30 @@ begin = -1 end = -1 +[JC_88] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_36] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_37] +[JC_89] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_37] +file = "HOME/tests/java/SideEffects.jc" +line = 57 +begin = 11 +end = 65 + [cons_SideEffects_safety] name = "Constructor of class SideEffects" behavior = "Safety" @@ -1047,38 +1148,31 @@ end = -1 [JC_38] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/SideEffects.jc" +line = 57 +begin = 11 +end = 65 [JC_39] -kind = PointerDeref -file = "HOME/tests/java/SideEffects.jc" -line = 67 +file = "HOME/tests/java/SideEffects.java" +line = 36 begin = 17 -end = 46 +end = 30 ========== file tests/java/why/SideEffects.why ========== type Object type interface -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_1:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_1), (0)) + ge_int(offset_max(Object_alloc_table, x_1), (0)) predicate Non_null_intM(x_0:Object pointer, Object_alloc_table:Object alloc_table) = @@ -1099,8 +1193,6 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic SideEffects_tag: -> Object tag_id axiom SideEffects_parenttag_Object : parenttag(SideEffects_tag, Object_tag) @@ -1109,8 +1201,6 @@ axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -1239,36 +1329,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_SideEffects(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1309,10 +1369,18 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter Object_alloc_table : Object alloc_table ref parameter Object_tag_table : Object tag_table ref +exception Return_label_exc of unit + parameter intM_intP : (Object, int) memory ref parameter SideEffects_m1 : @@ -1323,134 +1391,10 @@ parameter SideEffects_m1_requires : this_0:Object pointer -> t:Object pointer -> - { (JC_31: gt_int(add_int(offset_max(Object_alloc_table, t), (1)), (10)))} + { (JC_39: gt_int(add_int(offset_max(Object_alloc_table, t), (1)), (10)))} unit reads Object_alloc_table,intM_intP writes intM_intP { true } -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_SideEffects : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_SideEffects(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_SideEffects_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_SideEffects(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1617,6 +1561,10 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_SideEffects : this_1:Object pointer -> { } unit reads Object_alloc_table { true } @@ -1626,44 +1574,44 @@ parameter java_array_length_intM : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter java_array_length_intM_requires : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter non_null_Object : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_Object_requires : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_intM : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_intM_requires : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } @@ -1671,7 +1619,7 @@ fun (this_0 : Object pointer) (t : Object pointer) -> { (left_valid_struct_intM(t, (0), Object_alloc_table) and (valid_struct_SideEffects(this_0, (0), (0), Object_alloc_table) - and (JC_33: + and (JC_41: gt_int(add_int(offset_max(Object_alloc_table, t), (1)), (10))))) } (init: try @@ -1697,9 +1645,9 @@ (let jessie_ = ((shift jessie_) jessie_) in (((safe_upd_ intM_intP) jessie_) jessie_))))) in void); (assert - { (JC_62: - ((JC_60: eq_int(select(intM_intP, shift(t, (0))), (1))) - and (JC_61: eq_int(i, (1))))) }; void); + { (JC_70: + ((JC_68: (select(intM_intP, shift(t, (0))) = (1))) + and (JC_69: (i = (1))))) }; void); (let jessie_ = (let jessie_ = (2) in (let jessie_ = t in @@ -1707,10 +1655,10 @@ (let jessie_ = ((shift jessie_) jessie_) in (((safe_upd_ intM_intP) jessie_) jessie_))))) in void); (assert - { (JC_66: - ((JC_63: eq_int(select(intM_intP, shift(t, (0))), (1))) - and ((JC_64: eq_int(select(intM_intP, shift(t, (2))), (2))) - and (JC_65: eq_int(i, (2)))))) }; void); + { (JC_74: + ((JC_71: (select(intM_intP, shift(t, (0))) = (1))) + and ((JC_72: (select(intM_intP, shift(t, (2))) = (2))) + and (JC_73: (i = (2)))))) }; void); (let jessie_ = (let jessie_ = (3) in (let jessie_ = t in @@ -1718,11 +1666,11 @@ (let jessie_ = ((shift jessie_) jessie_) in (((safe_upd_ intM_intP) jessie_) jessie_))))) in void); (assert - { (JC_71: - ((JC_67: eq_int(select(intM_intP, shift(t, (0))), (1))) - and ((JC_68: eq_int(select(intM_intP, shift(t, (2))), (2))) - and ((JC_69: eq_int(select(intM_intP, shift(t, (1))), (3))) - and (JC_70: eq_int(i, (1))))))) }; void); + { (JC_79: + ((JC_75: (select(intM_intP, shift(t, (0))) = (1))) + and ((JC_76: (select(intM_intP, shift(t, (2))) = (2))) + and ((JC_77: (select(intM_intP, shift(t, (1))) = (3))) + and (JC_78: (i = (1))))))) }; void); (let jessie_ = (let jessie_ = (4) in (let jessie_ = t in @@ -1736,18 +1684,18 @@ (((safe_upd_ intM_intP) jessie_) jessie_))))) in void); (K_35: (assert - { (JC_76: - ((JC_72: eq_int(select(intM_intP, shift(t, (0))), (1))) - and ((JC_73: eq_int(select(intM_intP, shift(t, (2))), (2))) - and ((JC_74: eq_int(select(intM_intP, shift(t, (1))), (4))) - and (JC_75: eq_int(i, (0))))))) }; void)) end)))))))); - (raise Return) end with Return -> void end) { (JC_35: true) } + { (JC_84: + ((JC_80: (select(intM_intP, shift(t, (0))) = (1))) + and ((JC_81: (select(intM_intP, shift(t, (2))) = (2))) + and ((JC_82: (select(intM_intP, shift(t, (1))) = (4))) + and (JC_83: (i = (0))))))) }; void)) end)))))))); + (raise Return) end with Return -> void end) { (JC_43: true) } let SideEffects_m1_safety = fun (this_0 : Object pointer) (t : Object pointer) -> { (left_valid_struct_intM(t, (0), Object_alloc_table) and (valid_struct_SideEffects(this_0, (0), (0), Object_alloc_table) - and (JC_33: + and (JC_41: gt_int(add_int(offset_max(Object_alloc_table, t), (1)), (10))))) } (init: try @@ -1771,40 +1719,40 @@ (let jessie_ = (i := ((add_int jessie_) (1))) in void); jessie_ end)) in (let jessie_ = ((shift jessie_) jessie_) in - (JC_39: + (JC_47: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)))))) in void); [ { } unit reads i,intM_intP - { (JC_42: - ((JC_40: eq_int(select(intM_intP, shift(t, (0))), (1))) - and (JC_41: eq_int(i, (1))))) } ]; + { (JC_50: + ((JC_48: (select(intM_intP, shift(t, (0))) = (1))) + and (JC_49: (i = (1))))) } ]; (let jessie_ = (let jessie_ = (2) in (let jessie_ = t in (let jessie_ = (K_8: begin (i := ((add_int !i) (1))); !i end) in (let jessie_ = ((shift jessie_) jessie_) in - (JC_43: + (JC_51: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)))))) in void); [ { } unit reads i,intM_intP - { (JC_47: - ((JC_44: eq_int(select(intM_intP, shift(t, (0))), (1))) - and ((JC_45: eq_int(select(intM_intP, shift(t, (2))), (2))) - and (JC_46: eq_int(i, (2)))))) } ]; + { (JC_55: + ((JC_52: (select(intM_intP, shift(t, (0))) = (1))) + and ((JC_53: (select(intM_intP, shift(t, (2))) = (2))) + and (JC_54: (i = (2)))))) } ]; (let jessie_ = (let jessie_ = (3) in (let jessie_ = t in (let jessie_ = (K_16: begin (i := ((sub_int !i) (1))); !i end) in (let jessie_ = ((shift jessie_) jessie_) in - (JC_48: + (JC_56: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)))))) in void); [ { } unit reads i,intM_intP - { (JC_53: - ((JC_49: eq_int(select(intM_intP, shift(t, (0))), (1))) - and ((JC_50: eq_int(select(intM_intP, shift(t, (2))), (2))) - and ((JC_51: eq_int(select(intM_intP, shift(t, (1))), (3))) - and (JC_52: eq_int(i, (1))))))) } ]; + { (JC_61: + ((JC_57: (select(intM_intP, shift(t, (0))) = (1))) + and ((JC_58: (select(intM_intP, shift(t, (2))) = (2))) + and ((JC_59: (select(intM_intP, shift(t, (1))) = (3))) + and (JC_60: (i = (1))))))) } ]; (let jessie_ = (let jessie_ = (4) in (let jessie_ = t in @@ -1815,23 +1763,23 @@ (let jessie_ = (i := ((sub_int jessie_) (1))) in void); jessie_ end)) in (let jessie_ = ((shift jessie_) jessie_) in - (JC_54: + (JC_62: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)))))) in void); (K_35: [ { } unit reads i,intM_intP - { (JC_59: - ((JC_55: eq_int(select(intM_intP, shift(t, (0))), (1))) - and ((JC_56: eq_int(select(intM_intP, shift(t, (2))), (2))) - and ((JC_57: eq_int(select(intM_intP, shift(t, (1))), (4))) - and (JC_58: eq_int(i, (0))))))) } ]) end)))))))); - (raise Return) end with Return -> void end) { true } + { (JC_67: + ((JC_63: (select(intM_intP, shift(t, (0))) = (1))) + and ((JC_64: (select(intM_intP, shift(t, (2))) = (2))) + and ((JC_65: (select(intM_intP, shift(t, (1))) = (4))) + and (JC_66: (i = (0))))))) } ]) end)))))))); (raise Return) + end with Return -> void end) { true } let cons_SideEffects_ensures_default = fun (this_1 : Object pointer) -> { valid_struct_SideEffects(this_1, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_81: true) } + { (JC_89: true) } let cons_SideEffects_safety = fun (this_1 : Object pointer) -> @@ -1846,92 +1794,92 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - + - + - + - + - + - + - + - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2879,7 +2827,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -3037,36 +2985,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_SideEffects(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -3107,6 +3025,23 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/SideEffects_po1.why ========== +goal SideEffects_m1_ensures_default_po_1: + forall this_0:Object pointer. + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. + (left_valid_struct_intM(t, 0, Object_alloc_table) and + (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + forall i:int. + (i = (0 + 1)) -> + forall intM_intP0:(Object, + int) memory. + (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> + ("JC_70": ("JC_68": (select(intM_intP0, shift(t, 0)) = 1))) + ========== file tests/java/why/SideEffects_po10.why ========== goal SideEffects_m1_ensures_default_po_10: forall this_0:Object pointer. @@ -3116,37 +3051,37 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": - (("JC_67": (select(intM_intP2, shift(t, 0)) = 1)) and - (("JC_68": (select(intM_intP2, shift(t, 2)) = 2)) and - (("JC_69": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_70": (i1 = 1)))))) -> + ("JC_79": + (("JC_75": (select(intM_intP2, shift(t, 0)) = 1)) and + (("JC_76": (select(intM_intP2, shift(t, 2)) = 2)) and + (("JC_77": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_78": (i1 = 1)))))) -> forall i2:int. (i2 = (i1 - 1)) -> forall intM_intP3:(Object, int) memory. (intM_intP3 = store(intM_intP2, shift(t, i1), 4)) -> - ("JC_76": ("JC_72": ("JC_72": (select(intM_intP3, shift(t, 0)) = 1)))) + ("JC_84": ("JC_80": (select(intM_intP3, shift(t, 0)) = 1))) ========== file tests/java/why/SideEffects_po11.why ========== goal SideEffects_m1_ensures_default_po_11: @@ -3157,37 +3092,37 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": - (("JC_67": (select(intM_intP2, shift(t, 0)) = 1)) and - (("JC_68": (select(intM_intP2, shift(t, 2)) = 2)) and - (("JC_69": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_70": (i1 = 1)))))) -> + ("JC_79": + (("JC_75": (select(intM_intP2, shift(t, 0)) = 1)) and + (("JC_76": (select(intM_intP2, shift(t, 2)) = 2)) and + (("JC_77": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_78": (i1 = 1)))))) -> forall i2:int. (i2 = (i1 - 1)) -> forall intM_intP3:(Object, int) memory. (intM_intP3 = store(intM_intP2, shift(t, i1), 4)) -> - ("JC_76": ("JC_73": ("JC_73": (select(intM_intP3, shift(t, 2)) = 2)))) + ("JC_84": ("JC_81": (select(intM_intP3, shift(t, 2)) = 2))) ========== file tests/java/why/SideEffects_po12.why ========== goal SideEffects_m1_ensures_default_po_12: @@ -3198,37 +3133,37 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": - (("JC_67": (select(intM_intP2, shift(t, 0)) = 1)) and - (("JC_68": (select(intM_intP2, shift(t, 2)) = 2)) and - (("JC_69": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_70": (i1 = 1)))))) -> + ("JC_79": + (("JC_75": (select(intM_intP2, shift(t, 0)) = 1)) and + (("JC_76": (select(intM_intP2, shift(t, 2)) = 2)) and + (("JC_77": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_78": (i1 = 1)))))) -> forall i2:int. (i2 = (i1 - 1)) -> forall intM_intP3:(Object, int) memory. (intM_intP3 = store(intM_intP2, shift(t, i1), 4)) -> - ("JC_76": ("JC_74": ("JC_74": (select(intM_intP3, shift(t, 1)) = 4)))) + ("JC_84": ("JC_82": (select(intM_intP3, shift(t, 1)) = 4))) ========== file tests/java/why/SideEffects_po13.why ========== goal SideEffects_m1_ensures_default_po_13: @@ -3239,37 +3174,37 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": - (("JC_67": (select(intM_intP2, shift(t, 0)) = 1)) and - (("JC_68": (select(intM_intP2, shift(t, 2)) = 2)) and - (("JC_69": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_70": (i1 = 1)))))) -> + ("JC_79": + (("JC_75": (select(intM_intP2, shift(t, 0)) = 1)) and + (("JC_76": (select(intM_intP2, shift(t, 2)) = 2)) and + (("JC_77": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_78": (i1 = 1)))))) -> forall i2:int. (i2 = (i1 - 1)) -> forall intM_intP3:(Object, int) memory. (intM_intP3 = store(intM_intP2, shift(t, i1), 4)) -> - ("JC_76": ("JC_75": ("JC_75": (i2 = 0)))) + ("JC_84": ("JC_83": (i2 = 0))) ========== file tests/java/why/SideEffects_po14.why ========== goal SideEffects_m1_safety_po_1: @@ -3278,7 +3213,7 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> (offset_min(Object_alloc_table, t) <= 0) @@ -3290,7 +3225,7 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> (0 <= offset_max(Object_alloc_table, t)) @@ -3304,7 +3239,7 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> ((offset_min(Object_alloc_table, t) <= 0) and @@ -3312,8 +3247,8 @@ forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_42": - (("JC_40": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_41": (i = 1)))) -> + ("JC_50": + (("JC_48": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_49": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> (offset_min(Object_alloc_table, t) <= i0) @@ -3327,7 +3262,7 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> ((offset_min(Object_alloc_table, t) <= 0) and @@ -3335,8 +3270,8 @@ forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_42": - (("JC_40": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_41": (i = 1)))) -> + ("JC_50": + (("JC_48": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_49": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> (i0 <= offset_max(Object_alloc_table, t)) @@ -3350,7 +3285,7 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> ((offset_min(Object_alloc_table, t) <= 0) and @@ -3358,8 +3293,8 @@ forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_42": - (("JC_40": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_41": (i = 1)))) -> + ("JC_50": + (("JC_48": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_49": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> ((offset_min(Object_alloc_table, t) <= i0) and @@ -3367,9 +3302,9 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_47": - (("JC_44": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_45": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_46": (i0 = 2))))) -> + ("JC_55": + (("JC_52": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_53": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_54": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> (offset_min(Object_alloc_table, t) <= i1) @@ -3383,7 +3318,7 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> ((offset_min(Object_alloc_table, t) <= 0) and @@ -3391,8 +3326,8 @@ forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_42": - (("JC_40": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_41": (i = 1)))) -> + ("JC_50": + (("JC_48": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_49": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> ((offset_min(Object_alloc_table, t) <= i0) and @@ -3400,30 +3335,13 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_47": - (("JC_44": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_45": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_46": (i0 = 2))))) -> + ("JC_55": + (("JC_52": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_53": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_54": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> (i1 <= offset_max(Object_alloc_table, t)) -========== file tests/java/why/SideEffects_po1.why ========== -goal SideEffects_m1_ensures_default_po_1: - forall this_0:Object pointer. - forall t:Object pointer. - forall Object_alloc_table:Object alloc_table. - forall intM_intP:(Object, - int) memory. - (left_valid_struct_intM(t, 0, Object_alloc_table) and - (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> - forall i:int. - (i = (0 + 1)) -> - forall intM_intP0:(Object, - int) memory. - (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": ("JC_60": ("JC_60": (select(intM_intP0, shift(t, 0)) = 1)))) - ========== file tests/java/why/SideEffects_po2.why ========== goal SideEffects_m1_ensures_default_po_2: forall this_0:Object pointer. @@ -3433,13 +3351,13 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": ("JC_61": ("JC_61": (i = 1)))) + ("JC_70": ("JC_69": (i = 1))) ========== file tests/java/why/SideEffects_po3.why ========== goal SideEffects_m1_ensures_default_po_3: @@ -3450,20 +3368,20 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": ("JC_63": ("JC_63": (select(intM_intP1, shift(t, 0)) = 1)))) + ("JC_74": ("JC_71": (select(intM_intP1, shift(t, 0)) = 1))) ========== file tests/java/why/SideEffects_po4.why ========== goal SideEffects_m1_ensures_default_po_4: @@ -3474,20 +3392,20 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": ("JC_64": ("JC_64": (select(intM_intP1, shift(t, 2)) = 2)))) + ("JC_74": ("JC_72": (select(intM_intP1, shift(t, 2)) = 2))) ========== file tests/java/why/SideEffects_po5.why ========== goal SideEffects_m1_ensures_default_po_5: @@ -3498,20 +3416,20 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": ("JC_65": ("JC_65": (i0 = 2)))) + ("JC_74": ("JC_73": (i0 = 2))) ========== file tests/java/why/SideEffects_po6.why ========== goal SideEffects_m1_ensures_default_po_6: @@ -3522,28 +3440,28 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": ("JC_67": ("JC_67": (select(intM_intP2, shift(t, 0)) = 1)))) + ("JC_79": ("JC_75": (select(intM_intP2, shift(t, 0)) = 1))) ========== file tests/java/why/SideEffects_po7.why ========== goal SideEffects_m1_ensures_default_po_7: @@ -3554,28 +3472,28 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": ("JC_68": ("JC_68": (select(intM_intP2, shift(t, 2)) = 2)))) + ("JC_79": ("JC_76": (select(intM_intP2, shift(t, 2)) = 2))) ========== file tests/java/why/SideEffects_po8.why ========== goal SideEffects_m1_ensures_default_po_8: @@ -3586,28 +3504,28 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": ("JC_69": ("JC_69": (select(intM_intP2, shift(t, 1)) = 3)))) + ("JC_79": ("JC_77": (select(intM_intP2, shift(t, 1)) = 3))) ========== file tests/java/why/SideEffects_po9.why ========== goal SideEffects_m1_ensures_default_po_9: @@ -3618,28 +3536,28 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": ("JC_70": ("JC_70": (i1 = 1)))) + ("JC_79": ("JC_78": (i1 = 1))) ========== generation of Simplify VC output ========== why -simplify [...] why/SideEffects.why @@ -4463,7 +4381,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_1) 0)) + (>= (offset_max Object_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_alloc_table) (>= (offset_max Object_alloc_table x_0) (- 0 1))) @@ -4598,29 +4516,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_SideEffects p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -4652,7 +4547,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; SideEffects_m1_ensures_default_po_1, File "HOME/tests/java/SideEffects.java", line 11, characters 12-21 +;; SideEffects_m1_ensures_default_po_1, File "HOME/tests/java/SideEffects.java", line 41, characters 12-21 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4666,7 +4561,7 @@ (IMPLIES (EQ intM_intP0 (|why__store| intM_intP (shift t 0) 1)) (EQ (select intM_intP0 (shift t 0)) 1)))))))))) -;; SideEffects_m1_ensures_default_po_2, File "HOME/tests/java/SideEffects.java", line 11, characters 25-31 +;; SideEffects_m1_ensures_default_po_2, File "HOME/tests/java/SideEffects.java", line 41, characters 25-31 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4679,7 +4574,7 @@ (FORALL (intM_intP0) (IMPLIES (EQ intM_intP0 (|why__store| intM_intP (shift t 0) 1)) (EQ i 1)))))))))) -;; SideEffects_m1_ensures_default_po_3, File "HOME/tests/java/SideEffects.java", line 13, characters 12-21 +;; SideEffects_m1_ensures_default_po_3, File "HOME/tests/java/SideEffects.java", line 43, characters 12-21 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4698,7 +4593,7 @@ (IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t i0) 2)) (EQ (select intM_intP1 (shift t 0)) 1))))))))))))))) -;; SideEffects_m1_ensures_default_po_4, File "HOME/tests/java/SideEffects.java", line 13, characters 25-34 +;; SideEffects_m1_ensures_default_po_4, File "HOME/tests/java/SideEffects.java", line 43, characters 25-34 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4717,7 +4612,7 @@ (IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t i0) 2)) (EQ (select intM_intP1 (shift t 2)) 2))))))))))))))) -;; SideEffects_m1_ensures_default_po_5, File "HOME/tests/java/SideEffects.java", line 13, characters 38-44 +;; SideEffects_m1_ensures_default_po_5, File "HOME/tests/java/SideEffects.java", line 43, characters 38-44 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4735,7 +4630,7 @@ (FORALL (intM_intP1) (IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t i0) 2)) (EQ i0 2))))))))))))))) -;; SideEffects_m1_ensures_default_po_6, File "HOME/tests/java/SideEffects.java", line 15, characters 12-21 +;; SideEffects_m1_ensures_default_po_6, File "HOME/tests/java/SideEffects.java", line 45, characters 12-21 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4760,7 +4655,7 @@ (IMPLIES (EQ intM_intP2 (|why__store| intM_intP1 (shift t i1) 3)) (EQ (select intM_intP2 (shift t 0)) 1)))))))))))))))))))) -;; SideEffects_m1_ensures_default_po_7, File "HOME/tests/java/SideEffects.java", line 15, characters 25-34 +;; SideEffects_m1_ensures_default_po_7, File "HOME/tests/java/SideEffects.java", line 45, characters 25-34 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4785,7 +4680,7 @@ (IMPLIES (EQ intM_intP2 (|why__store| intM_intP1 (shift t i1) 3)) (EQ (select intM_intP2 (shift t 2)) 2)))))))))))))))))))) -;; SideEffects_m1_ensures_default_po_8, File "HOME/tests/java/SideEffects.java", line 15, characters 38-47 +;; SideEffects_m1_ensures_default_po_8, File "HOME/tests/java/SideEffects.java", line 45, characters 38-47 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4810,7 +4705,7 @@ (IMPLIES (EQ intM_intP2 (|why__store| intM_intP1 (shift t i1) 3)) (EQ (select intM_intP2 (shift t 1)) 3)))))))))))))))))))) -;; SideEffects_m1_ensures_default_po_9, File "HOME/tests/java/SideEffects.java", line 15, characters 51-57 +;; SideEffects_m1_ensures_default_po_9, File "HOME/tests/java/SideEffects.java", line 45, characters 51-57 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4834,7 +4729,7 @@ (FORALL (intM_intP2) (IMPLIES (EQ intM_intP2 (|why__store| intM_intP1 (shift t i1) 3)) (EQ i1 1)))))))))))))))))))) -;; SideEffects_m1_ensures_default_po_10, File "HOME/tests/java/SideEffects.java", line 17, characters 12-21 +;; SideEffects_m1_ensures_default_po_10, File "HOME/tests/java/SideEffects.java", line 47, characters 12-21 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4866,7 +4761,7 @@ (IMPLIES (EQ intM_intP3 (|why__store| intM_intP2 (shift t i1) 4)) (EQ (select intM_intP3 (shift t 0)) 1))))))))))))))))))))))))) -;; SideEffects_m1_ensures_default_po_11, File "HOME/tests/java/SideEffects.java", line 17, characters 25-34 +;; SideEffects_m1_ensures_default_po_11, File "HOME/tests/java/SideEffects.java", line 47, characters 25-34 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4898,7 +4793,7 @@ (IMPLIES (EQ intM_intP3 (|why__store| intM_intP2 (shift t i1) 4)) (EQ (select intM_intP3 (shift t 2)) 2))))))))))))))))))))))))) -;; SideEffects_m1_ensures_default_po_12, File "HOME/tests/java/SideEffects.java", line 17, characters 38-47 +;; SideEffects_m1_ensures_default_po_12, File "HOME/tests/java/SideEffects.java", line 47, characters 38-47 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4930,7 +4825,7 @@ (IMPLIES (EQ intM_intP3 (|why__store| intM_intP2 (shift t i1) 4)) (EQ (select intM_intP3 (shift t 1)) 4))))))))))))))))))))))))) -;; SideEffects_m1_ensures_default_po_13, File "HOME/tests/java/SideEffects.java", line 17, characters 51-57 +;; SideEffects_m1_ensures_default_po_13, File "HOME/tests/java/SideEffects.java", line 47, characters 51-57 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4961,7 +4856,7 @@ (FORALL (intM_intP3) (IMPLIES (EQ intM_intP3 (|why__store| intM_intP2 (shift t i1) 4)) (EQ i2 0))))))))))))))))))))))))) -;; SideEffects_m1_safety_po_1, File "HOME/tests/java/SideEffects.jc", line 67, characters 17-46 +;; SideEffects_m1_safety_po_1, File "HOME/tests/java/SideEffects.jc", line 70, characters 17-46 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4971,7 +4866,7 @@ (FORALL (i) (IMPLIES (EQ i (+ 0 1)) (<= (offset_min Object_alloc_table t) 0))))))) -;; SideEffects_m1_safety_po_2, File "HOME/tests/java/SideEffects.jc", line 67, characters 17-46 +;; SideEffects_m1_safety_po_2, File "HOME/tests/java/SideEffects.jc", line 70, characters 17-46 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4981,7 +4876,7 @@ (FORALL (i) (IMPLIES (EQ i (+ 0 1)) (<= 0 (offset_max Object_alloc_table t)))))))) -;; SideEffects_m1_safety_po_3, File "HOME/tests/java/SideEffects.jc", line 70, characters 17-46 +;; SideEffects_m1_safety_po_3, File "HOME/tests/java/SideEffects.jc", line 73, characters 17-46 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4999,7 +4894,7 @@ (FORALL (i0) (IMPLIES (EQ i0 (+ i 1)) (<= (offset_min Object_alloc_table t) i0)))))))))))))) -;; SideEffects_m1_safety_po_4, File "HOME/tests/java/SideEffects.jc", line 70, characters 17-46 +;; SideEffects_m1_safety_po_4, File "HOME/tests/java/SideEffects.jc", line 73, characters 17-46 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -5017,7 +4912,7 @@ (FORALL (i0) (IMPLIES (EQ i0 (+ i 1)) (<= i0 (offset_max Object_alloc_table t))))))))))))))) -;; SideEffects_m1_safety_po_5, File "HOME/tests/java/SideEffects.jc", line 75, characters 18-48 +;; SideEffects_m1_safety_po_5, File "HOME/tests/java/SideEffects.jc", line 78, characters 18-48 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -5043,7 +4938,7 @@ (FORALL (i1) (IMPLIES (EQ i1 (- i0 1)) (<= (offset_min Object_alloc_table t) i1)))))))))))))))))))) -;; SideEffects_m1_safety_po_6, File "HOME/tests/java/SideEffects.jc", line 75, characters 18-48 +;; SideEffects_m1_safety_po_6, File "HOME/tests/java/SideEffects.jc", line 78, characters 18-48 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -6023,7 +5918,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -6181,36 +6076,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_SideEffects(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -6259,13 +6124,13 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": ("JC_60": ("JC_60": (select(intM_intP0, shift(t, 0)) = 1)))) + ("JC_70": ("JC_68": (select(intM_intP0, shift(t, 0)) = 1))) goal SideEffects_m1_ensures_default_po_2: forall this_0:Object pointer. @@ -6275,13 +6140,13 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": ("JC_61": ("JC_61": (i = 1)))) + ("JC_70": ("JC_69": (i = 1))) goal SideEffects_m1_ensures_default_po_3: forall this_0:Object pointer. @@ -6291,20 +6156,20 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": ("JC_63": ("JC_63": (select(intM_intP1, shift(t, 0)) = 1)))) + ("JC_74": ("JC_71": (select(intM_intP1, shift(t, 0)) = 1))) goal SideEffects_m1_ensures_default_po_4: forall this_0:Object pointer. @@ -6314,20 +6179,20 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": ("JC_64": ("JC_64": (select(intM_intP1, shift(t, 2)) = 2)))) + ("JC_74": ("JC_72": (select(intM_intP1, shift(t, 2)) = 2))) goal SideEffects_m1_ensures_default_po_5: forall this_0:Object pointer. @@ -6337,20 +6202,20 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": ("JC_65": ("JC_65": (i0 = 2)))) + ("JC_74": ("JC_73": (i0 = 2))) goal SideEffects_m1_ensures_default_po_6: forall this_0:Object pointer. @@ -6360,28 +6225,28 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": ("JC_67": ("JC_67": (select(intM_intP2, shift(t, 0)) = 1)))) + ("JC_79": ("JC_75": (select(intM_intP2, shift(t, 0)) = 1))) goal SideEffects_m1_ensures_default_po_7: forall this_0:Object pointer. @@ -6391,28 +6256,28 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": ("JC_68": ("JC_68": (select(intM_intP2, shift(t, 2)) = 2)))) + ("JC_79": ("JC_76": (select(intM_intP2, shift(t, 2)) = 2))) goal SideEffects_m1_ensures_default_po_8: forall this_0:Object pointer. @@ -6422,28 +6287,28 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": ("JC_69": ("JC_69": (select(intM_intP2, shift(t, 1)) = 3)))) + ("JC_79": ("JC_77": (select(intM_intP2, shift(t, 1)) = 3))) goal SideEffects_m1_ensures_default_po_9: forall this_0:Object pointer. @@ -6453,28 +6318,28 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": ("JC_70": ("JC_70": (i1 = 1)))) + ("JC_79": ("JC_78": (i1 = 1))) goal SideEffects_m1_ensures_default_po_10: forall this_0:Object pointer. @@ -6484,37 +6349,37 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": - (("JC_67": (select(intM_intP2, shift(t, 0)) = 1)) and - (("JC_68": (select(intM_intP2, shift(t, 2)) = 2)) and - (("JC_69": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_70": (i1 = 1)))))) -> + ("JC_79": + (("JC_75": (select(intM_intP2, shift(t, 0)) = 1)) and + (("JC_76": (select(intM_intP2, shift(t, 2)) = 2)) and + (("JC_77": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_78": (i1 = 1)))))) -> forall i2:int. (i2 = (i1 - 1)) -> forall intM_intP3:(Object, int) memory. (intM_intP3 = store(intM_intP2, shift(t, i1), 4)) -> - ("JC_76": ("JC_72": ("JC_72": (select(intM_intP3, shift(t, 0)) = 1)))) + ("JC_84": ("JC_80": (select(intM_intP3, shift(t, 0)) = 1))) goal SideEffects_m1_ensures_default_po_11: forall this_0:Object pointer. @@ -6524,37 +6389,37 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": - (("JC_67": (select(intM_intP2, shift(t, 0)) = 1)) and - (("JC_68": (select(intM_intP2, shift(t, 2)) = 2)) and - (("JC_69": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_70": (i1 = 1)))))) -> + ("JC_79": + (("JC_75": (select(intM_intP2, shift(t, 0)) = 1)) and + (("JC_76": (select(intM_intP2, shift(t, 2)) = 2)) and + (("JC_77": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_78": (i1 = 1)))))) -> forall i2:int. (i2 = (i1 - 1)) -> forall intM_intP3:(Object, int) memory. (intM_intP3 = store(intM_intP2, shift(t, i1), 4)) -> - ("JC_76": ("JC_73": ("JC_73": (select(intM_intP3, shift(t, 2)) = 2)))) + ("JC_84": ("JC_81": (select(intM_intP3, shift(t, 2)) = 2))) goal SideEffects_m1_ensures_default_po_12: forall this_0:Object pointer. @@ -6564,37 +6429,37 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": - (("JC_67": (select(intM_intP2, shift(t, 0)) = 1)) and - (("JC_68": (select(intM_intP2, shift(t, 2)) = 2)) and - (("JC_69": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_70": (i1 = 1)))))) -> + ("JC_79": + (("JC_75": (select(intM_intP2, shift(t, 0)) = 1)) and + (("JC_76": (select(intM_intP2, shift(t, 2)) = 2)) and + (("JC_77": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_78": (i1 = 1)))))) -> forall i2:int. (i2 = (i1 - 1)) -> forall intM_intP3:(Object, int) memory. (intM_intP3 = store(intM_intP2, shift(t, i1), 4)) -> - ("JC_76": ("JC_74": ("JC_74": (select(intM_intP3, shift(t, 1)) = 4)))) + ("JC_84": ("JC_82": (select(intM_intP3, shift(t, 1)) = 4))) goal SideEffects_m1_ensures_default_po_13: forall this_0:Object pointer. @@ -6604,37 +6469,37 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_62": - (("JC_60": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_61": (i = 1)))) -> + ("JC_70": + (("JC_68": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_69": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_66": - (("JC_63": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_64": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_65": (i0 = 2))))) -> + ("JC_74": + (("JC_71": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_72": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_73": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> forall intM_intP2:(Object, int) memory. (intM_intP2 = store(intM_intP1, shift(t, i1), 3)) -> - ("JC_71": - (("JC_67": (select(intM_intP2, shift(t, 0)) = 1)) and - (("JC_68": (select(intM_intP2, shift(t, 2)) = 2)) and - (("JC_69": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_70": (i1 = 1)))))) -> + ("JC_79": + (("JC_75": (select(intM_intP2, shift(t, 0)) = 1)) and + (("JC_76": (select(intM_intP2, shift(t, 2)) = 2)) and + (("JC_77": (select(intM_intP2, shift(t, 1)) = 3)) and ("JC_78": (i1 = 1)))))) -> forall i2:int. (i2 = (i1 - 1)) -> forall intM_intP3:(Object, int) memory. (intM_intP3 = store(intM_intP2, shift(t, i1), 4)) -> - ("JC_76": ("JC_75": ("JC_75": (i2 = 0)))) + ("JC_84": ("JC_83": (i2 = 0))) goal SideEffects_m1_safety_po_1: forall this_0:Object pointer. @@ -6642,7 +6507,7 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> (offset_min(Object_alloc_table, t) <= 0) @@ -6653,7 +6518,7 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> (0 <= offset_max(Object_alloc_table, t)) @@ -6666,7 +6531,7 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> ((offset_min(Object_alloc_table, t) <= 0) and @@ -6674,8 +6539,8 @@ forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_42": - (("JC_40": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_41": (i = 1)))) -> + ("JC_50": + (("JC_48": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_49": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> (offset_min(Object_alloc_table, t) <= i0) @@ -6688,7 +6553,7 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> ((offset_min(Object_alloc_table, t) <= 0) and @@ -6696,8 +6561,8 @@ forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_42": - (("JC_40": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_41": (i = 1)))) -> + ("JC_50": + (("JC_48": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_49": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> (i0 <= offset_max(Object_alloc_table, t)) @@ -6710,7 +6575,7 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> ((offset_min(Object_alloc_table, t) <= 0) and @@ -6718,8 +6583,8 @@ forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_42": - (("JC_40": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_41": (i = 1)))) -> + ("JC_50": + (("JC_48": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_49": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> ((offset_min(Object_alloc_table, t) <= i0) and @@ -6727,9 +6592,9 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_47": - (("JC_44": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_45": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_46": (i0 = 2))))) -> + ("JC_55": + (("JC_52": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_53": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_54": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> (offset_min(Object_alloc_table, t) <= i1) @@ -6742,7 +6607,7 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_SideEffects(this_0, 0, 0, Object_alloc_table) and - ("JC_33": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> + ("JC_41": ((offset_max(Object_alloc_table, t) + 1) > 10)))) -> forall i:int. (i = (0 + 1)) -> ((offset_min(Object_alloc_table, t) <= 0) and @@ -6750,8 +6615,8 @@ forall intM_intP0:(Object, int) memory. (intM_intP0 = store(intM_intP, shift(t, 0), 1)) -> - ("JC_42": - (("JC_40": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_41": (i = 1)))) -> + ("JC_50": + (("JC_48": (select(intM_intP0, shift(t, 0)) = 1)) and ("JC_49": (i = 1)))) -> forall i0:int. (i0 = (i + 1)) -> ((offset_min(Object_alloc_table, t) <= i0) and @@ -6759,9 +6624,9 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, i0), 2)) -> - ("JC_47": - (("JC_44": (select(intM_intP1, shift(t, 0)) = 1)) and - (("JC_45": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_46": (i0 = 2))))) -> + ("JC_55": + (("JC_52": (select(intM_intP1, shift(t, 0)) = 1)) and + (("JC_53": (select(intM_intP1, shift(t, 2)) = 2)) and ("JC_54": (i0 = 2))))) -> forall i1:int. (i1 = (i0 - 1)) -> (i1 <= offset_max(Object_alloc_table, t)) diff -Nru why-2.29+dfsg/tests/java/oracle/SimpleAlloc.res.oracle why-2.30+dfsg/tests/java/oracle/SimpleAlloc.res.oracle --- why-2.29+dfsg/tests/java/oracle/SimpleAlloc.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/SimpleAlloc.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,35 @@ ========== file tests/java/SimpleAlloc.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + class Node { int val; @@ -17,6 +48,16 @@ x[0]=new Node(); } } + + + + +/* +Local Variables: +compile-command: "make SimpleAlloc.why3ml" +End: +*/ + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -45,7 +86,10 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -138,7 +182,7 @@ [test_test] name = "Method test" file = "HOME/tests/java/SimpleAlloc.java" -line = 15 +line = 46 begin = 9 end = 13 @@ -157,44 +201,44 @@ [K_2] file = "HOME/tests/java/SimpleAlloc.java" -line = 13 +line = 44 begin = 16 end = 23 [K_3] file = "HOME/tests/java/SimpleAlloc.java" -line = 11 +line = 42 begin = 28 end = 40 [K_4] file = "HOME/tests/java/SimpleAlloc.java" -line = 11 +line = 42 begin = 17 end = 24 [cons_Node] name = "Constructor of class Node" file = "HOME/tests/java/SimpleAlloc.java" -line = 5 +line = 36 begin = 4 end = 8 [K_5] file = "HOME/tests/java/SimpleAlloc.java" -line = 11 +line = 42 begin = 17 end = 40 [K_6] file = "HOME/tests/java/SimpleAlloc.java" -line = 16 +line = 47 begin = 8 end = 12 [K_7] file = "HOME/tests/java/SimpleAlloc.java" -line = 16 +line = 47 begin = 8 end = 23 @@ -217,10 +261,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs SimpleAlloc.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/SimpleAlloc_why.sx @@ -281,6 +326,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/SimpleAlloc_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/SimpleAlloc_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -353,6 +405,9 @@ why3ide: why/SimpleAlloc_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: SimpleAlloc.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include SimpleAlloc.depend depend: coq/SimpleAlloc_why.v @@ -370,68 +425,68 @@ [JC_41] file = "HOME/tests/java/SimpleAlloc.java" -line = 11 -begin = 17 -end = 24 +line = 36 +begin = 4 +end = 8 [JC_42] -file = "HOME/tests/java/SimpleAlloc.java" -line = 11 -begin = 28 -end = 40 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_43] -file = "HOME/tests/java/SimpleAlloc.java" -line = 11 -begin = 17 -end = 40 - -[JC_44] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_44] +file = "HOME/tests/java/SimpleAlloc.java" +line = 36 +begin = 4 +end = 8 + [test_test_safety] name = "Method test" behavior = "Safety" file = "HOME/tests/java/SimpleAlloc.java" -line = 15 +line = 46 begin = 9 end = 13 [JC_45] -file = "HOME/tests/java/SimpleAlloc.java" -line = 11 -begin = 17 -end = 24 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_46] file = "HOME/tests/java/SimpleAlloc.java" -line = 11 -begin = 28 -end = 40 +line = 36 +begin = 4 +end = 8 [JC_1] file = "HOME/tests/java/SimpleAlloc.jc" -line = 54 -begin = 8 +line = 23 +begin = 12 end = 22 -[JC_47] -file = "HOME/tests/java/SimpleAlloc.java" -line = 11 -begin = 17 -end = 40 - [cons_Node_safety] name = "Constructor of class Node" behavior = "Safety" file = "HOME/tests/java/SimpleAlloc.java" -line = 5 +line = 36 begin = 4 end = 8 +[JC_47] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_2] file = "HOME/" line = 0 @@ -446,15 +501,15 @@ [JC_3] file = "HOME/tests/java/SimpleAlloc.jc" -line = 54 -begin = 8 +line = 23 +begin = 12 end = 22 [JC_49] file = "HOME/tests/java/SimpleAlloc.java" -line = 13 -begin = 16 -end = 23 +line = 42 +begin = 17 +end = 24 [JC_4] file = "HOME/" @@ -463,130 +518,128 @@ end = -1 [JC_5] -file = "HOME/tests/java/SimpleAlloc.jc" -line = 57 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_6] -file = "HOME/tests/java/SimpleAlloc.jc" -line = 56 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_7] -file = "HOME/tests/java/SimpleAlloc.jc" -line = 57 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_8] -file = "HOME/tests/java/SimpleAlloc.jc" -line = 56 -begin = 10 -end = 18 - -[cons_test_ensures_default] -name = "Constructor of class test" -behavior = "Default behavior" file = "HOME/" line = 0 begin = -1 end = -1 -[JC_9] +[cons_test_ensures_default] +name = "Constructor of class test" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 end = -1 +[JC_9] +file = "HOME/tests/java/SimpleAlloc.jc" +line = 57 +begin = 8 +end = 22 + [test_test_ensures_default] name = "Method test" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/SimpleAlloc.java" -line = 15 +line = 46 begin = 9 end = 13 [JC_50] file = "HOME/tests/java/SimpleAlloc.java" -line = 15 -begin = 9 -end = 13 +line = 42 +begin = 28 +end = 40 [JC_51] file = "HOME/tests/java/SimpleAlloc.java" -line = 15 -begin = 9 -end = 13 +line = 42 +begin = 17 +end = 40 [JC_52] -file = "HOME/tests/java/SimpleAlloc.jc" -line = 87 -begin = 10 -end = 35 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_53] -file = "HOME/tests/java/SimpleAlloc.jc" -line = 86 -begin = 9 -end = 16 +file = "HOME/tests/java/SimpleAlloc.java" +line = 42 +begin = 17 +end = 24 [JC_54] file = "HOME/tests/java/SimpleAlloc.java" -line = 13 +line = 42 +begin = 28 +end = 40 + +[JC_55] +file = "HOME/tests/java/SimpleAlloc.java" +line = 42 +begin = 17 +end = 40 + +[JC_56] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_57] +file = "HOME/tests/java/SimpleAlloc.java" +line = 44 begin = 16 end = 23 -[JC_55] +[JC_58] file = "HOME/tests/java/SimpleAlloc.java" -line = 15 +line = 46 begin = 9 end = 13 -[JC_56] +[JC_59] file = "HOME/tests/java/SimpleAlloc.java" -line = 15 +line = 46 begin = 9 end = 13 -[JC_57] +[JC_60] file = "HOME/tests/java/SimpleAlloc.jc" -line = 87 +line = 90 begin = 10 end = 35 -[JC_58] +[JC_61] file = "HOME/tests/java/SimpleAlloc.jc" -line = 86 +line = 89 begin = 9 end = 16 -[JC_59] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_60] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - -[JC_61] -kind = AllocSize -file = "HOME/tests/java/SimpleAlloc.jc" -line = 91 -begin = 27 -end = 38 - [JC_62] -kind = IndexBounds -file = "HOME/tests/java/SimpleAlloc.jc" -line = 91 -begin = 7 -end = 39 +file = "HOME/tests/java/SimpleAlloc.java" +line = 44 +begin = 16 +end = 23 [JC_10] file = "HOME/" @@ -595,24 +648,22 @@ end = -1 [JC_63] -kind = UserCall -file = "HOME/tests/java/SimpleAlloc.jc" -line = 94 -begin = 24 -end = 39 +file = "HOME/tests/java/SimpleAlloc.java" +line = 46 +begin = 9 +end = 13 [JC_11] file = "HOME/tests/java/SimpleAlloc.jc" -line = 60 +line = 57 begin = 8 -end = 31 +end = 22 [JC_64] -kind = IndexBounds -file = "HOME/tests/java/SimpleAlloc.jc" -line = 89 -begin = 11 -end = 177 +file = "HOME/tests/java/SimpleAlloc.java" +line = 46 +begin = 9 +end = 13 [JC_12] file = "HOME/" @@ -621,30 +672,28 @@ end = -1 [JC_65] -kind = AllocSize file = "HOME/tests/java/SimpleAlloc.jc" -line = 91 -begin = 27 -end = 38 +line = 90 +begin = 10 +end = 35 [JC_13] file = "HOME/tests/java/SimpleAlloc.jc" line = 60 -begin = 8 -end = 31 +begin = 11 +end = 66 [JC_66] -kind = UserCall file = "HOME/tests/java/SimpleAlloc.jc" -line = 94 -begin = 24 -end = 39 +line = 89 +begin = 9 +end = 16 [JC_14] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/SimpleAlloc.jc" +line = 59 +begin = 10 +end = 18 [JC_67] file = "HOME/" @@ -654,9 +703,9 @@ [JC_15] file = "HOME/tests/java/SimpleAlloc.jc" -line = 63 +line = 60 begin = 11 -end = 103 +end = 66 [JC_68] file = "HOME/" @@ -666,51 +715,55 @@ [JC_16] file = "HOME/tests/java/SimpleAlloc.jc" -line = 62 +line = 59 begin = 10 end = 18 [JC_69] +kind = AllocSize +file = "HOME/tests/java/SimpleAlloc.jc" +line = 94 +begin = 27 +end = 38 + +[JC_17] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_17] -file = "HOME/tests/java/SimpleAlloc.jc" -line = 63 -begin = 11 -end = 103 - [JC_18] -file = "HOME/tests/java/SimpleAlloc.jc" -line = 62 -begin = 10 -end = 18 - -[JC_19] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_19] +file = "HOME/tests/java/SimpleAlloc.jc" +line = 63 +begin = 8 +end = 31 + [JC_70] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = IndexBounds +file = "HOME/tests/java/SimpleAlloc.jc" +line = 94 +begin = 7 +end = 39 [JC_71] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/SimpleAlloc.jc" +line = 97 +begin = 24 +end = 39 [JC_72] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = IndexBounds +file = "HOME/tests/java/SimpleAlloc.jc" +line = 92 +begin = 11 +end = 177 [JC_20] file = "HOME/" @@ -719,22 +772,24 @@ end = -1 [JC_73] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = AllocSize +file = "HOME/tests/java/SimpleAlloc.jc" +line = 94 +begin = 27 +end = 38 [JC_21] file = "HOME/tests/java/SimpleAlloc.jc" -line = 67 +line = 63 begin = 8 -end = 23 +end = 31 [JC_74] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/SimpleAlloc.jc" +line = 97 +begin = 24 +end = 39 [JC_22] file = "HOME/" @@ -750,13 +805,31 @@ begin = -1 end = -1 +[JC_75] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + [JC_23] file = "HOME/tests/java/SimpleAlloc.jc" -line = 67 -begin = 8 -end = 23 +line = 66 +begin = 11 +end = 103 + +[JC_76] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_24] +file = "HOME/tests/java/SimpleAlloc.jc" +line = 65 +begin = 10 +end = 18 + +[JC_77] file = "HOME/" line = 0 begin = -1 @@ -764,19 +837,31 @@ [cons_Node_ensures_default] name = "Constructor of class Node" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/SimpleAlloc.java" -line = 5 +line = 36 begin = 4 end = 8 [JC_25] +file = "HOME/tests/java/SimpleAlloc.jc" +line = 66 +begin = 11 +end = 103 + +[JC_78] file = "HOME/" line = 0 begin = -1 end = -1 [JC_26] +file = "HOME/tests/java/SimpleAlloc.jc" +line = 65 +begin = 10 +end = 18 + +[JC_79] file = "HOME/" line = 0 begin = -1 @@ -796,21 +881,39 @@ [JC_29] file = "HOME/tests/java/SimpleAlloc.jc" -line = 69 -begin = 11 -end = 65 +line = 70 +begin = 8 +end = 23 + +[JC_80] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_81] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_82] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_30] -file = "HOME/tests/java/SimpleAlloc.jc" -line = 69 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_31] -file = "HOME/tests/java/SimpleAlloc.java" -line = 5 -begin = 4 -end = 8 +file = "HOME/tests/java/SimpleAlloc.jc" +line = 70 +begin = 8 +end = 23 [JC_32] file = "HOME/" @@ -819,10 +922,10 @@ end = -1 [JC_33] -file = "HOME/tests/java/SimpleAlloc.java" -line = 5 -begin = 4 -end = 8 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_34] file = "HOME/" @@ -837,29 +940,29 @@ end = -1 [JC_36] -file = "HOME/tests/java/SimpleAlloc.java" -line = 5 -begin = 4 -end = 8 - -[JC_37] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_37] +file = "HOME/tests/java/SimpleAlloc.jc" +line = 72 +begin = 11 +end = 65 + [JC_38] +file = "HOME/tests/java/SimpleAlloc.jc" +line = 72 +begin = 11 +end = 65 + +[JC_39] file = "HOME/tests/java/SimpleAlloc.java" -line = 5 +line = 36 begin = 4 end = 8 -[JC_39] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - ========== file tests/java/why/SimpleAlloc.why ========== type Object @@ -875,18 +978,12 @@ type short -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - logic NodeM_tag: -> Object tag_id axiom NodeM_parenttag_Object : parenttag(NodeM_tag, Object_tag) @@ -901,7 +998,7 @@ predicate Non_null_Object(x_1:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_1), (0)) + ge_int(offset_max(Object_alloc_table, x_1), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -918,14 +1015,10 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -939,6 +1032,11 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_byte(byte_of_integer(x)), x))) +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + axiom byte_range : (forall x:byte. (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) @@ -952,6 +1050,11 @@ ((le_int((0), x) and le_int(x, (65535))) -> eq_int(integer_of_char(char_of_integer(x)), x))) +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + axiom char_range : (forall x:char. (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) @@ -984,6 +1087,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -1045,6 +1153,11 @@ ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> eq_int(integer_of_long(long_of_integer(x)), x))) +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + axiom long_range : (forall x:long. (le_int((-9223372036854775808), integer_of_long(x)) @@ -1096,6 +1209,11 @@ ((le_int((-32768), x) and le_int(x, (32767))) -> eq_int(integer_of_short(short_of_integer(x)), x))) +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + axiom short_range : (forall x:short. (le_int((-32768), integer_of_short(x)) @@ -1149,40 +1267,6 @@ axiom test_parenttag_Object : parenttag(test_tag, Object_tag) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Node(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NodeM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_test(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1227,6 +1311,12 @@ Object_alloc_table:Object alloc_table) = valid_struct_Object(p, a, b, Object_alloc_table) +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter NodeM_NodeP : (Object, Object pointer) memory ref parameter Node_val : (Object, int32) memory ref @@ -1235,149 +1325,9 @@ parameter Object_tag_table : Object tag_table ref -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Node : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Node(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_NodeM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_NodeM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_NodeM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_NodeM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Node_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Node(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_test : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_test(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_test_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_test(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1577,6 +1527,10 @@ parameter any_short : unit -> { } short { true } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter byte_of_integer_ : x:int -> { (le_int((-128), x) and le_int(x, (127)))} byte @@ -1590,16 +1544,16 @@ parameter cons_Node : this_0:Object pointer -> { } unit reads Object_alloc_table writes Node_val - { (JC_38: + { (JC_46: not_assigns(Object_alloc_table@, Node_val@, Node_val, - pset_singleton(this_0@))) } + pset_singleton(this_0))) } parameter cons_Node_requires : this_0:Object pointer -> { } unit reads Object_alloc_table writes Node_val - { (JC_38: + { (JC_46: not_assigns(Object_alloc_table@, Node_val@, Node_val, - pset_singleton(this_0@))) } + pset_singleton(this_0))) } parameter test_x : (Object, Object pointer) memory ref @@ -1619,18 +1573,18 @@ parameter java_array_length_NodeM : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter java_array_length_NodeM_requires : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter long_of_integer_ : x:int -> @@ -1640,29 +1594,29 @@ parameter non_null_NodeM : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_NodeM_requires : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_Object : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_Object_requires : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter safe_byte_of_integer_ : @@ -1689,35 +1643,31 @@ this_2:Object pointer -> { } unit reads Object_alloc_table,test_x writes NodeM_NodeP,Node_val,Object_alloc_table,Object_tag_table - { (JC_58: - ((JC_54: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) - and (JC_57: - ((JC_55: + { (JC_66: + ((JC_62: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) + and (JC_65: + ((JC_63: not_assigns(Object_alloc_table@, Node_val@, Node_val, pset_empty)) - and (JC_56: + and (JC_64: not_assigns(Object_alloc_table@, NodeM_NodeP@, NodeM_NodeP, - pset_range(pset_deref(test_x@, pset_singleton(this_2@)), (0), - (0)))))))) } + pset_range(pset_deref(test_x@, pset_singleton(this_2)), (0), (0)))))))) } parameter test_test_requires : this_2:Object pointer -> - { (JC_43: - ((JC_41: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) - and (JC_42: - eq_int(add_int(offset_max(Object_alloc_table, select(test_x, this_2)), - (1)), - (10)))))} + { (JC_51: + ((JC_49: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) + and (JC_50: + (add_int(offset_max(Object_alloc_table, select(test_x, this_2)), (1)) = (10)))))} unit reads Object_alloc_table,test_x writes NodeM_NodeP,Node_val,Object_alloc_table,Object_tag_table - { (JC_58: - ((JC_54: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) - and (JC_57: - ((JC_55: + { (JC_66: + ((JC_62: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) + and (JC_65: + ((JC_63: not_assigns(Object_alloc_table@, Node_val@, Node_val, pset_empty)) - and (JC_56: + and (JC_64: not_assigns(Object_alloc_table@, NodeM_NodeP@, NodeM_NodeP, - pset_range(pset_deref(test_x@, pset_singleton(this_2@)), (0), - (0)))))))) } + pset_range(pset_deref(test_x@, pset_singleton(this_2)), (0), (0)))))))) } let cons_Node_ensures_default = fun (this_0 : Object pointer) -> @@ -1730,9 +1680,9 @@ begin (let jessie_ = this_0 in (((safe_upd_ Node_val) jessie_) jessie_)); jessie_ end) in void); (raise Return) end with Return -> void end) - { (JC_36: + { (JC_44: not_assigns(Object_alloc_table@, Node_val@, Node_val, - pset_singleton(this_0@))) } + pset_singleton(this_0))) } let cons_Node_safety = fun (this_0 : Object pointer) -> @@ -1758,7 +1708,7 @@ begin (let jessie_ = this_3 in (((safe_upd_ test_x) jessie_) jessie_)); jessie_ end) in void); (raise Return) end with Return -> void end) - { (JC_71: true) } + { (JC_79: true) } let cons_test_safety = fun (this_3 : Object pointer) -> @@ -1776,13 +1726,11 @@ let test_test_ensures_default = fun (this_2 : Object pointer) -> { (valid_struct_test(this_2, (0), (0), Object_alloc_table) - and (JC_47: - ((JC_45: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) - and (JC_46: - eq_int(add_int(offset_max(Object_alloc_table, - select(test_x, this_2)), - (1)), - (10)))))) } + and (JC_55: + ((JC_53: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) + and (JC_54: + (add_int(offset_max(Object_alloc_table, select(test_x, this_2)), + (1)) = (10)))))) } (init: try begin @@ -1790,33 +1738,30 @@ (K_7: (let jessie_ = (let this = - (JC_65: (((alloc_struct_Node (1)) Object_alloc_table) Object_tag_table)) in - (let tt = (let jessie_ = this in (JC_66: (cons_Node jessie_))) in + (JC_73: (((alloc_struct_Node (1)) Object_alloc_table) Object_tag_table)) in + (let tt = (let jessie_ = this in (JC_74: (cons_Node jessie_))) in this)) in begin (let jessie_ = (K_6: ((safe_acc_ !test_x) this_2)) in (((safe_upd_ NodeM_NodeP) jessie_) jessie_)); jessie_ end)) in void); (raise Return) end with Return -> void end) - { (JC_53: - ((JC_49: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) - and (JC_52: - ((JC_50: + { (JC_61: + ((JC_57: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) + and (JC_60: + ((JC_58: not_assigns(Object_alloc_table@, Node_val@, Node_val, pset_empty)) - and (JC_51: + and (JC_59: not_assigns(Object_alloc_table@, NodeM_NodeP@, NodeM_NodeP, - pset_range(pset_deref(test_x@, pset_singleton(this_2@)), (0), - (0)))))))) } + pset_range(pset_deref(test_x@, pset_singleton(this_2)), (0), (0)))))))) } let test_test_safety = fun (this_2 : Object pointer) -> { (valid_struct_test(this_2, (0), (0), Object_alloc_table) - and (JC_47: - ((JC_45: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) - and (JC_46: - eq_int(add_int(offset_max(Object_alloc_table, - select(test_x, this_2)), - (1)), - (10)))))) } + and (JC_55: + ((JC_53: Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) + and (JC_54: + (add_int(offset_max(Object_alloc_table, select(test_x, this_2)), + (1)) = (10)))))) } (init: try begin @@ -1825,17 +1770,17 @@ (let jessie_ = (let this = (let jessie_ = - (JC_61: + (JC_69: (((alloc_struct_Node_requires (1)) Object_alloc_table) Object_tag_table)) in - (JC_62: + (JC_70: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (0)) }; jessie_))) in (let tt = - (let jessie_ = this in (JC_63: (cons_Node_requires jessie_))) in + (let jessie_ = this in (JC_71: (cons_Node_requires jessie_))) in this)) in begin (let jessie_ = (K_6: ((safe_acc_ !test_x) this_2)) in - (JC_64: + (JC_72: (((((lsafe_lbound_upd_ !Object_alloc_table) NodeM_NodeP) jessie_) (0)) jessie_))); jessie_ end)) in void); (raise Return) end with Return -> void end) { true } @@ -1847,45 +1792,45 @@ + + + + + + + + + + + + + + - + - + - + - - - - - - - - - - - - - - - + - + @@ -2855,7 +2800,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -2889,6 +2834,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -2901,6 +2850,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -2933,6 +2886,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -2994,6 +2952,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -3046,6 +3008,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -3098,40 +3065,6 @@ axiom test_parenttag_Object: parenttag(test_tag, Object_tag) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Node(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NodeM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_test(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -3188,7 +3121,7 @@ forall Node_val0:(Object, int32) memory. (Node_val0 = store(Node_val, this_0, result)) -> - ("JC_36": not_assigns(Object_alloc_table, Node_val, Node_val0, + ("JC_44": not_assigns(Object_alloc_table, Node_val, Node_val0, pset_singleton(this_0))) ========== file tests/java/why/SimpleAlloc_po2.why ========== @@ -3201,9 +3134,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -3214,16 +3147,15 @@ instanceof(Object_tag_table, result, Node_tag)))) -> forall Node_val0:(Object, int32) memory. - ("JC_38": not_assigns(Object_alloc_table0, Node_val, Node_val0, + ("JC_46": not_assigns(Object_alloc_table0, Node_val, Node_val0, pset_singleton(result))) -> forall result0:Object pointer. (result0 = select(test_x, this_2)) -> forall NodeM_NodeP0:(Object, Object pointer) memory. (NodeM_NodeP0 = store(NodeM_NodeP, result0, result)) -> - ("JC_53": - ("JC_49": - ("JC_49": Non_null_NodeM(select(test_x, this_2), Object_alloc_table0)))) + ("JC_61": + ("JC_57": Non_null_NodeM(select(test_x, this_2), Object_alloc_table0))) ========== file tests/java/why/SimpleAlloc_po3.why ========== goal test_test_ensures_default_po_2: @@ -3235,9 +3167,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -3248,17 +3180,16 @@ instanceof(Object_tag_table, result, Node_tag)))) -> forall Node_val0:(Object, int32) memory. - ("JC_38": not_assigns(Object_alloc_table0, Node_val, Node_val0, + ("JC_46": not_assigns(Object_alloc_table0, Node_val, Node_val0, pset_singleton(result))) -> forall result0:Object pointer. (result0 = select(test_x, this_2)) -> forall NodeM_NodeP0:(Object, Object pointer) memory. (NodeM_NodeP0 = store(NodeM_NodeP, result0, result)) -> - ("JC_53": - ("JC_52": - ("JC_50": - ("JC_50": not_assigns(Object_alloc_table, Node_val, Node_val0, pset_empty))))) + ("JC_61": + ("JC_60": + ("JC_58": not_assigns(Object_alloc_table, Node_val, Node_val0, pset_empty)))) ========== file tests/java/why/SimpleAlloc_po4.why ========== goal test_test_ensures_default_po_3: @@ -3270,9 +3201,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -3283,18 +3214,17 @@ instanceof(Object_tag_table, result, Node_tag)))) -> forall Node_val0:(Object, int32) memory. - ("JC_38": not_assigns(Object_alloc_table0, Node_val, Node_val0, + ("JC_46": not_assigns(Object_alloc_table0, Node_val, Node_val0, pset_singleton(result))) -> forall result0:Object pointer. (result0 = select(test_x, this_2)) -> forall NodeM_NodeP0:(Object, Object pointer) memory. (NodeM_NodeP0 = store(NodeM_NodeP, result0, result)) -> - ("JC_53": - ("JC_52": - ("JC_51": - ("JC_51": not_assigns(Object_alloc_table, NodeM_NodeP, NodeM_NodeP0, - pset_range(pset_deref(test_x, pset_singleton(this_2)), 0, 0)))))) + ("JC_61": + ("JC_60": + ("JC_59": not_assigns(Object_alloc_table, NodeM_NodeP, NodeM_NodeP0, + pset_range(pset_deref(test_x, pset_singleton(this_2)), 0, 0))))) ========== file tests/java/why/SimpleAlloc_po5.why ========== goal test_test_safety_po_1: @@ -3303,9 +3233,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> (1 >= 0) @@ -3316,9 +3246,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> (1 >= 0) -> forall result:Object pointer. @@ -3339,9 +3269,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> (1 >= 0) -> forall result:Object pointer. @@ -3354,7 +3284,7 @@ (offset_max(Object_alloc_table0, result) >= 0) -> forall Node_val0:(Object, int32) memory. - ("JC_38": not_assigns(Object_alloc_table0, Node_val, Node_val0, + ("JC_46": not_assigns(Object_alloc_table0, Node_val, Node_val0, pset_singleton(result))) -> forall result0:Object pointer. (result0 = select(test_x, this_2)) -> @@ -4193,7 +4123,7 @@ (>= (offset_max Object_alloc_table x_0) (- 0 1))) (DEFPRED (Non_null_Object x_1 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_1) 0)) + (>= (offset_max Object_alloc_table x_1) 0)) (BG_PUSH ;; Why axiom Object_int @@ -4226,6 +4156,11 @@ (EQ (integer_of_byte (byte_of_integer x)) x)))) (BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom byte_range (FORALL (x) (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) @@ -4237,6 +4172,11 @@ (EQ (integer_of_char (char_of_integer x)) x)))) (BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom char_range (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) @@ -4259,6 +4199,11 @@ (EQ (integer_of_int32 (int32_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int32_range (FORALL (x) (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) @@ -4314,6 +4259,11 @@ (EQ (integer_of_long (long_of_integer x)) x)))) (BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom long_range (FORALL (x) (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) @@ -4358,6 +4308,11 @@ (EQ (integer_of_short (short_of_integer x)) x)))) (BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom short_range (FORALL (x) (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) @@ -4400,32 +4355,6 @@ ;; Why axiom test_parenttag_Object (EQ (parenttag test_tag Object_tag) |@true|)) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Node p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_NodeM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_test p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -4460,7 +4389,7 @@ (DEFPRED (valid_struct_test p a b Object_alloc_table) (valid_struct_Object p a b Object_alloc_table)) -;; cons_Node_ensures_default_po_1, File "HOME/tests/java/SimpleAlloc.java", line 5, characters 4-8 +;; cons_Node_ensures_default_po_1, File "HOME/tests/java/SimpleAlloc.java", line 36, characters 4-8 (FORALL (this_0) (FORALL (Node_val) (FORALL (Object_alloc_table) @@ -4471,7 +4400,7 @@ (IMPLIES (EQ Node_val0 (|why__store| Node_val this_0 result)) (not_assigns Object_alloc_table Node_val Node_val0 (pset_singleton this_0)))))))))) -;; test_test_ensures_default_po_1, File "HOME/tests/java/SimpleAlloc.java", line 13, characters 16-23 +;; test_test_ensures_default_po_1, File "HOME/tests/java/SimpleAlloc.java", line 44, characters 16-23 (FORALL (this_2) (FORALL (NodeM_NodeP) (FORALL (Node_val) @@ -4497,7 +4426,7 @@ (IMPLIES (EQ NodeM_NodeP0 (|why__store| NodeM_NodeP result0 result)) (Non_null_NodeM (select test_x this_2) Object_alloc_table0))))))))))))))))) -;; test_test_ensures_default_po_2, File "HOME/tests/java/SimpleAlloc.java", line 15, characters 9-13 +;; test_test_ensures_default_po_2, File "HOME/tests/java/SimpleAlloc.java", line 46, characters 9-13 (FORALL (this_2) (FORALL (NodeM_NodeP) (FORALL (Node_val) @@ -4523,7 +4452,7 @@ (IMPLIES (EQ NodeM_NodeP0 (|why__store| NodeM_NodeP result0 result)) (not_assigns Object_alloc_table Node_val Node_val0 pset_empty))))))))))))))))) -;; test_test_ensures_default_po_3, File "HOME/tests/java/SimpleAlloc.java", line 15, characters 9-13 +;; test_test_ensures_default_po_3, File "HOME/tests/java/SimpleAlloc.java", line 46, characters 9-13 (FORALL (this_2) (FORALL (NodeM_NodeP) (FORALL (Node_val) @@ -4552,7 +4481,7 @@ (pset_deref test_x (pset_singleton this_2)) 0 0)))))))))))))))))) -;; test_test_safety_po_1, File "HOME/tests/java/SimpleAlloc.jc", line 91, characters 27-38 +;; test_test_safety_po_1, File "HOME/tests/java/SimpleAlloc.jc", line 94, characters 27-38 (FORALL (this_2) (FORALL (Object_alloc_table) (FORALL (test_x) @@ -4561,7 +4490,7 @@ (EQ (+ (offset_max Object_alloc_table (select test_x this_2)) 1) 10))) (>= 1 0))))) -;; test_test_safety_po_2, File "why/SimpleAlloc.why", line 968, characters 15-69 +;; test_test_safety_po_2, File "why/SimpleAlloc.why", line 810, characters 15-69 (FORALL (this_2) (FORALL (Object_alloc_table) (FORALL (test_x) @@ -4579,7 +4508,7 @@ (instanceof Object_tag_table result Node_tag)))) (>= (offset_max Object_alloc_table0 result) 0)))))))))) -;; test_test_safety_po_3, File "HOME/tests/java/SimpleAlloc.jc", line 89, characters 11-177 +;; test_test_safety_po_3, File "HOME/tests/java/SimpleAlloc.jc", line 92, characters 11-177 (FORALL (this_2) (FORALL (Node_val) (FORALL (Object_alloc_table) @@ -5580,7 +5509,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -5614,6 +5543,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -5626,6 +5559,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -5658,6 +5595,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -5719,6 +5661,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -5771,6 +5717,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -5823,40 +5774,6 @@ axiom test_parenttag_Object: parenttag(test_tag, Object_tag) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Node(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NodeM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_test(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -5912,7 +5829,7 @@ forall Node_val0:(Object, int32) memory. (Node_val0 = store(Node_val, this_0, result)) -> - ("JC_36": not_assigns(Object_alloc_table, Node_val, Node_val0, + ("JC_44": not_assigns(Object_alloc_table, Node_val, Node_val0, pset_singleton(this_0))) goal test_test_ensures_default_po_1: @@ -5924,9 +5841,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -5937,16 +5854,15 @@ instanceof(Object_tag_table, result, Node_tag)))) -> forall Node_val0:(Object, int32) memory. - ("JC_38": not_assigns(Object_alloc_table0, Node_val, Node_val0, + ("JC_46": not_assigns(Object_alloc_table0, Node_val, Node_val0, pset_singleton(result))) -> forall result0:Object pointer. (result0 = select(test_x, this_2)) -> forall NodeM_NodeP0:(Object, Object pointer) memory. (NodeM_NodeP0 = store(NodeM_NodeP, result0, result)) -> - ("JC_53": - ("JC_49": - ("JC_49": Non_null_NodeM(select(test_x, this_2), Object_alloc_table0)))) + ("JC_61": + ("JC_57": Non_null_NodeM(select(test_x, this_2), Object_alloc_table0))) goal test_test_ensures_default_po_2: forall this_2:Object pointer. @@ -5957,9 +5873,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -5970,17 +5886,16 @@ instanceof(Object_tag_table, result, Node_tag)))) -> forall Node_val0:(Object, int32) memory. - ("JC_38": not_assigns(Object_alloc_table0, Node_val, Node_val0, + ("JC_46": not_assigns(Object_alloc_table0, Node_val, Node_val0, pset_singleton(result))) -> forall result0:Object pointer. (result0 = select(test_x, this_2)) -> forall NodeM_NodeP0:(Object, Object pointer) memory. (NodeM_NodeP0 = store(NodeM_NodeP, result0, result)) -> - ("JC_53": - ("JC_52": - ("JC_50": - ("JC_50": not_assigns(Object_alloc_table, Node_val, Node_val0, pset_empty))))) + ("JC_61": + ("JC_60": + ("JC_58": not_assigns(Object_alloc_table, Node_val, Node_val0, pset_empty)))) goal test_test_ensures_default_po_3: forall this_2:Object pointer. @@ -5991,9 +5906,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. @@ -6004,18 +5919,17 @@ instanceof(Object_tag_table, result, Node_tag)))) -> forall Node_val0:(Object, int32) memory. - ("JC_38": not_assigns(Object_alloc_table0, Node_val, Node_val0, + ("JC_46": not_assigns(Object_alloc_table0, Node_val, Node_val0, pset_singleton(result))) -> forall result0:Object pointer. (result0 = select(test_x, this_2)) -> forall NodeM_NodeP0:(Object, Object pointer) memory. (NodeM_NodeP0 = store(NodeM_NodeP, result0, result)) -> - ("JC_53": - ("JC_52": - ("JC_51": - ("JC_51": not_assigns(Object_alloc_table, NodeM_NodeP, NodeM_NodeP0, - pset_range(pset_deref(test_x, pset_singleton(this_2)), 0, 0)))))) + ("JC_61": + ("JC_60": + ("JC_59": not_assigns(Object_alloc_table, NodeM_NodeP, NodeM_NodeP0, + pset_range(pset_deref(test_x, pset_singleton(this_2)), 0, 0))))) goal test_test_safety_po_1: forall this_2:Object pointer. @@ -6023,9 +5937,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> (1 >= 0) @@ -6035,9 +5949,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> (1 >= 0) -> forall result:Object pointer. @@ -6057,9 +5971,9 @@ forall test_x:(Object, Object pointer) memory. (valid_struct_test(this_2, 0, 0, Object_alloc_table) and - ("JC_47": - (("JC_45": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and - ("JC_46": ((offset_max(Object_alloc_table, select(test_x, + ("JC_55": + (("JC_53": Non_null_NodeM(select(test_x, this_2), Object_alloc_table)) and + ("JC_54": ((offset_max(Object_alloc_table, select(test_x, this_2)) + 1) = 10))))) -> (1 >= 0) -> forall result:Object pointer. @@ -6072,7 +5986,7 @@ (offset_max(Object_alloc_table0, result) >= 0) -> forall Node_val0:(Object, int32) memory. - ("JC_38": not_assigns(Object_alloc_table0, Node_val, Node_val0, + ("JC_46": not_assigns(Object_alloc_table0, Node_val, Node_val0, pset_singleton(result))) -> forall result0:Object pointer. (result0 = select(test_x, this_2)) -> diff -Nru why-2.29+dfsg/tests/java/oracle/SimpleApplet.res.oracle why-2.30+dfsg/tests/java/oracle/SimpleApplet.res.oracle --- why-2.29+dfsg/tests/java/oracle/SimpleApplet.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/SimpleApplet.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,35 @@ ========== file tests/java/SimpleApplet.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // JAVACARD: will ask regtests to use Java Card API for this program /***************************** @@ -90,6 +121,13 @@ } } + +/* +Local Variables: +compile-command: "make SimpleApplet.why3ml" +End: +*/ + ========== krakatoa execution ========== // JAVACARD: will ask regtests to use Java Card API for this program Parsing OK. @@ -193,7 +231,7 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) axiomatic BUFFERSIZE_theory { @@ -779,19 +817,19 @@ [K_10] file = "HOME/tests/java/SimpleApplet.java" -line = 86 +line = 117 begin = 5 end = 55 [K_11] file = "HOME/tests/java/SimpleApplet.java" -line = 74 +line = 105 begin = 9 end = 32 [K_12] file = "HOME/tests/java/SimpleApplet.java" -line = 67 +line = 98 begin = 14 end = 30 @@ -826,7 +864,7 @@ [cons_Card] name = "Constructor of class Card" file = "HOME/tests/java/SimpleApplet.java" -line = 46 +line = 77 begin = 4 end = 8 @@ -896,7 +934,7 @@ [Card_process] name = "Method process" file = "HOME/tests/java/SimpleApplet.java" -line = 61 +line = 92 begin = 16 end = 23 @@ -923,19 +961,19 @@ [K_1] file = "HOME/tests/java/SimpleApplet.java" -line = 55 +line = 86 begin = 38 end = 49 [K_2] file = "HOME/tests/java/SimpleApplet.java" -line = 55 +line = 86 begin = 29 end = 50 [K_3] file = "HOME/tests/java/SimpleApplet.java" -line = 55 +line = 86 begin = 52 end = 67 @@ -948,7 +986,7 @@ [K_4] file = "HOME/tests/java/SimpleApplet.java" -line = 55 +line = 86 begin = 1 end = 68 @@ -968,7 +1006,7 @@ [Card_install] name = "Method install" file = "HOME/tests/java/SimpleApplet.java" -line = 53 +line = 84 begin = 23 end = 30 @@ -981,13 +1019,13 @@ [K_6] file = "HOME/tests/java/SimpleApplet.java" -line = 63 +line = 94 begin = 5 end = 22 [K_7] file = "HOME/tests/java/SimpleApplet.java" -line = 71 +line = 102 begin = 5 end = 55 @@ -1007,13 +1045,13 @@ [K_8] file = "HOME/tests/java/SimpleApplet.java" -line = 70 +line = 101 begin = 4 end = 27 [K_9] file = "HOME/tests/java/SimpleApplet.java" -line = 70 +line = 101 begin = 4 end = 40 @@ -1387,10 +1425,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs SimpleApplet.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/SimpleApplet_why.sx @@ -1451,6 +1490,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/SimpleApplet_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/SimpleApplet_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -1523,6 +1569,9 @@ why3ide: why/SimpleApplet_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: SimpleApplet.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include SimpleApplet.depend depend: coq/SimpleApplet_why.v @@ -1656,7 +1705,7 @@ name = "Constructor of class Card" behavior = "Safety" file = "HOME/tests/java/SimpleApplet.java" -line = 46 +line = 77 begin = 4 end = 8 @@ -1734,7 +1783,7 @@ [cons_APDU_ensures_default] name = "Constructor of class APDU" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/javacard_api/javacard/framework/APDU.java" line = 239 begin = 2 @@ -1820,7 +1869,7 @@ [cons_RuntimeException_ensures_default] name = "Constructor of class RuntimeException" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/javacard_api/java/lang/RuntimeException.java" line = 47 begin = 9 @@ -1834,7 +1883,7 @@ [JC_169] file = "HOME/tests/java/SimpleApplet.java" -line = 61 +line = 92 begin = 16 end = 23 @@ -1930,7 +1979,7 @@ [JC_171] file = "HOME/tests/java/SimpleApplet.java" -line = 61 +line = 92 begin = 16 end = 23 @@ -1978,20 +2027,20 @@ [JC_175] file = "HOME/tests/java/SimpleApplet.java" -line = 61 +line = 92 begin = 16 end = 23 [JC_176] file = "HOME/tests/java/SimpleApplet.java" -line = 61 +line = 92 begin = 16 end = 23 [JC_177] kind = UserCall file = "HOME/tests/java/SimpleApplet.java" -line = 63 +line = 94 begin = 5 end = 22 @@ -2004,7 +2053,7 @@ [JC_178] kind = UserCall file = "HOME/tests/java/SimpleApplet.java" -line = 67 +line = 98 begin = 14 end = 30 @@ -2017,7 +2066,7 @@ [JC_179] kind = IndexBounds file = "HOME/tests/java/SimpleApplet.java" -line = 67 +line = 98 begin = 14 end = 30 @@ -2102,7 +2151,7 @@ [JC_180] kind = IndexBounds file = "HOME/tests/java/SimpleApplet.java" -line = 70 +line = 101 begin = 4 end = 27 @@ -2115,7 +2164,7 @@ [JC_181] kind = UserCall file = "HOME/tests/java/SimpleApplet.java" -line = 71 +line = 102 begin = 5 end = 55 @@ -2128,7 +2177,7 @@ [JC_182] kind = IndexBounds file = "HOME/tests/java/SimpleApplet.java" -line = 74 +line = 105 begin = 9 end = 32 @@ -2154,7 +2203,7 @@ [JC_184] kind = UserCall file = "HOME/tests/java/SimpleApplet.java" -line = 63 +line = 94 begin = 5 end = 22 @@ -2167,14 +2216,14 @@ [JC_185] kind = UserCall file = "HOME/tests/java/SimpleApplet.java" -line = 67 +line = 98 begin = 14 end = 30 [JC_186] kind = UserCall file = "HOME/tests/java/SimpleApplet.java" -line = 71 +line = 102 begin = 5 end = 55 @@ -2199,7 +2248,7 @@ [cons_Throwable_ensures_default] name = "Constructor of class Throwable" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/javacard_api/java/lang/Throwable.java" line = 48 begin = 9 @@ -2447,7 +2496,7 @@ [cons_ISOException_short_ensures_default] name = "Constructor of class ISOException" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/javacard_api/javacard/framework/ISOException.java" line = 59 begin = 9 @@ -2479,7 +2528,7 @@ [cons_Object_ensures_default] name = "Constructor of class Object" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/javacard_api/java/lang/Object.java" line = 47 begin = 9 @@ -2523,9 +2572,9 @@ [Card_install_ensures_default] name = "Method install" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/SimpleApplet.java" -line = 53 +line = 84 begin = 23 end = 30 @@ -2609,7 +2658,7 @@ [cons_Exception_ensures_default] name = "Constructor of class Exception" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/javacard_api/java/lang/Exception.java" line = 49 begin = 9 @@ -2987,7 +3036,7 @@ [cons_Applet_ensures_default] name = "Constructor of class Applet" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/javacard_api/javacard/framework/Applet.java" line = 97 begin = 14 @@ -3311,7 +3360,7 @@ name = "Method process" behavior = "Safety" file = "HOME/tests/java/SimpleApplet.java" -line = 61 +line = 92 begin = 16 end = 23 @@ -3621,9 +3670,9 @@ [Card_process_ensures_default] name = "Method process" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/SimpleApplet.java" -line = 61 +line = 92 begin = 16 end = 23 @@ -4139,7 +4188,7 @@ [cons_CardRuntimeException_short_ensures_default] name = "Constructor of class CardRuntimeException" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/lib/javacard_api/javacard/framework/CardRuntimeException.java" line = 56 begin = 9 @@ -4701,7 +4750,7 @@ [JC_123] file = "HOME/tests/java/SimpleApplet.java" -line = 46 +line = 77 begin = 4 end = 8 @@ -4731,7 +4780,7 @@ [JC_125] file = "HOME/tests/java/SimpleApplet.java" -line = 46 +line = 77 begin = 4 end = 8 @@ -5015,7 +5064,7 @@ [JC_131] file = "HOME/tests/java/SimpleApplet.java" -line = 53 +line = 84 begin = 23 end = 30 @@ -5063,7 +5112,7 @@ [JC_133] file = "HOME/tests/java/SimpleApplet.java" -line = 53 +line = 84 begin = 23 end = 30 @@ -5071,7 +5120,7 @@ name = "Method install" behavior = "Safety" file = "HOME/tests/java/SimpleApplet.java" -line = 53 +line = 84 begin = 23 end = 30 @@ -5174,7 +5223,7 @@ [JC_139] kind = PointerDeref file = "HOME/tests/java/SimpleApplet.java" -line = 55 +line = 86 begin = 52 end = 67 @@ -5319,7 +5368,7 @@ [JC_140] kind = ArithOverflow file = "HOME/tests/java/SimpleApplet.java" -line = 55 +line = 86 begin = 38 end = 49 @@ -5338,7 +5387,7 @@ [JC_141] kind = ArithOverflow file = "HOME/tests/java/SimpleApplet.java" -line = 55 +line = 86 begin = 29 end = 50 @@ -5719,9 +5768,9 @@ [cons_Card_ensures_default] name = "Constructor of class Card" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/SimpleApplet.java" -line = 46 +line = 77 begin = 4 end = 8 @@ -5803,8 +5852,6 @@ axiom Applet_parenttag_Object : parenttag(Applet_tag, Object_tag) -exception CardRuntimeException_exc of Object pointer - logic CardRuntimeException_tag: -> Object tag_id logic RuntimeException_tag: -> Object tag_id @@ -5840,8 +5887,6 @@ axiom Card_parenttag_Applet : parenttag(Card_tag, Applet_tag) -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Throwable_tag: -> Object tag_id @@ -5910,8 +5955,6 @@ function ISO7816_SW_WRONG_P1P2() : short = short_of_integer((27392)) -exception ISOException_exc of Object pointer - logic ISOException_tag: -> Object tag_id axiom ISOException_parenttag_CardRuntimeException : @@ -5923,10 +5966,6 @@ axiom JCSystem_parenttag_Object : parenttag(JCSystem_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - logic NativeMethods_tag: -> Object tag_id axiom NativeMethods_parenttag_Object : @@ -5934,7 +5973,7 @@ predicate Non_null_Object(x_2:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_2), (0)) + ge_int(offset_max(Object_alloc_table, x_2), (0)) predicate Non_null_byteM(x_0:Object pointer, Object_alloc_table:Object alloc_table) = @@ -5972,15 +6011,9 @@ axiom PrivAccess_parenttag_Object : parenttag(PrivAccess_tag, Object_tag) -exception Return_label_exc of unit - -exception RuntimeException_exc of Object pointer - axiom RuntimeException_parenttag_Exception : parenttag(RuntimeException_tag, Exception_tag) -exception Throwable_exc of Object pointer - axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) predicate buffer_inv(this_3:Object pointer, @@ -6001,6 +6034,11 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_byte(byte_of_integer(x)), x))) +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + axiom byte_range : (forall x:byte. (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) @@ -6014,6 +6052,11 @@ ((le_int((0), x) and le_int(x, (65535))) -> eq_int(integer_of_char(char_of_integer(x)), x))) +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + axiom char_range : (forall x:char. (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) @@ -6046,6 +6089,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -6147,6 +6195,11 @@ ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> eq_int(integer_of_long(long_of_integer(x)), x))) +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + axiom long_range : (forall x:long. (le_int((-9223372036854775808), integer_of_long(x)) @@ -6240,6 +6293,11 @@ ((le_int((-32768), x) and le_int(x, (32767))) -> eq_int(integer_of_short(short_of_integer(x)), x))) +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + axiom short_range : (forall x:short. (le_int((-32768), integer_of_short(x)) @@ -6329,80 +6387,6 @@ Object_alloc_table:Object alloc_table) = strict_valid_struct_Object(p, a, b, Object_alloc_table) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_AID(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_APDU(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Applet(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Card(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Applet(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Throwable(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_RuntimeException(p:unit pointer, a:int, - b:int, bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Exception(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_CardRuntimeException(p:unit pointer, a:int, - b:int, bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_RuntimeException(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_ISOException(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_CardRuntimeException(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_JCSystem(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NativeMethods(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_OwnerPIN(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PackedBoolean(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PrivAccess(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_byteM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_shortM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -7110,6 +7094,8 @@ parameter Applet_thePrivAccess : (Object, Object pointer) memory ref +exception CardRuntimeException_exc of Object pointer + parameter CardRuntimeException_getReason : this_62:Object pointer -> { } short reads Object_alloc_table { true } @@ -7162,6 +7148,10 @@ reads APDU_buffer,Object_alloc_table,byteM_byteP { (JC_176: buffer_inv(apdu_0, Object_alloc_table, APDU_buffer)) } +exception Exception_exc of Object pointer + +exception ISOException_exc of Object pointer + parameter ISOException_getReason : this_64:Object pointer -> { } short reads Object_alloc_table { true } @@ -7182,6 +7172,10 @@ parameter ISOException_throwIt_requires : sw_0:short -> { } unit { true } +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter Object_equals : this_17:Object pointer -> obj:Object pointer -> { } bool reads Object_alloc_table { true } @@ -7190,329 +7184,11 @@ this_17:Object pointer -> obj:Object pointer -> { } bool reads Object_alloc_table { true } -parameter alloc_bitvector_struct_AID : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_AID(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_AID_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_AID(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_APDU : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_APDU(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_APDU_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_APDU(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Applet : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Applet(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Applet_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Applet(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Card : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Card(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_CardRuntimeException : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_CardRuntimeException(result, (0), - sub_int(n, (1)), bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_CardRuntimeException_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_CardRuntimeException(result, (0), - sub_int(n, (1)), bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Card_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Card(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_ISOException : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_ISOException(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_ISOException_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_ISOException(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_JCSystem : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_JCSystem(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_JCSystem_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_JCSystem(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_NativeMethods : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_NativeMethods(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_NativeMethods_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_NativeMethods(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_OwnerPIN : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_OwnerPIN(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_OwnerPIN_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_OwnerPIN(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_PackedBoolean : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_PackedBoolean(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_PackedBoolean_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_PackedBoolean(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_PrivAccess : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_PrivAccess(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_PrivAccess_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_PrivAccess(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_RuntimeException : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_RuntimeException(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_RuntimeException_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_RuntimeException(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_byteM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_byteM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_byteM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_byteM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Return_label_exc of unit -parameter alloc_bitvector_struct_shortM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_shortM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception RuntimeException_exc of Object pointer -parameter alloc_bitvector_struct_shortM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_shortM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_AID : n:int -> @@ -8037,7 +7713,7 @@ { (JC_17: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_4), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_4), (1)))))) } parameter java_array_length_byteM_requires : x_4:Object pointer -> @@ -8045,7 +7721,7 @@ { (JC_17: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_4), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_4), (1)))))) } parameter java_array_length_shortM : x_6:Object pointer -> @@ -8053,7 +7729,7 @@ { (JC_37: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_6), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_6), (1)))))) } parameter java_array_length_shortM_requires : x_6:Object pointer -> @@ -8061,7 +7737,7 @@ { (JC_37: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_6), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_6), (1)))))) } parameter long_of_integer_ : x:int -> @@ -8072,14 +7748,14 @@ x_7:Object pointer -> { } bool reads Object_alloc_table { (JC_50: - (if result then eq_int(offset_max(Object_alloc_table, x_7), (0)) + (if result then (offset_max(Object_alloc_table, x_7) = (0)) else (x_7 = null))) } parameter non_null_Object_requires : x_7:Object pointer -> { } bool reads Object_alloc_table { (JC_50: - (if result then eq_int(offset_max(Object_alloc_table, x_7), (0)) + (if result then (offset_max(Object_alloc_table, x_7) = (0)) else (x_7 = null))) } parameter non_null_byteM : @@ -8221,7 +7897,7 @@ ((safe_acc_ !byteM_byteP) ((shift buf) (integer_of_byte ISO7816_OFFSET_INS)))) in try (if ((eq_int_ (integer_of_byte jessie_)) (integer_of_byte Card_Card_Ins_Read)) - then (let jessie_ = (raise (Loop_exit_exc void)) in void) + then (raise (Loop_exit_exc void)) else (if true then @@ -8265,7 +7941,7 @@ ((((lsafe_lbound_acc_ !Object_alloc_table) !byteM_byteP) buf) (1)))) in try (if ((eq_int_ (integer_of_byte jessie_)) (integer_of_byte Card_Card_Ins_Read)) - then (let jessie_ = (raise (Loop_exit_exc void)) in void) + then (raise (Loop_exit_exc void)) else (if true then @@ -8504,15 +8180,15 @@ - - + + - - + + @@ -8528,36 +8204,36 @@ text = "AllocSize"/> - + - + - + - + - + - + - + @@ -9716,7 +9392,7 @@ predicate Non_null_Object(x_2: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_2) = 0) + x_2) >= 0) predicate Non_null_byteM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -9775,6 +9451,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -9787,6 +9467,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -9819,6 +9503,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -9920,6 +9609,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -10014,6 +9707,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -10102,80 +9800,6 @@ Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, b, Object_alloc_table) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_AID(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_APDU(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Applet(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Card(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Applet(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Throwable(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_RuntimeException(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Exception(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_CardRuntimeException(p: unit pointer, - a: int, b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_RuntimeException(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_ISOException(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_CardRuntimeException(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_JCSystem(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NativeMethods(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_OwnerPIN(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PackedBoolean(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PrivAccess(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_byteM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_shortM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -10260,6 +9884,13 @@ Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, Object_alloc_table) +========== file tests/java/why/SimpleApplet_po1.why ========== +goal Card_install_safety_po_1: + forall bArray_1:Object pointer. + forall Object_alloc_table:Object alloc_table. + left_valid_struct_byteM(bArray_1, 0, Object_alloc_table) -> + (1 >= 0) + ========== file tests/java/why/SimpleApplet_po10.why ========== goal Card_process_safety_po_1: forall this_1:Object pointer. @@ -10378,13 +10009,6 @@ result5)) -> ("JC_442": buffer_inv(this_68, Object_alloc_table, APDU_buffer0)) -========== file tests/java/why/SimpleApplet_po1.why ========== -goal Card_install_safety_po_1: - forall bArray_1:Object pointer. - forall Object_alloc_table:Object alloc_table. - left_valid_struct_byteM(bArray_1, 0, Object_alloc_table) -> - (1 >= 0) - ========== file tests/java/why/SimpleApplet_po2.why ========== goal Card_install_safety_po_2: forall bArray_1:Object pointer. @@ -11644,7 +11268,7 @@ (EQ (parenttag NativeMethods_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_2 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_2) 0)) + (>= (offset_max Object_alloc_table x_2) 0)) (DEFPRED (Non_null_byteM x_0 Object_alloc_table) (>= (offset_max Object_alloc_table x_0) (- 0 1))) @@ -11702,6 +11326,11 @@ (EQ (integer_of_byte (byte_of_integer x)) x)))) (BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom byte_range (FORALL (x) (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) @@ -11713,6 +11342,11 @@ (EQ (integer_of_char (char_of_integer x)) x)))) (BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom char_range (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) @@ -11735,6 +11369,11 @@ (EQ (integer_of_int32 (int32_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int32_range (FORALL (x) (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) @@ -11820,6 +11459,11 @@ (EQ (integer_of_long (long_of_integer x)) x)))) (BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom long_range (FORALL (x) (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) @@ -11898,6 +11542,11 @@ (EQ (integer_of_short (short_of_integer x)) x)))) (BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom short_range (FORALL (x) (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) @@ -11966,62 +11615,6 @@ (DEFPRED (strict_valid_struct_shortM p a b Object_alloc_table) (strict_valid_struct_Object p a b Object_alloc_table)) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_AID p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_APDU p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Applet p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Card p a b bitvector_alloc_table) - (valid_bitvector_struct_Applet p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Throwable p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_RuntimeException p a b bitvector_alloc_table) - (valid_bitvector_struct_Exception p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_CardRuntimeException p a b bitvector_alloc_table) - (valid_bitvector_struct_RuntimeException p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_ISOException p a b bitvector_alloc_table) - (valid_bitvector_struct_CardRuntimeException p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_JCSystem p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_NativeMethods p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_OwnerPIN p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_PackedBoolean p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_PrivAccess p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_byteM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_shortM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -12091,7 +11684,7 @@ (FORALL (Object_alloc_table) (IMPLIES (left_valid_struct_byteM bArray_1 0 Object_alloc_table) (>= 1 0)))) -;; Card_install_safety_po_2, File "why/SimpleApplet.why", line 2440, characters 15-69 +;; Card_install_safety_po_2, File "why/SimpleApplet.why", line 2067, characters 15-69 (FORALL (bArray_1) (FORALL (Object_alloc_table) (IMPLIES (left_valid_struct_byteM bArray_1 0 Object_alloc_table) @@ -12106,7 +11699,7 @@ (instanceof Object_tag_table result Card_tag)))) (>= (offset_max Object_alloc_table0 result) 0))))))))) -;; Card_install_safety_po_3, File "HOME/tests/java/SimpleApplet.java", line 55, characters 38-49 +;; Card_install_safety_po_3, File "HOME/tests/java/SimpleApplet.java", line 86, characters 38-49 (FORALL (bArray_1) (FORALL (bOffset_1) (FORALL (Object_alloc_table) @@ -12123,7 +11716,7 @@ (IMPLIES (>= (offset_max Object_alloc_table0 result) 0) (<= (- 0 constant_too_large_2147483648) (+ (integer_of_short bOffset_1) 1)))))))))))) -;; Card_install_safety_po_4, File "HOME/tests/java/SimpleApplet.java", line 55, characters 38-49 +;; Card_install_safety_po_4, File "HOME/tests/java/SimpleApplet.java", line 86, characters 38-49 (FORALL (bArray_1) (FORALL (bOffset_1) (FORALL (Object_alloc_table) @@ -12140,7 +11733,7 @@ (IMPLIES (>= (offset_max Object_alloc_table0 result) 0) (<= (+ (integer_of_short bOffset_1) 1) constant_too_large_2147483647))))))))))) -;; Card_install_safety_po_5, File "HOME/tests/java/SimpleApplet.java", line 55, characters 29-50 +;; Card_install_safety_po_5, File "HOME/tests/java/SimpleApplet.java", line 86, characters 29-50 (FORALL (bArray_1) (FORALL (bOffset_1) (FORALL (Object_alloc_table) @@ -12163,7 +11756,7 @@ (IMPLIES (EQ (integer_of_int32 result0) (+ (integer_of_short bOffset_1) 1)) (<= (- 0 32768) (integer_of_int32 result0))))))))))))))) -;; Card_install_safety_po_6, File "HOME/tests/java/SimpleApplet.java", line 55, characters 29-50 +;; Card_install_safety_po_6, File "HOME/tests/java/SimpleApplet.java", line 86, characters 29-50 (FORALL (bArray_1) (FORALL (bOffset_1) (FORALL (Object_alloc_table) @@ -12186,7 +11779,7 @@ (IMPLIES (EQ (integer_of_int32 result0) (+ (integer_of_short bOffset_1) 1)) (<= (integer_of_int32 result0) 32767)))))))))))))) -;; Card_install_safety_po_7, File "HOME/tests/java/SimpleApplet.java", line 55, characters 52-67 +;; Card_install_safety_po_7, File "HOME/tests/java/SimpleApplet.java", line 86, characters 52-67 (FORALL (bArray_1) (FORALL (bOffset_1) (FORALL (Object_alloc_table) @@ -12213,7 +11806,7 @@ (IMPLIES (EQ (integer_of_short result1) (integer_of_int32 result0)) (<= (offset_min Object_alloc_table0 bArray_1) (integer_of_short bOffset_1)))))))))))))))))) -;; Card_install_safety_po_8, File "HOME/tests/java/SimpleApplet.java", line 55, characters 52-67 +;; Card_install_safety_po_8, File "HOME/tests/java/SimpleApplet.java", line 86, characters 52-67 (FORALL (bArray_1) (FORALL (bOffset_1) (FORALL (Object_alloc_table) @@ -13568,7 +13161,7 @@ predicate Non_null_Object(x_2: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_2) = 0) + x_2) >= 0) predicate Non_null_byteM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -13627,6 +13220,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -13639,6 +13236,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -13671,6 +13272,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -13772,6 +13378,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -13866,6 +13476,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -13954,80 +13569,6 @@ Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, b, Object_alloc_table) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_AID(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_APDU(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Applet(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Card(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Applet(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Throwable(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_RuntimeException(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Exception(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_CardRuntimeException(p: unit pointer, - a: int, b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_RuntimeException(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_ISOException(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_CardRuntimeException(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_JCSystem(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_NativeMethods(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_OwnerPIN(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PackedBoolean(p: unit pointer, a: int, - b: int, bitvector_alloc_table: unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_PrivAccess(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_byteM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_shortM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and diff -Nru why-2.29+dfsg/tests/java/oracle/Sort2.res.oracle why-2.30+dfsg/tests/java/oracle/Sort2.res.oracle --- why-2.29+dfsg/tests/java/oracle/Sort2.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Sort2.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/java/Sort2.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ @@ -106,7 +136,10 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -361,121 +394,121 @@ ========== file tests/java/Sort2.jloc ========== [K_10] file = "HOME/tests/java/Sort2.java" -line = 38 +line = 68 begin = 17 end = 80 [K_11] file = "HOME/tests/java/Sort2.java" -line = 45 +line = 75 begin = 8 end = 12 [K_12] file = "HOME/tests/java/Sort2.java" -line = 45 +line = 75 begin = 1 end = 12 [K_13] file = "HOME/tests/java/Sort2.java" -line = 46 +line = 76 begin = 1 end = 11 [K_14] file = "HOME/tests/java/Sort2.java" -line = 44 +line = 74 begin = 11 end = 15 [K_15] file = "HOME/tests/java/Sort2.java" -line = 50 +line = 80 begin = 42 end = 74 [K_16] file = "HOME/tests/java/Sort2.java" -line = 50 +line = 80 begin = 16 end = 38 [K_17] file = "HOME/tests/java/Sort2.java" -line = 50 +line = 80 begin = 16 end = 74 [K_18] file = "HOME/tests/java/Sort2.java" -line = 49 +line = 79 begin = 17 end = 26 [K_19] file = "HOME/tests/java/Sort2.java" -line = 58 +line = 88 begin = 9 end = 41 [K_20] file = "HOME/tests/java/Sort2.java" -line = 56 +line = 86 begin = 8 end = 90 [K_21] file = "HOME/tests/java/Sort2.java" -line = 55 +line = 85 begin = 30 end = 43 [K_22] file = "HOME/tests/java/Sort2.java" -line = 55 +line = 85 begin = 20 end = 26 [K_23] file = "HOME/tests/java/Sort2.java" -line = 55 +line = 85 begin = 20 end = 43 [K_24] file = "HOME/tests/java/Sort2.java" -line = 55 +line = 85 begin = 20 end = 139 [K_1] file = "HOME/tests/java/Sort2.java" -line = 41 +line = 71 begin = 16 end = 37 [K_25] file = "HOME/tests/java/Sort2.java" -line = 55 +line = 85 begin = 20 end = 184 [K_2] file = "HOME/tests/java/Sort2.java" -line = 39 +line = 69 begin = 37 end = 49 [K_26] file = "HOME/tests/java/Sort2.java" -line = 62 +line = 92 begin = 10 end = 14 [K_3] file = "HOME/tests/java/Sort2.java" -line = 39 +line = 69 begin = 32 end = 38 @@ -488,55 +521,55 @@ [K_27] file = "HOME/tests/java/Sort2.java" -line = 66 +line = 96 begin = 9 end = 41 [K_4] file = "HOME/tests/java/Sort2.java" -line = 39 +line = 69 begin = 32 end = 49 [K_28] file = "HOME/tests/java/Sort2.java" -line = 65 +line = 95 begin = 12 end = 56 [K_5] file = "HOME/tests/java/Sort2.java" -line = 39 +line = 69 begin = 16 end = 28 [K_29] file = "HOME/tests/java/Sort2.java" -line = 64 +line = 94 begin = 9 end = 20 [K_6] file = "HOME/tests/java/Sort2.java" -line = 39 +line = 69 begin = 11 end = 17 [K_7] file = "HOME/tests/java/Sort2.java" -line = 39 +line = 69 begin = 11 end = 28 [K_8] file = "HOME/tests/java/Sort2.java" -line = 38 +line = 68 begin = 17 end = 26 [K_9] file = "HOME/tests/java/Sort2.java" -line = 38 +line = 68 begin = 17 end = 59 @@ -556,58 +589,65 @@ [K_30] file = "HOME/tests/java/Sort2.java" -line = 63 +line = 93 begin = 38 end = 51 [K_31] file = "HOME/tests/java/Sort2.java" -line = 63 +line = 93 begin = 33 end = 40 [K_32] file = "HOME/tests/java/Sort2.java" -line = 63 +line = 93 begin = 33 end = 51 [K_33] file = "HOME/tests/java/Sort2.java" -line = 63 +line = 93 begin = 24 end = 29 [K_34] file = "HOME/tests/java/Sort2.java" -line = 63 +line = 93 begin = 24 end = 51 [K_35] file = "HOME/tests/java/Sort2.java" -line = 63 +line = 93 begin = 24 end = 75 [K_36] file = "HOME/tests/java/Sort2.java" -line = 63 +line = 93 begin = 24 end = 136 [K_37] file = "HOME/tests/java/Sort2.java" -line = 63 +line = 93 begin = 24 end = 181 [K_38] file = "HOME/tests/java/Sort2.java" -line = 70 +line = 100 begin = 20 end = 24 +[Permut_sym] +name = "Lemma Permut_sym" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + [Object_wait_long_int] name = "Method wait" file = "HOME/lib/java_api/java/lang/Object.java" @@ -617,7 +657,7 @@ [K_39] file = "HOME/tests/java/Sort2.java" -line = 69 +line = 99 begin = 6 end = 10 @@ -644,34 +684,41 @@ [K_40] file = "HOME/tests/java/Sort2.java" -line = 69 +line = 99 begin = 6 end = 15 [K_41] file = "HOME/tests/java/Sort2.java" -line = 68 +line = 98 begin = 31 end = 34 [K_42] file = "HOME/tests/java/Sort2.java" -line = 68 +line = 98 begin = 21 end = 29 [K_43] file = "HOME/tests/java/Sort2.java" -line = 68 +line = 98 begin = 17 end = 29 [K_44] file = "HOME/tests/java/Sort2.java" -line = 68 +line = 98 begin = 12 end = 15 +[Permut_swap] +name = "Lemma Permut_swap" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + [Object_toString] name = "Method toString" file = "HOME/lib/java_api/java/lang/Object.java" @@ -681,38 +728,45 @@ [K_45] file = "HOME/tests/java/Sort2.java" -line = 73 +line = 103 begin = 5 end = 17 +[Permut_trans] +name = "Lemma Permut_trans" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + [K_46] file = "HOME/tests/java/Sort2.java" -line = 60 +line = 90 begin = 25 end = 28 [K_47] file = "HOME/tests/java/Sort2.java" -line = 60 +line = 90 begin = 13 end = 21 [K_48] file = "HOME/tests/java/Sort2.java" -line = 60 +line = 90 begin = 13 end = 23 [K_49] file = "HOME/tests/java/Sort2.java" -line = 60 +line = 90 begin = 11 end = 23 [Sort_swap] name = "Method swap" file = "HOME/tests/java/Sort2.java" -line = 43 +line = 73 begin = 9 end = 13 @@ -744,10 +798,17 @@ begin = 22 end = 26 +[Permut_refl] +name = "Lemma Permut_refl" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + [Sort_min_sort] name = "Method min_sort" file = "HOME/tests/java/Sort2.java" -line = 52 +line = 82 begin = 9 end = 17 @@ -778,10 +839,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Sort2.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Sort2_why.sx @@ -842,6 +904,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Sort2_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Sort2_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -914,6 +983,9 @@ why3ide: why/Sort2_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Sort2.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Sort2.depend depend: coq/Sort2_why.v @@ -924,272 +996,316 @@ ========== file tests/java/Sort2.loc ========== [JC_103] -kind = UserCall file = "HOME/tests/java/Sort2.java" -line = 60 -begin = 13 -end = 21 +line = 85 +begin = 20 +end = 26 [JC_104] file = "HOME/tests/java/Sort2.java" -line = 63 -begin = 24 -end = 29 +line = 85 +begin = 30 +end = 43 [JC_105] file = "HOME/tests/java/Sort2.java" -line = 63 -begin = 33 -end = 40 +line = 86 +begin = 8 +end = 90 [JC_106] file = "HOME/tests/java/Sort2.java" -line = 63 -begin = 38 -end = 51 +line = 88 +begin = 9 +end = 41 [JC_40] file = "HOME/tests/java/Sort2.java" -line = 39 -begin = 16 -end = 28 +line = 69 +begin = 11 +end = 17 [JC_107] file = "HOME/tests/java/Sort2.java" -line = 64 -begin = 9 -end = 20 +line = 85 +begin = 20 +end = 184 [JC_41] file = "HOME/tests/java/Sort2.java" -line = 39 -begin = 32 -end = 38 +line = 69 +begin = 16 +end = 28 [JC_108] -file = "HOME/tests/java/Sort2.java" -line = 65 -begin = 12 -end = 56 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_42] file = "HOME/tests/java/Sort2.java" -line = 39 -begin = 37 -end = 49 - -[JC_109] -file = "HOME/tests/java/Sort2.java" -line = 66 -begin = 9 -end = 41 - -[JC_43] -file = "HOME/tests/java/Sort2.java" -line = 38 -begin = 17 -end = 80 - -[Sort_swap_safety] -name = "Method swap" -behavior = "Safety" -file = "HOME/tests/java/Sort2.java" -line = 43 -begin = 9 -end = 13 +line = 69 +begin = 32 +end = 38 -[JC_44] +[JC_220] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_45] -file = "HOME/tests/java/Sort2.java" -line = 41 -begin = 16 -end = 37 - -[JC_46] -file = "HOME/tests/java/Sort2.java" -line = 43 -begin = 9 -end = 13 - -[JC_47] +[JC_109] file = "HOME/tests/java/Sort2.jc" -line = 117 -begin = 9 -end = 16 - -[JC_48] -file = "HOME/tests/java/Sort2.java" -line = 41 -begin = 16 -end = 37 - -[JC_49] -file = "HOME/tests/java/Sort2.java" -line = 43 -begin = 9 -end = 13 +line = 153 +begin = 15 +end = 4048 -[JC_110] +[JC_43] file = "HOME/tests/java/Sort2.java" -line = 63 -begin = 24 -end = 181 +line = 69 +begin = 37 +end = 49 -[JC_111] +[JC_221] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_112] -file = "HOME/tests/java/Sort2.jc" -line = 177 -begin = 21 -end = 2293 - -[JC_113] -file = "HOME/tests/java/Sort2.jc" -line = 177 -begin = 21 -end = 2293 +[Sort_swap_safety] +name = "Method swap" +behavior = "Safety" +file = "HOME/tests/java/Sort2.java" +line = 73 +begin = 9 +end = 13 -[JC_114] -kind = UserCall +[JC_44] file = "HOME/tests/java/Sort2.java" line = 68 -begin = 21 -end = 29 - -[JC_115] -kind = UserCall -file = "HOME/tests/java/Sort2.jc" -line = 211 -begin = 29 -end = 60 +begin = 17 +end = 80 -[JC_116] +[JC_222] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_50] -file = "HOME/tests/java/Sort2.jc" -line = 117 -begin = 9 -end = 16 - -[JC_117] +[JC_45] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_51] +[JC_223] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_118] +[JC_46] +file = "HOME/tests/java/Sort2.java" +line = 68 +begin = 17 +end = 26 + +[JC_224] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_52] +[JC_47] +file = "HOME/tests/java/Sort2.java" +line = 69 +begin = 11 +end = 17 + +[JC_225] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_119] +[JC_48] +file = "HOME/tests/java/Sort2.java" +line = 69 +begin = 16 +end = 28 + +[JC_226] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_53] -kind = PointerDeref -file = "HOME/tests/java/Sort2.java" -line = 44 -begin = 11 -end = 15 - -[JC_54] -kind = PointerDeref +[JC_49] file = "HOME/tests/java/Sort2.java" -line = 45 -begin = 8 -end = 12 - -[JC_55] -kind = PointerDeref -file = "HOME/tests/java/Sort2.jc" -line = 125 -begin = 18 -end = 58 - -[JC_56] -kind = PointerDeref -file = "HOME/tests/java/Sort2.jc" -line = 126 -begin = 18 +line = 69 +begin = 32 end = 38 -[JC_57] -file = "HOME/tests/java/Sort2.java" -line = 49 -begin = 17 -end = 26 - -[JC_58] +[JC_227] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_59] -file = "HOME/tests/java/Sort2.java" -line = 49 +[JC_110] +file = "HOME/tests/java/Sort2.jc" +line = 153 +begin = 15 +end = 4048 + +[JC_111] +kind = UserCall +file = "HOME/tests/java/Sort2.java" +line = 90 +begin = 13 +end = 21 + +[JC_112] +file = "HOME/tests/java/Sort2.java" +line = 93 +begin = 24 +end = 29 + +[JC_113] +file = "HOME/tests/java/Sort2.java" +line = 93 +begin = 33 +end = 40 + +[JC_114] +file = "HOME/tests/java/Sort2.java" +line = 93 +begin = 38 +end = 51 + +[JC_115] +file = "HOME/tests/java/Sort2.java" +line = 94 +begin = 9 +end = 20 + +[JC_116] +file = "HOME/tests/java/Sort2.java" +line = 95 +begin = 12 +end = 56 + +[JC_50] +file = "HOME/tests/java/Sort2.java" +line = 69 +begin = 37 +end = 49 + +[JC_117] +file = "HOME/tests/java/Sort2.java" +line = 96 +begin = 9 +end = 41 + +[JC_51] +file = "HOME/tests/java/Sort2.java" +line = 68 begin = 17 -end = 26 +end = 80 -[JC_120] +[JC_118] +file = "HOME/tests/java/Sort2.java" +line = 93 +begin = 24 +end = 181 + +[JC_52] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_121] +[JC_119] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_122] +[JC_53] +file = "HOME/tests/java/Sort2.java" +line = 71 +begin = 16 +end = 37 + +[JC_54] +file = "HOME/tests/java/Sort2.java" +line = 73 +begin = 9 +end = 13 + +[JC_55] +file = "HOME/tests/java/Sort2.jc" +line = 120 +begin = 9 +end = 16 + +[JC_56] +file = "HOME/tests/java/Sort2.java" +line = 71 +begin = 16 +end = 37 + +[JC_57] +file = "HOME/tests/java/Sort2.java" +line = 73 +begin = 9 +end = 13 + +[JC_58] +file = "HOME/tests/java/Sort2.jc" +line = 120 +begin = 9 +end = 16 + +[JC_59] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_120] +file = "HOME/tests/java/Sort2.jc" +line = 180 +begin = 21 +end = 2293 + +[JC_121] +file = "HOME/tests/java/Sort2.jc" +line = 180 +begin = 21 +end = 2293 + +[JC_122] +kind = UserCall +file = "HOME/tests/java/Sort2.java" +line = 98 +begin = 21 +end = 29 + [JC_123] +kind = UserCall +file = "HOME/tests/java/Sort2.jc" +line = 214 +begin = 29 +end = 60 + +[JC_124] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_124] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 22 -begin = 31 -end = 46 - [JC_125] file = "HOME/" line = 0 @@ -1197,18 +1313,18 @@ end = -1 [Permut_trans] -name = "Permut_trans" +name = "Lemma Permut_trans" behavior = "axiom" -file = "HOME/tests/java/Sort2.jc" -line = 85 -begin = 2 -end = 246 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_126] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 22 -begin = 31 -end = 46 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_60] file = "HOME/" @@ -1223,10 +1339,11 @@ end = -1 [JC_61] +kind = PointerDeref file = "HOME/tests/java/Sort2.java" -line = 50 -begin = 16 -end = 38 +line = 74 +begin = 11 +end = 15 [JC_128] file = "HOME/" @@ -1235,10 +1352,11 @@ end = -1 [JC_62] +kind = PointerDeref file = "HOME/tests/java/Sort2.java" -line = 50 -begin = 42 -end = 74 +line = 75 +begin = 8 +end = 12 [JC_129] file = "HOME/" @@ -1247,35 +1365,37 @@ end = -1 [JC_63] -file = "HOME/tests/java/Sort2.java" -line = 50 -begin = 16 -end = 74 +kind = PointerDeref +file = "HOME/tests/java/Sort2.jc" +line = 128 +begin = 18 +end = 58 [JC_64] -file = "HOME/tests/java/Sort2.java" -line = 50 -begin = 16 +kind = PointerDeref +file = "HOME/tests/java/Sort2.jc" +line = 129 +begin = 18 end = 38 [JC_65] file = "HOME/tests/java/Sort2.java" -line = 50 -begin = 42 -end = 74 +line = 79 +begin = 17 +end = 26 [JC_66] -file = "HOME/tests/java/Sort2.java" -line = 50 -begin = 16 -end = 74 - -[JC_67] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_67] +file = "HOME/tests/java/Sort2.java" +line = 79 +begin = 17 +end = 26 + [JC_68] file = "HOME/" line = 0 @@ -1284,9 +1404,9 @@ [JC_69] file = "HOME/tests/java/Sort2.java" -line = 55 -begin = 20 -end = 26 +line = 80 +begin = 16 +end = 38 [JC_130] file = "HOME/" @@ -1302,15 +1422,15 @@ [JC_132] file = "HOME/lib/java_api/java/lang/Object.java" -line = 74 -begin = 22 -end = 30 +line = 22 +begin = 31 +end = 46 [Sort_min_sort_safety] name = "Method min_sort" behavior = "Safety" file = "HOME/tests/java/Sort2.java" -line = 52 +line = 82 begin = 9 end = 17 @@ -1322,9 +1442,9 @@ [JC_134] file = "HOME/lib/java_api/java/lang/Object.java" -line = 74 -begin = 22 -end = 30 +line = 22 +begin = 31 +end = 46 [JC_135] file = "HOME/" @@ -1340,9 +1460,9 @@ [JC_70] file = "HOME/tests/java/Sort2.java" -line = 55 -begin = 30 -end = 43 +line = 80 +begin = 42 +end = 74 [JC_137] file = "HOME/" @@ -1352,9 +1472,9 @@ [JC_71] file = "HOME/tests/java/Sort2.java" -line = 56 -begin = 8 -end = 90 +line = 80 +begin = 16 +end = 74 [JC_138] file = "HOME/" @@ -1364,9 +1484,9 @@ [JC_72] file = "HOME/tests/java/Sort2.java" -line = 58 -begin = 9 -end = 41 +line = 80 +begin = 16 +end = 38 [JC_139] file = "HOME/" @@ -1376,54 +1496,51 @@ [JC_73] file = "HOME/tests/java/Sort2.java" -line = 55 -begin = 20 -end = 184 +line = 80 +begin = 42 +end = 74 [JC_74] +file = "HOME/tests/java/Sort2.java" +line = 80 +begin = 16 +end = 74 + +[JC_75] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_75] -file = "HOME/tests/java/Sort2.jc" -line = 150 -begin = 15 -end = 4048 - [JC_76] -file = "HOME/tests/java/Sort2.jc" -line = 150 -begin = 15 -end = 4048 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_77] -kind = UserCall file = "HOME/tests/java/Sort2.java" -line = 60 -begin = 13 -end = 21 +line = 85 +begin = 20 +end = 26 [JC_78] -kind = IndexBounds file = "HOME/tests/java/Sort2.java" -line = 60 -begin = 13 -end = 21 +line = 85 +begin = 30 +end = 43 [JC_79] -kind = PointerDeref file = "HOME/tests/java/Sort2.java" -line = 62 -begin = 10 -end = 14 +line = 86 +begin = 8 +end = 90 [JC_140] file = "HOME/lib/java_api/java/lang/Object.java" -line = 122 -begin = 19 -end = 25 +line = 74 +begin = 22 +end = 30 [JC_141] file = "HOME/" @@ -1433,9 +1550,9 @@ [JC_142] file = "HOME/lib/java_api/java/lang/Object.java" -line = 122 -begin = 19 -end = 25 +line = 74 +begin = 22 +end = 30 [JC_143] file = "HOME/" @@ -1471,9 +1588,9 @@ [JC_80] file = "HOME/tests/java/Sort2.java" -line = 63 -begin = 24 -end = 29 +line = 88 +begin = 9 +end = 41 [JC_147] file = "HOME/" @@ -1483,21 +1600,21 @@ [JC_81] file = "HOME/tests/java/Sort2.java" -line = 63 -begin = 33 -end = 40 +line = 85 +begin = 20 +end = 184 [JC_148] file = "HOME/lib/java_api/java/lang/Object.java" -line = 184 -begin = 28 -end = 33 +line = 122 +begin = 19 +end = 25 [JC_82] -file = "HOME/tests/java/Sort2.java" -line = 63 -begin = 38 -end = 51 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_149] file = "HOME/" @@ -1506,52 +1623,55 @@ end = -1 [JC_83] -file = "HOME/tests/java/Sort2.java" -line = 64 -begin = 9 -end = 20 +file = "HOME/tests/java/Sort2.jc" +line = 153 +begin = 15 +end = 4048 [JC_84] -file = "HOME/tests/java/Sort2.java" -line = 65 -begin = 12 -end = 56 +file = "HOME/tests/java/Sort2.jc" +line = 153 +begin = 15 +end = 4048 [JC_85] +kind = UserCall file = "HOME/tests/java/Sort2.java" -line = 66 -begin = 9 -end = 41 +line = 90 +begin = 13 +end = 21 [JC_86] +kind = IndexBounds file = "HOME/tests/java/Sort2.java" -line = 63 -begin = 24 -end = 181 +line = 90 +begin = 13 +end = 21 [JC_87] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = PointerDeref +file = "HOME/tests/java/Sort2.java" +line = 92 +begin = 10 +end = 14 [JC_88] -file = "HOME/tests/java/Sort2.jc" -line = 177 -begin = 21 -end = 2293 +file = "HOME/tests/java/Sort2.java" +line = 93 +begin = 24 +end = 29 [JC_1] file = "HOME/tests/java/Sort2.jc" -line = 39 -begin = 8 -end = 21 +line = 13 +begin = 12 +end = 22 [JC_89] -file = "HOME/tests/java/Sort2.jc" -line = 177 -begin = 21 -end = 2293 +file = "HOME/tests/java/Sort2.java" +line = 93 +begin = 33 +end = 40 [JC_2] file = "HOME/" @@ -1561,9 +1681,9 @@ [JC_3] file = "HOME/tests/java/Sort2.jc" -line = 39 -begin = 8 -end = 21 +line = 13 +begin = 12 +end = 22 [JC_4] file = "HOME/" @@ -1572,28 +1692,28 @@ end = -1 [JC_5] -file = "HOME/tests/java/Sort2.jc" -line = 42 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_6] -file = "HOME/tests/java/Sort2.jc" -line = 41 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_150] file = "HOME/lib/java_api/java/lang/Object.java" -line = 184 -begin = 28 -end = 33 +line = 122 +begin = 19 +end = 25 [JC_7] -file = "HOME/tests/java/Sort2.jc" -line = 42 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_151] file = "HOME/" @@ -1602,23 +1722,23 @@ end = -1 [JC_8] -file = "HOME/tests/java/Sort2.jc" -line = 41 -begin = 10 -end = 18 - -[JC_152] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_9] +[JC_152] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_9] +file = "HOME/tests/java/Sort2.jc" +line = 42 +begin = 8 +end = 21 + [JC_153] file = "HOME/" line = 0 @@ -1632,12 +1752,12 @@ end = -1 [Permut_sym] -name = "Permut_sym" +name = "Lemma Permut_sym" behavior = "axiom" -file = "HOME/tests/java/Sort2.jc" -line = 93 -begin = 2 -end = 185 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_155] file = "HOME/" @@ -1647,16 +1767,15 @@ [JC_156] file = "HOME/lib/java_api/java/lang/Object.java" -line = 207 -begin = 18 -end = 26 +line = 184 +begin = 28 +end = 33 [JC_90] -kind = UserCall file = "HOME/tests/java/Sort2.java" -line = 68 -begin = 21 -end = 29 +line = 93 +begin = 38 +end = 51 [JC_157] file = "HOME/" @@ -1665,32 +1784,30 @@ end = -1 [JC_91] -kind = IndexBounds file = "HOME/tests/java/Sort2.java" -line = 68 -begin = 21 -end = 29 +line = 94 +begin = 9 +end = 20 [Permut_refl] -name = "Permut_refl" +name = "Lemma Permut_refl" behavior = "axiom" -file = "HOME/tests/java/Sort2.jc" -line = 99 -begin = 2 -end = 143 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_158] file = "HOME/lib/java_api/java/lang/Object.java" -line = 207 -begin = 18 -end = 26 +line = 184 +begin = 28 +end = 33 [JC_92] -kind = PointerDeref file = "HOME/tests/java/Sort2.java" -line = 69 -begin = 6 -end = 10 +line = 95 +begin = 12 +end = 56 [JC_159] file = "HOME/" @@ -1699,56 +1816,56 @@ end = -1 [JC_93] -kind = PointerDeref file = "HOME/tests/java/Sort2.java" -line = 70 -begin = 20 -end = 24 +line = 96 +begin = 9 +end = 41 [JC_94] -kind = UserCall -file = "HOME/tests/java/Sort2.jc" -line = 211 -begin = 29 -end = 60 +file = "HOME/tests/java/Sort2.java" +line = 93 +begin = 24 +end = 181 [JC_95] -file = "HOME/tests/java/Sort2.java" -line = 55 -begin = 20 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_96] -file = "HOME/tests/java/Sort2.java" -line = 55 -begin = 30 -end = 43 +file = "HOME/tests/java/Sort2.jc" +line = 180 +begin = 21 +end = 2293 [JC_97] -file = "HOME/tests/java/Sort2.java" -line = 56 -begin = 8 -end = 90 +file = "HOME/tests/java/Sort2.jc" +line = 180 +begin = 21 +end = 2293 [Permut_swap] -name = "Permut_swap" +name = "Lemma Permut_swap" behavior = "axiom" -file = "HOME/tests/java/Sort2.jc" -line = 72 -begin = 2 -end = 398 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_98] +kind = UserCall file = "HOME/tests/java/Sort2.java" -line = 58 -begin = 9 -end = 41 +line = 98 +begin = 21 +end = 29 [JC_99] +kind = IndexBounds file = "HOME/tests/java/Sort2.java" -line = 55 -begin = 20 -end = 184 +line = 98 +begin = 21 +end = 29 [JC_160] file = "HOME/" @@ -1764,7 +1881,7 @@ [cons_Sort_ensures_default] name = "Constructor of class Sort" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -1784,9 +1901,9 @@ [JC_164] file = "HOME/lib/java_api/java/lang/Object.java" -line = 243 -begin = 29 -end = 35 +line = 207 +begin = 18 +end = 26 [JC_165] file = "HOME/" @@ -1796,9 +1913,9 @@ [JC_166] file = "HOME/lib/java_api/java/lang/Object.java" -line = 243 -begin = 29 -end = 35 +line = 207 +begin = 18 +end = 26 [JC_167] file = "HOME/" @@ -1820,9 +1937,9 @@ [Sort_swap_ensures_default] name = "Method swap" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Sort2.java" -line = 43 +line = 73 begin = 9 end = 13 @@ -1840,9 +1957,9 @@ [JC_172] file = "HOME/lib/java_api/java/lang/Object.java" -line = 267 +line = 243 begin = 29 -end = 38 +end = 35 [JC_173] file = "HOME/" @@ -1852,9 +1969,9 @@ [JC_174] file = "HOME/lib/java_api/java/lang/Object.java" -line = 267 +line = 243 begin = 29 -end = 38 +end = 35 [JC_175] file = "HOME/" @@ -1894,9 +2011,9 @@ [JC_11] file = "HOME/tests/java/Sort2.jc" -line = 45 +line = 42 begin = 8 -end = 30 +end = 21 [JC_12] file = "HOME/" @@ -1907,62 +2024,62 @@ [JC_13] file = "HOME/tests/java/Sort2.jc" line = 45 -begin = 8 -end = 30 +begin = 11 +end = 66 [JC_14] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort2.jc" +line = 44 +begin = 10 +end = 18 [JC_15] file = "HOME/tests/java/Sort2.jc" -line = 48 +line = 45 begin = 11 -end = 103 +end = 66 [JC_16] file = "HOME/tests/java/Sort2.jc" -line = 47 +line = 44 begin = 10 end = 18 [JC_17] -file = "HOME/tests/java/Sort2.jc" -line = 48 -begin = 11 -end = 103 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_180] file = "HOME/lib/java_api/java/lang/Object.java" -line = 333 +line = 267 begin = 29 -end = 33 +end = 38 [JC_18] -file = "HOME/tests/java/Sort2.jc" -line = 47 -begin = 10 -end = 18 - -[JC_181] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_19] +[JC_181] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_19] +file = "HOME/tests/java/Sort2.jc" +line = 48 +begin = 8 +end = 30 + [JC_182] file = "HOME/lib/java_api/java/lang/Object.java" -line = 333 +line = 267 begin = 29 -end = 33 +end = 38 [JC_183] file = "HOME/" @@ -1996,9 +2113,9 @@ [JC_188] file = "HOME/lib/java_api/java/lang/Object.java" -line = 386 -begin = 22 -end = 26 +line = 333 +begin = 29 +end = 33 [JC_189] file = "HOME/" @@ -2014,9 +2131,9 @@ [JC_21] file = "HOME/tests/java/Sort2.jc" -line = 52 +line = 48 begin = 8 -end = 23 +end = 30 [JC_22] file = "HOME/" @@ -2026,7 +2143,7 @@ [cons_Object_ensures_default] name = "Constructor of class Object" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -2039,10 +2156,10 @@ end = -1 [JC_23] -file = "HOME/tests/java/Sort2.jc" -line = 52 -begin = 8 -end = 23 +file = "HOME/tests/java/Sort2.jc" +line = 51 +begin = 11 +end = 103 [JC_201] file = "HOME/" @@ -2051,10 +2168,10 @@ end = -1 [JC_24] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort2.jc" +line = 50 +begin = 10 +end = 18 [JC_202] file = "HOME/" @@ -2063,10 +2180,10 @@ end = -1 [JC_25] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort2.jc" +line = 51 +begin = 11 +end = 103 [JC_203] file = "HOME/" @@ -2075,24 +2192,24 @@ end = -1 [JC_26] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort2.jc" +line = 50 +begin = 10 +end = 18 [Sort_min_sort_ensures_default] name = "Method min_sort" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Sort2.java" -line = 52 +line = 82 begin = 9 end = 17 [JC_204] file = "HOME/lib/java_api/java/lang/Object.java" -line = 481 -begin = 19 -end = 27 +line = 430 +begin = 22 +end = 26 [JC_27] file = "HOME/" @@ -2108,9 +2225,9 @@ [JC_190] file = "HOME/lib/java_api/java/lang/Object.java" -line = 386 -begin = 22 -end = 26 +line = 333 +begin = 29 +end = 33 [JC_28] file = "HOME/" @@ -2120,9 +2237,9 @@ [JC_206] file = "HOME/lib/java_api/java/lang/Object.java" -line = 481 -begin = 19 -end = 27 +line = 430 +begin = 22 +end = 26 [JC_191] file = "HOME/" @@ -2132,9 +2249,9 @@ [JC_29] file = "HOME/tests/java/Sort2.jc" -line = 54 -begin = 11 -end = 65 +line = 55 +begin = 8 +end = 23 [JC_207] file = "HOME/" @@ -2180,7 +2297,7 @@ [JC_196] file = "HOME/lib/java_api/java/lang/Object.java" -line = 430 +line = 386 begin = 22 end = 26 @@ -2192,7 +2309,7 @@ [JC_198] file = "HOME/lib/java_api/java/lang/Object.java" -line = 430 +line = 386 begin = 22 end = 26 @@ -2203,22 +2320,22 @@ end = -1 [JC_30] -file = "HOME/tests/java/Sort2.jc" -line = 54 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_31] -file = "HOME/tests/java/Sort2.java" -line = 38 -begin = 17 -end = 26 +file = "HOME/tests/java/Sort2.jc" +line = 55 +begin = 8 +end = 23 [JC_32] -file = "HOME/tests/java/Sort2.java" -line = 39 -begin = 11 -end = 17 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_210] file = "HOME/" @@ -2227,10 +2344,10 @@ end = -1 [JC_33] -file = "HOME/tests/java/Sort2.java" -line = 39 -begin = 16 -end = 28 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_211] file = "HOME/" @@ -2239,47 +2356,47 @@ end = -1 [JC_34] -file = "HOME/tests/java/Sort2.java" -line = 39 -begin = 32 -end = 38 - -[JC_212] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_35] -file = "HOME/tests/java/Sort2.java" -line = 39 -begin = 37 -end = 49 +[JC_212] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 -[JC_213] +[JC_35] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_36] -file = "HOME/tests/java/Sort2.java" -line = 38 -begin = 17 -end = 80 - -[JC_214] +[JC_213] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_37] +[JC_36] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_214] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +[JC_37] +file = "HOME/tests/java/Sort2.jc" +line = 57 +begin = 11 +end = 65 + [JC_215] file = "HOME/" line = 0 @@ -2287,10 +2404,10 @@ end = -1 [JC_38] -file = "HOME/tests/java/Sort2.java" -line = 38 -begin = 17 -end = 26 +file = "HOME/tests/java/Sort2.jc" +line = 57 +begin = 11 +end = 65 [JC_216] file = "HOME/" @@ -2300,9 +2417,9 @@ [JC_39] file = "HOME/tests/java/Sort2.java" -line = 39 -begin = 11 -end = 17 +line = 68 +begin = 17 +end = 26 [JC_217] file = "HOME/" @@ -2331,43 +2448,40 @@ end = -1 [JC_100] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = PointerDeref +file = "HOME/tests/java/Sort2.java" +line = 99 +begin = 6 +end = 10 [JC_101] -file = "HOME/tests/java/Sort2.jc" -line = 150 -begin = 15 -end = 4048 +kind = PointerDeref +file = "HOME/tests/java/Sort2.java" +line = 100 +begin = 20 +end = 24 [JC_102] +kind = UserCall file = "HOME/tests/java/Sort2.jc" -line = 150 -begin = 15 -end = 4048 +line = 214 +begin = 29 +end = 60 ========== file tests/java/why/Sort2.why ========== type Object type interface -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_1:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_1), (0)) + ge_int(offset_max(Object_alloc_table, x_1), (0)) predicate Non_null_intM(x_0:Object pointer, Object_alloc_table:Object alloc_table) = @@ -2391,62 +2505,6 @@ logic Permut: Object pointer, int, int, (Object, int) memory, (Object, int) memory -> prop -axiom Permut_refl : - (forall intM_intP_at_L:(Object, int) memory. - (forall a_2:Object pointer. - (forall l_1:int. - (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, intM_intP_at_L))))) - -predicate Swap(a_0:Object pointer, i_0:int, j:int, - intM_intP_at_L2:(Object, int) memory, - intM_intP_at_L1:(Object, int) memory) = - (eq_int(select(intM_intP_at_L1, shift(a_0, i_0)), - select(intM_intP_at_L2, shift(a_0, j))) - and (eq_int(select(intM_intP_at_L1, shift(a_0, j)), - select(intM_intP_at_L2, shift(a_0, i_0))) - and (forall k:int. - ((neq_int(k, i_0) and neq_int(k, j)) -> - eq_int(select(intM_intP_at_L1, shift(a_0, k)), - select(intM_intP_at_L2, shift(a_0, k))))))) - -axiom Permut_swap : - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_5:Object pointer. - (forall l_4:int. - (forall h_4:int. - (forall i_1:int. - (forall j_0:int. - ((le_int(l_4, i_1) - and (le_int(i_1, h_4) - and (le_int(l_4, j_0) - and (le_int(j_0, h_4) - and Swap(a_5, i_1, j_0, intM_intP_at_L2, - intM_intP_at_L1))))) -> - Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) - -axiom Permut_sym : - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_3:Object pointer. - (forall l_2:int. - (forall h_2:int. - (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> - Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) - -axiom Permut_trans : - (forall intM_intP_at_L3:(Object, int) memory. - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_4:Object pointer. - (forall l_3:int. - (forall h_3:int. - ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) - and Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> - Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) - -exception Return_label_exc of unit - logic Sort_tag: -> Object tag_id axiom Sort_parenttag_Object : parenttag(Sort_tag, Object_tag) @@ -2462,7 +2520,17 @@ axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer +predicate Swap(a_0:Object pointer, i_0:int, j:int, + intM_intP_at_L2:(Object, int) memory, + intM_intP_at_L1:(Object, int) memory) = + ((select(intM_intP_at_L1, shift(a_0, i_0)) = select(intM_intP_at_L2, + shift(a_0, j))) + and ((select(intM_intP_at_L1, shift(a_0, j)) = select(intM_intP_at_L2, + shift(a_0, i_0))) + and (forall k:int. + (((k <> i_0) and (k <> j)) -> + (select(intM_intP_at_L1, shift(a_0, k)) = select(intM_intP_at_L2, + shift(a_0, k))))))) logic Throwable_tag: -> Object tag_id @@ -2592,36 +2660,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Sort(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -2645,22 +2683,70 @@ Object_alloc_table:Object alloc_table) = valid_struct_Object(p, a, b, Object_alloc_table) -predicate valid_struct_String(p:Object pointer, a:int, b:int, - Object_alloc_table:Object alloc_table) = - valid_struct_Object(p, a, b, Object_alloc_table) +predicate valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_intM(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +axiom Permut_swap : + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_5:Object pointer. + (forall l_4:int. + (forall h_4:int. + (forall i_1:int. + (forall j_0:int. + ((le_int(l_4, i_1) + and (le_int(i_1, h_4) + and (le_int(l_4, j_0) + and (le_int(j_0, h_4) + and Swap(a_5, i_1, j_0, intM_intP_at_L2, + intM_intP_at_L1))))) -> + Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) + +axiom Permut_trans : + (forall intM_intP_at_L3:(Object, int) memory. + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_4:Object pointer. + (forall l_3:int. + (forall h_3:int. + ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) + and Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) + +axiom Permut_sym : + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_3:Object pointer. + (forall l_2:int. + (forall h_2:int. + (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> + Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) + +axiom Permut_refl : + (forall intM_intP_at_L:(Object, int) memory. + (forall a_2:Object pointer. + (forall l_1:int. + (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, intM_intP_at_L))))) -predicate valid_struct_Throwable(p:Object pointer, a:int, b:int, - Object_alloc_table:Object alloc_table) = - valid_struct_Object(p, a, b, Object_alloc_table) +exception Exception_exc of Object pointer -predicate valid_struct_intM(p:Object pointer, a:int, b:int, - Object_alloc_table:Object alloc_table) = - valid_struct_Object(p, a, b, Object_alloc_table) +exception Loop_continue_exc of unit -predicate valid_struct_interface(p:interface pointer, a:int, b:int, - interface_alloc_table:interface alloc_table) = - ((offset_min(interface_alloc_table, p) <= a) - and (offset_max(interface_alloc_table, p) >= b)) +exception Loop_exit_exc of unit parameter Object_alloc_table : Object alloc_table ref @@ -2740,18 +2826,20 @@ parameter Object_wait_requires : this_12:Object pointer -> { } unit reads Object_alloc_table { true } +exception Return_label_exc of unit + parameter intM_intP : (Object, int) memory ref parameter Sort_min_sort : this_0:Object pointer -> t_0:Object pointer -> { } unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_66: - ((JC_64: + { (JC_74: + ((JC_72: Sorted(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP)) - and (JC_65: + and (JC_73: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP, intM_intP@)))) } @@ -2759,14 +2847,14 @@ parameter Sort_min_sort_requires : this_0:Object pointer -> t_0:Object pointer -> - { (JC_57: Non_null_intM(t_0, Object_alloc_table))} unit + { (JC_65: Non_null_intM(t_0, Object_alloc_table))} unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_66: - ((JC_64: + { (JC_74: + ((JC_72: Sorted(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP)) - and (JC_65: + and (JC_73: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP, intM_intP@)))) } @@ -2777,160 +2865,36 @@ i_2:int -> j_1:int -> { } unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_50: - ((JC_48: Swap(t, i_2, j_1, intM_intP, intM_intP@)) - and (JC_49: + { (JC_58: + ((JC_56: Swap(t, i_2, j_1, intM_intP, intM_intP@)) + and (JC_57: not_assigns(Object_alloc_table@, intM_intP@, intM_intP, - pset_union(pset_range(pset_singleton(t@), j_1@, j_1@), - pset_range(pset_singleton(t@), i_2@, i_2@)))))) } + pset_union(pset_range(pset_singleton(t), j_1, j_1), + pset_range(pset_singleton(t), i_2, i_2)))))) } parameter Sort_swap_requires : this_2:Object pointer -> t:Object pointer -> i_2:int -> j_1:int -> - { (JC_36: - ((JC_31: Non_null_intM(t, Object_alloc_table)) - and ((JC_32: le_int((0), i_2)) - and ((JC_33: + { (JC_44: + ((JC_39: Non_null_intM(t, Object_alloc_table)) + and ((JC_40: le_int((0), i_2)) + and ((JC_41: lt_int(i_2, add_int(offset_max(Object_alloc_table, t), (1)))) - and ((JC_34: le_int((0), j_1)) - and (JC_35: + and ((JC_42: le_int((0), j_1)) + and (JC_43: lt_int(j_1, add_int(offset_max(Object_alloc_table, t), (1)))))))))} unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_50: - ((JC_48: Swap(t, i_2, j_1, intM_intP, intM_intP@)) - and (JC_49: + { (JC_58: + ((JC_56: Swap(t, i_2, j_1, intM_intP, intM_intP@)) + and (JC_57: not_assigns(Object_alloc_table@, intM_intP@, intM_intP, - pset_union(pset_range(pset_singleton(t@), j_1@, j_1@), - pset_range(pset_singleton(t@), i_2@, i_2@)))))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + pset_union(pset_range(pset_singleton(t), j_1, j_1), + pset_range(pset_singleton(t), i_2, i_2)))))) } -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Sort : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Sort(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Sort_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Sort(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -3097,6 +3061,10 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_Object : this_14:Object pointer -> { } unit reads Object_alloc_table { true } @@ -3112,44 +3080,44 @@ parameter java_array_length_intM : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter java_array_length_intM_requires : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter non_null_Object : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_Object_requires : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_intM : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_intM_requires : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } @@ -3157,7 +3125,7 @@ fun (this_0 : Object pointer) (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) and (valid_struct_Sort(this_0, (0), (0), Object_alloc_table) - and (JC_59: Non_null_intM(t_0, Object_alloc_table)))) } + and (JC_67: Non_null_intM(t_0, Object_alloc_table)))) } (init: try begin @@ -3171,10 +3139,10 @@ (loop_3: while true do { invariant - (JC_99: - ((JC_95: le_int((0), i_3)) - and ((JC_96: Sorted(t_0, (0), i_3, intM_intP)) - and ((JC_97: + (JC_107: + ((JC_103: le_int((0), i_3)) + and ((JC_104: Sorted(t_0, (0), i_3, intM_intP)) + and ((JC_105: (forall k1:int. (forall k2:int. ((le_int((0), k1) @@ -3186,7 +3154,7 @@ (1)))))) -> le_int(select(intM_intP, shift(t_0, k1)), select(intM_intP, shift(t_0, k2))))))) - and (JC_98: + and (JC_106: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), @@ -3194,13 +3162,12 @@ begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_49: ((lt_int_ !i_3) (K_48: ((sub_int (K_47: (let jessie_ = t_0 in - (JC_103: + (JC_111: (java_array_length_intM jessie_))))) (1))))) then begin @@ -3212,21 +3179,21 @@ (loop_4: while true do { invariant - (JC_110: - ((JC_104: lt_int(i_3, j_2)) - and ((JC_105: le_int(i_3, mi)) - and ((JC_106: + (JC_118: + ((JC_112: lt_int(i_3, j_2)) + and ((JC_113: le_int(i_3, mi)) + and ((JC_114: lt_int(mi, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_107: - eq_int(mv, select(intM_intP, shift(t_0, mi)))) - and ((JC_108: + and ((JC_115: + (mv = select(intM_intP, shift(t_0, mi)))) + and ((JC_116: (forall k_0:int. ((le_int(i_3, k_0) and lt_int(k_0, j_2)) -> ge_int(select(intM_intP, shift(t_0, k_0)), mv)))) - and (JC_109: + and (JC_117: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), @@ -3236,12 +3203,11 @@ begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_43: ((lt_int_ !j_2) (K_42: (let jessie_ = t_0 in - (JC_114: + (JC_122: (java_array_length_intM jessie_)))))) then (if (K_40: @@ -3254,9 +3220,8 @@ (mv := (K_38: ((safe_acc_ !intM_intP) ((shift t_0) !j_2)))); !mv end in void) else void) - else - (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_41: @@ -3270,10 +3235,10 @@ (let jessie_ = t_0 in (let jessie_ = !i_3 in (let jessie_ = !mi in - (JC_115: + (JC_123: ((((Sort_swap jessie_) jessie_) jessie_) jessie_))))))) - end else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + end else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_46: @@ -3283,12 +3248,12 @@ jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end end)))); (raise Return) end with Return -> void end) - { (JC_63: - ((JC_61: + { (JC_71: + ((JC_69: Sorted(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP)) - and (JC_62: + and (JC_70: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP, intM_intP@)))) } @@ -3297,7 +3262,7 @@ fun (this_0 : Object pointer) (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) and (valid_struct_Sort(this_0, (0), (0), Object_alloc_table) - and (JC_59: Non_null_intM(t_0, Object_alloc_table)))) } + and (JC_67: Non_null_intM(t_0, Object_alloc_table)))) } (init: try begin @@ -3310,13 +3275,13 @@ try (loop_1: while true do - { invariant (JC_75: true) } + { invariant (JC_83: true) } begin [ { } unit reads Object_alloc_table,i_3,intM_intP - { (JC_73: - ((JC_69: le_int((0), i_3)) - and ((JC_70: Sorted(t_0, (0), i_3, intM_intP)) - and ((JC_71: + { (JC_81: + ((JC_77: le_int((0), i_3)) + and ((JC_78: Sorted(t_0, (0), i_3, intM_intP)) + and ((JC_79: (forall k1:int. (forall k2:int. ((le_int((0), k1) @@ -3328,91 +3293,87 @@ (1)))))) -> le_int(select(intM_intP, shift(t_0, k1)), select(intM_intP, shift(t_0, k2))))))) - and (JC_72: + and (JC_80: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP, intM_intP@init)))))) } ]; try - (let jessie_ = begin (if (K_49: ((lt_int_ !i_3) (K_48: ((sub_int (K_47: (let jessie_ = t_0 in - (JC_78: + (JC_86: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_77: + (JC_85: (java_array_length_intM_requires jessie_))))))) (1))))) then begin (let jessie_ = (mv := (K_26: - (JC_79: + (JC_87: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) !i_3)))) in void); (let jessie_ = (mi := !i_3) in void); (let jessie_ = (j_2 := (K_44: ((add_int !i_3) (1)))) in void); try (loop_2: while true do - { invariant (JC_88: true) } + { invariant (JC_96: true) } begin [ { } unit reads Object_alloc_table,i_3,intM_intP,j_2,mi,mv - { (JC_86: - ((JC_80: lt_int(i_3, j_2)) - and ((JC_81: le_int(i_3, mi)) - and ((JC_82: + { (JC_94: + ((JC_88: lt_int(i_3, j_2)) + and ((JC_89: le_int(i_3, mi)) + and ((JC_90: lt_int(mi, add_int(offset_max(Object_alloc_table, t_0), (1)))) - and ((JC_83: - eq_int(mv, - select(intM_intP, shift(t_0, mi)))) - and ((JC_84: + and ((JC_91: + (mv = select(intM_intP, shift(t_0, mi)))) + and ((JC_92: (forall k_0:int. ((le_int(i_3, k_0) and lt_int(k_0, j_2)) -> ge_int(select(intM_intP, shift(t_0, k_0)), mv)))) - and (JC_85: + and (JC_93: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP, intM_intP@init)))))))) } ]; try - (let jessie_ = begin (if (K_43: ((lt_int_ !j_2) (K_42: (let jessie_ = t_0 in - (JC_91: + (JC_99: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_90: + (JC_98: (java_array_length_intM_requires jessie_)))))))) then (if (K_40: ((lt_int_ (K_39: - (JC_92: + (JC_100: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) !j_2)))) !mv)) then (let jessie_ = begin (let jessie_ = (mi := !j_2) in void); (mv := (K_38: - (JC_93: + (JC_101: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) !j_2)))); !mv end in void) else void) - else - (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_41: @@ -3426,10 +3387,10 @@ (let jessie_ = t_0 in (let jessie_ = !i_3 in (let jessie_ = !mi in - (JC_94: + (JC_102: ((((Sort_swap_requires jessie_) jessie_) jessie_) jessie_))))))) - end else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + end else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_46: @@ -3444,14 +3405,14 @@ fun (this_2 : Object pointer) (t : Object pointer) (i_2 : int) (j_1 : int) -> { (left_valid_struct_intM(t, (0), Object_alloc_table) and (valid_struct_Sort(this_2, (0), (0), Object_alloc_table) - and (JC_43: - ((JC_38: Non_null_intM(t, Object_alloc_table)) - and ((JC_39: le_int((0), i_2)) - and ((JC_40: + and (JC_51: + ((JC_46: Non_null_intM(t, Object_alloc_table)) + and ((JC_47: le_int((0), i_2)) + and ((JC_48: lt_int(i_2, add_int(offset_max(Object_alloc_table, t), (1)))) - and ((JC_41: le_int((0), j_1)) - and (JC_42: + and ((JC_49: le_int((0), j_1)) + and (JC_50: lt_int(j_1, add_int(offset_max(Object_alloc_table, t), (1))))))))))) } (init: @@ -3474,25 +3435,25 @@ (let jessie_ = ((shift jessie_) jessie_) in begin (((safe_upd_ intM_intP) jessie_) jessie_); jessie_ end))))) end)) in void); (raise Return) end with Return -> void end) - { (JC_47: - ((JC_45: Swap(t, i_2, j_1, intM_intP, intM_intP@)) - and (JC_46: + { (JC_55: + ((JC_53: Swap(t, i_2, j_1, intM_intP, intM_intP@)) + and (JC_54: not_assigns(Object_alloc_table@, intM_intP@, intM_intP, - pset_union(pset_range(pset_singleton(t@), j_1@, j_1@), - pset_range(pset_singleton(t@), i_2@, i_2@)))))) } + pset_union(pset_range(pset_singleton(t), j_1, j_1), + pset_range(pset_singleton(t), i_2, i_2)))))) } let Sort_swap_safety = fun (this_2 : Object pointer) (t : Object pointer) (i_2 : int) (j_1 : int) -> { (left_valid_struct_intM(t, (0), Object_alloc_table) and (valid_struct_Sort(this_2, (0), (0), Object_alloc_table) - and (JC_43: - ((JC_38: Non_null_intM(t, Object_alloc_table)) - and ((JC_39: le_int((0), i_2)) - and ((JC_40: + and (JC_51: + ((JC_46: Non_null_intM(t, Object_alloc_table)) + and ((JC_47: le_int((0), i_2)) + and ((JC_48: lt_int(i_2, add_int(offset_max(Object_alloc_table, t), (1)))) - and ((JC_41: le_int((0), j_1)) - and (JC_42: + and ((JC_49: le_int((0), j_1)) + and (JC_50: lt_int(j_1, add_int(offset_max(Object_alloc_table, t), (1))))))))))) } (init: @@ -3501,17 +3462,17 @@ (let jessie_ = (let tmp = (K_14: - (JC_53: ((((offset_acc_ !Object_alloc_table) !intM_intP) t) i_2))) in + (JC_61: ((((offset_acc_ !Object_alloc_table) !intM_intP) t) i_2))) in (K_12: begin (let jessie_ = (let jessie_ = (K_11: - (JC_54: ((((offset_acc_ !Object_alloc_table) !intM_intP) t) j_1))) in + (JC_62: ((((offset_acc_ !Object_alloc_table) !intM_intP) t) j_1))) in (let jessie_ = t in (let jessie_ = i_2 in (let jessie_ = ((shift jessie_) jessie_) in - (JC_55: + (JC_63: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)))))) in void); (K_13: @@ -3520,7 +3481,7 @@ (let jessie_ = j_1 in (let jessie_ = ((shift jessie_) jessie_) in begin - (JC_56: + (JC_64: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)); jessie_ end))))) end)) in void); (raise Return) end with Return -> void end) { true } @@ -3529,7 +3490,7 @@ fun (this_14 : Object pointer) -> { valid_struct_Object(this_14, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_216: true) } + { (JC_224: true) } let cons_Object_safety = fun (this_14 : Object pointer) -> @@ -3541,7 +3502,7 @@ fun (this_3 : Object pointer) -> { valid_struct_Sort(this_3, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_120: true) } + { (JC_128: true) } let cons_Sort_safety = fun (this_3 : Object pointer) -> @@ -3556,201 +3517,201 @@ - - - - - - - - - - - - - - - - - - - + - + - + - - - - - - - - - + + - - + + - - + + - - + + - - - - - - - - - - - - - - - - - + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -4701,7 +4662,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -4725,59 +4686,6 @@ logic Permut : Object pointer, int, int, (Object, int) memory, (Object, int) memory -> prop -axiom Permut_refl: - (forall intM_intP_at_L:(Object, int) memory. - (forall a_2:Object pointer. - (forall l_1:int. - (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, - intM_intP_at_L))))) - -predicate Swap(a_0: Object pointer, i_0: int, j: int, - intM_intP_at_L2: (Object, int) memory, intM_intP_at_L1: (Object, - int) memory) = - ((select(intM_intP_at_L1, shift(a_0, i_0)) = select(intM_intP_at_L2, - shift(a_0, j))) and - ((select(intM_intP_at_L1, shift(a_0, j)) = select(intM_intP_at_L2, - shift(a_0, i_0))) and - (forall k:int. - (((k <> i_0) and (k <> j)) -> (select(intM_intP_at_L1, shift(a_0, - k)) = select(intM_intP_at_L2, shift(a_0, k))))))) - -axiom Permut_swap: - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_5:Object pointer. - (forall l_4:int. - (forall h_4:int. - (forall i_1:int. - (forall j_0:int. - (((l_4 <= i_1) and - ((i_1 <= h_4) and - ((l_4 <= j_0) and - ((j_0 <= h_4) and Swap(a_5, i_1, j_0, intM_intP_at_L2, - intM_intP_at_L1))))) -> - Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) - -axiom Permut_sym: - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_3:Object pointer. - (forall l_2:int. - (forall h_2:int. - (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> - Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) - -axiom Permut_trans: - (forall intM_intP_at_L3:(Object, int) memory. - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_4:Object pointer. - (forall l_3:int. - (forall h_3:int. - ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) and - Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> - Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) - logic Sort_tag : Object tag_id axiom Sort_parenttag_Object: parenttag(Sort_tag, Object_tag) @@ -4792,6 +4700,17 @@ axiom String_parenttag_Object: parenttag(String_tag, Object_tag) +predicate Swap(a_0: Object pointer, i_0: int, j: int, + intM_intP_at_L2: (Object, int) memory, intM_intP_at_L1: (Object, + int) memory) = + ((select(intM_intP_at_L1, shift(a_0, i_0)) = select(intM_intP_at_L2, + shift(a_0, j))) and + ((select(intM_intP_at_L1, shift(a_0, j)) = select(intM_intP_at_L2, + shift(a_0, i_0))) and + (forall k:int. + (((k <> i_0) and (k <> j)) -> (select(intM_intP_at_L1, shift(a_0, + k)) = select(intM_intP_at_L2, shift(a_0, k))))))) + logic Throwable_tag : Object tag_id axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) @@ -4921,36 +4840,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Sort(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -4978,18 +4867,72 @@ Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, Object_alloc_table) -predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, - Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, - Object_alloc_table) +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_intM(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +axiom Permut_swap: + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_5:Object pointer. + (forall l_4:int. + (forall h_4:int. + (forall i_1:int. + (forall j_0:int. + (((l_4 <= i_1) and + ((i_1 <= h_4) and + ((l_4 <= j_0) and + ((j_0 <= h_4) and Swap(a_5, i_1, j_0, intM_intP_at_L2, + intM_intP_at_L1))))) -> + Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) + +axiom Permut_trans: + (forall intM_intP_at_L3:(Object, int) memory. + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_4:Object pointer. + (forall l_3:int. + (forall h_3:int. + ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) and + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) + +axiom Permut_sym: + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_3:Object pointer. + (forall l_2:int. + (forall h_2:int. + (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> + Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) -predicate valid_struct_intM(p: Object pointer, a: int, b: int, - Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, - Object_alloc_table) +axiom Permut_refl: + (forall intM_intP_at_L:(Object, int) memory. + (forall a_2:Object pointer. + (forall l_1:int. + (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, + intM_intP_at_L))))) -predicate valid_struct_interface(p: interface pointer, a: int, b: int, - interface_alloc_table: interface alloc_table) = - ((offset_min(interface_alloc_table, p) <= a) and - (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/Sort2_po1.why ========== +goal Sort_min_sort_ensures_default_po_1: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall i_3:int. + (i_3 = 0) -> + ("JC_107": ("JC_103": (0 <= i_3))) ========== file tests/java/why/Sort2_po10.why ========== goal Sort_min_sort_ensures_default_po_10: @@ -5000,16 +4943,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5018,10 +4961,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5033,10 +4976,9 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": - ("JC_109": - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP0, intM_intP)))) + ("JC_118": + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP))) ========== file tests/java/why/Sort2_po11.why ========== goal Sort_min_sort_ensures_default_po_11: @@ -5047,16 +4989,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5065,10 +5007,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5083,19 +5025,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5110,7 +5052,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": ("JC_104": ("JC_104": (i_3_0 < j_2_1)))) + ("JC_118": ("JC_112": (i_3_0 < j_2_1))) ========== file tests/java/why/Sort2_po12.why ========== goal Sort_min_sort_ensures_default_po_12: @@ -5121,16 +5063,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5139,10 +5081,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5157,19 +5099,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5184,7 +5126,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": ("JC_105": ("JC_105": (i_3_0 <= mi1)))) + ("JC_118": ("JC_113": (i_3_0 <= mi1))) ========== file tests/java/why/Sort2_po13.why ========== goal Sort_min_sort_ensures_default_po_13: @@ -5195,16 +5137,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5213,10 +5155,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5231,19 +5173,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5258,8 +5200,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_106": ("JC_106": (mi1 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_118": ("JC_114": (mi1 < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Sort2_po14.why ========== goal Sort_min_sort_ensures_default_po_14: @@ -5270,16 +5211,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5288,10 +5229,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5306,19 +5247,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5333,8 +5274,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_107": ("JC_107": (mv1 = select(intM_intP0, shift(t_0, mi1)))))) + ("JC_118": ("JC_115": (mv1 = select(intM_intP0, shift(t_0, mi1))))) ========== file tests/java/why/Sort2_po15.why ========== goal Sort_min_sort_ensures_default_po_15: @@ -5345,16 +5285,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5363,10 +5303,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5381,19 +5321,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5408,12 +5348,9 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_108": - ("JC_108": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2_1)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv1)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2_1)) -> + ("JC_118": ("JC_116": (select(intM_intP0, shift(t_0, k_0)) >= mv1))) ========== file tests/java/why/Sort2_po16.why ========== goal Sort_min_sort_ensures_default_po_16: @@ -5424,16 +5361,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5442,10 +5379,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5460,19 +5397,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5487,10 +5424,9 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_109": - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP0, intM_intP)))) + ("JC_118": + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP))) ========== file tests/java/why/Sort2_po17.why ========== goal Sort_min_sort_ensures_default_po_17: @@ -5501,16 +5437,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5519,10 +5455,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5537,19 +5473,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5558,7 +5494,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": ("JC_104": ("JC_104": (i_3_0 < j_2_1)))) + ("JC_118": ("JC_112": (i_3_0 < j_2_1))) ========== file tests/java/why/Sort2_po18.why ========== goal Sort_min_sort_ensures_default_po_18: @@ -5569,16 +5505,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5587,10 +5523,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5605,19 +5541,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5626,7 +5562,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": ("JC_105": ("JC_105": (i_3_0 <= mi0)))) + ("JC_118": ("JC_113": (i_3_0 <= mi0))) ========== file tests/java/why/Sort2_po19.why ========== goal Sort_min_sort_ensures_default_po_19: @@ -5637,16 +5573,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5655,10 +5591,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5673,19 +5609,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5694,20 +5630,21 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_106": ("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_118": ("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))) -========== file tests/java/why/Sort2_po1.why ========== -goal Sort_min_sort_ensures_default_po_1: +========== file tests/java/why/Sort2_po2.why ========== +goal Sort_min_sort_ensures_default_po_2: forall this_0:Object pointer. forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. + forall intM_intP:(Object, + int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_99": ("JC_95": ("JC_95": (0 <= i_3)))) + ("JC_107": ("JC_104": Sorted(t_0, 0, i_3, intM_intP))) ========== file tests/java/why/Sort2_po20.why ========== goal Sort_min_sort_ensures_default_po_20: @@ -5718,16 +5655,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5736,10 +5673,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5754,19 +5691,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5775,8 +5712,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_107": ("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))))) + ("JC_118": ("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0))))) ========== file tests/java/why/Sort2_po21.why ========== goal Sort_min_sort_ensures_default_po_21: @@ -5787,16 +5723,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5805,10 +5741,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5823,19 +5759,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5844,12 +5780,9 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_108": - ("JC_108": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2_1)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv0)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2_1)) -> + ("JC_118": ("JC_116": (select(intM_intP0, shift(t_0, k_0)) >= mv0))) ========== file tests/java/why/Sort2_po22.why ========== goal Sort_min_sort_ensures_default_po_22: @@ -5860,16 +5793,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5878,10 +5811,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5896,19 +5829,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5917,10 +5850,9 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_109": - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP0, intM_intP)))) + ("JC_118": + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP))) ========== file tests/java/why/Sort2_po23.why ========== goal Sort_min_sort_ensures_default_po_23: @@ -5931,16 +5863,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5949,10 +5881,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5967,32 +5899,32 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_99": ("JC_95": ("JC_95": (0 <= i_3_1)))) + ("JC_107": ("JC_103": (0 <= i_3_1))) ========== file tests/java/why/Sort2_po24.why ========== goal Sort_min_sort_ensures_default_po_24: @@ -6003,16 +5935,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6021,10 +5953,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6039,32 +5971,32 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_99": ("JC_96": ("JC_96": Sorted(t_0, 0, i_3_1, intM_intP1)))) + ("JC_107": ("JC_104": Sorted(t_0, 0, i_3_1, intM_intP1))) ========== file tests/java/why/Sort2_po25.why ========== goal Sort_min_sort_ensures_default_po_25: @@ -6075,16 +6007,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6093,10 +6025,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6111,41 +6043,39 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_99": - ("JC_97": - ("JC_97": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and - ((k1 < i_3_1) and - ((i_3_1 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> - (select(intM_intP1, shift(t_0, k1)) <= select(intM_intP1, shift(t_0, - k2))))))))) + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < i_3_1) and + ((i_3_1 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + ("JC_107": + ("JC_105": (select(intM_intP1, shift(t_0, k1)) <= select(intM_intP1, + shift(t_0, k2))))) ========== file tests/java/why/Sort2_po26.why ========== goal Sort_min_sort_ensures_default_po_26: @@ -6156,16 +6086,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6174,10 +6104,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6192,35 +6122,34 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_99": - ("JC_98": - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP1, intM_intP)))) + ("JC_107": + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP1, intM_intP))) ========== file tests/java/why/Sort2_po27.why ========== goal Sort_min_sort_ensures_default_po_27: @@ -6231,16 +6160,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6249,17 +6178,16 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 >= (result - 1)) -> - ("JC_63": - ("JC_61": - ("JC_61": Sorted(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP0)))) + ("JC_71": + ("JC_69": Sorted(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0))) ========== file tests/java/why/Sort2_po28.why ========== goal Sort_min_sort_ensures_default_po_28: @@ -6270,16 +6198,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6288,17 +6216,16 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 >= (result - 1)) -> - ("JC_63": - ("JC_62": - ("JC_62": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP0, intM_intP)))) + ("JC_71": + ("JC_70": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP))) ========== file tests/java/why/Sort2_po29.why ========== goal Sort_min_sort_safety_po_1: @@ -6309,17 +6236,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6328,12 +6255,12 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -========== file tests/java/why/Sort2_po2.why ========== -goal Sort_min_sort_ensures_default_po_2: +========== file tests/java/why/Sort2_po3.why ========== +goal Sort_min_sort_ensures_default_po_3: forall this_0:Object pointer. forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. @@ -6341,10 +6268,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_99": ("JC_96": ("JC_96": Sorted(t_0, 0, i_3, intM_intP)))) + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < i_3) and + ((i_3 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + ("JC_107": + ("JC_105": (select(intM_intP, shift(t_0, k1)) <= select(intM_intP, + shift(t_0, k2))))) ========== file tests/java/why/Sort2_po30.why ========== goal Sort_min_sort_safety_po_2: @@ -6355,17 +6289,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6374,11 +6308,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6393,17 +6327,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6412,11 +6346,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6431,17 +6365,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6450,11 +6384,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6471,21 +6405,21 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -6500,17 +6434,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6519,11 +6453,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6540,21 +6474,21 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -6569,17 +6503,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6588,11 +6522,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6609,25 +6543,25 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": ("JC_31": ("JC_31": Non_null_intM(t_0, Object_alloc_table)))) + ("JC_44": ("JC_39": Non_null_intM(t_0, Object_alloc_table))) ========== file tests/java/why/Sort2_po35.why ========== goal Sort_min_sort_safety_po_7: @@ -6638,17 +6572,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6657,11 +6591,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6678,26 +6612,25 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": - ("JC_33": ("JC_33": (i_3_0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_44": ("JC_41": (i_3_0 < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Sort2_po36.why ========== goal Sort_min_sort_safety_po_8: @@ -6708,17 +6641,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6727,11 +6660,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6748,25 +6681,25 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": ("JC_34": ("JC_34": (0 <= mi0)))) + ("JC_44": ("JC_42": (0 <= mi0))) ========== file tests/java/why/Sort2_po37.why ========== goal Sort_min_sort_safety_po_9: @@ -6777,17 +6710,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -6796,11 +6729,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6817,26 +6750,25 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": - ("JC_35": ("JC_35": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_44": ("JC_43": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Sort2_po38.why ========== goal Sort_swap_ensures_default_po_1: @@ -6849,12 +6781,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> forall result:int. (result = select(intM_intP, shift(t, i_2))) -> forall result0:int. @@ -6865,7 +6797,7 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, j_1), result)) -> - ("JC_47": ("JC_45": ("JC_45": Swap(t, i_2, j_1, intM_intP1, intM_intP)))) + ("JC_55": ("JC_53": Swap(t, i_2, j_1, intM_intP1, intM_intP))) ========== file tests/java/why/Sort2_po39.why ========== goal Sort_swap_ensures_default_po_2: @@ -6878,12 +6810,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> forall result:int. (result = select(intM_intP, shift(t, i_2))) -> forall result0:int. @@ -6894,14 +6826,13 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, j_1), result)) -> - ("JC_47": - ("JC_46": - ("JC_46": not_assigns(Object_alloc_table, intM_intP, intM_intP1, + ("JC_55": + ("JC_54": not_assigns(Object_alloc_table, intM_intP, intM_intP1, pset_union(pset_range(pset_singleton(t), j_1, j_1), - pset_range(pset_singleton(t), i_2, i_2)))))) + pset_range(pset_singleton(t), i_2, i_2))))) -========== file tests/java/why/Sort2_po3.why ========== -goal Sort_min_sort_ensures_default_po_3: +========== file tests/java/why/Sort2_po4.why ========== +goal Sort_min_sort_ensures_default_po_4: forall this_0:Object pointer. forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. @@ -6909,19 +6840,12 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_99": - ("JC_97": - ("JC_97": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and - ((k1 < i_3) and - ((i_3 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> - (select(intM_intP, shift(t_0, k1)) <= select(intM_intP, shift(t_0, - k2))))))))) + ("JC_107": + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP, intM_intP))) ========== file tests/java/why/Sort2_po40.why ========== goal Sort_swap_safety_po_1: @@ -6932,12 +6856,12 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> (offset_min(Object_alloc_table, t) <= i_2) ========== file tests/java/why/Sort2_po41.why ========== @@ -6949,12 +6873,12 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> (i_2 <= offset_max(Object_alloc_table, t)) ========== file tests/java/why/Sort2_po42.why ========== @@ -6968,12 +6892,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> ((offset_min(Object_alloc_table, t) <= i_2) and (i_2 <= offset_max(Object_alloc_table, t))) -> forall result:int. @@ -6991,35 +6915,18 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> ((offset_min(Object_alloc_table, t) <= i_2) and (i_2 <= offset_max(Object_alloc_table, t))) -> forall result:int. (result = select(intM_intP, shift(t, i_2))) -> (j_1 <= offset_max(Object_alloc_table, t)) -========== file tests/java/why/Sort2_po4.why ========== -goal Sort_min_sort_ensures_default_po_4: - forall this_0:Object pointer. - forall t_0:Object pointer. - forall Object_alloc_table:Object alloc_table. - forall intM_intP:(Object, - int) memory. - (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> - forall i_3:int. - (i_3 = 0) -> - ("JC_99": - ("JC_98": - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP, intM_intP)))) - ========== file tests/java/why/Sort2_po5.why ========== goal Sort_min_sort_ensures_default_po_5: forall this_0:Object pointer. @@ -7029,16 +6936,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -7047,10 +6954,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -7062,7 +6969,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": ("JC_104": ("JC_104": (i_3_0 < j_2)))) + ("JC_118": ("JC_112": (i_3_0 < j_2))) ========== file tests/java/why/Sort2_po6.why ========== goal Sort_min_sort_ensures_default_po_6: @@ -7073,16 +6980,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -7091,10 +6998,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -7106,7 +7013,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": ("JC_105": ("JC_105": (i_3_0 <= mi)))) + ("JC_118": ("JC_113": (i_3_0 <= mi))) ========== file tests/java/why/Sort2_po7.why ========== goal Sort_min_sort_ensures_default_po_7: @@ -7117,16 +7024,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -7135,10 +7042,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -7150,8 +7057,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": - ("JC_106": ("JC_106": (mi < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_118": ("JC_114": (mi < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Sort2_po8.why ========== goal Sort_min_sort_ensures_default_po_8: @@ -7162,16 +7068,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -7180,10 +7086,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -7195,8 +7101,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": - ("JC_107": ("JC_107": (mv = select(intM_intP0, shift(t_0, mi)))))) + ("JC_118": ("JC_115": (mv = select(intM_intP0, shift(t_0, mi))))) ========== file tests/java/why/Sort2_po9.why ========== goal Sort_min_sort_ensures_default_po_9: @@ -7207,16 +7112,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -7225,10 +7130,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -7240,12 +7145,9 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": - ("JC_108": - ("JC_108": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2)) -> + ("JC_118": ("JC_116": (select(intM_intP0, shift(t_0, k_0)) >= mv))) ========== generation of Simplify VC output ========== why -simplify [...] why/Sort2.why @@ -8069,7 +7971,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_1) 0)) + (>= (offset_max Object_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_alloc_table) (>= (offset_max Object_alloc_table x_0) (- 0 1))) @@ -8091,47 +7993,6 @@ (FORALL (x Object_tag_table) (instanceof Object_tag_table x Object_tag))) (BG_PUSH - ;; Why axiom Permut_refl - (FORALL (intM_intP_at_L a_2 l_1 h_1) - (EQ (Permut a_2 l_1 h_1 intM_intP_at_L intM_intP_at_L) |@true|))) - -(DEFPRED (Swap a_0 i_0 j intM_intP_at_L2 intM_intP_at_L1) - (AND - (EQ (select intM_intP_at_L1 (shift a_0 i_0)) - (select intM_intP_at_L2 (shift a_0 j))) - (AND - (EQ (select intM_intP_at_L1 (shift a_0 j)) - (select intM_intP_at_L2 (shift a_0 i_0))) - (FORALL (k) - (IMPLIES (AND (NEQ k i_0) (NEQ k j)) - (EQ (select intM_intP_at_L1 (shift a_0 k)) - (select intM_intP_at_L2 (shift a_0 k)))))))) - -(BG_PUSH - ;; Why axiom Permut_swap - (FORALL (intM_intP_at_L2 intM_intP_at_L1 a_5 l_4 h_4 i_1 j_0) - (IMPLIES - (AND (<= l_4 i_1) - (AND (<= i_1 h_4) - (AND (<= l_4 j_0) - (AND (<= j_0 h_4) (Swap a_5 i_1 j_0 intM_intP_at_L2 intM_intP_at_L1))))) - (EQ (Permut a_5 l_4 h_4 intM_intP_at_L2 intM_intP_at_L1) |@true|)))) - -(BG_PUSH - ;; Why axiom Permut_sym - (FORALL (intM_intP_at_L2 intM_intP_at_L1 a_3 l_2 h_2) - (IMPLIES (EQ (Permut a_3 l_2 h_2 intM_intP_at_L2 intM_intP_at_L1) |@true|) - (EQ (Permut a_3 l_2 h_2 intM_intP_at_L1 intM_intP_at_L2) |@true|)))) - -(BG_PUSH - ;; Why axiom Permut_trans - (FORALL (intM_intP_at_L3 intM_intP_at_L2 intM_intP_at_L1 a_4 l_3 h_3) - (IMPLIES - (AND (EQ (Permut a_4 l_3 h_3 intM_intP_at_L2 intM_intP_at_L1) |@true|) - (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L2) |@true|)) - (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L1) |@true|)))) - -(BG_PUSH ;; Why axiom Sort_parenttag_Object (EQ (parenttag Sort_tag Object_tag) |@true|)) @@ -8145,6 +8006,18 @@ ;; Why axiom String_parenttag_Object (EQ (parenttag String_tag Object_tag) |@true|)) +(DEFPRED (Swap a_0 i_0 j intM_intP_at_L2 intM_intP_at_L1) + (AND + (EQ (select intM_intP_at_L1 (shift a_0 i_0)) + (select intM_intP_at_L2 (shift a_0 j))) + (AND + (EQ (select intM_intP_at_L1 (shift a_0 j)) + (select intM_intP_at_L2 (shift a_0 i_0))) + (FORALL (k) + (IMPLIES (AND (NEQ k i_0) (NEQ k j)) + (EQ (select intM_intP_at_L1 (shift a_0 k)) + (select intM_intP_at_L2 (shift a_0 k)))))))) + (BG_PUSH ;; Why axiom Throwable_parenttag_Object (EQ (parenttag Throwable_tag Object_tag) |@true|)) @@ -8251,29 +8124,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Sort p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -8305,7 +8155,36 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; Sort_min_sort_ensures_default_po_1, File "HOME/tests/java/Sort2.java", line 55, characters 20-26 +(BG_PUSH + ;; Why axiom Permut_swap + (FORALL (intM_intP_at_L2 intM_intP_at_L1 a_5 l_4 h_4 i_1 j_0) + (IMPLIES + (AND (<= l_4 i_1) + (AND (<= i_1 h_4) + (AND (<= l_4 j_0) + (AND (<= j_0 h_4) (Swap a_5 i_1 j_0 intM_intP_at_L2 intM_intP_at_L1))))) + (EQ (Permut a_5 l_4 h_4 intM_intP_at_L2 intM_intP_at_L1) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_trans + (FORALL (intM_intP_at_L3 intM_intP_at_L2 intM_intP_at_L1 a_4 l_3 h_3) + (IMPLIES + (AND (EQ (Permut a_4 l_3 h_3 intM_intP_at_L2 intM_intP_at_L1) |@true|) + (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L2) |@true|)) + (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L1) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_sym + (FORALL (intM_intP_at_L2 intM_intP_at_L1 a_3 l_2 h_2) + (IMPLIES (EQ (Permut a_3 l_2 h_2 intM_intP_at_L2 intM_intP_at_L1) |@true|) + (EQ (Permut a_3 l_2 h_2 intM_intP_at_L1 intM_intP_at_L2) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_refl + (FORALL (intM_intP_at_L a_2 l_1 h_1) + (EQ (Permut a_2 l_1 h_1 intM_intP_at_L intM_intP_at_L) |@true|))) + +;; Sort_min_sort_ensures_default_po_1, File "HOME/tests/java/Sort2.java", line 85, characters 20-26 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8314,7 +8193,7 @@ (Non_null_intM t_0 Object_alloc_table))) (FORALL (i_3) (IMPLIES (EQ i_3 0) (<= 0 i_3))))))) -;; Sort_min_sort_ensures_default_po_2, File "HOME/tests/java/Sort2.java", line 55, characters 30-43 +;; Sort_min_sort_ensures_default_po_2, File "HOME/tests/java/Sort2.java", line 85, characters 30-43 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8324,7 +8203,7 @@ (Non_null_intM t_0 Object_alloc_table))) (FORALL (i_3) (IMPLIES (EQ i_3 0) (Sorted t_0 0 i_3 intM_intP)))))))) -;; Sort_min_sort_ensures_default_po_3, File "HOME/tests/java/Sort2.java", line 56, characters 8-90 +;; Sort_min_sort_ensures_default_po_3, File "HOME/tests/java/Sort2.java", line 86, characters 8-90 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8334,14 +8213,14 @@ (Non_null_intM t_0 Object_alloc_table))) (FORALL (i_3) (IMPLIES (EQ i_3 0) -(FORALL (k1 k2) -(IMPLIES -(AND (<= 0 k1) -(AND (< k1 i_3) -(AND (<= i_3 k2) (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) -(<= (select intM_intP (shift t_0 k1)) (select intM_intP (shift t_0 k2)))))))))))) +(FORALL (k1) +(FORALL (k2) +(IMPLIES (AND (<= 0 k1) + (AND (< k1 i_3) + (AND (<= i_3 k2) (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) +(<= (select intM_intP (shift t_0 k1)) (select intM_intP (shift t_0 k2))))))))))))) -;; Sort_min_sort_ensures_default_po_4, File "HOME/tests/java/Sort2.java", line 58, characters 9-41 +;; Sort_min_sort_ensures_default_po_4, File "HOME/tests/java/Sort2.java", line 88, characters 9-41 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8354,7 +8233,7 @@ (EQ (Permut t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP intM_intP) |@true|)))))))) -;; Sort_min_sort_ensures_default_po_5, File "HOME/tests/java/Sort2.java", line 63, characters 24-29 +;; Sort_min_sort_ensures_default_po_5, File "HOME/tests/java/Sort2.java", line 93, characters 24-29 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8391,7 +8270,7 @@ (IMPLIES (EQ mi i_3_0) (FORALL (j_2) (IMPLIES (EQ j_2 (+ i_3_0 1)) (< i_3_0 j_2)))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_6, File "HOME/tests/java/Sort2.java", line 63, characters 33-40 +;; Sort_min_sort_ensures_default_po_6, File "HOME/tests/java/Sort2.java", line 93, characters 33-40 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8428,7 +8307,7 @@ (IMPLIES (EQ mi i_3_0) (FORALL (j_2) (IMPLIES (EQ j_2 (+ i_3_0 1)) (<= i_3_0 mi)))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_7, File "HOME/tests/java/Sort2.java", line 63, characters 38-51 +;; Sort_min_sort_ensures_default_po_7, File "HOME/tests/java/Sort2.java", line 93, characters 38-51 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8467,7 +8346,7 @@ (IMPLIES (EQ j_2 (+ i_3_0 1)) (< mi (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_8, File "HOME/tests/java/Sort2.java", line 64, characters 9-20 +;; Sort_min_sort_ensures_default_po_8, File "HOME/tests/java/Sort2.java", line 94, characters 9-20 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8505,7 +8384,7 @@ (FORALL (j_2) (IMPLIES (EQ j_2 (+ i_3_0 1)) (EQ mv (select intM_intP0 (shift t_0 mi)))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_9, File "HOME/tests/java/Sort2.java", line 65, characters 12-56 +;; Sort_min_sort_ensures_default_po_9, File "HOME/tests/java/Sort2.java", line 95, characters 12-56 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8546,7 +8425,7 @@ (IMPLIES (AND (<= i_3_0 k_0) (< k_0 j_2)) (>= (select intM_intP0 (shift t_0 k_0)) mv)))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_10, File "HOME/tests/java/Sort2.java", line 66, characters 9-41 +;; Sort_min_sort_ensures_default_po_10, File "HOME/tests/java/Sort2.java", line 96, characters 9-41 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8586,7 +8465,7 @@ (EQ (Permut t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP0 intM_intP) |@true|)))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_11, File "HOME/tests/java/Sort2.java", line 63, characters 24-29 +;; Sort_min_sort_ensures_default_po_11, File "HOME/tests/java/Sort2.java", line 93, characters 24-29 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8652,7 +8531,7 @@ (IMPLIES (EQ mv1 result3) (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (< i_3_0 j_2_1)))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_12, File "HOME/tests/java/Sort2.java", line 63, characters 33-40 +;; Sort_min_sort_ensures_default_po_12, File "HOME/tests/java/Sort2.java", line 93, characters 33-40 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8718,7 +8597,7 @@ (IMPLIES (EQ mv1 result3) (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (<= i_3_0 mi1)))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_13, File "HOME/tests/java/Sort2.java", line 63, characters 38-51 +;; Sort_min_sort_ensures_default_po_13, File "HOME/tests/java/Sort2.java", line 93, characters 38-51 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8786,7 +8665,7 @@ (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (< mi1 (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_14, File "HOME/tests/java/Sort2.java", line 64, characters 9-20 +;; Sort_min_sort_ensures_default_po_14, File "HOME/tests/java/Sort2.java", line 94, characters 9-20 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8853,7 +8732,7 @@ (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (EQ mv1 (select intM_intP0 (shift t_0 mi1)))))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_15, File "HOME/tests/java/Sort2.java", line 65, characters 12-56 +;; Sort_min_sort_ensures_default_po_15, File "HOME/tests/java/Sort2.java", line 95, characters 12-56 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8923,7 +8802,7 @@ (IMPLIES (AND (<= i_3_0 k_0) (< k_0 j_2_1)) (>= (select intM_intP0 (shift t_0 k_0)) mv1)))))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_16, File "HOME/tests/java/Sort2.java", line 66, characters 9-41 +;; Sort_min_sort_ensures_default_po_16, File "HOME/tests/java/Sort2.java", line 96, characters 9-41 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8992,7 +8871,7 @@ (EQ (Permut t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP0 intM_intP) |@true|)))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_17, File "HOME/tests/java/Sort2.java", line 63, characters 24-29 +;; Sort_min_sort_ensures_default_po_17, File "HOME/tests/java/Sort2.java", line 93, characters 24-29 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9052,7 +8931,7 @@ (IMPLIES (>= result2 mv0) (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (< i_3_0 j_2_1)))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_18, File "HOME/tests/java/Sort2.java", line 63, characters 33-40 +;; Sort_min_sort_ensures_default_po_18, File "HOME/tests/java/Sort2.java", line 93, characters 33-40 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9112,7 +8991,7 @@ (IMPLIES (>= result2 mv0) (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (<= i_3_0 mi0)))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_19, File "HOME/tests/java/Sort2.java", line 63, characters 38-51 +;; Sort_min_sort_ensures_default_po_19, File "HOME/tests/java/Sort2.java", line 93, characters 38-51 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9174,7 +9053,7 @@ (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (< mi0 (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_20, File "HOME/tests/java/Sort2.java", line 64, characters 9-20 +;; Sort_min_sort_ensures_default_po_20, File "HOME/tests/java/Sort2.java", line 94, characters 9-20 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9235,7 +9114,7 @@ (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (EQ mv0 (select intM_intP0 (shift t_0 mi0)))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_21, File "HOME/tests/java/Sort2.java", line 65, characters 12-56 +;; Sort_min_sort_ensures_default_po_21, File "HOME/tests/java/Sort2.java", line 95, characters 12-56 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9299,7 +9178,7 @@ (IMPLIES (AND (<= i_3_0 k_0) (< k_0 j_2_1)) (>= (select intM_intP0 (shift t_0 k_0)) mv0)))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_22, File "HOME/tests/java/Sort2.java", line 66, characters 9-41 +;; Sort_min_sort_ensures_default_po_22, File "HOME/tests/java/Sort2.java", line 96, characters 9-41 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9362,7 +9241,7 @@ (EQ (Permut t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP0 intM_intP) |@true|)))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_23, File "HOME/tests/java/Sort2.java", line 55, characters 20-26 +;; Sort_min_sort_ensures_default_po_23, File "HOME/tests/java/Sort2.java", line 85, characters 20-26 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9427,7 +9306,7 @@ (pset_singleton t_0) i_3_0 i_3_0)))) (FORALL (i_3_1) (IMPLIES (EQ i_3_1 (+ i_3_0 1)) (<= 0 i_3_1))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_24, File "HOME/tests/java/Sort2.java", line 55, characters 30-43 +;; Sort_min_sort_ensures_default_po_24, File "HOME/tests/java/Sort2.java", line 85, characters 30-43 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9493,7 +9372,7 @@ (FORALL (i_3_1) (IMPLIES (EQ i_3_1 (+ i_3_0 1)) (Sorted t_0 0 i_3_1 intM_intP1))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_25, File "HOME/tests/java/Sort2.java", line 56, characters 8-90 +;; Sort_min_sort_ensures_default_po_25, File "HOME/tests/java/Sort2.java", line 86, characters 8-90 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9558,14 +9437,14 @@ (pset_singleton t_0) i_3_0 i_3_0)))) (FORALL (i_3_1) (IMPLIES (EQ i_3_1 (+ i_3_0 1)) -(FORALL (k1 k2) -(IMPLIES -(AND (<= 0 k1) -(AND (< k1 i_3_1) -(AND (<= i_3_1 k2) (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) -(<= (select intM_intP1 (shift t_0 k1)) (select intM_intP1 (shift t_0 k2))))))))))))))))))))))))))))))))))))) +(FORALL (k1) +(FORALL (k2) +(IMPLIES (AND (<= 0 k1) + (AND (< k1 i_3_1) + (AND (<= i_3_1 k2) (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) +(<= (select intM_intP1 (shift t_0 k1)) (select intM_intP1 (shift t_0 k2)))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_26, File "HOME/tests/java/Sort2.java", line 58, characters 9-41 +;; Sort_min_sort_ensures_default_po_26, File "HOME/tests/java/Sort2.java", line 88, characters 9-41 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9633,7 +9512,7 @@ (EQ (Permut t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP1 intM_intP) |@true|))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_27, File "HOME/tests/java/Sort2.java", line 50, characters 16-38 +;; Sort_min_sort_ensures_default_po_27, File "HOME/tests/java/Sort2.java", line 80, characters 16-38 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9664,7 +9543,7 @@ (IMPLIES (>= i_3_0 (- result 1)) (Sorted t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP0)))))))))))))) -;; Sort_min_sort_ensures_default_po_28, File "HOME/tests/java/Sort2.java", line 50, characters 42-74 +;; Sort_min_sort_ensures_default_po_28, File "HOME/tests/java/Sort2.java", line 80, characters 42-74 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9696,7 +9575,7 @@ (EQ (Permut t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP0 intM_intP) |@true|)))))))))))))) -;; Sort_min_sort_safety_po_1, File "why/Sort2.why", line 994, characters 44-194 +;; Sort_min_sort_safety_po_1, File "why/Sort2.why", line 838, characters 44-194 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9723,7 +9602,7 @@ t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP0 intM_intP) |@true|)))) (>= (offset_max Object_alloc_table t_0) (- 0 1))))))))))))) -;; Sort_min_sort_safety_po_2, File "HOME/tests/java/Sort2.java", line 62, characters 10-14 +;; Sort_min_sort_safety_po_2, File "HOME/tests/java/Sort2.java", line 92, characters 10-14 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9756,7 +9635,7 @@ (IMPLIES (< i_3_0 (- result 1)) (<= (offset_min Object_alloc_table t_0) i_3_0)))))))))))))))) -;; Sort_min_sort_safety_po_3, File "HOME/tests/java/Sort2.java", line 62, characters 10-14 +;; Sort_min_sort_safety_po_3, File "HOME/tests/java/Sort2.java", line 92, characters 10-14 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9789,7 +9668,7 @@ (IMPLIES (< i_3_0 (- result 1)) (<= i_3_0 (offset_max Object_alloc_table t_0))))))))))))))))) -;; Sort_min_sort_safety_po_4, File "HOME/tests/java/Sort2.java", line 69, characters 6-10 +;; Sort_min_sort_safety_po_4, File "HOME/tests/java/Sort2.java", line 99, characters 6-10 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9851,7 +9730,7 @@ (EQ result1 (+ (offset_max Object_alloc_table t_0) 1)))) (IMPLIES (< j_2_0 result1) (<= (offset_min Object_alloc_table t_0) j_2_0)))))))))))))))))))))))))))))))))) -;; Sort_min_sort_safety_po_5, File "HOME/tests/java/Sort2.java", line 69, characters 6-10 +;; Sort_min_sort_safety_po_5, File "HOME/tests/java/Sort2.java", line 99, characters 6-10 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9913,7 +9792,7 @@ (EQ result1 (+ (offset_max Object_alloc_table t_0) 1)))) (IMPLIES (< j_2_0 result1) (<= j_2_0 (offset_max Object_alloc_table t_0))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_safety_po_6, File "HOME/tests/java/Sort2.jc", line 211, characters 29-60 +;; Sort_min_sort_safety_po_6, File "HOME/tests/java/Sort2.jc", line 214, characters 29-60 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9975,7 +9854,7 @@ (EQ result1 (+ (offset_max Object_alloc_table t_0) 1)))) (IMPLIES (>= j_2_0 result1) (Non_null_intM t_0 Object_alloc_table)))))))))))))))))))))))))))))))))) -;; Sort_min_sort_safety_po_7, File "HOME/tests/java/Sort2.jc", line 211, characters 29-60 +;; Sort_min_sort_safety_po_7, File "HOME/tests/java/Sort2.jc", line 214, characters 29-60 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -10038,7 +9917,7 @@ (IMPLIES (>= j_2_0 result1) (< i_3_0 (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_safety_po_8, File "HOME/tests/java/Sort2.jc", line 211, characters 29-60 +;; Sort_min_sort_safety_po_8, File "HOME/tests/java/Sort2.jc", line 214, characters 29-60 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -10100,7 +9979,7 @@ (EQ result1 (+ (offset_max Object_alloc_table t_0) 1)))) (IMPLIES (>= j_2_0 result1) (<= 0 mi0)))))))))))))))))))))))))))))))))) -;; Sort_min_sort_safety_po_9, File "HOME/tests/java/Sort2.jc", line 211, characters 29-60 +;; Sort_min_sort_safety_po_9, File "HOME/tests/java/Sort2.jc", line 214, characters 29-60 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -10163,7 +10042,7 @@ (IMPLIES (>= j_2_0 result1) (< mi0 (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))))))))))))))))))) -;; Sort_swap_ensures_default_po_1, File "HOME/tests/java/Sort2.java", line 41, characters 16-37 +;; Sort_swap_ensures_default_po_1, File "HOME/tests/java/Sort2.java", line 71, characters 16-37 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -10186,7 +10065,7 @@ (IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t j_1) result)) (Swap t i_2 j_1 intM_intP1 intM_intP)))))))))))))))) -;; Sort_swap_ensures_default_po_2, File "HOME/tests/java/Sort2.java", line 43, characters 9-13 +;; Sort_swap_ensures_default_po_2, File "HOME/tests/java/Sort2.java", line 73, characters 9-13 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -10214,7 +10093,7 @@ (pset_singleton t) i_2 i_2)))))))))))))))))) -;; Sort_swap_safety_po_1, File "HOME/tests/java/Sort2.java", line 44, characters 11-15 +;; Sort_swap_safety_po_1, File "HOME/tests/java/Sort2.java", line 74, characters 11-15 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -10228,7 +10107,7 @@ (AND (<= 0 j_1) (< j_1 (+ (offset_max Object_alloc_table t) 1)))))))) (<= (offset_min Object_alloc_table t) i_2))))))) -;; Sort_swap_safety_po_2, File "HOME/tests/java/Sort2.java", line 44, characters 11-15 +;; Sort_swap_safety_po_2, File "HOME/tests/java/Sort2.java", line 74, characters 11-15 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -10242,7 +10121,7 @@ (AND (<= 0 j_1) (< j_1 (+ (offset_max Object_alloc_table t) 1)))))))) (<= i_2 (offset_max Object_alloc_table t)))))))) -;; Sort_swap_safety_po_3, File "HOME/tests/java/Sort2.java", line 45, characters 8-12 +;; Sort_swap_safety_po_3, File "HOME/tests/java/Sort2.java", line 75, characters 8-12 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -10261,7 +10140,7 @@ (IMPLIES (EQ result (select intM_intP (shift t i_2))) (<= (offset_min Object_alloc_table t) j_1))))))))))) -;; Sort_swap_safety_po_4, File "HOME/tests/java/Sort2.java", line 45, characters 8-12 +;; Sort_swap_safety_po_4, File "HOME/tests/java/Sort2.java", line 75, characters 8-12 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -11234,7 +11113,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -11258,59 +11137,6 @@ logic Permut : Object pointer, int, int, (Object, int) memory, (Object, int) memory -> prop -axiom Permut_refl: - (forall intM_intP_at_L:(Object, int) memory. - (forall a_2:Object pointer. - (forall l_1:int. - (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, - intM_intP_at_L))))) - -predicate Swap(a_0: Object pointer, i_0: int, j: int, - intM_intP_at_L2: (Object, int) memory, intM_intP_at_L1: (Object, - int) memory) = - ((select(intM_intP_at_L1, shift(a_0, i_0)) = select(intM_intP_at_L2, - shift(a_0, j))) and - ((select(intM_intP_at_L1, shift(a_0, j)) = select(intM_intP_at_L2, - shift(a_0, i_0))) and - (forall k:int. - (((k <> i_0) and (k <> j)) -> (select(intM_intP_at_L1, shift(a_0, - k)) = select(intM_intP_at_L2, shift(a_0, k))))))) - -axiom Permut_swap: - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_5:Object pointer. - (forall l_4:int. - (forall h_4:int. - (forall i_1:int. - (forall j_0:int. - (((l_4 <= i_1) and - ((i_1 <= h_4) and - ((l_4 <= j_0) and - ((j_0 <= h_4) and Swap(a_5, i_1, j_0, intM_intP_at_L2, - intM_intP_at_L1))))) -> - Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) - -axiom Permut_sym: - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_3:Object pointer. - (forall l_2:int. - (forall h_2:int. - (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> - Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) - -axiom Permut_trans: - (forall intM_intP_at_L3:(Object, int) memory. - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_4:Object pointer. - (forall l_3:int. - (forall h_3:int. - ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) and - Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> - Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) - logic Sort_tag : Object tag_id axiom Sort_parenttag_Object: parenttag(Sort_tag, Object_tag) @@ -11325,6 +11151,17 @@ axiom String_parenttag_Object: parenttag(String_tag, Object_tag) +predicate Swap(a_0: Object pointer, i_0: int, j: int, + intM_intP_at_L2: (Object, int) memory, intM_intP_at_L1: (Object, + int) memory) = + ((select(intM_intP_at_L1, shift(a_0, i_0)) = select(intM_intP_at_L2, + shift(a_0, j))) and + ((select(intM_intP_at_L1, shift(a_0, j)) = select(intM_intP_at_L2, + shift(a_0, i_0))) and + (forall k:int. + (((k <> i_0) and (k <> j)) -> (select(intM_intP_at_L1, shift(a_0, + k)) = select(intM_intP_at_L2, shift(a_0, k))))))) + logic Throwable_tag : Object tag_id axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) @@ -11454,36 +11291,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Sort(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -11524,16 +11331,58 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +axiom Permut_swap: + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_5:Object pointer. + (forall l_4:int. + (forall h_4:int. + (forall i_1:int. + (forall j_0:int. + (((l_4 <= i_1) and + ((i_1 <= h_4) and + ((l_4 <= j_0) and + ((j_0 <= h_4) and Swap(a_5, i_1, j_0, intM_intP_at_L2, + intM_intP_at_L1))))) -> + Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) + +axiom Permut_trans: + (forall intM_intP_at_L3:(Object, int) memory. + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_4:Object pointer. + (forall l_3:int. + (forall h_3:int. + ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) and + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) + +axiom Permut_sym: + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_3:Object pointer. + (forall l_2:int. + (forall h_2:int. + (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> + Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) + +axiom Permut_refl: + (forall intM_intP_at_L:(Object, int) memory. + (forall a_2:Object pointer. + (forall l_1:int. + (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, + intM_intP_at_L))))) + goal Sort_min_sort_ensures_default_po_1: forall this_0:Object pointer. forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_99": ("JC_95": ("JC_95": (0 <= i_3)))) + ("JC_107": ("JC_103": (0 <= i_3))) goal Sort_min_sort_ensures_default_po_2: forall this_0:Object pointer. @@ -11543,10 +11392,10 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_99": ("JC_96": ("JC_96": Sorted(t_0, 0, i_3, intM_intP)))) + ("JC_107": ("JC_104": Sorted(t_0, 0, i_3, intM_intP))) goal Sort_min_sort_ensures_default_po_3: forall this_0:Object pointer. @@ -11556,19 +11405,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_99": - ("JC_97": - ("JC_97": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and - ((k1 < i_3) and - ((i_3 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> - (select(intM_intP, shift(t_0, k1)) <= select(intM_intP, shift(t_0, - k2))))))))) + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < i_3) and + ((i_3 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + ("JC_107": + ("JC_105": (select(intM_intP, shift(t_0, k1)) <= select(intM_intP, + shift(t_0, k2))))) goal Sort_min_sort_ensures_default_po_4: forall this_0:Object pointer. @@ -11578,13 +11425,12 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_99": - ("JC_98": - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP, intM_intP)))) + ("JC_107": + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP, intM_intP))) goal Sort_min_sort_ensures_default_po_5: forall this_0:Object pointer. @@ -11594,16 +11440,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11612,10 +11458,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11627,7 +11473,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": ("JC_104": ("JC_104": (i_3_0 < j_2)))) + ("JC_118": ("JC_112": (i_3_0 < j_2))) goal Sort_min_sort_ensures_default_po_6: forall this_0:Object pointer. @@ -11637,16 +11483,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11655,10 +11501,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11670,7 +11516,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": ("JC_105": ("JC_105": (i_3_0 <= mi)))) + ("JC_118": ("JC_113": (i_3_0 <= mi))) goal Sort_min_sort_ensures_default_po_7: forall this_0:Object pointer. @@ -11680,16 +11526,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11698,10 +11544,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11713,8 +11559,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": - ("JC_106": ("JC_106": (mi < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_118": ("JC_114": (mi < (offset_max(Object_alloc_table, t_0) + 1)))) goal Sort_min_sort_ensures_default_po_8: forall this_0:Object pointer. @@ -11724,16 +11569,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11742,10 +11587,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11757,8 +11602,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": - ("JC_107": ("JC_107": (mv = select(intM_intP0, shift(t_0, mi)))))) + ("JC_118": ("JC_115": (mv = select(intM_intP0, shift(t_0, mi))))) goal Sort_min_sort_ensures_default_po_9: forall this_0:Object pointer. @@ -11768,16 +11612,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11786,10 +11630,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11801,12 +11645,9 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": - ("JC_108": - ("JC_108": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2)) -> + ("JC_118": ("JC_116": (select(intM_intP0, shift(t_0, k_0)) >= mv))) goal Sort_min_sort_ensures_default_po_10: forall this_0:Object pointer. @@ -11816,16 +11657,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11834,10 +11675,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11849,10 +11690,9 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_110": - ("JC_109": - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP0, intM_intP)))) + ("JC_118": + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP))) goal Sort_min_sort_ensures_default_po_11: forall this_0:Object pointer. @@ -11862,16 +11702,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11880,10 +11720,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11898,19 +11738,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -11925,7 +11765,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": ("JC_104": ("JC_104": (i_3_0 < j_2_1)))) + ("JC_118": ("JC_112": (i_3_0 < j_2_1))) goal Sort_min_sort_ensures_default_po_12: forall this_0:Object pointer. @@ -11935,16 +11775,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11953,10 +11793,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11971,19 +11811,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -11998,7 +11838,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": ("JC_105": ("JC_105": (i_3_0 <= mi1)))) + ("JC_118": ("JC_113": (i_3_0 <= mi1))) goal Sort_min_sort_ensures_default_po_13: forall this_0:Object pointer. @@ -12008,16 +11848,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12026,10 +11866,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12044,19 +11884,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -12071,8 +11911,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_106": ("JC_106": (mi1 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_118": ("JC_114": (mi1 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Sort_min_sort_ensures_default_po_14: forall this_0:Object pointer. @@ -12082,16 +11921,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12100,10 +11939,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12118,19 +11957,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -12145,8 +11984,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_107": ("JC_107": (mv1 = select(intM_intP0, shift(t_0, mi1)))))) + ("JC_118": ("JC_115": (mv1 = select(intM_intP0, shift(t_0, mi1))))) goal Sort_min_sort_ensures_default_po_15: forall this_0:Object pointer. @@ -12156,16 +11994,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12174,10 +12012,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12192,19 +12030,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -12219,12 +12057,9 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_108": - ("JC_108": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2_1)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv1)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2_1)) -> + ("JC_118": ("JC_116": (select(intM_intP0, shift(t_0, k_0)) >= mv1))) goal Sort_min_sort_ensures_default_po_16: forall this_0:Object pointer. @@ -12234,16 +12069,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12252,10 +12087,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12270,19 +12105,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -12297,10 +12132,9 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_109": - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP0, intM_intP)))) + ("JC_118": + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP))) goal Sort_min_sort_ensures_default_po_17: forall this_0:Object pointer. @@ -12310,16 +12144,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12328,10 +12162,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12346,19 +12180,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -12367,7 +12201,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": ("JC_104": ("JC_104": (i_3_0 < j_2_1)))) + ("JC_118": ("JC_112": (i_3_0 < j_2_1))) goal Sort_min_sort_ensures_default_po_18: forall this_0:Object pointer. @@ -12377,16 +12211,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12395,10 +12229,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12413,19 +12247,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -12434,7 +12268,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": ("JC_105": ("JC_105": (i_3_0 <= mi0)))) + ("JC_118": ("JC_113": (i_3_0 <= mi0))) goal Sort_min_sort_ensures_default_po_19: forall this_0:Object pointer. @@ -12444,16 +12278,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12462,10 +12296,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12480,19 +12314,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -12501,8 +12335,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_106": ("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_118": ("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Sort_min_sort_ensures_default_po_20: forall this_0:Object pointer. @@ -12512,16 +12345,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12530,10 +12363,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12548,19 +12381,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -12569,8 +12402,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_107": ("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))))) + ("JC_118": ("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0))))) goal Sort_min_sort_ensures_default_po_21: forall this_0:Object pointer. @@ -12580,16 +12412,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12598,10 +12430,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12616,19 +12448,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -12637,12 +12469,9 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_108": - ("JC_108": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2_1)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv0)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2_1)) -> + ("JC_118": ("JC_116": (select(intM_intP0, shift(t_0, k_0)) >= mv0))) goal Sort_min_sort_ensures_default_po_22: forall this_0:Object pointer. @@ -12652,16 +12481,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12670,10 +12499,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12688,19 +12517,19 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -12709,10 +12538,9 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_110": - ("JC_109": - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP0, intM_intP)))) + ("JC_118": + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP))) goal Sort_min_sort_ensures_default_po_23: forall this_0:Object pointer. @@ -12722,16 +12550,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12740,10 +12568,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12758,32 +12586,32 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_99": ("JC_95": ("JC_95": (0 <= i_3_1)))) + ("JC_107": ("JC_103": (0 <= i_3_1))) goal Sort_min_sort_ensures_default_po_24: forall this_0:Object pointer. @@ -12793,16 +12621,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12811,10 +12639,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12829,32 +12657,32 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_99": ("JC_96": ("JC_96": Sorted(t_0, 0, i_3_1, intM_intP1)))) + ("JC_107": ("JC_104": Sorted(t_0, 0, i_3_1, intM_intP1))) goal Sort_min_sort_ensures_default_po_25: forall this_0:Object pointer. @@ -12864,16 +12692,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12882,10 +12710,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12900,41 +12728,39 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_99": - ("JC_97": - ("JC_97": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and - ((k1 < i_3_1) and - ((i_3_1 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> - (select(intM_intP1, shift(t_0, k1)) <= select(intM_intP1, shift(t_0, - k2))))))))) + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < i_3_1) and + ((i_3_1 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + ("JC_107": + ("JC_105": (select(intM_intP1, shift(t_0, k1)) <= select(intM_intP1, + shift(t_0, k2))))) goal Sort_min_sort_ensures_default_po_26: forall this_0:Object pointer. @@ -12944,16 +12770,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -12962,10 +12788,10 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -12980,35 +12806,34 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_110": - (("JC_104": (i_3_0 < j_2_0)) and - (("JC_105": (i_3_0 <= mi0)) and - (("JC_106": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_107": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_108": + ("JC_118": + (("JC_112": (i_3_0 < j_2_0)) and + (("JC_113": (i_3_0 <= mi0)) and + (("JC_114": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_115": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_116": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_109": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_117": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_99": - ("JC_98": - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP1, intM_intP)))) + ("JC_107": + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP1, intM_intP))) goal Sort_min_sort_ensures_default_po_27: forall this_0:Object pointer. @@ -13018,16 +12843,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13036,17 +12861,16 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 >= (result - 1)) -> - ("JC_63": - ("JC_61": - ("JC_61": Sorted(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP0)))) + ("JC_71": + ("JC_69": Sorted(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0))) goal Sort_min_sort_ensures_default_po_28: forall this_0:Object pointer. @@ -13056,16 +12880,16 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_99": - (("JC_95": (0 <= i_3_0)) and - (("JC_96": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_97": + ("JC_107": + (("JC_103": (0 <= i_3_0)) and + (("JC_104": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_105": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13074,17 +12898,16 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_98": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_106": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 >= (result - 1)) -> - ("JC_63": - ("JC_62": - ("JC_62": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), - intM_intP0, intM_intP)))) + ("JC_71": + ("JC_70": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + intM_intP0, intM_intP))) goal Sort_min_sort_safety_po_1: forall this_0:Object pointer. @@ -13094,17 +12917,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13113,7 +12936,7 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) @@ -13125,17 +12948,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13144,11 +12967,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -13162,17 +12985,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13181,11 +13004,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -13199,17 +13022,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13218,11 +13041,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -13239,21 +13062,21 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -13267,17 +13090,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13286,11 +13109,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -13307,21 +13130,21 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -13335,17 +13158,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13354,11 +13177,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -13375,25 +13198,25 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": ("JC_31": ("JC_31": Non_null_intM(t_0, Object_alloc_table)))) + ("JC_44": ("JC_39": Non_null_intM(t_0, Object_alloc_table))) goal Sort_min_sort_safety_po_7: forall this_0:Object pointer. @@ -13403,17 +13226,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13422,11 +13245,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -13443,26 +13266,25 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": - ("JC_33": ("JC_33": (i_3_0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_44": ("JC_41": (i_3_0 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Sort_min_sort_safety_po_8: forall this_0:Object pointer. @@ -13472,17 +13294,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13491,11 +13313,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -13512,25 +13334,25 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": ("JC_34": ("JC_34": (0 <= mi0)))) + ("JC_44": ("JC_42": (0 <= mi0))) goal Sort_min_sort_safety_po_9: forall this_0:Object pointer. @@ -13540,17 +13362,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_75": true) -> - ("JC_73": - (("JC_69": (0 <= i_3_0)) and - (("JC_70": Sorted(t_0, 0, i_3_0, intM_intP0)) and - (("JC_71": + ("JC_83": true) -> + ("JC_81": + (("JC_77": (0 <= i_3_0)) and + (("JC_78": Sorted(t_0, 0, i_3_0, intM_intP0)) and + (("JC_79": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -13559,11 +13381,11 @@ t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))) and - ("JC_72": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_80": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -13580,26 +13402,25 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_88": true) -> - ("JC_86": - (("JC_80": (i_3_0 < j_2_0)) and - (("JC_81": (i_3_0 <= mi0)) and - (("JC_82": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and - (("JC_83": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - (("JC_84": + ("JC_96": true) -> + ("JC_94": + (("JC_88": (i_3_0 < j_2_0)) and + (("JC_89": (i_3_0 <= mi0)) and + (("JC_90": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))) and + (("JC_91": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + (("JC_92": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))) and - ("JC_85": Permut(t_0, 0, ((offset_max(Object_alloc_table, + ("JC_93": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)))))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": - ("JC_35": ("JC_35": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_44": ("JC_43": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Sort_swap_ensures_default_po_1: forall this_2:Object pointer. @@ -13611,12 +13432,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> forall result:int. (result = select(intM_intP, shift(t, i_2))) -> forall result0:int. @@ -13627,7 +13448,7 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, j_1), result)) -> - ("JC_47": ("JC_45": ("JC_45": Swap(t, i_2, j_1, intM_intP1, intM_intP)))) + ("JC_55": ("JC_53": Swap(t, i_2, j_1, intM_intP1, intM_intP))) goal Sort_swap_ensures_default_po_2: forall this_2:Object pointer. @@ -13639,12 +13460,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> forall result:int. (result = select(intM_intP, shift(t, i_2))) -> forall result0:int. @@ -13655,11 +13476,10 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, j_1), result)) -> - ("JC_47": - ("JC_46": - ("JC_46": not_assigns(Object_alloc_table, intM_intP, intM_intP1, + ("JC_55": + ("JC_54": not_assigns(Object_alloc_table, intM_intP, intM_intP1, pset_union(pset_range(pset_singleton(t), j_1, j_1), - pset_range(pset_singleton(t), i_2, i_2)))))) + pset_range(pset_singleton(t), i_2, i_2))))) goal Sort_swap_safety_po_1: forall this_2:Object pointer. @@ -13669,12 +13489,12 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> (offset_min(Object_alloc_table, t) <= i_2) goal Sort_swap_safety_po_2: @@ -13685,12 +13505,12 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> (i_2 <= offset_max(Object_alloc_table, t)) goal Sort_swap_safety_po_3: @@ -13703,12 +13523,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> ((offset_min(Object_alloc_table, t) <= i_2) and (i_2 <= offset_max(Object_alloc_table, t))) -> forall result:int. @@ -13725,12 +13545,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> ((offset_min(Object_alloc_table, t) <= i_2) and (i_2 <= offset_max(Object_alloc_table, t))) -> forall result:int. @@ -13740,10 +13560,10 @@ ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/Sort2_why.why : ......................................#.... (42/0/0/1/0) +why/Sort2_why.why : .........................#............#.... (41/0/0/2/0) total : 43 -valid : 42 ( 98%) +valid : 41 ( 95%) invalid : 0 ( 0%) unknown : 0 ( 0%) -timeout : 1 ( 2%) +timeout : 2 ( 5%) failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/Sort.res.oracle why-2.30+dfsg/tests/java/oracle/Sort.res.oracle --- why-2.29+dfsg/tests/java/oracle/Sort.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Sort.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,34 @@ ========== file tests/java/Sort.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ TerminationPolicy = user @@ -112,7 +142,10 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -358,121 +391,121 @@ ========== file tests/java/Sort.jloc ========== [K_10] file = "HOME/tests/java/Sort.java" -line = 36 +line = 66 begin = 17 end = 80 [K_11] file = "HOME/tests/java/Sort.java" -line = 43 +line = 73 begin = 8 end = 12 [K_12] file = "HOME/tests/java/Sort.java" -line = 43 +line = 73 begin = 1 end = 12 [K_13] file = "HOME/tests/java/Sort.java" -line = 44 +line = 74 begin = 1 end = 11 [K_14] file = "HOME/tests/java/Sort.java" -line = 42 +line = 72 begin = 11 end = 15 [K_15] file = "HOME/tests/java/Sort.java" -line = 49 +line = 79 begin = 18 end = 40 [K_16] file = "HOME/tests/java/Sort.java" -line = 51 +line = 81 begin = 18 end = 50 [K_17] file = "HOME/tests/java/Sort.java" -line = 47 +line = 77 begin = 17 end = 26 [K_18] file = "HOME/tests/java/Sort.java" -line = 56 +line = 86 begin = 20 end = 26 [K_19] file = "HOME/tests/java/Sort.java" -line = 59 +line = 89 begin = 8 end = 90 [K_20] file = "HOME/tests/java/Sort.java" -line = 58 +line = 88 begin = 21 end = 34 [K_21] file = "HOME/tests/java/Sort.java" -line = 58 +line = 88 begin = 21 end = 130 [K_22] file = "HOME/tests/java/Sort.java" -line = 62 +line = 92 begin = 22 end = 54 [K_23] file = "HOME/tests/java/Sort.java" -line = 66 +line = 96 begin = 10 end = 14 [K_24] file = "HOME/tests/java/Sort.java" -line = 67 +line = 97 begin = 38 end = 51 [K_1] file = "HOME/tests/java/Sort.java" -line = 39 +line = 69 begin = 16 end = 37 [K_25] file = "HOME/tests/java/Sort.java" -line = 67 +line = 97 begin = 33 end = 40 [K_2] file = "HOME/tests/java/Sort.java" -line = 37 +line = 67 begin = 37 end = 49 [K_26] file = "HOME/tests/java/Sort.java" -line = 67 +line = 97 begin = 33 end = 51 [K_3] file = "HOME/tests/java/Sort.java" -line = 37 +line = 67 begin = 32 end = 38 @@ -485,55 +518,55 @@ [K_27] file = "HOME/tests/java/Sort.java" -line = 67 +line = 97 begin = 24 end = 29 [K_4] file = "HOME/tests/java/Sort.java" -line = 37 +line = 67 begin = 32 end = 49 [K_28] file = "HOME/tests/java/Sort.java" -line = 67 +line = 97 begin = 24 end = 51 [K_5] file = "HOME/tests/java/Sort.java" -line = 37 +line = 67 begin = 16 end = 28 [K_29] file = "HOME/tests/java/Sort.java" -line = 70 +line = 100 begin = 12 end = 56 [K_6] file = "HOME/tests/java/Sort.java" -line = 37 +line = 67 begin = 11 end = 17 [K_7] file = "HOME/tests/java/Sort.java" -line = 37 +line = 67 begin = 11 end = 28 [K_8] file = "HOME/tests/java/Sort.java" -line = 36 +line = 66 begin = 17 end = 26 [K_9] file = "HOME/tests/java/Sort.java" -line = 36 +line = 66 begin = 17 end = 59 @@ -553,58 +586,65 @@ [K_30] file = "HOME/tests/java/Sort.java" -line = 69 +line = 99 begin = 25 end = 36 [K_31] file = "HOME/tests/java/Sort.java" -line = 69 +line = 99 begin = 25 end = 97 [K_32] file = "HOME/tests/java/Sort.java" -line = 72 +line = 102 begin = 25 end = 57 [K_33] file = "HOME/tests/java/Sort.java" -line = 76 +line = 106 begin = 20 end = 24 [K_34] file = "HOME/tests/java/Sort.java" -line = 75 +line = 105 begin = 6 end = 10 [K_35] file = "HOME/tests/java/Sort.java" -line = 75 +line = 105 begin = 6 end = 15 [K_36] file = "HOME/tests/java/Sort.java" -line = 74 +line = 104 begin = 31 end = 34 [K_37] file = "HOME/tests/java/Sort.java" -line = 74 +line = 104 begin = 21 end = 29 [K_38] file = "HOME/tests/java/Sort.java" -line = 74 +line = 104 begin = 17 end = 29 +[Permut_sym] +name = "Lemma Permut_sym" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + [Object_wait_long_int] name = "Method wait" file = "HOME/lib/java_api/java/lang/Object.java" @@ -614,7 +654,7 @@ [K_39] file = "HOME/tests/java/Sort.java" -line = 74 +line = 104 begin = 12 end = 15 @@ -641,34 +681,41 @@ [K_40] file = "HOME/tests/java/Sort.java" -line = 79 +line = 109 begin = 5 end = 17 [K_41] file = "HOME/tests/java/Sort.java" -line = 64 +line = 94 begin = 25 end = 28 [K_42] file = "HOME/tests/java/Sort.java" -line = 64 +line = 94 begin = 13 end = 21 [K_43] file = "HOME/tests/java/Sort.java" -line = 64 +line = 94 begin = 13 end = 23 [K_44] file = "HOME/tests/java/Sort.java" -line = 64 +line = 94 begin = 11 end = 23 +[Permut_swap] +name = "Lemma Permut_swap" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + [Object_toString] name = "Method toString" file = "HOME/lib/java_api/java/lang/Object.java" @@ -676,10 +723,17 @@ begin = 18 end = 26 +[Permut_trans] +name = "Lemma Permut_trans" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + [Sort_swap] name = "Method swap" file = "HOME/tests/java/Sort.java" -line = 41 +line = 71 begin = 9 end = 13 @@ -711,10 +765,17 @@ begin = 22 end = 26 +[Permut_refl] +name = "Lemma Permut_refl" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + [Sort_min_sort] name = "Method min_sort" file = "HOME/tests/java/Sort.java" -line = 53 +line = 83 begin = 9 end = 17 @@ -745,10 +806,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Sort.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Sort_why.sx @@ -809,6 +871,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Sort_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Sort_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -881,6 +950,9 @@ why3ide: why/Sort_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Sort.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Sort.depend depend: coq/Sort_why.v @@ -892,76 +964,77 @@ ========== file tests/java/Sort.loc ========== [JC_103] file = "HOME/tests/java/Sort.java" -line = 59 -begin = 8 -end = 90 +line = 97 +begin = 38 +end = 51 [JC_104] file = "HOME/tests/java/Sort.java" -line = 58 -begin = 21 -end = 130 +line = 97 +begin = 24 +end = 51 [JC_105] -file = "HOME/tests/java/Sort.java" -line = 56 -begin = 20 -end = 26 - -[JC_106] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_106] +file = "HOME/tests/java/Sort.jc" +line = 178 +begin = 21 +end = 1621 + [JC_40] file = "HOME/tests/java/Sort.java" -line = 37 -begin = 16 -end = 28 +line = 67 +begin = 11 +end = 17 [JC_107] file = "HOME/tests/java/Sort.jc" -line = 150 -begin = 15 -end = 3072 +line = 178 +begin = 21 +end = 1621 [JC_41] file = "HOME/tests/java/Sort.java" -line = 37 -begin = 32 -end = 38 +line = 67 +begin = 16 +end = 28 [JC_108] -file = "HOME/tests/java/Sort.jc" -line = 150 -begin = 15 -end = 3072 +kind = UserCall +file = "HOME/tests/java/Sort.java" +line = 104 +begin = 21 +end = 29 [JC_42] file = "HOME/tests/java/Sort.java" -line = 37 -begin = 37 -end = 49 +line = 67 +begin = 32 +end = 38 [JC_220] file = "HOME/lib/java_api/java/lang/Object.java" -line = 430 +line = 386 begin = 22 end = 26 [JC_109] kind = UserCall -file = "HOME/tests/java/Sort.java" -line = 64 -begin = 13 -end = 21 +file = "HOME/tests/java/Sort.jc" +line = 205 +begin = 29 +end = 60 [JC_43] file = "HOME/tests/java/Sort.java" -line = 36 -begin = 17 -end = 80 +line = 67 +begin = 37 +end = 49 [JC_221] file = "HOME/" @@ -973,28 +1046,28 @@ name = "Method swap" behavior = "Safety" file = "HOME/tests/java/Sort.java" -line = 41 +line = 71 begin = 9 end = 13 [JC_44] +file = "HOME/tests/java/Sort.java" +line = 66 +begin = 17 +end = 80 + +[JC_222] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_222] +[JC_45] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_45] -file = "HOME/tests/java/Sort.java" -line = 39 -begin = 16 -end = 37 - [JC_223] file = "HOME/" line = 0 @@ -1003,9 +1076,9 @@ [JC_46] file = "HOME/tests/java/Sort.java" -line = 41 -begin = 9 -end = 13 +line = 66 +begin = 17 +end = 26 [JC_224] file = "HOME/" @@ -1014,10 +1087,10 @@ end = -1 [JC_47] -file = "HOME/tests/java/Sort.jc" -line = 117 -begin = 9 -end = 16 +file = "HOME/tests/java/Sort.java" +line = 67 +begin = 11 +end = 17 [JC_225] file = "HOME/" @@ -1027,21 +1100,21 @@ [JC_48] file = "HOME/tests/java/Sort.java" -line = 39 +line = 67 begin = 16 -end = 37 +end = 28 [JC_226] file = "HOME/lib/java_api/java/lang/Object.java" -line = 481 -begin = 19 -end = 27 +line = 430 +begin = 22 +end = 26 [JC_49] file = "HOME/tests/java/Sort.java" -line = 41 -begin = 9 -end = 13 +line = 67 +begin = 32 +end = 38 [JC_227] file = "HOME/" @@ -1051,9 +1124,9 @@ [JC_228] file = "HOME/lib/java_api/java/lang/Object.java" -line = 481 -begin = 19 -end = 27 +line = 430 +begin = 22 +end = 26 [JC_229] file = "HOME/" @@ -1063,69 +1136,70 @@ [JC_110] file = "HOME/tests/java/Sort.java" -line = 69 -begin = 25 -end = 36 +line = 88 +begin = 21 +end = 34 [JC_111] file = "HOME/tests/java/Sort.java" -line = 70 -begin = 12 -end = 56 +line = 89 +begin = 8 +end = 90 [JC_112] file = "HOME/tests/java/Sort.java" -line = 69 -begin = 25 -end = 97 +line = 88 +begin = 21 +end = 130 [JC_113] file = "HOME/tests/java/Sort.java" -line = 67 -begin = 24 -end = 29 +line = 86 +begin = 20 +end = 26 [JC_114] -file = "HOME/tests/java/Sort.java" -line = 67 -begin = 33 -end = 40 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_115] -file = "HOME/tests/java/Sort.java" -line = 67 -begin = 38 -end = 51 +file = "HOME/tests/java/Sort.jc" +line = 153 +begin = 15 +end = 3072 [JC_116] -file = "HOME/tests/java/Sort.java" -line = 67 -begin = 24 -end = 51 +file = "HOME/tests/java/Sort.jc" +line = 153 +begin = 15 +end = 3072 [JC_50] -file = "HOME/tests/java/Sort.jc" -line = 117 -begin = 9 -end = 16 +file = "HOME/tests/java/Sort.java" +line = 67 +begin = 37 +end = 49 [JC_117] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Sort.java" +line = 94 +begin = 13 +end = 21 [JC_51] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.java" +line = 66 +begin = 17 +end = 80 [JC_118] -file = "HOME/tests/java/Sort.jc" -line = 175 -begin = 21 -end = 1621 +file = "HOME/tests/java/Sort.java" +line = 99 +begin = 25 +end = 36 [JC_52] file = "HOME/" @@ -1140,17 +1214,16 @@ end = -1 [JC_119] -file = "HOME/tests/java/Sort.jc" -line = 175 -begin = 21 -end = 1621 +file = "HOME/tests/java/Sort.java" +line = 100 +begin = 12 +end = 56 [JC_53] -kind = PointerDeref file = "HOME/tests/java/Sort.java" -line = 42 -begin = 11 -end = 15 +line = 69 +begin = 16 +end = 37 [JC_231] file = "HOME/" @@ -1159,11 +1232,10 @@ end = -1 [JC_54] -kind = PointerDeref file = "HOME/tests/java/Sort.java" -line = 43 -begin = 8 -end = 12 +line = 71 +begin = 9 +end = 13 [JC_232] file = "HOME/" @@ -1172,11 +1244,10 @@ end = -1 [JC_55] -kind = PointerDeref file = "HOME/tests/java/Sort.jc" -line = 125 -begin = 18 -end = 58 +line = 120 +begin = 9 +end = 16 [JC_233] file = "HOME/" @@ -1185,23 +1256,22 @@ end = -1 [JC_56] -kind = PointerDeref -file = "HOME/tests/java/Sort.jc" -line = 126 -begin = 18 -end = 38 - -[JC_234] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.java" +line = 69 +begin = 16 +end = 37 + +[JC_234] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 [JC_57] file = "HOME/tests/java/Sort.java" -line = 47 -begin = 17 -end = 26 +line = 71 +begin = 9 +end = 13 [JC_235] file = "HOME/" @@ -1210,23 +1280,23 @@ end = -1 [JC_58] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.jc" +line = 120 +begin = 9 +end = 16 [JC_236] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +[JC_59] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_59] -file = "HOME/tests/java/Sort.java" -line = 47 -begin = 17 -end = 26 - [JC_237] file = "HOME/" line = 0 @@ -1246,56 +1316,54 @@ end = -1 [JC_120] -kind = UserCall file = "HOME/tests/java/Sort.java" -line = 74 -begin = 21 -end = 29 +line = 99 +begin = 25 +end = 97 [JC_121] -kind = UserCall -file = "HOME/tests/java/Sort.jc" -line = 202 -begin = 29 -end = 60 +file = "HOME/tests/java/Sort.java" +line = 97 +begin = 24 +end = 29 [JC_122] file = "HOME/tests/java/Sort.java" -line = 62 -begin = 22 -end = 54 +line = 97 +begin = 33 +end = 40 [JC_123] file = "HOME/tests/java/Sort.java" -line = 56 -begin = 20 -end = 26 +line = 97 +begin = 38 +end = 51 [JC_124] +file = "HOME/tests/java/Sort.java" +line = 97 +begin = 24 +end = 51 + +[JC_125] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_125] -file = "HOME/tests/java/Sort.jc" -line = 150 -begin = 15 -end = 3072 - [Permut_trans] -name = "Permut_trans" +name = "Lemma Permut_trans" behavior = "axiom" -file = "HOME/tests/java/Sort.jc" -line = 85 -begin = 2 -end = 246 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_126] file = "HOME/tests/java/Sort.jc" -line = 150 -begin = 15 -end = 3072 +line = 178 +begin = 21 +end = 1621 [JC_60] file = "HOME/" @@ -1304,148 +1372,201 @@ end = -1 [JC_127] +file = "HOME/tests/java/Sort.jc" +line = 178 +begin = 21 +end = 1621 + +[JC_61] +kind = PointerDeref +file = "HOME/tests/java/Sort.java" +line = 72 +begin = 11 +end = 15 + +[JC_128] kind = UserCall file = "HOME/tests/java/Sort.java" -line = 64 -begin = 13 -end = 21 +line = 104 +begin = 21 +end = 29 -[JC_61] +[JC_62] +kind = PointerDeref +file = "HOME/tests/java/Sort.java" +line = 73 +begin = 8 +end = 12 + +[JC_240] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_128] -file = "HOME/tests/java/Sort.java" -line = 72 -begin = 25 -end = 57 +[JC_129] +kind = UserCall +file = "HOME/tests/java/Sort.jc" +line = 205 +begin = 29 +end = 60 -[JC_62] +[JC_63] +kind = PointerDeref +file = "HOME/tests/java/Sort.jc" +line = 128 +begin = 18 +end = 58 + +[JC_241] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_240] +[JC_64] +kind = PointerDeref +file = "HOME/tests/java/Sort.jc" +line = 129 +begin = 18 +end = 38 + +[JC_242] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_129] +[JC_65] file = "HOME/tests/java/Sort.java" -line = 67 -begin = 24 -end = 29 +line = 77 +begin = 17 +end = 26 -[JC_63] +[JC_243] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_241] +[JC_66] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_64] +[JC_244] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_65] -file = "HOME/tests/java/Sort.java" -line = 49 -begin = 18 -end = 40 - -[JC_66] -file = "HOME/tests/java/Sort.java" -line = 49 -begin = 18 -end = 40 - [JC_67] file = "HOME/tests/java/Sort.java" -line = 51 -begin = 18 -end = 50 +line = 77 +begin = 17 +end = 26 + +[JC_245] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_68] -file = "HOME/tests/java/Sort.java" -line = 51 -begin = 18 -end = 50 +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_246] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_69] -file = "HOME/tests/java/Sort.java" -line = 56 -begin = 20 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_247] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_248] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_249] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [Sort_min_sort_ensures_permutation] name = "Method min_sort" -behavior = "Normal behavior `permutation'" +behavior = "Behavior `permutation'" file = "HOME/tests/java/Sort.java" -line = 53 +line = 83 begin = 9 end = 17 [JC_130] file = "HOME/tests/java/Sort.java" -line = 67 -begin = 33 -end = 40 +line = 92 +begin = 22 +end = 54 [JC_131] file = "HOME/tests/java/Sort.java" -line = 67 -begin = 38 -end = 51 +line = 86 +begin = 20 +end = 26 [JC_132] -file = "HOME/tests/java/Sort.java" -line = 67 -begin = 24 -end = 51 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [Sort_min_sort_safety] name = "Method min_sort" behavior = "Safety" file = "HOME/tests/java/Sort.java" -line = 53 +line = 83 begin = 9 end = 17 [JC_133] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.jc" +line = 153 +begin = 15 +end = 3072 [JC_134] file = "HOME/tests/java/Sort.jc" -line = 175 -begin = 21 -end = 1621 +line = 153 +begin = 15 +end = 3072 [JC_135] -file = "HOME/tests/java/Sort.jc" -line = 175 -begin = 21 -end = 1621 +kind = UserCall +file = "HOME/tests/java/Sort.java" +line = 94 +begin = 13 +end = 21 [JC_136] -kind = UserCall file = "HOME/tests/java/Sort.java" -line = 74 -begin = 21 -end = 29 +line = 102 +begin = 25 +end = 57 [JC_70] file = "HOME/" @@ -1454,87 +1575,83 @@ end = -1 [JC_137] -kind = UserCall -file = "HOME/tests/java/Sort.jc" -line = 202 -begin = 29 -end = 60 +file = "HOME/tests/java/Sort.java" +line = 97 +begin = 24 +end = 29 [JC_71] -file = "HOME/tests/java/Sort.jc" -line = 150 -begin = 15 -end = 3072 - -[JC_138] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_72] -file = "HOME/tests/java/Sort.jc" -line = 150 -begin = 15 -end = 3072 +[JC_138] +file = "HOME/tests/java/Sort.java" +line = 97 +begin = 33 +end = 40 -[JC_139] +[JC_72] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_139] +file = "HOME/tests/java/Sort.java" +line = 97 +begin = 38 +end = 51 + [JC_73] -kind = UserCall file = "HOME/tests/java/Sort.java" -line = 64 -begin = 13 -end = 21 +line = 79 +begin = 18 +end = 40 [JC_74] -kind = IndexBounds file = "HOME/tests/java/Sort.java" -line = 64 -begin = 13 -end = 21 +line = 79 +begin = 18 +end = 40 [JC_75] -kind = PointerDeref file = "HOME/tests/java/Sort.java" -line = 66 -begin = 10 -end = 14 +line = 81 +begin = 18 +end = 50 [JC_76] file = "HOME/tests/java/Sort.java" -line = 67 -begin = 24 -end = 29 +line = 81 +begin = 18 +end = 50 [JC_77] file = "HOME/tests/java/Sort.java" -line = 67 -begin = 33 -end = 40 +line = 86 +begin = 20 +end = 26 [JC_78] -file = "HOME/tests/java/Sort.java" -line = 67 -begin = 38 -end = 51 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_79] +file = "HOME/tests/java/Sort.jc" +line = 153 +begin = 15 +end = 3072 + +[JC_140] file = "HOME/tests/java/Sort.java" -line = 67 +line = 97 begin = 24 end = 51 -[JC_140] -file = "HOME/" -line = 0 -begin = -1 -end = -1 - [JC_141] file = "HOME/" line = 0 @@ -1542,28 +1659,30 @@ end = -1 [JC_142] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.jc" +line = 178 +begin = 21 +end = 1621 [JC_143] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.jc" +line = 178 +begin = 21 +end = 1621 [JC_144] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Sort.java" +line = 104 +begin = 21 +end = 29 [JC_145] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = UserCall +file = "HOME/tests/java/Sort.jc" +line = 205 +begin = 29 +end = 60 [cons_Object_safety] name = "Constructor of class Object" @@ -1574,17 +1693,17 @@ end = -1 [JC_146] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 22 -begin = 31 -end = 46 - -[JC_80] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_80] +file = "HOME/tests/java/Sort.jc" +line = 153 +begin = 15 +end = 3072 + [JC_147] file = "HOME/" line = 0 @@ -1592,22 +1711,24 @@ end = -1 [JC_81] -file = "HOME/tests/java/Sort.jc" -line = 175 -begin = 21 -end = 1621 +kind = UserCall +file = "HOME/tests/java/Sort.java" +line = 94 +begin = 13 +end = 21 [JC_148] -file = "HOME/lib/java_api/java/lang/Object.java" -line = 22 -begin = 31 -end = 46 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_82] -file = "HOME/tests/java/Sort.jc" -line = 175 -begin = 21 -end = 1621 +kind = IndexBounds +file = "HOME/tests/java/Sort.java" +line = 94 +begin = 13 +end = 21 [JC_149] file = "HOME/" @@ -1616,57 +1737,53 @@ end = -1 [JC_83] -kind = UserCall +kind = PointerDeref file = "HOME/tests/java/Sort.java" -line = 74 -begin = 21 -end = 29 +line = 96 +begin = 10 +end = 14 [JC_84] -kind = IndexBounds file = "HOME/tests/java/Sort.java" -line = 74 -begin = 21 +line = 97 +begin = 24 end = 29 [JC_85] -kind = PointerDeref file = "HOME/tests/java/Sort.java" -line = 75 -begin = 6 -end = 10 +line = 97 +begin = 33 +end = 40 [JC_86] -kind = PointerDeref file = "HOME/tests/java/Sort.java" -line = 76 -begin = 20 -end = 24 +line = 97 +begin = 38 +end = 51 [JC_87] -kind = UserCall -file = "HOME/tests/java/Sort.jc" -line = 202 -begin = 29 -end = 60 +file = "HOME/tests/java/Sort.java" +line = 97 +begin = 24 +end = 51 [JC_88] -file = "HOME/tests/java/Sort.java" -line = 56 -begin = 20 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_1] file = "HOME/tests/java/Sort.jc" -line = 39 -begin = 8 -end = 21 +line = 13 +begin = 12 +end = 22 [JC_89] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.jc" +line = 178 +begin = 21 +end = 1621 [JC_2] file = "HOME/" @@ -1676,9 +1793,9 @@ [JC_3] file = "HOME/tests/java/Sort.jc" -line = 39 -begin = 8 -end = 21 +line = 13 +begin = 12 +end = 22 [JC_4] file = "HOME/" @@ -1687,16 +1804,16 @@ end = -1 [JC_5] -file = "HOME/tests/java/Sort.jc" -line = 42 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_6] -file = "HOME/tests/java/Sort.jc" -line = 41 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_150] file = "HOME/" @@ -1705,35 +1822,35 @@ end = -1 [JC_7] -file = "HOME/tests/java/Sort.jc" -line = 42 -begin = 11 -end = 66 - -[JC_151] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_8] -file = "HOME/tests/java/Sort.jc" -line = 41 -begin = 10 -end = 18 +[JC_151] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_152] +[JC_8] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_9] +[JC_152] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_9] +file = "HOME/tests/java/Sort.jc" +line = 42 +begin = 8 +end = 21 + [JC_153] file = "HOME/" line = 0 @@ -1742,17 +1859,17 @@ [JC_154] file = "HOME/lib/java_api/java/lang/Object.java" -line = 74 -begin = 22 -end = 30 +line = 22 +begin = 31 +end = 46 [Permut_sym] -name = "Permut_sym" +name = "Lemma Permut_sym" behavior = "axiom" -file = "HOME/tests/java/Sort.jc" -line = 93 -begin = 2 -end = 185 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_155] file = "HOME/" @@ -1762,15 +1879,15 @@ [JC_156] file = "HOME/lib/java_api/java/lang/Object.java" -line = 74 -begin = 22 -end = 30 +line = 22 +begin = 31 +end = 46 [JC_90] file = "HOME/tests/java/Sort.jc" -line = 150 -begin = 15 -end = 3072 +line = 178 +begin = 21 +end = 1621 [JC_157] file = "HOME/" @@ -1779,18 +1896,19 @@ end = -1 [JC_91] -file = "HOME/tests/java/Sort.jc" -line = 150 -begin = 15 -end = 3072 +kind = UserCall +file = "HOME/tests/java/Sort.java" +line = 104 +begin = 21 +end = 29 [Permut_refl] -name = "Permut_refl" +name = "Lemma Permut_refl" behavior = "axiom" -file = "HOME/tests/java/Sort.jc" -line = 99 -begin = 2 -end = 143 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_158] file = "HOME/" @@ -1799,11 +1917,11 @@ end = -1 [JC_92] -kind = UserCall +kind = IndexBounds file = "HOME/tests/java/Sort.java" -line = 64 -begin = 13 -end = 21 +line = 104 +begin = 21 +end = 29 [JC_159] file = "HOME/" @@ -1812,28 +1930,31 @@ end = -1 [JC_93] +kind = PointerDeref file = "HOME/tests/java/Sort.java" -line = 67 -begin = 24 -end = 29 +line = 105 +begin = 6 +end = 10 [JC_94] +kind = PointerDeref file = "HOME/tests/java/Sort.java" -line = 67 -begin = 33 -end = 40 +line = 106 +begin = 20 +end = 24 [JC_95] -file = "HOME/tests/java/Sort.java" -line = 67 -begin = 38 -end = 51 +kind = UserCall +file = "HOME/tests/java/Sort.jc" +line = 205 +begin = 29 +end = 60 [JC_96] file = "HOME/tests/java/Sort.java" -line = 67 -begin = 24 -end = 51 +line = 86 +begin = 20 +end = 26 [JC_97] file = "HOME/" @@ -1842,24 +1963,24 @@ end = -1 [Permut_swap] -name = "Permut_swap" +name = "Lemma Permut_swap" behavior = "axiom" -file = "HOME/tests/java/Sort.jc" -line = 72 -begin = 2 -end = 398 +file = "HOME/" +line = 0 +begin = 0 +end = 0 [JC_98] file = "HOME/tests/java/Sort.jc" -line = 175 -begin = 21 -end = 1621 +line = 153 +begin = 15 +end = 3072 [JC_99] file = "HOME/tests/java/Sort.jc" -line = 175 -begin = 21 -end = 1621 +line = 153 +begin = 15 +end = 3072 [JC_160] file = "HOME/" @@ -1875,7 +1996,7 @@ [cons_Sort_ensures_default] name = "Constructor of class Sort" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -1883,9 +2004,9 @@ [JC_162] file = "HOME/lib/java_api/java/lang/Object.java" -line = 122 -begin = 19 -end = 25 +line = 74 +begin = 22 +end = 30 [JC_163] file = "HOME/" @@ -1895,9 +2016,9 @@ [JC_164] file = "HOME/lib/java_api/java/lang/Object.java" -line = 122 -begin = 19 -end = 25 +line = 74 +begin = 22 +end = 30 [JC_165] file = "HOME/" @@ -1931,17 +2052,17 @@ [Sort_swap_ensures_default] name = "Method swap" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Sort.java" -line = 41 +line = 71 begin = 9 end = 13 [JC_170] file = "HOME/lib/java_api/java/lang/Object.java" -line = 184 -begin = 28 -end = 33 +line = 122 +begin = 19 +end = 25 [JC_171] file = "HOME/" @@ -1951,15 +2072,15 @@ [JC_172] file = "HOME/lib/java_api/java/lang/Object.java" -line = 184 -begin = 28 -end = 33 +line = 122 +begin = 19 +end = 25 [Sort_min_sort_ensures_sorted] name = "Method min_sort" -behavior = "Normal behavior `sorted'" +behavior = "Behavior `sorted'" file = "HOME/tests/java/Sort.java" -line = 53 +line = 83 begin = 9 end = 17 @@ -1995,9 +2116,9 @@ [JC_178] file = "HOME/lib/java_api/java/lang/Object.java" -line = 207 -begin = 18 -end = 26 +line = 184 +begin = 28 +end = 33 [JC_179] file = "HOME/" @@ -2013,9 +2134,9 @@ [JC_11] file = "HOME/tests/java/Sort.jc" -line = 45 +line = 42 begin = 8 -end = 30 +end = 21 [JC_12] file = "HOME/" @@ -2026,57 +2147,57 @@ [JC_13] file = "HOME/tests/java/Sort.jc" line = 45 -begin = 8 -end = 30 +begin = 11 +end = 66 [JC_14] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.jc" +line = 44 +begin = 10 +end = 18 [JC_15] file = "HOME/tests/java/Sort.jc" -line = 48 +line = 45 begin = 11 -end = 103 +end = 66 [JC_16] file = "HOME/tests/java/Sort.jc" -line = 47 +line = 44 begin = 10 end = 18 [JC_17] -file = "HOME/tests/java/Sort.jc" -line = 48 -begin = 11 -end = 103 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_180] file = "HOME/lib/java_api/java/lang/Object.java" -line = 207 -begin = 18 -end = 26 +line = 184 +begin = 28 +end = 33 [JC_18] -file = "HOME/tests/java/Sort.jc" -line = 47 -begin = 10 -end = 18 - -[JC_181] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_19] +[JC_181] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_19] +file = "HOME/tests/java/Sort.jc" +line = 48 +begin = 8 +end = 30 + [JC_182] file = "HOME/" line = 0 @@ -2103,9 +2224,9 @@ [JC_186] file = "HOME/lib/java_api/java/lang/Object.java" -line = 243 -begin = 29 -end = 35 +line = 207 +begin = 18 +end = 26 [JC_187] file = "HOME/" @@ -2115,9 +2236,9 @@ [JC_188] file = "HOME/lib/java_api/java/lang/Object.java" -line = 243 -begin = 29 -end = 35 +line = 207 +begin = 18 +end = 26 [JC_189] file = "HOME/" @@ -2133,9 +2254,9 @@ [JC_21] file = "HOME/tests/java/Sort.jc" -line = 52 +line = 48 begin = 8 -end = 23 +end = 30 [JC_22] file = "HOME/" @@ -2145,7 +2266,7 @@ [cons_Object_ensures_default] name = "Constructor of class Object" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 @@ -2159,9 +2280,9 @@ [JC_23] file = "HOME/tests/java/Sort.jc" -line = 52 -begin = 8 -end = 23 +line = 51 +begin = 11 +end = 103 [JC_201] file = "HOME/" @@ -2170,22 +2291,22 @@ end = -1 [JC_24] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.jc" +line = 50 +begin = 10 +end = 18 [JC_202] file = "HOME/lib/java_api/java/lang/Object.java" -line = 333 +line = 267 begin = 29 -end = 33 +end = 38 [JC_25] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.jc" +line = 51 +begin = 11 +end = 103 [JC_203] file = "HOME/" @@ -2194,24 +2315,24 @@ end = -1 [JC_26] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Sort.jc" +line = 50 +begin = 10 +end = 18 [Sort_min_sort_ensures_default] name = "Method min_sort" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Sort.java" -line = 53 +line = 83 begin = 9 end = 17 [JC_204] file = "HOME/lib/java_api/java/lang/Object.java" -line = 333 +line = 267 begin = 29 -end = 33 +end = 38 [JC_27] file = "HOME/" @@ -2251,9 +2372,9 @@ [JC_29] file = "HOME/tests/java/Sort.jc" -line = 54 -begin = 11 -end = 65 +line = 55 +begin = 8 +end = 23 [JC_207] file = "HOME/" @@ -2287,9 +2408,9 @@ [JC_194] file = "HOME/lib/java_api/java/lang/Object.java" -line = 267 +line = 243 begin = 29 -end = 38 +end = 35 [JC_195] file = "HOME/" @@ -2299,9 +2420,9 @@ [JC_196] file = "HOME/lib/java_api/java/lang/Object.java" -line = 267 +line = 243 begin = 29 -end = 38 +end = 35 [JC_197] file = "HOME/" @@ -2322,34 +2443,34 @@ end = -1 [JC_30] -file = "HOME/tests/java/Sort.jc" -line = 54 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_31] -file = "HOME/tests/java/Sort.java" -line = 36 -begin = 17 -end = 26 +file = "HOME/tests/java/Sort.jc" +line = 55 +begin = 8 +end = 23 [JC_32] -file = "HOME/tests/java/Sort.java" -line = 37 -begin = 11 -end = 17 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_210] file = "HOME/lib/java_api/java/lang/Object.java" -line = 386 -begin = 22 -end = 26 +line = 333 +begin = 29 +end = 33 [JC_33] -file = "HOME/tests/java/Sort.java" -line = 37 -begin = 16 -end = 28 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_211] file = "HOME/" @@ -2358,22 +2479,22 @@ end = -1 [JC_34] -file = "HOME/tests/java/Sort.java" -line = 37 -begin = 32 -end = 38 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_212] file = "HOME/lib/java_api/java/lang/Object.java" -line = 386 -begin = 22 -end = 26 +line = 333 +begin = 29 +end = 33 [JC_35] -file = "HOME/tests/java/Sort.java" -line = 37 -begin = 37 -end = 49 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_213] file = "HOME/" @@ -2382,23 +2503,23 @@ end = -1 [JC_36] -file = "HOME/tests/java/Sort.java" -line = 36 -begin = 17 -end = 80 - -[JC_214] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_37] +[JC_214] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_37] +file = "HOME/tests/java/Sort.jc" +line = 57 +begin = 11 +end = 65 + [JC_215] file = "HOME/" line = 0 @@ -2406,10 +2527,10 @@ end = -1 [JC_38] -file = "HOME/tests/java/Sort.java" -line = 36 -begin = 17 -end = 26 +file = "HOME/tests/java/Sort.jc" +line = 57 +begin = 11 +end = 65 [JC_216] file = "HOME/" @@ -2419,9 +2540,9 @@ [JC_39] file = "HOME/tests/java/Sort.java" -line = 37 -begin = 11 -end = 17 +line = 66 +begin = 17 +end = 26 [JC_217] file = "HOME/" @@ -2431,7 +2552,7 @@ [JC_218] file = "HOME/lib/java_api/java/lang/Object.java" -line = 430 +line = 386 begin = 22 end = 26 @@ -2452,43 +2573,36 @@ [JC_100] kind = UserCall file = "HOME/tests/java/Sort.java" -line = 74 -begin = 21 -end = 29 +line = 94 +begin = 13 +end = 21 [JC_101] -kind = UserCall -file = "HOME/tests/java/Sort.jc" -line = 202 -begin = 29 -end = 60 +file = "HOME/tests/java/Sort.java" +line = 97 +begin = 24 +end = 29 [JC_102] file = "HOME/tests/java/Sort.java" -line = 58 -begin = 21 -end = 34 +line = 97 +begin = 33 +end = 40 ========== file tests/java/why/Sort.why ========== type Object type interface -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_1:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_1), (0)) + ge_int(offset_max(Object_alloc_table, x_1), (0)) predicate Non_null_intM(x_0:Object pointer, Object_alloc_table:Object alloc_table) = @@ -2512,62 +2626,6 @@ logic Permut: Object pointer, int, int, (Object, int) memory, (Object, int) memory -> prop -axiom Permut_refl : - (forall intM_intP_at_L:(Object, int) memory. - (forall a_2:Object pointer. - (forall l_1:int. - (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, intM_intP_at_L))))) - -predicate Swap(a_0:Object pointer, i_0:int, j:int, - intM_intP_at_L2:(Object, int) memory, - intM_intP_at_L1:(Object, int) memory) = - (eq_int(select(intM_intP_at_L1, shift(a_0, i_0)), - select(intM_intP_at_L2, shift(a_0, j))) - and (eq_int(select(intM_intP_at_L1, shift(a_0, j)), - select(intM_intP_at_L2, shift(a_0, i_0))) - and (forall k:int. - ((neq_int(k, i_0) and neq_int(k, j)) -> - eq_int(select(intM_intP_at_L1, shift(a_0, k)), - select(intM_intP_at_L2, shift(a_0, k))))))) - -axiom Permut_swap : - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_5:Object pointer. - (forall l_4:int. - (forall h_4:int. - (forall i_1:int. - (forall j_0:int. - ((le_int(l_4, i_1) - and (le_int(i_1, h_4) - and (le_int(l_4, j_0) - and (le_int(j_0, h_4) - and Swap(a_5, i_1, j_0, intM_intP_at_L2, - intM_intP_at_L1))))) -> - Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) - -axiom Permut_sym : - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_3:Object pointer. - (forall l_2:int. - (forall h_2:int. - (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> - Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) - -axiom Permut_trans : - (forall intM_intP_at_L3:(Object, int) memory. - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_4:Object pointer. - (forall l_3:int. - (forall h_3:int. - ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) - and Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> - Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) - -exception Return_label_exc of unit - logic Sort_tag: -> Object tag_id axiom Sort_parenttag_Object : parenttag(Sort_tag, Object_tag) @@ -2583,7 +2641,17 @@ axiom String_parenttag_Object : parenttag(String_tag, Object_tag) -exception Throwable_exc of Object pointer +predicate Swap(a_0:Object pointer, i_0:int, j:int, + intM_intP_at_L2:(Object, int) memory, + intM_intP_at_L1:(Object, int) memory) = + ((select(intM_intP_at_L1, shift(a_0, i_0)) = select(intM_intP_at_L2, + shift(a_0, j))) + and ((select(intM_intP_at_L1, shift(a_0, j)) = select(intM_intP_at_L2, + shift(a_0, i_0))) + and (forall k:int. + (((k <> i_0) and (k <> j)) -> + (select(intM_intP_at_L1, shift(a_0, k)) = select(intM_intP_at_L2, + shift(a_0, k))))))) logic Throwable_tag: -> Object tag_id @@ -2713,36 +2781,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Sort(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -2783,6 +2821,54 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +axiom Permut_swap : + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_5:Object pointer. + (forall l_4:int. + (forall h_4:int. + (forall i_1:int. + (forall j_0:int. + ((le_int(l_4, i_1) + and (le_int(i_1, h_4) + and (le_int(l_4, j_0) + and (le_int(j_0, h_4) + and Swap(a_5, i_1, j_0, intM_intP_at_L2, + intM_intP_at_L1))))) -> + Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) + +axiom Permut_trans : + (forall intM_intP_at_L3:(Object, int) memory. + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_4:Object pointer. + (forall l_3:int. + (forall h_3:int. + ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) + and Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) + +axiom Permut_sym : + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_3:Object pointer. + (forall l_2:int. + (forall h_2:int. + (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> + Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) + +axiom Permut_refl : + (forall intM_intP_at_L:(Object, int) memory. + (forall a_2:Object pointer. + (forall l_1:int. + (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, intM_intP_at_L))))) + +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter Object_alloc_table : Object alloc_table ref parameter Object_clone : @@ -2861,17 +2947,19 @@ parameter Object_wait_requires : this_12:Object pointer -> { } unit reads Object_alloc_table { true } +exception Return_label_exc of unit + parameter intM_intP : (Object, int) memory ref parameter Sort_min_sort : this_0:Object pointer -> t_0:Object pointer -> { } unit reads Object_alloc_table,intM_intP writes intM_intP - { ((JC_68: + { ((JC_76: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP, intM_intP@)) - and (JC_66: + and (JC_74: Sorted(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP))) } @@ -2879,13 +2967,13 @@ parameter Sort_min_sort_requires : this_0:Object pointer -> t_0:Object pointer -> - { (JC_57: Non_null_intM(t_0, Object_alloc_table))} unit + { (JC_65: Non_null_intM(t_0, Object_alloc_table))} unit reads Object_alloc_table,intM_intP writes intM_intP - { ((JC_68: + { ((JC_76: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP, intM_intP@)) - and (JC_66: + and (JC_74: Sorted(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP))) } @@ -2896,160 +2984,36 @@ i_2:int -> j_1:int -> { } unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_50: - ((JC_48: Swap(t, i_2, j_1, intM_intP, intM_intP@)) - and (JC_49: + { (JC_58: + ((JC_56: Swap(t, i_2, j_1, intM_intP, intM_intP@)) + and (JC_57: not_assigns(Object_alloc_table@, intM_intP@, intM_intP, - pset_union(pset_range(pset_singleton(t@), j_1@, j_1@), - pset_range(pset_singleton(t@), i_2@, i_2@)))))) } + pset_union(pset_range(pset_singleton(t), j_1, j_1), + pset_range(pset_singleton(t), i_2, i_2)))))) } parameter Sort_swap_requires : this_2:Object pointer -> t:Object pointer -> i_2:int -> j_1:int -> - { (JC_36: - ((JC_31: Non_null_intM(t, Object_alloc_table)) - and ((JC_32: le_int((0), i_2)) - and ((JC_33: + { (JC_44: + ((JC_39: Non_null_intM(t, Object_alloc_table)) + and ((JC_40: le_int((0), i_2)) + and ((JC_41: lt_int(i_2, add_int(offset_max(Object_alloc_table, t), (1)))) - and ((JC_34: le_int((0), j_1)) - and (JC_35: + and ((JC_42: le_int((0), j_1)) + and (JC_43: lt_int(j_1, add_int(offset_max(Object_alloc_table, t), (1)))))))))} unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_50: - ((JC_48: Swap(t, i_2, j_1, intM_intP, intM_intP@)) - and (JC_49: + { (JC_58: + ((JC_56: Swap(t, i_2, j_1, intM_intP, intM_intP@)) + and (JC_57: not_assigns(Object_alloc_table@, intM_intP@, intM_intP, - pset_union(pset_range(pset_singleton(t@), j_1@, j_1@), - pset_range(pset_singleton(t@), i_2@, i_2@)))))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Sort : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Sort(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Sort_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Sort(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + pset_union(pset_range(pset_singleton(t), j_1, j_1), + pset_range(pset_singleton(t), i_2, i_2)))))) } -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -3216,6 +3180,10 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_Object : this_14:Object pointer -> { } unit reads Object_alloc_table { true } @@ -3231,44 +3199,44 @@ parameter java_array_length_intM : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter java_array_length_intM_requires : x_3:Object pointer -> { } int reads Object_alloc_table - { (JC_17: + { (JC_25: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, add_int(offset_max(Object_alloc_table, x_3), (1)))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1)))))) } parameter non_null_Object : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_Object_requires : x_4:Object pointer -> { } bool reads Object_alloc_table - { (JC_30: - (if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_38: + (if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null))) } parameter non_null_intM : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } parameter non_null_intM_requires : x_2:Object pointer -> { } bool reads Object_alloc_table - { (JC_7: + { (JC_15: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null))) } @@ -3276,7 +3244,7 @@ fun (this_0 : Object pointer) (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) and (valid_struct_Sort(this_0, (0), (0), Object_alloc_table) - and (JC_59: Non_null_intM(t_0, Object_alloc_table)))) } + and (JC_67: Non_null_intM(t_0, Object_alloc_table)))) } (init: try begin @@ -3289,17 +3257,16 @@ try (loop_3: while true do - { invariant (JC_88: le_int((0), i_3)) } + { invariant (JC_96: le_int((0), i_3)) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_44: ((lt_int_ !i_3) (K_43: ((sub_int (K_42: (let jessie_ = t_0 in - (JC_92: + (JC_100: (java_array_length_intM jessie_))))) (1))))) then begin @@ -3311,22 +3278,21 @@ (loop_4: while true do { invariant - (JC_96: - ((JC_93: lt_int(i_3, j_2)) - and ((JC_94: le_int(i_3, mi)) - and (JC_95: + (JC_104: + ((JC_101: lt_int(i_3, j_2)) + and ((JC_102: le_int(i_3, mi)) + and (JC_103: lt_int(mi, add_int(offset_max(Object_alloc_table, t_0), (1))))))) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_38: ((lt_int_ !j_2) (K_37: (let jessie_ = t_0 in - (JC_100: + (JC_108: (java_array_length_intM jessie_)))))) then (if (K_35: @@ -3339,9 +3305,8 @@ (mv := (K_33: ((safe_acc_ !intM_intP) ((shift t_0) !j_2)))); !mv end in void) else void) - else - (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_36: @@ -3355,10 +3320,10 @@ (let jessie_ = t_0 in (let jessie_ = !i_3 in (let jessie_ = !mi in - (JC_101: + (JC_109: ((((Sort_swap jessie_) jessie_) jessie_) jessie_))))))) - end else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + end else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_41: @@ -3367,13 +3332,13 @@ (let jessie_ = (i_3 := ((add_int jessie_) (1))) in void); jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end end)))); (raise Return) end with - Return -> void end) { (JC_61: true) } + Return -> void end) { (JC_69: true) } let Sort_min_sort_ensures_permutation = fun (this_0 : Object pointer) (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) and (valid_struct_Sort(this_0, (0), (0), Object_alloc_table) - and (JC_59: Non_null_intM(t_0, Object_alloc_table)))) } + and (JC_67: Non_null_intM(t_0, Object_alloc_table)))) } (init: try begin @@ -3387,20 +3352,19 @@ (loop_7: while true do { invariant - (JC_122: + (JC_130: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP, intM_intP@init)) } begin - [ { } unit reads i_3 { (JC_123: le_int((0), i_3)) } ]; + [ { } unit reads i_3 { (JC_131: le_int((0), i_3)) } ]; try - (let jessie_ = begin (if (K_44: ((lt_int_ !i_3) (K_43: ((sub_int (K_42: (let jessie_ = t_0 in - (JC_127: + (JC_135: (java_array_length_intM jessie_))))) (1))))) then begin @@ -3413,26 +3377,25 @@ (loop_8: while true do { invariant - (JC_128: + (JC_136: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP, intM_intP@init)) } begin [ { } unit reads Object_alloc_table,i_3,j_2,mi - { (JC_132: - ((JC_129: lt_int(i_3, j_2)) - and ((JC_130: le_int(i_3, mi)) - and (JC_131: + { (JC_140: + ((JC_137: lt_int(i_3, j_2)) + and ((JC_138: le_int(i_3, mi)) + and (JC_139: lt_int(mi, add_int(offset_max(Object_alloc_table, t_0), (1))))))) } ]; try - (let jessie_ = begin (if (K_38: ((lt_int_ !j_2) (K_37: (let jessie_ = t_0 in - (JC_136: + (JC_144: (java_array_length_intM jessie_)))))) then (if (K_35: @@ -3445,9 +3408,8 @@ (mv := (K_33: ((safe_acc_ !intM_intP) ((shift t_0) !j_2)))); !mv end in void) else void) - else - (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_36: @@ -3461,11 +3423,10 @@ (let jessie_ = t_0 in (let jessie_ = !i_3 in (let jessie_ = !mi in - (JC_137: + (JC_145: ((((Sort_swap jessie_) jessie_) jessie_) jessie_))))))) - end - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + end else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_41: @@ -3475,7 +3436,7 @@ jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end end)))); (raise Return) end with Return -> void end) - { (JC_67: + { (JC_75: Permut(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP, intM_intP@)) } @@ -3484,7 +3445,7 @@ fun (this_0 : Object pointer) (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) and (valid_struct_Sort(this_0, (0), (0), Object_alloc_table) - and (JC_59: Non_null_intM(t_0, Object_alloc_table)))) } + and (JC_67: Non_null_intM(t_0, Object_alloc_table)))) } (init: try begin @@ -3498,9 +3459,9 @@ (loop_5: while true do { invariant - (JC_104: - ((JC_102: Sorted(t_0, (0), i_3, intM_intP)) - and (JC_103: + (JC_112: + ((JC_110: Sorted(t_0, (0), i_3, intM_intP)) + and (JC_111: (forall k1:int. (forall k2:int. ((le_int((0), k1) @@ -3512,50 +3473,47 @@ le_int(select(intM_intP, shift(t_0, k1)), select(intM_intP, shift(t_0, k2))))))))) } begin - [ { } unit reads i_3 { (JC_105: le_int((0), i_3)) } ]; + [ { } unit reads i_3 { (JC_113: le_int((0), i_3)) } ]; try - (let jessie_ = begin (if (K_44: ((lt_int_ !i_3) (K_43: ((sub_int (K_42: (let jessie_ = t_0 in - (JC_109: + (JC_117: (java_array_length_intM jessie_))))) (1))))) then begin (let jessie_ = (mv := (K_23: ((safe_acc_ !intM_intP) ((shift t_0) !i_3)))) in void); (let jessie_ = (mi := !i_3) in void); - (let jessie_ = (j_2 := (K_39: ((add_int !i_3) (1)))) in - void); + (let jessie_ = (j_2 := (K_39: ((add_int !i_3) (1)))) in void); try (loop_6: while true do { invariant - (JC_112: - ((JC_110: eq_int(mv, select(intM_intP, shift(t_0, mi)))) - and (JC_111: + (JC_120: + ((JC_118: (mv = select(intM_intP, shift(t_0, mi)))) + and (JC_119: (forall k_0:int. ((le_int(i_3, k_0) and lt_int(k_0, j_2)) -> ge_int(select(intM_intP, shift(t_0, k_0)), mv)))))) } begin [ { } unit reads Object_alloc_table,i_3,j_2,mi - { (JC_116: - ((JC_113: lt_int(i_3, j_2)) - and ((JC_114: le_int(i_3, mi)) - and (JC_115: + { (JC_124: + ((JC_121: lt_int(i_3, j_2)) + and ((JC_122: le_int(i_3, mi)) + and (JC_123: lt_int(mi, add_int(offset_max(Object_alloc_table, t_0), (1))))))) } ]; try - (let jessie_ = begin (if (K_38: ((lt_int_ !j_2) (K_37: (let jessie_ = t_0 in - (JC_120: + (JC_128: (java_array_length_intM jessie_)))))) then (if (K_35: @@ -3568,9 +3526,8 @@ (mv := (K_33: ((safe_acc_ !intM_intP) ((shift t_0) !j_2)))); !mv end in void) else void) - else - (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_36: @@ -3584,11 +3541,10 @@ (let jessie_ = t_0 in (let jessie_ = !i_3 in (let jessie_ = !mi in - (JC_121: + (JC_129: ((((Sort_swap jessie_) jessie_) jessie_) jessie_))))))) - end - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + end else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_41: @@ -3598,7 +3554,7 @@ jessie_ end)) in void) end end done) with Loop_exit_exc jessie_ -> void end end)))); (raise Return) end with Return -> void end) - { (JC_65: + { (JC_73: Sorted(t_0, (0), sub_int(add_int(offset_max(Object_alloc_table, t_0), (1)), (1)), intM_intP)) } @@ -3607,7 +3563,7 @@ fun (this_0 : Object pointer) (t_0 : Object pointer) -> { (left_valid_struct_intM(t_0, (0), Object_alloc_table) and (valid_struct_Sort(this_0, (0), (0), Object_alloc_table) - and (JC_59: Non_null_intM(t_0, Object_alloc_table)))) } + and (JC_67: Non_null_intM(t_0, Object_alloc_table)))) } (init: try begin @@ -3620,73 +3576,70 @@ try (loop_1: while true do - { invariant (JC_71: true) } + { invariant (JC_79: true) } begin - [ { } unit reads i_3 { (JC_69: le_int((0), i_3)) } ]; + [ { } unit reads i_3 { (JC_77: le_int((0), i_3)) } ]; try - (let jessie_ = begin (if (K_44: ((lt_int_ !i_3) (K_43: ((sub_int (K_42: (let jessie_ = t_0 in - (JC_74: + (JC_82: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_73: + (JC_81: (java_array_length_intM_requires jessie_))))))) (1))))) then begin (let jessie_ = (mv := (K_23: - (JC_75: + (JC_83: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) !i_3)))) in void); (let jessie_ = (mi := !i_3) in void); (let jessie_ = (j_2 := (K_39: ((add_int !i_3) (1)))) in void); try (loop_2: while true do - { invariant (JC_81: true) } + { invariant (JC_89: true) } begin [ { } unit reads Object_alloc_table,i_3,j_2,mi - { (JC_79: - ((JC_76: lt_int(i_3, j_2)) - and ((JC_77: le_int(i_3, mi)) - and (JC_78: + { (JC_87: + ((JC_84: lt_int(i_3, j_2)) + and ((JC_85: le_int(i_3, mi)) + and (JC_86: lt_int(mi, add_int(offset_max(Object_alloc_table, t_0), (1))))))) } ]; try - (let jessie_ = begin (if (K_38: ((lt_int_ !j_2) (K_37: (let jessie_ = t_0 in - (JC_84: + (JC_92: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; - (JC_83: + (JC_91: (java_array_length_intM_requires jessie_)))))))) then (if (K_35: ((lt_int_ (K_34: - (JC_85: + (JC_93: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) !j_2)))) !mv)) then (let jessie_ = begin (let jessie_ = (mi := !j_2) in void); (mv := (K_33: - (JC_86: + (JC_94: ((((offset_acc_ !Object_alloc_table) !intM_intP) t_0) !j_2)))); !mv end in void) else void) - else - (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_36: @@ -3700,10 +3653,10 @@ (let jessie_ = t_0 in (let jessie_ = !i_3 in (let jessie_ = !mi in - (JC_87: + (JC_95: ((((Sort_swap_requires jessie_) jessie_) jessie_) jessie_))))))) - end else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + end else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> (let jessie_ = (K_41: @@ -3718,14 +3671,14 @@ fun (this_2 : Object pointer) (t : Object pointer) (i_2 : int) (j_1 : int) -> { (left_valid_struct_intM(t, (0), Object_alloc_table) and (valid_struct_Sort(this_2, (0), (0), Object_alloc_table) - and (JC_43: - ((JC_38: Non_null_intM(t, Object_alloc_table)) - and ((JC_39: le_int((0), i_2)) - and ((JC_40: + and (JC_51: + ((JC_46: Non_null_intM(t, Object_alloc_table)) + and ((JC_47: le_int((0), i_2)) + and ((JC_48: lt_int(i_2, add_int(offset_max(Object_alloc_table, t), (1)))) - and ((JC_41: le_int((0), j_1)) - and (JC_42: + and ((JC_49: le_int((0), j_1)) + and (JC_50: lt_int(j_1, add_int(offset_max(Object_alloc_table, t), (1))))))))))) } (init: @@ -3748,25 +3701,25 @@ (let jessie_ = ((shift jessie_) jessie_) in begin (((safe_upd_ intM_intP) jessie_) jessie_); jessie_ end))))) end)) in void); (raise Return) end with Return -> void end) - { (JC_47: - ((JC_45: Swap(t, i_2, j_1, intM_intP, intM_intP@)) - and (JC_46: + { (JC_55: + ((JC_53: Swap(t, i_2, j_1, intM_intP, intM_intP@)) + and (JC_54: not_assigns(Object_alloc_table@, intM_intP@, intM_intP, - pset_union(pset_range(pset_singleton(t@), j_1@, j_1@), - pset_range(pset_singleton(t@), i_2@, i_2@)))))) } + pset_union(pset_range(pset_singleton(t), j_1, j_1), + pset_range(pset_singleton(t), i_2, i_2)))))) } let Sort_swap_safety = fun (this_2 : Object pointer) (t : Object pointer) (i_2 : int) (j_1 : int) -> { (left_valid_struct_intM(t, (0), Object_alloc_table) and (valid_struct_Sort(this_2, (0), (0), Object_alloc_table) - and (JC_43: - ((JC_38: Non_null_intM(t, Object_alloc_table)) - and ((JC_39: le_int((0), i_2)) - and ((JC_40: + and (JC_51: + ((JC_46: Non_null_intM(t, Object_alloc_table)) + and ((JC_47: le_int((0), i_2)) + and ((JC_48: lt_int(i_2, add_int(offset_max(Object_alloc_table, t), (1)))) - and ((JC_41: le_int((0), j_1)) - and (JC_42: + and ((JC_49: le_int((0), j_1)) + and (JC_50: lt_int(j_1, add_int(offset_max(Object_alloc_table, t), (1))))))))))) } (init: @@ -3775,17 +3728,17 @@ (let jessie_ = (let tmp = (K_14: - (JC_53: ((((offset_acc_ !Object_alloc_table) !intM_intP) t) i_2))) in + (JC_61: ((((offset_acc_ !Object_alloc_table) !intM_intP) t) i_2))) in (K_12: begin (let jessie_ = (let jessie_ = (K_11: - (JC_54: ((((offset_acc_ !Object_alloc_table) !intM_intP) t) j_1))) in + (JC_62: ((((offset_acc_ !Object_alloc_table) !intM_intP) t) j_1))) in (let jessie_ = t in (let jessie_ = i_2 in (let jessie_ = ((shift jessie_) jessie_) in - (JC_55: + (JC_63: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)))))) in void); (K_13: @@ -3794,7 +3747,7 @@ (let jessie_ = j_1 in (let jessie_ = ((shift jessie_) jessie_) in begin - (JC_56: + (JC_64: (((((offset_upd_ !Object_alloc_table) intM_intP) jessie_) jessie_) jessie_)); jessie_ end))))) end)) in void); (raise Return) end with Return -> void end) { true } @@ -3803,7 +3756,7 @@ fun (this_14 : Object pointer) -> { valid_struct_Object(this_14, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_238: true) } + { (JC_246: true) } let cons_Object_safety = fun (this_14 : Object pointer) -> @@ -3815,7 +3768,7 @@ fun (this_3 : Object pointer) -> { valid_struct_Sort(this_3, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_142: true) } + { (JC_150: true) } let cons_Sort_safety = fun (this_3 : Object pointer) -> @@ -3830,182 +3783,182 @@ + + + + + + + + + + - + - + - + - + - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + - - - - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -4959,7 +4912,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -4983,59 +4936,6 @@ logic Permut : Object pointer, int, int, (Object, int) memory, (Object, int) memory -> prop -axiom Permut_refl: - (forall intM_intP_at_L:(Object, int) memory. - (forall a_2:Object pointer. - (forall l_1:int. - (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, - intM_intP_at_L))))) - -predicate Swap(a_0: Object pointer, i_0: int, j: int, - intM_intP_at_L2: (Object, int) memory, intM_intP_at_L1: (Object, - int) memory) = - ((select(intM_intP_at_L1, shift(a_0, i_0)) = select(intM_intP_at_L2, - shift(a_0, j))) and - ((select(intM_intP_at_L1, shift(a_0, j)) = select(intM_intP_at_L2, - shift(a_0, i_0))) and - (forall k:int. - (((k <> i_0) and (k <> j)) -> (select(intM_intP_at_L1, shift(a_0, - k)) = select(intM_intP_at_L2, shift(a_0, k))))))) - -axiom Permut_swap: - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_5:Object pointer. - (forall l_4:int. - (forall h_4:int. - (forall i_1:int. - (forall j_0:int. - (((l_4 <= i_1) and - ((i_1 <= h_4) and - ((l_4 <= j_0) and - ((j_0 <= h_4) and Swap(a_5, i_1, j_0, intM_intP_at_L2, - intM_intP_at_L1))))) -> - Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) - -axiom Permut_sym: - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_3:Object pointer. - (forall l_2:int. - (forall h_2:int. - (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> - Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) - -axiom Permut_trans: - (forall intM_intP_at_L3:(Object, int) memory. - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_4:Object pointer. - (forall l_3:int. - (forall h_3:int. - ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) and - Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> - Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) - logic Sort_tag : Object tag_id axiom Sort_parenttag_Object: parenttag(Sort_tag, Object_tag) @@ -5050,6 +4950,17 @@ axiom String_parenttag_Object: parenttag(String_tag, Object_tag) +predicate Swap(a_0: Object pointer, i_0: int, j: int, + intM_intP_at_L2: (Object, int) memory, intM_intP_at_L1: (Object, + int) memory) = + ((select(intM_intP_at_L1, shift(a_0, i_0)) = select(intM_intP_at_L2, + shift(a_0, j))) and + ((select(intM_intP_at_L1, shift(a_0, j)) = select(intM_intP_at_L2, + shift(a_0, i_0))) and + (forall k:int. + (((k <> i_0) and (k <> j)) -> (select(intM_intP_at_L1, shift(a_0, + k)) = select(intM_intP_at_L2, shift(a_0, k))))))) + logic Throwable_tag : Object tag_id axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) @@ -5179,36 +5090,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Sort(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -5249,6 +5130,60 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +axiom Permut_swap: + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_5:Object pointer. + (forall l_4:int. + (forall h_4:int. + (forall i_1:int. + (forall j_0:int. + (((l_4 <= i_1) and + ((i_1 <= h_4) and + ((l_4 <= j_0) and + ((j_0 <= h_4) and Swap(a_5, i_1, j_0, intM_intP_at_L2, + intM_intP_at_L1))))) -> + Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) + +axiom Permut_trans: + (forall intM_intP_at_L3:(Object, int) memory. + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_4:Object pointer. + (forall l_3:int. + (forall h_3:int. + ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) and + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) + +axiom Permut_sym: + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_3:Object pointer. + (forall l_2:int. + (forall h_2:int. + (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> + Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) + +axiom Permut_refl: + (forall intM_intP_at_L:(Object, int) memory. + (forall a_2:Object pointer. + (forall l_1:int. + (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, + intM_intP_at_L))))) + +========== file tests/java/why/Sort_po1.why ========== +goal Sort_min_sort_ensures_default_po_1: + forall this_0:Object pointer. + forall t_0:Object pointer. + forall Object_alloc_table:Object alloc_table. + (left_valid_struct_intM(t_0, 0, Object_alloc_table) and + (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> + forall i_3:int. + (i_3 = 0) -> + ("JC_96": (0 <= i_3)) + ========== file tests/java/why/Sort_po10.why ========== goal Sort_min_sort_ensures_default_po_10: forall this_0:Object pointer. @@ -5256,15 +5191,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5279,12 +5214,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5293,8 +5228,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": - ("JC_95": ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_104": ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Sort_po11.why ========== goal Sort_min_sort_ensures_default_po_11: @@ -5303,15 +5237,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5325,25 +5259,25 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP0:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP0, intM_intP)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP0, intM_intP)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP, intM_intP0, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_88": (0 <= i_3_1)) + ("JC_96": (0 <= i_3_1)) ========== file tests/java/why/Sort_po12.why ========== goal Sort_min_sort_ensures_permutation_po_1: @@ -5354,10 +5288,10 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_122": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + ("JC_130": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP, intM_intP)) ========== file tests/java/why/Sort_po13.why ========== @@ -5369,17 +5303,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_122": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + ("JC_130": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)) -> - ("JC_123": (0 <= i_3_0)) -> + ("JC_131": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5393,27 +5327,27 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_128": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + ("JC_136": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)) -> - ("JC_132": - (("JC_129": (i_3_0 < j_2_0)) and - (("JC_130": (i_3_0 <= mi0)) and - ("JC_131": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_140": + (("JC_137": (i_3_0 < j_2_0)) and + (("JC_138": (i_3_0 <= mi0)) and + ("JC_139": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_122": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + ("JC_130": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP1, intM_intP)) ========== file tests/java/why/Sort_po14.why ========== @@ -5425,10 +5359,10 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_104": ("JC_102": ("JC_102": Sorted(t_0, 0, i_3, intM_intP)))) + ("JC_112": ("JC_110": Sorted(t_0, 0, i_3, intM_intP))) ========== file tests/java/why/Sort_po15.why ========== goal Sort_min_sort_ensures_sorted_po_2: @@ -5439,19 +5373,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_104": - ("JC_103": - ("JC_103": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and - ((k1 < i_3) and - ((i_3 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> - (select(intM_intP, shift(t_0, k1)) <= select(intM_intP, shift(t_0, - k2))))))))) + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < i_3) and + ((i_3 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + ("JC_112": + ("JC_111": (select(intM_intP, shift(t_0, k1)) <= select(intM_intP, + shift(t_0, k2))))) ========== file tests/java/why/Sort_po16.why ========== goal Sort_min_sort_ensures_sorted_po_3: @@ -5460,15 +5392,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5476,9 +5408,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5490,8 +5422,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_112": - ("JC_110": ("JC_110": (mv = select(intM_intP0, shift(t_0, mi)))))) + ("JC_120": ("JC_118": (mv = select(intM_intP0, shift(t_0, mi))))) ========== file tests/java/why/Sort_po17.why ========== goal Sort_min_sort_ensures_sorted_po_4: @@ -5500,15 +5431,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5516,9 +5447,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5530,12 +5461,9 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_112": - ("JC_111": - ("JC_111": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2)) -> + ("JC_120": ("JC_119": (select(intM_intP0, shift(t_0, k_0)) >= mv))) ========== file tests/java/why/Sort_po18.why ========== goal Sort_min_sort_ensures_sorted_po_5: @@ -5544,15 +5472,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5560,9 +5488,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5577,18 +5505,18 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_112": - (("JC_110": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - ("JC_111": + ("JC_120": + (("JC_118": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + ("JC_119": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))))) -> - ("JC_116": - (("JC_113": (i_3_0 < j_2_0)) and - (("JC_114": (i_3_0 <= mi0)) and - ("JC_115": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_124": + (("JC_121": (i_3_0 < j_2_0)) and + (("JC_122": (i_3_0 <= mi0)) and + ("JC_123": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5603,8 +5531,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_112": - ("JC_110": ("JC_110": (mv1 = select(intM_intP0, shift(t_0, mi1)))))) + ("JC_120": ("JC_118": (mv1 = select(intM_intP0, shift(t_0, mi1))))) ========== file tests/java/why/Sort_po19.why ========== goal Sort_min_sort_ensures_sorted_po_6: @@ -5613,15 +5540,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5629,9 +5556,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5646,18 +5573,18 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_112": - (("JC_110": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - ("JC_111": + ("JC_120": + (("JC_118": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + ("JC_119": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))))) -> - ("JC_116": - (("JC_113": (i_3_0 < j_2_0)) and - (("JC_114": (i_3_0 <= mi0)) and - ("JC_115": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_124": + (("JC_121": (i_3_0 < j_2_0)) and + (("JC_122": (i_3_0 <= mi0)) and + ("JC_123": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5672,24 +5599,38 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_112": - ("JC_111": - ("JC_111": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2_1)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv1)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2_1)) -> + ("JC_120": ("JC_119": (select(intM_intP0, shift(t_0, k_0)) >= mv1))) -========== file tests/java/why/Sort_po1.why ========== -goal Sort_min_sort_ensures_default_po_1: +========== file tests/java/why/Sort_po2.why ========== +goal Sort_min_sort_ensures_default_po_2: forall this_0:Object pointer. forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_88": (0 <= i_3)) + forall i_3_0:int. + forall intM_intP:(Object, + int) memory. + ("JC_96": (0 <= i_3_0)) -> + forall result:int. + ("JC_25": + ((result <= 2147483647) and + ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> + (i_3_0 < (result - 1)) -> + forall result0:int. + (result0 = select(intM_intP, shift(t_0, i_3_0))) -> + forall mv:int. + (mv = result0) -> + forall mi:int. + (mi = i_3_0) -> + forall j_2:int. + (j_2 = (i_3_0 + 1)) -> + ("JC_104": ("JC_101": (i_3_0 < j_2))) ========== file tests/java/why/Sort_po20.why ========== goal Sort_min_sort_ensures_sorted_po_7: @@ -5698,15 +5639,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5714,9 +5655,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5731,18 +5672,18 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_112": - (("JC_110": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - ("JC_111": + ("JC_120": + (("JC_118": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + ("JC_119": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))))) -> - ("JC_116": - (("JC_113": (i_3_0 < j_2_0)) and - (("JC_114": (i_3_0 <= mi0)) and - ("JC_115": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_124": + (("JC_121": (i_3_0 < j_2_0)) and + (("JC_122": (i_3_0 <= mi0)) and + ("JC_123": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -5751,12 +5692,9 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_112": - ("JC_111": - ("JC_111": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2_1)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv0)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2_1)) -> + ("JC_120": ("JC_119": (select(intM_intP0, shift(t_0, k_0)) >= mv0))) ========== file tests/java/why/Sort_po21.why ========== goal Sort_min_sort_ensures_sorted_po_8: @@ -5765,15 +5703,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5781,9 +5719,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5798,31 +5736,31 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_112": - (("JC_110": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - ("JC_111": + ("JC_120": + (("JC_118": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + ("JC_119": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))))) -> - ("JC_116": - (("JC_113": (i_3_0 < j_2_0)) and - (("JC_114": (i_3_0 <= mi0)) and - ("JC_115": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_124": + (("JC_121": (i_3_0 < j_2_0)) and + (("JC_122": (i_3_0 <= mi0)) and + ("JC_123": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_104": ("JC_102": ("JC_102": Sorted(t_0, 0, i_3_1, intM_intP1)))) + ("JC_112": ("JC_110": Sorted(t_0, 0, i_3_1, intM_intP1))) ========== file tests/java/why/Sort_po22.why ========== goal Sort_min_sort_ensures_sorted_po_9: @@ -5831,15 +5769,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5847,9 +5785,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5864,40 +5802,38 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_112": - (("JC_110": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - ("JC_111": + ("JC_120": + (("JC_118": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + ("JC_119": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))))) -> - ("JC_116": - (("JC_113": (i_3_0 < j_2_0)) and - (("JC_114": (i_3_0 <= mi0)) and - ("JC_115": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_124": + (("JC_121": (i_3_0 < j_2_0)) and + (("JC_122": (i_3_0 <= mi0)) and + ("JC_123": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_104": - ("JC_103": - ("JC_103": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and - ((k1 < i_3_1) and - ((i_3_1 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> - (select(intM_intP1, shift(t_0, k1)) <= select(intM_intP1, shift(t_0, - k2))))))))) + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < i_3_1) and + ((i_3_1 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + ("JC_112": + ("JC_111": (select(intM_intP1, shift(t_0, k1)) <= select(intM_intP1, + shift(t_0, k2))))) ========== file tests/java/why/Sort_po23.why ========== goal Sort_min_sort_ensures_sorted_po_10: @@ -5906,15 +5842,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -5922,13 +5858,13 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 >= (result - 1)) -> - ("JC_65": Sorted(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + ("JC_73": Sorted(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0)) ========== file tests/java/why/Sort_po24.why ========== @@ -5938,12 +5874,12 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) ========== file tests/java/why/Sort_po25.why ========== @@ -5953,15 +5889,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5974,15 +5910,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -5995,17 +5931,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6021,14 +5957,14 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -6041,17 +5977,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6067,14 +6003,14 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -6087,17 +6023,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6113,35 +6049,35 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": ("JC_31": ("JC_31": Non_null_intM(t_0, Object_alloc_table)))) + ("JC_44": ("JC_39": Non_null_intM(t_0, Object_alloc_table))) -========== file tests/java/why/Sort_po2.why ========== -goal Sort_min_sort_ensures_default_po_2: +========== file tests/java/why/Sort_po3.why ========== +goal Sort_min_sort_ensures_default_po_3: forall this_0:Object pointer. forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6153,7 +6089,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_96": ("JC_93": ("JC_93": (i_3_0 < j_2)))) + ("JC_104": ("JC_102": (i_3_0 <= mi))) ========== file tests/java/why/Sort_po30.why ========== goal Sort_min_sort_safety_po_7: @@ -6162,17 +6098,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6188,19 +6124,18 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": - ("JC_33": ("JC_33": (i_3_0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_44": ("JC_41": (i_3_0 < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Sort_po31.why ========== goal Sort_min_sort_safety_po_8: @@ -6209,17 +6144,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6235,18 +6170,18 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": ("JC_34": ("JC_34": (0 <= mi0)))) + ("JC_44": ("JC_42": (0 <= mi0))) ========== file tests/java/why/Sort_po32.why ========== goal Sort_min_sort_safety_po_9: @@ -6255,17 +6190,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6281,19 +6216,18 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": - ("JC_35": ("JC_35": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_44": ("JC_43": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Sort_po33.why ========== goal Sort_swap_ensures_default_po_1: @@ -6306,12 +6240,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> forall result:int. (result = select(intM_intP, shift(t, i_2))) -> forall result0:int. @@ -6322,7 +6256,7 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, j_1), result)) -> - ("JC_47": ("JC_45": ("JC_45": Swap(t, i_2, j_1, intM_intP1, intM_intP)))) + ("JC_55": ("JC_53": Swap(t, i_2, j_1, intM_intP1, intM_intP))) ========== file tests/java/why/Sort_po34.why ========== goal Sort_swap_ensures_default_po_2: @@ -6335,12 +6269,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> forall result:int. (result = select(intM_intP, shift(t, i_2))) -> forall result0:int. @@ -6351,11 +6285,10 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, j_1), result)) -> - ("JC_47": - ("JC_46": - ("JC_46": not_assigns(Object_alloc_table, intM_intP, intM_intP1, + ("JC_55": + ("JC_54": not_assigns(Object_alloc_table, intM_intP, intM_intP1, pset_union(pset_range(pset_singleton(t), j_1, j_1), - pset_range(pset_singleton(t), i_2, i_2)))))) + pset_range(pset_singleton(t), i_2, i_2))))) ========== file tests/java/why/Sort_po35.why ========== goal Sort_swap_safety_po_1: @@ -6366,12 +6299,12 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> (offset_min(Object_alloc_table, t) <= i_2) ========== file tests/java/why/Sort_po36.why ========== @@ -6383,12 +6316,12 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> (i_2 <= offset_max(Object_alloc_table, t)) ========== file tests/java/why/Sort_po37.why ========== @@ -6402,12 +6335,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> ((offset_min(Object_alloc_table, t) <= i_2) and (i_2 <= offset_max(Object_alloc_table, t))) -> forall result:int. @@ -6425,46 +6358,17 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> - ((offset_min(Object_alloc_table, t) <= i_2) and - (i_2 <= offset_max(Object_alloc_table, t))) -> - forall result:int. - (result = select(intM_intP, shift(t, i_2))) -> - (j_1 <= offset_max(Object_alloc_table, t)) - -========== file tests/java/why/Sort_po3.why ========== -goal Sort_min_sort_ensures_default_po_3: - forall this_0:Object pointer. - forall t_0:Object pointer. - forall Object_alloc_table:Object alloc_table. - (left_valid_struct_intM(t_0, 0, Object_alloc_table) and - (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> - forall i_3:int. - (i_3 = 0) -> - forall i_3_0:int. - forall intM_intP:(Object, - int) memory. - ("JC_88": (0 <= i_3_0)) -> - forall result:int. - ("JC_17": - ((result <= 2147483647) and - ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> - (i_3_0 < (result - 1)) -> - forall result0:int. - (result0 = select(intM_intP, shift(t_0, i_3_0))) -> - forall mv:int. - (mv = result0) -> - forall mi:int. - (mi = i_3_0) -> - forall j_2:int. - (j_2 = (i_3_0 + 1)) -> - ("JC_96": ("JC_94": ("JC_94": (i_3_0 <= mi)))) + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ((offset_min(Object_alloc_table, t) <= i_2) and + (i_2 <= offset_max(Object_alloc_table, t))) -> + forall result:int. + (result = select(intM_intP, shift(t, i_2))) -> + (j_1 <= offset_max(Object_alloc_table, t)) ========== file tests/java/why/Sort_po4.why ========== goal Sort_min_sort_ensures_default_po_4: @@ -6473,15 +6377,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6493,8 +6397,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_96": - ("JC_95": ("JC_95": (mi < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_104": ("JC_103": (mi < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Sort_po5.why ========== goal Sort_min_sort_ensures_default_po_5: @@ -6503,15 +6406,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6526,12 +6429,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -6546,7 +6449,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": ("JC_93": ("JC_93": (i_3_0 < j_2_1)))) + ("JC_104": ("JC_101": (i_3_0 < j_2_1))) ========== file tests/java/why/Sort_po6.why ========== goal Sort_min_sort_ensures_default_po_6: @@ -6555,15 +6458,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6578,12 +6481,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -6598,7 +6501,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": ("JC_94": ("JC_94": (i_3_0 <= mi1)))) + ("JC_104": ("JC_102": (i_3_0 <= mi1))) ========== file tests/java/why/Sort_po7.why ========== goal Sort_min_sort_ensures_default_po_7: @@ -6607,15 +6510,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6630,12 +6533,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -6650,8 +6553,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": - ("JC_95": ("JC_95": (mi1 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_104": ("JC_103": (mi1 < (offset_max(Object_alloc_table, t_0) + 1)))) ========== file tests/java/why/Sort_po8.why ========== goal Sort_min_sort_ensures_default_po_8: @@ -6660,15 +6562,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6683,12 +6585,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -6697,7 +6599,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": ("JC_93": ("JC_93": (i_3_0 < j_2_1)))) + ("JC_104": ("JC_101": (i_3_0 < j_2_1))) ========== file tests/java/why/Sort_po9.why ========== goal Sort_min_sort_ensures_default_po_9: @@ -6706,15 +6608,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -6729,12 +6631,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -6743,7 +6645,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": ("JC_94": ("JC_94": (i_3_0 <= mi0)))) + ("JC_104": ("JC_102": (i_3_0 <= mi0))) ========== generation of Simplify VC output ========== why -simplify [...] why/Sort.why @@ -7567,7 +7469,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_1) 0)) + (>= (offset_max Object_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_alloc_table) (>= (offset_max Object_alloc_table x_0) (- 0 1))) @@ -7589,47 +7491,6 @@ (FORALL (x Object_tag_table) (instanceof Object_tag_table x Object_tag))) (BG_PUSH - ;; Why axiom Permut_refl - (FORALL (intM_intP_at_L a_2 l_1 h_1) - (EQ (Permut a_2 l_1 h_1 intM_intP_at_L intM_intP_at_L) |@true|))) - -(DEFPRED (Swap a_0 i_0 j intM_intP_at_L2 intM_intP_at_L1) - (AND - (EQ (select intM_intP_at_L1 (shift a_0 i_0)) - (select intM_intP_at_L2 (shift a_0 j))) - (AND - (EQ (select intM_intP_at_L1 (shift a_0 j)) - (select intM_intP_at_L2 (shift a_0 i_0))) - (FORALL (k) - (IMPLIES (AND (NEQ k i_0) (NEQ k j)) - (EQ (select intM_intP_at_L1 (shift a_0 k)) - (select intM_intP_at_L2 (shift a_0 k)))))))) - -(BG_PUSH - ;; Why axiom Permut_swap - (FORALL (intM_intP_at_L2 intM_intP_at_L1 a_5 l_4 h_4 i_1 j_0) - (IMPLIES - (AND (<= l_4 i_1) - (AND (<= i_1 h_4) - (AND (<= l_4 j_0) - (AND (<= j_0 h_4) (Swap a_5 i_1 j_0 intM_intP_at_L2 intM_intP_at_L1))))) - (EQ (Permut a_5 l_4 h_4 intM_intP_at_L2 intM_intP_at_L1) |@true|)))) - -(BG_PUSH - ;; Why axiom Permut_sym - (FORALL (intM_intP_at_L2 intM_intP_at_L1 a_3 l_2 h_2) - (IMPLIES (EQ (Permut a_3 l_2 h_2 intM_intP_at_L2 intM_intP_at_L1) |@true|) - (EQ (Permut a_3 l_2 h_2 intM_intP_at_L1 intM_intP_at_L2) |@true|)))) - -(BG_PUSH - ;; Why axiom Permut_trans - (FORALL (intM_intP_at_L3 intM_intP_at_L2 intM_intP_at_L1 a_4 l_3 h_3) - (IMPLIES - (AND (EQ (Permut a_4 l_3 h_3 intM_intP_at_L2 intM_intP_at_L1) |@true|) - (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L2) |@true|)) - (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L1) |@true|)))) - -(BG_PUSH ;; Why axiom Sort_parenttag_Object (EQ (parenttag Sort_tag Object_tag) |@true|)) @@ -7643,6 +7504,18 @@ ;; Why axiom String_parenttag_Object (EQ (parenttag String_tag Object_tag) |@true|)) +(DEFPRED (Swap a_0 i_0 j intM_intP_at_L2 intM_intP_at_L1) + (AND + (EQ (select intM_intP_at_L1 (shift a_0 i_0)) + (select intM_intP_at_L2 (shift a_0 j))) + (AND + (EQ (select intM_intP_at_L1 (shift a_0 j)) + (select intM_intP_at_L2 (shift a_0 i_0))) + (FORALL (k) + (IMPLIES (AND (NEQ k i_0) (NEQ k j)) + (EQ (select intM_intP_at_L1 (shift a_0 k)) + (select intM_intP_at_L2 (shift a_0 k)))))))) + (BG_PUSH ;; Why axiom Throwable_parenttag_Object (EQ (parenttag Throwable_tag Object_tag) |@true|)) @@ -7749,29 +7622,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Sort p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -7803,7 +7653,36 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; Sort_min_sort_ensures_default_po_1, File "HOME/tests/java/Sort.java", line 56, characters 20-26 +(BG_PUSH + ;; Why axiom Permut_swap + (FORALL (intM_intP_at_L2 intM_intP_at_L1 a_5 l_4 h_4 i_1 j_0) + (IMPLIES + (AND (<= l_4 i_1) + (AND (<= i_1 h_4) + (AND (<= l_4 j_0) + (AND (<= j_0 h_4) (Swap a_5 i_1 j_0 intM_intP_at_L2 intM_intP_at_L1))))) + (EQ (Permut a_5 l_4 h_4 intM_intP_at_L2 intM_intP_at_L1) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_trans + (FORALL (intM_intP_at_L3 intM_intP_at_L2 intM_intP_at_L1 a_4 l_3 h_3) + (IMPLIES + (AND (EQ (Permut a_4 l_3 h_3 intM_intP_at_L2 intM_intP_at_L1) |@true|) + (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L2) |@true|)) + (EQ (Permut a_4 l_3 h_3 intM_intP_at_L3 intM_intP_at_L1) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_sym + (FORALL (intM_intP_at_L2 intM_intP_at_L1 a_3 l_2 h_2) + (IMPLIES (EQ (Permut a_3 l_2 h_2 intM_intP_at_L2 intM_intP_at_L1) |@true|) + (EQ (Permut a_3 l_2 h_2 intM_intP_at_L1 intM_intP_at_L2) |@true|)))) + +(BG_PUSH + ;; Why axiom Permut_refl + (FORALL (intM_intP_at_L a_2 l_1 h_1) + (EQ (Permut a_2 l_1 h_1 intM_intP_at_L intM_intP_at_L) |@true|))) + +;; Sort_min_sort_ensures_default_po_1, File "HOME/tests/java/Sort.java", line 86, characters 20-26 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -7812,7 +7691,7 @@ (Non_null_intM t_0 Object_alloc_table))) (FORALL (i_3) (IMPLIES (EQ i_3 0) (<= 0 i_3))))))) -;; Sort_min_sort_ensures_default_po_2, File "HOME/tests/java/Sort.java", line 67, characters 24-29 +;; Sort_min_sort_ensures_default_po_2, File "HOME/tests/java/Sort.java", line 97, characters 24-29 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -7837,7 +7716,7 @@ (IMPLIES (EQ mi i_3_0) (FORALL (j_2) (IMPLIES (EQ j_2 (+ i_3_0 1)) (< i_3_0 j_2))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_3, File "HOME/tests/java/Sort.java", line 67, characters 33-40 +;; Sort_min_sort_ensures_default_po_3, File "HOME/tests/java/Sort.java", line 97, characters 33-40 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -7862,7 +7741,7 @@ (IMPLIES (EQ mi i_3_0) (FORALL (j_2) (IMPLIES (EQ j_2 (+ i_3_0 1)) (<= i_3_0 mi))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_4, File "HOME/tests/java/Sort.java", line 67, characters 38-51 +;; Sort_min_sort_ensures_default_po_4, File "HOME/tests/java/Sort.java", line 97, characters 38-51 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -7889,7 +7768,7 @@ (IMPLIES (EQ j_2 (+ i_3_0 1)) (< mi (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_5, File "HOME/tests/java/Sort.java", line 67, characters 24-29 +;; Sort_min_sort_ensures_default_po_5, File "HOME/tests/java/Sort.java", line 97, characters 24-29 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -7936,7 +7815,7 @@ (IMPLIES (EQ mv1 result3) (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (< i_3_0 j_2_1))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_6, File "HOME/tests/java/Sort.java", line 67, characters 33-40 +;; Sort_min_sort_ensures_default_po_6, File "HOME/tests/java/Sort.java", line 97, characters 33-40 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -7983,7 +7862,7 @@ (IMPLIES (EQ mv1 result3) (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (<= i_3_0 mi1))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_7, File "HOME/tests/java/Sort.java", line 67, characters 38-51 +;; Sort_min_sort_ensures_default_po_7, File "HOME/tests/java/Sort.java", line 97, characters 38-51 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8032,7 +7911,7 @@ (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (< mi1 (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_8, File "HOME/tests/java/Sort.java", line 67, characters 24-29 +;; Sort_min_sort_ensures_default_po_8, File "HOME/tests/java/Sort.java", line 97, characters 24-29 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8073,7 +7952,7 @@ (IMPLIES (>= result2 mv0) (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (< i_3_0 j_2_1))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_9, File "HOME/tests/java/Sort.java", line 67, characters 33-40 +;; Sort_min_sort_ensures_default_po_9, File "HOME/tests/java/Sort.java", line 97, characters 33-40 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8114,7 +7993,7 @@ (IMPLIES (>= result2 mv0) (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (<= i_3_0 mi0))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_10, File "HOME/tests/java/Sort.java", line 67, characters 38-51 +;; Sort_min_sort_ensures_default_po_10, File "HOME/tests/java/Sort.java", line 97, characters 38-51 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8157,7 +8036,7 @@ (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (< mi0 (+ (offset_max Object_alloc_table t_0) 1)))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_default_po_11, File "HOME/tests/java/Sort.java", line 56, characters 20-26 +;; Sort_min_sort_ensures_default_po_11, File "HOME/tests/java/Sort.java", line 86, characters 20-26 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8202,7 +8081,7 @@ (pset_singleton t_0) i_3_0 i_3_0)))) (FORALL (i_3_1) (IMPLIES (EQ i_3_1 (+ i_3_0 1)) (<= 0 i_3_1))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_permutation_po_1, File "HOME/tests/java/Sort.java", line 62, characters 22-54 +;; Sort_min_sort_ensures_permutation_po_1, File "HOME/tests/java/Sort.java", line 92, characters 22-54 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8215,7 +8094,7 @@ (EQ (Permut t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP intM_intP) |@true|)))))))) -;; Sort_min_sort_ensures_permutation_po_2, File "HOME/tests/java/Sort.java", line 62, characters 22-54 +;; Sort_min_sort_ensures_permutation_po_2, File "HOME/tests/java/Sort.java", line 92, characters 22-54 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8268,7 +8147,7 @@ (EQ (Permut t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP1 intM_intP) |@true|)))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_sorted_po_1, File "HOME/tests/java/Sort.java", line 58, characters 21-34 +;; Sort_min_sort_ensures_sorted_po_1, File "HOME/tests/java/Sort.java", line 88, characters 21-34 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8278,7 +8157,7 @@ (Non_null_intM t_0 Object_alloc_table))) (FORALL (i_3) (IMPLIES (EQ i_3 0) (Sorted t_0 0 i_3 intM_intP)))))))) -;; Sort_min_sort_ensures_sorted_po_2, File "HOME/tests/java/Sort.java", line 59, characters 8-90 +;; Sort_min_sort_ensures_sorted_po_2, File "HOME/tests/java/Sort.java", line 89, characters 8-90 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8288,14 +8167,14 @@ (Non_null_intM t_0 Object_alloc_table))) (FORALL (i_3) (IMPLIES (EQ i_3 0) -(FORALL (k1 k2) -(IMPLIES -(AND (<= 0 k1) -(AND (< k1 i_3) -(AND (<= i_3 k2) (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) -(<= (select intM_intP (shift t_0 k1)) (select intM_intP (shift t_0 k2)))))))))))) +(FORALL (k1) +(FORALL (k2) +(IMPLIES (AND (<= 0 k1) + (AND (< k1 i_3) + (AND (<= i_3 k2) (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) +(<= (select intM_intP (shift t_0 k1)) (select intM_intP (shift t_0 k2))))))))))))) -;; Sort_min_sort_ensures_sorted_po_3, File "HOME/tests/java/Sort.java", line 69, characters 25-36 +;; Sort_min_sort_ensures_sorted_po_3, File "HOME/tests/java/Sort.java", line 99, characters 25-36 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8329,7 +8208,7 @@ (FORALL (j_2) (IMPLIES (EQ j_2 (+ i_3_0 1)) (EQ mv (select intM_intP0 (shift t_0 mi)))))))))))))))))))))))) -;; Sort_min_sort_ensures_sorted_po_4, File "HOME/tests/java/Sort.java", line 70, characters 12-56 +;; Sort_min_sort_ensures_sorted_po_4, File "HOME/tests/java/Sort.java", line 100, characters 12-56 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8366,7 +8245,7 @@ (IMPLIES (AND (<= i_3_0 k_0) (< k_0 j_2)) (>= (select intM_intP0 (shift t_0 k_0)) mv)))))))))))))))))))))))) -;; Sort_min_sort_ensures_sorted_po_5, File "HOME/tests/java/Sort.java", line 69, characters 25-36 +;; Sort_min_sort_ensures_sorted_po_5, File "HOME/tests/java/Sort.java", line 99, characters 25-36 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8426,7 +8305,7 @@ (FORALL (j_2_1) (IMPLIES (EQ j_2_1 (+ j_2_0 1)) (EQ mv1 (select intM_intP0 (shift t_0 mi1))))))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_sorted_po_6, File "HOME/tests/java/Sort.java", line 70, characters 12-56 +;; Sort_min_sort_ensures_sorted_po_6, File "HOME/tests/java/Sort.java", line 100, characters 12-56 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8489,7 +8368,7 @@ (IMPLIES (AND (<= i_3_0 k_0) (< k_0 j_2_1)) (>= (select intM_intP0 (shift t_0 k_0)) mv1))))))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_sorted_po_7, File "HOME/tests/java/Sort.java", line 70, characters 12-56 +;; Sort_min_sort_ensures_sorted_po_7, File "HOME/tests/java/Sort.java", line 100, characters 12-56 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8546,7 +8425,7 @@ (IMPLIES (AND (<= i_3_0 k_0) (< k_0 j_2_1)) (>= (select intM_intP0 (shift t_0 k_0)) mv0))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_sorted_po_8, File "HOME/tests/java/Sort.java", line 58, characters 21-34 +;; Sort_min_sort_ensures_sorted_po_8, File "HOME/tests/java/Sort.java", line 88, characters 21-34 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8605,7 +8484,7 @@ (FORALL (i_3_1) (IMPLIES (EQ i_3_1 (+ i_3_0 1)) (Sorted t_0 0 i_3_1 intM_intP1)))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_sorted_po_9, File "HOME/tests/java/Sort.java", line 59, characters 8-90 +;; Sort_min_sort_ensures_sorted_po_9, File "HOME/tests/java/Sort.java", line 89, characters 8-90 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8663,14 +8542,14 @@ (pset_singleton t_0) i_3_0 i_3_0)))) (FORALL (i_3_1) (IMPLIES (EQ i_3_1 (+ i_3_0 1)) -(FORALL (k1 k2) -(IMPLIES -(AND (<= 0 k1) -(AND (< k1 i_3_1) -(AND (<= i_3_1 k2) (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) -(<= (select intM_intP1 (shift t_0 k1)) (select intM_intP1 (shift t_0 k2)))))))))))))))))))))))))))))))))))))) +(FORALL (k1) +(FORALL (k2) +(IMPLIES (AND (<= 0 k1) + (AND (< k1 i_3_1) + (AND (<= i_3_1 k2) (< k2 (+ (offset_max Object_alloc_table t_0) 1))))) +(<= (select intM_intP1 (shift t_0 k1)) (select intM_intP1 (shift t_0 k2))))))))))))))))))))))))))))))))))))))) -;; Sort_min_sort_ensures_sorted_po_10, File "HOME/tests/java/Sort.java", line 49, characters 18-40 +;; Sort_min_sort_ensures_sorted_po_10, File "HOME/tests/java/Sort.java", line 79, characters 18-40 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8697,7 +8576,7 @@ (IMPLIES (>= i_3_0 (- result 1)) (Sorted t_0 0 (- (+ (offset_max Object_alloc_table t_0) 1) 1) intM_intP0)))))))))))))) -;; Sort_min_sort_safety_po_1, File "why/Sort.why", line 1163, characters 44-194 +;; Sort_min_sort_safety_po_1, File "why/Sort.why", line 998, characters 44-194 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8710,7 +8589,7 @@ (IMPLIES TRUE (IMPLIES (<= 0 i_3_0) (>= (offset_max Object_alloc_table t_0) (- 0 1))))))))))) -;; Sort_min_sort_safety_po_2, File "HOME/tests/java/Sort.java", line 66, characters 10-14 +;; Sort_min_sort_safety_po_2, File "HOME/tests/java/Sort.java", line 96, characters 10-14 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8730,7 +8609,7 @@ (IMPLIES (< i_3_0 (- result 1)) (<= (offset_min Object_alloc_table t_0) i_3_0)))))))))))))) -;; Sort_min_sort_safety_po_3, File "HOME/tests/java/Sort.java", line 66, characters 10-14 +;; Sort_min_sort_safety_po_3, File "HOME/tests/java/Sort.java", line 96, characters 10-14 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8750,7 +8629,7 @@ (IMPLIES (< i_3_0 (- result 1)) (<= i_3_0 (offset_max Object_alloc_table t_0))))))))))))))) -;; Sort_min_sort_safety_po_4, File "HOME/tests/java/Sort.java", line 75, characters 6-10 +;; Sort_min_sort_safety_po_4, File "HOME/tests/java/Sort.java", line 105, characters 6-10 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8792,7 +8671,7 @@ (EQ result1 (+ (offset_max Object_alloc_table t_0) 1)))) (IMPLIES (< j_2_0 result1) (<= (offset_min Object_alloc_table t_0) j_2_0)))))))))))))))))))))))))))))))) -;; Sort_min_sort_safety_po_5, File "HOME/tests/java/Sort.java", line 75, characters 6-10 +;; Sort_min_sort_safety_po_5, File "HOME/tests/java/Sort.java", line 105, characters 6-10 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8834,7 +8713,7 @@ (EQ result1 (+ (offset_max Object_alloc_table t_0) 1)))) (IMPLIES (< j_2_0 result1) (<= j_2_0 (offset_max Object_alloc_table t_0))))))))))))))))))))))))))))))))) -;; Sort_min_sort_safety_po_6, File "HOME/tests/java/Sort.jc", line 202, characters 29-60 +;; Sort_min_sort_safety_po_6, File "HOME/tests/java/Sort.jc", line 205, characters 29-60 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8876,7 +8755,7 @@ (EQ result1 (+ (offset_max Object_alloc_table t_0) 1)))) (IMPLIES (>= j_2_0 result1) (Non_null_intM t_0 Object_alloc_table)))))))))))))))))))))))))))))))) -;; Sort_min_sort_safety_po_7, File "HOME/tests/java/Sort.jc", line 202, characters 29-60 +;; Sort_min_sort_safety_po_7, File "HOME/tests/java/Sort.jc", line 205, characters 29-60 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8919,7 +8798,7 @@ (IMPLIES (>= j_2_0 result1) (< i_3_0 (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))))))))))))))))) -;; Sort_min_sort_safety_po_8, File "HOME/tests/java/Sort.jc", line 202, characters 29-60 +;; Sort_min_sort_safety_po_8, File "HOME/tests/java/Sort.jc", line 205, characters 29-60 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -8961,7 +8840,7 @@ (EQ result1 (+ (offset_max Object_alloc_table t_0) 1)))) (IMPLIES (>= j_2_0 result1) (<= 0 mi0)))))))))))))))))))))))))))))))) -;; Sort_min_sort_safety_po_9, File "HOME/tests/java/Sort.jc", line 202, characters 29-60 +;; Sort_min_sort_safety_po_9, File "HOME/tests/java/Sort.jc", line 205, characters 29-60 (FORALL (this_0) (FORALL (t_0) (FORALL (Object_alloc_table) @@ -9004,7 +8883,7 @@ (IMPLIES (>= j_2_0 result1) (< mi0 (+ (offset_max Object_alloc_table t_0) 1))))))))))))))))))))))))))))))))) -;; Sort_swap_ensures_default_po_1, File "HOME/tests/java/Sort.java", line 39, characters 16-37 +;; Sort_swap_ensures_default_po_1, File "HOME/tests/java/Sort.java", line 69, characters 16-37 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -9027,7 +8906,7 @@ (IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t j_1) result)) (Swap t i_2 j_1 intM_intP1 intM_intP)))))))))))))))) -;; Sort_swap_ensures_default_po_2, File "HOME/tests/java/Sort.java", line 41, characters 9-13 +;; Sort_swap_ensures_default_po_2, File "HOME/tests/java/Sort.java", line 71, characters 9-13 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -9055,7 +8934,7 @@ (pset_singleton t) i_2 i_2)))))))))))))))))) -;; Sort_swap_safety_po_1, File "HOME/tests/java/Sort.java", line 42, characters 11-15 +;; Sort_swap_safety_po_1, File "HOME/tests/java/Sort.java", line 72, characters 11-15 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -9069,7 +8948,7 @@ (AND (<= 0 j_1) (< j_1 (+ (offset_max Object_alloc_table t) 1)))))))) (<= (offset_min Object_alloc_table t) i_2))))))) -;; Sort_swap_safety_po_2, File "HOME/tests/java/Sort.java", line 42, characters 11-15 +;; Sort_swap_safety_po_2, File "HOME/tests/java/Sort.java", line 72, characters 11-15 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -9083,7 +8962,7 @@ (AND (<= 0 j_1) (< j_1 (+ (offset_max Object_alloc_table t) 1)))))))) (<= i_2 (offset_max Object_alloc_table t)))))))) -;; Sort_swap_safety_po_3, File "HOME/tests/java/Sort.java", line 43, characters 8-12 +;; Sort_swap_safety_po_3, File "HOME/tests/java/Sort.java", line 73, characters 8-12 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -9102,7 +8981,7 @@ (IMPLIES (EQ result (select intM_intP (shift t i_2))) (<= (offset_min Object_alloc_table t) j_1))))))))))) -;; Sort_swap_safety_po_4, File "HOME/tests/java/Sort.java", line 43, characters 8-12 +;; Sort_swap_safety_po_4, File "HOME/tests/java/Sort.java", line 73, characters 8-12 (FORALL (this_2) (FORALL (t) (FORALL (i_2) @@ -10075,7 +9954,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -10099,59 +9978,6 @@ logic Permut : Object pointer, int, int, (Object, int) memory, (Object, int) memory -> prop -axiom Permut_refl: - (forall intM_intP_at_L:(Object, int) memory. - (forall a_2:Object pointer. - (forall l_1:int. - (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, - intM_intP_at_L))))) - -predicate Swap(a_0: Object pointer, i_0: int, j: int, - intM_intP_at_L2: (Object, int) memory, intM_intP_at_L1: (Object, - int) memory) = - ((select(intM_intP_at_L1, shift(a_0, i_0)) = select(intM_intP_at_L2, - shift(a_0, j))) and - ((select(intM_intP_at_L1, shift(a_0, j)) = select(intM_intP_at_L2, - shift(a_0, i_0))) and - (forall k:int. - (((k <> i_0) and (k <> j)) -> (select(intM_intP_at_L1, shift(a_0, - k)) = select(intM_intP_at_L2, shift(a_0, k))))))) - -axiom Permut_swap: - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_5:Object pointer. - (forall l_4:int. - (forall h_4:int. - (forall i_1:int. - (forall j_0:int. - (((l_4 <= i_1) and - ((i_1 <= h_4) and - ((l_4 <= j_0) and - ((j_0 <= h_4) and Swap(a_5, i_1, j_0, intM_intP_at_L2, - intM_intP_at_L1))))) -> - Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) - -axiom Permut_sym: - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_3:Object pointer. - (forall l_2:int. - (forall h_2:int. - (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> - Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) - -axiom Permut_trans: - (forall intM_intP_at_L3:(Object, int) memory. - (forall intM_intP_at_L2:(Object, int) memory. - (forall intM_intP_at_L1:(Object, int) memory. - (forall a_4:Object pointer. - (forall l_3:int. - (forall h_3:int. - ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) and - Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> - Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) - logic Sort_tag : Object tag_id axiom Sort_parenttag_Object: parenttag(Sort_tag, Object_tag) @@ -10166,6 +9992,17 @@ axiom String_parenttag_Object: parenttag(String_tag, Object_tag) +predicate Swap(a_0: Object pointer, i_0: int, j: int, + intM_intP_at_L2: (Object, int) memory, intM_intP_at_L1: (Object, + int) memory) = + ((select(intM_intP_at_L1, shift(a_0, i_0)) = select(intM_intP_at_L2, + shift(a_0, j))) and + ((select(intM_intP_at_L1, shift(a_0, j)) = select(intM_intP_at_L2, + shift(a_0, i_0))) and + (forall k:int. + (((k <> i_0) and (k <> j)) -> (select(intM_intP_at_L1, shift(a_0, + k)) = select(intM_intP_at_L2, shift(a_0, k))))))) + logic Throwable_tag : Object tag_id axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) @@ -10295,36 +10132,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Sort(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -10365,16 +10172,58 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +axiom Permut_swap: + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_5:Object pointer. + (forall l_4:int. + (forall h_4:int. + (forall i_1:int. + (forall j_0:int. + (((l_4 <= i_1) and + ((i_1 <= h_4) and + ((l_4 <= j_0) and + ((j_0 <= h_4) and Swap(a_5, i_1, j_0, intM_intP_at_L2, + intM_intP_at_L1))))) -> + Permut(a_5, l_4, h_4, intM_intP_at_L2, intM_intP_at_L1))))))))) + +axiom Permut_trans: + (forall intM_intP_at_L3:(Object, int) memory. + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_4:Object pointer. + (forall l_3:int. + (forall h_3:int. + ((Permut(a_4, l_3, h_3, intM_intP_at_L2, intM_intP_at_L1) and + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L2)) -> + Permut(a_4, l_3, h_3, intM_intP_at_L3, intM_intP_at_L1)))))))) + +axiom Permut_sym: + (forall intM_intP_at_L2:(Object, int) memory. + (forall intM_intP_at_L1:(Object, int) memory. + (forall a_3:Object pointer. + (forall l_2:int. + (forall h_2:int. + (Permut(a_3, l_2, h_2, intM_intP_at_L2, intM_intP_at_L1) -> + Permut(a_3, l_2, h_2, intM_intP_at_L1, intM_intP_at_L2))))))) + +axiom Permut_refl: + (forall intM_intP_at_L:(Object, int) memory. + (forall a_2:Object pointer. + (forall l_1:int. + (forall h_1:int. Permut(a_2, l_1, h_1, intM_intP_at_L, + intM_intP_at_L))))) + goal Sort_min_sort_ensures_default_po_1: forall this_0:Object pointer. forall t_0:Object pointer. forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_88": (0 <= i_3)) + ("JC_96": (0 <= i_3)) goal Sort_min_sort_ensures_default_po_2: forall this_0:Object pointer. @@ -10382,15 +10231,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10402,7 +10251,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_96": ("JC_93": ("JC_93": (i_3_0 < j_2)))) + ("JC_104": ("JC_101": (i_3_0 < j_2))) goal Sort_min_sort_ensures_default_po_3: forall this_0:Object pointer. @@ -10410,15 +10259,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10430,7 +10279,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_96": ("JC_94": ("JC_94": (i_3_0 <= mi)))) + ("JC_104": ("JC_102": (i_3_0 <= mi))) goal Sort_min_sort_ensures_default_po_4: forall this_0:Object pointer. @@ -10438,15 +10287,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10458,8 +10307,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_96": - ("JC_95": ("JC_95": (mi < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_104": ("JC_103": (mi < (offset_max(Object_alloc_table, t_0) + 1)))) goal Sort_min_sort_ensures_default_po_5: forall this_0:Object pointer. @@ -10467,15 +10315,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10490,12 +10338,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -10510,7 +10358,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": ("JC_93": ("JC_93": (i_3_0 < j_2_1)))) + ("JC_104": ("JC_101": (i_3_0 < j_2_1))) goal Sort_min_sort_ensures_default_po_6: forall this_0:Object pointer. @@ -10518,15 +10366,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10541,12 +10389,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -10561,7 +10409,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": ("JC_94": ("JC_94": (i_3_0 <= mi1)))) + ("JC_104": ("JC_102": (i_3_0 <= mi1))) goal Sort_min_sort_ensures_default_po_7: forall this_0:Object pointer. @@ -10569,15 +10417,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10592,12 +10440,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -10612,8 +10460,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": - ("JC_95": ("JC_95": (mi1 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_104": ("JC_103": (mi1 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Sort_min_sort_ensures_default_po_8: forall this_0:Object pointer. @@ -10621,15 +10468,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10644,12 +10491,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -10658,7 +10505,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": ("JC_93": ("JC_93": (i_3_0 < j_2_1)))) + ("JC_104": ("JC_101": (i_3_0 < j_2_1))) goal Sort_min_sort_ensures_default_po_9: forall this_0:Object pointer. @@ -10666,15 +10513,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10689,12 +10536,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -10703,7 +10550,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": ("JC_94": ("JC_94": (i_3_0 <= mi0)))) + ("JC_104": ("JC_102": (i_3_0 <= mi0))) goal Sort_min_sort_ensures_default_po_10: forall this_0:Object pointer. @@ -10711,15 +10558,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10734,12 +10581,12 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -10748,8 +10595,7 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_96": - ("JC_95": ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_104": ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Sort_min_sort_ensures_default_po_11: forall this_0:Object pointer. @@ -10757,15 +10603,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_88": (0 <= i_3_0)) -> + ("JC_96": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10779,25 +10625,25 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_96": - (("JC_93": (i_3_0 < j_2_0)) and - (("JC_94": (i_3_0 <= mi0)) and - ("JC_95": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_104": + (("JC_101": (i_3_0 < j_2_0)) and + (("JC_102": (i_3_0 <= mi0)) and + ("JC_103": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP0:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP0, intM_intP)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP, intM_intP0, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP0, intM_intP)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP, intM_intP0, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_88": (0 <= i_3_1)) + ("JC_96": (0 <= i_3_1)) goal Sort_min_sort_ensures_permutation_po_1: forall this_0:Object pointer. @@ -10807,10 +10653,10 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_122": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + ("JC_130": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP, intM_intP)) goal Sort_min_sort_ensures_permutation_po_2: @@ -10821,17 +10667,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_122": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + ("JC_130": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)) -> - ("JC_123": (0 <= i_3_0)) -> + ("JC_131": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10845,27 +10691,27 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_128": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + ("JC_136": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0, intM_intP)) -> - ("JC_132": - (("JC_129": (i_3_0 < j_2_0)) and - (("JC_130": (i_3_0 <= mi0)) and - ("JC_131": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_140": + (("JC_137": (i_3_0 < j_2_0)) and + (("JC_138": (i_3_0 <= mi0)) and + ("JC_139": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_122": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + ("JC_130": Permut(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP1, intM_intP)) goal Sort_min_sort_ensures_sorted_po_1: @@ -10876,10 +10722,10 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_104": ("JC_102": ("JC_102": Sorted(t_0, 0, i_3, intM_intP)))) + ("JC_112": ("JC_110": Sorted(t_0, 0, i_3, intM_intP))) goal Sort_min_sort_ensures_sorted_po_2: forall this_0:Object pointer. @@ -10889,19 +10735,17 @@ int) memory. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> - ("JC_104": - ("JC_103": - ("JC_103": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and - ((k1 < i_3) and - ((i_3 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> - (select(intM_intP, shift(t_0, k1)) <= select(intM_intP, shift(t_0, - k2))))))))) + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < i_3) and + ((i_3 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + ("JC_112": + ("JC_111": (select(intM_intP, shift(t_0, k1)) <= select(intM_intP, + shift(t_0, k2))))) goal Sort_min_sort_ensures_sorted_po_3: forall this_0:Object pointer. @@ -10909,15 +10753,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -10925,9 +10769,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10939,8 +10783,7 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_112": - ("JC_110": ("JC_110": (mv = select(intM_intP0, shift(t_0, mi)))))) + ("JC_120": ("JC_118": (mv = select(intM_intP0, shift(t_0, mi))))) goal Sort_min_sort_ensures_sorted_po_4: forall this_0:Object pointer. @@ -10948,15 +10791,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -10964,9 +10807,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -10978,12 +10821,9 @@ (mi = i_3_0) -> forall j_2:int. (j_2 = (i_3_0 + 1)) -> - ("JC_112": - ("JC_111": - ("JC_111": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2)) -> + ("JC_120": ("JC_119": (select(intM_intP0, shift(t_0, k_0)) >= mv))) goal Sort_min_sort_ensures_sorted_po_5: forall this_0:Object pointer. @@ -10991,15 +10831,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11007,9 +10847,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11024,18 +10864,18 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_112": - (("JC_110": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - ("JC_111": + ("JC_120": + (("JC_118": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + ("JC_119": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))))) -> - ("JC_116": - (("JC_113": (i_3_0 < j_2_0)) and - (("JC_114": (i_3_0 <= mi0)) and - ("JC_115": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_124": + (("JC_121": (i_3_0 < j_2_0)) and + (("JC_122": (i_3_0 <= mi0)) and + ("JC_123": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -11050,8 +10890,7 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_112": - ("JC_110": ("JC_110": (mv1 = select(intM_intP0, shift(t_0, mi1)))))) + ("JC_120": ("JC_118": (mv1 = select(intM_intP0, shift(t_0, mi1))))) goal Sort_min_sort_ensures_sorted_po_6: forall this_0:Object pointer. @@ -11059,15 +10898,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11075,9 +10914,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11092,18 +10931,18 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_112": - (("JC_110": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - ("JC_111": + ("JC_120": + (("JC_118": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + ("JC_119": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))))) -> - ("JC_116": - (("JC_113": (i_3_0 < j_2_0)) and - (("JC_114": (i_3_0 <= mi0)) and - ("JC_115": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_124": + (("JC_121": (i_3_0 < j_2_0)) and + (("JC_122": (i_3_0 <= mi0)) and + ("JC_123": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -11118,12 +10957,9 @@ (mv1 = result3) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_112": - ("JC_111": - ("JC_111": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2_1)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv1)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2_1)) -> + ("JC_120": ("JC_119": (select(intM_intP0, shift(t_0, k_0)) >= mv1))) goal Sort_min_sort_ensures_sorted_po_7: forall this_0:Object pointer. @@ -11131,15 +10967,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11147,9 +10983,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11164,18 +11000,18 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_112": - (("JC_110": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - ("JC_111": + ("JC_120": + (("JC_118": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + ("JC_119": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))))) -> - ("JC_116": - (("JC_113": (i_3_0 < j_2_0)) and - (("JC_114": (i_3_0 <= mi0)) and - ("JC_115": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_124": + (("JC_121": (i_3_0 < j_2_0)) and + (("JC_122": (i_3_0 <= mi0)) and + ("JC_123": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -11184,12 +11020,9 @@ (result2 >= mv0) -> forall j_2_1:int. (j_2_1 = (j_2_0 + 1)) -> - ("JC_112": - ("JC_111": - ("JC_111": - (forall k_0:int. - (((i_3_0 <= k_0) and (k_0 < j_2_1)) -> (select(intM_intP0, shift(t_0, - k_0)) >= mv0)))))) + forall k_0:int. + ((i_3_0 <= k_0) and (k_0 < j_2_1)) -> + ("JC_120": ("JC_119": (select(intM_intP0, shift(t_0, k_0)) >= mv0))) goal Sort_min_sort_ensures_sorted_po_8: forall this_0:Object pointer. @@ -11197,15 +11030,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11213,9 +11046,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11230,31 +11063,31 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_112": - (("JC_110": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - ("JC_111": + ("JC_120": + (("JC_118": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + ("JC_119": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))))) -> - ("JC_116": - (("JC_113": (i_3_0 < j_2_0)) and - (("JC_114": (i_3_0 <= mi0)) and - ("JC_115": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_124": + (("JC_121": (i_3_0 < j_2_0)) and + (("JC_122": (i_3_0 <= mi0)) and + ("JC_123": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_104": ("JC_102": ("JC_102": Sorted(t_0, 0, i_3_1, intM_intP1)))) + ("JC_112": ("JC_110": Sorted(t_0, 0, i_3_1, intM_intP1))) goal Sort_min_sort_ensures_sorted_po_9: forall this_0:Object pointer. @@ -11262,15 +11095,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11278,9 +11111,9 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11295,40 +11128,38 @@ forall j_2_0:int. forall mi0:int. forall mv0:int. - ("JC_112": - (("JC_110": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and - ("JC_111": + ("JC_120": + (("JC_118": (mv0 = select(intM_intP0, shift(t_0, mi0)))) and + ("JC_119": (forall k_0:int. (((i_3_0 <= k_0) and (k_0 < j_2_0)) -> (select(intM_intP0, shift(t_0, k_0)) >= mv0)))))) -> - ("JC_116": - (("JC_113": (i_3_0 < j_2_0)) and - (("JC_114": (i_3_0 <= mi0)) and - ("JC_115": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_124": + (("JC_121": (i_3_0 < j_2_0)) and + (("JC_122": (i_3_0 <= mi0)) and + ("JC_123": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> forall intM_intP1:(Object, int) memory. - ("JC_50": - (("JC_48": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and - ("JC_49": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, + ("JC_58": + (("JC_56": Swap(t_0, i_3_0, mi0, intM_intP1, intM_intP0)) and + ("JC_57": not_assigns(Object_alloc_table, intM_intP0, intM_intP1, pset_union(pset_range(pset_singleton(t_0), mi0, mi0), pset_range(pset_singleton(t_0), i_3_0, i_3_0)))))) -> forall i_3_1:int. (i_3_1 = (i_3_0 + 1)) -> - ("JC_104": - ("JC_103": - ("JC_103": - (forall k1:int. - (forall k2:int. - (((0 <= k1) and - ((k1 < i_3_1) and - ((i_3_1 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> - (select(intM_intP1, shift(t_0, k1)) <= select(intM_intP1, shift(t_0, - k2))))))))) + forall k1:int. + forall k2:int. + ((0 <= k1) and + ((k1 < i_3_1) and + ((i_3_1 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> + ("JC_112": + ("JC_111": (select(intM_intP1, shift(t_0, k1)) <= select(intM_intP1, + shift(t_0, k2))))) goal Sort_min_sort_ensures_sorted_po_10: forall this_0:Object pointer. @@ -11336,15 +11167,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP0:(Object, int) memory. - ("JC_104": - (("JC_102": Sorted(t_0, 0, i_3_0, intM_intP0)) and - ("JC_103": + ("JC_112": + (("JC_110": Sorted(t_0, 0, i_3_0, intM_intP0)) and + ("JC_111": (forall k1:int. (forall k2:int. (((0 <= k1) and @@ -11352,13 +11183,13 @@ ((i_3_0 <= k2) and (k2 < (offset_max(Object_alloc_table, t_0) + 1))))) -> (select(intM_intP0, shift(t_0, k1)) <= select(intM_intP0, shift(t_0, k2))))))))) -> - ("JC_105": (0 <= i_3_0)) -> + ("JC_113": (0 <= i_3_0)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 >= (result - 1)) -> - ("JC_65": Sorted(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), + ("JC_73": Sorted(t_0, 0, ((offset_max(Object_alloc_table, t_0) + 1) - 1), intM_intP0)) goal Sort_min_sort_safety_po_1: @@ -11367,12 +11198,12 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) goal Sort_min_sort_safety_po_2: @@ -11381,15 +11212,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11401,15 +11232,15 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11421,17 +11252,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11447,14 +11278,14 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -11466,17 +11297,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11492,14 +11323,14 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 < result1) -> @@ -11511,17 +11342,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11537,18 +11368,18 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": ("JC_31": ("JC_31": Non_null_intM(t_0, Object_alloc_table)))) + ("JC_44": ("JC_39": Non_null_intM(t_0, Object_alloc_table))) goal Sort_min_sort_safety_po_7: forall this_0:Object pointer. @@ -11556,17 +11387,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11582,19 +11413,18 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": - ("JC_33": ("JC_33": (i_3_0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_44": ("JC_41": (i_3_0 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Sort_min_sort_safety_po_8: forall this_0:Object pointer. @@ -11602,17 +11432,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11628,18 +11458,18 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": ("JC_34": ("JC_34": (0 <= mi0)))) + ("JC_44": ("JC_42": (0 <= mi0))) goal Sort_min_sort_safety_po_9: forall this_0:Object pointer. @@ -11647,17 +11477,17 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t_0, 0, Object_alloc_table) and (valid_struct_Sort(this_0, 0, 0, Object_alloc_table) and - ("JC_59": Non_null_intM(t_0, Object_alloc_table)))) -> + ("JC_67": Non_null_intM(t_0, Object_alloc_table)))) -> forall i_3:int. (i_3 = 0) -> forall i_3_0:int. forall intM_intP:(Object, int) memory. - ("JC_71": true) -> - ("JC_69": (0 <= i_3_0)) -> + ("JC_79": true) -> + ("JC_77": (0 <= i_3_0)) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result:int. - ("JC_17": + ("JC_25": ((result <= 2147483647) and ((result >= 0) and (result = (offset_max(Object_alloc_table, t_0) + 1))))) -> (i_3_0 < (result - 1)) -> @@ -11673,19 +11503,18 @@ (j_2 = (i_3_0 + 1)) -> forall j_2_0:int. forall mi0:int. - ("JC_81": true) -> - ("JC_79": - (("JC_76": (i_3_0 < j_2_0)) and - (("JC_77": (i_3_0 <= mi0)) and - ("JC_78": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> + ("JC_89": true) -> + ("JC_87": + (("JC_84": (i_3_0 < j_2_0)) and + (("JC_85": (i_3_0 <= mi0)) and + ("JC_86": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))))) -> (offset_max(Object_alloc_table, t_0) >= (-1)) -> forall result1:int. - ("JC_17": + ("JC_25": ((result1 <= 2147483647) and ((result1 >= 0) and (result1 = (offset_max(Object_alloc_table, t_0) + 1))))) -> (j_2_0 >= result1) -> - ("JC_36": - ("JC_35": ("JC_35": (mi0 < (offset_max(Object_alloc_table, t_0) + 1))))) + ("JC_44": ("JC_43": (mi0 < (offset_max(Object_alloc_table, t_0) + 1)))) goal Sort_swap_ensures_default_po_1: forall this_2:Object pointer. @@ -11697,12 +11526,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> forall result:int. (result = select(intM_intP, shift(t, i_2))) -> forall result0:int. @@ -11713,7 +11542,7 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, j_1), result)) -> - ("JC_47": ("JC_45": ("JC_45": Swap(t, i_2, j_1, intM_intP1, intM_intP)))) + ("JC_55": ("JC_53": Swap(t, i_2, j_1, intM_intP1, intM_intP))) goal Sort_swap_ensures_default_po_2: forall this_2:Object pointer. @@ -11725,12 +11554,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> forall result:int. (result = select(intM_intP, shift(t, i_2))) -> forall result0:int. @@ -11741,11 +11570,10 @@ forall intM_intP1:(Object, int) memory. (intM_intP1 = store(intM_intP0, shift(t, j_1), result)) -> - ("JC_47": - ("JC_46": - ("JC_46": not_assigns(Object_alloc_table, intM_intP, intM_intP1, + ("JC_55": + ("JC_54": not_assigns(Object_alloc_table, intM_intP, intM_intP1, pset_union(pset_range(pset_singleton(t), j_1, j_1), - pset_range(pset_singleton(t), i_2, i_2)))))) + pset_range(pset_singleton(t), i_2, i_2))))) goal Sort_swap_safety_po_1: forall this_2:Object pointer. @@ -11755,12 +11583,12 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> (offset_min(Object_alloc_table, t) <= i_2) goal Sort_swap_safety_po_2: @@ -11771,12 +11599,12 @@ forall Object_alloc_table:Object alloc_table. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> (i_2 <= offset_max(Object_alloc_table, t)) goal Sort_swap_safety_po_3: @@ -11789,12 +11617,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> ((offset_min(Object_alloc_table, t) <= i_2) and (i_2 <= offset_max(Object_alloc_table, t))) -> forall result:int. @@ -11811,12 +11639,12 @@ int) memory. (left_valid_struct_intM(t, 0, Object_alloc_table) and (valid_struct_Sort(this_2, 0, 0, Object_alloc_table) and - ("JC_43": - (("JC_38": Non_null_intM(t, Object_alloc_table)) and - (("JC_39": (0 <= i_2)) and - (("JC_40": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and - (("JC_41": (0 <= j_1)) and - ("JC_42": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> + ("JC_51": + (("JC_46": Non_null_intM(t, Object_alloc_table)) and + (("JC_47": (0 <= i_2)) and + (("JC_48": (i_2 < (offset_max(Object_alloc_table, t) + 1))) and + (("JC_49": (0 <= j_1)) and + ("JC_50": (j_1 < (offset_max(Object_alloc_table, t) + 1)))))))))) -> ((offset_min(Object_alloc_table, t) <= i_2) and (i_2 <= offset_max(Object_alloc_table, t))) -> forall result:int. diff -Nru why-2.29+dfsg/tests/java/oracle/Switch.res.oracle why-2.30+dfsg/tests/java/oracle/Switch.res.oracle --- why-2.29+dfsg/tests/java/oracle/Switch.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Switch.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -2,30 +2,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ public class Switch { @@ -49,7 +51,7 @@ /*@ behavior normal: @ assigns \nothing; - @ ensures ((n==4 || n==7) <==> \result == 1) && + @ ensures ((n==4 || n==7) <==> \result == 1) && @ ((n==0 || n==1) <==> \result == 0); @*/ public static int test2 (int n) { @@ -74,9 +76,9 @@ } /* -Local Variables: -compile-command: "gwhy Switch.java" -End: +Local Variables: +compile-command: "make Switch.why3ml" +End: */ ========== krakatoa execution ========== @@ -104,7 +106,10 @@ type char = 0..65535 predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -209,27 +214,27 @@ ========== file tests/java/Switch.jloc ========== [K_1] file = "HOME/tests/java/Switch.java" -line = 34 +line = 36 begin = 18 end = 50 [K_2] file = "HOME/tests/java/Switch.java" -line = 52 +line = 54 begin = 20 end = 52 [K_3] file = "HOME/tests/java/Switch.java" -line = 51 +line = 53 begin = 19 end = 51 [K_4] file = "HOME/tests/java/Switch.java" -line = 51 +line = 53 begin = 18 -end = 110 +end = 109 [cons_Switch] name = "Constructor of class Switch" @@ -241,14 +246,14 @@ [Switch_test1] name = "Method test1" file = "HOME/tests/java/Switch.java" -line = 36 +line = 38 begin = 22 end = 27 [Switch_test2] name = "Method test2" file = "HOME/tests/java/Switch.java" -line = 54 +line = 56 begin = 22 end = 27 @@ -271,10 +276,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Switch.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Switch_why.sx @@ -335,6 +341,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Switch_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Switch_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -407,6 +420,9 @@ why3ide: why/Switch_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Switch.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Switch.depend depend: coq/Switch_why.v @@ -417,54 +433,66 @@ ========== file tests/java/Switch.loc ========== [JC_40] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Switch.java" +line = 54 +begin = 20 +end = 52 [JC_41] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Switch.java" +line = 53 +begin = 18 +end = 109 [JC_42] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Switch.jc" +line = 82 +begin = 10 +end = 18 [JC_43] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Switch.java" +line = 53 +begin = 19 +end = 51 [JC_44] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Switch.java" +line = 54 +begin = 20 +end = 52 [JC_45] +file = "HOME/tests/java/Switch.java" +line = 53 +begin = 18 +end = 109 + +[JC_46] +file = "HOME/tests/java/Switch.jc" +line = 82 +begin = 10 +end = 18 + +[JC_1] +file = "HOME/tests/java/Switch.jc" +line = 20 +begin = 12 +end = 22 + +[JC_47] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_46] +[JC_2] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_1] -file = "HOME/tests/java/Switch.jc" -line = 42 -begin = 8 -end = 23 - -[JC_2] +[JC_48] file = "HOME/" line = 0 begin = -1 @@ -472,17 +500,23 @@ [Switch_test1_ensures_normal] name = "Method test1" -behavior = "Normal behavior `normal'" +behavior = "Behavior `normal'" file = "HOME/tests/java/Switch.java" -line = 36 +line = 38 begin = 22 end = 27 [JC_3] file = "HOME/tests/java/Switch.jc" -line = 42 -begin = 8 -end = 23 +line = 20 +begin = 12 +end = 22 + +[JC_49] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_4] file = "HOME/" @@ -492,9 +526,9 @@ [Switch_test2_ensures_default] name = "Method test2" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Switch.java" -line = 54 +line = 56 begin = 22 end = 27 @@ -524,13 +558,43 @@ [JC_9] file = "HOME/tests/java/Switch.jc" -line = 44 -begin = 11 -end = 65 +line = 45 +begin = 8 +end = 23 [cons_Switch_ensures_default] name = "Constructor of class Switch" -behavior = "Default behavior" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_50] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_51] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_52] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_53] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_54] file = "HOME/" line = 0 begin = -1 @@ -540,21 +604,21 @@ name = "Method test1" behavior = "Safety" file = "HOME/tests/java/Switch.java" -line = 36 +line = 38 begin = 22 end = 27 [JC_10] -file = "HOME/tests/java/Switch.jc" -line = 44 -begin = 11 -end = 65 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_11] -file = "HOME/tests/java/Switch.java" -line = 36 -begin = 22 -end = 27 +file = "HOME/tests/java/Switch.jc" +line = 45 +begin = 8 +end = 23 [JC_12] file = "HOME/" @@ -563,10 +627,10 @@ end = -1 [JC_13] -file = "HOME/tests/java/Switch.java" -line = 36 -begin = 22 -end = 27 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_14] file = "HOME/" @@ -587,22 +651,22 @@ end = -1 [JC_17] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Switch.jc" +line = 47 +begin = 11 +end = 65 [JC_18] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Switch.jc" +line = 47 +begin = 11 +end = 65 [JC_19] file = "HOME/tests/java/Switch.java" -line = 34 -begin = 18 -end = 50 +line = 38 +begin = 22 +end = 27 [cons_Switch_safety] name = "Constructor of class Switch" @@ -616,146 +680,146 @@ name = "Method test2" behavior = "Safety" file = "HOME/tests/java/Switch.java" -line = 54 +line = 56 begin = 22 end = 27 [JC_20] -file = "HOME/tests/java/Switch.jc" -line = 53 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_21] file = "HOME/tests/java/Switch.java" -line = 34 -begin = 18 -end = 50 - -[JC_22] -file = "HOME/tests/java/Switch.jc" -line = 53 -begin = 10 -end = 18 - -[JC_23] -file = "HOME/tests/java/Switch.java" -line = 54 +line = 38 begin = 22 end = 27 -[JC_24] +[JC_22] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_25] -file = "HOME/tests/java/Switch.java" -line = 54 -begin = 22 -end = 27 - -[JC_26] +[JC_23] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_27] +[JC_24] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_28] +[JC_25] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_29] +[JC_26] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_27] +file = "HOME/tests/java/Switch.java" +line = 36 +begin = 18 +end = 50 + +[JC_28] +file = "HOME/tests/java/Switch.jc" +line = 56 +begin = 10 +end = 18 + +[JC_29] +file = "HOME/tests/java/Switch.java" +line = 36 +begin = 18 +end = 50 + [Switch_test1_ensures_default] name = "Method test1" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Switch.java" -line = 36 +line = 38 begin = 22 end = 27 [Switch_test2_ensures_normal] name = "Method test2" -behavior = "Normal behavior `normal'" +behavior = "Behavior `normal'" file = "HOME/tests/java/Switch.java" -line = 54 +line = 56 begin = 22 end = 27 [JC_30] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Switch.jc" +line = 56 +begin = 10 +end = 18 [JC_31] file = "HOME/tests/java/Switch.java" -line = 51 -begin = 19 -end = 51 +line = 56 +begin = 22 +end = 27 [JC_32] -file = "HOME/tests/java/Switch.java" -line = 52 -begin = 20 -end = 52 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_33] file = "HOME/tests/java/Switch.java" -line = 51 -begin = 18 -end = 110 +line = 56 +begin = 22 +end = 27 [JC_34] -file = "HOME/tests/java/Switch.jc" -line = 79 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_35] -file = "HOME/tests/java/Switch.java" -line = 51 -begin = 19 -end = 51 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_36] -file = "HOME/tests/java/Switch.java" -line = 52 -begin = 20 -end = 52 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_37] -file = "HOME/tests/java/Switch.java" -line = 51 -begin = 18 -end = 110 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_38] -file = "HOME/tests/java/Switch.jc" -line = 79 -begin = 10 -end = 18 - -[JC_39] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_39] +file = "HOME/tests/java/Switch.java" +line = 53 +begin = 19 +end = 51 + ========== file tests/java/why/Switch.why ========== type Object @@ -771,21 +835,15 @@ type short -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -802,8 +860,6 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) @@ -812,8 +868,6 @@ axiom Switch_parenttag_Object : parenttag(Switch_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -827,6 +881,11 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_byte(byte_of_integer(x)), x))) +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + axiom byte_range : (forall x:byte. (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) @@ -840,6 +899,11 @@ ((le_int((0), x) and le_int(x, (65535))) -> eq_int(integer_of_char(char_of_integer(x)), x))) +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + axiom char_range : (forall x:char. (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) @@ -872,6 +936,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -925,6 +994,11 @@ ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> eq_int(integer_of_long(long_of_integer(x)), x))) +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + axiom long_range : (forall x:long. (le_int((-9223372036854775808), integer_of_long(x)) @@ -968,6 +1042,11 @@ ((le_int((-32768), x) and le_int(x, (32767))) -> eq_int(integer_of_short(short_of_integer(x)), x))) +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + axiom short_range : (forall x:short. (le_int((-32768), integer_of_short(x)) @@ -1009,32 +1088,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Switch(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1071,157 +1124,55 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter Object_alloc_table : Object alloc_table ref parameter Object_tag_table : Object tag_table ref +exception Return_label_exc of unit + parameter Switch_test1 : n:int32 -> { } int32 - { (JC_21: - ((eq_int(integer_of_int32(n), (0)) or eq_int(integer_of_int32(n), (1))) - <-> eq_int(integer_of_int32(result), (0)))) } + { (JC_29: + (((integer_of_int32(n) = (0)) or (integer_of_int32(n) = (1))) + <-> (integer_of_int32(result) = (0)))) } parameter Switch_test1_requires : n:int32 -> { } int32 - { (JC_21: - ((eq_int(integer_of_int32(n), (0)) or eq_int(integer_of_int32(n), (1))) - <-> eq_int(integer_of_int32(result), (0)))) } + { (JC_29: + (((integer_of_int32(n) = (0)) or (integer_of_int32(n) = (1))) + <-> (integer_of_int32(result) = (0)))) } parameter Switch_test2 : n_0:int32 -> { } int32 - { (JC_37: - ((JC_35: - ((eq_int(integer_of_int32(n_0), (4)) - or eq_int(integer_of_int32(n_0), (7))) - <-> eq_int(integer_of_int32(result), (1)))) - and (JC_36: - ((eq_int(integer_of_int32(n_0), (0)) - or eq_int(integer_of_int32(n_0), (1))) - <-> eq_int(integer_of_int32(result), (0)))))) } + { (JC_45: + ((JC_43: + (((integer_of_int32(n_0) = (4)) or (integer_of_int32(n_0) = (7))) + <-> (integer_of_int32(result) = (1)))) + and (JC_44: + (((integer_of_int32(n_0) = (0)) or (integer_of_int32(n_0) = (1))) + <-> (integer_of_int32(result) = (0)))))) } parameter Switch_test2_requires : n_0:int32 -> { } int32 - { (JC_37: - ((JC_35: - ((eq_int(integer_of_int32(n_0), (4)) - or eq_int(integer_of_int32(n_0), (7))) - <-> eq_int(integer_of_int32(result), (1)))) - and (JC_36: - ((eq_int(integer_of_int32(n_0), (0)) - or eq_int(integer_of_int32(n_0), (1))) - <-> eq_int(integer_of_int32(result), (0)))))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + { (JC_45: + ((JC_43: + (((integer_of_int32(n_0) = (4)) or (integer_of_int32(n_0) = (7))) + <-> (integer_of_int32(result) = (1)))) + and (JC_44: + (((integer_of_int32(n_0) = (0)) or (integer_of_int32(n_0) = (1))) + <-> (integer_of_int32(result) = (0)))))) } -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Switch : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Switch(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Switch_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Switch(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1375,6 +1326,10 @@ parameter any_short : unit -> { } short { true } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter byte_of_integer_ : x:int -> { (le_int((-128), x) and le_int(x, (127)))} byte @@ -1404,15 +1359,15 @@ parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter safe_byte_of_integer_ : @@ -1437,7 +1392,7 @@ let Switch_test1_ensures_default = fun (n : int32) -> - { (JC_14: true) } + { (JC_22: true) } (init: (let return = ref (any_int32 void) in try @@ -1449,10 +1404,9 @@ (if (((eq_int_ (integer_of_int32 jessie_)) (1)) || ((eq_int_ (integer_of_int32 jessie_)) (0))) then - (let jessie_ = begin (let jessie_ = (r_0 := (safe_int32_of_integer_ (0))) in void); - (raise (Loop_exit_exc void)) end in void) + (raise (Loop_exit_exc void)) end else (if true then @@ -1460,11 +1414,11 @@ begin (r_0 := (safe_int32_of_integer_ (2))); !r_0 end in void) else void)) with Loop_exit_exc jessie_ -> void end); (return := !r_0); (raise Return) end); absurd end with Return -> - !return end)) { (JC_15: true) } + !return end)) { (JC_23: true) } let Switch_test1_ensures_normal = fun (n : int32) -> - { (JC_14: true) } + { (JC_22: true) } (init: (let return = ref (any_int32 void) in try @@ -1476,10 +1430,9 @@ (if (((eq_int_ (integer_of_int32 jessie_)) (1)) || ((eq_int_ (integer_of_int32 jessie_)) (0))) then - (let jessie_ = begin (let jessie_ = (r_0 := (safe_int32_of_integer_ (0))) in void); - (raise (Loop_exit_exc void)) end in void) + (raise (Loop_exit_exc void)) end else (if true then @@ -1488,13 +1441,13 @@ else void)) with Loop_exit_exc jessie_ -> void end); (return := !r_0); (raise Return) end); absurd end with Return -> !return end)) - { (JC_19: - ((eq_int(integer_of_int32(n), (0)) or eq_int(integer_of_int32(n), (1))) - <-> eq_int(integer_of_int32(result), (0)))) } + { (JC_27: + (((integer_of_int32(n) = (0)) or (integer_of_int32(n) = (1))) + <-> (integer_of_int32(result) = (0)))) } let Switch_test1_safety = fun (n : int32) -> - { (JC_14: true) } + { (JC_22: true) } (init: (let return = ref (any_int32 void) in try @@ -1506,10 +1459,9 @@ (if (((eq_int_ (integer_of_int32 jessie_)) (1)) || ((eq_int_ (integer_of_int32 jessie_)) (0))) then - (let jessie_ = begin (let jessie_ = (r_0 := (safe_int32_of_integer_ (0))) in void); - (raise (Loop_exit_exc void)) end in void) + (raise (Loop_exit_exc void)) end else (if true then @@ -1521,7 +1473,7 @@ let Switch_test2_ensures_default = fun (n_0 : int32) -> - { (JC_26: true) } + { (JC_34: true) } (init: (let return = ref (any_int32 void) in try @@ -1533,18 +1485,16 @@ (if (((eq_int_ (integer_of_int32 jessie_)) (1)) || ((eq_int_ (integer_of_int32 jessie_)) (0))) then - (let jessie_ = begin (let jessie_ = (r := (safe_int32_of_integer_ (0))) in void); - (raise (Loop_exit_exc void)) end in void) + (raise (Loop_exit_exc void)) end else (if (((eq_int_ (integer_of_int32 jessie_)) (7)) || ((eq_int_ (integer_of_int32 jessie_)) (4))) then - (let jessie_ = begin (let jessie_ = (r := (safe_int32_of_integer_ (1))) in void); - (raise (Loop_exit_exc void)) end in void) + (raise (Loop_exit_exc void)) end else (if (((eq_int_ (integer_of_int32 jessie_)) (26)) || (true || ((eq_int_ @@ -1554,11 +1504,11 @@ begin (r := (safe_int32_of_integer_ (2))); !r end in void) else void))) with Loop_exit_exc jessie_ -> void end); (return := !r); (raise Return) end); absurd end with Return -> - !return end)) { (JC_27: true) } + !return end)) { (JC_35: true) } let Switch_test2_ensures_normal = fun (n_0 : int32) -> - { (JC_26: true) } + { (JC_34: true) } (init: (let return = ref (any_int32 void) in try @@ -1570,18 +1520,16 @@ (if (((eq_int_ (integer_of_int32 jessie_)) (1)) || ((eq_int_ (integer_of_int32 jessie_)) (0))) then - (let jessie_ = begin (let jessie_ = (r := (safe_int32_of_integer_ (0))) in void); - (raise (Loop_exit_exc void)) end in void) + (raise (Loop_exit_exc void)) end else (if (((eq_int_ (integer_of_int32 jessie_)) (7)) || ((eq_int_ (integer_of_int32 jessie_)) (4))) then - (let jessie_ = begin (let jessie_ = (r := (safe_int32_of_integer_ (1))) in void); - (raise (Loop_exit_exc void)) end in void) + (raise (Loop_exit_exc void)) end else (if (((eq_int_ (integer_of_int32 jessie_)) (26)) || (true || ((eq_int_ @@ -1592,19 +1540,17 @@ else void))) with Loop_exit_exc jessie_ -> void end); (return := !r); (raise Return) end); absurd end with Return -> !return end)) - { (JC_33: - ((JC_31: - ((eq_int(integer_of_int32(n_0), (4)) - or eq_int(integer_of_int32(n_0), (7))) - <-> eq_int(integer_of_int32(result), (1)))) - and (JC_32: - ((eq_int(integer_of_int32(n_0), (0)) - or eq_int(integer_of_int32(n_0), (1))) - <-> eq_int(integer_of_int32(result), (0)))))) } + { (JC_41: + ((JC_39: + (((integer_of_int32(n_0) = (4)) or (integer_of_int32(n_0) = (7))) + <-> (integer_of_int32(result) = (1)))) + and (JC_40: + (((integer_of_int32(n_0) = (0)) or (integer_of_int32(n_0) = (1))) + <-> (integer_of_int32(result) = (0)))))) } let Switch_test2_safety = fun (n_0 : int32) -> - { (JC_26: true) } + { (JC_34: true) } (init: (let return = ref (any_int32 void) in try @@ -1616,18 +1562,16 @@ (if (((eq_int_ (integer_of_int32 jessie_)) (1)) || ((eq_int_ (integer_of_int32 jessie_)) (0))) then - (let jessie_ = begin (let jessie_ = (r := (safe_int32_of_integer_ (0))) in void); - (raise (Loop_exit_exc void)) end in void) + (raise (Loop_exit_exc void)) end else (if (((eq_int_ (integer_of_int32 jessie_)) (7)) || ((eq_int_ (integer_of_int32 jessie_)) (4))) then - (let jessie_ = begin (let jessie_ = (r := (safe_int32_of_integer_ (1))) in void); - (raise (Loop_exit_exc void)) end in void) + (raise (Loop_exit_exc void)) end else (if (((eq_int_ (integer_of_int32 jessie_)) (26)) || (true || ((eq_int_ @@ -1643,7 +1587,7 @@ fun (this_0 : Object pointer) -> { valid_struct_Switch(this_0, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_43: true) } + { (JC_51: true) } let cons_Switch_safety = fun (this_0 : Object pointer) -> @@ -1658,90 +1602,90 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -2702,7 +2646,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -2740,6 +2684,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -2752,6 +2700,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -2784,6 +2736,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -2837,6 +2794,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -2881,6 +2842,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -2921,32 +2887,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Switch(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -2983,10 +2923,25 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/Switch_po1.why ========== +goal Switch_test1_ensures_normal_po_1: + forall n:int32. + ("JC_22": true) -> + ((integer_of_int32(n) = 1) or + ((integer_of_int32(n) <> 1) and (integer_of_int32(n) = 0))) -> + forall result:int32. + (integer_of_int32(result) = 0) -> + forall r_0:int32. + (r_0 = result) -> + forall return:int32. + (return = r_0) -> + ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1)) -> + ("JC_27": (integer_of_int32(return) = 0)) + ========== file tests/java/why/Switch_po10.why ========== goal Switch_test2_ensures_normal_po_6: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) = 7) or ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) = 4))) -> @@ -2997,13 +2952,13 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 1) -> - ("JC_33": - ("JC_31": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) + ("JC_41": + ("JC_39": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) ========== file tests/java/why/Switch_po11.why ========== goal Switch_test2_ensures_normal_po_7: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) = 7) or ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) = 4))) -> @@ -3014,12 +2969,12 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)) -> - ("JC_33": ("JC_32": (integer_of_int32(return) = 0))) + ("JC_41": ("JC_40": (integer_of_int32(return) = 0))) ========== file tests/java/why/Switch_po12.why ========== goal Switch_test2_ensures_normal_po_8: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) = 7) or ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) = 4))) -> @@ -3030,13 +2985,13 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 0) -> - ("JC_33": - ("JC_32": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) + ("JC_41": + ("JC_40": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) ========== file tests/java/why/Switch_po13.why ========== goal Switch_test2_ensures_normal_po_9: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> ((integer_of_int32(n_0) = 26) or @@ -3049,12 +3004,12 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)) -> - ("JC_33": ("JC_31": (integer_of_int32(return) = 1))) + ("JC_41": ("JC_39": (integer_of_int32(return) = 1))) ========== file tests/java/why/Switch_po14.why ========== goal Switch_test2_ensures_normal_po_10: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> ((integer_of_int32(n_0) = 26) or @@ -3067,13 +3022,13 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 1) -> - ("JC_33": - ("JC_31": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) + ("JC_41": + ("JC_39": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) ========== file tests/java/why/Switch_po15.why ========== goal Switch_test2_ensures_normal_po_11: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> ((integer_of_int32(n_0) = 26) or @@ -3086,12 +3041,12 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)) -> - ("JC_33": ("JC_32": (integer_of_int32(return) = 0))) + ("JC_41": ("JC_40": (integer_of_int32(return) = 0))) ========== file tests/java/why/Switch_po16.why ========== goal Switch_test2_ensures_normal_po_12: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> ((integer_of_int32(n_0) = 26) or @@ -3104,13 +3059,13 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 0) -> - ("JC_33": - ("JC_32": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) + ("JC_41": + ("JC_40": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) ========== file tests/java/why/Switch_po17.why ========== goal Switch_test2_ensures_normal_po_13: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> forall result:int32. ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> @@ -3119,12 +3074,12 @@ forall return:int32. (return = result) -> ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)) -> - ("JC_33": ("JC_31": (integer_of_int32(return) = 1))) + ("JC_41": ("JC_39": (integer_of_int32(return) = 1))) ========== file tests/java/why/Switch_po18.why ========== goal Switch_test2_ensures_normal_po_14: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> forall result:int32. ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> @@ -3133,13 +3088,13 @@ forall return:int32. (return = result) -> (integer_of_int32(return) = 1) -> - ("JC_33": - ("JC_31": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) + ("JC_41": + ("JC_39": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) ========== file tests/java/why/Switch_po19.why ========== goal Switch_test2_ensures_normal_po_15: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> forall result:int32. ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> @@ -3148,12 +3103,12 @@ forall return:int32. (return = result) -> ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)) -> - ("JC_33": ("JC_32": (integer_of_int32(return) = 0))) + ("JC_41": ("JC_40": (integer_of_int32(return) = 0))) -========== file tests/java/why/Switch_po1.why ========== -goal Switch_test1_ensures_normal_po_1: +========== file tests/java/why/Switch_po2.why ========== +goal Switch_test1_ensures_normal_po_2: forall n:int32. - ("JC_14": true) -> + ("JC_22": true) -> ((integer_of_int32(n) = 1) or ((integer_of_int32(n) <> 1) and (integer_of_int32(n) = 0))) -> forall result:int32. @@ -3162,13 +3117,13 @@ (r_0 = result) -> forall return:int32. (return = r_0) -> - ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1)) -> - ("JC_19": (integer_of_int32(return) = 0)) + (integer_of_int32(return) = 0) -> + ("JC_27": ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1))) ========== file tests/java/why/Switch_po20.why ========== goal Switch_test2_ensures_normal_po_16: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> forall result:int32. ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> @@ -3177,28 +3132,13 @@ forall return:int32. (return = result) -> (integer_of_int32(return) = 0) -> - ("JC_33": - ("JC_32": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) - -========== file tests/java/why/Switch_po2.why ========== -goal Switch_test1_ensures_normal_po_2: - forall n:int32. - ("JC_14": true) -> - ((integer_of_int32(n) = 1) or - ((integer_of_int32(n) <> 1) and (integer_of_int32(n) = 0))) -> - forall result:int32. - (integer_of_int32(result) = 0) -> - forall r_0:int32. - (r_0 = result) -> - forall return:int32. - (return = r_0) -> - (integer_of_int32(return) = 0) -> - ("JC_19": ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1))) + ("JC_41": + ("JC_40": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) ========== file tests/java/why/Switch_po3.why ========== goal Switch_test1_ensures_normal_po_3: forall n:int32. - ("JC_14": true) -> + ("JC_22": true) -> ((integer_of_int32(n) <> 1) and (integer_of_int32(n) <> 0)) -> forall result:int32. (integer_of_int32(result) = 2) -> @@ -3207,12 +3147,12 @@ forall return:int32. (return = r_0) -> ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1)) -> - ("JC_19": (integer_of_int32(return) = 0)) + ("JC_27": (integer_of_int32(return) = 0)) ========== file tests/java/why/Switch_po4.why ========== goal Switch_test1_ensures_normal_po_4: forall n:int32. - ("JC_14": true) -> + ("JC_22": true) -> ((integer_of_int32(n) <> 1) and (integer_of_int32(n) <> 0)) -> forall result:int32. (integer_of_int32(result) = 2) -> @@ -3221,12 +3161,12 @@ forall return:int32. (return = r_0) -> (integer_of_int32(return) = 0) -> - ("JC_19": ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1))) + ("JC_27": ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1))) ========== file tests/java/why/Switch_po5.why ========== goal Switch_test2_ensures_normal_po_1: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) = 1) or ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) = 0))) -> forall result0:int32. @@ -3236,12 +3176,12 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)) -> - ("JC_33": ("JC_31": (integer_of_int32(return) = 1))) + ("JC_41": ("JC_39": (integer_of_int32(return) = 1))) ========== file tests/java/why/Switch_po6.why ========== goal Switch_test2_ensures_normal_po_2: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) = 1) or ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) = 0))) -> forall result0:int32. @@ -3251,13 +3191,13 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 1) -> - ("JC_33": - ("JC_31": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) + ("JC_41": + ("JC_39": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) ========== file tests/java/why/Switch_po7.why ========== goal Switch_test2_ensures_normal_po_3: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) = 1) or ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) = 0))) -> forall result0:int32. @@ -3267,12 +3207,12 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)) -> - ("JC_33": ("JC_32": (integer_of_int32(return) = 0))) + ("JC_41": ("JC_40": (integer_of_int32(return) = 0))) ========== file tests/java/why/Switch_po8.why ========== goal Switch_test2_ensures_normal_po_4: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) = 1) or ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) = 0))) -> forall result0:int32. @@ -3282,13 +3222,13 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 0) -> - ("JC_33": - ("JC_32": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) + ("JC_41": + ("JC_40": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) ========== file tests/java/why/Switch_po9.why ========== goal Switch_test2_ensures_normal_po_5: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) = 7) or ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) = 4))) -> @@ -3299,7 +3239,7 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)) -> - ("JC_33": ("JC_31": (integer_of_int32(return) = 1))) + ("JC_41": ("JC_39": (integer_of_int32(return) = 1))) ========== generation of Simplify VC output ========== why -simplify [...] why/Switch.why @@ -4123,7 +4063,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -4160,6 +4100,11 @@ (EQ (integer_of_byte (byte_of_integer x)) x)))) (BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom byte_range (FORALL (x) (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) @@ -4171,6 +4116,11 @@ (EQ (integer_of_char (char_of_integer x)) x)))) (BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom char_range (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) @@ -4193,6 +4143,11 @@ (EQ (integer_of_int32 (int32_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int32_range (FORALL (x) (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) @@ -4242,6 +4197,11 @@ (EQ (integer_of_long (long_of_integer x)) x)))) (BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom long_range (FORALL (x) (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) @@ -4280,6 +4240,11 @@ (EQ (integer_of_short (short_of_integer x)) x)))) (BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom short_range (FORALL (x) (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) @@ -4312,26 +4277,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Switch p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -4360,7 +4305,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; Switch_test1_ensures_normal_po_1, File "HOME/tests/java/Switch.java", line 34, characters 18-50 +;; Switch_test1_ensures_normal_po_1, File "HOME/tests/java/Switch.java", line 36, characters 18-50 (FORALL (n) (IMPLIES TRUE (IMPLIES (OR (EQ (integer_of_int32 n) 1) @@ -4374,7 +4319,7 @@ (IMPLIES (OR (EQ (integer_of_int32 n) 0) (EQ (integer_of_int32 n) 1)) (EQ (integer_of_int32 return) 0))))))))))) -;; Switch_test1_ensures_normal_po_2, File "HOME/tests/java/Switch.java", line 34, characters 18-50 +;; Switch_test1_ensures_normal_po_2, File "HOME/tests/java/Switch.java", line 36, characters 18-50 (FORALL (n) (IMPLIES TRUE (IMPLIES (OR (EQ (integer_of_int32 n) 1) @@ -4388,7 +4333,7 @@ (IMPLIES (EQ (integer_of_int32 return) 0) (OR (EQ (integer_of_int32 n) 0) (EQ (integer_of_int32 n) 1)))))))))))) -;; Switch_test1_ensures_normal_po_3, File "HOME/tests/java/Switch.java", line 34, characters 18-50 +;; Switch_test1_ensures_normal_po_3, File "HOME/tests/java/Switch.java", line 36, characters 18-50 (FORALL (n) (IMPLIES TRUE (IMPLIES (AND (NEQ (integer_of_int32 n) 1) (NEQ (integer_of_int32 n) 0)) @@ -4401,7 +4346,7 @@ (IMPLIES (OR (EQ (integer_of_int32 n) 0) (EQ (integer_of_int32 n) 1)) (EQ (integer_of_int32 return) 0))))))))))) -;; Switch_test1_ensures_normal_po_4, File "HOME/tests/java/Switch.java", line 34, characters 18-50 +;; Switch_test1_ensures_normal_po_4, File "HOME/tests/java/Switch.java", line 36, characters 18-50 (FORALL (n) (IMPLIES TRUE (IMPLIES (AND (NEQ (integer_of_int32 n) 1) (NEQ (integer_of_int32 n) 0)) @@ -4414,7 +4359,7 @@ (IMPLIES (EQ (integer_of_int32 return) 0) (OR (EQ (integer_of_int32 n) 0) (EQ (integer_of_int32 n) 1)))))))))))) -;; Switch_test2_ensures_normal_po_1, File "HOME/tests/java/Switch.java", line 51, characters 19-51 +;; Switch_test2_ensures_normal_po_1, File "HOME/tests/java/Switch.java", line 53, characters 19-51 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (OR (EQ (integer_of_int32 n_0) 1) @@ -4428,7 +4373,7 @@ (IMPLIES (OR (EQ (integer_of_int32 n_0) 4) (EQ (integer_of_int32 n_0) 7)) (EQ (integer_of_int32 return) 1))))))))))) -;; Switch_test2_ensures_normal_po_2, File "HOME/tests/java/Switch.java", line 51, characters 19-51 +;; Switch_test2_ensures_normal_po_2, File "HOME/tests/java/Switch.java", line 53, characters 19-51 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (OR (EQ (integer_of_int32 n_0) 1) @@ -4442,7 +4387,7 @@ (IMPLIES (EQ (integer_of_int32 return) 1) (OR (EQ (integer_of_int32 n_0) 4) (EQ (integer_of_int32 n_0) 7)))))))))))) -;; Switch_test2_ensures_normal_po_3, File "HOME/tests/java/Switch.java", line 52, characters 20-52 +;; Switch_test2_ensures_normal_po_3, File "HOME/tests/java/Switch.java", line 54, characters 20-52 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (OR (EQ (integer_of_int32 n_0) 1) @@ -4456,7 +4401,7 @@ (IMPLIES (OR (EQ (integer_of_int32 n_0) 0) (EQ (integer_of_int32 n_0) 1)) (EQ (integer_of_int32 return) 0))))))))))) -;; Switch_test2_ensures_normal_po_4, File "HOME/tests/java/Switch.java", line 52, characters 20-52 +;; Switch_test2_ensures_normal_po_4, File "HOME/tests/java/Switch.java", line 54, characters 20-52 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (OR (EQ (integer_of_int32 n_0) 1) @@ -4470,7 +4415,7 @@ (IMPLIES (EQ (integer_of_int32 return) 0) (OR (EQ (integer_of_int32 n_0) 0) (EQ (integer_of_int32 n_0) 1)))))))))))) -;; Switch_test2_ensures_normal_po_5, File "HOME/tests/java/Switch.java", line 51, characters 19-51 +;; Switch_test2_ensures_normal_po_5, File "HOME/tests/java/Switch.java", line 53, characters 19-51 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (AND (NEQ (integer_of_int32 n_0) 1) (NEQ (integer_of_int32 n_0) 0)) @@ -4485,7 +4430,7 @@ (IMPLIES (OR (EQ (integer_of_int32 n_0) 4) (EQ (integer_of_int32 n_0) 7)) (EQ (integer_of_int32 return) 1)))))))))))) -;; Switch_test2_ensures_normal_po_6, File "HOME/tests/java/Switch.java", line 51, characters 19-51 +;; Switch_test2_ensures_normal_po_6, File "HOME/tests/java/Switch.java", line 53, characters 19-51 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (AND (NEQ (integer_of_int32 n_0) 1) (NEQ (integer_of_int32 n_0) 0)) @@ -4500,7 +4445,7 @@ (IMPLIES (EQ (integer_of_int32 return) 1) (OR (EQ (integer_of_int32 n_0) 4) (EQ (integer_of_int32 n_0) 7))))))))))))) -;; Switch_test2_ensures_normal_po_7, File "HOME/tests/java/Switch.java", line 52, characters 20-52 +;; Switch_test2_ensures_normal_po_7, File "HOME/tests/java/Switch.java", line 54, characters 20-52 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (AND (NEQ (integer_of_int32 n_0) 1) (NEQ (integer_of_int32 n_0) 0)) @@ -4515,7 +4460,7 @@ (IMPLIES (OR (EQ (integer_of_int32 n_0) 0) (EQ (integer_of_int32 n_0) 1)) (EQ (integer_of_int32 return) 0)))))))))))) -;; Switch_test2_ensures_normal_po_8, File "HOME/tests/java/Switch.java", line 52, characters 20-52 +;; Switch_test2_ensures_normal_po_8, File "HOME/tests/java/Switch.java", line 54, characters 20-52 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (AND (NEQ (integer_of_int32 n_0) 1) (NEQ (integer_of_int32 n_0) 0)) @@ -4530,7 +4475,7 @@ (IMPLIES (EQ (integer_of_int32 return) 0) (OR (EQ (integer_of_int32 n_0) 0) (EQ (integer_of_int32 n_0) 1))))))))))))) -;; Switch_test2_ensures_normal_po_9, File "HOME/tests/java/Switch.java", line 51, characters 19-51 +;; Switch_test2_ensures_normal_po_9, File "HOME/tests/java/Switch.java", line 53, characters 19-51 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (AND (NEQ (integer_of_int32 n_0) 1) (NEQ (integer_of_int32 n_0) 0)) @@ -4548,7 +4493,7 @@ (IMPLIES (OR (EQ (integer_of_int32 n_0) 4) (EQ (integer_of_int32 n_0) 7)) (EQ (integer_of_int32 return) 1))))))))))))) -;; Switch_test2_ensures_normal_po_10, File "HOME/tests/java/Switch.java", line 51, characters 19-51 +;; Switch_test2_ensures_normal_po_10, File "HOME/tests/java/Switch.java", line 53, characters 19-51 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (AND (NEQ (integer_of_int32 n_0) 1) (NEQ (integer_of_int32 n_0) 0)) @@ -4566,7 +4511,7 @@ (IMPLIES (EQ (integer_of_int32 return) 1) (OR (EQ (integer_of_int32 n_0) 4) (EQ (integer_of_int32 n_0) 7)))))))))))))) -;; Switch_test2_ensures_normal_po_11, File "HOME/tests/java/Switch.java", line 52, characters 20-52 +;; Switch_test2_ensures_normal_po_11, File "HOME/tests/java/Switch.java", line 54, characters 20-52 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (AND (NEQ (integer_of_int32 n_0) 1) (NEQ (integer_of_int32 n_0) 0)) @@ -4584,7 +4529,7 @@ (IMPLIES (OR (EQ (integer_of_int32 n_0) 0) (EQ (integer_of_int32 n_0) 1)) (EQ (integer_of_int32 return) 0))))))))))))) -;; Switch_test2_ensures_normal_po_12, File "HOME/tests/java/Switch.java", line 52, characters 20-52 +;; Switch_test2_ensures_normal_po_12, File "HOME/tests/java/Switch.java", line 54, characters 20-52 (FORALL (n_0) (IMPLIES TRUE (IMPLIES (AND (NEQ (integer_of_int32 n_0) 1) (NEQ (integer_of_int32 n_0) 0)) @@ -4602,7 +4547,7 @@ (IMPLIES (EQ (integer_of_int32 return) 0) (OR (EQ (integer_of_int32 n_0) 0) (EQ (integer_of_int32 n_0) 1)))))))))))))) -;; Switch_test2_ensures_normal_po_13, File "HOME/tests/java/Switch.java", line 51, characters 19-51 +;; Switch_test2_ensures_normal_po_13, File "HOME/tests/java/Switch.java", line 53, characters 19-51 (FORALL (n_0) (IMPLIES TRUE (FORALL (result) @@ -4615,7 +4560,7 @@ (IMPLIES (OR (EQ (integer_of_int32 n_0) 4) (EQ (integer_of_int32 n_0) 7)) (EQ (integer_of_int32 return) 1)))))))))) -;; Switch_test2_ensures_normal_po_14, File "HOME/tests/java/Switch.java", line 51, characters 19-51 +;; Switch_test2_ensures_normal_po_14, File "HOME/tests/java/Switch.java", line 53, characters 19-51 (FORALL (n_0) (IMPLIES TRUE (FORALL (result) @@ -4628,7 +4573,7 @@ (IMPLIES (EQ (integer_of_int32 return) 1) (OR (EQ (integer_of_int32 n_0) 4) (EQ (integer_of_int32 n_0) 7))))))))))) -;; Switch_test2_ensures_normal_po_15, File "HOME/tests/java/Switch.java", line 52, characters 20-52 +;; Switch_test2_ensures_normal_po_15, File "HOME/tests/java/Switch.java", line 54, characters 20-52 (FORALL (n_0) (IMPLIES TRUE (FORALL (result) @@ -4641,7 +4586,7 @@ (IMPLIES (OR (EQ (integer_of_int32 n_0) 0) (EQ (integer_of_int32 n_0) 1)) (EQ (integer_of_int32 return) 0)))))))))) -;; Switch_test2_ensures_normal_po_16, File "HOME/tests/java/Switch.java", line 52, characters 20-52 +;; Switch_test2_ensures_normal_po_16, File "HOME/tests/java/Switch.java", line 54, characters 20-52 (FORALL (n_0) (IMPLIES TRUE (FORALL (result) @@ -5618,7 +5563,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -5656,6 +5601,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -5668,6 +5617,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -5700,6 +5653,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -5753,6 +5711,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -5797,6 +5759,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -5837,32 +5804,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Switch(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -5901,7 +5842,7 @@ goal Switch_test1_ensures_normal_po_1: forall n:int32. - ("JC_14": true) -> + ("JC_22": true) -> ((integer_of_int32(n) = 1) or ((integer_of_int32(n) <> 1) and (integer_of_int32(n) = 0))) -> forall result:int32. @@ -5911,11 +5852,11 @@ forall return:int32. (return = r_0) -> ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1)) -> - ("JC_19": (integer_of_int32(return) = 0)) + ("JC_27": (integer_of_int32(return) = 0)) goal Switch_test1_ensures_normal_po_2: forall n:int32. - ("JC_14": true) -> + ("JC_22": true) -> ((integer_of_int32(n) = 1) or ((integer_of_int32(n) <> 1) and (integer_of_int32(n) = 0))) -> forall result:int32. @@ -5925,11 +5866,11 @@ forall return:int32. (return = r_0) -> (integer_of_int32(return) = 0) -> - ("JC_19": ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1))) + ("JC_27": ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1))) goal Switch_test1_ensures_normal_po_3: forall n:int32. - ("JC_14": true) -> + ("JC_22": true) -> ((integer_of_int32(n) <> 1) and (integer_of_int32(n) <> 0)) -> forall result:int32. (integer_of_int32(result) = 2) -> @@ -5938,11 +5879,11 @@ forall return:int32. (return = r_0) -> ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1)) -> - ("JC_19": (integer_of_int32(return) = 0)) + ("JC_27": (integer_of_int32(return) = 0)) goal Switch_test1_ensures_normal_po_4: forall n:int32. - ("JC_14": true) -> + ("JC_22": true) -> ((integer_of_int32(n) <> 1) and (integer_of_int32(n) <> 0)) -> forall result:int32. (integer_of_int32(result) = 2) -> @@ -5951,11 +5892,11 @@ forall return:int32. (return = r_0) -> (integer_of_int32(return) = 0) -> - ("JC_19": ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1))) + ("JC_27": ((integer_of_int32(n) = 0) or (integer_of_int32(n) = 1))) goal Switch_test2_ensures_normal_po_1: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) = 1) or ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) = 0))) -> forall result0:int32. @@ -5965,11 +5906,11 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)) -> - ("JC_33": ("JC_31": (integer_of_int32(return) = 1))) + ("JC_41": ("JC_39": (integer_of_int32(return) = 1))) goal Switch_test2_ensures_normal_po_2: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) = 1) or ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) = 0))) -> forall result0:int32. @@ -5979,12 +5920,12 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 1) -> - ("JC_33": - ("JC_31": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) + ("JC_41": + ("JC_39": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) goal Switch_test2_ensures_normal_po_3: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) = 1) or ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) = 0))) -> forall result0:int32. @@ -5994,11 +5935,11 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)) -> - ("JC_33": ("JC_32": (integer_of_int32(return) = 0))) + ("JC_41": ("JC_40": (integer_of_int32(return) = 0))) goal Switch_test2_ensures_normal_po_4: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) = 1) or ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) = 0))) -> forall result0:int32. @@ -6008,12 +5949,12 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 0) -> - ("JC_33": - ("JC_32": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) + ("JC_41": + ("JC_40": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) goal Switch_test2_ensures_normal_po_5: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) = 7) or ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) = 4))) -> @@ -6024,11 +5965,11 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)) -> - ("JC_33": ("JC_31": (integer_of_int32(return) = 1))) + ("JC_41": ("JC_39": (integer_of_int32(return) = 1))) goal Switch_test2_ensures_normal_po_6: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) = 7) or ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) = 4))) -> @@ -6039,12 +5980,12 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 1) -> - ("JC_33": - ("JC_31": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) + ("JC_41": + ("JC_39": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) goal Switch_test2_ensures_normal_po_7: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) = 7) or ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) = 4))) -> @@ -6055,11 +5996,11 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)) -> - ("JC_33": ("JC_32": (integer_of_int32(return) = 0))) + ("JC_41": ("JC_40": (integer_of_int32(return) = 0))) goal Switch_test2_ensures_normal_po_8: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) = 7) or ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) = 4))) -> @@ -6070,12 +6011,12 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 0) -> - ("JC_33": - ("JC_32": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) + ("JC_41": + ("JC_40": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) goal Switch_test2_ensures_normal_po_9: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> ((integer_of_int32(n_0) = 26) or @@ -6088,11 +6029,11 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)) -> - ("JC_33": ("JC_31": (integer_of_int32(return) = 1))) + ("JC_41": ("JC_39": (integer_of_int32(return) = 1))) goal Switch_test2_ensures_normal_po_10: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> ((integer_of_int32(n_0) = 26) or @@ -6105,12 +6046,12 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 1) -> - ("JC_33": - ("JC_31": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) + ("JC_41": + ("JC_39": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) goal Switch_test2_ensures_normal_po_11: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> ((integer_of_int32(n_0) = 26) or @@ -6123,11 +6064,11 @@ forall return:int32. (return = r) -> ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)) -> - ("JC_33": ("JC_32": (integer_of_int32(return) = 0))) + ("JC_41": ("JC_40": (integer_of_int32(return) = 0))) goal Switch_test2_ensures_normal_po_12: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> ((integer_of_int32(n_0) = 26) or @@ -6140,12 +6081,12 @@ forall return:int32. (return = r) -> (integer_of_int32(return) = 0) -> - ("JC_33": - ("JC_32": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) + ("JC_41": + ("JC_40": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) goal Switch_test2_ensures_normal_po_13: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> forall result:int32. ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> @@ -6154,11 +6095,11 @@ forall return:int32. (return = result) -> ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)) -> - ("JC_33": ("JC_31": (integer_of_int32(return) = 1))) + ("JC_41": ("JC_39": (integer_of_int32(return) = 1))) goal Switch_test2_ensures_normal_po_14: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> forall result:int32. ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> @@ -6167,12 +6108,12 @@ forall return:int32. (return = result) -> (integer_of_int32(return) = 1) -> - ("JC_33": - ("JC_31": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) + ("JC_41": + ("JC_39": ((integer_of_int32(n_0) = 4) or (integer_of_int32(n_0) = 7)))) goal Switch_test2_ensures_normal_po_15: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> forall result:int32. ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> @@ -6181,11 +6122,11 @@ forall return:int32. (return = result) -> ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)) -> - ("JC_33": ("JC_32": (integer_of_int32(return) = 0))) + ("JC_41": ("JC_40": (integer_of_int32(return) = 0))) goal Switch_test2_ensures_normal_po_16: forall n_0:int32. - ("JC_26": true) -> + ("JC_34": true) -> forall result:int32. ((integer_of_int32(n_0) <> 1) and (integer_of_int32(n_0) <> 0)) -> ((integer_of_int32(n_0) <> 7) and (integer_of_int32(n_0) <> 4)) -> @@ -6194,8 +6135,8 @@ forall return:int32. (return = result) -> (integer_of_int32(return) = 0) -> - ("JC_33": - ("JC_32": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) + ("JC_41": + ("JC_40": ((integer_of_int32(n_0) = 0) or (integer_of_int32(n_0) = 1)))) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations diff -Nru why-2.29+dfsg/tests/java/oracle/Termination.res.oracle why-2.30+dfsg/tests/java/oracle/Termination.res.oracle --- why-2.29+dfsg/tests/java/oracle/Termination.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/Termination.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -2,30 +2,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ //@+ CheckArithOverflow = no @@ -54,6 +56,14 @@ } + +/* +Local Variables: +compile-command: "make Termination.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -70,7 +80,10 @@ # AbstractDomain = None predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) + +String[0..] any_string() +; tag Object = { } @@ -157,43 +170,43 @@ ========== file tests/java/Termination.jloc ========== [K_10] file = "HOME/tests/java/Termination.java" -line = 47 +line = 49 begin = 25 end = 33 [K_11] file = "HOME/tests/java/Termination.java" -line = 47 +line = 49 begin = 20 end = 26 [K_12] file = "HOME/tests/java/Termination.java" -line = 47 +line = 49 begin = 20 end = 33 [K_13] file = "HOME/tests/java/Termination.java" -line = 48 +line = 50 begin = 18 end = 19 [K_14] file = "HOME/tests/java/Termination.java" -line = 50 +line = 52 begin = 15 end = 18 [K_15] file = "HOME/tests/java/Termination.java" -line = 50 +line = 52 begin = 8 end = 13 [K_16] file = "HOME/tests/java/Termination.java" -line = 46 +line = 48 begin = 9 end = 12 @@ -206,76 +219,76 @@ [K_1] file = "HOME/tests/java/Termination.java" -line = 35 +line = 37 begin = 5 end = 20 [K_2] file = "HOME/tests/java/Termination.java" -line = 35 +line = 37 begin = 18 end = 19 [K_3] file = "HOME/tests/java/Termination.java" -line = 36 +line = 38 begin = 15 end = 18 [K_4] file = "HOME/tests/java/Termination.java" -line = 36 +line = 38 begin = 8 end = 13 [K_5] file = "HOME/tests/java/Termination.java" -line = 40 +line = 42 begin = 5 end = 24 [K_6] file = "HOME/tests/java/Termination.java" -line = 40 +line = 42 begin = 18 end = 23 [K_7] file = "HOME/tests/java/Termination.java" -line = 41 +line = 43 begin = 17 end = 20 [K_8] file = "HOME/tests/java/Termination.java" -line = 41 +line = 43 begin = 8 end = 15 [K_9] file = "HOME/tests/java/Termination.java" -line = 44 +line = 46 begin = 16 end = 28 [Termination_loop1] name = "Method loop1" file = "HOME/tests/java/Termination.java" -line = 34 +line = 36 begin = 9 end = 14 [Termination_loop2] name = "Method loop2" file = "HOME/tests/java/Termination.java" -line = 39 +line = 41 begin = 9 end = 14 [Termination_loop3] name = "Method loop3" file = "HOME/tests/java/Termination.java" -line = 45 +line = 47 begin = 8 end = 13 @@ -299,10 +312,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs Termination.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/Termination_why.sx @@ -363,6 +377,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/Termination_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/Termination_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -435,6 +456,9 @@ why3ide: why/Termination_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: Termination.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include Termination.depend depend: coq/Termination_why.v @@ -453,16 +477,16 @@ end = -1 [JC_40] -file = "HOME/tests/java/Termination.java" -line = 40 -begin = 18 -end = 23 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_41] -file = "HOME/tests/java/Termination.java" -line = 40 -begin = 5 -end = 24 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_42] file = "HOME/" @@ -471,22 +495,22 @@ end = -1 [JC_43] -file = "HOME/tests/java/Termination.jc" -line = 54 -begin = 3 -end = 149 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_44] -file = "HOME/tests/java/Termination.jc" -line = 54 -begin = 3 -end = 149 +file = "HOME/tests/java/Termination.java" +line = 42 +begin = 5 +end = 24 [Termination_loop1_ensures_default] name = "Method loop1" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Termination.java" -line = 34 +line = 36 begin = 9 end = 14 @@ -494,33 +518,33 @@ name = "Method loop1" behavior = "Safety" file = "HOME/tests/java/Termination.java" -line = 34 +line = 36 begin = 9 end = 14 [JC_45] -file = "HOME/tests/java/Termination.java" -line = 45 -begin = 8 -end = 13 - -[JC_46] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_46] +file = "HOME/tests/java/Termination.jc" +line = 57 +begin = 3 +end = 149 + [JC_1] file = "HOME/tests/java/Termination.jc" -line = 32 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 [JC_47] -file = "HOME/tests/java/Termination.java" -line = 45 -begin = 8 -end = 13 +file = "HOME/tests/java/Termination.jc" +line = 57 +begin = 3 +end = 149 [JC_2] file = "HOME/" @@ -529,22 +553,22 @@ end = -1 [JC_48] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Termination.java" +line = 42 +begin = 18 +end = 23 [JC_3] file = "HOME/tests/java/Termination.jc" -line = 32 -begin = 8 -end = 23 +line = 10 +begin = 12 +end = 22 [JC_49] file = "HOME/tests/java/Termination.java" -line = 44 -begin = 16 -end = 28 +line = 42 +begin = 5 +end = 24 [JC_4] file = "HOME/" @@ -566,9 +590,9 @@ [Termination_loop3_ensures_default] name = "Method loop3" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Termination.java" -line = 45 +line = 47 begin = 8 end = 13 @@ -586,45 +610,45 @@ [JC_9] file = "HOME/tests/java/Termination.jc" -line = 34 -begin = 11 -end = 65 +line = 35 +begin = 8 +end = 23 [JC_50] -file = "HOME/tests/java/Termination.java" -line = 44 -begin = 16 -end = 28 - -[JC_51] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_51] +file = "HOME/tests/java/Termination.jc" +line = 57 +begin = 3 +end = 149 + [JC_52] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Termination.jc" +line = 57 +begin = 3 +end = 149 [JC_53] file = "HOME/tests/java/Termination.java" line = 47 -begin = 20 -end = 26 +begin = 8 +end = 13 [JC_54] -file = "HOME/tests/java/Termination.java" -line = 47 -begin = 25 -end = 33 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_55] file = "HOME/tests/java/Termination.java" line = 47 -begin = 20 -end = 33 +begin = 8 +end = 13 [JC_56] file = "HOME/" @@ -633,80 +657,80 @@ end = -1 [JC_57] -file = "HOME/tests/java/Termination.jc" -line = 71 -begin = 9 -end = 217 +file = "HOME/tests/java/Termination.java" +line = 46 +begin = 16 +end = 28 [Termination_loop2_safety] name = "Method loop2" behavior = "Safety" file = "HOME/tests/java/Termination.java" -line = 39 +line = 41 begin = 9 end = 14 [JC_58] -file = "HOME/tests/java/Termination.jc" -line = 71 -begin = 9 -end = 217 +file = "HOME/tests/java/Termination.java" +line = 46 +begin = 16 +end = 28 [JC_59] -file = "HOME/tests/java/Termination.java" -line = 48 -begin = 18 -end = 19 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_60] -file = "HOME/tests/java/Termination.java" -line = 47 -begin = 20 -end = 26 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_61] file = "HOME/tests/java/Termination.java" -line = 47 -begin = 25 -end = 33 +line = 49 +begin = 20 +end = 26 [JC_62] file = "HOME/tests/java/Termination.java" -line = 47 -begin = 20 +line = 49 +begin = 25 end = 33 [Termination_loop2_ensures_default] name = "Method loop2" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/Termination.java" -line = 39 +line = 41 begin = 9 end = 14 [JC_10] -file = "HOME/tests/java/Termination.jc" -line = 34 -begin = 11 -end = 65 - -[JC_63] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_11] +[JC_63] file = "HOME/tests/java/Termination.java" -line = 34 -begin = 9 -end = 14 +line = 49 +begin = 20 +end = 33 -[JC_64] +[JC_11] file = "HOME/tests/java/Termination.jc" -line = 71 -begin = 9 -end = 217 +line = 35 +begin = 8 +end = 23 + +[JC_64] +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_12] file = "HOME/" @@ -716,22 +740,22 @@ [JC_65] file = "HOME/tests/java/Termination.jc" -line = 71 +line = 74 begin = 9 end = 217 [JC_13] -file = "HOME/tests/java/Termination.java" -line = 34 -begin = 9 -end = 14 - -[JC_66] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_66] +file = "HOME/tests/java/Termination.jc" +line = 74 +begin = 9 +end = 217 + [JC_14] file = "HOME/" line = 0 @@ -739,10 +763,10 @@ end = -1 [JC_67] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Termination.java" +line = 50 +begin = 18 +end = 19 [JC_15] file = "HOME/" @@ -751,10 +775,10 @@ end = -1 [JC_68] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Termination.java" +line = 49 +begin = 20 +end = 26 [JC_16] file = "HOME/" @@ -763,162 +787,210 @@ end = -1 [JC_69] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Termination.java" +line = 49 +begin = 25 +end = 33 [JC_17] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Termination.jc" +line = 37 +begin = 11 +end = 65 [Termination_loop3_safety] name = "Method loop3" behavior = "Safety" file = "HOME/tests/java/Termination.java" -line = 45 +line = 47 begin = 8 end = 13 [JC_18] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/Termination.jc" +line = 37 +begin = 11 +end = 65 [JC_19] file = "HOME/tests/java/Termination.java" -line = 35 -begin = 5 -end = 20 +line = 36 +begin = 9 +end = 14 [JC_70] +file = "HOME/tests/java/Termination.java" +line = 49 +begin = 20 +end = 33 + +[JC_71] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_71] +[JC_72] +file = "HOME/tests/java/Termination.jc" +line = 74 +begin = 9 +end = 217 + +[JC_20] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_72] +[JC_73] +file = "HOME/tests/java/Termination.jc" +line = 74 +begin = 9 +end = 217 + +[JC_21] +file = "HOME/tests/java/Termination.java" +line = 36 +begin = 9 +end = 14 + +[JC_74] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_20] +[JC_22] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_73] +[JC_75] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_21] -file = "HOME/tests/java/Termination.jc" -line = 43 -begin = 3 -end = 133 - -[JC_22] -file = "HOME/tests/java/Termination.jc" -line = 43 -begin = 3 -end = 133 - [JC_23] -file = "HOME/tests/java/Termination.java" -line = 35 -begin = 18 -end = 19 - -[JC_24] -file = "HOME/tests/java/Termination.java" -line = 35 -begin = 5 -end = 20 +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_25] +[JC_76] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_26] -file = "HOME/tests/java/Termination.jc" -line = 43 -begin = 3 -end = 133 +[JC_24] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_27] -file = "HOME/tests/java/Termination.jc" -line = 43 -begin = 3 -end = 133 +[JC_77] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_28] -file = "HOME/tests/java/Termination.java" -line = 39 -begin = 9 -end = 14 +[JC_25] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_29] +[JC_78] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_30] -file = "HOME/tests/java/Termination.java" -line = 39 -begin = 9 -end = 14 +[JC_26] +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_31] +[JC_79] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_32] +[JC_27] +file = "HOME/tests/java/Termination.java" +line = 37 +begin = 5 +end = 20 + +[JC_28] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_33] +[JC_29] +file = "HOME/tests/java/Termination.jc" +line = 46 +begin = 3 +end = 133 + +[JC_80] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_34] +[JC_81] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_35] +[JC_30] +file = "HOME/tests/java/Termination.jc" +line = 46 +begin = 3 +end = 133 + +[JC_31] +file = "HOME/tests/java/Termination.java" +line = 37 +begin = 18 +end = 19 + +[JC_32] +file = "HOME/tests/java/Termination.java" +line = 37 +begin = 5 +end = 20 + +[JC_33] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_34] +file = "HOME/tests/java/Termination.jc" +line = 46 +begin = 3 +end = 133 + +[JC_35] +file = "HOME/tests/java/Termination.jc" +line = 46 +begin = 3 +end = 133 + [JC_36] file = "HOME/tests/java/Termination.java" -line = 40 -begin = 5 -end = 24 +line = 41 +begin = 9 +end = 14 [JC_37] file = "HOME/" @@ -927,45 +999,39 @@ end = -1 [JC_38] -file = "HOME/tests/java/Termination.jc" -line = 54 -begin = 3 -end = 149 +file = "HOME/tests/java/Termination.java" +line = 41 +begin = 9 +end = 14 [cons_Termination_ensures_default] name = "Constructor of class Termination" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/" line = 0 begin = -1 end = -1 [JC_39] -file = "HOME/tests/java/Termination.jc" -line = 54 -begin = 3 -end = 149 +file = "HOME/" +line = 0 +begin = -1 +end = -1 ========== file tests/java/why/Termination.why ========== type Object type interface -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_0:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_0), (0)) + ge_int(offset_max(Object_alloc_table, x_0), (0)) axiom Object_int : (int_of_tag(Object_tag) = (1)) @@ -982,8 +1048,6 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) @@ -992,8 +1056,6 @@ axiom Termination_parenttag_Object : parenttag(Termination_tag, Object_tag) -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -1106,32 +1168,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Termination(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) @@ -1168,10 +1204,18 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter Object_alloc_table : Object alloc_table ref parameter Object_tag_table : Object tag_table ref +exception Return_label_exc of unit + parameter Termination_loop1 : this_2:Object pointer -> n:int -> { } unit reads Object_alloc_table { true } @@ -1188,119 +1232,13 @@ parameter Termination_loop3 : this_0:Object pointer -> - { } int reads Object_alloc_table { (JC_50: eq_int(result, (0))) } + { } int reads Object_alloc_table { (JC_58: (result = (0))) } parameter Termination_loop3_requires : this_0:Object pointer -> - { } int reads Object_alloc_table { (JC_50: eq_int(result, (0))) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + { } int reads Object_alloc_table { (JC_58: (result = (0))) } -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Termination : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Termination(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Termination_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Termination(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1444,6 +1382,10 @@ and (alloc_fresh(interface_alloc_table@, result, n) and instanceof(interface_tag_table, result, interface_tag)))) } +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + parameter cons_Termination : this_3:Object pointer -> { } unit reads Object_alloc_table { true } @@ -1453,15 +1395,15 @@ parameter non_null_Object : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } parameter non_null_Object_requires : x_1:Object pointer -> { } bool reads Object_alloc_table - { (JC_10: - (if result then eq_int(offset_max(Object_alloc_table, x_1), (0)) + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) else (x_1 = null))) } let Termination_loop1_ensures_default = @@ -1474,11 +1416,10 @@ try (loop_2: while true do - { invariant (JC_24: (true = true)) } + { invariant (JC_32: (true = true)) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_4: ((gt_int_ !mutable_n) (0))) then @@ -1488,11 +1429,11 @@ begin (let jessie_ = (mutable_n := ((sub_int jessie_) (1))) in void); jessie_ end)) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (raise Return) end with Return -> - void end)) { (JC_15: true) } + void end)) { (JC_23: true) } let Termination_loop1_safety = fun (this_2 : Object pointer) (n : int) -> @@ -1504,11 +1445,10 @@ try (loop_1: while true do - { invariant (JC_21: true) variant (JC_23 : mutable_n) } + { invariant (JC_29: true) variant (JC_31 : mutable_n) } begin - [ { } unit { (JC_19: (true = true)) } ]; + [ { } unit { (JC_27: (true = true)) } ]; try - (let jessie_ = begin (if (K_4: ((gt_int_ !mutable_n) (0))) then @@ -1518,8 +1458,8 @@ begin (let jessie_ = (mutable_n := ((sub_int jessie_) (1))) in void); jessie_ end)) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (raise Return) end with Return -> void end)) { true } @@ -1534,11 +1474,10 @@ try (loop_4: while true do - { invariant (JC_41: (true = true)) } + { invariant (JC_49: (true = true)) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_8: ((lt_int_ !mutable_n_0) (100))) then @@ -1548,11 +1487,11 @@ begin (let jessie_ = (mutable_n_0 := ((add_int jessie_) (1))) in void); jessie_ end)) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (raise Return) end with Return -> - void end)) { (JC_32: true) } + void end)) { (JC_40: true) } let Termination_loop2_safety = fun (this_1 : Object pointer) (n_0 : int) -> @@ -1564,12 +1503,11 @@ try (loop_3: while true do - { invariant (JC_38: true) - variant (JC_40 : sub_int((100), mutable_n_0)) } + { invariant (JC_46: true) + variant (JC_48 : sub_int((100), mutable_n_0)) } begin - [ { } unit { (JC_36: (true = true)) } ]; + [ { } unit { (JC_44: (true = true)) } ]; try - (let jessie_ = begin (if (K_8: ((lt_int_ !mutable_n_0) (100))) then @@ -1579,8 +1517,8 @@ begin (let jessie_ = (mutable_n_0 := ((add_int jessie_) (1))) in void); jessie_ end)) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (raise Return) end with Return -> void end)) { true } @@ -1598,12 +1536,11 @@ (loop_6: while true do { invariant - (JC_62: ((JC_60: le_int((0), i)) and (JC_61: le_int(i, (100))))) + (JC_70: ((JC_68: le_int((0), i)) and (JC_69: le_int(i, (100))))) } begin [ { } unit { true } ]; try - (let jessie_ = begin (if (K_15: ((gt_int_ !i) (0))) then @@ -1612,13 +1549,12 @@ (let jessie_ = !i in begin (let jessie_ = (i := ((sub_int jessie_) (1))) in void); - jessie_ end)) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + jessie_ end)) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (return := !i); (raise Return) end); absurd end with Return -> !return end)) - { (JC_49: eq_int(result, (0))) } + { (JC_57: (result = (0))) } let Termination_loop3_safety = fun (this_0 : Object pointer) -> @@ -1632,13 +1568,12 @@ try (loop_5: while true do - { invariant (JC_57: true) variant (JC_59 : i) } + { invariant (JC_65: true) variant (JC_67 : i) } begin [ { } unit reads i - { (JC_55: - ((JC_53: le_int((0), i)) and (JC_54: le_int(i, (100))))) } ]; + { (JC_63: + ((JC_61: le_int((0), i)) and (JC_62: le_int(i, (100))))) } ]; try - (let jessie_ = begin (if (K_15: ((gt_int_ !i) (0))) then @@ -1647,9 +1582,8 @@ (let jessie_ = !i in begin (let jessie_ = (i := ((sub_int jessie_) (1))) in void); - jessie_ end)) in void) - else (let jessie_ = (raise (Loop_exit_exc void)) in void)); - (raise (Loop_continue_exc void)) end in void) with + jessie_ end)) in void) else (raise (Loop_exit_exc void))); + (raise (Loop_continue_exc void)) end with Loop_continue_exc jessie_ -> void end end done) with Loop_exit_exc jessie_ -> void end; (return := !i); (raise Return) end); absurd end with Return -> !return end)) { true } @@ -1658,7 +1592,7 @@ fun (this_3 : Object pointer) -> { valid_struct_Termination(this_3, (0), (0), Object_alloc_table) } (init: try begin void; (raise Return) end with Return -> void end) - { (JC_70: true) } + { (JC_78: true) } let cons_Termination_safety = fun (this_3 : Object pointer) -> @@ -1673,48 +1607,48 @@ - - - - - - - - - - - + - + - + - + - + - + + + + + + + + + + + - + - + @@ -1723,11 +1657,11 @@ - + - + @@ -2678,7 +2612,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -2816,32 +2750,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Termination(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -2878,18 +2786,31 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +========== file tests/java/why/Termination_po1.why ========== +goal Termination_loop1_safety_po_1: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + valid_struct_Termination(this_2, 0, 0, Object_alloc_table) -> + forall mutable_n:int. + ("JC_29": true) -> + ("JC_27": (true = true)) -> + (mutable_n > 0) -> + forall mutable_n0:int. + (mutable_n0 = (mutable_n - 1)) -> + (0 <= ("JC_31": mutable_n)) + ========== file tests/java/why/Termination_po10.why ========== goal Termination_loop3_safety_po_1: forall this_0:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> forall i:int. - ("JC_57": true) -> - ("JC_55": (("JC_53": (0 <= i)) and ("JC_54": (i <= 100)))) -> + ("JC_65": true) -> + ("JC_63": (("JC_61": (0 <= i)) and ("JC_62": (i <= 100)))) -> (i > 0) -> forall i0:int. (i0 = (i - 1)) -> - (0 <= ("JC_59": i)) + (0 <= ("JC_67": i)) ========== file tests/java/why/Termination_po11.why ========== goal Termination_loop3_safety_po_2: @@ -2897,25 +2818,12 @@ forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> forall i:int. - ("JC_57": true) -> - ("JC_55": (("JC_53": (0 <= i)) and ("JC_54": (i <= 100)))) -> + ("JC_65": true) -> + ("JC_63": (("JC_61": (0 <= i)) and ("JC_62": (i <= 100)))) -> (i > 0) -> forall i0:int. (i0 = (i - 1)) -> - (("JC_59": i0) < ("JC_59": i)) - -========== file tests/java/why/Termination_po1.why ========== -goal Termination_loop1_safety_po_1: - forall this_2:Object pointer. - forall Object_alloc_table:Object alloc_table. - valid_struct_Termination(this_2, 0, 0, Object_alloc_table) -> - forall mutable_n:int. - ("JC_21": true) -> - ("JC_19": (true = true)) -> - (mutable_n > 0) -> - forall mutable_n0:int. - (mutable_n0 = (mutable_n - 1)) -> - (0 <= ("JC_23": mutable_n)) + (("JC_67": i0) < ("JC_67": i)) ========== file tests/java/why/Termination_po2.why ========== goal Termination_loop1_safety_po_2: @@ -2923,12 +2831,12 @@ forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_2, 0, 0, Object_alloc_table) -> forall mutable_n:int. - ("JC_21": true) -> - ("JC_19": (true = true)) -> + ("JC_29": true) -> + ("JC_27": (true = true)) -> (mutable_n > 0) -> forall mutable_n0:int. (mutable_n0 = (mutable_n - 1)) -> - (("JC_23": mutable_n0) < ("JC_23": mutable_n)) + (("JC_31": mutable_n0) < ("JC_31": mutable_n)) ========== file tests/java/why/Termination_po3.why ========== goal Termination_loop2_safety_po_1: @@ -2936,12 +2844,12 @@ forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_1, 0, 0, Object_alloc_table) -> forall mutable_n_0:int. - ("JC_38": true) -> - ("JC_36": (true = true)) -> + ("JC_46": true) -> + ("JC_44": (true = true)) -> (mutable_n_0 < 100) -> forall mutable_n_0_0:int. (mutable_n_0_0 = (mutable_n_0 + 1)) -> - (0 <= ("JC_40": (100 - mutable_n_0))) + (0 <= ("JC_48": (100 - mutable_n_0))) ========== file tests/java/why/Termination_po4.why ========== goal Termination_loop2_safety_po_2: @@ -2949,26 +2857,26 @@ forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_1, 0, 0, Object_alloc_table) -> forall mutable_n_0:int. - ("JC_38": true) -> - ("JC_36": (true = true)) -> + ("JC_46": true) -> + ("JC_44": (true = true)) -> (mutable_n_0 < 100) -> forall mutable_n_0_0:int. (mutable_n_0_0 = (mutable_n_0 + 1)) -> - (("JC_40": (100 - mutable_n_0_0)) < ("JC_40": (100 - mutable_n_0))) + (("JC_48": (100 - mutable_n_0_0)) < ("JC_48": (100 - mutable_n_0))) ========== file tests/java/why/Termination_po5.why ========== goal Termination_loop3_ensures_default_po_1: forall this_0:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> - ("JC_62": ("JC_60": ("JC_60": (0 <= 100)))) + ("JC_70": ("JC_68": (0 <= 100))) ========== file tests/java/why/Termination_po6.why ========== goal Termination_loop3_ensures_default_po_2: forall this_0:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> - ("JC_62": ("JC_61": ("JC_61": (100 <= 100)))) + ("JC_70": ("JC_69": (100 <= 100))) ========== file tests/java/why/Termination_po7.why ========== goal Termination_loop3_ensures_default_po_3: @@ -2976,11 +2884,11 @@ forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> forall i:int. - ("JC_62": (("JC_60": (0 <= i)) and ("JC_61": (i <= 100)))) -> + ("JC_70": (("JC_68": (0 <= i)) and ("JC_69": (i <= 100)))) -> (i > 0) -> forall i0:int. (i0 = (i - 1)) -> - ("JC_62": ("JC_60": ("JC_60": (0 <= i0)))) + ("JC_70": ("JC_68": (0 <= i0))) ========== file tests/java/why/Termination_po8.why ========== goal Termination_loop3_ensures_default_po_4: @@ -2988,11 +2896,11 @@ forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> forall i:int. - ("JC_62": (("JC_60": (0 <= i)) and ("JC_61": (i <= 100)))) -> + ("JC_70": (("JC_68": (0 <= i)) and ("JC_69": (i <= 100)))) -> (i > 0) -> forall i0:int. (i0 = (i - 1)) -> - ("JC_62": ("JC_61": ("JC_61": (i0 <= 100)))) + ("JC_70": ("JC_69": (i0 <= 100))) ========== file tests/java/why/Termination_po9.why ========== goal Termination_loop3_ensures_default_po_5: @@ -3000,11 +2908,11 @@ forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> forall i:int. - ("JC_62": (("JC_60": (0 <= i)) and ("JC_61": (i <= 100)))) -> + ("JC_70": (("JC_68": (0 <= i)) and ("JC_69": (i <= 100)))) -> (i <= 0) -> forall return:int. (return = i) -> - ("JC_49": (return = 0)) + ("JC_57": (return = 0)) ========== generation of Simplify VC output ========== why -simplify [...] why/Termination.why @@ -3828,7 +3736,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_0 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_0) 0)) + (>= (offset_max Object_alloc_table x_0) 0)) (BG_PUSH ;; Why axiom Object_int @@ -3947,26 +3855,6 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Termination p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) (>= (offset_max Object_alloc_table p) b))) @@ -3995,7 +3883,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; Termination_loop1_safety_po_1, File "HOME/tests/java/Termination.java", line 35, characters 18-19 +;; Termination_loop1_safety_po_1, File "HOME/tests/java/Termination.java", line 37, characters 18-19 (FORALL (this_2) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_2 0 0 Object_alloc_table) @@ -4006,7 +3894,7 @@ (FORALL (mutable_n0) (IMPLIES (EQ mutable_n0 (- mutable_n 1)) (<= 0 mutable_n)))))))))) -;; Termination_loop1_safety_po_2, File "HOME/tests/java/Termination.java", line 35, characters 18-19 +;; Termination_loop1_safety_po_2, File "HOME/tests/java/Termination.java", line 37, characters 18-19 (FORALL (this_2) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_2 0 0 Object_alloc_table) @@ -4017,7 +3905,7 @@ (FORALL (mutable_n0) (IMPLIES (EQ mutable_n0 (- mutable_n 1)) (< mutable_n0 mutable_n)))))))))) -;; Termination_loop2_safety_po_1, File "HOME/tests/java/Termination.java", line 40, characters 18-23 +;; Termination_loop2_safety_po_1, File "HOME/tests/java/Termination.java", line 42, characters 18-23 (FORALL (this_1) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_1 0 0 Object_alloc_table) @@ -4028,7 +3916,7 @@ (FORALL (mutable_n_0_0) (IMPLIES (EQ mutable_n_0_0 (+ mutable_n_0 1)) (<= 0 (- 100 mutable_n_0))))))))))) -;; Termination_loop2_safety_po_2, File "HOME/tests/java/Termination.java", line 40, characters 18-23 +;; Termination_loop2_safety_po_2, File "HOME/tests/java/Termination.java", line 42, characters 18-23 (FORALL (this_1) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_1 0 0 Object_alloc_table) @@ -4040,18 +3928,18 @@ (IMPLIES (EQ mutable_n_0_0 (+ mutable_n_0 1)) (< (- 100 mutable_n_0_0) (- 100 mutable_n_0))))))))))) -;; Termination_loop3_ensures_default_po_1, File "HOME/tests/java/Termination.java", line 47, characters 20-26 +;; Termination_loop3_ensures_default_po_1, File "HOME/tests/java/Termination.java", line 49, characters 20-26 (FORALL (this_0) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_0 0 0 Object_alloc_table) (<= 0 100)))) -;; Termination_loop3_ensures_default_po_2, File "HOME/tests/java/Termination.java", line 47, characters 25-33 +;; Termination_loop3_ensures_default_po_2, File "HOME/tests/java/Termination.java", line 49, characters 25-33 (FORALL (this_0) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_0 0 0 Object_alloc_table) (<= 100 100)))) -;; Termination_loop3_ensures_default_po_3, File "HOME/tests/java/Termination.java", line 47, characters 20-26 +;; Termination_loop3_ensures_default_po_3, File "HOME/tests/java/Termination.java", line 49, characters 20-26 (FORALL (this_0) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_0 0 0 Object_alloc_table) @@ -4059,7 +3947,7 @@ (IMPLIES (AND (<= 0 i) (<= i 100)) (IMPLIES (> i 0) (FORALL (i0) (IMPLIES (EQ i0 (- i 1)) (<= 0 i0))))))))) -;; Termination_loop3_ensures_default_po_4, File "HOME/tests/java/Termination.java", line 47, characters 25-33 +;; Termination_loop3_ensures_default_po_4, File "HOME/tests/java/Termination.java", line 49, characters 25-33 (FORALL (this_0) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_0 0 0 Object_alloc_table) @@ -4067,7 +3955,7 @@ (IMPLIES (AND (<= 0 i) (<= i 100)) (IMPLIES (> i 0) (FORALL (i0) (IMPLIES (EQ i0 (- i 1)) (<= i0 100))))))))) -;; Termination_loop3_ensures_default_po_5, File "HOME/tests/java/Termination.java", line 44, characters 16-28 +;; Termination_loop3_ensures_default_po_5, File "HOME/tests/java/Termination.java", line 46, characters 16-28 (FORALL (this_0) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_0 0 0 Object_alloc_table) @@ -4075,7 +3963,7 @@ (IMPLIES (AND (<= 0 i) (<= i 100)) (IMPLIES (<= i 0) (FORALL (return) (IMPLIES (EQ return i) (EQ return 0))))))))) -;; Termination_loop3_safety_po_1, File "HOME/tests/java/Termination.java", line 48, characters 18-19 +;; Termination_loop3_safety_po_1, File "HOME/tests/java/Termination.java", line 50, characters 18-19 (FORALL (this_0) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_0 0 0 Object_alloc_table) @@ -4084,7 +3972,7 @@ (IMPLIES (AND (<= 0 i) (<= i 100)) (IMPLIES (> i 0) (FORALL (i0) (IMPLIES (EQ i0 (- i 1)) (<= 0 i)))))))))) -;; Termination_loop3_safety_po_2, File "HOME/tests/java/Termination.java", line 48, characters 18-19 +;; Termination_loop3_safety_po_2, File "HOME/tests/java/Termination.java", line 50, characters 18-19 (FORALL (this_0) (FORALL (Object_alloc_table) (IMPLIES (valid_struct_Termination this_0 0 0 Object_alloc_table) @@ -5047,7 +4935,7 @@ predicate Non_null_Object(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_0) = 0) + x_0) >= 0) axiom Object_int: (int_of_tag(Object_tag) = 1) @@ -5185,32 +5073,6 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Termination(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = ((offset_min(Object_alloc_table, p) <= a) and @@ -5252,117 +5114,117 @@ forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_2, 0, 0, Object_alloc_table) -> forall mutable_n:int. - ("JC_21": true) -> - ("JC_19": (true = true)) -> + ("JC_29": true) -> + ("JC_27": (true = true)) -> (mutable_n > 0) -> forall mutable_n0:int. (mutable_n0 = (mutable_n - 1)) -> - (0 <= ("JC_23": mutable_n)) + (0 <= ("JC_31": mutable_n)) goal Termination_loop1_safety_po_2: forall this_2:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_2, 0, 0, Object_alloc_table) -> forall mutable_n:int. - ("JC_21": true) -> - ("JC_19": (true = true)) -> + ("JC_29": true) -> + ("JC_27": (true = true)) -> (mutable_n > 0) -> forall mutable_n0:int. (mutable_n0 = (mutable_n - 1)) -> - (("JC_23": mutable_n0) < ("JC_23": mutable_n)) + (("JC_31": mutable_n0) < ("JC_31": mutable_n)) goal Termination_loop2_safety_po_1: forall this_1:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_1, 0, 0, Object_alloc_table) -> forall mutable_n_0:int. - ("JC_38": true) -> - ("JC_36": (true = true)) -> + ("JC_46": true) -> + ("JC_44": (true = true)) -> (mutable_n_0 < 100) -> forall mutable_n_0_0:int. (mutable_n_0_0 = (mutable_n_0 + 1)) -> - (0 <= ("JC_40": (100 - mutable_n_0))) + (0 <= ("JC_48": (100 - mutable_n_0))) goal Termination_loop2_safety_po_2: forall this_1:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_1, 0, 0, Object_alloc_table) -> forall mutable_n_0:int. - ("JC_38": true) -> - ("JC_36": (true = true)) -> + ("JC_46": true) -> + ("JC_44": (true = true)) -> (mutable_n_0 < 100) -> forall mutable_n_0_0:int. (mutable_n_0_0 = (mutable_n_0 + 1)) -> - (("JC_40": (100 - mutable_n_0_0)) < ("JC_40": (100 - mutable_n_0))) + (("JC_48": (100 - mutable_n_0_0)) < ("JC_48": (100 - mutable_n_0))) goal Termination_loop3_ensures_default_po_1: forall this_0:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> - ("JC_62": ("JC_60": ("JC_60": (0 <= 100)))) + ("JC_70": ("JC_68": (0 <= 100))) goal Termination_loop3_ensures_default_po_2: forall this_0:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> - ("JC_62": ("JC_61": ("JC_61": (100 <= 100)))) + ("JC_70": ("JC_69": (100 <= 100))) goal Termination_loop3_ensures_default_po_3: forall this_0:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> forall i:int. - ("JC_62": (("JC_60": (0 <= i)) and ("JC_61": (i <= 100)))) -> + ("JC_70": (("JC_68": (0 <= i)) and ("JC_69": (i <= 100)))) -> (i > 0) -> forall i0:int. (i0 = (i - 1)) -> - ("JC_62": ("JC_60": ("JC_60": (0 <= i0)))) + ("JC_70": ("JC_68": (0 <= i0))) goal Termination_loop3_ensures_default_po_4: forall this_0:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> forall i:int. - ("JC_62": (("JC_60": (0 <= i)) and ("JC_61": (i <= 100)))) -> + ("JC_70": (("JC_68": (0 <= i)) and ("JC_69": (i <= 100)))) -> (i > 0) -> forall i0:int. (i0 = (i - 1)) -> - ("JC_62": ("JC_61": ("JC_61": (i0 <= 100)))) + ("JC_70": ("JC_69": (i0 <= 100))) goal Termination_loop3_ensures_default_po_5: forall this_0:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> forall i:int. - ("JC_62": (("JC_60": (0 <= i)) and ("JC_61": (i <= 100)))) -> + ("JC_70": (("JC_68": (0 <= i)) and ("JC_69": (i <= 100)))) -> (i <= 0) -> forall return:int. (return = i) -> - ("JC_49": (return = 0)) + ("JC_57": (return = 0)) goal Termination_loop3_safety_po_1: forall this_0:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> forall i:int. - ("JC_57": true) -> - ("JC_55": (("JC_53": (0 <= i)) and ("JC_54": (i <= 100)))) -> + ("JC_65": true) -> + ("JC_63": (("JC_61": (0 <= i)) and ("JC_62": (i <= 100)))) -> (i > 0) -> forall i0:int. (i0 = (i - 1)) -> - (0 <= ("JC_59": i)) + (0 <= ("JC_67": i)) goal Termination_loop3_safety_po_2: forall this_0:Object pointer. forall Object_alloc_table:Object alloc_table. valid_struct_Termination(this_0, 0, 0, Object_alloc_table) -> forall i:int. - ("JC_57": true) -> - ("JC_55": (("JC_53": (0 <= i)) and ("JC_54": (i <= 100)))) -> + ("JC_65": true) -> + ("JC_63": (("JC_61": (0 <= i)) and ("JC_62": (i <= 100)))) -> (i > 0) -> forall i0:int. (i0 = (i - 1)) -> - (("JC_59": i0) < ("JC_59": i)) + (("JC_67": i0) < ("JC_67": i)) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations diff -Nru why-2.29+dfsg/tests/java/oracle/TestNonNull.err.oracle why-2.30+dfsg/tests/java/oracle/TestNonNull.err.oracle --- why-2.29+dfsg/tests/java/oracle/TestNonNull.err.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/TestNonNull.err.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1 @@ +generating logic fun t_length with one default label diff -Nru why-2.29+dfsg/tests/java/oracle/TestNonNull.res.oracle why-2.30+dfsg/tests/java/oracle/TestNonNull.res.oracle --- why-2.29+dfsg/tests/java/oracle/TestNonNull.res.oracle 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/TestNonNull.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -1,22 +1,51 @@ ========== file tests/java/TestNonNull.java ========== +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ NonNullByDefault = all class TestNonNull { - + static final int N = 2; static int[] st; //@ static invariant st_length: st.length >= 4; int[] t; - - + //@ invariant t_length: t.length >= 4; TestNonNull() { - t = new int[3]; - //@ assert t.length == 3; + t = new int[5]; + //@ assert t.length == 5; } @@ -30,6 +59,14 @@ } } + +/* +Local Variables: +compile-command: "make TestNonNull.why3ml" +End: +*/ + + ========== krakatoa execution ========== Parsing OK. Typing OK. @@ -57,11 +94,14 @@ (\offset_max(x) >= -1) predicate Non_null_Object{Here}(Object[0..] x) = -(\offset_max(x) == 0) +(\offset_max(x) >= 0) logic int32 TestNonNull_N = 2 +String[0..] any_string() +; + tag Object = { } @@ -76,6 +116,7 @@ tag TestNonNull = Object with { intM[0..-1] t; + invariant t_length(this) = ((\offset_max(this.t) + 1) >= 4); } type Object = [Object] @@ -118,9 +159,9 @@ unit cons_TestNonNull(! TestNonNull[0] this_1) { (this_1.t = null); - (K_1 : (this_1.t = (new intM[3]))); + (K_1 : (this_1.t = (new intM[5]))); (K_3 : - (assert (K_2 : ((\offset_max(this_1.t) + 1) == 3)))) + (assert (K_2 : ((\offset_max(this_1.t) + 1) == 5)))) } unit TestNonNull_test(TestNonNull[0] this_0, intM[0..-1] t) @@ -151,81 +192,81 @@ ========== file tests/java/TestNonNull.jloc ========== [K_10] file = "HOME/tests/java/TestNonNull.java" -line = 26 +line = 55 begin = 9 end = 13 [K_11] file = "HOME/tests/java/TestNonNull.java" -line = 24 +line = 53 begin = 9 end = 13 [cons_TestNonNull] name = "Constructor of class TestNonNull" file = "HOME/tests/java/TestNonNull.java" -line = 16 +line = 45 begin = 4 end = 15 [K_1] file = "HOME/tests/java/TestNonNull.java" -line = 17 +line = 46 begin = 1 end = 15 [K_2] file = "HOME/tests/java/TestNonNull.java" -line = 18 +line = 47 begin = 12 end = 25 [K_3] file = "HOME/tests/java/TestNonNull.java" -line = 18 +line = 47 begin = 12 end = 25 [K_4] file = "HOME/tests/java/TestNonNull.java" -line = 22 +line = 51 begin = 17 end = 30 [K_5] file = "HOME/tests/java/TestNonNull.java" -line = 25 +line = 54 begin = 1 end = 9 [K_6] file = "HOME/tests/java/TestNonNull.java" -line = 27 +line = 56 begin = 3 end = 8 [K_7] file = "HOME/tests/java/TestNonNull.java" -line = 27 +line = 56 begin = 1 end = 13 [K_8] file = "HOME/tests/java/TestNonNull.java" -line = 28 +line = 57 begin = 1 end = 6 [K_9] file = "HOME/tests/java/TestNonNull.java" -line = 28 +line = 57 begin = 1 end = 11 [TestNonNull_test] name = "Method test" file = "HOME/tests/java/TestNonNull.java" -line = 23 +line = 52 begin = 9 end = 13 @@ -247,10 +288,11 @@ GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs TestNonNull.loc JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 COQDEP = coqdep -.PHONY: all coq pvs simplify cvcl harvey smtlib zenon +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon all: simplify/TestNonNull_why.sx @@ -311,6 +353,13 @@ simplify/%_why.sx: why/%.why @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +vampire: vampire/TestNonNull_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + alt-ergo ergo: why/TestNonNull_why.why @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) @@ -383,6 +432,9 @@ why3ide: why/TestNonNull_why3.why @echo 'why3ide [...] $<' && why3ide $< +why3ml: TestNonNull.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + -include TestNonNull.depend depend: coq/TestNonNull_why.v @@ -393,91 +445,82 @@ ========== file tests/java/TestNonNull.loc ========== [JC_40] -file = "HOME/tests/java/TestNonNull.java" -line = 16 -begin = 4 -end = 15 - -[JC_41] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_41] +file = "HOME/tests/java/TestNonNull.jc" +line = 70 +begin = 8 +end = 23 + [JC_42] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/TestNonNull.jc" +line = 70 +begin = 8 +end = 23 [JC_43] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/TestNonNull.jc" +line = 70 +begin = 8 +end = 23 [JC_44] -file = "HOME/tests/java/TestNonNull.java" -line = 16 -begin = 4 -end = 15 +file = "HOME/tests/java/TestNonNull.jc" +line = 70 +begin = 8 +end = 23 [JC_45] -file = "HOME/tests/java/TestNonNull.java" -line = 16 -begin = 4 -end = 15 +file = "HOME/tests/java/TestNonNull.jc" +line = 70 +begin = 8 +end = 23 [JC_46] -kind = AllocSize file = "HOME/tests/java/TestNonNull.jc" -line = 82 -begin = 23 -end = 34 +line = 70 +begin = 8 +end = 23 [JC_47] -kind = IndexBounds -file = "HOME/tests/java/TestNonNull.jc" -line = 82 -begin = 11 -end = 35 +file = "HOME/tests/java/TestNonNull.java" +line = 45 +begin = 4 +end = 15 [JC_48] -file = "HOME/tests/java/TestNonNull.java" -line = 18 -begin = 12 -end = 25 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_49] -kind = AllocSize -file = "HOME/tests/java/TestNonNull.jc" -line = 82 -begin = 23 -end = 34 +file = "HOME/tests/java/TestNonNull.java" +line = 45 +begin = 4 +end = 15 -[JC_6] +[JC_7] file = "HOME/tests/java/TestNonNull.jc" -line = 53 -begin = 8 -end = 21 +line = 26 +begin = 12 +end = 22 -[JC_7] +[JC_8] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_8] -file = "HOME/tests/java/TestNonNull.jc" -line = 53 -begin = 8 -end = 21 - [TestNonNull_test_ensures_default] name = "Method test" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/TestNonNull.java" -line = 23 +line = 52 begin = 9 end = 13 @@ -485,318 +528,399 @@ name = "Method test" behavior = "Safety" file = "HOME/tests/java/TestNonNull.java" -line = 23 +line = 52 begin = 9 end = 13 [JC_9] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/TestNonNull.jc" +line = 26 +begin = 12 +end = 22 [cons_TestNonNull_ensures_default] name = "Constructor of class TestNonNull" -behavior = "Default behavior" +behavior = "default behavior" file = "HOME/tests/java/TestNonNull.java" -line = 16 +line = 45 begin = 4 end = 15 [JC_50] -file = "HOME/tests/java/TestNonNull.java" -line = 18 -begin = 12 -end = 25 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_51] -file = "HOME/tests/java/TestNonNull.java" -line = 22 -begin = 17 -end = 30 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_52] -file = "HOME/tests/java/TestNonNull.java" -line = 23 -begin = 9 -end = 13 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_53] file = "HOME/tests/java/TestNonNull.java" -line = 23 -begin = 9 -end = 13 +line = 45 +begin = 4 +end = 15 [JC_54] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/TestNonNull.java" +line = 45 +begin = 4 +end = 15 [JC_55] file = "HOME/tests/java/TestNonNull.java" -line = 22 -begin = 17 -end = 30 +line = 45 +begin = 4 +end = 15 [JC_56] file = "HOME/tests/java/TestNonNull.java" -line = 23 -begin = 9 -end = 13 +line = 45 +begin = 4 +end = 15 [JC_57] -file = "HOME/tests/java/TestNonNull.java" -line = 23 -begin = 9 -end = 13 +kind = AllocSize +file = "HOME/tests/java/TestNonNull.jc" +line = 86 +begin = 23 +end = 34 [JC_58] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = IndexBounds +file = "HOME/tests/java/TestNonNull.jc" +line = 86 +begin = 11 +end = 35 [JC_59] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/TestNonNull.java" +line = 47 +begin = 12 +end = 25 [JC_60] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +kind = AllocSize +file = "HOME/tests/java/TestNonNull.jc" +line = 86 +begin = 23 +end = 34 [JC_61] file = "HOME/tests/java/TestNonNull.java" -line = 23 -begin = 9 -end = 13 +line = 47 +begin = 12 +end = 25 [JC_62] file = "HOME/tests/java/TestNonNull.java" -line = 23 -begin = 9 -end = 13 +line = 51 +begin = 17 +end = 30 [JC_10] -file = "HOME/tests/java/TestNonNull.jc" -line = 56 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_63] -kind = IndexBounds file = "HOME/tests/java/TestNonNull.java" -line = 24 +line = 52 begin = 9 end = 13 [JC_11] -file = "HOME/tests/java/TestNonNull.jc" -line = 55 -begin = 10 -end = 18 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_64] -kind = IndexBounds file = "HOME/tests/java/TestNonNull.java" -line = 26 +line = 52 begin = 9 end = 13 [JC_12] -file = "HOME/tests/java/TestNonNull.jc" -line = 56 -begin = 11 -end = 66 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_65] -kind = IndexBounds -file = "HOME/tests/java/TestNonNull.java" -line = 28 -begin = 1 -end = 6 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_13] file = "HOME/tests/java/TestNonNull.jc" -line = 55 -begin = 10 -end = 18 +line = 26 +begin = 12 +end = 22 [JC_66] -kind = IndexBounds -file = "HOME/tests/java/TestNonNull.jc" -line = 93 +file = "HOME/tests/java/TestNonNull.java" +line = 51 begin = 17 -end = 33 +end = 30 [JC_14] file = "HOME/tests/java/TestNonNull.jc" -line = 53 -begin = 8 -end = 21 +line = 26 +begin = 12 +end = 22 [JC_67] -kind = IndexBounds -file = "HOME/tests/java/TestNonNull.jc" -line = 98 -begin = 23 -end = 76 +file = "HOME/tests/java/TestNonNull.java" +line = 52 +begin = 9 +end = 13 [JC_15] file = "HOME/tests/java/TestNonNull.jc" -line = 53 +line = 57 begin = 8 end = 21 +[JC_68] +file = "HOME/tests/java/TestNonNull.java" +line = 52 +begin = 9 +end = 13 + [JC_16] -file = "HOME/tests/java/TestNonNull.jc" -line = 59 -begin = 8 -end = 30 +file = "HOME/" +line = 0 +begin = -1 +end = -1 -[JC_17] +[JC_69] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_18] +[JC_17] file = "HOME/tests/java/TestNonNull.jc" -line = 59 +line = 57 begin = 8 -end = 30 +end = 21 -[JC_19] +[JC_18] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_20] +[JC_19] file = "HOME/tests/java/TestNonNull.jc" -line = 62 +line = 60 begin = 11 -end = 103 +end = 66 -[JC_21] +[JC_70] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_71] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_72] +file = "HOME/tests/java/TestNonNull.java" +line = 52 +begin = 9 +end = 13 + +[JC_20] file = "HOME/tests/java/TestNonNull.jc" -line = 61 +line = 59 begin = 10 end = 18 -[JC_22] +[JC_73] +file = "HOME/tests/java/TestNonNull.java" +line = 52 +begin = 9 +end = 13 + +[JC_21] file = "HOME/tests/java/TestNonNull.jc" -line = 62 +line = 60 begin = 11 -end = 103 +end = 66 -[JC_23] +[JC_74] +file = "HOME/tests/java/TestNonNull.java" +line = 52 +begin = 9 +end = 13 + +[JC_22] file = "HOME/tests/java/TestNonNull.jc" -line = 61 +line = 59 begin = 10 end = 18 +[JC_75] +file = "HOME/tests/java/TestNonNull.java" +line = 52 +begin = 9 +end = 13 + +[JC_23] +file = "HOME/tests/java/TestNonNull.jc" +line = 57 +begin = 8 +end = 21 + +[JC_76] +kind = IndexBounds +file = "HOME/tests/java/TestNonNull.java" +line = 53 +begin = 9 +end = 13 + [JC_24] file = "HOME/tests/java/TestNonNull.jc" -line = 59 +line = 57 begin = 8 -end = 30 +end = 21 + +[JC_77] +kind = IndexBounds +file = "HOME/tests/java/TestNonNull.java" +line = 55 +begin = 9 +end = 13 [JC_25] file = "HOME/tests/java/TestNonNull.jc" -line = 59 +line = 63 begin = 8 end = 30 -[JC_26] -file = "HOME/tests/java/TestNonNull.jc" -line = 66 -begin = 8 -end = 23 +[JC_78] +kind = IndexBounds +file = "HOME/tests/java/TestNonNull.java" +line = 57 +begin = 1 +end = 6 -[JC_27] +[JC_26] file = "HOME/" line = 0 begin = -1 end = -1 -[JC_28] +[JC_79] +kind = IndexBounds file = "HOME/tests/java/TestNonNull.jc" -line = 66 +line = 97 +begin = 17 +end = 33 + +[JC_27] +file = "HOME/tests/java/TestNonNull.jc" +line = 63 begin = 8 -end = 23 +end = 30 -[JC_29] +[JC_28] file = "HOME/" line = 0 begin = -1 end = -1 +[JC_29] +file = "HOME/tests/java/TestNonNull.jc" +line = 66 +begin = 11 +end = 103 + [cons_TestNonNull_safety] name = "Constructor of class TestNonNull" behavior = "Safety" file = "HOME/tests/java/TestNonNull.java" -line = 16 +line = 45 begin = 4 end = 15 +[JC_80] +kind = IndexBounds +file = "HOME/tests/java/TestNonNull.jc" +line = 102 +begin = 23 +end = 76 + [JC_30] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/TestNonNull.jc" +line = 65 +begin = 10 +end = 18 [JC_31] -file = "HOME/" -line = 0 -begin = -1 -end = -1 +file = "HOME/tests/java/TestNonNull.jc" +line = 66 +begin = 11 +end = 103 [JC_32] file = "HOME/tests/java/TestNonNull.jc" -line = 66 -begin = 8 -end = 23 +line = 65 +begin = 10 +end = 18 [JC_33] file = "HOME/tests/java/TestNonNull.jc" -line = 66 +line = 63 begin = 8 -end = 23 +end = 30 [JC_34] file = "HOME/tests/java/TestNonNull.jc" -line = 66 +line = 63 begin = 8 -end = 23 +end = 30 [JC_35] file = "HOME/tests/java/TestNonNull.jc" -line = 66 +line = 70 begin = 8 end = 23 [JC_36] -file = "HOME/tests/java/TestNonNull.jc" -line = 66 -begin = 8 -end = 23 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_37] file = "HOME/tests/java/TestNonNull.jc" -line = 66 +line = 70 begin = 8 end = 23 [JC_38] -file = "HOME/tests/java/TestNonNull.java" -line = 16 -begin = 4 -end = 15 +file = "HOME/" +line = 0 +begin = -1 +end = -1 [JC_39] file = "HOME/" @@ -819,21 +943,15 @@ type short -exception Exception_exc of Object pointer - logic Exception_tag: -> Object tag_id logic Object_tag: -> Object tag_id axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) -exception Loop_continue_exc of unit - -exception Loop_exit_exc of unit - predicate Non_null_Object(x_1:Object pointer, Object_alloc_table:Object alloc_table) = - eq_int(offset_max(Object_alloc_table, x_1), (0)) + ge_int(offset_max(Object_alloc_table, x_1), (0)) predicate Non_null_intM(x_0:Object pointer, Object_alloc_table:Object alloc_table) = @@ -854,8 +972,6 @@ (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, x, Object_tag))) -exception Return_label_exc of unit - logic String_tag: -> Object tag_id axiom String_parenttag_Object : parenttag(String_tag, Object_tag) @@ -870,8 +986,6 @@ logic TestNonNull_st: -> Object pointer -exception Throwable_exc of Object pointer - logic Throwable_tag: -> Object tag_id axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) @@ -885,6 +999,11 @@ ((le_int((-128), x) and le_int(x, (127))) -> eq_int(integer_of_byte(byte_of_integer(x)), x))) +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + axiom byte_range : (forall x:byte. (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) @@ -898,6 +1017,11 @@ ((le_int((0), x) and le_int(x, (65535))) -> eq_int(integer_of_char(char_of_integer(x)), x))) +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + axiom char_range : (forall x:char. (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) @@ -928,6 +1052,11 @@ ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> eq_int(integer_of_int32(int32_of_integer(x)), x))) +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + axiom int32_range : (forall x:int32. (le_int((-2147483648), integer_of_int32(x)) @@ -992,6 +1121,11 @@ ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> eq_int(integer_of_long(long_of_integer(x)), x))) +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + axiom long_range : (forall x:long. (le_int((-9223372036854775808), integer_of_long(x)) @@ -1042,6 +1176,11 @@ ((le_int((-32768), x) and le_int(x, (32767))) -> eq_int(integer_of_short(short_of_integer(x)), x))) +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + axiom short_range : (forall x:short. (le_int((-32768), integer_of_short(x)) @@ -1093,35 +1232,12 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_TestNonNull(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - valid_bitvector_struct_Object(p, a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p:unit pointer, a:int, b:int, - bitvector_alloc_table:unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) - and (offset_max(bitvector_alloc_table, p) = b)) +predicate t_length(this:Object pointer, + Object_alloc_table:Object alloc_table, + TestNonNull_t:(Object, Object pointer) memory) = + ge_int(add_int(offset_max(Object_alloc_table, select(TestNonNull_t, this)), + (1)), + (4)) predicate valid_root_Object(p:Object pointer, a:int, b:int, Object_alloc_table:Object alloc_table) = @@ -1166,10 +1282,18 @@ ((offset_min(interface_alloc_table, p) <= a) and (offset_max(interface_alloc_table, p) >= b)) +exception Exception_exc of Object pointer + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + parameter Object_alloc_table : Object alloc_table ref parameter Object_tag_table : Object tag_table ref +exception Return_label_exc of unit + parameter TestNonNull_t : (Object, Object pointer) memory ref parameter intM_intP : (Object, int32) memory ref @@ -1177,143 +1301,24 @@ parameter TestNonNull_test : this_0:Object pointer -> t:Object pointer -> - { } unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_62: st_length(Object_alloc_table)) } + { } unit reads Object_alloc_table,TestNonNull_t,intM_intP writes intM_intP + { (JC_75: + ((JC_74: st_length(Object_alloc_table)) + and t_length(this_0, Object_alloc_table, TestNonNull_t))) } parameter TestNonNull_test_requires : this_0:Object pointer -> t:Object pointer -> - { (JC_53: - ((JC_51: ge_int(add_int(offset_max(Object_alloc_table, t), (1)), (4))) - and (JC_52: st_length(Object_alloc_table))))} - unit reads Object_alloc_table,intM_intP writes intM_intP - { (JC_62: st_length(Object_alloc_table)) } - -parameter alloc_bitvector_struct_Exception : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Exception_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Exception(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Object_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Object(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_String_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_String(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_TestNonNull : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_TestNonNull(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_TestNonNull_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_TestNonNull(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_Throwable_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_Throwable(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_intM_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_intM(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } - -parameter alloc_bitvector_struct_interface : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { } unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } + { (JC_64: + ((JC_62: ge_int(add_int(offset_max(Object_alloc_table, t), (1)), (4))) + and ((JC_63: st_length(Object_alloc_table)) + and t_length(this_0, Object_alloc_table, TestNonNull_t))))} + unit reads Object_alloc_table,TestNonNull_t,intM_intP writes intM_intP + { (JC_75: + ((JC_74: st_length(Object_alloc_table)) + and t_length(this_0, Object_alloc_table, TestNonNull_t))) } -parameter alloc_bitvector_struct_interface_requires : - n:int -> - bitvector_alloc_table:unit alloc_table ref -> - { ge_int(n, (0))} unit pointer writes bitvector_alloc_table - { (valid_bitvector_struct_interface(result, (0), sub_int(n, (1)), - bitvector_alloc_table) - and (alloc_extends(bitvector_alloc_table@, bitvector_alloc_table) - and alloc_fresh(bitvector_alloc_table@, result, n))) } +exception Throwable_exc of Object pointer parameter alloc_struct_Exception : n:int -> @@ -1492,6 +1497,16 @@ parameter any_short : unit -> { } short { true } +parameter any_string_0 : + tt:unit -> + { } Object pointer reads Object_alloc_table + { (JC_14: st_length(Object_alloc_table)) } + +parameter any_string_0_requires : + tt:unit -> + { (JC_7: st_length(Object_alloc_table))} Object pointer + reads Object_alloc_table { (JC_14: st_length(Object_alloc_table)) } + parameter byte_of_integer_ : x:int -> { (le_int((-128), x) and le_int(x, (127)))} byte @@ -1506,14 +1521,18 @@ this_1:Object pointer -> { } unit reads Object_alloc_table,TestNonNull_t writes Object_alloc_table,Object_tag_table,TestNonNull_t - { (JC_45: st_length(Object_alloc_table)) } + { (JC_56: + ((JC_55: st_length(Object_alloc_table)) + and t_length(this_1, Object_alloc_table, TestNonNull_t))) } parameter cons_TestNonNull_requires : this_1:Object pointer -> - { (JC_38: st_length(Object_alloc_table))} unit + { (JC_47: st_length(Object_alloc_table))} unit reads Object_alloc_table,TestNonNull_t writes Object_alloc_table,Object_tag_table,TestNonNull_t - { (JC_45: st_length(Object_alloc_table)) } + { (JC_56: + ((JC_55: st_length(Object_alloc_table)) + and t_length(this_1, Object_alloc_table, TestNonNull_t))) } parameter int32_of_integer_ : x:int -> @@ -1523,22 +1542,20 @@ parameter java_array_length_intM : x_3:Object pointer -> { } int reads Object_alloc_table - { ((JC_25: st_length(Object_alloc_table)) - and (JC_22: + { ((JC_34: st_length(Object_alloc_table)) + and (JC_31: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, - add_int(offset_max(Object_alloc_table, x_3), (1))))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1))))))) } parameter java_array_length_intM_requires : x_3:Object pointer -> - { (JC_16: st_length(Object_alloc_table))} int reads Object_alloc_table - { ((JC_25: st_length(Object_alloc_table)) - and (JC_22: + { (JC_25: st_length(Object_alloc_table))} int reads Object_alloc_table + { ((JC_34: st_length(Object_alloc_table)) + and (JC_31: (le_int(result, (2147483647)) and (ge_int(result, (0)) - and eq_int(result, - add_int(offset_max(Object_alloc_table, x_3), (1))))))) } + and (result = add_int(offset_max(Object_alloc_table, x_3), (1))))))) } parameter long_of_integer_ : x:int -> @@ -1548,35 +1565,35 @@ parameter non_null_Object : x_4:Object pointer -> { } bool reads Object_alloc_table - { ((JC_33: st_length(Object_alloc_table)) - and (JC_37: - ((if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { ((JC_42: st_length(Object_alloc_table)) + and (JC_46: + ((if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null)) - and (JC_36: st_length(Object_alloc_table))))) } + and (JC_45: st_length(Object_alloc_table))))) } parameter non_null_Object_requires : x_4:Object pointer -> - { (JC_26: st_length(Object_alloc_table))} bool reads Object_alloc_table - { ((JC_33: st_length(Object_alloc_table)) - and (JC_37: - ((if result then eq_int(offset_max(Object_alloc_table, x_4), (0)) + { (JC_35: st_length(Object_alloc_table))} bool reads Object_alloc_table + { ((JC_42: st_length(Object_alloc_table)) + and (JC_46: + ((if result then (offset_max(Object_alloc_table, x_4) = (0)) else (x_4 = null)) - and (JC_36: st_length(Object_alloc_table))))) } + and (JC_45: st_length(Object_alloc_table))))) } parameter non_null_intM : x_2:Object pointer -> { } bool reads Object_alloc_table - { ((JC_15: st_length(Object_alloc_table)) - and (JC_12: + { ((JC_24: st_length(Object_alloc_table)) + and (JC_21: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null)))) } parameter non_null_intM_requires : x_2:Object pointer -> - { (JC_6: st_length(Object_alloc_table))} bool reads Object_alloc_table - { ((JC_15: st_length(Object_alloc_table)) - and (JC_12: + { (JC_15: st_length(Object_alloc_table))} bool reads Object_alloc_table + { ((JC_24: st_length(Object_alloc_table)) + and (JC_21: (if result then ge_int(offset_max(Object_alloc_table, x_2), neg_int((1))) else (x_2 = null)))) } @@ -1606,10 +1623,11 @@ { (valid_struct_intM(t, (0), (-1), Object_alloc_table) and (valid_struct_TestNonNull(this_0, (0), (0), Object_alloc_table, TestNonNull_t) - and (JC_57: - ((JC_55: + and (JC_68: + ((JC_66: ge_int(add_int(offset_max(Object_alloc_table, t), (1)), (4))) - and (JC_56: st_length(Object_alloc_table)))))) } + and ((JC_67: st_length(Object_alloc_table)) + and t_length(this_0, Object_alloc_table, TestNonNull_t)))))) } (init: try begin @@ -1638,24 +1656,25 @@ ((eq_int_ (integer_of_int32 (K_8: ((safe_acc_ !intM_intP) ((shift TestNonNull_st) (3)))))) (1))) end)) end)) in void); (raise Return) end with Return -> void end) - { (JC_59: true) } + { (JC_70: true) } let TestNonNull_test_safety = fun (this_0 : Object pointer) (t : Object pointer) -> { (valid_struct_intM(t, (0), (-1), Object_alloc_table) and (valid_struct_TestNonNull(this_0, (0), (0), Object_alloc_table, TestNonNull_t) - and (JC_57: - ((JC_55: + and (JC_68: + ((JC_66: ge_int(add_int(offset_max(Object_alloc_table, t), (1)), (4))) - and (JC_56: st_length(Object_alloc_table)))))) } + and ((JC_67: st_length(Object_alloc_table)) + and t_length(this_0, Object_alloc_table, TestNonNull_t)))))) } (init: try begin (let jessie_ = (let i = (K_11: - (JC_63: ((((lsafe_lbound_acc_ !Object_alloc_table) !intM_intP) t) (3)))) in + (JC_76: ((((lsafe_lbound_acc_ !Object_alloc_table) !intM_intP) t) (3)))) in (K_5: begin (let jessie_ = (safe_int32_of_integer_ (1)) in @@ -1663,11 +1682,11 @@ (let jessie_ = (2) in (let jessie_ = ((shift jessie_) jessie_) in (let jessie_ = ((shift jessie_) (2)) in - (JC_66: + (JC_79: (((((lsafe_lbound_upd_ !Object_alloc_table) intM_intP) jessie_) (2)) jessie_))))))); (let j = (K_10: - (JC_64: ((((lsafe_lbound_acc_ !Object_alloc_table) !intM_intP) t) (2)))) in + (JC_77: ((((lsafe_lbound_acc_ !Object_alloc_table) !intM_intP) t) (2)))) in (K_7: begin (let jessie_ = (safe_int32_of_integer_ (1)) in @@ -1675,20 +1694,22 @@ (let jessie_ = (3) in (let jessie_ = ((shift jessie_) jessie_) in (let jessie_ = ((shift jessie_) (3)) in - (JC_67: + (JC_80: (((((lsafe_lbound_upd_ !Object_alloc_table) intM_intP) jessie_) (3)) jessie_))))))); (K_9: ((eq_int_ (integer_of_int32 (K_8: - (JC_65: + (JC_78: ((((lsafe_lbound_acc_ !Object_alloc_table) !intM_intP) TestNonNull_st) (3)))))) (1))) end)) end)) in void); (raise Return) end with Return -> void end) - { (JC_61: st_length(Object_alloc_table)) } + { (JC_73: + ((JC_72: st_length(Object_alloc_table)) + and t_length(this_0, Object_alloc_table, TestNonNull_t))) } let cons_TestNonNull_ensures_default = fun (this_1 : Object pointer) -> { (valid_struct_TestNonNull(this_1, (0), (0), Object_alloc_table, TestNonNull_t) - and (JC_40: st_length(Object_alloc_table))) } + and (JC_49: st_length(Object_alloc_table))) } (init: try (K_1: @@ -1697,23 +1718,21 @@ (let jessie_ = this_1 in (((safe_upd_ TestNonNull_t) jessie_) jessie_))); (let jessie_ = - (JC_49: (((alloc_struct_intM (3)) Object_alloc_table) Object_tag_table)) in + (JC_60: (((alloc_struct_intM (5)) Object_alloc_table) Object_tag_table)) in (let jessie_ = this_1 in (((safe_upd_ TestNonNull_t) jessie_) jessie_))); (K_3: (assert - { (JC_50: - eq_int(add_int(offset_max(Object_alloc_table, - select(TestNonNull_t, this_1)), - (1)), - (3))) }; void)); (raise Return) end) with Return -> void end) - { (JC_42: true) } + { (JC_61: + (add_int(offset_max(Object_alloc_table, select(TestNonNull_t, this_1)), + (1)) = (5))) }; void)); (raise Return) end) with Return -> void end) + { (JC_51: true) } let cons_TestNonNull_safety = fun (this_1 : Object pointer) -> { (valid_struct_TestNonNull(this_1, (0), (0), Object_alloc_table, TestNonNull_t) - and (JC_40: st_length(Object_alloc_table))) } + and (JC_49: st_length(Object_alloc_table))) } (init: try (K_1: @@ -1723,21 +1742,22 @@ (((safe_upd_ TestNonNull_t) jessie_) jessie_))); (let jessie_ = (let jessie_ = - (JC_46: - (((alloc_struct_intM_requires (3)) Object_alloc_table) Object_tag_table)) in - (JC_47: + (JC_57: + (((alloc_struct_intM_requires (5)) Object_alloc_table) Object_tag_table)) in + (JC_58: (assert { ge_int(offset_max(Object_alloc_table, jessie_), (-1)) }; jessie_))) in (let jessie_ = this_1 in (((safe_upd_ TestNonNull_t) jessie_) jessie_))); (K_3: [ { } unit reads Object_alloc_table,TestNonNull_t - { (JC_48: - eq_int(add_int(offset_max(Object_alloc_table, - select(TestNonNull_t, this_1)), - (1)), - (3))) } ]); (raise Return) end) with Return -> void end) - { (JC_44: st_length(Object_alloc_table)) } + { (JC_59: + (add_int(offset_max(Object_alloc_table, + select(TestNonNull_t, this_1)), + (1)) = (5))) } ]); (raise Return) end) with Return -> void end) + { (JC_54: + ((JC_53: st_length(Object_alloc_table)) + and t_length(this_1, Object_alloc_table, TestNonNull_t))) } ========== make project execution ========== @@ -1748,47 +1768,55 @@ - + - + - + - + + + + + - + - + + + + + + + - - + + - - + + - - - - - + + + @@ -2745,7 +2773,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -2793,6 +2821,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -2805,6 +2837,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -2835,6 +2871,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -2898,6 +2939,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -2949,6 +2994,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -2999,35 +3049,10 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_TestNonNull(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) +predicate t_length(this: Object pointer, + Object_alloc_table: Object alloc_table, TestNonNull_t: (Object, + Object pointer) memory) = ((offset_max(Object_alloc_table, + select(TestNonNull_t, this)) + 1) >= 4) predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = @@ -3081,11 +3106,39 @@ (valid_struct_intM(t, 0, (-1), Object_alloc_table) and (valid_struct_TestNonNull(this_0, 0, 0, Object_alloc_table, TestNonNull_t) and - ("JC_57": - (("JC_55": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and - ("JC_56": st_length(Object_alloc_table)))))) -> + ("JC_68": + (("JC_66": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and + (("JC_67": st_length(Object_alloc_table)) and t_length(this_0, + Object_alloc_table, TestNonNull_t)))))) -> (3 <= offset_max(Object_alloc_table, t)) +========== file tests/java/why/TestNonNull_po10.why ========== +goal cons_TestNonNull_safety_po_4: + forall this_1:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall TestNonNull_t:(Object, + Object pointer) memory. + (valid_struct_TestNonNull(this_1, 0, 0, Object_alloc_table, + TestNonNull_t) and ("JC_49": st_length(Object_alloc_table))) -> + forall TestNonNull_t0:(Object, + Object pointer) memory. + (TestNonNull_t0 = store(TestNonNull_t, this_1, null)) -> + (5 >= 0) -> + forall result:Object pointer. + forall Object_alloc_table0:Object alloc_table. + forall Object_tag_table:Object tag_table. + (strict_valid_struct_intM(result, 0, (5 - 1), Object_alloc_table0) and + (alloc_extends(Object_alloc_table, Object_alloc_table0) and + (alloc_fresh(Object_alloc_table, result, 5) and + instanceof(Object_tag_table, result, intM_tag)))) -> + (offset_max(Object_alloc_table0, result) >= (-1)) -> + forall TestNonNull_t1:(Object, + Object pointer) memory. + (TestNonNull_t1 = store(TestNonNull_t0, this_1, result)) -> + ("JC_59": ((offset_max(Object_alloc_table0, select(TestNonNull_t1, + this_1)) + 1) = 5)) -> + ("JC_54": t_length(this_1, Object_alloc_table0, TestNonNull_t1)) + ========== file tests/java/why/TestNonNull_po2.why ========== goal TestNonNull_test_safety_po_2: forall this_0:Object pointer. @@ -3098,9 +3151,10 @@ (valid_struct_intM(t, 0, (-1), Object_alloc_table) and (valid_struct_TestNonNull(this_0, 0, 0, Object_alloc_table, TestNonNull_t) and - ("JC_57": - (("JC_55": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and - ("JC_56": st_length(Object_alloc_table)))))) -> + ("JC_68": + (("JC_66": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and + (("JC_67": st_length(Object_alloc_table)) and t_length(this_0, + Object_alloc_table, TestNonNull_t)))))) -> (3 <= offset_max(Object_alloc_table, t)) -> forall result:int32. (result = select(intM_intP, shift(t, 3))) -> @@ -3120,9 +3174,10 @@ (valid_struct_intM(t, 0, (-1), Object_alloc_table) and (valid_struct_TestNonNull(this_0, 0, 0, Object_alloc_table, TestNonNull_t) and - ("JC_57": - (("JC_55": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and - ("JC_56": st_length(Object_alloc_table)))))) -> + ("JC_68": + (("JC_66": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and + (("JC_67": st_length(Object_alloc_table)) and t_length(this_0, + Object_alloc_table, TestNonNull_t)))))) -> (3 <= offset_max(Object_alloc_table, t)) -> forall result:int32. (result = select(intM_intP, shift(t, 3))) -> @@ -3155,9 +3210,10 @@ (valid_struct_intM(t, 0, (-1), Object_alloc_table) and (valid_struct_TestNonNull(this_0, 0, 0, Object_alloc_table, TestNonNull_t) and - ("JC_57": - (("JC_55": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and - ("JC_56": st_length(Object_alloc_table)))))) -> + ("JC_68": + (("JC_66": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and + (("JC_67": st_length(Object_alloc_table)) and t_length(this_0, + Object_alloc_table, TestNonNull_t)))))) -> (3 <= offset_max(Object_alloc_table, t)) -> forall result:int32. (result = select(intM_intP, shift(t, 3))) -> @@ -3179,93 +3235,131 @@ (3 <= offset_max(Object_alloc_table, TestNonNull_st)) -> forall result3:int32. (result3 = select(intM_intP1, shift(TestNonNull_st, 3))) -> - ("JC_61": st_length(Object_alloc_table)) + ("JC_73": ("JC_72": st_length(Object_alloc_table))) ========== file tests/java/why/TestNonNull_po5.why ========== +goal TestNonNull_test_safety_po_5: + forall this_0:Object pointer. + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall TestNonNull_t:(Object, + Object pointer) memory. + forall intM_intP:(Object, + int32) memory. + (valid_struct_intM(t, 0, (-1), Object_alloc_table) and + (valid_struct_TestNonNull(this_0, 0, 0, Object_alloc_table, + TestNonNull_t) and + ("JC_68": + (("JC_66": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and + (("JC_67": st_length(Object_alloc_table)) and t_length(this_0, + Object_alloc_table, TestNonNull_t)))))) -> + (3 <= offset_max(Object_alloc_table, t)) -> + forall result:int32. + (result = select(intM_intP, shift(t, 3))) -> + forall result0:int32. + (integer_of_int32(result0) = 1) -> + (2 <= offset_max(Object_alloc_table, t)) -> + forall intM_intP0:(Object, + int32) memory. + (intM_intP0 = store(intM_intP, shift(t, 2), result0)) -> + (2 <= offset_max(Object_alloc_table, t)) -> + forall result1:int32. + (result1 = select(intM_intP0, shift(t, 2))) -> + forall result2:int32. + (integer_of_int32(result2) = 1) -> + (3 <= offset_max(Object_alloc_table, t)) -> + forall intM_intP1:(Object, + int32) memory. + (intM_intP1 = store(intM_intP0, shift(t, 3), result2)) -> + (3 <= offset_max(Object_alloc_table, TestNonNull_st)) -> + forall result3:int32. + (result3 = select(intM_intP1, shift(TestNonNull_st, 3))) -> + ("JC_73": t_length(this_0, Object_alloc_table, TestNonNull_t)) + +========== file tests/java/why/TestNonNull_po6.why ========== goal cons_TestNonNull_ensures_default_po_1: forall this_1:Object pointer. forall Object_alloc_table:Object alloc_table. forall TestNonNull_t:(Object, Object pointer) memory. (valid_struct_TestNonNull(this_1, 0, 0, Object_alloc_table, - TestNonNull_t) and ("JC_40": st_length(Object_alloc_table))) -> + TestNonNull_t) and ("JC_49": st_length(Object_alloc_table))) -> forall TestNonNull_t0:(Object, Object pointer) memory. (TestNonNull_t0 = store(TestNonNull_t, this_1, null)) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. - (strict_valid_struct_intM(result, 0, (3 - 1), Object_alloc_table0) and + (strict_valid_struct_intM(result, 0, (5 - 1), Object_alloc_table0) and (alloc_extends(Object_alloc_table, Object_alloc_table0) and - (alloc_fresh(Object_alloc_table, result, 3) and + (alloc_fresh(Object_alloc_table, result, 5) and instanceof(Object_tag_table, result, intM_tag)))) -> forall TestNonNull_t1:(Object, Object pointer) memory. (TestNonNull_t1 = store(TestNonNull_t0, this_1, result)) -> - ("JC_50": - ("JC_50": ((offset_max(Object_alloc_table0, select(TestNonNull_t1, - this_1)) + 1) = 3))) + ("JC_61": ((offset_max(Object_alloc_table0, select(TestNonNull_t1, + this_1)) + 1) = 5)) -========== file tests/java/why/TestNonNull_po6.why ========== +========== file tests/java/why/TestNonNull_po7.why ========== goal cons_TestNonNull_safety_po_1: forall this_1:Object pointer. forall Object_alloc_table:Object alloc_table. forall TestNonNull_t:(Object, Object pointer) memory. (valid_struct_TestNonNull(this_1, 0, 0, Object_alloc_table, - TestNonNull_t) and ("JC_40": st_length(Object_alloc_table))) -> + TestNonNull_t) and ("JC_49": st_length(Object_alloc_table))) -> forall TestNonNull_t0:(Object, Object pointer) memory. (TestNonNull_t0 = store(TestNonNull_t, this_1, null)) -> - (3 >= 0) + (5 >= 0) -========== file tests/java/why/TestNonNull_po7.why ========== +========== file tests/java/why/TestNonNull_po8.why ========== goal cons_TestNonNull_safety_po_2: forall this_1:Object pointer. forall Object_alloc_table:Object alloc_table. forall TestNonNull_t:(Object, Object pointer) memory. (valid_struct_TestNonNull(this_1, 0, 0, Object_alloc_table, - TestNonNull_t) and ("JC_40": st_length(Object_alloc_table))) -> + TestNonNull_t) and ("JC_49": st_length(Object_alloc_table))) -> forall TestNonNull_t0:(Object, Object pointer) memory. (TestNonNull_t0 = store(TestNonNull_t, this_1, null)) -> - (3 >= 0) -> + (5 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. - (strict_valid_struct_intM(result, 0, (3 - 1), Object_alloc_table0) and + (strict_valid_struct_intM(result, 0, (5 - 1), Object_alloc_table0) and (alloc_extends(Object_alloc_table, Object_alloc_table0) and - (alloc_fresh(Object_alloc_table, result, 3) and + (alloc_fresh(Object_alloc_table, result, 5) and instanceof(Object_tag_table, result, intM_tag)))) -> (offset_max(Object_alloc_table0, result) >= (-1)) -========== file tests/java/why/TestNonNull_po8.why ========== +========== file tests/java/why/TestNonNull_po9.why ========== goal cons_TestNonNull_safety_po_3: forall this_1:Object pointer. forall Object_alloc_table:Object alloc_table. forall TestNonNull_t:(Object, Object pointer) memory. (valid_struct_TestNonNull(this_1, 0, 0, Object_alloc_table, - TestNonNull_t) and ("JC_40": st_length(Object_alloc_table))) -> + TestNonNull_t) and ("JC_49": st_length(Object_alloc_table))) -> forall TestNonNull_t0:(Object, Object pointer) memory. (TestNonNull_t0 = store(TestNonNull_t, this_1, null)) -> - (3 >= 0) -> + (5 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. - (strict_valid_struct_intM(result, 0, (3 - 1), Object_alloc_table0) and + (strict_valid_struct_intM(result, 0, (5 - 1), Object_alloc_table0) and (alloc_extends(Object_alloc_table, Object_alloc_table0) and - (alloc_fresh(Object_alloc_table, result, 3) and + (alloc_fresh(Object_alloc_table, result, 5) and instanceof(Object_tag_table, result, intM_tag)))) -> (offset_max(Object_alloc_table0, result) >= (-1)) -> forall TestNonNull_t1:(Object, Object pointer) memory. (TestNonNull_t1 = store(TestNonNull_t0, this_1, result)) -> - ("JC_48": ((offset_max(Object_alloc_table0, select(TestNonNull_t1, - this_1)) + 1) = 3)) -> - ("JC_44": st_length(Object_alloc_table0)) + ("JC_59": ((offset_max(Object_alloc_table0, select(TestNonNull_t1, + this_1)) + 1) = 5)) -> + ("JC_54": ("JC_53": st_length(Object_alloc_table0))) ========== generation of Simplify VC output ========== why -simplify [...] why/TestNonNull.why @@ -4089,7 +4183,7 @@ (EQ (parenttag Exception_tag Object_tag) |@true|)) (DEFPRED (Non_null_Object x_1 Object_alloc_table) - (EQ (offset_max Object_alloc_table x_1) 0)) + (>= (offset_max Object_alloc_table x_1) 0)) (DEFPRED (Non_null_intM x_0 Object_alloc_table) (>= (offset_max Object_alloc_table x_0) (- 0 1))) @@ -4133,6 +4227,11 @@ (EQ (integer_of_byte (byte_of_integer x)) x)))) (BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom byte_range (FORALL (x) (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) @@ -4144,6 +4243,11 @@ (EQ (integer_of_char (char_of_integer x)) x)))) (BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom char_range (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) @@ -4166,6 +4270,11 @@ (EQ (integer_of_int32 (int32_of_integer x)) x)))) (BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom int32_range (FORALL (x) (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) @@ -4223,6 +4332,11 @@ (EQ (integer_of_long (long_of_integer x)) x)))) (BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom long_range (FORALL (x) (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) @@ -4266,6 +4380,11 @@ (EQ (integer_of_short (short_of_integer x)) x)))) (BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH ;; Why axiom short_range (FORALL (x) (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) @@ -4306,28 +4425,8 @@ (AND (EQ (offset_min interface_alloc_table p) a) (EQ (offset_max interface_alloc_table p) b))) -(DEFPRED (valid_bitvector_struct_Object p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) - -(DEFPRED (valid_bitvector_struct_Exception p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_String p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_TestNonNull p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_Throwable p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_intM p a b bitvector_alloc_table) - (valid_bitvector_struct_Object p a b bitvector_alloc_table)) - -(DEFPRED (valid_bitvector_struct_interface p a b bitvector_alloc_table) - (AND (EQ (offset_min bitvector_alloc_table p) a) - (EQ (offset_max bitvector_alloc_table p) b))) +(DEFPRED (t_length this Object_alloc_table TestNonNull_t) + (>= (+ (offset_max Object_alloc_table (select TestNonNull_t this)) 1) 4)) (DEFPRED (valid_root_Object p a b Object_alloc_table) (AND (<= (offset_min Object_alloc_table p) a) @@ -4361,7 +4460,7 @@ (AND (<= (offset_min interface_alloc_table p) a) (>= (offset_max interface_alloc_table p) b))) -;; TestNonNull_test_safety_po_1, File "HOME/tests/java/TestNonNull.java", line 24, characters 9-13 +;; TestNonNull_test_safety_po_1, File "HOME/tests/java/TestNonNull.java", line 53, characters 9-13 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4371,10 +4470,11 @@ (valid_struct_TestNonNull this_0 0 0 Object_alloc_table TestNonNull_t) (AND (>= (+ (offset_max Object_alloc_table t) 1) 4) - (st_length Object_alloc_table)))) + (AND (st_length Object_alloc_table) + (t_length this_0 Object_alloc_table TestNonNull_t))))) (<= 3 (offset_max Object_alloc_table t))))))) -;; TestNonNull_test_safety_po_2, File "HOME/tests/java/TestNonNull.jc", line 93, characters 17-33 +;; TestNonNull_test_safety_po_2, File "HOME/tests/java/TestNonNull.jc", line 97, characters 17-33 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4385,7 +4485,8 @@ (valid_struct_TestNonNull this_0 0 0 Object_alloc_table TestNonNull_t) (AND (>= (+ (offset_max Object_alloc_table t) 1) 4) - (st_length Object_alloc_table)))) + (AND (st_length Object_alloc_table) + (t_length this_0 Object_alloc_table TestNonNull_t))))) (IMPLIES (<= 3 (offset_max Object_alloc_table t)) (FORALL (result) (IMPLIES (EQ result (select intM_intP (shift t 3))) @@ -4393,7 +4494,7 @@ (IMPLIES (EQ (integer_of_int32 result0) 1) (<= 2 (offset_max Object_alloc_table t))))))))))))) -;; TestNonNull_test_safety_po_3, File "HOME/tests/java/TestNonNull.java", line 28, characters 1-6 +;; TestNonNull_test_safety_po_3, File "HOME/tests/java/TestNonNull.java", line 57, characters 1-6 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4404,7 +4505,8 @@ (valid_struct_TestNonNull this_0 0 0 Object_alloc_table TestNonNull_t) (AND (>= (+ (offset_max Object_alloc_table t) 1) 4) - (st_length Object_alloc_table)))) + (AND (st_length Object_alloc_table) + (t_length this_0 Object_alloc_table TestNonNull_t))))) (IMPLIES (<= 3 (offset_max Object_alloc_table t)) (FORALL (result) (IMPLIES (EQ result (select intM_intP (shift t 3))) @@ -4423,7 +4525,7 @@ (IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t 3) result2)) (<= 3 (offset_max Object_alloc_table TestNonNull_st)))))))))))))))))))))))) -;; TestNonNull_test_safety_po_4, File "HOME/tests/java/TestNonNull.java", line 23, characters 9-13 +;; TestNonNull_test_safety_po_4, File "HOME/tests/java/TestNonNull.java", line 52, characters 9-13 (FORALL (this_0) (FORALL (t) (FORALL (Object_alloc_table) @@ -4434,7 +4536,8 @@ (valid_struct_TestNonNull this_0 0 0 Object_alloc_table TestNonNull_t) (AND (>= (+ (offset_max Object_alloc_table t) 1) 4) - (st_length Object_alloc_table)))) + (AND (st_length Object_alloc_table) + (t_length this_0 Object_alloc_table TestNonNull_t))))) (IMPLIES (<= 3 (offset_max Object_alloc_table t)) (FORALL (result) (IMPLIES (EQ result (select intM_intP (shift t 3))) @@ -4456,7 +4559,41 @@ (IMPLIES (EQ result3 (select intM_intP1 (shift TestNonNull_st 3))) (st_length Object_alloc_table)))))))))))))))))))))))))) -;; cons_TestNonNull_ensures_default_po_1, File "HOME/tests/java/TestNonNull.java", line 18, characters 12-25 +;; TestNonNull_test_safety_po_5, File "HOME/tests/java/TestNonNull.java", line 52, characters 9-13 +(FORALL (this_0) +(FORALL (t) +(FORALL (Object_alloc_table) +(FORALL (TestNonNull_t) +(FORALL (intM_intP) +(IMPLIES (AND (valid_struct_intM t 0 (- 0 1) Object_alloc_table) + (AND + (valid_struct_TestNonNull + this_0 0 0 Object_alloc_table TestNonNull_t) + (AND (>= (+ (offset_max Object_alloc_table t) 1) 4) + (AND (st_length Object_alloc_table) + (t_length this_0 Object_alloc_table TestNonNull_t))))) +(IMPLIES (<= 3 (offset_max Object_alloc_table t)) +(FORALL (result) +(IMPLIES (EQ result (select intM_intP (shift t 3))) +(FORALL (result0) +(IMPLIES (EQ (integer_of_int32 result0) 1) +(IMPLIES (<= 2 (offset_max Object_alloc_table t)) +(FORALL (intM_intP0) +(IMPLIES (EQ intM_intP0 (|why__store| intM_intP (shift t 2) result0)) +(IMPLIES (<= 2 (offset_max Object_alloc_table t)) +(FORALL (result1) +(IMPLIES (EQ result1 (select intM_intP0 (shift t 2))) +(FORALL (result2) +(IMPLIES (EQ (integer_of_int32 result2) 1) +(IMPLIES (<= 3 (offset_max Object_alloc_table t)) +(FORALL (intM_intP1) +(IMPLIES (EQ intM_intP1 (|why__store| intM_intP0 (shift t 3) result2)) +(IMPLIES (<= 3 (offset_max Object_alloc_table TestNonNull_st)) +(FORALL (result3) +(IMPLIES (EQ result3 (select intM_intP1 (shift TestNonNull_st 3))) +(t_length this_0 Object_alloc_table TestNonNull_t)))))))))))))))))))))))))) + +;; cons_TestNonNull_ensures_default_po_1, File "HOME/tests/java/TestNonNull.java", line 47, characters 12-25 (FORALL (this_1) (FORALL (Object_alloc_table) (FORALL (TestNonNull_t) @@ -4469,16 +4606,16 @@ (FORALL (result) (FORALL (Object_alloc_table0) (FORALL (Object_tag_table) -(IMPLIES (AND (strict_valid_struct_intM result 0 (- 3 1) Object_alloc_table0) +(IMPLIES (AND (strict_valid_struct_intM result 0 (- 5 1) Object_alloc_table0) (AND (EQ (alloc_extends Object_alloc_table Object_alloc_table0) |@true|) - (AND (alloc_fresh Object_alloc_table result 3) + (AND (alloc_fresh Object_alloc_table result 5) (instanceof Object_tag_table result intM_tag)))) (FORALL (TestNonNull_t1) (IMPLIES (EQ TestNonNull_t1 (|why__store| TestNonNull_t0 this_1 result)) -(EQ (+ (offset_max Object_alloc_table0 (select TestNonNull_t1 this_1)) 1) 3))))))))))))) +(EQ (+ (offset_max Object_alloc_table0 (select TestNonNull_t1 this_1)) 1) 5))))))))))))) -;; cons_TestNonNull_safety_po_1, File "HOME/tests/java/TestNonNull.jc", line 82, characters 23-34 +;; cons_TestNonNull_safety_po_1, File "HOME/tests/java/TestNonNull.jc", line 86, characters 23-34 (FORALL (this_1) (FORALL (Object_alloc_table) (FORALL (TestNonNull_t) @@ -4488,9 +4625,9 @@ (st_length Object_alloc_table)) (FORALL (TestNonNull_t0) (IMPLIES (EQ TestNonNull_t0 (|why__store| TestNonNull_t this_1 null)) -(>= 3 0))))))) +(>= 5 0))))))) -;; cons_TestNonNull_safety_po_2, File "why/TestNonNull.why", line 922, characters 14-68 +;; cons_TestNonNull_safety_po_2, File "why/TestNonNull.why", line 817, characters 14-68 (FORALL (this_1) (FORALL (Object_alloc_table) (FORALL (TestNonNull_t) @@ -4500,18 +4637,18 @@ (st_length Object_alloc_table)) (FORALL (TestNonNull_t0) (IMPLIES (EQ TestNonNull_t0 (|why__store| TestNonNull_t this_1 null)) -(IMPLIES (>= 3 0) +(IMPLIES (>= 5 0) (FORALL (result) (FORALL (Object_alloc_table0) (FORALL (Object_tag_table) -(IMPLIES (AND (strict_valid_struct_intM result 0 (- 3 1) Object_alloc_table0) +(IMPLIES (AND (strict_valid_struct_intM result 0 (- 5 1) Object_alloc_table0) (AND (EQ (alloc_extends Object_alloc_table Object_alloc_table0) |@true|) - (AND (alloc_fresh Object_alloc_table result 3) + (AND (alloc_fresh Object_alloc_table result 5) (instanceof Object_tag_table result intM_tag)))) (>= (offset_max Object_alloc_table0 result) (- 0 1))))))))))))) -;; cons_TestNonNull_safety_po_3, File "HOME/tests/java/TestNonNull.java", line 16, characters 4-15 +;; cons_TestNonNull_safety_po_3, File "HOME/tests/java/TestNonNull.java", line 45, characters 4-15 (FORALL (this_1) (FORALL (Object_alloc_table) (FORALL (TestNonNull_t) @@ -4521,31 +4658,58 @@ (st_length Object_alloc_table)) (FORALL (TestNonNull_t0) (IMPLIES (EQ TestNonNull_t0 (|why__store| TestNonNull_t this_1 null)) -(IMPLIES (>= 3 0) +(IMPLIES (>= 5 0) (FORALL (result) (FORALL (Object_alloc_table0) (FORALL (Object_tag_table) -(IMPLIES (AND (strict_valid_struct_intM result 0 (- 3 1) Object_alloc_table0) +(IMPLIES (AND (strict_valid_struct_intM result 0 (- 5 1) Object_alloc_table0) (AND (EQ (alloc_extends Object_alloc_table Object_alloc_table0) |@true|) - (AND (alloc_fresh Object_alloc_table result 3) + (AND (alloc_fresh Object_alloc_table result 5) (instanceof Object_tag_table result intM_tag)))) (IMPLIES (>= (offset_max Object_alloc_table0 result) (- 0 1)) (FORALL (TestNonNull_t1) (IMPLIES (EQ TestNonNull_t1 (|why__store| TestNonNull_t0 this_1 result)) (IMPLIES (EQ (+ (offset_max Object_alloc_table0 (select TestNonNull_t1 this_1)) 1) - 3) + 5) (st_length Object_alloc_table0)))))))))))))))) +;; cons_TestNonNull_safety_po_4, File "HOME/tests/java/TestNonNull.java", line 45, characters 4-15 +(FORALL (this_1) +(FORALL (Object_alloc_table) +(FORALL (TestNonNull_t) +(IMPLIES (AND + (valid_struct_TestNonNull + this_1 0 0 Object_alloc_table TestNonNull_t) + (st_length Object_alloc_table)) +(FORALL (TestNonNull_t0) +(IMPLIES (EQ TestNonNull_t0 (|why__store| TestNonNull_t this_1 null)) +(IMPLIES (>= 5 0) +(FORALL (result) +(FORALL (Object_alloc_table0) +(FORALL (Object_tag_table) +(IMPLIES (AND (strict_valid_struct_intM result 0 (- 5 1) Object_alloc_table0) + (AND + (EQ (alloc_extends Object_alloc_table Object_alloc_table0) |@true|) + (AND (alloc_fresh Object_alloc_table result 5) + (instanceof Object_tag_table result intM_tag)))) +(IMPLIES (>= (offset_max Object_alloc_table0 result) (- 0 1)) +(FORALL (TestNonNull_t1) +(IMPLIES (EQ TestNonNull_t1 (|why__store| TestNonNull_t0 this_1 result)) +(IMPLIES (EQ (+ (offset_max + Object_alloc_table0 (select TestNonNull_t1 this_1)) 1) + 5) +(t_length this_1 Object_alloc_table0 TestNonNull_t1)))))))))))))))) + ========== running Simplify ========== Running Simplify on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -simplify/TestNonNull_why.sx : .......? (7/0/1/0/0) -total : 8 -valid : 7 ( 88%) +simplify/TestNonNull_why.sx : ........?. (9/0/1/0/0) +total : 10 +valid : 9 ( 90%) invalid : 0 ( 0%) -unknown : 1 ( 12%) +unknown : 1 ( 10%) timeout : 0 ( 0%) failure : 0 ( 0%) ========== generation of alt-ergo VC output ========== @@ -5502,7 +5666,7 @@ predicate Non_null_Object(x_1: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, - x_1) = 0) + x_1) >= 0) predicate Non_null_intM(x_0: Object pointer, Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, @@ -5550,6 +5714,10 @@ ((((-128) <= x) and (x <= 127)) -> (integer_of_byte(byte_of_integer(x)) = x))) +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + axiom byte_range: (forall x:byte. (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) @@ -5562,6 +5730,10 @@ (forall x:int. (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + axiom char_range: (forall x:char. ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) @@ -5592,6 +5764,11 @@ ((((-2147483648) <= x) and (x <= 2147483647)) -> (integer_of_int32(int32_of_integer(x)) = x))) +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + axiom int32_range: (forall x:int32. (((-2147483648) <= integer_of_int32(x)) and @@ -5655,6 +5832,10 @@ ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> (integer_of_long(long_of_integer(x)) = x))) +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + axiom long_range: (forall x:long. (((-9223372036854775808) <= integer_of_long(x)) and @@ -5706,6 +5887,11 @@ ((((-32768) <= x) and (x <= 32767)) -> (integer_of_short(short_of_integer(x)) = x))) +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + axiom short_range: (forall x:short. (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) @@ -5756,35 +5942,10 @@ ((offset_min(interface_alloc_table, p) = a) and (offset_max(interface_alloc_table, p) = b)) -predicate valid_bitvector_struct_Object(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) - -predicate valid_bitvector_struct_Exception(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_String(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_TestNonNull(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_Throwable(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_intM(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = valid_bitvector_struct_Object(p, - a, b, bitvector_alloc_table) - -predicate valid_bitvector_struct_interface(p: unit pointer, a: int, b: int, - bitvector_alloc_table: unit alloc_table) = - ((offset_min(bitvector_alloc_table, p) = a) and - (offset_max(bitvector_alloc_table, p) = b)) +predicate t_length(this: Object pointer, + Object_alloc_table: Object alloc_table, TestNonNull_t: (Object, + Object pointer) memory) = ((offset_max(Object_alloc_table, + select(TestNonNull_t, this)) + 1) >= 4) predicate valid_root_Object(p: Object pointer, a: int, b: int, Object_alloc_table: Object alloc_table) = @@ -5837,9 +5998,10 @@ (valid_struct_intM(t, 0, (-1), Object_alloc_table) and (valid_struct_TestNonNull(this_0, 0, 0, Object_alloc_table, TestNonNull_t) and - ("JC_57": - (("JC_55": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and - ("JC_56": st_length(Object_alloc_table)))))) -> + ("JC_68": + (("JC_66": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and + (("JC_67": st_length(Object_alloc_table)) and t_length(this_0, + Object_alloc_table, TestNonNull_t)))))) -> (3 <= offset_max(Object_alloc_table, t)) goal TestNonNull_test_safety_po_2: @@ -5853,9 +6015,10 @@ (valid_struct_intM(t, 0, (-1), Object_alloc_table) and (valid_struct_TestNonNull(this_0, 0, 0, Object_alloc_table, TestNonNull_t) and - ("JC_57": - (("JC_55": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and - ("JC_56": st_length(Object_alloc_table)))))) -> + ("JC_68": + (("JC_66": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and + (("JC_67": st_length(Object_alloc_table)) and t_length(this_0, + Object_alloc_table, TestNonNull_t)))))) -> (3 <= offset_max(Object_alloc_table, t)) -> forall result:int32. (result = select(intM_intP, shift(t, 3))) -> @@ -5874,9 +6037,10 @@ (valid_struct_intM(t, 0, (-1), Object_alloc_table) and (valid_struct_TestNonNull(this_0, 0, 0, Object_alloc_table, TestNonNull_t) and - ("JC_57": - (("JC_55": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and - ("JC_56": st_length(Object_alloc_table)))))) -> + ("JC_68": + (("JC_66": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and + (("JC_67": st_length(Object_alloc_table)) and t_length(this_0, + Object_alloc_table, TestNonNull_t)))))) -> (3 <= offset_max(Object_alloc_table, t)) -> forall result:int32. (result = select(intM_intP, shift(t, 3))) -> @@ -5908,9 +6072,48 @@ (valid_struct_intM(t, 0, (-1), Object_alloc_table) and (valid_struct_TestNonNull(this_0, 0, 0, Object_alloc_table, TestNonNull_t) and - ("JC_57": - (("JC_55": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and - ("JC_56": st_length(Object_alloc_table)))))) -> + ("JC_68": + (("JC_66": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and + (("JC_67": st_length(Object_alloc_table)) and t_length(this_0, + Object_alloc_table, TestNonNull_t)))))) -> + (3 <= offset_max(Object_alloc_table, t)) -> + forall result:int32. + (result = select(intM_intP, shift(t, 3))) -> + forall result0:int32. + (integer_of_int32(result0) = 1) -> + (2 <= offset_max(Object_alloc_table, t)) -> + forall intM_intP0:(Object, + int32) memory. + (intM_intP0 = store(intM_intP, shift(t, 2), result0)) -> + (2 <= offset_max(Object_alloc_table, t)) -> + forall result1:int32. + (result1 = select(intM_intP0, shift(t, 2))) -> + forall result2:int32. + (integer_of_int32(result2) = 1) -> + (3 <= offset_max(Object_alloc_table, t)) -> + forall intM_intP1:(Object, + int32) memory. + (intM_intP1 = store(intM_intP0, shift(t, 3), result2)) -> + (3 <= offset_max(Object_alloc_table, TestNonNull_st)) -> + forall result3:int32. + (result3 = select(intM_intP1, shift(TestNonNull_st, 3))) -> + ("JC_73": ("JC_72": st_length(Object_alloc_table))) + +goal TestNonNull_test_safety_po_5: + forall this_0:Object pointer. + forall t:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall TestNonNull_t:(Object, + Object pointer) memory. + forall intM_intP:(Object, + int32) memory. + (valid_struct_intM(t, 0, (-1), Object_alloc_table) and + (valid_struct_TestNonNull(this_0, 0, 0, Object_alloc_table, + TestNonNull_t) and + ("JC_68": + (("JC_66": ((offset_max(Object_alloc_table, t) + 1) >= 4)) and + (("JC_67": st_length(Object_alloc_table)) and t_length(this_0, + Object_alloc_table, TestNonNull_t)))))) -> (3 <= offset_max(Object_alloc_table, t)) -> forall result:int32. (result = select(intM_intP, shift(t, 3))) -> @@ -5932,7 +6135,7 @@ (3 <= offset_max(Object_alloc_table, TestNonNull_st)) -> forall result3:int32. (result3 = select(intM_intP1, shift(TestNonNull_st, 3))) -> - ("JC_61": st_length(Object_alloc_table)) + ("JC_73": t_length(this_0, Object_alloc_table, TestNonNull_t)) goal cons_TestNonNull_ensures_default_po_1: forall this_1:Object pointer. @@ -5940,23 +6143,22 @@ forall TestNonNull_t:(Object, Object pointer) memory. (valid_struct_TestNonNull(this_1, 0, 0, Object_alloc_table, - TestNonNull_t) and ("JC_40": st_length(Object_alloc_table))) -> + TestNonNull_t) and ("JC_49": st_length(Object_alloc_table))) -> forall TestNonNull_t0:(Object, Object pointer) memory. (TestNonNull_t0 = store(TestNonNull_t, this_1, null)) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. - (strict_valid_struct_intM(result, 0, (3 - 1), Object_alloc_table0) and + (strict_valid_struct_intM(result, 0, (5 - 1), Object_alloc_table0) and (alloc_extends(Object_alloc_table, Object_alloc_table0) and - (alloc_fresh(Object_alloc_table, result, 3) and + (alloc_fresh(Object_alloc_table, result, 5) and instanceof(Object_tag_table, result, intM_tag)))) -> forall TestNonNull_t1:(Object, Object pointer) memory. (TestNonNull_t1 = store(TestNonNull_t0, this_1, result)) -> - ("JC_50": - ("JC_50": ((offset_max(Object_alloc_table0, select(TestNonNull_t1, - this_1)) + 1) = 3))) + ("JC_61": ((offset_max(Object_alloc_table0, select(TestNonNull_t1, + this_1)) + 1) = 5)) goal cons_TestNonNull_safety_po_1: forall this_1:Object pointer. @@ -5964,11 +6166,11 @@ forall TestNonNull_t:(Object, Object pointer) memory. (valid_struct_TestNonNull(this_1, 0, 0, Object_alloc_table, - TestNonNull_t) and ("JC_40": st_length(Object_alloc_table))) -> + TestNonNull_t) and ("JC_49": st_length(Object_alloc_table))) -> forall TestNonNull_t0:(Object, Object pointer) memory. (TestNonNull_t0 = store(TestNonNull_t, this_1, null)) -> - (3 >= 0) + (5 >= 0) goal cons_TestNonNull_safety_po_2: forall this_1:Object pointer. @@ -5976,17 +6178,17 @@ forall TestNonNull_t:(Object, Object pointer) memory. (valid_struct_TestNonNull(this_1, 0, 0, Object_alloc_table, - TestNonNull_t) and ("JC_40": st_length(Object_alloc_table))) -> + TestNonNull_t) and ("JC_49": st_length(Object_alloc_table))) -> forall TestNonNull_t0:(Object, Object pointer) memory. (TestNonNull_t0 = store(TestNonNull_t, this_1, null)) -> - (3 >= 0) -> + (5 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. - (strict_valid_struct_intM(result, 0, (3 - 1), Object_alloc_table0) and + (strict_valid_struct_intM(result, 0, (5 - 1), Object_alloc_table0) and (alloc_extends(Object_alloc_table, Object_alloc_table0) and - (alloc_fresh(Object_alloc_table, result, 3) and + (alloc_fresh(Object_alloc_table, result, 5) and instanceof(Object_tag_table, result, intM_tag)))) -> (offset_max(Object_alloc_table0, result) >= (-1)) @@ -5996,33 +6198,59 @@ forall TestNonNull_t:(Object, Object pointer) memory. (valid_struct_TestNonNull(this_1, 0, 0, Object_alloc_table, - TestNonNull_t) and ("JC_40": st_length(Object_alloc_table))) -> + TestNonNull_t) and ("JC_49": st_length(Object_alloc_table))) -> + forall TestNonNull_t0:(Object, + Object pointer) memory. + (TestNonNull_t0 = store(TestNonNull_t, this_1, null)) -> + (5 >= 0) -> + forall result:Object pointer. + forall Object_alloc_table0:Object alloc_table. + forall Object_tag_table:Object tag_table. + (strict_valid_struct_intM(result, 0, (5 - 1), Object_alloc_table0) and + (alloc_extends(Object_alloc_table, Object_alloc_table0) and + (alloc_fresh(Object_alloc_table, result, 5) and + instanceof(Object_tag_table, result, intM_tag)))) -> + (offset_max(Object_alloc_table0, result) >= (-1)) -> + forall TestNonNull_t1:(Object, + Object pointer) memory. + (TestNonNull_t1 = store(TestNonNull_t0, this_1, result)) -> + ("JC_59": ((offset_max(Object_alloc_table0, select(TestNonNull_t1, + this_1)) + 1) = 5)) -> + ("JC_54": ("JC_53": st_length(Object_alloc_table0))) + +goal cons_TestNonNull_safety_po_4: + forall this_1:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall TestNonNull_t:(Object, + Object pointer) memory. + (valid_struct_TestNonNull(this_1, 0, 0, Object_alloc_table, + TestNonNull_t) and ("JC_49": st_length(Object_alloc_table))) -> forall TestNonNull_t0:(Object, Object pointer) memory. (TestNonNull_t0 = store(TestNonNull_t, this_1, null)) -> - (3 >= 0) -> + (5 >= 0) -> forall result:Object pointer. forall Object_alloc_table0:Object alloc_table. forall Object_tag_table:Object tag_table. - (strict_valid_struct_intM(result, 0, (3 - 1), Object_alloc_table0) and + (strict_valid_struct_intM(result, 0, (5 - 1), Object_alloc_table0) and (alloc_extends(Object_alloc_table, Object_alloc_table0) and - (alloc_fresh(Object_alloc_table, result, 3) and + (alloc_fresh(Object_alloc_table, result, 5) and instanceof(Object_tag_table, result, intM_tag)))) -> (offset_max(Object_alloc_table0, result) >= (-1)) -> forall TestNonNull_t1:(Object, Object pointer) memory. (TestNonNull_t1 = store(TestNonNull_t0, this_1, result)) -> - ("JC_48": ((offset_max(Object_alloc_table0, select(TestNonNull_t1, - this_1)) + 1) = 3)) -> - ("JC_44": st_length(Object_alloc_table0)) + ("JC_59": ((offset_max(Object_alloc_table0, select(TestNonNull_t1, + this_1)) + 1) = 5)) -> + ("JC_54": t_length(this_1, Object_alloc_table0, TestNonNull_t1)) ========== running alt-ergo ========== Running Alt-Ergo on proof obligations (. = valid * = invalid ? = unknown # = timeout ! = failure) -why/TestNonNull_why.why : .......# (7/0/0/1/0) -total : 8 -valid : 7 ( 88%) +why/TestNonNull_why.why : ........#. (9/0/0/1/0) +total : 10 +valid : 9 ( 90%) invalid : 0 ( 0%) unknown : 0 ( 0%) -timeout : 1 ( 12%) +timeout : 1 ( 10%) failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/oracle/TreeMax.res.oracle why-2.30+dfsg/tests/java/oracle/TreeMax.res.oracle --- why-2.29+dfsg/tests/java/oracle/TreeMax.res.oracle 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/oracle/TreeMax.res.oracle 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,7866 @@ +========== file tests/java/TreeMax.java ========== + +//@+ TerminationPolicy = user + +/*@ axiomatic integer_max { + @ logic integer max(integer x, integer y); + @ axiom max_is_ge : \forall integer x y; max(x,y) >= x && max(x,y) >= y; + @ axiom max_is_some : \forall integer x y; max(x,y) == x || max(x,y) == y; + @ } + @*/ + +class Int { + //@ ensures \result == max(x,y); + public static int max(int x, int y); +} + +/*@ axiomatic Mem { + @ predicate mem{L}(int x, Tree t); + @ axiom mem_null{L}: \forall int x; ! mem(x,null); + @ axiom mem_root{L}: \forall Tree t; t != null ==> + @ mem(t.value,t); + @ axiom mem_root_eq{L}: \forall int x, Tree t; t != null ==> + @ x==t.value ==> mem(x,t); + @ axiom mem_left{L}: \forall int x, Tree t; t != null ==> + @ mem(x,t.left) ==> mem(x,t); + @ axiom mem_right{L}: \forall int x, Tree t; t != null ==> + @ mem(x,t.right) ==> mem(x,t); + @ axiom mem_inversion{L}: \forall int x, Tree t; + @ mem(x,t) ==> t != null && + @ (x==t.value || mem(x,t.left) || mem(x,t.right)); + @ } + @*/ + +/* attempt to prove termination, not succesful yet */ +/* axiomatic Finite { + @ predicate has_size{L}(Tree t, integer s); + @ axiom has_size_null{L}: has_size(null,0); + @ axiom has_size_non_null{L}: \forall Tree t; t != null ==> + @ \forall integer s1 s2; + @ has_size(t.left,s1) && has_size(t.right,s2) ==> + @ has_size(t,s1+s2+1) ; + @ axiom has_size_inversion{L}: \forall Tree t, integer s; + @ has_size(t,s) ==> + @ (t == null && s == 0) || + @ (t != null && \exists integer s1 s2; + @ has_size(t.left,s1) && has_size(t.right,s2) && + @ 0 <= s1 && 0 <= s2 && s == s1+s2+1) ; + @ predicate size_decreases{L}(Tree t1, Tree t2) = + @ \exists integer s1 s2; has_size(t1,s1) && has_size(t2,s2) && s1 > s2; + @ } + @*/ + +class Tree { + + int value; + Tree left; + Tree right; + + /*@ // requires \exists integer s; has_size(this,s); + @ // decreases this for size_decreases; + @ ensures mem(\result,this) && + @ \forall int x; mem(x,this) ==> \result >= x; + @*/ + int tree_max() { + int m = value; + if (left != null) m = Int.max(m,left.tree_max()); + if (right != null) m = Int.max(m,right.tree_max()); + return m; + } + +} + +========== krakatoa execution ========== +Parsing OK. +Typing OK. +Generating JC function Int_max for method Int.max +Generating JC function cons_Int for constructor Int +Generating JC function Tree_tree_max for method Tree.tree_max +Generating JC function cons_Tree for constructor Tree +Generating JC function Object_registerNatives for method Object.registerNatives +Generating JC function Object_hashCode for method Object.hashCode +Generating JC function Object_equals for method Object.equals +Generating JC function Object_clone for method Object.clone +Generating JC function Object_toString for method Object.toString +Generating JC function Object_notify for method Object.notify +Generating JC function Object_notifyAll for method Object.notifyAll +Generating JC function Object_wait_long for method Object.wait +Generating JC function Object_wait_long_int for method Object.wait +Generating JC function Object_wait for method Object.wait +Generating JC function Object_finalize for method Object.finalize +Generating JC function cons_Object for constructor Object +Done. +========== file tests/java/TreeMax.jc ========== +# InvariantPolicy = Arguments +# TerminationPolicy = user +# SeparationPolicy = None +# AnnotationPolicy = None +# AbstractDomain = None + +type byte = -128..127 + +type short = -32768..32767 + +type int32 = -2147483648..2147483647 + +type long = -9223372036854775808..9223372036854775807 + +type char = 0..65535 + +predicate Non_null_Object{Here}(Object[0..] x) = +(\offset_max(x) >= 0) + +String[0..] any_string() +; + +tag Object = { +} + +tag String = Object with { +} + +tag Throwable = Object with { +} + +tag Exception = Object with { +} + +tag Int = Object with { +} + +tag Tree = Object with { + int32 value; + Tree[0..] left; + Tree[0..] right; +} + +type Object = [Object] + +type interface = [interface] + +tag interface = { +} + +boolean non_null_Object(! Object[0..] x) +behavior normal: + ensures (if \result then (\offset_max(x) == 0) else (x == null)); +; + +axiomatic integer_max { + + logic integer max(integer x, integer y) + + axiom max_is_some : + (\forall integer x_1; + (\forall integer y_1; + ((max(x_1, y_1) == x_1) || (max(x_1, y_1) == y_1)))) + + axiom max_is_ge : + (\forall integer x_0; + (\forall integer y_0; + ((max(x_0, y_0) >= x_0) && (max(x_0, y_0) >= y_0)))) + +} + +axiomatic Mem { + + predicate mem{L}(int32 x_3, Tree[0..] t) + + axiom mem_inversion{L} : + (\forall int32 x_8; + (\forall Tree[0] t_4; + (mem{L}(x_8, t_4) ==> + (Non_null_Object(t_4) && + (((x_8 == t_4.value) || mem{L}(x_8, t_4.left)) || + mem{L}(x_8, t_4.right)))))) + + axiom mem_right{L} : + (\forall int32 x_7; + (\forall Tree[0] t_3; + (Non_null_Object(t_3) ==> + (mem{L}(x_7, t_3.right) ==> mem{L}(x_7, t_3))))) + + axiom mem_left{L} : + (\forall int32 x_6; + (\forall Tree[0] t_2; + (Non_null_Object(t_2) ==> (mem{L}(x_6, t_2.left) ==> mem{L}(x_6, t_2))))) + + axiom mem_root_eq{L} : + (\forall int32 x_5; + (\forall Tree[0] t_1; + (Non_null_Object(t_1) ==> ((x_5 == t_1.value) ==> mem{L}(x_5, t_1))))) + + axiom mem_root{L} : + (\forall Tree[0] t_0; + (Non_null_Object(t_0) ==> mem{L}(t_0.value, t_0))) + + axiom mem_null{L} : + (\forall int32 x_4; + (! mem{L}(x_4, null))) + +} + +exception Throwable of Throwable[0..] + +exception Exception of Exception[0..] + +int32 Int_max(int32 x_2, int32 y_2) +behavior default: + ensures (K_1 : (\result == max(x_2, y_2))); +; + +unit cons_Int(! Int[0] this_0){()} + +int32 Tree_tree_max(Tree[0] this_2) +behavior default: + ensures (K_4 : ((K_3 : mem{Here}(\result, this_2)) && + (K_2 : (\forall int32 x_9; + (mem{Here}(x_9, this_2) ==> (\result >= x_9)))))); +{ + { + (var int32 m = (K_13 : this_2.value)); + + { (if non_null_Object((K_8 : this_2.left)) then (m = (K_7 : Int_max( + m, + (K_6 : Tree_tree_max( + (K_5 : this_2.left)))))) else ()); + (if non_null_Object((K_12 : this_2.right)) then (m = (K_11 : Int_max( + m, + (K_10 : Tree_tree_max( + (K_9 : this_2.right)))))) else ()); + + (return m) + } + } +} + +unit cons_Tree(! Tree[0] this_4) +{ (this_4.value = 0); + (this_4.left = null); + (this_4.right = null) +} + +unit Object_registerNatives() +; + +int32 Object_hashCode(Object[0] this_5) +; + +boolean Object_equals(Object[0] this_6, Object[0..] obj) +; + +Object[0..] Object_clone(Object[0] this_7) +; + +String[0..] Object_toString(Object[0] this_8) +; + +unit Object_notify(Object[0] this_9) +; + +unit Object_notifyAll(Object[0] this_10) +; + +unit Object_wait_long(Object[0] this_11, long timeout) +; + +unit Object_wait_long_int(Object[0] this_12, long timeout_0, int32 nanos) +; + +unit Object_wait(Object[0] this_13) +; + +unit Object_finalize(Object[0] this_14) +; + +unit cons_Object(! Object[0] this_15){()} + +/* +Local Variables: +mode: java +compile-command: "jessie -why-opt -split-user-conj -locs tests/java/TreeMax.jloc tests/java/TreeMax.jc && make -f tests/java/TreeMax.makefile gui" +End: +*/ +========== file tests/java/TreeMax.jloc ========== +[K_10] +file = "HOME/tests/java/TreeMax.java" +line = 66 +begin = 41 +end = 57 + +[K_11] +file = "HOME/tests/java/TreeMax.java" +line = 66 +begin = 31 +end = 58 + +[K_12] +file = "HOME/tests/java/TreeMax.java" +line = 66 +begin = 12 +end = 17 + +[K_13] +file = "HOME/tests/java/TreeMax.java" +line = 64 +begin = 16 +end = 21 + +[mem_left] +name = "Lemma mem_left" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[K_1] +file = "HOME/tests/java/TreeMax.java" +line = 12 +begin = 16 +end = 35 + +[K_2] +file = "HOME/tests/java/TreeMax.java" +line = 61 +begin = 10 +end = 53 + +[K_3] +file = "HOME/tests/java/TreeMax.java" +line = 60 +begin = 16 +end = 33 + +[mem_null] +name = "Lemma mem_null" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[Object_equals] +name = "Method equals" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[K_4] +file = "HOME/tests/java/TreeMax.java" +line = 60 +begin = 16 +end = 90 + +[K_5] +file = "HOME/tests/java/TreeMax.java" +line = 65 +begin = 40 +end = 44 + +[K_6] +file = "HOME/tests/java/TreeMax.java" +line = 65 +begin = 40 +end = 55 + +[cons_Int] +name = "Constructor of class Int" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[K_7] +file = "HOME/tests/java/TreeMax.java" +line = 65 +begin = 30 +end = 56 + +[K_8] +file = "HOME/tests/java/TreeMax.java" +line = 65 +begin = 12 +end = 16 + +[K_9] +file = "HOME/tests/java/TreeMax.java" +line = 66 +begin = 41 +end = 46 + +[Object_notify] +name = "Method notify" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[cons_Object] +name = "Constructor of class Object" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[mem_root] +name = "Lemma mem_root" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[Object_wait_long_int] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[mem_right] +name = "Lemma mem_right" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[max_is_ge] +name = "Lemma max_is_ge" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[Object_wait_long] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[Object_hashCode] +name = "Method hashCode" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[Object_notifyAll] +name = "Method notifyAll" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[Int_max] +name = "Method max" +file = "HOME/tests/java/TreeMax.java" +line = 13 +begin = 22 +end = 25 + +[Object_toString] +name = "Method toString" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[Object_registerNatives] +name = "Method registerNatives" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[max_is_some] +name = "Lemma max_is_some" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[Object_clone] +name = "Method clone" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[Tree_tree_max] +name = "Method tree_max" +file = "HOME/tests/java/TreeMax.java" +line = 63 +begin = 8 +end = 16 + +[Object_wait] +name = "Method wait" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[mem_root_eq] +name = "Lemma mem_root_eq" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[cons_Tree] +name = "Constructor of class Tree" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[mem_inversion] +name = "Lemma mem_inversion" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[Object_finalize] +name = "Method finalize" +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +========== jessie execution ========== +Generating Why function cons_Int +Generating Why function Tree_tree_max +Generating Why function cons_Tree +Generating Why function cons_Object +========== file tests/java/TreeMax.makefile ========== +# this makefile was automatically generated; do not edit + +TIMEOUT ?= 10 + +DP ?= why-dp -timeout $(TIMEOUT) +WHYEXEC ?= why +GWHYEXEC ?= gwhy-bin +WHYLIB ?= HOME/lib + +WHY=WHYLIB=$(WHYLIB) $(WHYEXEC) $(WHYOPT) -split-user-conj -explain -locs TreeMax.loc + +GWHY=WHYLIB=$(WHYLIB) $(GWHYEXEC) $(WHYOPT) -split-user-conj -explain -locs TreeMax.loc + +JESSIELIBFILES ?= $(WHYLIB)/why/jessie.why +JESSIE3LIB ?=$(WHYLIB)/why3 + +COQDEP = coqdep + +.PHONY: all coq pvs simplify vampire cvcl harvey smtlib zenon + +all: simplify/TreeMax_why.sx + +project: why/TreeMax.wpr + +why/%.wpr: WHYOPT=--project -dir why +why/%.wpr: why/%.why + @echo 'why --project [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +goals: why/TreeMax_ctx.why + +why/%_ctx.why: WHYOPT=--multi-why -dir why +why/%_ctx.why: why/%.why + @echo 'why --multi-why [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +coq: coq/TreeMax_why.vo + +coq/TreeMax_why.v: WHYOPT=-coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/TreeMax_why.v: why/TreeMax.why + @echo 'why -coq [...] why/TreeMax.why' && $(WHY) $(JESSIELIBFILES) why/TreeMax.why && rm -f coq/jessie_why.v + +coq-goals: goals coq/TreeMax_ctx_why.vo + for f in why/*_po*.why; do make -f TreeMax.makefile coq/`basename $$f .why`_why.v ; done + +coq/TreeMax_ctx_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export jessie_why." -coq-tactic "intuition" +coq/TreeMax_ctx_why.v: why/TreeMax_ctx.why + @echo 'why -coq [...] why/TreeMax_ctx.why' && $(WHY) why/TreeMax_ctx.why + +coq/%_why.v: WHYOPT=-no-pervasives -coq -dir coq -coq-preamble "Require Export TreeMax_ctx_why." -coq-tactic "intuition" +coq/%_why.v: why/%.why + @echo 'why -coq [...] why/$*.why' && $(WHY) why/TreeMax_ctx.why why/$*.why + +coq/%.vo: coq/%.v + coqc -I coq $< +coq/%_po_why.vo: coq/TreeMax_ctx_why.vo + +pvs: pvs/TreeMax_why.pvs + +pvs/%_why.pvs: WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@jessie" +pvs/%_why.pvs: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + +pvs/jessie_why.pvs:WHYOPT=-pvs -dir pvs -pvs-preamble "IMPORTING why@why" +pvs/jessie_why.pvs: + $(WHY) $(JESSIELIBFILES) + +isabelle: isabelle/TreeMax_why.thy + +isabelle/%_why.thy: WHYOPT=-isabelle -dir isabelle -isabelle-base-theory jessie_why +isabelle/%_why.thy: why/%.why + $(WHY) $(JESSIELIBFILES) why/$*.why + cp -f HOME/lib/isabelle/jessie_why.thy isabelle/ + +simplify: simplify/TreeMax_why.sx + @echo 'Running Simplify on proof obligations' && ($(DP) $^) + +simplify/%_why.sx: WHYOPT=-simplify -dir simplify +simplify/%_why.sx: why/%.why + @echo 'why -simplify [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +vampire: vampire/TreeMax_why.vp + @echo 'Running Vampire on proof obligations' && ($(DP) $^) + +vampire/%_why.vp: WHYOPT=-vampire -dir vampire +vampire/%_why.vp: why/%.why + @echo 'why -vampire [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +alt-ergo ergo: why/TreeMax_why.why + @echo 'Running Alt-Ergo on proof obligations' && ($(DP) $^) + +why/%_why.why: WHYOPT=-alt-ergo -dir why +why/%_why.why: why/%.why + @echo 'why -alt-ergo [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +gappa: gappa/TreeMax_why.gappa + @echo 'Running Gappa on proof obligations' && ($(DP) $^) + +gappa/%_why.gappa: WHYOPT=-gappa -dir gappa +gappa/%_why.gappa: why/%.why + @echo 'why -gappa [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +cvcl: cvcl/TreeMax_why.cvc + + @echo 'Running CVC Lite on proof obligations' && ($(DP) $^) + +cvcl/%_why.cvc: WHYOPT=-cvcl -dir cvcl +cvcl/%_why.cvc: why/%.why + @echo 'why -cvcl [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +harvey: harvey/TreeMax_why.rv + @echo 'Running haRVey on proof obligations' && ($(DP) $^) + +harvey/%_why.rv: WHYOPT=-harvey -dir harvey +harvey/%_why.rv: why/%.why + @echo 'why -harvey [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +zenon: zenon/TreeMax_why.znn + @echo 'Running Zenon on proof obligations' && ($(DP) $^) + +zenon/%_why.znn: WHYOPT=-zenon -dir zenon +zenon/%_why.znn: why/%.why + @echo 'why -zenon [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +smtlib: smtlib/TreeMax_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) $^) + +smtlib/%_why.smt: WHYOPT=-smtlib --encoding sstrat --exp goal -dir smtlib +smtlib/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +z3: smtlib/TreeMax_why.smt + @echo 'Running Z3 on proof obligations' && ($(DP) -smt-solver z3 $^) + +yices: smtlib/TreeMax_why.smt + @echo 'Running Yices on proof obligations' && ($(DP) -smt-solver yices $^) + +cvc3: smtlib/TreeMax_why.smt + @echo 'Running CVC3 on proof obligations' && ($(DP) -smt-solver cvc3 $^) + +smtlib-v1: smtlib-v1/TreeMax_why.smt +smtlib-v1/%_why.smt: WHYOPT=-smtlib --smtlib-v1 --encoding sstrat --exp goal -dir smtlib-v1 +smtlib-v1/%_why.smt: why/%.why + @echo 'why -smtlib [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why + +verit: smtlib-v1/TreeMax_why.smt + @echo 'Running VeriT on proof obligations' && ($(DP) -smt-solver verit $^) + +gui stat: TreeMax.stat + +%.stat: why/%.why + @echo 'gwhy-bin [...] why/$*.why' && $(GWHY) $(JESSIELIBFILES) why/$*.why + +why3: why/TreeMax_why3.why +why/%_why3.why: WHYOPT=-why3 +why/%_why3.why: why/%.why + @echo 'why -why3 [...] why/$*.why' && $(WHY) $(JESSIELIBFILES) why/$*.why +why3ide: why/TreeMax_why3.why + @echo 'why3ide [...] $<' && why3ide $< + +why3ml: TreeMax.mlw + @echo 'why3ml [...] $<' && why3ide -I $(JESSIE3LIB) $< + +-include TreeMax.depend + +depend: coq/TreeMax_why.v + -$(COQDEP) -I coq coq/TreeMax*_why.v > TreeMax.depend + +clean: + rm -f coq/*.vo + +========== file tests/java/TreeMax.loc ========== +[JC_90] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_91] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_92] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_40] +file = "HOME/tests/java/TreeMax.java" +line = 61 +begin = 10 +end = 53 + +[JC_93] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[JC_41] +file = "HOME/tests/java/TreeMax.java" +line = 60 +begin = 16 +end = 90 + +[JC_94] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_42] +file = "HOME/tests/java/TreeMax.java" +line = 60 +begin = 16 +end = 33 + +[JC_95] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 184 +begin = 28 +end = 33 + +[JC_43] +file = "HOME/tests/java/TreeMax.java" +line = 61 +begin = 10 +end = 53 + +[JC_96] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_44] +file = "HOME/tests/java/TreeMax.java" +line = 60 +begin = 16 +end = 90 + +[JC_150] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_97] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_45] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_151] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +[JC_98] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_46] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_1] +file = "HOME/tests/java/TreeMax.jc" +line = 20 +begin = 12 +end = 22 + +[JC_152] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_100] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_99] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_47] +kind = UserCall +file = "HOME/tests/java/TreeMax.jc" +line = 130 +begin = 13 +end = 49 + +[JC_2] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_153] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_101] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[JC_48] +kind = UserCall +file = "HOME/tests/java/TreeMax.java" +line = 65 +begin = 40 +end = 55 + +[JC_3] +file = "HOME/tests/java/TreeMax.jc" +line = 20 +begin = 12 +end = 22 + +[JC_154] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_102] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_49] +kind = IndexBounds +file = "HOME/tests/java/TreeMax.java" +line = 65 +begin = 40 +end = 55 + +[JC_4] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_155] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_103] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 207 +begin = 18 +end = 26 + +[JC_5] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_156] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_104] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_6] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_157] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_105] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_7] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_Object_safety] +name = "Constructor of class Object" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_158] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_106] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_8] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_159] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_107] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_9] +file = "HOME/tests/java/TreeMax.jc" +line = 51 +begin = 8 +end = 23 + +[JC_108] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[mem_left] +name = "Lemma mem_left" +behavior = "axiom" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[JC_109] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[JC_50] +kind = UserCall +file = "HOME/tests/java/TreeMax.java" +line = 65 +begin = 30 +end = 56 + +[JC_51] +kind = UserCall +file = "HOME/tests/java/TreeMax.jc" +line = 134 +begin = 13 +end = 51 + +[JC_52] +kind = UserCall +file = "HOME/tests/java/TreeMax.java" +line = 66 +begin = 41 +end = 57 + +[mem_null] +name = "Lemma mem_null" +behavior = "axiom" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[cons_Tree_safety] +name = "Constructor of class Tree" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_53] +kind = IndexBounds +file = "HOME/tests/java/TreeMax.java" +line = 66 +begin = 41 +end = 57 + +[JC_54] +kind = UserCall +file = "HOME/tests/java/TreeMax.java" +line = 66 +begin = 31 +end = 58 + +[JC_160] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_55] +kind = UserCall +file = "HOME/tests/java/TreeMax.jc" +line = 130 +begin = 13 +end = 49 + +[JC_161] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_56] +kind = UserCall +file = "HOME/tests/java/TreeMax.java" +line = 65 +begin = 40 +end = 55 + +[JC_162] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_110] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_57] +kind = UserCall +file = "HOME/tests/java/TreeMax.java" +line = 65 +begin = 30 +end = 56 + +[JC_163] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_111] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 243 +begin = 29 +end = 35 + +[JC_58] +kind = UserCall +file = "HOME/tests/java/TreeMax.jc" +line = 134 +begin = 13 +end = 51 + +[JC_164] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_112] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_59] +kind = UserCall +file = "HOME/tests/java/TreeMax.java" +line = 66 +begin = 41 +end = 57 + +[JC_113] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_114] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_115] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_116] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_117] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[Tree_tree_max_safety] +name = "Method tree_max" +behavior = "Safety" +file = "HOME/tests/java/TreeMax.java" +line = 63 +begin = 8 +end = 16 + +[JC_118] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_119] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 267 +begin = 29 +end = 38 + +[JC_60] +kind = UserCall +file = "HOME/tests/java/TreeMax.java" +line = 66 +begin = 31 +end = 58 + +[JC_61] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[mem_root] +name = "Lemma mem_root" +behavior = "axiom" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[JC_62] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_10] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_63] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_11] +file = "HOME/tests/java/TreeMax.jc" +line = 51 +begin = 8 +end = 23 + +[JC_64] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_12] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_65] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_13] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_66] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_14] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_120] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_67] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_15] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[mem_right] +name = "Lemma mem_right" +behavior = "axiom" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[JC_121] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_68] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_16] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[max_is_ge] +name = "Lemma max_is_ge" +behavior = "axiom" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[JC_122] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_69] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[JC_17] +file = "HOME/tests/java/TreeMax.jc" +line = 53 +begin = 11 +end = 65 + +[JC_123] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_18] +file = "HOME/tests/java/TreeMax.jc" +line = 53 +begin = 11 +end = 65 + +[JC_124] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_19] +file = "HOME/tests/java/TreeMax.java" +line = 13 +begin = 22 +end = 25 + +[JC_125] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[JC_126] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_127] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 333 +begin = 29 +end = 33 + +[JC_128] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_129] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[Tree_tree_max_ensures_default] +name = "Method tree_max" +behavior = "default behavior" +file = "HOME/tests/java/TreeMax.java" +line = 63 +begin = 8 +end = 16 + +[cons_Int_ensures_default] +name = "Constructor of class Int" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_70] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_71] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 22 +begin = 31 +end = 46 + +[cons_Tree_ensures_default] +name = "Constructor of class Tree" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_72] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_20] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_73] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_21] +file = "HOME/tests/java/TreeMax.java" +line = 13 +begin = 22 +end = 25 + +[JC_74] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_22] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_75] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_23] +file = "HOME/tests/java/TreeMax.java" +line = 12 +begin = 16 +end = 35 + +[JC_76] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_24] +file = "HOME/tests/java/TreeMax.java" +line = 12 +begin = 16 +end = 35 + +[cons_Object_ensures_default] +name = "Constructor of class Object" +behavior = "default behavior" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_130] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_77] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[JC_25] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_131] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_78] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_26] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_132] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_79] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 74 +begin = 22 +end = 30 + +[JC_27] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_133] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[JC_28] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_134] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_29] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_135] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 386 +begin = 22 +end = 26 + +[JC_136] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_137] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_138] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[max_is_some] +name = "Lemma max_is_some" +behavior = "axiom" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[JC_139] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_80] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_81] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_82] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_30] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[mem_root_eq] +name = "Lemma mem_root_eq" +behavior = "axiom" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[JC_83] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_31] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_84] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_32] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_85] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[JC_33] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_86] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_34] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_140] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_87] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 122 +begin = 19 +end = 25 + +[JC_35] +file = "HOME/tests/java/TreeMax.java" +line = 63 +begin = 8 +end = 16 + +[JC_141] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[JC_88] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_36] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_142] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_89] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_37] +file = "HOME/tests/java/TreeMax.java" +line = 63 +begin = 8 +end = 16 + +[JC_143] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 430 +begin = 22 +end = 26 + +[JC_38] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_144] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_39] +file = "HOME/tests/java/TreeMax.java" +line = 60 +begin = 16 +end = 33 + +[mem_inversion] +name = "Lemma mem_inversion" +behavior = "axiom" +file = "HOME/" +line = 0 +begin = 0 +end = 0 + +[JC_145] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_146] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[cons_Int_safety] +name = "Constructor of class Int" +behavior = "Safety" +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_147] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_148] +file = "HOME/" +line = 0 +begin = -1 +end = -1 + +[JC_149] +file = "HOME/lib/java_api/java/lang/Object.java" +line = 481 +begin = 19 +end = 27 + +========== file tests/java/why/TreeMax.why ========== +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic Exception_tag: -> Object tag_id + +logic Object_tag: -> Object tag_id + +axiom Exception_parenttag_Object : parenttag(Exception_tag, Object_tag) + +logic Int_tag: -> Object tag_id + +axiom Int_parenttag_Object : parenttag(Int_tag, Object_tag) + +predicate Non_null_Object(x_0:Object pointer, + Object_alloc_table:Object alloc_table) = + ge_int(offset_max(Object_alloc_table, x_0), (0)) + +axiom Object_int : (int_of_tag(Object_tag) = (1)) + +logic Object_of_pointer_address: unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr : + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom : parenttag(Object_tag, bottom_tag) + +axiom Object_tags : + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. + instanceof(Object_tag_table, x, Object_tag))) + +logic String_tag: -> Object tag_id + +axiom String_parenttag_Object : parenttag(String_tag, Object_tag) + +logic Throwable_tag: -> Object tag_id + +axiom Throwable_parenttag_Object : parenttag(Throwable_tag, Object_tag) + +logic Tree_tag: -> Object tag_id + +axiom Tree_parenttag_Object : parenttag(Tree_tag, Object_tag) + +logic integer_of_byte: byte -> int + +logic byte_of_integer: int -> byte + +axiom byte_coerce : + (forall x:int. + ((le_int((-128), x) and le_int(x, (127))) -> + eq_int(integer_of_byte(byte_of_integer(x)), x))) + +axiom byte_extensionality : + (forall x:byte. + (forall y:byte. + (eq_int(integer_of_byte(x), integer_of_byte(y)) -> (x = y)))) + +axiom byte_range : + (forall x:byte. + (le_int((-128), integer_of_byte(x)) and le_int(integer_of_byte(x), (127)))) + +logic integer_of_char: char -> int + +logic char_of_integer: int -> char + +axiom char_coerce : + (forall x:int. + ((le_int((0), x) and le_int(x, (65535))) -> + eq_int(integer_of_char(char_of_integer(x)), x))) + +axiom char_extensionality : + (forall x:char. + (forall y:char. + (eq_int(integer_of_char(x), integer_of_char(y)) -> (x = y)))) + +axiom char_range : + (forall x:char. + (le_int((0), integer_of_char(x)) and le_int(integer_of_char(x), (65535)))) + +predicate eq_byte(x:byte, y:byte) = + eq_int(integer_of_byte(x), integer_of_byte(y)) + +predicate eq_char(x:char, y:char) = + eq_int(integer_of_char(x), integer_of_char(y)) + +logic integer_of_int32: int32 -> int + +predicate eq_int32(x:int32, y:int32) = + eq_int(integer_of_int32(x), integer_of_int32(y)) + +logic integer_of_long: long -> int + +predicate eq_long(x:long, y:long) = + eq_int(integer_of_long(x), integer_of_long(y)) + +logic integer_of_short: short -> int + +predicate eq_short(x:short, y:short) = + eq_int(integer_of_short(x), integer_of_short(y)) + +logic int32_of_integer: int -> int32 + +axiom int32_coerce : + (forall x:int. + ((le_int((-2147483648), x) and le_int(x, (2147483647))) -> + eq_int(integer_of_int32(int32_of_integer(x)), x))) + +axiom int32_extensionality : + (forall x:int32. + (forall y:int32. + (eq_int(integer_of_int32(x), integer_of_int32(y)) -> (x = y)))) + +axiom int32_range : + (forall x:int32. + (le_int((-2147483648), integer_of_int32(x)) + and le_int(integer_of_int32(x), (2147483647)))) + +logic interface_tag: -> interface tag_id + +axiom interface_int : (int_of_tag(interface_tag) = (1)) + +logic interface_of_pointer_address: unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr : + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom : parenttag(interface_tag, bottom_tag) + +axiom interface_tags : + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + (offset_min(Object_alloc_table, p) <= a) + +predicate left_valid_struct_Exception(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_Int(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_String(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_Throwable(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_Tree(p:Object pointer, a:int, + Object_alloc_table:Object alloc_table) = + left_valid_struct_Object(p, a, Object_alloc_table) + +predicate left_valid_struct_interface(p:interface pointer, a:int, + interface_alloc_table:interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +logic long_of_integer: int -> long + +axiom long_coerce : + (forall x:int. + ((le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807))) -> + eq_int(integer_of_long(long_of_integer(x)), x))) + +axiom long_extensionality : + (forall x:long. + (forall y:long. + (eq_int(integer_of_long(x), integer_of_long(y)) -> (x = y)))) + +axiom long_range : + (forall x:long. + (le_int((-9223372036854775808), integer_of_long(x)) + and le_int(integer_of_long(x), (9223372036854775807)))) + +logic max: int, int -> int + +logic mem: int32, Object pointer, Object alloc_table, + (Object, Object pointer) memory, (Object, Object pointer) memory, + (Object, int32) memory -> prop + +axiom pointer_addr_of_Object_of_pointer_address : + (forall p:unit pointer. (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address : + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + (offset_max(Object_alloc_table, p) >= b) + +predicate right_valid_struct_Exception(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_Int(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_String(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_Throwable(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_Tree(p:Object pointer, b:int, + Object_alloc_table:Object alloc_table) = + right_valid_struct_Object(p, b, Object_alloc_table) + +predicate right_valid_struct_interface(p:interface pointer, b:int, + interface_alloc_table:interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer: int -> short + +axiom short_coerce : + (forall x:int. + ((le_int((-32768), x) and le_int(x, (32767))) -> + eq_int(integer_of_short(short_of_integer(x)), x))) + +axiom short_extensionality : + (forall x:short. + (forall y:short. + (eq_int(integer_of_short(x), integer_of_short(y)) -> (x = y)))) + +axiom short_range : + (forall x:short. + (le_int((-32768), integer_of_short(x)) + and le_int(integer_of_short(x), (32767)))) + +predicate strict_valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) + and (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Int(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_Tree(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + strict_valid_struct_Object(p, a, b, Object_alloc_table) + +predicate strict_valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) + and (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) + and (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Int(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_String(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Throwable(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_Tree(p:Object pointer, a:int, b:int, + Object_alloc_table:Object alloc_table) = + valid_struct_Object(p, a, b, Object_alloc_table) + +predicate valid_struct_interface(p:interface pointer, a:int, b:int, + interface_alloc_table:interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) + and (offset_max(interface_alloc_table, p) >= b)) + +axiom max_is_some : + (forall x_1_0:int. + (forall y_1:int. ((max(x_1_0, y_1) = x_1_0) or (max(x_1_0, y_1) = y_1)))) + +axiom max_is_ge : + (forall x_0_0:int. + (forall y_0:int. + (ge_int(max(x_0_0, y_0), x_0_0) and ge_int(max(x_0_0, y_0), y_0)))) + +axiom mem_inversion : + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_8:int32. + (forall t_4:Object pointer. + (mem(x_8, t_4, Object_alloc_table_at_L, Tree_right_at_L, + Tree_left_at_L, Tree_value_at_L) -> + (Non_null_Object(t_4, Object_alloc_table_at_L) + and ((integer_of_int32(x_8) = integer_of_int32(select(Tree_value_at_L, + t_4))) + or (mem(x_8, select(Tree_left_at_L, t_4), + Object_alloc_table_at_L, Tree_right_at_L, Tree_left_at_L, + Tree_value_at_L) + or mem(x_8, select(Tree_right_at_L, t_4), + Object_alloc_table_at_L, Tree_right_at_L, Tree_left_at_L, + Tree_value_at_L))))))))))) + +axiom mem_right : + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_7:int32. + (forall t_3:Object pointer. + (Non_null_Object(t_3, Object_alloc_table_at_L) -> + (mem(x_7, select(Tree_right_at_L, t_3), Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L) -> + mem(x_7, t_3, Object_alloc_table_at_L, Tree_right_at_L, + Tree_left_at_L, Tree_value_at_L))))))))) + +axiom mem_left : + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_6:int32. + (forall t_2:Object pointer. + (Non_null_Object(t_2, Object_alloc_table_at_L) -> + (mem(x_6, select(Tree_left_at_L, t_2), Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L) -> + mem(x_6, t_2, Object_alloc_table_at_L, Tree_right_at_L, + Tree_left_at_L, Tree_value_at_L))))))))) + +axiom mem_root_eq : + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_5:int32. + (forall t_1:Object pointer. + (Non_null_Object(t_1, Object_alloc_table_at_L) -> + ((integer_of_int32(x_5) = integer_of_int32(select(Tree_value_at_L, + t_1))) -> + mem(x_5, t_1, Object_alloc_table_at_L, Tree_right_at_L, + Tree_left_at_L, Tree_value_at_L))))))))) + +axiom mem_root : + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall t_0:Object pointer. + (Non_null_Object(t_0, Object_alloc_table_at_L) -> + mem(select(Tree_value_at_L, t_0), t_0, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))) + +axiom mem_null : + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_4:int32. + (not mem(x_4, null, Object_alloc_table_at_L, Tree_right_at_L, + Tree_left_at_L, Tree_value_at_L))))))) + +exception Exception_exc of Object pointer + +parameter Int_max : + x_2_0:int32 -> + y_2:int32 -> + { } int32 + { (JC_24: + (integer_of_int32(result) = max(integer_of_int32(x_2_0), + integer_of_int32(y_2)))) } + +parameter Int_max_requires : + x_2_0:int32 -> + y_2:int32 -> + { } int32 + { (JC_24: + (integer_of_int32(result) = max(integer_of_int32(x_2_0), + integer_of_int32(y_2)))) } + +exception Loop_continue_exc of unit + +exception Loop_exit_exc of unit + +parameter Object_alloc_table : Object alloc_table ref + +parameter Object_clone : + this_7:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_clone_requires : + this_7:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_equals : + this_6:Object pointer -> + obj:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter Object_equals_requires : + this_6:Object pointer -> + obj:Object pointer -> { } bool reads Object_alloc_table { true } + +parameter Object_finalize : + this_14:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_finalize_requires : + this_14:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_hashCode : + this_5:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter Object_hashCode_requires : + this_5:Object pointer -> { } int32 reads Object_alloc_table { true } + +parameter Object_notify : + this_9:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notifyAll : + this_10:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notifyAll_requires : + this_10:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_notify_requires : + this_9:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_registerNatives : tt:unit -> { } unit { true } + +parameter Object_registerNatives_requires : tt:unit -> { } unit { true } + +parameter Object_tag_table : Object tag_table ref + +parameter Object_toString : + this_8:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_toString_requires : + this_8:Object pointer -> + { } Object pointer reads Object_alloc_table { true } + +parameter Object_wait : + this_13:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long : + this_11:Object pointer -> + timeout:long -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_int : + this_12:Object pointer -> + timeout_0:long -> nanos:int32 -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_int_requires : + this_12:Object pointer -> + timeout_0:long -> nanos:int32 -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_long_requires : + this_11:Object pointer -> + timeout:long -> { } unit reads Object_alloc_table { true } + +parameter Object_wait_requires : + this_13:Object pointer -> { } unit reads Object_alloc_table { true } + +exception Return_label_exc of unit + +exception Throwable_exc of Object pointer + +parameter Tree_left : (Object, Object pointer) memory ref + +parameter Tree_right : (Object, Object pointer) memory ref + +parameter Tree_value : (Object, int32) memory ref + +parameter Tree_tree_max : + this_2:Object pointer -> + { } int32 reads Object_alloc_table,Tree_left,Tree_right,Tree_value + { (JC_44: + ((JC_42: + mem(result, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) + and (JC_43: + (forall x_9:int32. + (mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> + ge_int(integer_of_int32(result), integer_of_int32(x_9))))))) } + +parameter Tree_tree_max_requires : + this_2:Object pointer -> + { } int32 reads Object_alloc_table,Tree_left,Tree_right,Tree_value + { (JC_44: + ((JC_42: + mem(result, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) + and (JC_43: + (forall x_9:int32. + (mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> + ge_int(integer_of_int32(result), integer_of_int32(x_9))))))) } + +parameter alloc_struct_Exception : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Exception_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Exception(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Exception_tag)))) } + +parameter alloc_struct_Int : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Int(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Int_tag)))) } + +parameter alloc_struct_Int_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Int(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Int_tag)))) } + +parameter alloc_struct_Object : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_Object_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Object(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Object_tag)))) } + +parameter alloc_struct_String : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_String_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_String(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, String_tag)))) } + +parameter alloc_struct_Throwable : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_Throwable_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Throwable(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Throwable_tag)))) } + +parameter alloc_struct_Tree : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { } Object pointer writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Tree(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Tree_tag)))) } + +parameter alloc_struct_Tree_requires : + n:int -> + Object_alloc_table:Object alloc_table ref -> + Object_tag_table:Object tag_table ref -> + { ge_int(n, (0))} Object pointer + writes Object_alloc_table,Object_tag_table + { (strict_valid_struct_Tree(result, (0), sub_int(n, (1)), + Object_alloc_table) + and (alloc_extends(Object_alloc_table@, Object_alloc_table) + and (alloc_fresh(Object_alloc_table@, result, n) + and instanceof(Object_tag_table, result, Tree_tag)))) } + +parameter interface_alloc_table : interface alloc_table ref + +parameter interface_tag_table : interface tag_table ref + +parameter alloc_struct_interface : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { } interface pointer writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter alloc_struct_interface_requires : + n:int -> + interface_alloc_table:interface alloc_table ref -> + interface_tag_table:interface tag_table ref -> + { ge_int(n, (0))} interface pointer + writes interface_alloc_table,interface_tag_table + { (strict_valid_struct_interface(result, (0), sub_int(n, (1)), + interface_alloc_table) + and (alloc_extends(interface_alloc_table@, interface_alloc_table) + and (alloc_fresh(interface_alloc_table@, result, n) + and instanceof(interface_tag_table, result, interface_tag)))) } + +parameter any_byte : unit -> { } byte { true } + +parameter any_char : unit -> { } char { true } + +parameter any_int32 : unit -> { } int32 { true } + +parameter any_long : unit -> { } long { true } + +parameter any_short : unit -> { } short { true } + +parameter any_string_0 : tt:unit -> { } Object pointer { true } + +parameter any_string_0_requires : tt:unit -> { } Object pointer { true } + +parameter byte_of_integer_ : + x:int -> + { (le_int((-128), x) and le_int(x, (127)))} byte + { eq_int(integer_of_byte(result), x) } + +parameter char_of_integer_ : + x:int -> + { (le_int((0), x) and le_int(x, (65535)))} char + { eq_int(integer_of_char(result), x) } + +parameter cons_Int : + this_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Int_requires : + this_0:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Object : + this_15:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Object_requires : + this_15:Object pointer -> { } unit reads Object_alloc_table { true } + +parameter cons_Tree : + this_4:Object pointer -> + { } unit reads Object_alloc_table writes Tree_left,Tree_right,Tree_value + { true } + +parameter cons_Tree_requires : + this_4:Object pointer -> + { } unit reads Object_alloc_table writes Tree_left,Tree_right,Tree_value + { true } + +parameter int32_of_integer_ : + x:int -> + { (le_int((-2147483648), x) and le_int(x, (2147483647)))} int32 + { eq_int(integer_of_int32(result), x) } + +parameter long_of_integer_ : + x:int -> + { (le_int((-9223372036854775808), x) and le_int(x, (9223372036854775807)))} + long { eq_int(integer_of_long(result), x) } + +parameter non_null_Object : + x_1:Object pointer -> + { } bool reads Object_alloc_table + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) + else (x_1 = null))) } + +parameter non_null_Object_requires : + x_1:Object pointer -> + { } bool reads Object_alloc_table + { (JC_18: + (if result then (offset_max(Object_alloc_table, x_1) = (0)) + else (x_1 = null))) } + +parameter safe_byte_of_integer_ : + x:int -> { } byte { eq_int(integer_of_byte(result), x) } + +parameter safe_char_of_integer_ : + x:int -> { } char { eq_int(integer_of_char(result), x) } + +parameter safe_int32_of_integer_ : + x:int -> { } int32 { eq_int(integer_of_int32(result), x) } + +parameter safe_long_of_integer_ : + x:int -> { } long { eq_int(integer_of_long(result), x) } + +parameter safe_short_of_integer_ : + x:int -> { } short { eq_int(integer_of_short(result), x) } + +parameter short_of_integer_ : + x:int -> + { (le_int((-32768), x) and le_int(x, (32767)))} short + { eq_int(integer_of_short(result), x) } + +let Tree_tree_max_ensures_default = + fun (this_2 : Object pointer) -> + { valid_struct_Tree(this_2, (0), (0), Object_alloc_table) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let m = ref (K_13: ((safe_acc_ !Tree_value) this_2)) in + begin + (if (let jessie_ = (K_8: ((safe_acc_ !Tree_left) this_2)) in + (JC_55: (non_null_Object jessie_))) + then + (let jessie_ = + (m := (K_7: + (let jessie_ = !m in + (let jessie_ = + (K_6: + (let jessie_ = (K_5: ((safe_acc_ !Tree_left) this_2)) in + (JC_56: (Tree_tree_max jessie_)))) in + (JC_57: ((Int_max jessie_) jessie_)))))) in void) + else void); + (if (let jessie_ = (K_12: ((safe_acc_ !Tree_right) this_2)) in + (JC_58: (non_null_Object jessie_))) + then + (let jessie_ = + (m := (K_11: + (let jessie_ = !m in + (let jessie_ = + (K_10: + (let jessie_ = (K_9: ((safe_acc_ !Tree_right) this_2)) in + (JC_59: (Tree_tree_max jessie_)))) in + (JC_60: ((Int_max jessie_) jessie_)))))) in void) else void); + (return := !m); (raise Return) end); absurd end with Return -> + !return end)) + { (JC_41: + ((JC_39: + mem(result, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) + and (JC_40: + (forall x_9:int32. + (mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> + ge_int(integer_of_int32(result), integer_of_int32(x_9))))))) } + +let Tree_tree_max_safety = + fun (this_2 : Object pointer) -> + { valid_struct_Tree(this_2, (0), (0), Object_alloc_table) } + (init: + (let return = ref (any_int32 void) in + try + begin + (let m = ref (K_13: ((safe_acc_ !Tree_value) this_2)) in + begin + (if (let jessie_ = (K_8: ((safe_acc_ !Tree_left) this_2)) in + (JC_47: (non_null_Object_requires jessie_))) + then + (let jessie_ = + (m := (K_7: + (let jessie_ = !m in + (let jessie_ = + (K_6: + (let jessie_ = (K_5: ((safe_acc_ !Tree_left) this_2)) in + (JC_49: + (assert + { ge_int(offset_max(Object_alloc_table, jessie_), (0)) }; + (JC_48: (Tree_tree_max_requires jessie_)))))) in + (JC_50: ((Int_max_requires jessie_) jessie_)))))) in void) + else void); + (if (let jessie_ = (K_12: ((safe_acc_ !Tree_right) this_2)) in + (JC_51: (non_null_Object_requires jessie_))) + then + (let jessie_ = + (m := (K_11: + (let jessie_ = !m in + (let jessie_ = + (K_10: + (let jessie_ = (K_9: ((safe_acc_ !Tree_right) this_2)) in + (JC_53: + (assert + { ge_int(offset_max(Object_alloc_table, jessie_), (0)) }; + (JC_52: (Tree_tree_max_requires jessie_)))))) in + (JC_54: ((Int_max_requires jessie_) jessie_)))))) in void) + else void); (return := !m); (raise Return) end); absurd end with + Return -> !return end)) { true } + +let cons_Int_ensures_default = + fun (this_0 : Object pointer) -> + { valid_struct_Int(this_0, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_31: true) } + +let cons_Int_safety = + fun (this_0 : Object pointer) -> + { valid_struct_Int(this_0, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + +let cons_Object_ensures_default = + fun (this_15 : Object pointer) -> + { valid_struct_Object(this_15, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { (JC_161: true) } + +let cons_Object_safety = + fun (this_15 : Object pointer) -> + { valid_struct_Object(this_15, (0), (0), Object_alloc_table) } + (init: try begin void; (raise Return) end with Return -> void end) + { true } + +let cons_Tree_ensures_default = + fun (this_4 : Object pointer) -> + { valid_struct_Tree(this_4, (0), (0), Object_alloc_table) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_4 in + (((safe_upd_ Tree_value) jessie_) jessie_))); + (let jessie_ = null in + (let jessie_ = this_4 in + (((safe_upd_ Tree_left) jessie_) jessie_))); + (let jessie_ = null in + begin + (let jessie_ = this_4 in + (((safe_upd_ Tree_right) jessie_) jessie_)); jessie_ end) end in + void); (raise Return) end with Return -> void end) { (JC_65: true) } + +let cons_Tree_safety = + fun (this_4 : Object pointer) -> + { valid_struct_Tree(this_4, (0), (0), Object_alloc_table) } + (init: + try + begin + (let jessie_ = + begin + (let jessie_ = (safe_int32_of_integer_ (0)) in + (let jessie_ = this_4 in + (((safe_upd_ Tree_value) jessie_) jessie_))); + (let jessie_ = null in + (let jessie_ = this_4 in + (((safe_upd_ Tree_left) jessie_) jessie_))); + (let jessie_ = null in + begin + (let jessie_ = this_4 in + (((safe_upd_ Tree_right) jessie_) jessie_)); jessie_ end) end in + void); (raise Return) end with Return -> void end) { true } + + +========== make project execution ========== +why --project [...] why/TreeMax.why +========== file tests/java/why/TreeMax.wpr ========== + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +========== file tests/java/why/TreeMax_ctx.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic Exception_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +logic Int_tag : Object tag_id + +axiom Int_parenttag_Object: parenttag(Int_tag, Object_tag) + +predicate Non_null_Object(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= 0) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic Tree_tag : Object tag_id + +axiom Tree_parenttag_Object: parenttag(Tree_tag, Object_tag) + +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Int(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Tree(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +logic long_of_integer : int -> long + +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) + +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) + +logic max : int, int -> int + +logic mem : int32, Object pointer, Object alloc_table, (Object, +Object pointer) memory, (Object, Object pointer) memory, (Object, +int32) memory -> prop + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Int(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Tree(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Int(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Tree(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Int(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Tree(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +axiom max_is_some: + (forall x_1_0:int. + (forall y_1:int. ((max(x_1_0, y_1) = x_1_0) or (max(x_1_0, y_1) = y_1)))) + +axiom max_is_ge: + (forall x_0_0:int. + (forall y_0:int. + ((max(x_0_0, y_0) >= x_0_0) and (max(x_0_0, y_0) >= y_0)))) + +axiom mem_inversion: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_8:int32. + (forall t_4:Object pointer. + (mem(x_8, t_4, Object_alloc_table_at_L, Tree_right_at_L, + Tree_left_at_L, Tree_value_at_L) -> + (Non_null_Object(t_4, Object_alloc_table_at_L) and + ((integer_of_int32(x_8) = integer_of_int32(select(Tree_value_at_L, + t_4))) or + (mem(x_8, select(Tree_left_at_L, t_4), + Object_alloc_table_at_L, Tree_right_at_L, Tree_left_at_L, + Tree_value_at_L) or mem(x_8, select(Tree_right_at_L, t_4), + Object_alloc_table_at_L, Tree_right_at_L, Tree_left_at_L, + Tree_value_at_L))))))))))) + +axiom mem_right: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_7:int32. + (forall t_3:Object pointer. + (Non_null_Object(t_3, Object_alloc_table_at_L) -> + (mem(x_7, select(Tree_right_at_L, t_3), + Object_alloc_table_at_L, Tree_right_at_L, Tree_left_at_L, + Tree_value_at_L) -> mem(x_7, t_3, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))))) + +axiom mem_left: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_6:int32. + (forall t_2:Object pointer. + (Non_null_Object(t_2, Object_alloc_table_at_L) -> + (mem(x_6, select(Tree_left_at_L, t_2), + Object_alloc_table_at_L, Tree_right_at_L, Tree_left_at_L, + Tree_value_at_L) -> mem(x_6, t_2, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))))) + +axiom mem_root_eq: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_5:int32. + (forall t_1:Object pointer. + (Non_null_Object(t_1, Object_alloc_table_at_L) -> + ((integer_of_int32(x_5) = integer_of_int32(select(Tree_value_at_L, + t_1))) -> mem(x_5, t_1, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))))) + +axiom mem_root: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall t_0:Object pointer. + (Non_null_Object(t_0, Object_alloc_table_at_L) -> + mem(select(Tree_value_at_L, t_0), t_0, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))) + +axiom mem_null: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_4:int32. (not mem(x_4, null, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))) + +========== file tests/java/why/TreeMax_po1.why ========== +goal Tree_tree_max_ensures_default_po_1: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + forall result2:int32. + ("JC_44": + (("JC_42": mem(result2, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result2) >= integer_of_int32(x_9))))))) -> + forall result3:int32. + ("JC_24": (integer_of_int32(result3) = max(integer_of_int32(result), + integer_of_int32(result2)))) -> + forall m:int32. + (m = result3) -> + forall result4:Object pointer. + (result4 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result4) = 0)) -> + forall result5:Object pointer. + (result5 = select(Tree_right, this_2)) -> + forall result6:int32. + ("JC_44": + (("JC_42": mem(result6, result5, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result5, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result6) >= integer_of_int32(x_9))))))) -> + forall result7:int32. + ("JC_24": (integer_of_int32(result7) = max(integer_of_int32(m), + integer_of_int32(result6)))) -> + forall m0:int32. + (m0 = result7) -> + forall return:int32. + (return = m0) -> + ("JC_41": + ("JC_39": mem(return, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value))) + +========== file tests/java/why/TreeMax_po10.why ========== +goal Tree_tree_max_safety_po_2: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + (offset_max(Object_alloc_table, result1) >= 0) -> + forall result2:int32. + ("JC_44": + (("JC_42": mem(result2, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result2) >= integer_of_int32(x_9))))))) -> + forall result3:int32. + ("JC_24": (integer_of_int32(result3) = max(integer_of_int32(result), + integer_of_int32(result2)))) -> + forall m:int32. + (m = result3) -> + forall result4:Object pointer. + (result4 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result4) = 0)) -> + forall result5:Object pointer. + (result5 = select(Tree_right, this_2)) -> + (offset_max(Object_alloc_table, result5) >= 0) + +========== file tests/java/why/TreeMax_po11.why ========== +goal Tree_tree_max_safety_po_3: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (result0 = null)) -> + forall result1:Object pointer. + (result1 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result1) = 0)) -> + forall result2:Object pointer. + (result2 = select(Tree_right, this_2)) -> + (offset_max(Object_alloc_table, result2) >= 0) + +========== file tests/java/why/TreeMax_po2.why ========== +goal Tree_tree_max_ensures_default_po_2: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + forall result2:int32. + ("JC_44": + (("JC_42": mem(result2, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result2) >= integer_of_int32(x_9))))))) -> + forall result3:int32. + ("JC_24": (integer_of_int32(result3) = max(integer_of_int32(result), + integer_of_int32(result2)))) -> + forall m:int32. + (m = result3) -> + forall result4:Object pointer. + (result4 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result4) = 0)) -> + forall result5:Object pointer. + (result5 = select(Tree_right, this_2)) -> + forall result6:int32. + ("JC_44": + (("JC_42": mem(result6, result5, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result5, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result6) >= integer_of_int32(x_9))))))) -> + forall result7:int32. + ("JC_24": (integer_of_int32(result7) = max(integer_of_int32(m), + integer_of_int32(result6)))) -> + forall m0:int32. + (m0 = result7) -> + forall return:int32. + (return = m0) -> + forall x_9:int32. + mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, Tree_value) -> + ("JC_41": ("JC_40": (integer_of_int32(return) >= integer_of_int32(x_9)))) + +========== file tests/java/why/TreeMax_po3.why ========== +goal Tree_tree_max_ensures_default_po_3: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + forall result2:int32. + ("JC_44": + (("JC_42": mem(result2, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result2) >= integer_of_int32(x_9))))))) -> + forall result3:int32. + ("JC_24": (integer_of_int32(result3) = max(integer_of_int32(result), + integer_of_int32(result2)))) -> + forall m:int32. + (m = result3) -> + forall result4:Object pointer. + (result4 = select(Tree_right, this_2)) -> + ("JC_18": (result4 = null)) -> + forall return:int32. + (return = m) -> + ("JC_41": + ("JC_39": mem(return, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value))) + +========== file tests/java/why/TreeMax_po4.why ========== +goal Tree_tree_max_ensures_default_po_4: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + forall result2:int32. + ("JC_44": + (("JC_42": mem(result2, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result2) >= integer_of_int32(x_9))))))) -> + forall result3:int32. + ("JC_24": (integer_of_int32(result3) = max(integer_of_int32(result), + integer_of_int32(result2)))) -> + forall m:int32. + (m = result3) -> + forall result4:Object pointer. + (result4 = select(Tree_right, this_2)) -> + ("JC_18": (result4 = null)) -> + forall return:int32. + (return = m) -> + forall x_9:int32. + mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, Tree_value) -> + ("JC_41": ("JC_40": (integer_of_int32(return) >= integer_of_int32(x_9)))) + +========== file tests/java/why/TreeMax_po5.why ========== +goal Tree_tree_max_ensures_default_po_5: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (result0 = null)) -> + forall result1:Object pointer. + (result1 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result1) = 0)) -> + forall result2:Object pointer. + (result2 = select(Tree_right, this_2)) -> + forall result3:int32. + ("JC_44": + (("JC_42": mem(result3, result2, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result2, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result3) >= integer_of_int32(x_9))))))) -> + forall result4:int32. + ("JC_24": (integer_of_int32(result4) = max(integer_of_int32(result), + integer_of_int32(result3)))) -> + forall m:int32. + (m = result4) -> + forall return:int32. + (return = m) -> + ("JC_41": + ("JC_39": mem(return, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value))) + +========== file tests/java/why/TreeMax_po6.why ========== +goal Tree_tree_max_ensures_default_po_6: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (result0 = null)) -> + forall result1:Object pointer. + (result1 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result1) = 0)) -> + forall result2:Object pointer. + (result2 = select(Tree_right, this_2)) -> + forall result3:int32. + ("JC_44": + (("JC_42": mem(result3, result2, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result2, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result3) >= integer_of_int32(x_9))))))) -> + forall result4:int32. + ("JC_24": (integer_of_int32(result4) = max(integer_of_int32(result), + integer_of_int32(result3)))) -> + forall m:int32. + (m = result4) -> + forall return:int32. + (return = m) -> + forall x_9:int32. + mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, Tree_value) -> + ("JC_41": ("JC_40": (integer_of_int32(return) >= integer_of_int32(x_9)))) + +========== file tests/java/why/TreeMax_po7.why ========== +goal Tree_tree_max_ensures_default_po_7: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (result0 = null)) -> + forall result1:Object pointer. + (result1 = select(Tree_right, this_2)) -> + ("JC_18": (result1 = null)) -> + forall return:int32. + (return = result) -> + ("JC_41": + ("JC_39": mem(return, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value))) + +========== file tests/java/why/TreeMax_po8.why ========== +goal Tree_tree_max_ensures_default_po_8: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (result0 = null)) -> + forall result1:Object pointer. + (result1 = select(Tree_right, this_2)) -> + ("JC_18": (result1 = null)) -> + forall return:int32. + (return = result) -> + forall x_9:int32. + mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, Tree_value) -> + ("JC_41": ("JC_40": (integer_of_int32(return) >= integer_of_int32(x_9)))) + +========== file tests/java/why/TreeMax_po9.why ========== +goal Tree_tree_max_safety_po_1: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + (offset_max(Object_alloc_table, result1) >= 0) + +========== generation of Simplify VC output ========== +why -simplify [...] why/TreeMax.why +========== file tests/java/simplify/TreeMax_why.sx ========== + +;; DO NOT EDIT BELOW THIS LINE + +(BG_PUSH (NEQ |@true| |@false|)) + +(DEFPRED (zwf_zero a b) (AND (<= 0 b) (< a b))) + +(BG_PUSH + ;; Why axiom bool_and_def + (FORALL (a b) + (IFF (EQ (bool_and a b) |@true|) (AND (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_or_def + (FORALL (a b) + (IFF (EQ (bool_or a b) |@true|) (OR (EQ a |@true|) (EQ b |@true|))))) + +(BG_PUSH + ;; Why axiom bool_xor_def + (FORALL (a b) (IFF (EQ (bool_xor a b) |@true|) (NEQ a b)))) + +(BG_PUSH + ;; Why axiom bool_not_def + (FORALL (a) (IFF (EQ (bool_not a) |@true|) (EQ a |@false|)))) + +(BG_PUSH + ;; Why axiom ite_true + (FORALL (x y) (EQ (ite |@true| x y) x))) + +(BG_PUSH + ;; Why axiom ite_false + (FORALL (x y) (EQ (ite |@false| x y) y))) + +(BG_PUSH + ;; Why axiom lt_int_bool_axiom + (FORALL (x y) (IFF (EQ (lt_int_bool x y) |@true|) (< x y)))) + +(BG_PUSH + ;; Why axiom le_int_bool_axiom + (FORALL (x y) (IFF (EQ (le_int_bool x y) |@true|) (<= x y)))) + +(BG_PUSH + ;; Why axiom gt_int_bool_axiom + (FORALL (x y) (IFF (EQ (gt_int_bool x y) |@true|) (> x y)))) + +(BG_PUSH + ;; Why axiom ge_int_bool_axiom + (FORALL (x y) (IFF (EQ (ge_int_bool x y) |@true|) (>= x y)))) + +(BG_PUSH + ;; Why axiom eq_int_bool_axiom + (FORALL (x y) (IFF (EQ (eq_int_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_int_bool_axiom + (FORALL (x y) (IFF (EQ (neq_int_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom abs_int_pos + (FORALL (x) (IMPLIES (>= x 0) (EQ (abs_int x) x)))) + +(BG_PUSH + ;; Why axiom abs_int_neg + (FORALL (x) (IMPLIES (<= x 0) (EQ (abs_int x) (- 0 x))))) + +(BG_PUSH + ;; Why axiom int_max_is_ge + (FORALL (x y) (AND (>= (int_max x y) x) (>= (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_max_is_some + (FORALL (x y) (OR (EQ (int_max x y) x) (EQ (int_max x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_le + (FORALL (x y) (AND (<= (int_min x y) x) (<= (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom int_min_is_some + (FORALL (x y) (OR (EQ (int_min x y) x) (EQ (int_min x y) y)))) + +(BG_PUSH + ;; Why axiom real_of_int_zero + (EQ (real_of_int 0) real_constant_0_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_one + (EQ (real_of_int 1) real_constant_1_0e)) + +(BG_PUSH + ;; Why axiom real_of_int_add + (FORALL (x y) + (EQ (real_of_int (+ x y)) (real_add (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom real_of_int_sub + (FORALL (x y) + (EQ (real_of_int (- x y)) (real_sub (real_of_int x) (real_of_int y))))) + +(BG_PUSH + ;; Why axiom truncate_down_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (AND (EQ (le_real (real_of_int (truncate_real_to_int x)) x) |@true|) + (EQ (lt_real x (real_of_int (+ (truncate_real_to_int x) 1))) |@true|))))) + +(BG_PUSH + ;; Why axiom truncate_up_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (AND (EQ (lt_real (real_of_int (- (truncate_real_to_int x) 1)) x) |@true|) + (EQ (le_real x (real_of_int (truncate_real_to_int x))) |@true|))))) + +(BG_PUSH + ;; Why axiom lt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (lt_real_bool x y) |@true|) (EQ (lt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom le_real_bool_axiom + (FORALL (x y) + (IFF (EQ (le_real_bool x y) |@true|) (EQ (le_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom gt_real_bool_axiom + (FORALL (x y) + (IFF (EQ (gt_real_bool x y) |@true|) (EQ (gt_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom ge_real_bool_axiom + (FORALL (x y) + (IFF (EQ (ge_real_bool x y) |@true|) (EQ (ge_real x y) |@true|)))) + +(BG_PUSH + ;; Why axiom eq_real_bool_axiom + (FORALL (x y) (IFF (EQ (eq_real_bool x y) |@true|) (EQ x y)))) + +(BG_PUSH + ;; Why axiom neq_real_bool_axiom + (FORALL (x y) (IFF (EQ (neq_real_bool x y) |@true|) (NEQ x y)))) + +(BG_PUSH + ;; Why axiom real_max_is_ge + (FORALL (x y) + (AND (EQ (ge_real (real_max x y) x) |@true|) + (EQ (ge_real (real_max x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_max_is_some + (FORALL (x y) (OR (EQ (real_max x y) x) (EQ (real_max x y) y)))) + +(BG_PUSH + ;; Why axiom real_min_is_le + (FORALL (x y) + (AND (EQ (le_real (real_min x y) x) |@true|) + (EQ (le_real (real_min x y) y) |@true|)))) + +(BG_PUSH + ;; Why axiom real_min_is_some + (FORALL (x y) (OR (EQ (real_min x y) x) (EQ (real_min x y) y)))) + +(BG_PUSH + ;; Why axiom sqr_real_def + (FORALL (x) (EQ (sqr_real x) (real_mul x x)))) + +(BG_PUSH + ;; Why axiom sqrt_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (ge_real (real_sqrt x) real_constant_0_0e) |@true|)))) + +(BG_PUSH + ;; Why axiom sqrt_sqr + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (sqr_real (real_sqrt x)) x)))) + +(BG_PUSH + ;; Why axiom sqr_sqrt + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) + (EQ (real_sqrt (real_mul x x)) x)))) + +(BG_PUSH + ;; Why axiom abs_real_pos + (FORALL (x) + (IMPLIES (EQ (ge_real x real_constant_0_0e) |@true|) (EQ (real_abs x) x)))) + +(BG_PUSH + ;; Why axiom abs_real_neg + (FORALL (x) + (IMPLIES (EQ (le_real x real_constant_0_0e) |@true|) + (EQ (real_abs x) (real_neg x))))) + +(BG_PUSH + ;; Why axiom log_exp + (FORALL (x) (EQ (log (exp x)) x))) + +(BG_PUSH + ;; Why axiom exp_log + (FORALL (x) + (IMPLIES (EQ (gt_real x real_constant_0_0e) |@true|) (EQ (exp (log x)) x)))) + +(BG_PUSH + ;; Why axiom prod_pos + (FORALL (x y) + (AND + (IMPLIES + (AND (EQ (gt_real x real_constant_0_0e) |@true|) + (EQ (gt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|)) + (IMPLIES + (AND (EQ (lt_real x real_constant_0_0e) |@true|) + (EQ (lt_real y real_constant_0_0e) |@true|)) + (EQ (gt_real (real_mul x y) real_constant_0_0e) |@true|))))) + +(BG_PUSH + ;; Why axiom abs_minus + (FORALL (x) (EQ (real_abs (real_neg x)) (real_abs x)))) + +(BG_PUSH + ;; Why axiom math_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (math_div x y)) (math_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (math_div x y)) (math_mod x y))))))) + +(BG_PUSH + ;; Why axiom math_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) + (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (AND (<= 0 (math_mod x y)) (< (math_mod x y) (abs_int y))))))) + +(BG_PUSH + ;; Why axiom computer_div_mod + (FORALL (x y) + (IMPLIES (NEQ y 0) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (EQ x (+ (* y (computer_div x y)) (computer_mod x y))))))) + +(BG_PUSH + ;; Why axiom computer_div_bound + (FORALL (x y) + (IMPLIES (AND (>= x 0) (> y 0)) + (AND (<= 0 (computer_div x y)) (<= (computer_div x y) x))))) + +(BG_PUSH + ;; Why axiom computer_mod_bound + (FORALL (x y) + (IMPLIES (NEQ y 0) (< (abs_int (computer_mod x y)) (abs_int y)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (< (abs_int (computer_mod x y)) (abs_int y)))))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_pos + (FORALL (x y) (IMPLIES (AND (>= x 0) (NEQ y 0)) (>= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_mod_sign_neg + (FORALL (x y) (IMPLIES (AND (<= x 0) (NEQ y 0)) (<= (computer_mod x y) 0)))) + +(BG_PUSH + ;; Why axiom computer_rounds_toward_zero + (FORALL (x y) + (IMPLIES (NEQ y 0) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))) + + (FORALL (y) + (IMPLIES (NEQ y 0) + (FORALL (x) (<= (abs_int (* (computer_div x y) y)) (abs_int x)))))) + +(DEFPRED (valid a p) (AND (<= (offset_min a p) 0) (>= (offset_max a p) 0))) + +(DEFPRED (same_block p q) (EQ (base_block p) (base_block q))) + +(BG_PUSH + ;; Why axiom address_injective + (FORALL (p q) (IFF (EQ p q) (EQ (address p) (address q))))) + +(BG_PUSH + ;; Why axiom address_null + (EQ (address null) 0)) + +(BG_PUSH + ;; Why axiom address_shift_lt + (FORALL (p i j) + (IFF (< (address (shift p i)) (address (shift p j))) (< i j)))) + +(BG_PUSH + ;; Why axiom address_shift_le + (FORALL (p i j) + (IFF (<= (address (shift p i)) (address (shift p j))) (<= i j)))) + +(BG_PUSH + ;; Why axiom shift_zero + (FORALL (p) (EQ (shift p 0) p))) + +(BG_PUSH + ;; Why axiom shift_shift + (FORALL (p i j) (EQ (shift (shift p i) j) (shift p (+ i j))))) + +(BG_PUSH + ;; Why axiom offset_max_shift + (FORALL (a p i) (EQ (offset_max a (shift p i)) (- (offset_max a p) i)))) + +(BG_PUSH + ;; Why axiom offset_min_shift + (FORALL (a p i) (EQ (offset_min a (shift p i)) (- (offset_min a p) i)))) + +(BG_PUSH + ;; Why axiom neq_shift + (FORALL (p i j) (IMPLIES (NEQ i j) (NEQ (shift p i) (shift p j)))) + + (FORALL (i j) + (IMPLIES (NEQ i j) (FORALL (p) (NEQ (shift p i) (shift p j)))))) + +(BG_PUSH + ;; Why axiom null_not_valid + (FORALL (a) (NOT (valid a null)))) + +(BG_PUSH + ;; Why axiom null_pointer + (FORALL (a) + (AND (>= (offset_min a null) 0) (<= (offset_max a null) (- 0 2))))) + +(BG_PUSH + ;; Why axiom eq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (eq_pointer_bool p1 p2) |@true|) (EQ p1 p2)))) + +(BG_PUSH + ;; Why axiom neq_pointer_bool_def + (FORALL (p1 p2) (IFF (EQ (neq_pointer_bool p1 p2) |@true|) (NEQ p1 p2)))) + +(BG_PUSH + ;; Why axiom same_block_shift_right + (FORALL (p q i) (IMPLIES (same_block p q) (same_block p (shift q i)))) + + (FORALL (p q) + (IMPLIES (same_block p q) (FORALL (i) (same_block p (shift q i)))))) + +(BG_PUSH + ;; Why axiom same_block_shift_left + (FORALL (p q i) (IMPLIES (same_block q p) (same_block (shift q i) p))) + + (FORALL (p q) + (IMPLIES (same_block q p) (FORALL (i) (same_block (shift q i) p))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift + (FORALL (p q) (IMPLIES (same_block p q) (EQ p (shift q (sub_pointer p q)))))) + +(BG_PUSH + ;; Why axiom sub_pointer_self + (FORALL (p) (EQ (sub_pointer p p) 0))) + +(BG_PUSH + ;; Why axiom sub_pointer_zero + (FORALL (p q) + (IMPLIES (same_block p q) (IMPLIES (EQ (sub_pointer p q) 0) (EQ p q))))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_left + (FORALL (p q i) (EQ (sub_pointer (shift p i) q) (+ (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom sub_pointer_shift_right + (FORALL (p q i) (EQ (sub_pointer p (shift q i)) (- (sub_pointer p q) i)))) + +(BG_PUSH + ;; Why axiom select_store_eq + (FORALL (m p1 p2 a) + (IMPLIES (EQ p1 p2) (EQ (select (|why__store| m p1 a) p2) a))) + + (FORALL (p1 p2) + (IMPLIES (EQ p1 p2) (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) a))))) + +(BG_PUSH + ;; Why axiom select_store_neq + (FORALL (m p1 p2 a) + (IMPLIES (NEQ p1 p2) (EQ (select (|why__store| m p1 a) p2) (select m p2)))) + + (FORALL (p1 p2) + (IMPLIES (NEQ p1 p2) + (FORALL (m a) (EQ (select (|why__store| m p1 a) p2) (select m p2)))))) + +(DEFPRED (pset_disjoint ps1 ps2) + (FORALL (p) + (NOT (AND (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|))))) + +(DEFPRED (pset_included ps1 ps2) + (FORALL (p) + (IMPLIES (EQ (in_pset p ps1) |@true|) (EQ (in_pset p ps2) |@true|)))) + +(BG_PUSH + ;; Why axiom pset_included_self + (FORALL (ps) (pset_included ps ps))) + +(BG_PUSH + ;; Why axiom pset_included_range + (FORALL (ps a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (pset_included (pset_range ps a b) (pset_range ps c d)))) + + (FORALL (a b c d) + (IMPLIES (AND (<= c a) (<= b d)) + (FORALL (ps) (pset_included (pset_range ps a b) (pset_range ps c d)))))) + +(BG_PUSH + ;; Why axiom pset_included_range_all + (FORALL (ps a b c d) (pset_included (pset_range ps a b) (pset_all ps)))) + +(BG_PUSH + ;; Why axiom in_pset_empty + (FORALL (p) (NOT (EQ (in_pset p pset_empty) |@true|)))) + +(BG_PUSH + ;; Why axiom in_pset_singleton + (FORALL (p q) (IFF (EQ (in_pset p (pset_singleton q)) |@true|) (EQ p q)))) + +(BG_PUSH + ;; Why axiom in_pset_deref + (FORALL (p m q) + (IFF (EQ (in_pset p (pset_deref m q)) |@true|) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))))))) + +(BG_PUSH + ;; Why axiom in_pset_all + (FORALL (p q) + (IFF (EQ (in_pset p (pset_all q)) |@true|) + (EXISTS (i) + (EXISTS (r) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))) + +(BG_PUSH + ;; Why axiom in_pset_range + (FORALL (p q a b) + (IFF (EQ (in_pset p (pset_range q a b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i)))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_left + (FORALL (p q b) + (IFF (EQ (in_pset p (pset_range_left q b)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= i b) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_range_right + (FORALL (p q a) + (IFF (EQ (in_pset p (pset_range_right q a)) |@true|) + (EXISTS (i) + (EXISTS (r) + (AND (<= a i) (AND (EQ (in_pset r q) |@true|) (EQ p (shift r i))))))))) + +(BG_PUSH + ;; Why axiom in_pset_union + (FORALL (p s1 s2) + (IFF (EQ (in_pset p (pset_union s1 s2)) |@true|) + (OR (EQ (in_pset p s1) |@true|) (EQ (in_pset p s2) |@true|))))) + +(BG_PUSH + ;; Why axiom valid_pset_empty + (FORALL (a) (EQ (valid_pset a pset_empty) |@true|))) + +(BG_PUSH + ;; Why axiom valid_pset_singleton + (FORALL (a p) + (IFF (EQ (valid_pset a (pset_singleton p)) |@true|) (valid a p)))) + +(BG_PUSH + ;; Why axiom valid_pset_deref + (FORALL (a m q) + (IFF (EQ (valid_pset a (pset_deref m q)) |@true|) + (FORALL (r p) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (EQ p (select m r))) (valid a p)))))) + +(BG_PUSH + ;; Why axiom valid_pset_range + (FORALL (a q c d) + (IFF (EQ (valid_pset a (pset_range q c d)) |@true|) + (FORALL (i r) + (IMPLIES (AND (EQ (in_pset r q) |@true|) (AND (<= c i) (<= i d))) + (valid a (shift r i))))))) + +(BG_PUSH + ;; Why axiom valid_pset_union + (FORALL (a s1 s2) + (IFF (EQ (valid_pset a (pset_union s1 s2)) |@true|) + (AND (EQ (valid_pset a s1) |@true|) (EQ (valid_pset a s2) |@true|))))) + +(DEFPRED (not_assigns a m1 m2 l) + (FORALL (p) + (IMPLIES (AND (valid a p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (select m2 p) (select m1 p))))) + +(BG_PUSH + ;; Why axiom not_assigns_refl + (FORALL (a m l) (not_assigns a m m l))) + +(BG_PUSH + ;; Why axiom not_assigns_trans + (FORALL (a m1 m2 m3 l) + (IMPLIES (not_assigns a m1 m2 l) + (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))) + + (FORALL (a m1 m2 l) + (IMPLIES (not_assigns a m1 m2 l) + (FORALL (m3) (IMPLIES (not_assigns a m2 m3 l) (not_assigns a m1 m3 l)))))) + +(BG_PUSH + ;; Why axiom full_separated_shift1 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift2 + (FORALL (p q i) + (IMPLIES (EQ (full_separated p q) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated p q) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift3 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated (shift q i) p) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated (shift q i) p) |@true|))))) + +(BG_PUSH + ;; Why axiom full_separated_shift4 + (FORALL (p q i) + (IMPLIES (EQ (full_separated q p) |@true|) + (EQ (full_separated p (shift q i)) |@true|))) + + (FORALL (p q) + (IMPLIES (EQ (full_separated q p) |@true|) + (FORALL (i) (EQ (full_separated p (shift q i)) |@true|))))) + +(BG_PUSH + ;; Why axiom subtag_bool_def + (FORALL (t1 t2) + (IFF (EQ (subtag_bool t1 t2) |@true|) (EQ (subtag t1 t2) |@true|)))) + +(BG_PUSH + ;; Why axiom subtag_refl + (FORALL (t) (EQ (subtag t t) |@true|))) + +(BG_PUSH + ;; Why axiom subtag_parent + (FORALL (t1 t2 t3) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))) + + (FORALL (t1 t2) + (IMPLIES (EQ (subtag t1 t2) |@true|) + (FORALL (t3) + (IMPLIES (EQ (parenttag t2 t3) |@true|) (EQ (subtag t1 t3) |@true|)))))) + +(DEFPRED (instanceof a p t) (EQ (subtag (typeof a p) t) |@true|)) + +(BG_PUSH + ;; Why axiom downcast_instanceof + (FORALL (a p s) (IMPLIES (instanceof a p s) (EQ (downcast a p s) p)))) + +(BG_PUSH + ;; Why axiom bottom_tag_axiom + (FORALL (t) (EQ (subtag t bottom_tag) |@true|))) + +(DEFPRED (root_tag t) (EQ (parenttag t bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom root_subtag + (FORALL (a b c) + (IMPLIES (root_tag a) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|))))))) + + (FORALL (a) + (IMPLIES (root_tag a) + (FORALL (b) + (IMPLIES (root_tag b) + (IMPLIES (NEQ a b) + (FORALL (c) + (IMPLIES (EQ (subtag c a) |@true|) (NOT (EQ (subtag c b) |@true|)))))))))) + +(DEFPRED (fully_packed tag_table mutable this) + (EQ (select mutable this) (typeof tag_table this))) + +(BG_PUSH + ;; Why axiom bw_and_not_null + (FORALL (a b) (IMPLIES (NEQ (bw_and a b) 0) (AND (NEQ a 0) (NEQ b 0))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsl a b))))) + +(BG_PUSH + ;; Why axiom lsl_left_positive_monotone + (FORALL (a1 a2 b) + (IMPLIES (AND (<= 0 a1) (AND (<= a1 a2) (<= 0 b))) + (<= (lsl a1 b) (lsl a2 b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_returns_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsr_left_positive_decreases + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_positive_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= 0 (asr a b))))) + +(BG_PUSH + ;; Why axiom asr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (asr a b) a)))) + +(BG_PUSH + ;; Why axiom asr_lsr_same_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (asr a b) (lsr a b))))) + +(BG_PUSH + ;; Why axiom lsl_of_lsr_decreases_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (<= (lsl (lsr a b) b) a)))) + +(BG_PUSH + ;; Why axiom lsr_of_lsl_identity_on_positive + (FORALL (a b) (IMPLIES (AND (<= 0 a) (<= 0 b)) (EQ (lsr (lsl a b) b) a)))) + +(DEFPRED (alloc_fresh a p n) + (FORALL (i) (IMPLIES (AND (<= 0 i) (< i n)) (NOT (valid a (shift p i)))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_min + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_offset_max + (FORALL (a1 a2) + (IMPLIES (EQ (alloc_extends a1 a2) |@true|) + (FORALL (p) (IMPLIES (valid a1 p) (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_not_assigns_empty + (FORALL (a1 a2 m1 m2 l p n) + (IMPLIES + (AND (EQ (alloc_extends a1 a2) |@true|) + (AND (alloc_fresh a1 p n) + (AND (not_assigns a2 m1 m2 l) + (pset_included l (pset_all (pset_singleton p)))))) + (not_assigns a1 m1 m2 pset_empty)))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_min + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_min a1 p) (offset_min a2 p))))))) + +(BG_PUSH + ;; Why axiom alloc_extends_except_offset_max + (FORALL (a1 a2 l) + (IMPLIES (EQ (alloc_extends_except a1 a2 l) |@true|) + (FORALL (p) + (IMPLIES (AND (valid a1 p) (NOT (EQ (in_pset p l) |@true|))) + (EQ (offset_max a1 p) (offset_max a2 p))))))) + +(BG_PUSH + ;; Why axiom disj_sym + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) (EQ (disj_mybag s2 s1) |@true|)))) + +(BG_PUSH + ;; Why axiom sub_refl + (FORALL (sa) (EQ (sub_mybag sa sa) |@true|))) + +(BG_PUSH + ;; Why axiom sub_disj + (FORALL (s1 s2 s3) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))) + + (FORALL (s1 s2) + (IMPLIES (EQ (disj_mybag s1 s2) |@true|) + (FORALL (s3) + (IMPLIES (EQ (sub_mybag s2 s3) |@true|) (EQ (disj_mybag s1 s3) |@true|)))))) + +(BG_PUSH + ;; Why axiom sub_in + (FORALL (s1 s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))) + + (FORALL (s2 p) + (IMPLIES (NOT (EQ (in_mybag p s2) |@true|)) + (FORALL (s1) + (IMPLIES (EQ (sub_mybag s1 s2) |@true|) (NOT (EQ (in_mybag p s1) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_refl + (FORALL (sa m) (EQ (frame_between sa m m) |@true|))) + +(BG_PUSH + ;; Why axiom frame_between_gen + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (EQ (in_mybag p sa) |@true|) + (FORALL (v) (EQ (frame_between sa (|why__store| m1 p v) m2) |@true|))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen2 + (FORALL (sa m1 m2 m3) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between sa m2 m3) |@true|) + (EQ (frame_between sa m1 m3) |@true|)))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub1 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 s13) + (IMPLIES (EQ (sub_mybag s12 s13) |@true|) + (FORALL (m2 m1) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s23 m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_gen_sub2 + (FORALL (s12 s23 s13 m1 m2 m3) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|))))) + + (FORALL (s12 m1 m2) + (IMPLIES (EQ (frame_between s12 m1 m2) |@true|) + (FORALL (s13 s23) + (IMPLIES (EQ (sub_mybag s23 s13) |@true|) + (FORALL (m3) + (IMPLIES (EQ (frame_between s23 m2 m3) |@true|) + (EQ (frame_between s13 m1 m3) |@true|)))))))) + +(BG_PUSH + ;; Why axiom frame_between_pointer + (FORALL (sa m1 m2 p v) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (EQ (select m1 p) (select m2 p))))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (p) + (IMPLIES (NOT (EQ (in_mybag p sa) |@true|)) + (FORALL (v) (EQ (select m1 p) (select m2 p)))))))) + +(BG_PUSH + ;; Why axiom frame_between_sub + (FORALL (sa sb m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))) + + (FORALL (sa m1 m2) + (IMPLIES (EQ (frame_between sa m1 m2) |@true|) + (FORALL (sb) + (IMPLIES (EQ (sub_mybag sa sb) |@true|) + (EQ (frame_between sb m1 m2) |@true|)))))) + +(BG_PUSH + ;; Why axiom Exception_parenttag_Object + (EQ (parenttag Exception_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Int_parenttag_Object + (EQ (parenttag Int_tag Object_tag) |@true|)) + +(DEFPRED (Non_null_Object x_0 Object_alloc_table) + (>= (offset_max Object_alloc_table x_0) 0)) + +(BG_PUSH + ;; Why axiom Object_int + (EQ (int_of_tag Object_tag) 1)) + +(BG_PUSH + ;; Why axiom Object_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (Object_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom Object_parenttag_bottom + (EQ (parenttag Object_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Object_tags + (FORALL (x Object_tag_table) (instanceof Object_tag_table x Object_tag))) + +(BG_PUSH + ;; Why axiom String_parenttag_Object + (EQ (parenttag String_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Throwable_parenttag_Object + (EQ (parenttag Throwable_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom Tree_parenttag_Object + (EQ (parenttag Tree_tag Object_tag) |@true|)) + +(BG_PUSH + ;; Why axiom byte_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 128) x) (<= x 127)) + (EQ (integer_of_byte (byte_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom byte_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_byte x) (integer_of_byte y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom byte_range + (FORALL (x) + (AND (<= (- 0 128) (integer_of_byte x)) (<= (integer_of_byte x) 127)))) + +(BG_PUSH + ;; Why axiom char_coerce + (FORALL (x) + (IMPLIES (AND (<= 0 x) (<= x 65535)) + (EQ (integer_of_char (char_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom char_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_char x) (integer_of_char y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom char_range + (FORALL (x) (AND (<= 0 (integer_of_char x)) (<= (integer_of_char x) 65535)))) + +(DEFPRED (eq_byte x y) (EQ (integer_of_byte x) (integer_of_byte y))) + +(DEFPRED (eq_char x y) (EQ (integer_of_char x) (integer_of_char y))) + +(DEFPRED (eq_int32 x y) (EQ (integer_of_int32 x) (integer_of_int32 y))) + +(DEFPRED (eq_long x y) (EQ (integer_of_long x) (integer_of_long y))) + +(DEFPRED (eq_short x y) (EQ (integer_of_short x) (integer_of_short y))) + +(BG_PUSH + ;; Why axiom int32_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_2147483648) x) + (<= x constant_too_large_2147483647)) + (EQ (integer_of_int32 (int32_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom int32_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_int32 x) (integer_of_int32 y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom int32_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_2147483648) (integer_of_int32 x)) + (<= (integer_of_int32 x) constant_too_large_2147483647)))) + +(BG_PUSH + ;; Why axiom interface_int + (EQ (int_of_tag interface_tag) 1)) + +(BG_PUSH + ;; Why axiom interface_of_pointer_address_of_pointer_addr + (FORALL (p) (EQ p (interface_of_pointer_address (pointer_address p))))) + +(BG_PUSH + ;; Why axiom interface_parenttag_bottom + (EQ (parenttag interface_tag bottom_tag) |@true|)) + +(BG_PUSH + ;; Why axiom interface_tags + (FORALL (x interface_tag_table) + (instanceof interface_tag_table x interface_tag))) + +(DEFPRED (left_valid_struct_Object p a Object_alloc_table) + (<= (offset_min Object_alloc_table p) a)) + +(DEFPRED (left_valid_struct_Exception p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Int p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_String p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Throwable p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_Tree p a Object_alloc_table) + (left_valid_struct_Object p a Object_alloc_table)) + +(DEFPRED (left_valid_struct_interface p a interface_alloc_table) + (<= (offset_min interface_alloc_table p) a)) + +(BG_PUSH + ;; Why axiom long_coerce + (FORALL (x) + (IMPLIES + (AND (<= (- 0 constant_too_large_9223372036854775808) x) + (<= x constant_too_large_9223372036854775807)) + (EQ (integer_of_long (long_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom long_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_long x) (integer_of_long y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom long_range + (FORALL (x) + (AND (<= (- 0 constant_too_large_9223372036854775808) (integer_of_long x)) + (<= (integer_of_long x) constant_too_large_9223372036854775807)))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_Object_of_pointer_address + (FORALL (p) (EQ p (pointer_address (Object_of_pointer_address p))))) + +(BG_PUSH + ;; Why axiom pointer_addr_of_interface_of_pointer_address + (FORALL (p) (EQ p (pointer_address (interface_of_pointer_address p))))) + +(DEFPRED (right_valid_struct_Object p b Object_alloc_table) + (>= (offset_max Object_alloc_table p) b)) + +(DEFPRED (right_valid_struct_Exception p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Int p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_String p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Throwable p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_Tree p b Object_alloc_table) + (right_valid_struct_Object p b Object_alloc_table)) + +(DEFPRED (right_valid_struct_interface p b interface_alloc_table) + (>= (offset_max interface_alloc_table p) b)) + +(BG_PUSH + ;; Why axiom short_coerce + (FORALL (x) + (IMPLIES (AND (<= (- 0 32768) x) (<= x 32767)) + (EQ (integer_of_short (short_of_integer x)) x)))) + +(BG_PUSH + ;; Why axiom short_extensionality + (FORALL (x y) + (IMPLIES (EQ (integer_of_short x) (integer_of_short y)) (EQ x y)))) + +(BG_PUSH + ;; Why axiom short_range + (FORALL (x) + (AND (<= (- 0 32768) (integer_of_short x)) (<= (integer_of_short x) 32767)))) + +(DEFPRED (strict_valid_root_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_root_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Object p a b Object_alloc_table) + (AND (EQ (offset_min Object_alloc_table p) a) + (EQ (offset_max Object_alloc_table p) b))) + +(DEFPRED (strict_valid_struct_Exception p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Int p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_String p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Throwable p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_Tree p a b Object_alloc_table) + (strict_valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (strict_valid_struct_interface p a b interface_alloc_table) + (AND (EQ (offset_min interface_alloc_table p) a) + (EQ (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_root_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_root_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +(DEFPRED (valid_struct_Object p a b Object_alloc_table) + (AND (<= (offset_min Object_alloc_table p) a) + (>= (offset_max Object_alloc_table p) b))) + +(DEFPRED (valid_struct_Exception p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Int p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_String p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Throwable p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_Tree p a b Object_alloc_table) + (valid_struct_Object p a b Object_alloc_table)) + +(DEFPRED (valid_struct_interface p a b interface_alloc_table) + (AND (<= (offset_min interface_alloc_table p) a) + (>= (offset_max interface_alloc_table p) b))) + +(BG_PUSH + ;; Why axiom max_is_some + (FORALL (x_1_0 y_1) + (OR (EQ (max x_1_0 y_1) x_1_0) (EQ (max x_1_0 y_1) y_1)))) + +(BG_PUSH + ;; Why axiom max_is_ge + (FORALL (x_0_0 y_0) + (AND (>= (max x_0_0 y_0) x_0_0) (>= (max x_0_0 y_0) y_0)))) + +(BG_PUSH + ;; Why axiom mem_inversion + (FORALL (Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L x_8 t_4) + (IMPLIES + (EQ (mem + x_8 t_4 Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|) + (AND (Non_null_Object t_4 Object_alloc_table_at_L) + (OR + (EQ (integer_of_int32 x_8) (integer_of_int32 (select Tree_value_at_L t_4))) + (OR + (EQ (mem + x_8 (select Tree_left_at_L t_4) Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|) + (EQ (mem + x_8 (select Tree_right_at_L t_4) Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|))))))) + +(BG_PUSH + ;; Why axiom mem_right + (FORALL (Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L x_7 t_3) + (IMPLIES (Non_null_Object t_3 Object_alloc_table_at_L) + (IMPLIES + (EQ (mem + x_7 (select Tree_right_at_L t_3) Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|) + (EQ (mem + x_7 t_3 Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|)))) + + (FORALL (Object_alloc_table_at_L t_3) + (IMPLIES (Non_null_Object t_3 Object_alloc_table_at_L) + (FORALL (x_7 Tree_value_at_L Tree_left_at_L Tree_right_at_L) + (IMPLIES + (EQ (mem + x_7 (select Tree_right_at_L t_3) Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|) + (EQ (mem + x_7 t_3 Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|)))))) + +(BG_PUSH + ;; Why axiom mem_left + (FORALL (Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L x_6 t_2) + (IMPLIES (Non_null_Object t_2 Object_alloc_table_at_L) + (IMPLIES + (EQ (mem + x_6 (select Tree_left_at_L t_2) Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|) + (EQ (mem + x_6 t_2 Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|)))) + + (FORALL (Object_alloc_table_at_L t_2) + (IMPLIES (Non_null_Object t_2 Object_alloc_table_at_L) + (FORALL (x_6 Tree_value_at_L Tree_left_at_L Tree_right_at_L) + (IMPLIES + (EQ (mem + x_6 (select Tree_left_at_L t_2) Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|) + (EQ (mem + x_6 t_2 Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|)))))) + +(BG_PUSH + ;; Why axiom mem_root_eq + (FORALL (Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L x_5 t_1) + (IMPLIES (Non_null_Object t_1 Object_alloc_table_at_L) + (IMPLIES + (EQ (integer_of_int32 x_5) (integer_of_int32 (select Tree_value_at_L t_1))) + (EQ (mem + x_5 t_1 Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|)))) + + (FORALL (Object_alloc_table_at_L t_1) + (IMPLIES (Non_null_Object t_1 Object_alloc_table_at_L) + (FORALL (x_5 Tree_value_at_L) + (IMPLIES + (EQ (integer_of_int32 x_5) (integer_of_int32 (select Tree_value_at_L t_1))) + (FORALL (Tree_left_at_L Tree_right_at_L) + (EQ (mem + x_5 t_1 Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|))))))) + +(BG_PUSH + ;; Why axiom mem_root + (FORALL (Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L t_0) + (IMPLIES (Non_null_Object t_0 Object_alloc_table_at_L) + (EQ (mem + (select Tree_value_at_L t_0) t_0 Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|))) + + (FORALL (Object_alloc_table_at_L t_0) + (IMPLIES (Non_null_Object t_0 Object_alloc_table_at_L) + (FORALL (Tree_right_at_L Tree_left_at_L Tree_value_at_L) + (EQ (mem + (select Tree_value_at_L t_0) t_0 Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|))))) + +(BG_PUSH + ;; Why axiom mem_null + (FORALL (Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L x_4) + (NOT + (EQ (mem + x_4 null Object_alloc_table_at_L Tree_right_at_L Tree_left_at_L Tree_value_at_L) |@true|)))) + +;; Tree_tree_max_ensures_default_po_1, File "HOME/tests/java/TreeMax.java", line 60, characters 16-33 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_right) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result0) 0) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_left this_2)) +(FORALL (result2) +(IMPLIES (AND + (EQ (mem + result2 result1 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (FORALL (x_9) + (IMPLIES + (EQ (mem + x_9 result1 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (>= (integer_of_int32 result2) (integer_of_int32 x_9))))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) + (max (integer_of_int32 result) (integer_of_int32 result2))) +(FORALL (m) +(IMPLIES (EQ m result3) +(FORALL (result4) +(IMPLIES (EQ result4 (select Tree_right this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result4) 0) +(FORALL (result5) +(IMPLIES (EQ result5 (select Tree_right this_2)) +(FORALL (result6) +(IMPLIES (AND + (EQ (mem + result6 result5 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (FORALL (x_9) + (IMPLIES + (EQ (mem + x_9 result5 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (>= (integer_of_int32 result6) (integer_of_int32 x_9))))) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) + (max (integer_of_int32 m) (integer_of_int32 result6))) +(FORALL (m0) +(IMPLIES (EQ m0 result7) +(FORALL (return) +(IMPLIES (EQ return m0) +(EQ (mem +return this_2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|))))))))))))))))))))))))))))))))) + +;; Tree_tree_max_ensures_default_po_2, File "HOME/tests/java/TreeMax.java", line 61, characters 10-53 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_right) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result0) 0) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_left this_2)) +(FORALL (result2) +(IMPLIES (AND + (EQ (mem + result2 result1 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (FORALL (x_9) + (IMPLIES + (EQ (mem + x_9 result1 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (>= (integer_of_int32 result2) (integer_of_int32 x_9))))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) + (max (integer_of_int32 result) (integer_of_int32 result2))) +(FORALL (m) +(IMPLIES (EQ m result3) +(FORALL (result4) +(IMPLIES (EQ result4 (select Tree_right this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result4) 0) +(FORALL (result5) +(IMPLIES (EQ result5 (select Tree_right this_2)) +(FORALL (result6) +(IMPLIES (AND + (EQ (mem + result6 result5 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (FORALL (x_9) + (IMPLIES + (EQ (mem + x_9 result5 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (>= (integer_of_int32 result6) (integer_of_int32 x_9))))) +(FORALL (result7) +(IMPLIES (EQ (integer_of_int32 result7) + (max (integer_of_int32 m) (integer_of_int32 result6))) +(FORALL (m0) +(IMPLIES (EQ m0 result7) +(FORALL (return) +(IMPLIES (EQ return m0) +(FORALL (x_9) +(IMPLIES (EQ (mem + x_9 this_2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) +(>= (integer_of_int32 return) (integer_of_int32 x_9)))))))))))))))))))))))))))))))))))) + +;; Tree_tree_max_ensures_default_po_3, File "HOME/tests/java/TreeMax.java", line 60, characters 16-33 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_right) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result0) 0) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_left this_2)) +(FORALL (result2) +(IMPLIES (AND + (EQ (mem + result2 result1 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (FORALL (x_9) + (IMPLIES + (EQ (mem + x_9 result1 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (>= (integer_of_int32 result2) (integer_of_int32 x_9))))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) + (max (integer_of_int32 result) (integer_of_int32 result2))) +(FORALL (m) +(IMPLIES (EQ m result3) +(FORALL (result4) +(IMPLIES (EQ result4 (select Tree_right this_2)) +(IMPLIES (EQ result4 null) +(FORALL (return) +(IMPLIES (EQ return m) +(EQ (mem +return this_2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|))))))))))))))))))))))))) + +;; Tree_tree_max_ensures_default_po_4, File "HOME/tests/java/TreeMax.java", line 61, characters 10-53 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_right) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result0) 0) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_left this_2)) +(FORALL (result2) +(IMPLIES (AND + (EQ (mem + result2 result1 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (FORALL (x_9) + (IMPLIES + (EQ (mem + x_9 result1 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (>= (integer_of_int32 result2) (integer_of_int32 x_9))))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) + (max (integer_of_int32 result) (integer_of_int32 result2))) +(FORALL (m) +(IMPLIES (EQ m result3) +(FORALL (result4) +(IMPLIES (EQ result4 (select Tree_right this_2)) +(IMPLIES (EQ result4 null) +(FORALL (return) +(IMPLIES (EQ return m) +(FORALL (x_9) +(IMPLIES (EQ (mem + x_9 this_2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) +(>= (integer_of_int32 return) (integer_of_int32 x_9)))))))))))))))))))))))))))) + +;; Tree_tree_max_ensures_default_po_5, File "HOME/tests/java/TreeMax.java", line 60, characters 16-33 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_right) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ result0 null) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_right this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result1) 0) +(FORALL (result2) +(IMPLIES (EQ result2 (select Tree_right this_2)) +(FORALL (result3) +(IMPLIES (AND + (EQ (mem + result3 result2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (FORALL (x_9) + (IMPLIES + (EQ (mem + x_9 result2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (>= (integer_of_int32 result3) (integer_of_int32 x_9))))) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) + (max (integer_of_int32 result) (integer_of_int32 result3))) +(FORALL (m) +(IMPLIES (EQ m result4) +(FORALL (return) +(IMPLIES (EQ return m) +(EQ (mem +return this_2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|))))))))))))))))))))))))) + +;; Tree_tree_max_ensures_default_po_6, File "HOME/tests/java/TreeMax.java", line 61, characters 10-53 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_right) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ result0 null) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_right this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result1) 0) +(FORALL (result2) +(IMPLIES (EQ result2 (select Tree_right this_2)) +(FORALL (result3) +(IMPLIES (AND + (EQ (mem + result3 result2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (FORALL (x_9) + (IMPLIES + (EQ (mem + x_9 result2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (>= (integer_of_int32 result3) (integer_of_int32 x_9))))) +(FORALL (result4) +(IMPLIES (EQ (integer_of_int32 result4) + (max (integer_of_int32 result) (integer_of_int32 result3))) +(FORALL (m) +(IMPLIES (EQ m result4) +(FORALL (return) +(IMPLIES (EQ return m) +(FORALL (x_9) +(IMPLIES (EQ (mem + x_9 this_2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) +(>= (integer_of_int32 return) (integer_of_int32 x_9)))))))))))))))))))))))))))) + +;; Tree_tree_max_ensures_default_po_7, File "HOME/tests/java/TreeMax.java", line 60, characters 16-33 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_right) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ result0 null) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_right this_2)) +(IMPLIES (EQ result1 null) +(FORALL (return) +(IMPLIES (EQ return result) +(EQ (mem +return this_2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|))))))))))))))))) + +;; Tree_tree_max_ensures_default_po_8, File "HOME/tests/java/TreeMax.java", line 61, characters 10-53 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_right) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ result0 null) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_right this_2)) +(IMPLIES (EQ result1 null) +(FORALL (return) +(IMPLIES (EQ return result) +(FORALL (x_9) +(IMPLIES (EQ (mem + x_9 this_2 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) +(>= (integer_of_int32 return) (integer_of_int32 x_9)))))))))))))))))))) + +;; Tree_tree_max_safety_po_1, File "why/TreeMax.why", line 871, characters 16-69 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result0) 0) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_left this_2)) +(>= (offset_max Object_alloc_table result1) 0))))))))))))) + +;; Tree_tree_max_safety_po_2, File "why/TreeMax.why", line 886, characters 15-69 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_right) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result0) 0) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_left this_2)) +(IMPLIES (>= (offset_max Object_alloc_table result1) 0) +(FORALL (result2) +(IMPLIES (AND + (EQ (mem + result2 result1 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (FORALL (x_9) + (IMPLIES + (EQ (mem + x_9 result1 Object_alloc_table Tree_right Tree_left Tree_value) |@true|) + (>= (integer_of_int32 result2) (integer_of_int32 x_9))))) +(FORALL (result3) +(IMPLIES (EQ (integer_of_int32 result3) + (max (integer_of_int32 result) (integer_of_int32 result2))) +(FORALL (m) +(IMPLIES (EQ m result3) +(FORALL (result4) +(IMPLIES (EQ result4 (select Tree_right this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result4) 0) +(FORALL (result5) +(IMPLIES (EQ result5 (select Tree_right this_2)) +(>= (offset_max Object_alloc_table result5) 0)))))))))))))))))))))))))) + +;; Tree_tree_max_safety_po_3, File "why/TreeMax.why", line 886, characters 15-69 +(FORALL (this_2) +(FORALL (Object_alloc_table) +(FORALL (Tree_left) +(FORALL (Tree_right) +(FORALL (Tree_value) +(IMPLIES (valid_struct_Tree this_2 0 0 Object_alloc_table) +(FORALL (result) +(IMPLIES (EQ result (select Tree_value this_2)) +(FORALL (result0) +(IMPLIES (EQ result0 (select Tree_left this_2)) +(IMPLIES (EQ result0 null) +(FORALL (result1) +(IMPLIES (EQ result1 (select Tree_right this_2)) +(IMPLIES (EQ (offset_max Object_alloc_table result1) 0) +(FORALL (result2) +(IMPLIES (EQ result2 (select Tree_right this_2)) +(>= (offset_max Object_alloc_table result2) 0))))))))))))))))) + +========== running Simplify ========== +Running Simplify on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +simplify/TreeMax_why.sx : .......?... (10/0/1/0/0) +total : 11 +valid : 10 ( 91%) +invalid : 0 ( 0%) +unknown : 1 ( 9%) +timeout : 0 ( 0%) +failure : 0 ( 0%) +========== generation of alt-ergo VC output ========== +why -alt-ergo [...] why/TreeMax.why +========== file tests/java/why/TreeMax_why.why ========== +logic eq_unit : unit, unit -> prop + +logic neq_unit : unit, unit -> prop + +logic eq_bool : bool, bool -> prop + +logic neq_bool : bool, bool -> prop + +logic lt_int : int, int -> prop + +logic le_int : int, int -> prop + +logic gt_int : int, int -> prop + +logic ge_int : int, int -> prop + +logic eq_int : int, int -> prop + +logic neq_int : int, int -> prop + +logic add_int : int, int -> int + +logic sub_int : int, int -> int + +logic mul_int : int, int -> int + +logic neg_int : int -> int + +predicate zwf_zero(a: int, b: int) = ((0 <= b) and (a < b)) + +logic bool_and : bool, bool -> bool + +logic bool_or : bool, bool -> bool + +logic bool_xor : bool, bool -> bool + +logic bool_not : bool -> bool + +axiom bool_and_def: + (forall a:bool. + (forall b:bool. + ((bool_and(a, b) = true) <-> ((a = true) and (b = true))))) + +axiom bool_or_def: + (forall a:bool. + (forall b:bool. ((bool_or(a, b) = true) <-> ((a = true) or (b = true))))) + +axiom bool_xor_def: + (forall a:bool. (forall b:bool. ((bool_xor(a, b) = true) <-> (a <> b)))) + +axiom bool_not_def: (forall a:bool. ((bool_not(a) = true) <-> (a = false))) + +logic ite : bool, 'a1, 'a1 -> 'a1 + +axiom ite_true: (forall x:'a1. (forall y:'a1. (ite(true, x, y) = x))) + +axiom ite_false: (forall x:'a1. (forall y:'a1. (ite(false, x, y) = y))) + +logic lt_int_bool : int, int -> bool + +logic le_int_bool : int, int -> bool + +logic gt_int_bool : int, int -> bool + +logic ge_int_bool : int, int -> bool + +logic eq_int_bool : int, int -> bool + +logic neq_int_bool : int, int -> bool + +axiom lt_int_bool_axiom: + (forall x:int. (forall y:int. ((lt_int_bool(x, y) = true) <-> (x < y)))) + +axiom le_int_bool_axiom: + (forall x:int. (forall y:int. ((le_int_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_int_bool_axiom: + (forall x:int. (forall y:int. ((gt_int_bool(x, y) = true) <-> (x > y)))) + +axiom ge_int_bool_axiom: + (forall x:int. (forall y:int. ((ge_int_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_int_bool_axiom: + (forall x:int. (forall y:int. ((eq_int_bool(x, y) = true) <-> (x = y)))) + +axiom neq_int_bool_axiom: + (forall x:int. (forall y:int. ((neq_int_bool(x, y) = true) <-> (x <> y)))) + +logic abs_int : int -> int + +axiom abs_int_pos: (forall x:int. ((x >= 0) -> (abs_int(x) = x))) + +axiom abs_int_neg: (forall x:int. ((x <= 0) -> (abs_int(x) = (-x)))) + +logic int_max : int, int -> int + +logic int_min : int, int -> int + +axiom int_max_is_ge: + (forall x:int. + (forall y:int. ((int_max(x, y) >= x) and (int_max(x, y) >= y)))) + +axiom int_max_is_some: + (forall x:int. + (forall y:int. ((int_max(x, y) = x) or (int_max(x, y) = y)))) + +axiom int_min_is_le: + (forall x:int. + (forall y:int. ((int_min(x, y) <= x) and (int_min(x, y) <= y)))) + +axiom int_min_is_some: + (forall x:int. + (forall y:int. ((int_min(x, y) = x) or (int_min(x, y) = y)))) + +logic lt_real : real, real -> prop + +logic le_real : real, real -> prop + +logic gt_real : real, real -> prop + +logic ge_real : real, real -> prop + +logic eq_real : real, real -> prop + +logic neq_real : real, real -> prop + +logic add_real : real, real -> real + +logic sub_real : real, real -> real + +logic mul_real : real, real -> real + +logic div_real : real, real -> real + +logic neg_real : real -> real + +logic real_of_int : int -> real + +axiom real_of_int_zero: (real_of_int(0) = 0.0) + +axiom real_of_int_one: (real_of_int(1) = 1.0) + +axiom real_of_int_add: + (forall x:int. + (forall y:int. + (real_of_int((x + y)) = (real_of_int(x) + real_of_int(y))))) + +axiom real_of_int_sub: + (forall x:int. + (forall y:int. + (real_of_int((x - y)) = (real_of_int(x) - real_of_int(y))))) + +logic truncate_real_to_int : real -> int + +axiom truncate_down_pos: + (forall x:real. + ((x >= 0.0) -> + ((real_of_int(truncate_real_to_int(x)) <= x) and + (x < real_of_int((truncate_real_to_int(x) + 1)))))) + +axiom truncate_up_neg: + (forall x:real. + ((x <= 0.0) -> + ((real_of_int((truncate_real_to_int(x) - 1)) < x) and + (x <= real_of_int(truncate_real_to_int(x)))))) + +logic floor_real_to_int : real -> int + +logic ceil_real_to_int : real -> int + +logic lt_real_bool : real, real -> bool + +logic le_real_bool : real, real -> bool + +logic gt_real_bool : real, real -> bool + +logic ge_real_bool : real, real -> bool + +logic eq_real_bool : real, real -> bool + +logic neq_real_bool : real, real -> bool + +axiom lt_real_bool_axiom: + (forall x:real. (forall y:real. ((lt_real_bool(x, y) = true) <-> (x < y)))) + +axiom le_real_bool_axiom: + (forall x:real. + (forall y:real. ((le_real_bool(x, y) = true) <-> (x <= y)))) + +axiom gt_real_bool_axiom: + (forall x:real. (forall y:real. ((gt_real_bool(x, y) = true) <-> (x > y)))) + +axiom ge_real_bool_axiom: + (forall x:real. + (forall y:real. ((ge_real_bool(x, y) = true) <-> (x >= y)))) + +axiom eq_real_bool_axiom: + (forall x:real. (forall y:real. ((eq_real_bool(x, y) = true) <-> (x = y)))) + +axiom neq_real_bool_axiom: + (forall x:real. + (forall y:real. ((neq_real_bool(x, y) = true) <-> (x <> y)))) + +logic real_max : real, real -> real + +logic real_min : real, real -> real + +axiom real_max_is_ge: + (forall x:real. + (forall y:real. ((real_max(x, y) >= x) and (real_max(x, y) >= y)))) + +axiom real_max_is_some: + (forall x:real. + (forall y:real. ((real_max(x, y) = x) or (real_max(x, y) = y)))) + +axiom real_min_is_le: + (forall x:real. + (forall y:real. ((real_min(x, y) <= x) and (real_min(x, y) <= y)))) + +axiom real_min_is_some: + (forall x:real. + (forall y:real. ((real_min(x, y) = x) or (real_min(x, y) = y)))) + +function sqr_real(x: real) : real = (x * x) + +logic sqrt_real : real -> real + +axiom sqrt_pos: (forall x:real. ((x >= 0.0) -> (sqrt_real(x) >= 0.0))) + +axiom sqrt_sqr: (forall x:real. ((x >= 0.0) -> (sqr_real(sqrt_real(x)) = x))) + +axiom sqr_sqrt: (forall x:real. ((x >= 0.0) -> (sqrt_real((x * x)) = x))) + +logic pow_real : real, real -> real + +logic abs_real : real -> real + +axiom abs_real_pos: + (forall x:real [abs_real(x)]. ((x >= 0.0) -> (abs_real(x) = x))) + +axiom abs_real_neg: + (forall x:real [abs_real(x)]. ((x <= 0.0) -> (abs_real(x) = (-x)))) + +logic exp : real -> real + +logic log : real -> real + +logic log10 : real -> real + +axiom log_exp: (forall x:real. (log(exp(x)) = x)) + +axiom exp_log: (forall x:real. ((x > 0.0) -> (exp(log(x)) = x))) + +logic cos : real -> real + +logic sin : real -> real + +logic tan : real -> real + +logic pi : real + +logic cosh : real -> real + +logic sinh : real -> real + +logic tanh : real -> real + +logic acos : real -> real + +logic asin : real -> real + +logic atan : real -> real + +logic atan2 : real, real -> real + +logic hypot : real, real -> real + +axiom prod_pos: + (forall x:real. + (forall y:real. + ((((x > 0.0) and (y > 0.0)) -> ((x * y) > 0.0)) and + (((x < 0.0) and (y < 0.0)) -> ((x * y) > 0.0))))) + +axiom abs_minus: (forall x:real. (abs_real((-x)) = abs_real(x))) + +logic computer_div : int, int -> int + +logic computer_mod : int, int -> int + +logic math_div : int, int -> int + +logic math_mod : int, int -> int + +axiom math_div_mod: + (forall x:int. + (forall y:int. + ((y <> 0) -> (x = ((y * math_div(x, y)) + math_mod(x, y)))))) + +axiom math_mod_bound: + (forall x:int. + (forall y:int. + ((y <> 0) -> ((0 <= math_mod(x, y)) and (math_mod(x, y) < abs_int(y)))))) + +axiom computer_div_mod: + (forall x:int. + (forall y:int [computer_div(x, y), computer_mod(x, y)]. + ((y <> 0) -> (x = ((y * computer_div(x, y)) + computer_mod(x, y)))))) + +axiom computer_div_bound: + (forall x:int. + (forall y:int. + (((x >= 0) and (y > 0)) -> + ((0 <= computer_div(x, y)) and (computer_div(x, y) <= x))))) + +axiom computer_mod_bound: + (forall x:int. + (forall y:int. ((y <> 0) -> (abs_int(computer_mod(x, y)) < abs_int(y))))) + +axiom computer_mod_sign_pos: + (forall x:int. + (forall y:int. (((x >= 0) and (y <> 0)) -> (computer_mod(x, y) >= 0)))) + +axiom computer_mod_sign_neg: + (forall x:int. + (forall y:int. (((x <= 0) and (y <> 0)) -> (computer_mod(x, y) <= 0)))) + +axiom computer_rounds_toward_zero: + (forall x:int. + (forall y:int. + ((y <> 0) -> (abs_int((computer_div(x, y) * y)) <= abs_int(x))))) + +type 't alloc_table + +type 't pointer + +type 't block + +logic base_block : 'a1 pointer -> 'a1 block + +logic offset_max : 'a1 alloc_table, 'a1 pointer -> int + +logic offset_min : 'a1 alloc_table, 'a1 pointer -> int + +predicate valid(a: 'a1 alloc_table, p: 'a1 pointer) = + ((offset_min(a, p) <= 0) and (offset_max(a, p) >= 0)) + +predicate same_block(p: 'a1 pointer, q: 'a1 pointer) = + (base_block(p) = base_block(q)) + +logic sub_pointer : 'a1 pointer, 'a1 pointer -> int + +logic shift : 'a1 pointer, int -> 'a1 pointer + +logic null : 'a1 pointer + +logic pointer_address : 'a1 pointer -> unit pointer + +logic absolute_address : int -> unit pointer + +logic address : 'a1 pointer -> int + +axiom address_injective: + (forall p:'a1 pointer. + (forall q:'a1 pointer. ((p = q) <-> (address(p) = address(q))))) + +axiom address_null: (address(null) = 0) + +axiom address_shift_lt: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) < address(shift(p, j))) <-> (i < j))))) + +axiom address_shift_le: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [address(shift(p, i)), address(shift(p, j))]. + ((address(shift(p, i)) <= address(shift(p, j))) <-> (i <= j))))) + +axiom shift_zero: (forall p:'a1 pointer [shift(p, 0)]. (shift(p, 0) = p)) + +axiom shift_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(shift(p, i), j)]. (shift(shift(p, i), + j) = shift(p, (i + j)))))) + +axiom offset_max_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_max(a, shift(p, i)) = (offset_max(a, p) - i))))) + +axiom offset_min_shift: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (forall i:int. (offset_min(a, shift(p, i)) = (offset_min(a, p) - i))))) + +axiom neq_shift: + (forall p:'a1 pointer. + (forall i:int. + (forall j:int [shift(p, i), shift(p, j)]. + ((i <> j) -> (shift(p, i) <> shift(p, j)))))) + +axiom null_not_valid: (forall a:'a1 alloc_table. (not valid(a, null))) + +axiom null_pointer: + (forall a:'a1 alloc_table. + ((offset_min(a, null) >= 0) and (offset_max(a, null) <= (-2)))) + +logic eq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +logic neq_pointer_bool : 'a1 pointer, 'a1 pointer -> bool + +axiom eq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. ((eq_pointer_bool(p1, p2) = true) <-> (p1 = p2)))) + +axiom neq_pointer_bool_def: + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + ((neq_pointer_bool(p1, p2) = true) <-> (p1 <> p2)))) + +axiom same_block_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(p, shift(q, i))]. + (same_block(p, q) -> same_block(p, shift(q, i)))))) + +axiom same_block_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [same_block(shift(q, i), p)]. + (same_block(q, p) -> same_block(shift(q, i), p))))) + +axiom sub_pointer_shift: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> (p = shift(q, sub_pointer(p, q)))))) + +axiom sub_pointer_self: + (forall p:'a1 pointer [sub_pointer(p, p)]. (sub_pointer(p, p) = 0)) + +axiom sub_pointer_zero: + (forall p:'a1 pointer. + (forall q:'a1 pointer [sub_pointer(p, q)]. + (same_block(p, q) -> ((sub_pointer(p, q) = 0) -> (p = q))))) + +axiom sub_pointer_shift_left: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(shift(p, i), q)]. (sub_pointer(shift(p, i), + q) = (sub_pointer(p, q) + i))))) + +axiom sub_pointer_shift_right: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [sub_pointer(p, shift(q, i))]. (sub_pointer(p, shift(q, + i)) = (sub_pointer(p, q) - i))))) + +type ('t, 'v) memory + +logic select : ('a2, 'a1) memory, 'a2 pointer -> 'a1 + +logic store : ('a1, 'a2) memory, 'a1 pointer, 'a2 -> ('a1, 'a2) memory + +axiom select_store_eq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 = p2) -> (select(store(m, p1, a), p2) = a)))))) + +axiom select_store_neq: + (forall m:('a1, 'a2) memory. + (forall p1:'a1 pointer. + (forall p2:'a1 pointer. + (forall a:'a2 [store(m, p1, a), p2]. + ((p1 <> p2) -> (select(store(m, p1, a), p2) = select(m, p2))))))) + +type 't pset + +logic pset_empty : 'a1 pset + +logic pset_singleton : 'a1 pointer -> 'a1 pset + +logic pset_deref : ('a2, 'a1 pointer) memory, 'a2 pset -> 'a1 pset + +logic pset_union : 'a1 pset, 'a1 pset -> 'a1 pset + +logic pset_all : 'a1 pset -> 'a1 pset + +logic pset_range : 'a1 pset, int, int -> 'a1 pset + +logic pset_range_left : 'a1 pset, int -> 'a1 pset + +logic pset_range_right : 'a1 pset, int -> 'a1 pset + +logic in_pset : 'a1 pointer, 'a1 pset -> prop + +logic valid_pset : 'a1 alloc_table, 'a1 pset -> prop + +predicate pset_disjoint(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (not (in_pset(p, ps1) and in_pset(p, ps2)))) + +predicate pset_included(ps1: 'a1 pset, ps2: 'a1 pset) = + (forall p:'a1 pointer. (in_pset(p, ps1) -> in_pset(p, ps2))) + +axiom pset_included_self: (forall ps:'a1 pset. pset_included(ps, ps)) + +axiom pset_included_range: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. + (((c <= a) and (b <= d)) -> pset_included(pset_range(ps, a, b), + pset_range(ps, c, d)))))))) + +axiom pset_included_range_all: + (forall ps:'a1 pset. + (forall a:int. + (forall b:int. + (forall c:int. + (forall d:int [pset_included(pset_range(ps, a, b), pset_range(ps, + c, d))]. pset_included(pset_range(ps, a, b), pset_all(ps))))))) + +axiom in_pset_empty: (forall p:'a1 pointer. (not in_pset(p, pset_empty))) + +axiom in_pset_singleton: + (forall p:'a1 pointer. + (forall q:'a1 pointer. (in_pset(p, pset_singleton(q)) <-> (p = q)))) + +axiom in_pset_deref: + (forall p:'a1 pointer. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (in_pset(p, pset_deref(m, q)) <-> + (exists r:'a2 pointer. (in_pset(r, q) and (p = select(m, r)))))))) + +axiom in_pset_all: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (in_pset(p, pset_all(q)) <-> + (exists i:int. + (exists r:'a1 pointer. (in_pset(r, q) and (p = shift(r, i)))))))) + +axiom in_pset_range: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (forall b:int. + (in_pset(p, pset_range(q, a, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))))) + +axiom in_pset_range_left: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall b:int. + (in_pset(p, pset_range_left(q, b)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((i <= b) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_range_right: + (forall p:'a1 pointer. + (forall q:'a1 pset. + (forall a:int. + (in_pset(p, pset_range_right(q, a)) <-> + (exists i:int. + (exists r:'a1 pointer. + ((a <= i) and (in_pset(r, q) and (p = shift(r, i)))))))))) + +axiom in_pset_union: + (forall p:'a1 pointer. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (in_pset(p, pset_union(s1, s2)) <-> + (in_pset(p, s1) or in_pset(p, s2)))))) + +axiom valid_pset_empty: (forall a:'a1 alloc_table. valid_pset(a, pset_empty)) + +axiom valid_pset_singleton: + (forall a:'a1 alloc_table. + (forall p:'a1 pointer. + (valid_pset(a, pset_singleton(p)) <-> valid(a, p)))) + +axiom valid_pset_deref: + (forall a:'a1 alloc_table. + (forall m:('a2, 'a1 pointer) memory. + (forall q:'a2 pset. + (valid_pset(a, pset_deref(m, q)) <-> + (forall r:'a2 pointer. + (forall p:'a1 pointer. + ((in_pset(r, q) and (p = select(m, r))) -> valid(a, p)))))))) + +axiom valid_pset_range: + (forall a:'a1 alloc_table. + (forall q:'a1 pset. + (forall c:int. + (forall d:int. + (valid_pset(a, pset_range(q, c, d)) <-> + (forall i:int. + (forall r:'a1 pointer. + ((in_pset(r, q) and ((c <= i) and (i <= d))) -> valid(a, + shift(r, i)))))))))) + +axiom valid_pset_union: + (forall a:'a1 alloc_table. + (forall s1:'a1 pset. + (forall s2:'a1 pset. + (valid_pset(a, pset_union(s1, s2)) <-> + (valid_pset(a, s1) and valid_pset(a, s2)))))) + +predicate not_assigns(a: 'a1 alloc_table, m1: ('a1, 'a2) memory, m2: ('a1, + 'a2) memory, l: 'a1 pset) = + (forall p:'a1 pointer. + ((valid(a, p) and (not in_pset(p, l))) -> (select(m2, p) = select(m1, p)))) + +axiom not_assigns_refl: + (forall a:'a1 alloc_table. + (forall m:('a1, 'a2) memory. + (forall l:'a1 pset. not_assigns(a, m, m, l)))) + +axiom not_assigns_trans: + (forall a:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory. + (forall l:'a1 pset [not_assigns(a, m1, m2, l), not_assigns(a, m1, + m3, l)]. + (not_assigns(a, m1, m2, l) -> + (not_assigns(a, m2, m3, l) -> not_assigns(a, m1, m3, l)))))))) + +logic full_separated : 'a1 pointer, 'a2 pointer -> prop + +axiom full_separated_shift1: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(p, shift(q, i)))))) + +axiom full_separated_shift2: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(p, q), shift(q, i)]. + (full_separated(p, q) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift3: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(shift(q, i), p))))) + +axiom full_separated_shift4: + (forall p:'a1 pointer. + (forall q:'a1 pointer. + (forall i:int [full_separated(q, p), shift(q, i)]. + (full_separated(q, p) -> full_separated(p, shift(q, i)))))) + +type 't tag_table + +type 't tag_id + +logic int_of_tag : 'a1 tag_id -> int + +logic typeof : 'a1 tag_table, 'a1 pointer -> 'a1 tag_id + +logic parenttag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag : 'a1 tag_id, 'a1 tag_id -> prop + +logic subtag_bool : 'a1 tag_id, 'a1 tag_id -> bool + +axiom subtag_bool_def: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. ((subtag_bool(t1, t2) = true) <-> subtag(t1, t2)))) + +axiom subtag_refl: (forall t:'a1 tag_id. subtag(t, t)) + +axiom subtag_parent: + (forall t1:'a1 tag_id. + (forall t2:'a1 tag_id. + (forall t3:'a1 tag_id. + (subtag(t1, t2) -> (parenttag(t2, t3) -> subtag(t1, t3)))))) + +predicate instanceof(a: 'a1 tag_table, p: 'a1 pointer, t: 'a1 tag_id) = + subtag(typeof(a, p), t) + +logic downcast : 'a1 tag_table, 'a1 pointer, 'a1 tag_id -> 'a1 pointer + +axiom downcast_instanceof: + (forall a:'a1 tag_table. + (forall p:'a1 pointer. + (forall s:'a1 tag_id. (instanceof(a, p, s) -> (downcast(a, p, s) = p))))) + +logic bottom_tag : 'a1 tag_id + +axiom bottom_tag_axiom: (forall t:'a1 tag_id. subtag(t, bottom_tag)) + +predicate root_tag(t: 'a1 tag_id) = parenttag(t, bottom_tag) + +axiom root_subtag: + (forall a:'a1 tag_id. + (forall b:'a1 tag_id. + (forall c:'a1 tag_id. + (root_tag(a) -> + (root_tag(b) -> ((a <> b) -> (subtag(c, a) -> (not subtag(c, b))))))))) + +predicate fully_packed(tag_table: 'a1 tag_table, mutable: ('a1, + 'a1 tag_id) memory, this: 'a1 pointer) = (select(mutable, + this) = typeof(tag_table, this)) + +logic bw_compl : int -> int + +logic bw_and : int, int -> int + +axiom bw_and_not_null: + (forall a:int. + (forall b:int. ((bw_and(a, b) <> 0) -> ((a <> 0) and (b <> 0))))) + +logic bw_xor : int, int -> int + +logic bw_or : int, int -> int + +logic lsl : int, int -> int + +axiom lsl_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsl(a, b))))) + +axiom lsl_left_positive_monotone: + (forall a1:int. + (forall a2:int. + (forall b:int. + (((0 <= a1) and ((a1 <= a2) and (0 <= b))) -> (lsl(a1, b) <= lsl(a2, + b)))))) + +logic lsr : int, int -> int + +axiom lsr_left_positive_returns_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= lsr(a, b))))) + +axiom lsr_left_positive_decreases: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(a, b) <= a)))) + +logic asr : int, int -> int + +axiom asr_positive_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (0 <= asr(a, b))))) + +axiom asr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) <= a)))) + +axiom asr_lsr_same_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (asr(a, b) = lsr(a, b))))) + +axiom lsl_of_lsr_decreases_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsl(lsr(a, b), b) <= a)))) + +axiom lsr_of_lsl_identity_on_positive: + (forall a:int. + (forall b:int. (((0 <= a) and (0 <= b)) -> (lsr(lsl(a, b), b) = a)))) + +logic alloc_extends : 'a1 alloc_table, 'a1 alloc_table -> prop + +predicate alloc_fresh(a: 'a1 alloc_table, p: 'a1 pointer, n: int) = + (forall i:int. (((0 <= i) and (i < n)) -> (not valid(a, shift(p, i))))) + +axiom alloc_extends_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_min(a1, p) = offset_min(a2, p))))))) + +axiom alloc_extends_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table [alloc_extends(a1, a2)]. + (alloc_extends(a1, a2) -> + (forall p:'a1 pointer. + (valid(a1, p) -> (offset_max(a1, p) = offset_max(a2, p))))))) + +axiom alloc_extends_not_assigns_empty: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall l:'a1 pset. + (forall p:'a1 pointer. + (forall n:int [alloc_extends(a1, a2), alloc_fresh(a1, p, n), + not_assigns(a2, m1, m2, l)]. + ((alloc_extends(a1, a2) and + (alloc_fresh(a1, p, n) and + (not_assigns(a2, m1, m2, l) and pset_included(l, + pset_all(pset_singleton(p)))))) -> + not_assigns(a1, m1, m2, pset_empty))))))))) + +logic alloc_extends_except : 'a1 alloc_table, 'a1 alloc_table, +'a1 pset -> prop + +axiom alloc_extends_except_offset_min: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_min(a1, + p) = offset_min(a2, p)))))))) + +axiom alloc_extends_except_offset_max: + (forall a1:'a1 alloc_table. + (forall a2:'a1 alloc_table. + (forall l:'a1 pset [alloc_extends_except(a1, a2, l)]. + (alloc_extends_except(a1, a2, l) -> + (forall p:'a1 pointer. + ((valid(a1, p) and (not in_pset(p, l))) -> (offset_max(a1, + p) = offset_max(a2, p)))))))) + +type 'a mybag + +logic in_mybag : 'a1, 'a1 mybag -> prop + +logic disj_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom disj_sym: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag [disj_mybag(s1, s2)]. + (disj_mybag(s1, s2) -> disj_mybag(s2, s1)))) + +logic sub_mybag : 'a1 mybag, 'a1 mybag -> prop + +axiom sub_refl: + (forall sa:'a1 pointer mybag [sub_mybag(sa, sa)]. sub_mybag(sa, sa)) + +axiom sub_disj: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall s3:'a1 mybag [disj_mybag(s1, s2), sub_mybag(s2, s3)| + disj_mybag(s1, s3), sub_mybag(s2, s3)]. + (disj_mybag(s1, s2) -> (sub_mybag(s2, s3) -> disj_mybag(s1, s3)))))) + +axiom sub_in: + (forall s1:'a1 mybag. + (forall s2:'a1 mybag. + (forall p:'a1 [in_mybag(p, s1), sub_mybag(s1, s2)| in_mybag(p, s2), + sub_mybag(s1, s2)]. + ((not in_mybag(p, s2)) -> + (sub_mybag(s1, s2) -> (not in_mybag(p, s1))))))) + +logic frame_between : 'a1 pointer mybag, ('a1, 'a2) memory, ('a1, +'a2) memory -> prop + +axiom frame_between_refl: + (forall sa:'a1 pointer mybag. + (forall m:('a1, 'a2) memory [frame_between(sa, m, m)]. frame_between(sa, + m, m))) + +axiom frame_between_gen: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, store(m2, p, v))]. + (frame_between(sa, m1, m2) -> + (in_mybag(p, sa) -> frame_between(sa, store(m1, p, v), m2)))))))) + +axiom frame_between_gen2: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(sa, m1, m2), + frame_between(sa, m1, m3)| frame_between(sa, m2, m3), + frame_between(sa, m1, m3)]. + (frame_between(sa, m1, m2) -> + (frame_between(sa, m2, m3) -> frame_between(sa, m1, m3))))))) + +axiom frame_between_gen_sub1: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s12, m1, m2), + frame_between(s13, m1, m3)]. + (sub_mybag(s12, s13) -> + (frame_between(s12, m1, m2) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_gen_sub2: + (forall s12:'a1 pointer mybag. + (forall s23:'a1 pointer mybag. + (forall s13:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall m3:('a1, 'a2) memory [frame_between(s23, m2, m3), + frame_between(s13, m1, m3)]. + (frame_between(s12, m1, m2) -> + (sub_mybag(s23, s13) -> + (frame_between(s23, m2, m3) -> frame_between(s13, m1, m3)))))))))) + +axiom frame_between_pointer: + (forall sa:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory. + (forall p:'a1 pointer. + (forall v:'a2 [frame_between(sa, m1, m2), select(m1, p)| + frame_between(sa, m1, m2), select(m2, p)]. + (frame_between(sa, m1, m2) -> + ((not in_mybag(p, sa)) -> (select(m1, p) = select(m2, p))))))))) + +axiom frame_between_sub: + (forall sa:'a1 pointer mybag. + (forall sb:'a1 pointer mybag. + (forall m1:('a1, 'a2) memory. + (forall m2:('a1, 'a2) memory [frame_between(sa, m1, m2), + sub_mybag(sa, sb)]. + (frame_between(sa, m1, m2) -> + (sub_mybag(sa, sb) -> frame_between(sb, m1, m2))))))) + +type Object + +type byte + +type char + +type int32 + +type interface + +type long + +type short + +logic Exception_tag : Object tag_id + +logic Object_tag : Object tag_id + +axiom Exception_parenttag_Object: parenttag(Exception_tag, Object_tag) + +logic Int_tag : Object tag_id + +axiom Int_parenttag_Object: parenttag(Int_tag, Object_tag) + +predicate Non_null_Object(x_0: Object pointer, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + x_0) >= 0) + +axiom Object_int: (int_of_tag(Object_tag) = 1) + +logic Object_of_pointer_address : unit pointer -> Object pointer + +axiom Object_of_pointer_address_of_pointer_addr: + (forall p:Object pointer. + (p = Object_of_pointer_address(pointer_address(p)))) + +axiom Object_parenttag_bottom: parenttag(Object_tag, bottom_tag) + +axiom Object_tags: + (forall x:Object pointer. + (forall Object_tag_table:Object tag_table. instanceof(Object_tag_table, + x, Object_tag))) + +logic String_tag : Object tag_id + +axiom String_parenttag_Object: parenttag(String_tag, Object_tag) + +logic Throwable_tag : Object tag_id + +axiom Throwable_parenttag_Object: parenttag(Throwable_tag, Object_tag) + +logic Tree_tag : Object tag_id + +axiom Tree_parenttag_Object: parenttag(Tree_tag, Object_tag) + +logic integer_of_byte : byte -> int + +logic byte_of_integer : int -> byte + +axiom byte_coerce: + (forall x:int. + ((((-128) <= x) and (x <= 127)) -> + (integer_of_byte(byte_of_integer(x)) = x))) + +axiom byte_extensionality: + (forall x:byte. + (forall y:byte. ((integer_of_byte(x) = integer_of_byte(y)) -> (x = y)))) + +axiom byte_range: + (forall x:byte. + (((-128) <= integer_of_byte(x)) and (integer_of_byte(x) <= 127))) + +logic integer_of_char : char -> int + +logic char_of_integer : int -> char + +axiom char_coerce: + (forall x:int. + (((0 <= x) and (x <= 65535)) -> (integer_of_char(char_of_integer(x)) = x))) + +axiom char_extensionality: + (forall x:char. + (forall y:char. ((integer_of_char(x) = integer_of_char(y)) -> (x = y)))) + +axiom char_range: + (forall x:char. + ((0 <= integer_of_char(x)) and (integer_of_char(x) <= 65535))) + +predicate eq_byte(x: byte, y: byte) = + (integer_of_byte(x) = integer_of_byte(y)) + +predicate eq_char(x: char, y: char) = + (integer_of_char(x) = integer_of_char(y)) + +logic integer_of_int32 : int32 -> int + +predicate eq_int32(x: int32, y: int32) = + (integer_of_int32(x) = integer_of_int32(y)) + +logic integer_of_long : long -> int + +predicate eq_long(x: long, y: long) = + (integer_of_long(x) = integer_of_long(y)) + +logic integer_of_short : short -> int + +predicate eq_short(x: short, y: short) = + (integer_of_short(x) = integer_of_short(y)) + +logic int32_of_integer : int -> int32 + +axiom int32_coerce: + (forall x:int. + ((((-2147483648) <= x) and (x <= 2147483647)) -> + (integer_of_int32(int32_of_integer(x)) = x))) + +axiom int32_extensionality: + (forall x:int32. + (forall y:int32. + ((integer_of_int32(x) = integer_of_int32(y)) -> (x = y)))) + +axiom int32_range: + (forall x:int32. + (((-2147483648) <= integer_of_int32(x)) and + (integer_of_int32(x) <= 2147483647))) + +logic interface_tag : interface tag_id + +axiom interface_int: (int_of_tag(interface_tag) = 1) + +logic interface_of_pointer_address : unit pointer -> interface pointer + +axiom interface_of_pointer_address_of_pointer_addr: + (forall p:interface pointer. + (p = interface_of_pointer_address(pointer_address(p)))) + +axiom interface_parenttag_bottom: parenttag(interface_tag, bottom_tag) + +axiom interface_tags: + (forall x:interface pointer. + (forall interface_tag_table:interface tag_table. + instanceof(interface_tag_table, x, interface_tag))) + +predicate left_valid_struct_Object(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = (offset_min(Object_alloc_table, + p) <= a) + +predicate left_valid_struct_Exception(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Int(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_String(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Throwable(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_Tree(p: Object pointer, a: int, + Object_alloc_table: Object alloc_table) = left_valid_struct_Object(p, a, + Object_alloc_table) + +predicate left_valid_struct_interface(p: interface pointer, a: int, + interface_alloc_table: interface alloc_table) = + (offset_min(interface_alloc_table, p) <= a) + +logic long_of_integer : int -> long + +axiom long_coerce: + (forall x:int. + ((((-9223372036854775808) <= x) and (x <= 9223372036854775807)) -> + (integer_of_long(long_of_integer(x)) = x))) + +axiom long_extensionality: + (forall x:long. + (forall y:long. ((integer_of_long(x) = integer_of_long(y)) -> (x = y)))) + +axiom long_range: + (forall x:long. + (((-9223372036854775808) <= integer_of_long(x)) and + (integer_of_long(x) <= 9223372036854775807))) + +logic max : int, int -> int + +logic mem : int32, Object pointer, Object alloc_table, (Object, +Object pointer) memory, (Object, Object pointer) memory, (Object, +int32) memory -> prop + +axiom pointer_addr_of_Object_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(Object_of_pointer_address(p)))) + +axiom pointer_addr_of_interface_of_pointer_address: + (forall p:unit pointer. + (p = pointer_address(interface_of_pointer_address(p)))) + +predicate right_valid_struct_Object(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = (offset_max(Object_alloc_table, + p) >= b) + +predicate right_valid_struct_Exception(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Int(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_String(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Throwable(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_Tree(p: Object pointer, b: int, + Object_alloc_table: Object alloc_table) = right_valid_struct_Object(p, b, + Object_alloc_table) + +predicate right_valid_struct_interface(p: interface pointer, b: int, + interface_alloc_table: interface alloc_table) = + (offset_max(interface_alloc_table, p) >= b) + +logic short_of_integer : int -> short + +axiom short_coerce: + (forall x:int. + ((((-32768) <= x) and (x <= 32767)) -> + (integer_of_short(short_of_integer(x)) = x))) + +axiom short_extensionality: + (forall x:short. + (forall y:short. + ((integer_of_short(x) = integer_of_short(y)) -> (x = y)))) + +axiom short_range: + (forall x:short. + (((-32768) <= integer_of_short(x)) and (integer_of_short(x) <= 32767))) + +predicate strict_valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate strict_valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) = a) and + (offset_max(Object_alloc_table, p) = b)) + +predicate strict_valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Int(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_Tree(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = strict_valid_struct_Object(p, a, + b, Object_alloc_table) + +predicate strict_valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) = a) and + (offset_max(interface_alloc_table, p) = b)) + +predicate valid_root_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_root_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +predicate valid_struct_Object(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = + ((offset_min(Object_alloc_table, p) <= a) and + (offset_max(Object_alloc_table, p) >= b)) + +predicate valid_struct_Exception(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Int(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_String(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Throwable(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_Tree(p: Object pointer, a: int, b: int, + Object_alloc_table: Object alloc_table) = valid_struct_Object(p, a, b, + Object_alloc_table) + +predicate valid_struct_interface(p: interface pointer, a: int, b: int, + interface_alloc_table: interface alloc_table) = + ((offset_min(interface_alloc_table, p) <= a) and + (offset_max(interface_alloc_table, p) >= b)) + +axiom max_is_some: + (forall x_1_0:int. + (forall y_1:int. ((max(x_1_0, y_1) = x_1_0) or (max(x_1_0, y_1) = y_1)))) + +axiom max_is_ge: + (forall x_0_0:int. + (forall y_0:int. + ((max(x_0_0, y_0) >= x_0_0) and (max(x_0_0, y_0) >= y_0)))) + +axiom mem_inversion: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_8:int32. + (forall t_4:Object pointer. + (mem(x_8, t_4, Object_alloc_table_at_L, Tree_right_at_L, + Tree_left_at_L, Tree_value_at_L) -> + (Non_null_Object(t_4, Object_alloc_table_at_L) and + ((integer_of_int32(x_8) = integer_of_int32(select(Tree_value_at_L, + t_4))) or + (mem(x_8, select(Tree_left_at_L, t_4), + Object_alloc_table_at_L, Tree_right_at_L, Tree_left_at_L, + Tree_value_at_L) or mem(x_8, select(Tree_right_at_L, t_4), + Object_alloc_table_at_L, Tree_right_at_L, Tree_left_at_L, + Tree_value_at_L))))))))))) + +axiom mem_right: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_7:int32. + (forall t_3:Object pointer. + (Non_null_Object(t_3, Object_alloc_table_at_L) -> + (mem(x_7, select(Tree_right_at_L, t_3), + Object_alloc_table_at_L, Tree_right_at_L, Tree_left_at_L, + Tree_value_at_L) -> mem(x_7, t_3, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))))) + +axiom mem_left: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_6:int32. + (forall t_2:Object pointer. + (Non_null_Object(t_2, Object_alloc_table_at_L) -> + (mem(x_6, select(Tree_left_at_L, t_2), + Object_alloc_table_at_L, Tree_right_at_L, Tree_left_at_L, + Tree_value_at_L) -> mem(x_6, t_2, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))))) + +axiom mem_root_eq: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_5:int32. + (forall t_1:Object pointer. + (Non_null_Object(t_1, Object_alloc_table_at_L) -> + ((integer_of_int32(x_5) = integer_of_int32(select(Tree_value_at_L, + t_1))) -> mem(x_5, t_1, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))))) + +axiom mem_root: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall t_0:Object pointer. + (Non_null_Object(t_0, Object_alloc_table_at_L) -> + mem(select(Tree_value_at_L, t_0), t_0, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))) + +axiom mem_null: + (forall Object_alloc_table_at_L:Object alloc_table. + (forall Tree_right_at_L:(Object, Object pointer) memory. + (forall Tree_left_at_L:(Object, Object pointer) memory. + (forall Tree_value_at_L:(Object, int32) memory. + (forall x_4:int32. (not mem(x_4, null, Object_alloc_table_at_L, + Tree_right_at_L, Tree_left_at_L, Tree_value_at_L))))))) + +goal Tree_tree_max_ensures_default_po_1: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + forall result2:int32. + ("JC_44": + (("JC_42": mem(result2, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result2) >= integer_of_int32(x_9))))))) -> + forall result3:int32. + ("JC_24": (integer_of_int32(result3) = max(integer_of_int32(result), + integer_of_int32(result2)))) -> + forall m:int32. + (m = result3) -> + forall result4:Object pointer. + (result4 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result4) = 0)) -> + forall result5:Object pointer. + (result5 = select(Tree_right, this_2)) -> + forall result6:int32. + ("JC_44": + (("JC_42": mem(result6, result5, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result5, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result6) >= integer_of_int32(x_9))))))) -> + forall result7:int32. + ("JC_24": (integer_of_int32(result7) = max(integer_of_int32(m), + integer_of_int32(result6)))) -> + forall m0:int32. + (m0 = result7) -> + forall return:int32. + (return = m0) -> + ("JC_41": + ("JC_39": mem(return, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value))) + +goal Tree_tree_max_ensures_default_po_2: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + forall result2:int32. + ("JC_44": + (("JC_42": mem(result2, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result2) >= integer_of_int32(x_9))))))) -> + forall result3:int32. + ("JC_24": (integer_of_int32(result3) = max(integer_of_int32(result), + integer_of_int32(result2)))) -> + forall m:int32. + (m = result3) -> + forall result4:Object pointer. + (result4 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result4) = 0)) -> + forall result5:Object pointer. + (result5 = select(Tree_right, this_2)) -> + forall result6:int32. + ("JC_44": + (("JC_42": mem(result6, result5, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result5, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result6) >= integer_of_int32(x_9))))))) -> + forall result7:int32. + ("JC_24": (integer_of_int32(result7) = max(integer_of_int32(m), + integer_of_int32(result6)))) -> + forall m0:int32. + (m0 = result7) -> + forall return:int32. + (return = m0) -> + forall x_9:int32. + mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, Tree_value) -> + ("JC_41": ("JC_40": (integer_of_int32(return) >= integer_of_int32(x_9)))) + +goal Tree_tree_max_ensures_default_po_3: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + forall result2:int32. + ("JC_44": + (("JC_42": mem(result2, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result2) >= integer_of_int32(x_9))))))) -> + forall result3:int32. + ("JC_24": (integer_of_int32(result3) = max(integer_of_int32(result), + integer_of_int32(result2)))) -> + forall m:int32. + (m = result3) -> + forall result4:Object pointer. + (result4 = select(Tree_right, this_2)) -> + ("JC_18": (result4 = null)) -> + forall return:int32. + (return = m) -> + ("JC_41": + ("JC_39": mem(return, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value))) + +goal Tree_tree_max_ensures_default_po_4: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + forall result2:int32. + ("JC_44": + (("JC_42": mem(result2, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result2) >= integer_of_int32(x_9))))))) -> + forall result3:int32. + ("JC_24": (integer_of_int32(result3) = max(integer_of_int32(result), + integer_of_int32(result2)))) -> + forall m:int32. + (m = result3) -> + forall result4:Object pointer. + (result4 = select(Tree_right, this_2)) -> + ("JC_18": (result4 = null)) -> + forall return:int32. + (return = m) -> + forall x_9:int32. + mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, Tree_value) -> + ("JC_41": ("JC_40": (integer_of_int32(return) >= integer_of_int32(x_9)))) + +goal Tree_tree_max_ensures_default_po_5: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (result0 = null)) -> + forall result1:Object pointer. + (result1 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result1) = 0)) -> + forall result2:Object pointer. + (result2 = select(Tree_right, this_2)) -> + forall result3:int32. + ("JC_44": + (("JC_42": mem(result3, result2, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result2, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result3) >= integer_of_int32(x_9))))))) -> + forall result4:int32. + ("JC_24": (integer_of_int32(result4) = max(integer_of_int32(result), + integer_of_int32(result3)))) -> + forall m:int32. + (m = result4) -> + forall return:int32. + (return = m) -> + ("JC_41": + ("JC_39": mem(return, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value))) + +goal Tree_tree_max_ensures_default_po_6: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (result0 = null)) -> + forall result1:Object pointer. + (result1 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result1) = 0)) -> + forall result2:Object pointer. + (result2 = select(Tree_right, this_2)) -> + forall result3:int32. + ("JC_44": + (("JC_42": mem(result3, result2, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result2, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result3) >= integer_of_int32(x_9))))))) -> + forall result4:int32. + ("JC_24": (integer_of_int32(result4) = max(integer_of_int32(result), + integer_of_int32(result3)))) -> + forall m:int32. + (m = result4) -> + forall return:int32. + (return = m) -> + forall x_9:int32. + mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, Tree_value) -> + ("JC_41": ("JC_40": (integer_of_int32(return) >= integer_of_int32(x_9)))) + +goal Tree_tree_max_ensures_default_po_7: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (result0 = null)) -> + forall result1:Object pointer. + (result1 = select(Tree_right, this_2)) -> + ("JC_18": (result1 = null)) -> + forall return:int32. + (return = result) -> + ("JC_41": + ("JC_39": mem(return, this_2, Object_alloc_table, Tree_right, Tree_left, + Tree_value))) + +goal Tree_tree_max_ensures_default_po_8: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (result0 = null)) -> + forall result1:Object pointer. + (result1 = select(Tree_right, this_2)) -> + ("JC_18": (result1 = null)) -> + forall return:int32. + (return = result) -> + forall x_9:int32. + mem(x_9, this_2, Object_alloc_table, Tree_right, Tree_left, Tree_value) -> + ("JC_41": ("JC_40": (integer_of_int32(return) >= integer_of_int32(x_9)))) + +goal Tree_tree_max_safety_po_1: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + (offset_max(Object_alloc_table, result1) >= 0) + +goal Tree_tree_max_safety_po_2: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result0) = 0)) -> + forall result1:Object pointer. + (result1 = select(Tree_left, this_2)) -> + (offset_max(Object_alloc_table, result1) >= 0) -> + forall result2:int32. + ("JC_44": + (("JC_42": mem(result2, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value)) and + ("JC_43": + (forall x_9:int32. + (mem(x_9, result1, Object_alloc_table, Tree_right, Tree_left, + Tree_value) -> (integer_of_int32(result2) >= integer_of_int32(x_9))))))) -> + forall result3:int32. + ("JC_24": (integer_of_int32(result3) = max(integer_of_int32(result), + integer_of_int32(result2)))) -> + forall m:int32. + (m = result3) -> + forall result4:Object pointer. + (result4 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result4) = 0)) -> + forall result5:Object pointer. + (result5 = select(Tree_right, this_2)) -> + (offset_max(Object_alloc_table, result5) >= 0) + +goal Tree_tree_max_safety_po_3: + forall this_2:Object pointer. + forall Object_alloc_table:Object alloc_table. + forall Tree_left:(Object, Object pointer) memory. + forall Tree_right:(Object, + Object pointer) memory. + forall Tree_value:(Object, + int32) memory. + valid_struct_Tree(this_2, 0, 0, Object_alloc_table) -> + forall result:int32. + (result = select(Tree_value, this_2)) -> + forall result0:Object pointer. + (result0 = select(Tree_left, this_2)) -> + ("JC_18": (result0 = null)) -> + forall result1:Object pointer. + (result1 = select(Tree_right, this_2)) -> + ("JC_18": (offset_max(Object_alloc_table, result1) = 0)) -> + forall result2:Object pointer. + (result2 = select(Tree_right, this_2)) -> + (offset_max(Object_alloc_table, result2) >= 0) + +========== running alt-ergo ========== +Running Alt-Ergo on proof obligations +(. = valid * = invalid ? = unknown # = timeout ! = failure) +why/TreeMax_why.why : .......#... (10/0/0/1/0) +total : 11 +valid : 10 ( 91%) +invalid : 0 ( 0%) +unknown : 0 ( 0%) +timeout : 1 ( 9%) +failure : 0 ( 0%) diff -Nru why-2.29+dfsg/tests/java/PreAndOld.java why-2.30+dfsg/tests/java/PreAndOld.java --- why-2.29+dfsg/tests/java/PreAndOld.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/PreAndOld.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ CheckArithOverflow = no @@ -8,7 +38,7 @@ class PreAndOld { static int y; - + /*@ ensures \result == \old(f(x)) @ && \result == f{Old}(x) @ && \result == \at(f(x),Pre); @@ -19,5 +49,14 @@ return x+tmp; } } - + + + + + +/* +Local Variables: +compile-command: "make PreAndOld.why3ml" +End: +*/ diff -Nru why-2.29+dfsg/tests/java/Purse.java why-2.30+dfsg/tests/java/Purse.java --- why-2.29+dfsg/tests/java/Purse.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Purse.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,30 +1,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ //@+ CheckArithOverflow = no @@ -78,3 +80,12 @@ } + + +/* +Local Variables: +compile-command: "make Purse.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/SelectionSort.java why-2.30+dfsg/tests/java/SelectionSort.java --- why-2.29+dfsg/tests/java/SelectionSort.java 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/SelectionSort.java 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,122 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + +/*@ predicate Sorted{L}(int a[], integer l, integer h) = + @ \forall integer i j; l <= i <= j < h ==> a[i] <= a[j] ; + @*/ + +/*@ predicate Swap{L1,L2}(int a[], integer i, integer j) = + @ \at(a[i],L1) == \at(a[j],L2) && + @ \at(a[j],L1) == \at(a[i],L2) && + @ \forall integer k; k != i && k != j ==> \at(a[k],L1) == \at(a[k],L2); + @*/ + +/*@ inductive Permut{L1,L2}(int a[], integer l, integer h) { + @ case Permut_refl{L}: + @ \forall int a[], integer l h; Permut{L,L}(a, l, h) ; + @ case Permut_sym{L1,L2}: + @ \forall int a[], integer l h; + @ Permut{L1,L2}(a, l, h) ==> Permut{L2,L1}(a, l, h) ; + @ case Permut_trans{L1,L2,L3}: + @ \forall int a[], integer l h; + @ Permut{L1,L2}(a, l, h) && Permut{L2,L3}(a, l, h) ==> + @ Permut{L1,L3}(a, l, h) ; + @ case Permut_swap{L1,L2}: + @ \forall int a[], integer l h i j; + @ l <= i <= h && l <= j <= h && Swap{L1,L2}(a, i, j) ==> + @ Permut{L1,L2}(a, l, h) ; + @ } + @*/ + +class SelectionSort { + + /*@ requires t != null && + @ 0 <= i < t.length && 0 <= j < t.length; + @ assigns t[i],t[j]; + @ ensures Swap{Old,Here}(t,i,j); + @*/ + void swap(int t[], int i, int j) { + int tmp = t[i]; + t[i] = t[j]; + t[j] = tmp; + } + + /*@ requires t != null; + @ behavior sorted: + @ ensures Sorted(t,0,t.length); + @ behavior permutation: + @ ensures Permut{Old,Here}(t,0,t.length-1); + @*/ + void sort(int t[]) { + int i,j; + int mi,mv; + /*@ loop_invariant 0 <= i; + @ for sorted: + @ loop_invariant Sorted(t,0,i) && + @ (\forall integer k1 k2 ; + @ 0 <= k1 < i <= k2 < t.length ==> t[k1] <= t[k2]) ; + @ for permutation: + @ loop_invariant Permut{Pre,Here}(t,0,t.length-1); + @ loop_variant t.length - i; + @*/ + for (i=0; i t[k] >= mv); + @ // useless ! for permutation: + @ // loop_invariant Permut{Pre,Here}(t,0,t.length-1); + @ loop_variant t.length - j; + @*/ + for (j=i+1; j < t.length; j++) { + if (t[j] < mv) { + mi = j ; mv = t[j]; + } + } + Before: + swap(t,i,mi); + //@ for permutation: assert Permut{Before,Here}(t,0,t.length-1); + } + } + +} + + + +/* +Local Variables: +compile-command: "make SelectionSort.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/SideEffects.java why-2.30+dfsg/tests/java/SideEffects.java --- why-2.29+dfsg/tests/java/SideEffects.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/SideEffects.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ CheckArithOverflow = no @@ -8,14 +38,22 @@ void m1(int t[]) { int i = 0; t[i++] = 1; - //@ assert t[0] == 1 && i == 1; + //@ assert t[0] == 1 && i == 1; t[++i] = 2; - //@ assert t[0] == 1 && t[2] == 2 && i == 2; + //@ assert t[0] == 1 && t[2] == 2 && i == 2; t[--i] = 3; - //@ assert t[0] == 1 && t[2] == 2 && t[1] == 3 && i == 1; + //@ assert t[0] == 1 && t[2] == 2 && t[1] == 3 && i == 1; t[i--] = 4; - //@ assert t[0] == 1 && t[2] == 2 && t[1] == 4 && i == 0; + //@ assert t[0] == 1 && t[2] == 2 && t[1] == 4 && i == 0; } } + +/* +Local Variables: +compile-command: "make SideEffects.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/SimpleAlloc.java why-2.30+dfsg/tests/java/SimpleAlloc.java --- why-2.29+dfsg/tests/java/SimpleAlloc.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/SimpleAlloc.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,34 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + class Node { int val; @@ -16,3 +47,13 @@ x[0]=new Node(); } } + + + + +/* +Local Variables: +compile-command: "make SimpleAlloc.why3ml" +End: +*/ + diff -Nru why-2.29+dfsg/tests/java/SimpleApplet.java why-2.30+dfsg/tests/java/SimpleApplet.java --- why-2.29+dfsg/tests/java/SimpleApplet.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/SimpleApplet.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,34 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ + // JAVACARD: will ask regtests to use Java Card API for this program /***************************** @@ -89,3 +120,10 @@ } } + +/* +Local Variables: +compile-command: "make SimpleApplet.why3ml" +End: +*/ + diff -Nru why-2.29+dfsg/tests/java/Sort2.java why-2.30+dfsg/tests/java/Sort2.java --- why-2.29+dfsg/tests/java/Sort2.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Sort2.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ diff -Nru why-2.29+dfsg/tests/java/Sort.java why-2.30+dfsg/tests/java/Sort.java --- why-2.29+dfsg/tests/java/Sort.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Sort.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,3 +1,33 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ TerminationPolicy = user diff -Nru why-2.29+dfsg/tests/java/Switch.java why-2.30+dfsg/tests/java/Switch.java --- why-2.29+dfsg/tests/java/Switch.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Switch.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,30 +1,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ public class Switch { @@ -48,7 +50,7 @@ /*@ behavior normal: @ assigns \nothing; - @ ensures ((n==4 || n==7) <==> \result == 1) && + @ ensures ((n==4 || n==7) <==> \result == 1) && @ ((n==0 || n==1) <==> \result == 0); @*/ public static int test2 (int n) { @@ -73,8 +75,8 @@ } /* -Local Variables: -compile-command: "gwhy Switch.java" -End: +Local Variables: +compile-command: "make Switch.why3ml" +End: */ diff -Nru why-2.29+dfsg/tests/java/Termination.java why-2.30+dfsg/tests/java/Termination.java --- why-2.29+dfsg/tests/java/Termination.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/Termination.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,30 +1,32 @@ /**************************************************************************/ /* */ /* The Why platform for program certification */ -/* Copyright (C) 2002-2008 */ -/* Romain BARDOU */ -/* Jean-François COUCHOT */ -/* Mehdi DOGGUY */ -/* Jean-Christophe FILLIÂTRE */ -/* Thierry HUBERT */ -/* Claude MARCHÉ */ -/* Yannick MOY */ -/* Christine PAULIN */ -/* Yann RÉGIS-GIANAS */ -/* Nicolas ROUSSET */ -/* Xavier URBAIN */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ /* */ /* This software is free software; you can redistribute it and/or */ -/* modify it under the terms of the GNU General Public */ -/* License version 2, as published by the Free Software Foundation. */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ /* */ /* This software is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* */ -/* See the GNU General Public License version 2 for more details */ -/* (enclosed in the file GPL). */ -/* */ /**************************************************************************/ //@+ CheckArithOverflow = no @@ -53,3 +55,11 @@ } + +/* +Local Variables: +compile-command: "make Termination.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/TestNonNull.java why-2.30+dfsg/tests/java/TestNonNull.java --- why-2.29+dfsg/tests/java/TestNonNull.java 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/java/TestNonNull.java 2011-10-24 15:21:06.000000000 +0000 @@ -1,21 +1,50 @@ +/**************************************************************************/ +/* */ +/* The Why platform for program certification */ +/* */ +/* Copyright (C) 2002-2011 */ +/* */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ +/* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ +/* Yannick MOY, Univ. Paris-sud 11 */ +/* Romain BARDOU, Univ. Paris-sud 11 */ +/* */ +/* Secondary contributors: */ +/* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ +/* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ +/* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ +/* Sylvie BOLDO, INRIA (floating-point support) */ +/* Jean-Francois COUCHOT, INRIA (sort encodings, hyps pruning) */ +/* Mehdi DOGGUY, Univ. Paris-sud 11 (Why GUI) */ +/* */ +/* This software is free software; you can redistribute it and/or */ +/* modify it under the terms of the GNU Lesser General Public */ +/* License version 2.1, with the special exception on linking */ +/* described in file LICENSE. */ +/* */ +/* This software is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ +/* */ +/**************************************************************************/ //@+ NonNullByDefault = all class TestNonNull { - + static final int N = 2; static int[] st; //@ static invariant st_length: st.length >= 4; int[] t; - - + //@ invariant t_length: t.length >= 4; TestNonNull() { - t = new int[3]; - //@ assert t.length == 3; + t = new int[5]; + //@ assert t.length == 5; } @@ -29,3 +58,11 @@ } } + +/* +Local Variables: +compile-command: "make TestNonNull.why3ml" +End: +*/ + + diff -Nru why-2.29+dfsg/tests/java/TreeMax.java why-2.30+dfsg/tests/java/TreeMax.java --- why-2.29+dfsg/tests/java/TreeMax.java 1970-01-01 00:00:00.000000000 +0000 +++ why-2.30+dfsg/tests/java/TreeMax.java 2011-10-24 15:21:06.000000000 +0000 @@ -0,0 +1,71 @@ + +//@+ TerminationPolicy = user + +/*@ axiomatic integer_max { + @ logic integer max(integer x, integer y); + @ axiom max_is_ge : \forall integer x y; max(x,y) >= x && max(x,y) >= y; + @ axiom max_is_some : \forall integer x y; max(x,y) == x || max(x,y) == y; + @ } + @*/ + +class Int { + //@ ensures \result == max(x,y); + public static int max(int x, int y); +} + +/*@ axiomatic Mem { + @ predicate mem{L}(int x, Tree t); + @ axiom mem_null{L}: \forall int x; ! mem(x,null); + @ axiom mem_root{L}: \forall Tree t; t != null ==> + @ mem(t.value,t); + @ axiom mem_root_eq{L}: \forall int x, Tree t; t != null ==> + @ x==t.value ==> mem(x,t); + @ axiom mem_left{L}: \forall int x, Tree t; t != null ==> + @ mem(x,t.left) ==> mem(x,t); + @ axiom mem_right{L}: \forall int x, Tree t; t != null ==> + @ mem(x,t.right) ==> mem(x,t); + @ axiom mem_inversion{L}: \forall int x, Tree t; + @ mem(x,t) ==> t != null && + @ (x==t.value || mem(x,t.left) || mem(x,t.right)); + @ } + @*/ + +/* attempt to prove termination, not succesful yet */ +/* axiomatic Finite { + @ predicate has_size{L}(Tree t, integer s); + @ axiom has_size_null{L}: has_size(null,0); + @ axiom has_size_non_null{L}: \forall Tree t; t != null ==> + @ \forall integer s1 s2; + @ has_size(t.left,s1) && has_size(t.right,s2) ==> + @ has_size(t,s1+s2+1) ; + @ axiom has_size_inversion{L}: \forall Tree t, integer s; + @ has_size(t,s) ==> + @ (t == null && s == 0) || + @ (t != null && \exists integer s1 s2; + @ has_size(t.left,s1) && has_size(t.right,s2) && + @ 0 <= s1 && 0 <= s2 && s == s1+s2+1) ; + @ predicate size_decreases{L}(Tree t1, Tree t2) = + @ \exists integer s1 s2; has_size(t1,s1) && has_size(t2,s2) && s1 > s2; + @ } + @*/ + +class Tree { + + int value; + Tree left; + Tree right; + + /*@ // requires \exists integer s; has_size(this,s); + @ // decreases this for size_decreases; + @ ensures mem(\result,this) && + @ \forall int x; mem(x,this) ==> \result >= x; + @*/ + int tree_max() { + int m = value; + if (left != null) m = Int.max(m,left.tree_max()); + if (right != null) m = Int.max(m,right.tree_max()); + return m; + } + +} + diff -Nru why-2.29+dfsg/tests/regtest.sh why-2.30+dfsg/tests/regtest.sh --- why-2.29+dfsg/tests/regtest.sh 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tests/regtest.sh 2011-10-24 15:21:06.000000000 +0000 @@ -3,7 +3,9 @@ echo 'Format.eprintf "%s@." (Sys.getcwd());;' | ocaml 1>/dev/null 2> /tmp/regtests.cwd DIR=`cat /tmp/regtests.cwd` +rm -f /tmp/regtests.cwd LIBDIR=`grep "libdir" $DIR/src/version.ml | sed -e 's|[^"]*"\([^"]*\)"[^"]*|\1|g' | head -n 1` +LANG= echofilename () { echo "========== file $1 ==========" @@ -32,7 +34,7 @@ if grep JAVACARD $f.java ; then opt=-javacard fi - KRAKATOALIB=$DIR/lib bin/krakatoa.opt $opt $1 || exit 1 + KRAKATOALIB=$DIR/lib bin/krakatoa.opt -gen-only $opt $1 || exit 1 mycat $f.jc mycatfilterdir $f.jloc echo "========== jessie execution ==========" diff -Nru why-2.29+dfsg/tools/cadlog.ml why-2.30+dfsg/tools/cadlog.ml --- why-2.29+dfsg/tools/cadlog.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/cadlog.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/calldp.ml why-2.30+dfsg/tools/calldp.ml --- why-2.29+dfsg/tools/calldp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/calldp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -188,6 +188,9 @@ let simplify ?(debug=false) ?(timeout=10) ~filename () = gen_prover_call ~debug ~timeout ~filename DpConfig.simplify +let vampire ?(debug=false) ?(timeout=10) ~filename () = + gen_prover_call ~debug ~timeout ~filename DpConfig.vampire + let z3 ?(debug=false) ?(timeout=10) ?filename ?buffers () = gen_prover_call ~debug ~timeout ?filename ?buffers DpConfig.z3 @@ -237,6 +240,8 @@ match p with | DpConfig.Simplify -> "simplify", DpConfig.simplify, (String.sub f 0 last_dot_index) ^ "_why.sx" + | DpConfig.Vampire -> + "vampire", DpConfig.vampire, (String.sub f 0 last_dot_index) ^ "_why.vp" | DpConfig.Gappa -> "gappa", DpConfig.gappa, (String.sub f 0 last_dot_index) ^ "_why_po_1.gappa" | _ -> assert false (* TODO *) diff -Nru why-2.29+dfsg/tools/calldp.mli why-2.30+dfsg/tools/calldp.mli --- why-2.29+dfsg/tools/calldp.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/calldp.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -54,6 +54,9 @@ val simplify : ?debug:bool -> ?timeout:int -> filename:string -> unit -> prover_result +val vampire : ?debug:bool -> ?timeout:int -> filename:string -> unit -> + prover_result + val harvey : ?debug:bool -> ?timeout:int -> filename:string -> unit -> prover_result diff -Nru why-2.29+dfsg/tools/cpulimit.c why-2.30+dfsg/tools/cpulimit.c --- why-2.29+dfsg/tools/cpulimit.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/cpulimit.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/tools/cpulimit-win.c why-2.30+dfsg/tools/cpulimit-win.c --- why-2.29+dfsg/tools/cpulimit-win.c 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/cpulimit-win.c 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/tools/cvcl_split.mli why-2.30+dfsg/tools/cvcl_split.mli --- why-2.29+dfsg/tools/cvcl_split.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/cvcl_split.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/cvcl_split.mll why-2.30+dfsg/tools/cvcl_split.mll --- why-2.29+dfsg/tools/cvcl_split.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/cvcl_split.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/dpConfig.ml why-2.30+dfsg/tools/dpConfig.ml --- why-2.29+dfsg/tools/dpConfig.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/dpConfig.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -34,7 +34,7 @@ type prover_id = | Simplify | Harvey | Cvcl | Zenon | Rvsat | Yices | Ergo | ErgoSelect | Cvc3 | SimplifySelect | Z3 | Gappa | GappaSelect - | Coq | PVS | VeriT + | Coq | PVS | VeriT | Vampire type lazy_regexp = { @@ -68,7 +68,7 @@ version = ""; version_switch = "--version"; version_regexp = "Gappa \\([^ ]*\\)"; - versions_ok = ["0.13.0"]; + versions_ok = ["0.13.0";"0.14.0";"0.15.1"]; versions_old = ["0.11.2";"0.12.0";"0.12.1";"0.12.2";"0.12.3"]; command = "gappa"; command_switches = ""; @@ -84,8 +84,8 @@ version = ""; version_switch = "-version"; version_regexp = ".*Ergo \\([^ ]*\\)"; - versions_ok = ["0.91"; "0.92.1"; "0.92.2"]; - versions_old = ["0.8"; "0.9"]; + versions_ok = ["0.93"]; + versions_old = ["0.8"; "0.9" ; "0.91"; "0.92.1"; "0.92.2" ]; command = "alt-ergo"; command_switches = ""; valid_regexp = Some (make_regexp "\\bValid\\b"); @@ -109,6 +109,29 @@ stdin_switch = None; } +let vampire = + { + name = "Vampire"; + is_interactive = false; + version = ""; + version_switch = "--version"; + version_regexp = "Vampire \\([0-9.]+\\)"; + versions_ok = ["0.6"]; + versions_old = [""]; + command = "vampire"; + command_switches = "-input_syntax simplify -input_file "; + valid_regexp = Some (make_regexp "\\bRefutation found\\b"); + (* [VP] Apparently Vampire reacts to SIGXCPU by printing Got SIGXCPU + and exiting. Thus, the last option of the regexp should in fact + lead to a timeout, but this is not really feasible in the current + implementation of Calldp.gen_prover_call. + *) + undecided_regexp = + make_regexp + "\\bSatisfiable\\b\\|\\bRefutation not found\\b\\|\\bSIGXCPU\\b"; + stdin_switch = None; + } + let z3 = { name = "Z3"; @@ -116,8 +139,8 @@ version = ""; version_switch = "-version"; version_regexp = "Z3 version \\([^ \r]+\\)"; - versions_ok = ["2.2"]; - versions_old = ["2.1";"1.3"]; + versions_ok = [ "2.19"]; + versions_old = ["2.2" ; "2.1";"1.3"]; command = "z3"; command_switches = "-smt "; valid_regexp = Some (make_regexp "\\bunsat\\b"); @@ -125,7 +148,6 @@ stdin_switch = Some "-in"; } - let yices = { name = "Yices"; @@ -133,8 +155,8 @@ version = ""; version_switch = "--version"; version_regexp = "[Yices ]*\\([0-9.]+\\)"; - versions_ok = ["1.0.17";"1.0.24"]; - versions_old = [""]; + versions_ok = ["1.0.25"]; + versions_old = ["1.0.11" ; "1.0.16"; "1.0.17";"1.0.24"]; command = "yices"; command_switches = "-smt "; valid_regexp = Some (make_regexp "\\bunsat\\b"); @@ -229,6 +251,7 @@ [ Ergo, (alt_ergo, ["alt-ergo" ; "ergo"]) ; Simplify, (simplify, ["Simplify" ; "simplify"]) ; + Vampire, (vampire, ["Vampire"]); Z3, (z3, ["z3"]) ; Yices, (yices, ["yices"]) ; Cvc3, (cvc3, ["cvc3"]) ; @@ -265,6 +288,7 @@ match key with | "Alt-Ergo" -> load_prover_info alt_ergo key args | "Simplify" -> load_prover_info simplify key args + | "Vampire" -> load_prover_info vampire key args | "Z3" -> load_prover_info z3 key args | "Yices" -> load_prover_info yices key args | "CVC3" -> load_prover_info cvc3 key args diff -Nru why-2.29+dfsg/tools/dpConfig.mli why-2.30+dfsg/tools/dpConfig.mli --- why-2.29+dfsg/tools/dpConfig.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/dpConfig.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -35,7 +35,7 @@ type prover_id = Simplify | Harvey | Cvcl | Zenon | Rvsat | Yices | Ergo | ErgoSelect | Cvc3 | SimplifySelect | Z3 | Gappa | GappaSelect - | Coq | PVS | VeriT + | Coq | PVS | VeriT | Vampire type lazy_regexp = { @@ -64,6 +64,8 @@ val simplify : prover_data +val vampire: prover_data + val z3 : prover_data val yices : prover_data diff -Nru why-2.29+dfsg/tools/dp.ml why-2.30+dfsg/tools/dp.ml --- why-2.29+dfsg/tools/dp.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/dp.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) @@ -74,7 +74,7 @@ "-simple", Arg.Set simple, "Print only Valid, I don't know, Invalid, Fail, Timeout"; "-split", Arg.Set split, "Create a directory wich contains all the goal splitted in different file"; "-prover", Arg.Symbol ( - ["Alt-Ergo";"CVC3";"CVCL";"Z3";"Yices";"Simplify";"VeriT"],(fun s -> prover := Some s)), "Select the prover to use" + ["Alt-Ergo";"CVC3";"CVCL";"Z3";"Yices";"Simplify";"Vampire"; "VeriT"],(fun s -> prover := Some s)), "Select the prover to use" ] let () = @@ -82,7 +82,7 @@ if not (Filename.is_relative d) then Calldp.cpulimit := Filename.concat d "why-cpulimit" -let usage = "usage: why-dp [options] [files.{why,rv,znn,cvc,cvc.all,sx,sx.all,smt,smt.all}]" +let usage = "usage: why-dp [options] [files.{why,rv,znn,cvc,cvc.all,sx,sx.all,smt,smt.all,vp,vp.all}]" let () = Arg.parse spec (fun s -> @@ -188,6 +188,8 @@ wrapper (Calldp.cvcl ~debug ~timeout:!timeout ~filename:f ~buffers:b ()) let call_simplify f _ = wrapper (Calldp.simplify ~debug ~timeout:!timeout ~filename:f ()) +let call_vampire f _ = + wrapper (Calldp.vampire ~debug ~timeout:!timeout ~filename:f ()) let call_yices f b = wrapper (Calldp.yices ~debug ~timeout:!timeout ~filename:f ~buffers:b ()) let call_cvc3 f b = @@ -236,6 +238,8 @@ | "Z3" -> Smtlib_split.iter call_z3 cin | "Yices" -> Smtlib_split.iter call_yices cin | "Simplify" -> Simplify_split.iter ~debug call_simplify cin + (* Vampire uses Simplify's syntax. *) + | "Vampire" -> Simplify_split.iter ~debug call_vampire cin | "VeriT" -> Smtlib_split.iter call_verit cin | _ -> assert false @@ -261,6 +265,11 @@ then Simplify_split.iter ~debug (call_split call_simplify dir_name ".sx") cin else + if Filename.check_suffix f ".vp" || + Filename.check_suffix f ".vp.all" + then + Simplify_split.iter ~debug (call_split call_vampire dir_name ".vp") cin + else if Filename.check_suffix f ".znn" || Filename.check_suffix f ".znn.all" then Zenon_split.iter ~debug (call_split call_zenon dir_name ".znn") f (* TODO: Zenon_split *) else diff -Nru why-2.29+dfsg/tools/ergo_split.mli why-2.30+dfsg/tools/ergo_split.mli --- why-2.29+dfsg/tools/ergo_split.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/ergo_split.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/ergo_split.mll why-2.30+dfsg/tools/ergo_split.mll --- why-2.29+dfsg/tools/ergo_split.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/ergo_split.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/make_float_model.ml why-2.30+dfsg/tools/make_float_model.ml --- why-2.29+dfsg/tools/make_float_model.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/make_float_model.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/obfuscator.ml why-2.30+dfsg/tools/obfuscator.ml --- why-2.29+dfsg/tools/obfuscator.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/obfuscator.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/regtest.ml why-2.30+dfsg/tools/regtest.ml --- why-2.29+dfsg/tools/regtest.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/regtest.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/rv_merge.ml why-2.30+dfsg/tools/rv_merge.ml --- why-2.29+dfsg/tools/rv_merge.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/rv_merge.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/rv_split.mll why-2.30+dfsg/tools/rv_split.mll --- why-2.29+dfsg/tools/rv_split.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/rv_split.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/simplify_ast.mli why-2.30+dfsg/tools/simplify_ast.mli --- why-2.29+dfsg/tools/simplify_ast.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/simplify_ast.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/simplify_lexer.mll why-2.30+dfsg/tools/simplify_lexer.mll --- why-2.29+dfsg/tools/simplify_lexer.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/simplify_lexer.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/simplify_parser.mly why-2.30+dfsg/tools/simplify_parser.mly --- why-2.29+dfsg/tools/simplify_parser.mly 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/simplify_parser.mly 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/tools/simplify_split.mli why-2.30+dfsg/tools/simplify_split.mli --- why-2.29+dfsg/tools/simplify_split.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/simplify_split.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/simplify_split.mll why-2.30+dfsg/tools/simplify_split.mll --- why-2.29+dfsg/tools/simplify_split.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/simplify_split.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/simplify_towhy.ml why-2.30+dfsg/tools/simplify_towhy.ml --- why-2.29+dfsg/tools/simplify_towhy.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/simplify_towhy.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/smtlib_split.mll why-2.30+dfsg/tools/smtlib_split.mll --- why-2.29+dfsg/tools/smtlib_split.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/smtlib_split.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/toolstat_lex.mll why-2.30+dfsg/tools/toolstat_lex.mll --- why-2.29+dfsg/tools/toolstat_lex.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/toolstat_lex.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/toolstat.ml why-2.30+dfsg/tools/toolstat.ml --- why-2.29+dfsg/tools/toolstat.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/toolstat.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/toolstat_pars.mly why-2.30+dfsg/tools/toolstat_pars.mly --- why-2.29+dfsg/tools/toolstat_pars.mly 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/toolstat_pars.mly 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ /* */ /* The Why platform for program certification */ /* */ -/* Copyright (C) 2002-2010 */ +/* Copyright (C) 2002-2011 */ /* */ -/* Jean-Christophe FILLIATRE, CNRS */ +/* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 */ /* Claude MARCHE, INRIA & Univ. Paris-sud 11 */ /* Yannick MOY, Univ. Paris-sud 11 */ /* Romain BARDOU, Univ. Paris-sud 11 */ -/* Thierry HUBERT, Univ. Paris-sud 11 */ /* */ /* Secondary contributors: */ /* */ +/* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) */ /* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) */ /* Ali AYAD, CNRS & CEA Saclay (floating-point support) */ /* Sylvie BOLDO, INRIA (floating-point support) */ diff -Nru why-2.29+dfsg/tools/toolstat_types.mli why-2.30+dfsg/tools/toolstat_types.mli --- why-2.29+dfsg/tools/toolstat_types.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/toolstat_types.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/why2html.mll why-2.30+dfsg/tools/why2html.mll --- why-2.29+dfsg/tools/why2html.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/why2html.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/whyConfig.ml why-2.30+dfsg/tools/whyConfig.ml --- why-2.29+dfsg/tools/whyConfig.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/whyConfig.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/whystat.ml why-2.30+dfsg/tools/whystat.ml --- why-2.29+dfsg/tools/whystat.ml 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/whystat.ml 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/zenon_split.mli why-2.30+dfsg/tools/zenon_split.mli --- why-2.29+dfsg/tools/zenon_split.mli 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/zenon_split.mli 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/tools/zenon_split.mll why-2.30+dfsg/tools/zenon_split.mll --- why-2.29+dfsg/tools/zenon_split.mll 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/tools/zenon_split.mll 2011-10-24 15:21:06.000000000 +0000 @@ -2,16 +2,16 @@ (* *) (* The Why platform for program certification *) (* *) -(* Copyright (C) 2002-2010 *) +(* Copyright (C) 2002-2011 *) (* *) -(* Jean-Christophe FILLIATRE, CNRS *) +(* Jean-Christophe FILLIATRE, CNRS & Univ. Paris-sud 11 *) (* Claude MARCHE, INRIA & Univ. Paris-sud 11 *) (* Yannick MOY, Univ. Paris-sud 11 *) (* Romain BARDOU, Univ. Paris-sud 11 *) -(* Thierry HUBERT, Univ. Paris-sud 11 *) (* *) (* Secondary contributors: *) (* *) +(* Thierry HUBERT, Univ. Paris-sud 11 (former Caduceus front-end) *) (* Nicolas ROUSSET, Univ. Paris-sud 11 (on Jessie & Krakatoa) *) (* Ali AYAD, CNRS & CEA Saclay (floating-point support) *) (* Sylvie BOLDO, INRIA (floating-point support) *) diff -Nru why-2.29+dfsg/Version why-2.30+dfsg/Version --- why-2.29+dfsg/Version 2011-03-02 08:27:41.000000000 +0000 +++ why-2.30+dfsg/Version 2011-10-24 15:21:06.000000000 +0000 @@ -1,4 +1,4 @@ # Why/Jessie/Krakatoa version -VERSION=2.29 -# Caduceus version +VERSION=2.30 +# Caduceus version (no more maintained) CVERSION=1.29